Aspect 3: Social concerns

We are finding new solutions to many different challenges our society is currently facing as a result of the digital transformation. Since this development affects every area of our lives, access to state-of-the-art information technologies is key to participating in a knowledge and information society. As a telecommunications company, we are responsible for providing such access to as many people as possible and for promoting the competent use of ICT. The security of our customers’ data is our top priority in this respect. When used properly, ICT can also make a valuable contribution to sustainable development.

Deployment of ICT products to the benefit of society SDG 12

One of the biggest challenges we must face up to is climate change. Given our desire to help limit global warming to below two degrees Celsius, we are systematically working toward shrinking our carbon footprint. We can make a very significant contribution with our products and services. According to the SMARTer2030 study conducted by GeSI, ICT products have the potential to save almost ten times as much CO₂ emissions in 2030 in other industries as the ICT industry itself produces. For further information, please refer to the section “Risk and opportunity management”. We can also use our products, services, and activities to contribute to tackling many other environmental and social challenges, as was made clear in a comparison with the 17 sustainability goals (SDGs) adopted by the United Nations. For instance, ICT solutions can help reduce resource consumption in agriculture and increase harvests, shape cities up for the future in terms of sustainability, stabilize power supply grids, or improve access to education and medical care – areas of application that offer market opportunities for our Company. SDG 12 In order to evaluate the concepts described in this NFS, it is important to also look to the opportunities digitalization opens up for sustainable development. For this reason, we are addressing the topic here, even though it is not a holistic concept within the meaning of the CSR Directive Implementation Act. The individual national companies are responsible for developing new products and solutions.

Since 2014, we have been analyzing the scope of the sustainability benefits offered by selected products. With such benefits including better air quality in urban environments, we are currently carrying out three smart city projects in Romania, where monitoring stations continuously analyze data on the humidity, pressure, and CO₂, ozone, and sulfur dioxide content of the air. SDG 11 In Greece, we developed an integrated ICT solution as part of our Digital Service for Warning & Firefighting project that makes it easier to manage fire-related incidents, coordinate available firefighting resources, and communicate with local authorities. Using this solution, emergency response teams can access information at any time on a range of different devices such as smartphones, tablets, or personal navigation devices (PNDs) to ensure fire rescue missions progress swiftly and are more effective. The project was carried out by a team of different businesses led by our Greek national company. SDG 15 ICT can even help better understand illnesses and improve treatment – like our cell phone game Sea Hero Quest, which is helping with dementia research. SDG 3 In 2018, we expanded our detailed analyses of how our product groups contribute to sustainability, and have already examined a total of 29 product groups thus far. Using the Sustainable Revenue Share ESG KPI, we determine how much revenue (excluding T-Mobile US) we generate with these products; in 2018, the figure stood at around 42 percent.

We also calculate the positive CO₂ effects facilitated for our customers through using our products. We combine this figure with our own CO₂ emissions to determine the enablement factor, which we use to measure our overall performance in relation to climate protection. According to this figure, the positive CO₂ effects facilitated for our customers in Germany were 85 percent higher in 2018 than our own CO₂ emissions (enablement factor of 1.85 to 1).

Enablement Factor ESG KPI

Deutsche Telekom Group in Germany in 2018

Sustainable products are another key competitive factor at our Company. In order to highlight these sustainability benefits to our customers, we aim to have our products certified by recognized environmental labels such as the Blue Angel. The majority of Telekom Deutschland’s fixed-network devices and media receivers, for example, carry the Blue Angel seal of approval. The strict requirements for these environmental awards not only provide us with ways to further improve our products, but also encourage us to do so.

Connecting the unconnected – access to and participation in the information and knowledge society

All around the world, having access to state-of-the-art information technologies is a precondition for economic performance and participation in a knowledge and information society. That is why we continue to rapidly expand our infrastructure and improve transmission speeds with new, secure technology. At the same time, we use our social initiatives to reduce potential obstacles to ICT use. Responsibility for shaping the digital transformation has to be assumed by society as a whole. The Board of Management of Deutsche Telekom AG plays an active role in this discussion, which entails looking at matters such as how we can use artificial intelligence (AI) responsibly. AI is a well-hidden feature in an ever-growing number of ICT products and services. We use it on a daily basis, for example while searching the internet or using a satnav. It opens up new opportunities, but also presents fresh challenges. In 2018, under the auspices of Group Compliance Management, we therefore established guidelines for the ethical use of artificial intelligence. These guidelines serve to define how we at Deutsche Telekom aim to adopt a responsible approach to AI and develop our AI-based products and services in the future. Far from claiming our guidelines, as they currently stand, set out universal rules for the responsible use of AI, we are keen to develop them further in discussions with our employees and external stakeholders. SDG 8

