Cybersecurity Risk Management, Strategy, and Governance Disclosure	12 Months Ended
	Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	ITEM 16K. CYBERSECURITY Risk Management and Strategy In order to ensure full security of our critical infrastructure and critical information infrastructure, we referenced Cybersecurity Framework, or CSF, of the National Institute of Standards and Technology in the U.S., as well as domestic and international standards and regulations, including the Administration Regulations of Cyber Security on Telecommunications Business, Cyber Security Management Act, Personal Data Protection Act, General Data Protection Regulation, or GDPR, BS 10012, ISO 27001, ISO 27011, ISO 27701, to establish our Cyber Security and Privacy Protection Risk Management Framework. Set forth below are measures that we undertake to manage cybersecurity risks. Internal Policies In order to prevent cybersecurity incidents, we have adopted a “Cybersecurity Policy” approved by the Chairman as well as the following measures: • governance: organizational context, risk management strategy, roles and responsibilities and authorities, policy, oversight, cybersecurity supply chain risk management; • identification: asset management, risk assessment, and improvement; • protection: critical infrastructure security, network and system security, software/application development security, access control security, end-point security, operation and management security, awareness training, data security, and personal information security; • detection: vulnerability analysis and patch management, multi-layer protection, intelligent Security Operation Center, or SOC and multi-vector detection; • response: incident report and response, anomaly analysis, forensics and decision-making, recovery and improvement plan, cybersecurity intelligence sharing and joint defense enhancement; and • recovery: cybersecurity and personal data incident drills, internal and external audits, third-party certification, performance evaluation and continual improvement. Through intelligent and automated cybersecurity governance mechanisms, the detection of cybersecurity threats and violation risks, while regularly conducting red team security assessments that include cybersecurity health diagnosis, we have fully integrated cybersecurity management into our daily operations, including employees, facilities, network, systems, applications and supply chain, the details measures implemented in these areas are described below: • employee security training: regularly hold cybersecurity training sessions and classes, encourage employees to obtain international cybersecurity certifications, promote employee awareness and professional capacities for cybersecurity and privacy protection, and regularly hold Social Engineering exercises to improve employee alertness to Advanced Persistent Threat, or APT, attacks. • facilities security: implement physical isolation, individualized gates, 24-hour intrusion alarms and video monitoring systems, and implement access control systems and prohibit personnel with concerns that may damage national security from causing machine room breach. • network security: deploy multi-layered, in-depth security protection and detection mechanisms, and establish Demilitarized Zone, or DMZ, to control network access. • system and application security: develop software based on Secure Software Development Life Cycle, or SSDLC, systems pass the security assessment before launch or updates, applications receive Mobile Application Basic Security, or MAS, certification marks from the Ministry of Economic Affairs, regularly scan for vulnerabilities and patch within time limit, establish software lists, understand the risk of software vulnerabilities and respond immediately through critical vulnerability early warnings, notifications and patching mechanisms, and all developers are required to pass security coding training and tests. Engagement of Service Providers We have engaged CHT Security Co, Ltd., an industry expert in cybersecurity protection, to perform in-depth cybersecurity health diagnoses to ensure the safety of our information system. CHT Security Co, Ltd.’s Digital Forensic and Cybersecurity Analysis Center is ISO 17025 certified. Moreover, its Red Team Security Assessment is the only ISO 20000 certificated team in Taiwan that has discovered more than 50 Common Vulnerabilities and Exposures on software, website and IoT equipment. The Red Team is also the only cybersecurity service provider in Taiwan to be awarded the highest 5A rating for cybersecurity services by the Executive Yuan for five consecutive years. We have adopted third-party security assessment procedures and data access control procedures to manage risks from cybersecurity threats associated with our use of third-party service providers. We perform security assessments on third parties that provide information and communication services to us by assessing their basic data security capabilities, information security compliance and application security vulnerabilities. In-data transmission processing and data security is ensured through access control in line with ISO 27001 standard and security measures such as transmission encryption. We have included standardized cybersecurity complement provisions and personal data protection complement provisions in our procurement contracts with third-party suppliers to stipulate the cybersecurity responsibilities of such third parties, remediation measures to be taken in the event of cybersecurity risks, and damages upon the occurrence of cybersecurity incidents. We also conduct contract-based monitoring or on-site audits to ensure compliance with our cybersecurity policy and laws and regulations. Cybersecurity Governance Structure Board of Directors Our board of directors is responsible for and engaged in the oversight of our continuous efforts in monitoring, assessing and managing the risks associated with cybersecurity threats or