Aspect 3: Social concerns
Access to state-of-the-art information technology is key to participating in the information and knowledge society. We aspire to enable as many people as possible to participate – also and especially in times of crisis. We are delivering on that promise with an array of different activities. In this context, the security of our customers’ data is of prime importance. But the internet is also supposed to be a space in which all people can feel safe and where we interact on the basis of democratic principles. That is why we are actively pushing for a positive culture of online debate, promoting the competent use of ICT, and making a stand against hate speech and for civil courage online. As a relevant player in society, and committed as we are to exercising social responsibility, we also provide rapid help in emergencies. During the reporting year, this rapid help was particularly necessary when war broke out in Ukraine.
Network access and digital responsibility
All around the world, having access to state-of-the-art information technologies is a precondition for economic performance and participation in a knowledge and information society. That is why we continue to rapidly expand our infrastructure and improve transmission speeds with new, secure technology.
Demand for faster data services with full-coverage availability is growing continuously. Group-wide, we invested around EUR 21 billion primarily in building and operating networks, with around EUR 4.4 billion of this figure earmarked for the Germany operating segment alone. This is in addition to the investments that we make in acquiring mobile spectrum. Hence, the majority of the Group’s investment volume in Germany is for the build-out of broadband networks. This build-out is based on the goals of our Europe-wide integrated network strategy, which we use to help achieve the EU Commission’s network build-out targets and the Federal Government’s Digital Agenda and broadband strategy. The strategy is founded on two pillars – building out mobile networks and rolling out optical fiber, with 5G coverage being the focus of the former. By the end of 2022, we already covered 94.8 % of German households with 5G. In more than 600 cities across Germany, the 5G network was available in the 3.6 GHz band at top speeds (as of the end of 2022). At the end of the reporting year, our fixed network provided around 37.1 million households in Germany with fiber-optic-based technology. Our fixed-network strategy is based on connecting households directly to the fiber-optic network (Fiber to the Home, FTTH): in 2022, we expanded fiber-optic coverage to around 2 million additional households in Germany, bringing the total number of households with the option to subscribe to a fiber-optic line to 5.4 million. In addition to the FTTH build-out, we are using other innovative products, such as our hybrid router, which combines the transmission bandwidths of fixed-network and mobile communications, thus attaining higher transmission speeds – particularly in rural areas.
In general, we want to make our network infrastructure and our products as efficient, environmentally friendly, and harmless to health as possible. That is why we are committed to addressing the topic of mobile communications and health responsibly. In the context of the 5G build-out, there is public debate around the potential effects of 5G on health. We have been providing information on the scientific evidence regarding mobile communications and health for more than 20 years now. Together with Telefónica Deutschland, Vodafone, and 1&1 Mobilfunk, we also support the information platform www.informationszentrum-mobilfunk.de. This platform provides expert, evidence-based information on mobile communications topics subject to controversial public debate, such as health, research, technology, benefits, and applications. In 2022, the platform cooperated with the German Federal Government communication initiative “Deutschland spricht über 5G” (Germany is talking about 5G), for example, by supporting initiatives to establish a dialog with citizens. We adopted our Group-wide EMF Policy (EMF being short for “electro-magnetic fields”) back in 2004. It defines standard requirements – which considerably exceed the applicable national legal requirements – for addressing mobile communications and health-related matters.
For further information, please refer to the section “Risk and opportunity management.”
Responsibility for shaping the digital transformation has to be assumed by society as a whole. Our Board of Management plays an active role in this discussion, which entails looking at matters such as how we can use artificial intelligence (AI) responsibly. AI is a feature of an ever-growing number of ICT products and services that often goes unnoticed. It opens up opportunities, but also presents challenges. Back in 2018, under the auspices of Compliance Management, we were one of the first companies worldwide to adopt AI guidelines on digital ethics. These guidelines provide a framework for a responsible approach to AI. To supplement them, in 2021 we worked with experts to draw up professional ethics guidelines for all developers and product managers working with AI. The guidelines provide best practices, methods, and tips for transferring the Digital Ethics Guidelines on AI to application in development processes.
We founded an interdisciplinary working group in 2022 that will address the development, monitoring, and implementation of digital ethics, anchoring the topic firmly within the Group. The working group is also preparing the enforcement of the upcoming EU AI Act. The working group is steered by the Board of Management members for Technology and Innovation and Human Resources and Legal Affairs, based on a co-creation approach. To ensure that in the supply chain, too, AI is developed that complies with our high ethical requirements, since early 2020 our Supplier Code of Conduct has included relevant content from our AI Guidelines.
We at Deutsche Telekom are working to bring about digitalization oriented to people and values. Corporate digital responsibility (CDR) refers to efforts to manage the opportunities and risks of the digital transformation responsibly. The goals of our CDR activities are twofold: to prevent negative impacts, and to help shape the digitalization process in a positive way. In our Corporate Digital Responsibility framework, which we published in 2022, we set forth our perspectives on the far-reaching subject area of digital responsibility.