Demand for faster data services with full-coverage availability is growing continuously. The majority of the Group’s investment volume in Germany, which currently amounts to over EUR 5 billion a year, is for the build-out of broadband networks. This build-out is based on the goals of our Europe-wide integrated network strategy, which we use to help achieve the EU Commission’s network build-out targets and the Federal Government’s Digital Agenda and broadband strategy. Founded on two pillars – building out mobile networks and rolling out optical fiber – our strategy sets out, among other elements, to upgrade our mobile networks with 4G/LTE technology so as to offer greater network coverage with fast mobile broadband. By the end of 2018, we had already covered more than 97 percent of the German population with LTE. Moreover, we are in the process of developing the upcoming 5G standard, having demonstrated the first 5G data connection in Europe’s live network in Berlin in 2018, for example. At the end of 2018, our fixed network provided 28 million households in Germany with at least 50 Mbit/s; that’s 65 percent of the population. In addition to vectoring technology, we are using other innovative products, such as our hybrid router, which combines the transmission bandwidths of fixed-network and mobile communications, thus attaining significantly higher transmission speeds – particularly in rural areas. SDG 9  Further information about our build-out targets can be found in the section “Group strategy”.

In general, we want to make our network infrastructure and our products as efficient, environmentally friendly, and harmless to health as possible. That is why we are committed to addressing the topic of mobile communications and health responsibly. Our Group-wide EMF Policy (EMF being short for “electro-magnetic fields”) has played a key role in this process since 2004, defining the standard requirements – which considerably exceed the applicable national legal requirements – for addressing mobile communication and health-related matters. SDG 3  For further information, please refer to the section “Risk and opportunity management”.

But access to technology alone is not enough to ensure everyone can participate in the knowledge and information society – people also need to know how to use digital media safely, competently, and responsibly. More and more, this issue not only has a private dimension – the protection of personal data – but also a social and political one. Incorrect information and hate posts shape public opinion and can even influence elections. That is why we are working to build media literacy skills in broad swaths of society. Group Corporate Responsibility is in charge of coordinating this topic at Group level. The individual national companies are responsible for developing and implementing media literacy projects, which allows regionally specific conditions to be better taken into account. One example of our national companies’ dedicated efforts is the programming workshops for children and young people that Telekom Romania has been offering in collaboration with the CoderDojo charity since 2011. At this stage of the 2018-19 school year, approximately 450 children and young people have so far attended these free workshops. In addition, Telekom Romania’s Smart Education package provides schools with internet access, online teaching material, and electronic devices to be used in the classroom. The package is already available in more than half of districts throughout the country – both in urban and rural areas. SDG 4

We present all our initiatives in Germany on our “Media, sure! But be secure.” website. One example is our multi-award-winning Teachtoday initiative, in which we help children and young people learn how to navigate the internet safely and skillfully. But children are not the only ones who need help finding their way through the digital world, which is why we provide informational material for all ages. Together with the German National Association of Senior Citizens’ Organizations (BAGSO), for instance, we support media literacy projects for the elderly. Teaching media literacy skills is also a core focus of our corporate volunteering programs, where employees devote their free time so as to share their expertise.

Being able to tell the difference between reliable information and intentionally misleading statements is a key aspect of media literacy. Our 1001 TRUTH initiative, launched in 2018, and the digital platform of the same name aim to promote responsible and critical use of media. Topical issues relating to the digital world are presented on the platform in easy-to-understand modules that range from “opinion making on the internet” to “digital estate” and “data protection and security.” The content is suitable for self-study, but is also aimed at coaches working with learning groups. The modules are available in German and English, with simple language versions being progressively added.

Data security is another focal point of our efforts. Our German-language online advisory service www.telekom.com/en/corporate-responsibility/data-protection-data-security/digitally-secure and our app-based “We care” magazine in German and English offer practical advice on how to use digital media safely and securely.