incidents. Our President regularly reports to the board of directors on the company’s cybersecurity and privacy protection governance. The board reviews reports from management on material cybersecurity risks and incidents and discusses risk treatment plans with the management. At board meetings, the board also hears period reports from the management on cybersecurity risk management and governance and has follow-up discussions with the management. Policy Review and Approval All cybersecurity-related internal policies shall be reviewed and approved by the management personnel in charge of the proposing departments as well as the President prior to adoption. Our management makes assessments of cybersecurity risks and incidents and reports the nature, origin and potential impact of cybersecurity risks and incidents to the board of directors based on an assessment of materiality so that the board can learn about material cybersecurity risks and incidents on a timely basis and make decisions accordingly. In addition, to keep the board regularly informed about cybersecurity matters, the management makes periodic reports to the board on cybersecurity risk management and governance at board meetings, has live discussions with the board and addresses their questions. Corporate Governance Committees In August 2023, we established the risk management committee at our board level, comprised of directors with various areas of expertise, including ICT, legal, risk management, auditing and cybersecurity. The committee oversees the implementation of our risk management mechanism, including cybersecurity and privacy protection risk management, and provides necessary recommendations for improvement to our board of directors. Under the supervision of the abovementioned risk management committee, we established the risk management steering committee, which tracks and manages risk control issues of cybersecurity and privacy protection on a monthly basis. When a risk level has reached a greater extent than risk appetite or risk tolerance level and an early warning is required, or where there is a major crisis, the convener of our risk management steering committee will report to our risk management committee in a timely fashion and, if necessary, report to our board of directors accordingly. Furthermore, to ensure effective cybersecurity management, we also established the cybersecurity and privacy protection management committee with the Chairman representing the board of directors to supervise the implementation of our “Cybersecurity Policy.” Meanwhile, the president has been appointed as the convener, and our Chief Information Security Officer, or CISO, is responsible for supervising our internal cybersecurity matters. On September 30, 2024, we appointed Dr. Jung-Kuei Chen as our CISO and Vice President of the Cybersecurity Department. Dr. Chen holds a Ph.D. in Electrical Engineering from National Taiwan University and has been with us for over 36 years. He possesses extensive cross-disciplinary practical experience in telecommunications, networks, cybersecurity, AI, information technology, and risk management. Previously, he served as the President of the Information Technology Group and the Vice President of the Telecom Laboratories. Dr. Chen has been instrumental in cultivating cybersecurity professionals within our company and enhancing our capabilities in independent cybersecurity technology research and development. In addition, we established CHT Security Operation Center, or SOC, in 2013 with abundant experiences in large-scale hacking and defense scenarios. The Cybersecurity Department, a department dedicated to ICT security management, was also set up in 2016 as the executive secretariat. The Cybersecurity Department includes executive secretary with responsibilities that range from reporting on cybersecurity management performance, reviewing and improving risk-related issues, reviewing the suitability of cybersecurity programs, privacy protection policies and regulations, and supervising and evaluating compliance and efficacy of strategies. Our senior management is actively involved in the discussion with and decision process of the Cybersecurity Department in order to (i) align regulations with technology advancement for new business development, (ii) coordinate the overall cybersecurity policy, (iii) enact and amend required security specifications, (iv) utilize equipment for centralized security monitor, (v) defense and mitigate enterprise security risks, (vi) accelerate new business development, and (vii) provide customers with a secure and reliable digital ecosystem. The Cybersecurity Department is composed of the cybersecurity working group and the privacy protection working group. The two working groups hold meetings regularly and report to the board of directors. Since 2021, we have arranged and been covered by data protection insurance to prevent potential major financial losses from cybersecurity incidents and safeguard the rights of our customers and investors. In 2024, we had not been subject to any punishment due to cybersecurity, and there were no incidents of material risks arising from cybersecurity or personal data protection. For more information, please visit the websites at: https://www.cht.com.tw/en/home/cht/esg/customer-care/cybersecurity (cybersecurity); www.cht.com.tw/en/home/cht/esg/customer-care/privacy-protection/privacy-policy (privacy protection). The information contained on our website is not incorporated herein by reference and does not constitute part of this annual report.