Stakeholder Engagement and Enterprise Risk Management

TCS follows a structured and comprehensive approach to identify ESG issues that are most material to its business. This process is anchored in two key pillars: (i) continuous engagement with a diverse set of stakeholders, and (ii) a systematic evaluation of evolving industry trends and market dynamics. This enables TCS to align its business objectives with stakeholder expectations while supporting long-term sustainable growth.

To ensure relevance and accuracy, TCS conducts periodic materiality assessments using a well-defined and sequential methodology:

Key Elements

Engagement with stakeholders

Engagement across stakeholder groups provides insights into varied expectations and priorities. These inputs are gathered through both internal and external interactions and are carefully analyzed and prioritized to identify material topics that have significant economic, environmental, social, and governance impacts on TCS’ operations and performance

Key Elements

Sustainability context and value chain

TCS evaluates its role within the broader sustainability ecosystem by assessing both direct and indirect impacts of its operations, client engagements, and industry participation. This holistic perspective ensures that stakeholder concerns are addressed not only at an operational level but also within the larger value chain and business ecosystem.

Enterprise Risk Management

The TCS Enterprise Risk Management (ERM) framework is a robust and continuously evolving system aligned with globally recognised practices under the COSO 2017 and ISO 31000:2018 frameworks, enabling the Company to effectively navigate an increasingly complex risk environment. Guided by the Risk Management Policy approved by the Board, the ERM framework encompasses risk identification, assessment, response planning, monitoring and governance to support the achievement of strategic objectives. Risk reviews, assessments, and scenario planning are carried out regularly to anticipate potential challenges and develop mitigation plans. Key risk indicators and control indicators are used to assess risks, provide early warnings, and evaluate effectiveness of the mitigation actions, respectively. The Company also promotes a risk-aware culture that encourages leaders to take informed risks and pursue opportunities that maximise long-term value creation. Transparent and collaborative engagement with stakeholders — including customers, employees, suppliers, partners and regulatory authorities, ensures transparent and collaborative risk management.

TCS adopts a holistic view of its enterprise risk profile, covering strategic, operational, compliance, financial and catastrophic risks, thus enabling informed decision-making and right investments. Risks are assessed and managed at various levels with a top-down and bottom-up approach across the enterprise, business units, geographies, corporate functions, customer relationships and individual projects.

The Board of Directors, through its Risk Management Committee (RMC), oversees the framing, implementation, and periodic review of the Risk Management Policy and ERM framework. It meets regularly to review the Company’s risk profile, risk mitigation plans, and discuss emerging threats and opportunities.

By proactively managing risks and identifying opportunities arising from uncertainty, the Company aims to support its long-term sustainability and growth. Robust risk management initiatives, coupled with TCS’ commitment to innovation and excellence, will enable the Company to navigate evolving industry dynamics and capitalise on future opportunities.

While the Company tracks various risks to the enterprise, listed below are some of the key risks (R) and opportunities (O), anticipated impact on the Company and mitigation strategies.

Expand All

Risk: The volatility of geo-political events and macroeconomic changes, such as wars, adverse trade policies and continuing high inflation in major economies can impact client spending and squeeze liquidity. Such developments could weaken the business outlook for TCS’ customers, leading to demand uncertainty for the Company’s services and a higher cost of doing business. In addition, risks relating to service delivery, business continuity, cybersecurity, sanctions compliance and human rights in geo-politically sensitive zones may increase costs and impact revenue growth.

Mitigation: Broad-based business mix with diversified focus across geographies and industry verticals and targeting CxO business in addition to CIOs aid in balancing the risk impact. Active monitoring of the changing geo-political landscape, ensuring business continuity plans and strengthening internal controls against secondary risks continue.

Risk: Technology disruption is happening at an unprecedented pace. Inadequate guardrails and governance to address inherent risks of use of emerging technology can cause significant quality, security, IP and ethical concerns. GenAI technologies could disrupt existing software development methods, causing unrealistic market expectations in the short term, impacting TCS’ value proposition, resulting in competitive disadvantage and impact on the Company’s growth prospects.

Mitigation: Investments in large-scale re-skilling of TCS associates on AI and other new technologies are progressing well. The Company has developed a future-ready workforce by providing all associates with foundational AI and GenAI awareness training, while a significant proportion of employees have also acquired advanced AI capabilities.

