Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	The cybersecurity team continues to integrate practices aimed at enhancing risk awareness and adjusting current information security capabilities in response to evolving cyber threats. As a result of this ongoing process, we are continually integrating elements related to cybersecurity threat management. These elements encompass various aspects, including the proper configuration of storage devices, comprehensive information security controls, development of policies and procedures addressing information security, specialized monitoring and cyber threat services, vulnerability management, cyber incident response management, deployment of protection tools, monitoring and response to malicious activities, and cybersecurity insurance coverage, threat hunting, threat intelligence, security by design, privacy by design, among others. Ecopetrol S.A. has a Security Operations Center (SOC) service, to enhance the organization´s ability to predict and identify trends in attacks on both its information technology and Operation Technology infrastructure, while also monitoring its online reputation. Throughout 2024, the SOC capabilities remained operational, with an expanded scope of services covering Operational Technology (OT) digital assets. This expansion included cybersecurity risk assessments and advanced security testing exercises (RedTeam) conducted on Ecopetrol’s IT/OT infrastructure and its subsidiaries, enabling the identification of gaps to improve the overall cybersecurity posture. Additionally, specialized monitoring capabilities such as User Behavior Analysis (UBA) remains. Despite cyberattacks occurring in 2024, all reported events were successfully controlled, resulting in no material effects on processes, equipment, products, services, customer or supplier relationships, competitive conditions, or critical information. Ecopetrol, S.A. does not have any current proceedings that relate to cyber breaches. We update our cybersecurity policies and cyberincident response procedures from time to time, as shown by several wargames that cover all business segments and their subsidiaries. These exercises document how to manage the activation of the Cyber Insurance policy, the PMU (Unified Command Post), and the operation model for cyberincident response with Ecopetrol’s internal teams. The action protocol for business crisis scenarios is also regularly revised, establishing timely notification to, and communication processes with, internal and external entities, as well as the roadmap for defining and analyzing the materiality of a cybersecurity incident. The management guide includes two annexes that detail the roles, responsibilities, and activities of those involved in responding to a cyberincident event or alert. Furthermore, during 2024, the internal audit department conducted audits of cybersecurity processes to follow up on previous improvement plans. Consequently, an action plan was developed with the main objectives of enhancing threat identification, access management, and improving specific technical components of the cybersecurity program. Ecopetrol S.A. remains committed to using the ONG–C2M2 (Oil & Gas - Cybersecurity Capability Maturity Model) framework to manage its maturity and uphold its cybersecurity management system. This entails implementing practices and focus our capabilities domains such as access, response, third parties, and architecture. Ecopetrol S.A. has also strengthened its cybersecurity capabilities in 2024 by continuing to incorporate foundational “Zero Trust” practices and advanced critical information protection controls to mitigate cyber risks across its business units. Another significant initiative throughout 2024 was the cultural awareness campaign focusing on three management pillars: (i) training, that consists of development of new skills, (ii) mobilization, that consists of promotion and ownership of change, and (iii) communication, that consists of promotion of understanding and conviction of behaviors). Additionally, the information assurance cycle was executed to identify, evaluate, and manage the cybersecurity risks associated with critical information assets. Finally, our cybersecurity strategy defined for the period 2022 to 2026 where a quantitative cyber risk model was applied was updated and aligned with the Science, Technology and Innovation strategy, as well as the Ecopetrol Group’s 2040 strategy, defining the following 5 pillars with a customer and country centric approach and vision: 1. Digital trust as a cross-cutting axis of excellence, innovation, and cyber collaboration. 2. Secure operations in our different ecosystems (apps, cloud, identity, among others). 3. Incident response capacity and continuous monitoring of cyber threats. 4. Data security and privacy and safe use of AI. 5. Industrial Cybersecurity, aligned with the protection of business infrastructures.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	As a result of this ongoing process, we are continually integrating elements related to cybersecurity threat management. These elements encompass various aspects, including the proper configuration of storage devices, comprehensive information security controls, development of policies and procedures addressing information security, specialized monitoring and cyber threat services, vulnerability management, cyber incident response management, deployment of protection tools, monitoring and response to malicious activities, and cybersecurity insurance coverage, threat hunting, threat intelligence, security by design, privacy by design, among others.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	the cybersecurity risks and strategy are overseen by the board of directors’ committees, namely the Technology and Innovation Committee and the Risk and Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Technology and Innovation Committee and the Risk and Audit Committee
Cybersecurity Risk Role of Management [Text Block]	Ecopetrol S.A. has a dedicated management team specialized in information security issues such as risk analysis, information processing, secure information management practices and classification of critical business information, compliance with control systems, effectiveness of available information security technologies, and third-party management to identify and monitor cybersecurity risks. This is articulated with the ERM system at the enterprise level. The Cybersecurity Department is part of the Vice Presidency of Science, Technology and Innovation, reporting to senior management and the Company’s Board of Directors. Moreover, as part of the Ecopetrol’s cybersecurity management, continuous training and awareness plans are carried out and implemented with the Board of Directors, senior management, and users in general, as well as specialized training for our cybersecurity team. Emerging risks at an industrial and global level keep us constantly evolving in our capabilities and process improvements. New technologies and hybrid ways of working expand the cyber threat landscapes on critical infrastructures, making this risk necessary for their management, monitoring and improvement. Ecopetrol S.A. has incorporated cybersecurity risk as one of its primary business risks. Currently, there is a Cybersecurity and Cyber Defense division, comprised of a highly skilled, certified, and high-performing team, enabling Ecopetrol to elevate its cybersecurity measures. This team effectively manages and mitigates emerging cybersecurity risks by implementing various activities aimed at identifying and safeguarding critical digital assets. Through capabilities such as business operation protection, supply chain protection, culture, data and privacy, and cybersecurity operational effectiveness, the team prevents and contains cyber threats, while also monitoring and reporting emerging cybersecurity risks globally. Furthermore, the cybersecurity risks and strategy are overseen by the board of directors’ committees, namely the Technology and Innovation Committee and the Risk and Audit Committee.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Vice Presidency
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Cybersecurity and Cyber Defense division, comprised of a highly skilled, certified, and high-performing team, enabling Ecopetrol to elevate its cybersecurity measures.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Cybersecurity Department is part of the Vice Presidency of Science, Technology and Innovation, reporting to senior management and the Company’s Board of Directors. Moreover, as part of the Ecopetrol’s cybersecurity management, continuous training and awareness plans are carried out and implemented with the Board of Directors, senior management, and users in general, as well as specialized training for our cybersecurity team.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The cybersecurity team continues to integrate practices aimed at enhancing risk awareness and adjusting current information security capabilities in response to evolving cyber threats. As a result of this ongoing process, we are continually integrating elements related to cybersecurity threat management. These elements encompass various aspects, including the proper configuration of storage devices, comprehensive information security controls, development of policies and procedures addressing information security, specialized monitoring and cyber threat services, vulnerability management, cyber incident response management, deployment of protection tools, monitoring and response to malicious activities, and cybersecurity insurance coverage, threat hunting, threat intelligence, security by design, privacy by design, among others.