We will publish detailed information on this in our 2022 CR Report at the end of March 2023.
Connect the unconnected
To ensure equal participation for all in the information and knowledge society, the affordability of products and services is just as important as technical access. The ability to use digital media safely, responsibly, and to the benefit of all is becoming increasingly important. That is why we are working to build media literacy and democracy skills in the population. In doing so, we are guided by the aspiration that this digital participation also includes participation in society.
The individual national companies are responsible for implementing projects on digital participation. These include projects in Slovakia and the United States: Deutsche Telekom IT Solutions Slovakia is supporting schools and teachers with particularly innovative and creative teaching approaches in primary schools in the programs School of the Future and Teacher of the Future, while T‑Mobile US has launched two different challenges: a Family Challenge and the Changemaker Challenge, a contest in which young people contribute ideas for better coexistence in the categories digital participation, equal opportunities, and the environment. A total of 16 teams took part in the Changemaker Lab, a workshop on social entrepreneurship. Three teams won additional funding for their projects. The 10Million Project, which was launched by T‑Mobile US in 2020 and aims to overcome the digital divide in education, had provided some 4.3 million school students with internet access free of charge by June 2022.
All of our initiatives for greater media literacy in Germany can be found on the website “Media, sure! But secure.,” where we provide information material for all target groups. Deutsche Telekom’s #TAKEPART stories – topics from the digital world for teenagers and young adults – are a practical take on digitalization issues of social relevance, translating them into a range of offers for multipliers – like teachers, for instance. The aim is to raise awareness, highlight alternatives, and try out new behaviors. All modules of the #TAKEPART stories are also available in simplified German. Our multiple award-winning “Teachtoday” initiative promotes the safe and competent use of online media by children and young people. A toolbox is provided by the initiative for multipliers and teachers. It comprises more than 130 formats that deal mainly with media literacy and democracy skills. The initiative additionally publishes the interactive digital children’s magazine SCROLLER, which also provides material and background information to be used in media literacy lessons.
In 2022, we successfully continued our No Hate Speech campaign. We launched our new campaign ad on July 22, 2022, to mark International Action Day in Support of Victims of Hate Crimes. The ad aims to motivate the silent majority to get active against hate speech and abusive language online. As in the previous year, the focus of the campaign included gaming and e-sports: to mark Germany’s Digital Day on June 16, 2022, we gave a webinar titled “Gaming, chatting, hating – when gaming talk gets toxic.” We also support the #SpeakUpEsports campaign run by the esports player foundation in which 70 leading figures from the world of esports speak out in support of fair play and against hate speech in a series of short videos. With our No Hate Speech campaign we reached around 1 billion media contacts in the reporting year. We reached more than 4 million people directly or through multipliers such as parents and educators (e.g., in workshops) in 2022 alone (prior year: 3.8 million). We have labeled the campaign and our associated engagement with #GoodMagenta. We have also won a range of awards and prizes for the No Hate Speech campaign.
We measure the impact of our social commitment with a set of three ESG KPIs. The Community Contribution ESG KPI maps our social commitment in terms of financial, human, and material resources: in 2022, it amounted to around EUR 604 million in Germany (prior year: EUR 56 million). A particular effect in the reporting year was our support for Ukraine, which included free phone calls and SIM cards in the amount of almost EUR 550 million. The Reach– Focus Topics ESG KPI shows the number of media contacts we have reached with our communication on our focus topics of “digital participation” and “low-carbon society.” This includes, for instance, the people we reached in the 2022 financial year with advertising and content on socially relevant topics, such as online hate speech: we recorded an increase from 837 million the prior year to around 1,150 million people in Germany. The Beneficiaries ESG KPI shows the number of people who have benefited from our commitment to digital participation and the low-carbon society, for example, workshop participants, users of lower-cost rate plans, including other household members, and many more. In 2022, the number of beneficiaries was around 25 million (prior year: 21 million).
We will publish detailed information and Group-wide figures in our 2022 CR Report at the end of March 2023.
Deutsche Telekom reacted quickly in spring 2022, initiating wide-ranging emergency aid measures in Europe for Ukrainians in crisis. One example of the aid we offered was free prepaid SIM cards with free calls and data that were distributed in Poland, Romania, and Germany to Ukrainian refugees. Our Hungarian subsidiary Magyar Telekom also donated cell phones. Calls to Ukrainian dialing codes were free of charge for several months in Germany and the United States. Broadband connections and routers were provided for refugee accommodation.