As one of Germany’s major corporate foundations, the Deutsche Telekom Foundation is dedicated to improving education in STEM subjects (science, technology, engineering, and mathematics) in the digital world. Since 2018, the foundation has supported the initiative “The Future of STEM Learning,” developing and testing concepts for high-quality STEM lessons and integrating them into teacher training programs in collaboration with five German universities. In total, the Deutsche Telekom Foundation has invested EUR 1.6 million in this project.

We measure the impact of our Group’s social commitment with a set of three ESG KPIs. The Community Investment ESG KPI maps our social commitment in terms of financial, human, and material resources. In 2018, this amounted to EUR 87 million. The marked year-on-year rise (EUR 57 million) is attributable to a special donation by Telekom Deutschland and a redoubled commitment to education at T-Mobile US. The Beneficiaries ESG KPI shows the number of people involved in community activities and how many people we have reached – 15 million in 2018. The Media Literacy ESG KPI calculates the proportion of the target group reached through media literacy programs as part of our social commitment efforts. In 2018, this KPI increased slightly to 42 percent, up from 41 percent in the prior year. We aim to reach 45 percent by 2020. The 2018 ESG KPIs for the Deutsche Telekom Group in Germany were EUR 55 million (Community Investment), 13 million people reached (Beneficiaries), and 47 percent (Media Literacy).

Community Investment ESG KPI

%

Helping refugees integrate into the German labor market constitutes another core element of our social commitment efforts. For example, we offer internships for which we hire suitable candidates at specially organized application events. Our focus in 2018, however, was to promote longer-term integration, for example by offering openings that allow candidates to transition from an internship to vocational training or a cooperative study program. We have succeeded in filling around 30 percent of the longer-term positions with candidates who had previously completed an internship. Our “Internship PLUS direct entry” program also focuses on the longer term, offering a two-year employment contract following an orientation period of three to six months. This program is aimed at refugees encountering difficulties integrating into the German labor market – perhaps because their vocational qualifications are not recognized in Germany – for whom an apprenticeship would not be a suitable course of action. We developed this program further in 2018 and created new jobs in areas such as customer service, which are in particularly urgent need of staff. Through our various programs, we made approximately 440 offers to refugees in 2018 – 250 of which were new openings created during the reporting year. SDG 4

Data privacy and data security SDG 16

The process of digitalization comes with new kinds of threats, such as hacker attacks on the sensitive data of private individuals or companies. People will only actually use new ICT solutions if they trust in the security of their personal data – and only then can these solutions develop their true potential for more sustainable development. Specifically as an ICT company, gaining our customers’ trust is hugely important for our business to succeed – which is why we attach particularly great importance to protecting and securing their data. For further information, please refer to the section “Risk and opportunity management”.

In 2008 we set up a Board of Management department for Data Privacy, Legal Affairs and Compliance as well as the Group Privacy unit. Since 2009, the Board of Management has been advised by an independent Data Privacy Advisory Council comprising reputable experts from politics, science, business, and independent organizations. Furthermore, our data privacy-related compliance management systems outlines the measures, processes, and audits we use to ensure compliance with laws, regulations, and voluntary commitments to uphold data privacy in the Group.

Data privacy and data security are subject to both the Binding Corporate Rules Privacy (BCRP), which govern how the Group treats personal data, and the Group Security Policy. The EU General Data Protection Regulation (GDPR) entered into force in May 2016 and became binding on May 25, 2018, following a two-year transition period. As laws always need to be interpreted as to how they should be implemented in day-to-day life, the Group Privacy unit took the initial step of preparing rules called Binding Interpretations, which apply consistently across the entire Group. Compiled in collaboration with data privacy experts in the national companies, the Binding Interpretations contain specific recommendations and best-practice examples for implementing the GDPR. For example, they explain what a customer consent must entail and how customer data must be deleted, if requested. In light of the GDPR, we have provided our customers with comprehensive information on our website, too. The Group Security Policy contains significant security-related principles valid within the Group, which are based on the international ISO 27001 standard. These policies allow us to guarantee an adequately high and consistent level of security and data privacy throughout our entire Group.

Every year since 2014, Deutsche Telekom has published a transparency report for Germany, which covers the types and amount of information we disclose to security agencies. In doing so, we are fulfilling our statutory duty as a telecommunications company. Since 2016, our national companies have also published such transparency reports.