Ecopetrol S.A. has a Security Operations Center (SOC) service, to enhance the organization´s ability to predict and identify trends in attacks on both its information technology and Operation Technology infrastructure, while also monitoring its online reputation. Throughout 2024, the SOC capabilities remained operational, with an expanded scope of services covering Operational Technology (OT) digital assets. This expansion included cybersecurity risk assessments and advanced security testing exercises (RedTeam) conducted on Ecopetrol’s IT/OT infrastructure and its subsidiaries, enabling the identification of gaps to improve the overall cybersecurity posture. Additionally, specialized monitoring capabilities such as User Behavior Analysis (UBA) remains. Despite cyberattacks occurring in 2024, all reported events were successfully controlled, resulting in no material effects on processes, equipment, products, services, customer or supplier relationships, competitive conditions, or critical information. Ecopetrol, S.A. does not have any current proceedings that relate to cyber breaches.

We update our cybersecurity policies and cyberincident response procedures from time to time, as shown by several wargames that cover all business segments and their subsidiaries. These exercises document how to manage the activation of the Cyber Insurance policy, the PMU (Unified Command Post), and the operation model for cyberincident response with Ecopetrol’s internal teams. The action protocol for business crisis scenarios is also regularly revised, establishing timely notification to, and communication processes with, internal and external entities, as well as the roadmap for defining and analyzing the materiality of a cybersecurity incident. The management guide includes two annexes that detail the roles, responsibilities, and activities of those involved in responding to a cyberincident event or alert.

Furthermore, during 2024, the internal audit department conducted audits of cybersecurity processes to follow up on previous improvement plans. Consequently, an action plan was developed with the main objectives of enhancing threat identification, access management, and improving specific technical components of the cybersecurity program.