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	we have fully integrated cybersecurity management into our daily operations, including employees, facilities, network, systems, applications and supply chain, the details measures implemented in these areas are described below: • employee security training: regularly hold cybersecurity training sessions and classes, encourage employees to obtain international cybersecurity certifications, promote employee awareness and professional capacities for cybersecurity and privacy protection, and regularly hold Social Engineering exercises to improve employee alertness to Advanced Persistent Threat, or APT, attacks. • facilities security: implement physical isolation, individualized gates, 24-hour intrusion alarms and video monitoring systems, and implement access control systems and prohibit personnel with concerns that may damage national security from causing machine room breach. • network security: deploy multi-layered, in-depth security protection and detection mechanisms, and establish Demilitarized Zone, or DMZ, to control network access. • system and application security: develop software based on Secure Software Development Life Cycle, or SSDLC, systems pass the security assessment before launch or updates, applications receive Mobile Application Basic Security, or MAS, certification marks from the Ministry of Economic Affairs, regularly scan for vulnerabilities and patch within time limit, establish software lists, understand the risk of software vulnerabilities and respond immediately through critical vulnerability early warnings, notifications and patching mechanisms, and all developers are required to pass security coding training and tests.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Cybersecurity Governance Structure Board of Directors Our board of directors is responsible for and engaged in the oversight of our continuous efforts in monitoring, assessing and managing the risks associated with cybersecurity threats or incidents. Our President regularly reports to the board of directors on the company’s cybersecurity and privacy protection governance. The board reviews reports from management on material cybersecurity risks and incidents and discusses risk treatment plans with the management. At board meetings, the board also hears period reports from the management on cybersecurity risk management and governance and has follow-up discussions with the management. Policy Review and Approval All cybersecurity-related internal policies shall be reviewed and approved by the management personnel in charge of the proposing departments as well as the President prior to adoption. Our management makes assessments of cybersecurity risks and incidents and reports the nature, origin and potential impact of cybersecurity risks and incidents to the board of directors based on an assessment of materiality so that the board can learn about material cybersecurity risks and incidents on a timely basis and make decisions accordingly. In addition, to keep the board regularly informed about cybersecurity matters, the management makes periodic reports to the board on cybersecurity risk management and governance at board meetings, has live discussions with the board and addresses their questions. Corporate Governance Committees In August 2023, we established the risk management committee at our board level, comprised of directors with various areas of expertise, including ICT, legal, risk management, auditing and cybersecurity. The committee oversees the implementation of our risk management mechanism, including cybersecurity and privacy protection risk management, and provides necessary recommendations for improvement to our board of directors. Under the supervision of the abovementioned risk management committee, we established the risk management steering committee, which tracks and manages risk control issues of cybersecurity and privacy protection on a monthly basis. When a risk level has reached a greater extent than risk appetite or risk tolerance level and an early warning is required, or where there is a major crisis, the convener of our risk management steering committee will report to our risk management committee in a timely fashion and, if necessary, report to our board of directors accordingly. Furthermore, to ensure effective cybersecurity management, we also established the cybersecurity and privacy protection management committee with the Chairman representing the board of directors to supervise the implementation of our “Cybersecurity Policy.” Meanwhile, the president has been appointed as the convener, and our Chief Information Security Officer, or CISO, is responsible for supervising our internal cybersecurity matters. On September 30, 2024, we appointed Dr. Jung-Kuei Chen as our CISO and Vice President of the Cybersecurity Department. Dr. Chen holds a Ph.D. in Electrical Engineering from National Taiwan University and has been with us for over 36 years. He possesses extensive cross-disciplinary practical experience in telecommunications, networks, cybersecurity, AI, information technology, and risk management. Previously, he served as the President of the Information Technology Group and the Vice President of the Telecom Laboratories. Dr. Chen has been instrumental in cultivating cybersecurity professionals within our company and enhancing our capabilities in independent cybersecurity technology research and development. In addition, we established CHT Security Operation Center, or SOC, in 2013 with abundant experiences in large-scale hacking and defense scenarios. The Cybersecurity Department, a department dedicated to ICT security management, was also set up in 2016 as the executive secretariat. The Cybersecurity Department includes executive secretary with responsibilities that range from reporting on cybersecurity management performance, reviewing and improving risk-related issues, reviewing the suitability of cybersecurity programs, privacy protection policies and regulations, and supervising and evaluating compliance and efficacy of strategies. Our senior management is actively involved in the discussion with and decision process of the Cybersecurity Department in order to (i) align regulations with technology advancement for new business development, (ii) coordinate the overall cybersecurity policy, (iii) enact and amend required security specifications, (iv) utilize