In order to ensure even better data privacy and data security within our Group, our corporate units are audited and certified regularly by internal and external professionals. This involves regularly conducting Group-wide internal security checks as well as audits of individual Group units as part of our Security Maturity Reporting to help us evaluate by way of self-assessment how we are faring overall with regard to security in our Group.

We use two surveys – the Group Data Privacy Audit (GDPA) and Online Awareness Survey (OAS) – to measure our employees’ awareness of data privacy and security by means of annual random checks. For the GDPA, we survey 50,000 Deutsche Telekom employees on topics related to data privacy and data security. The results are used to calculate the Data Protection Award indicator – which quantifies the level of data protection in the units on a scale from 0 to 100 percent. It is based on what the employees said they thought, did, and knew about data protection. In 2018, the Data Protection Award indicator was 76 percent (excluding T-Mobile US, prior year: 75 percent). The OAS, which we have conducted since 2005, surveys roughly 42,000 employees and provides key data on their awareness of security issues. With academic support, we use the results from this survey to determine the Security Awareness Index (SAI). In 2018, the index was 78.3 (excluding T-Mobile US, prior year: 78.4) of a maximum of 100 points (higher than in any other benchmark company). We also have our processes and management systems as well as products and services certified by external, independent organizations such as TÜV, DEKRA, and auditing firms. The most recent proof that the IT systems at Telekom Deutschland are secure was provided by TÜV Nord in 2017, when it issued a three-year certificate.

Telecommunications companies are required to train their employees on issues related to data protection law when they begin their employment. Deutsche Telekom goes above and beyond these legal requirements: Every two years, we train all of our employees in Germany and place them under an obligation to uphold data privacy and telecommunications secrecy. We have also implemented corresponding requirements in our international companies. Where there is a greater risk of data such as customer or employee information being misused, we also provide online training designed for self-study, give data privacy presentations, and host classroom training courses on specialized topics such as data privacy in call centers. This helps ensure that all employees have an in-depth understanding of the relevant data privacy provisions.

Founded in January 2017, the Telekom Security unit is responsible for internal security matters and also offers security solutions for consumers, business customers, public authorities, and state agencies. In 2018, the unit broadened its cyber defense and threat intelligence capacities, and gained further DAX-listed companies as customers. Following its inauguration in 2017, we welcomed numerous politicians, representatives of interest groups, and customers at our Cyber Defense and Security Operations Center throughout 2018. Guests learned about the latest IT security issues during their visits to the center, which is one of the largest and most advanced in Europe. Around 200 experts work there around the clock to monitor our own and our customers’ systems.

We react to new emerging threats and continuously develop innovative processes for defending against attacks. In 2018, Telekom Security once again launched a range of new security solutions for retail customers, businesses, public authorities, and state agencies. We have our security management systems externally certified to standards such as the ISO 27001 for information security management systems (ISMS). Running its own critical infrastructure, Telekom Security also provides customers such as energy providers and power plant operators with consultancy services for other critical areas. In 2018, we hosted the third Telekom Security congress in Bonn, Germany, inviting partners and customers to discuss current developments and discover new security trends and solutions.

We work with research institutes, industry partners, initiatives, standardization bodies, public institutions, and other internet service providers worldwide with a view to fighting cybercrime and enhancing internet security together. For instance, we collaborate with the German Federal Office for Information Security throughout Germany and with the European Union Agency for Network and Information Security at a European level. SDG 17

Data privacy and security play an important role that starts during the development of our products and services. We review the security of our systems at every step of development using the Privacy and Security Assessment process both for new systems and for existing systems when the technology or method of data processing is modified. We use a standardized procedure to also document the data privacy and data security status of our products throughout their entire life cycle.

Youth protection aspects are also taken into consideration in our product and service design. When we develop services that could be relevant in terms of youth protection in Germany, we consult our Youth Protection Officer for suggestions of restrictions or changes. In 2014, we appointed a Child Safety Officer (CSO) in each of our national companies in Europe. The CSO acts as a central contact for the relevant stakeholders of the community, and plays a key internal role in coordinating issues relevant to youth protection. Since protecting minors when they interact with media is a challenge across many different industries, we cooperate with different youth protection organizations and participate in alliances such as the “Alliance to better protect minors online,” which aims to make the internet a safer place for children and young people. SDG 3