In parallel, TCS continues to invest in innovation across frameworks, methods, guardrails to address risks, investments in the required infrastructure and safe environments are being made. This is complemented by strategic partnerships and continued investment in research and innovation to ensure secure and scalable adoption. Across every service line, the Company is working on service transformation using AI. There is an increasing focus on building, partnering or acquiring capabilities required to adapt to customer requirements.

Opportunity: TCS is uniquely positioned to help customers navigate increasing complexity across technology, operating models and business transformation. Through its five-pillar transformation framework, combined with sustained investments spanning ‘Infrastructure to Intelligence’, the Company continues to strengthen its AI-led engineering capabilities, scalable and highly skilled talent base, differentiated solutions portfolio and robust partner ecosystem. These capabilities enable TCS to help customers reimagine customer experiences, improve productivity and drive meaningful transformation across their organisations.

Risk: For the IT services industry, sustained organisational growth depends on the ability to attract, develop, motivate and retain skilled talent. TCS’ strategic transition towards becoming an AIfirst enterprise is fundamentally dependent on building a globally scalable and future-ready workforce enhanced by AI capabilities. Intensifying global competition for specialised AI talent may increase attrition levels, creating challenges in retaining critical expertise required to drive transformation initiatives.

Mitigation: Huge investments in talent engagement, development with the focus of re-skilling to adapt to new and emerging technologies have been made and continue at a rapid pace. This includes massive investments in structured, role-based learning pathways to equip every employee with AI skills. Talent retention is further supported through reward and recognition programmes, career development opportunities and continuous learning initiatives. TCS has expanded business delivery centres to tier-2/tier-3 cities in India to enable leveraging local talent supply and diversification also aids in addressing the talent risk. Investments are also made in branding, STEM/GoIT programmes and campus engagements in global markets, to improve local hiring and retention.

Risk: Advancements in foundational models by deep tech AI companies and their capabilities could fundamentally transform business models and pricing models. Emerging foundational models are likely to further replace or augment traditional offerings in the future. As a result, clients may increasingly delay or reconsider investments under current contracts and engagements as they assess the potential impact and value of these rapidly advancing technologies. Such delays in spending and contract commitments can adversely affect the Company’s operational results, particularly if TCS is unable to rapidly adapt its pricing, commercial models, and value propositions to align with the benefits and efficiencies delivered by new foundational technologies. In addition, if spending growth associated with these technologies does not sufficiently offset potential declines in traditional service revenues, the Company could face revenue pressures.

Mitigation: TCS closely monitors advancements in foundational AI models and proactively adapts service offerings, delivery models, and commercial structures. Investments in building patterns and frameworks, fine tuned SLM models to build contextualised solutions for customers. In parallel, TCS engages customers through immersion sessions and rapid-build demonstrations to showcase practical AI use cases, accelerate decision-making and support scaled enterprise adoption.

Opportunity: Growing capabilities of foundational AI models increases demand for service providers who can contextualize, integrate, and fine tune generic models for enterprise grade adoption at scale.

This creates opportunities for TCS to expand into higher-value services spanning AI consulting, transformation, platform integration and managed AI operations.

The evolving technology landscape also presents opportunities to deepen long-term customer relationships and participate in new technology-led investment cycles as AI adoption matures across industries.

Risk: The Company’s global delivery model depends on the crossborder mobility of skilled professionals. Consequently, regulatory restrictions in key markets may limit access to specialised talent, constrain capability expansion, increase the cost of doing business and potentially delay client project execution.

Mitigation: Diversified sourcing and local hiring strategies, supported by strong employer branding and multi-channel access to active and passive talent pools. Increased hiring of local talent and promoting local talent building in STEM areas help to materially reduce dependency on work visas.

Risk: Cyber security threats continue to evolve rapidly, with the frequency and sophistication of cyber-attacks increasing significantly. Such threats may arise from geopolitical developments, pandemic-themed cyber campaigns and other emerging vulnerabilities. Security breaches can result in reputational damage, operational disruption, regulatory penalties, and legal and financial liabilities for TCS.

Mitigation: To strengthen cyber resilience, TCS continues to invest in state-of-the-art security operations centres supported by automated response playbooks. The Company maintains stringent security policies, procedures and controls aligned with ISO 27001 standards, complemented by enterprise-wide awareness and training programmes as well as regular internal and external audits. Use of advanced AI/ML based tools to detect and prevent incursions with advanced quarantine capabilities, including perimeter security controls with enhanced internal vulnerability detection, data leak prevention tools, incident management and recovery process, red / purple teaming, ‘breach-and-attack’ simulations in compliance with industry best practices are implemented. Close collaboration with Computer Emergency Response Team (CERT) and other private cyber intelligence agencies help to stay ahead of the curve. In addition, cyber insurance coverage is maintained to address residual risk exposure.