equipment for centralized security monitor, (v) defense and mitigate enterprise security risks, (vi) accelerate new business development, and (vii) provide customers with a secure and reliable digital ecosystem. The Cybersecurity Department is composed of the cybersecurity working group and the privacy protection working group. The two working groups hold meetings regularly and report to the board of directors. Since 2021, we have arranged and been covered by data protection insurance to prevent potential major financial losses from cybersecurity incidents and safeguard the rights of our customers and investors. In 2024, we had not been subject to any punishment due to cybersecurity, and there were no incidents of material risks arising from cybersecurity or personal data protection. For more information, please visit the websites at: https://www.cht.com.tw/en/home/cht/esg/customer-care/cybersecurity (cybersecurity); www.cht.com.tw/en/home/cht/esg/customer-care/privacy-protection/privacy-policy (privacy protection). The information contained on our website is not incorporated herein by reference and does not constitute part of this annual report.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our board of directors is responsible for and engaged in the oversight of our continuous efforts in monitoring, assessing and managing the risks associated with cybersecurity threats or incidents.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our President regularly reports to the board of directors on the company’s cybersecurity and privacy protection governance.
Cybersecurity Risk Role of Management [Text Block]	Our board of directors is responsible for and engaged in the oversight of our continuous efforts in monitoring, assessing and managing the risks associated with cybersecurity threats or incidents. Our President regularly reports to the board of directors on the company’s cybersecurity and privacy protection governance. The board reviews reports from management on material cybersecurity risks and incidents and discusses risk treatment plans with the management. At board meetings, the board also hears period reports from the management on cybersecurity risk management and governance and has follow-up discussions with the management.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	In August 2023, we established the risk management committee at our board level, comprised of directors with various areas of expertise, including ICT, legal, risk management, auditing and cybersecurity. The committee oversees the implementation of our risk management mechanism, including cybersecurity and privacy protection risk management, and provides necessary recommendations for improvement to our board of directors. Furthermore, to ensure effective cybersecurity management, we also established the cybersecurity and privacy protection management committee with the Chairman representing the board of directors to supervise the implementation of our “Cybersecurity Policy.” Meanwhile, the president has been appointed as the convener, and our Chief Information Security Officer, or CISO, is responsible for supervising our internal cybersecurity matters.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	On September 30, 2024, we appointed Dr. Jung-Kuei Chen as our CISO and Vice President of the Cybersecurity Department. Dr. Chen holds a Ph.D. in Electrical Engineering from National Taiwan University and has been with us for over 36 years. He possesses extensive cross-disciplinary practical experience in telecommunications, networks, cybersecurity, AI, information technology, and risk management. Previously, he served as the President of the Information Technology Group and the Vice President of the Telecom Laboratories. Dr. Chen has been instrumental in cultivating cybersecurity professionals within our company and enhancing our capabilities in independent cybersecurity technology research and development. In addition, we established CHT Security Operation Center, or SOC, in 2013 with abundant experiences in large-scale hacking and defense scenarios. The Cybersecurity Department, a department dedicated to ICT security management, was also set up in 2016 as the executive secretariat. The Cybersecurity Department includes executive secretary with responsibilities that range from reporting on cybersecurity management performance, reviewing and improving risk-related issues, reviewing the suitability of cybersecurity programs, privacy protection policies and regulations, and supervising and evaluating compliance and efficacy of strategies. Our senior management is actively involved in the discussion with and decision process of the Cybersecurity Department in order to (i) align regulations with technology advancement for new business development, (ii) coordinate the overall cybersecurity policy, (iii) enact and amend required security specifications, (iv) utilize equipment for centralized security monitor, (v) defense and mitigate enterprise security risks, (vi) accelerate new business development, and (vii) provide customers with a secure and reliable digital ecosystem. The Cybersecurity Department is composed of the cybersecurity working group and the privacy protection working group. The two working groups hold meetings regularly and report to the board of directors.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Under the supervision of the abovementioned risk management committee, we established the risk management steering committee, which tracks and manages risk control issues of cybersecurity and privacy protection on a monthly basis. When a risk level has reached a greater extent than risk appetite or risk tolerance level and an early warning is required, or where there is a major crisis, the convener of our risk management steering committee will report to our risk management committee in a timely fashion and, if necessary, report to our board of directors accordingly.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true