Ecopetrol S.A. remains committed to using the ONG–C2M2 (Oil & Gas - Cybersecurity Capability Maturity Model) framework to manage its maturity and uphold its cybersecurity management system. This entails implementing practices and focus our capabilities domains such as access, response, third parties, and architecture.

Ecopetrol S.A. has also strengthened its cybersecurity capabilities in 2024 by continuing to incorporate foundational “Zero Trust” practices and advanced critical information protection controls to mitigate cyber risks across its business units. Another significant initiative throughout 2024 was the cultural awareness campaign focusing on three management pillars: (i) training, that consists of development of new skills, (ii) mobilization, that consists of promotion and ownership of change, and (iii) communication, that consists of promotion of understanding and conviction of behaviors). Additionally, the information assurance cycle was executed to identify, evaluate, and manage the cybersecurity risks associated with critical information assets. Finally, our cybersecurity strategy defined for the period 2022 to 2026 where a quantitative cyber risk model was applied was updated and aligned with the Science, Technology and Innovation strategy, as well as the Ecopetrol Group’s 2040 strategy, defining the following 5 pillars with a customer and country centric approach and vision:

1. Digital trust as a cross-cutting axis of excellence, innovation, and cyber collaboration.

2. Secure operations in our different ecosystems (apps, cloud, identity, among others).

3. Incident response capacity and continuous monitoring of cyber threats.

4. Data security and privacy and safe use of AI.

5. Industrial Cybersecurity, aligned with the protection of business infrastructures.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

As a result of this ongoing process, we are continually integrating elements related to cybersecurity threat management. These elements encompass various aspects, including the proper configuration of storage devices, comprehensive information security controls, development of policies and procedures addressing information security, specialized monitoring and cyber threat services, vulnerability management, cyber incident response management, deployment of protection tools, monitoring and response to malicious activities, and cybersecurity insurance coverage, threat hunting, threat intelligence, security by design, privacy by design, among others.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

the cybersecurity risks and strategy are overseen by the board of directors’ committees, namely the Technology and Innovation Committee and the Risk and Audit Committee.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Technology and Innovation Committee and the Risk and Audit Committee

Cybersecurity Risk Role of Management [Text Block]

Ecopetrol S.A. has a dedicated management team specialized in information security issues such as risk analysis, information processing, secure information management practices and classification of critical business information, compliance with control systems, effectiveness of available information security technologies, and third-party management to identify and monitor cybersecurity risks. This is articulated with the ERM system at the enterprise level. The Cybersecurity Department is part of the Vice Presidency of Science, Technology and Innovation, reporting to senior management and the Company’s Board of Directors. Moreover, as part of the Ecopetrol’s cybersecurity management, continuous training and awareness plans are carried out and implemented with the Board of Directors, senior management, and users in general, as well as specialized training for our cybersecurity team. Emerging risks at an industrial and global level keep us constantly evolving in our capabilities and process improvements. New technologies and hybrid ways of working expand the cyber threat landscapes on critical infrastructures, making this risk necessary for their management, monitoring and improvement.

Ecopetrol S.A. has incorporated cybersecurity risk as one of its primary business risks. Currently, there is a Cybersecurity and Cyber Defense division, comprised of a highly skilled, certified, and high-performing team, enabling Ecopetrol to elevate its cybersecurity measures. This team effectively manages and mitigates emerging cybersecurity risks by implementing various activities aimed at identifying and safeguarding critical digital assets. Through capabilities such as business operation protection, supply chain protection, culture, data and privacy, and cybersecurity operational effectiveness, the team prevents and contains cyber threats, while also monitoring and reporting emerging cybersecurity risks globally. Furthermore, the cybersecurity risks and strategy are overseen by the board of directors’ committees, namely the Technology and Innovation Committee and the Risk and Audit Committee.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Vice Presidency

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity and Cyber Defense division, comprised of a highly skilled, certified, and high-performing team, enabling Ecopetrol to elevate its cybersecurity measures.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

The Cybersecurity Department is part of the Vice Presidency of Science, Technology and Innovation, reporting to senior management and the Company’s Board of Directors. Moreover, as part of the Ecopetrol’s cybersecurity management, continuous training and awareness plans are carried out and implemented with the Board of Directors, senior management, and users in general, as well as specialized training for our cybersecurity team.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true