Opportunity: It is imperative for all enterprises to create robust and proactive cyber resilience strategies to address increasing threats. This presents opportunities for TCS to modernise security operations, strengthening cyber defence and cyber offence capabilities, expanding GenAI and cloud-based security offerings, and preparing for future risks associated with quantum computing-driven attacks.

Risk: TCS’ global nature of operations requires it to comply with ever-evolving, complex regulatory requirements across multiple jurisdictions and compliance areas. Failure to comply can result in penalties, reputational damage, and criminal prosecution.

Mitigation: The Company has established a centralised programme for horizon scanning and monitoring regulatory developments globally. This is supported by an enterprise-wide compliance framework that integrates regulatory requirements into policies, processes and internal controls. Continued focus on fostering an ethical and compliance culture, with governance at Board, executive and management levels through quarterly declarations, risk assessments and audits enable the Company to stay compliant in an ever-changing environment. Where feasible, automated preventive controls — such as real-time sanctions screening — are implemented to minimise the risk of non-compliance.

Opportunity: As regulatory frameworks continue to evolve across industries and geographies, enterprises are increasingly required to strengthen their compliance programmes and governance structures. TCS provides Governance, Risk and Compliance (GRC) services and offerings to enterprises in various industry compliance domains, especially regulated industries.

Risk: Risk of infringement of IP of customers, suppliers, partners and alliance organisations by TCS associates may lead to potential liabilities, increased litigation and reputation impact. Using AI without the right guardrails additionally presents risks, including the potential for copyright infringement and confidential data input into public models. Also, inadequate protection of TCS’ IP may lead to potential loss of ownership rights, revenue and value.

Mitigation: To address these risks, TCS has implemented a comprehensive IP policy and an industry-leading IP management framework encompassing the creation, protection, assetisation, commercialisation, usage and governance of intellectual property. These measures are further supported through extensive IP awareness and training initiatives across the organisation.

Only ‘IP Safe’ certified TCS intellectual property assets are positioned and marketed to customers. In addition, process- and system-based controls ensure appropriate access to and usage of TCS, customer and third-party IP across internal operations and customer delivery engagements, including AI-based systems.

Employee IP and confidentiality agreements, organisational structures designed to prevent IP contamination and infringement, and quarterly IP compliance declarations by product teams further strengthen the Company’s IP governance framework and minimise associated risks.

TCS continues to foster and reward a strong culture of innovation across the organisation, reflected in the growing number of patents granted to the Company. This continued focus on innovation strengthens its intellectual property portfolio and supports the development of differentiated solutions and long-term value creation.

Risk: The global nature of TCS’ operations requires compliance with a wide range of data privacy regulations across jurisdictions, many of which carry significant penalties for violations and data breaches. Privacy-related risks have further intensified with the widespread democratisation of AI adoption and the rapid proliferation of advanced AI tools. Any breach of privacy regulations or compromise of sensitive data could adversely affect the Company’s operations, reputation and financial position through material liabilities and regulatory actions.

Mitigation: TCS’ global privacy policy is implemented through the PriVACE framework and a robust organisational structure comprising the Global Privacy Office, Geography level DPOs, and Business Privacy Leaders. The Company continuously monitors the evolving regulatory landscape to track emerging privacy-related requirements, including developments such as India’s Digital Personal Data Protection Act (DPDPA). Training and awareness is key, with data privacy training mandated for all associates.

Data protection controls are implemented and assessed through internal and third-party external audits across all the areas of operations.

Opportunity: As enterprises continue to increase investments in strengthening data privacy and governance frameworks, significant growth opportunities are emerging for TCS in the area of data privacy services and solutions. This opportunity is expected to expand further in markets such as India following the introduction of new privacy regulations.

Risk: With globally distributed operations, TCS is vulnerable to physical risks arising from climate change, such as disruptions to operations due to climate catastrophes, water scarcity across water stressed locations, resource constraints, among others. TCS also faces transition risks considering a global shift towards a low carbon economy due to evolving policies, regulations, market demand, technology and stakeholder expectations.

Physical climate-related risks may adversely affect the health and safety of local communities, disrupt business continuity and impact supply chain operations. In parallel, transition risks associated with the shift towards a low-carbon economy could influence TCS’ growth prospects, profitability and reputation.

Mitigation: TCS has conducted a climate risk assessment through climate scenarios to assess the physical and transition risks over short, medium and long term. The Company ensures implementation of mitigating controls by means of timely engagement with internal and external stakeholders, continuous alignment with evolving national and international regulations, and integration of management system requirements into business operations. The Company has reinforced initiatives across energy efficiency, carbon management, water management, waste management, preserving biodiversity in campuses, and supply chain sustainability to ensure ongoing relevance, effective implementation and sustained compliance across the organisation.

Opportunity: Across major global markets, sustainability has decisively moved beyond compliance and purpose-led initiatives to become a core business strategy. Enterprises are now viewing sustainability through the lens of resilience, efficiency, and value creation. Against this backdrop, TCS’s targeted investments in products, services, and strategic partnerships are enabling new, scalable growth streams for clients and the enterprise. For more information on TCS Climate risks and opportunities, refer to TCS IFRS S2 report here

Risk: Litigation risks may arise from commercial disputes, alleged intellectual property rights (IPR) violations, personal data or information breach incidents, and employment-related matters. In addition, the increasing scale and market profile of TCS may make the Company more susceptible to opportunistic or meritless legal claims. Such matters may lead to reputation risk, legal expenses and adverse rulings which can result in substantive damages.

Mitigation: To mitigate these risks, TCS has established robust processes, controls and governance mechanisms focused on compliance with contractual obligations, information security standards, IP protection policies and immigration regulations. The Company has also strengthened its network of in-house legal counsel across major geographies, supported by reputed global law firms in regions where it operates. In addition, arbitration mechanisms have increasingly been incorporated into contractual arrangements as an alternative to court proceedings, along with waivers of jury trials, particularly within the US market.

Risk: Volatility in INR, which serves as the functional currency for TCS, against major global currencies may result in fluctuations in reported revenue, profitability and operating margins. Such currency movements may also influence stakeholder perceptions regarding the underlying momentum and profitability of the business.

Mitigation: To limit impact of short-term exchange volatility, the currency hedging policy aligned with best practices is in place. Hedging strategies are guided and monitored by the Risk Management Committee of the Board. Management commentary is based on constant currency for better stakeholder understanding of business performance.

Perpetually Adaptive Enterprise

About Us

TCS Insights

Upcoming events

Recent recognitions

Want to be a global change-maker? Join our team.

Find the latest news about TCS

Recent Press Releases

Recent News

Perpetually Adaptive Enterprise

About Us

TCS Insights

Upcoming events

Recent recognitions

Want to be a global change-maker? Join our team.

Find the latest news about TCS

Recent Press Releases

Recent News

Stakeholder Engagement and Enterprise Risk Management

Key Elements

Key Elements

Enterprise Risk Management

Volatile global, political and economic environment (R)

Disruptive Technologies (R & O)

Ability to attract and retain top talent; short supply of emerging technical skills (R)

Business model changes (R & O)

Restrictions on global mobility, location strategies (R)

Cyber Attacks (R & O)

Non-compliance to complex and changing global regulations (R & O)

Intellectual Property (IP) infringement and leakage (R)

Data protection & privacy compliance (R & O)

Sustainability Risks – Climate change & Environmental aspects (R & O)

Litigation risks (R)

Currency volatility (R)

Subscribe to our investor updates

Learn more about TCS

Perpetually Adaptive Enterprise

About Us

TCS Insights

Upcoming events

Recent recognitions

Want to be a global change-maker? Join our team.

Find the latest news about TCS

Recent Press Releases

Recent News

Key Elements

Key Elements

Enterprise Risk Management​

Volatile global, political and economic environment (R)

Disruptive Technologies (R & O)

Ability to attract and retain top talent; short supply of emerging technical skills (R)

Business model changes (R & O)

Restrictions on global mobility, location strategies (R)

Cyber Attacks (R & O)

Non-compliance to complex and changing global regulations (R & O)

Intellectual Property (IP) infringement and leakage (R)

Data protection & privacy compliance (R & O)

Sustainability Risks – Climate change & Environmental aspects (R & O)

Litigation risks (R)

Currency volatility (R)

Subscribe to our investor updates

Learn more about TCS

Accessibility Adjustments

Enterprise Risk Management