Several hundred Deutsche Telekom employees grouped together to coordinate the aid. Employees in our national companies, for example, in Poland, Hungary, and Slovakia, volunteered, mainly at the borders. In Hungary, Magyar Telekom provided a building near the border as accommodation for volunteers; employees of Magyar Telekom and Deutsche Telekom IT Solutions Hungary worked together to renovate the building for this purpose. We also donated money to help with aid activities in Ukraine. We gave EUR 1 million to the German Red Cross, for example. Many employees in the Czech Republic responded to the call to collect donations. T‑Mobile Czech Republic additionally donated over EUR 220 thousand. In numerous countries in Europe, we offered jobs to refugees. New employees were also given help to find accommodation, open bank accounts, and organize child care. Our team of software developers based mainly in St. Petersburg, who provide services for customers outside of Russia, have been offered work outside of Russia.
People will only use ICT solutions if they trust in the security of their personal data – and only then can these solutions develop their true potential for more sustainable development. As a result, we attach particularly great importance to protecting and securing data.
For further information, please refer to the section “Risk and opportunity management.”
Our active data privacy and compliance culture, which has been built up over many years, sets national and international standards. The data privacy-related compliance management system outlines the measures, processes, and audits we use to ensure compliance with laws, regulations, and voluntary commitments to uphold data privacy in the Group. Since 2009, the Group Board of Management has been advised by an independent Data Privacy Advisory Board comprising reputable experts from politics, the research community, business, and independent organizations.
Through our global data privacy organization, we are continually pursuing the objective of a transparent, high level of data protection in all of the Group companies. As far as legally possible, the companies of the Deutsche Telekom Group have additionally committed to the Binding Corporate Rules Privacy, which are intended to ensure a uniform high level of data protection for our products and services in accordance with ISO 27701.
The Group Security Policy contains significant security-related principles valid within the Group, which are based on the international ISO 27001 standards. This is how we guarantee an adequately high and consistent level of security throughout our entire Group. Similar to the data privacy organization, the Group has established a global security organization which operates both on a centralized basis and in all Group entities. These elements lay the foundation for ensuring an adequate and consistent level of security within our entire Group.
We issue an annual transparency report – since 2014 in Germany, and since 2016 in our other national companies in Europe – in which we set out the nature and scope of our disclosures to security authorities. We are thus fulfilling our statutory duty as a telecommunications company.
In order to ensure even better data privacy and data security within our Group, our corporate units are audited and certified several times a year by internal and external experts. This includes the annual (re-)certification of the Telekom Security Management in accordance with ISO 27001, regular Group-wide internal security checks, and the annual review of the individual Group units in connection with security maturity reporting. These audits help us assess the status quo of security in our Group and respond to requirements at Group or entity level at an early stage.
Every two years, we perform a sample survey of data privacy and data security awareness across the Company. In the course of the Group Data Privacy Audit (GDPA), we survey around 21,000 Deutsche Telekom employees (excluding T‑Mobile US) on topics related to data privacy and data security. Of the employees invited to take part in 2022, around 16,000 responded. The results are used to calculate the Data Protection Award indicator – which quantifies the level of data protection in the units on a scale from 0 to 100 %. It is based on what the employees said they thought, did, and knew about data protection. The Data Protection Award indicator was calculated in 2022 at 88 % (2020: 86 %).
We use our Online Awareness Survey (OAS) as a tool for collecting indicators on security awareness within the Company. Some 42,000 employees (excluding T‑Mobile US) across all levels of the hierarchy were invited to take part in the survey. Around a third responded. With academic support, we use the results from this survey to determine the Security Awareness Index (SAI). In the last survey in 2021, the index was 80.9 of a maximum of 100 points – higher than in any other benchmark company. The next survey is scheduled for fall 2023. We also have our processes and management systems as well as products and services certified by external, independent organizations such as TÜV, DQS, DEKRA, and auditing firms.
Telecommunications companies are required to train their employees on issues related to data protection law when they begin their employment. Deutsche Telekom goes above and beyond these legal requirements: Every two years, we train all of our employees in Germany and place them under an obligation to uphold data privacy and telecommunications secrecy. Corresponding requirements apply to our international companies. Where there is a greater risk of data such as customer or employee information being misused, we also offer additional online training designed for self-study, give data privacy presentations, and host classroom training courses on specialized topics such as protection of customer data.
Our subsidiary Deutsche Telekom Security is one of the leading providers of digital security. As the market leader in the DACH region and the hub of cybersecurity expertise for the entire Deutsche Telekom Group, the company has successfully protected more than just our own infrastructure. Our customers are offered the same highly professional solutions that are used to protect Deutsche Telekom itself around the world.
We react to new emerging threats and continuously develop innovative processes for defending against attacks. And for good reason: cyberattacks on companies are becoming more aggressive and sophisticated across all industries. In the reporting period alone, we registered on average almost 54 million attacks per day on our honeypot systems (prior year: 52 million). At its peak, the number of attacks per day reached up to 111.2 million. Of course, not all of the attacks picked up by our sensors are high-level. Most are automatic scanning processes to detect potential vulnerabilities. While these do not necessarily count as fully fledged attacks, they are still to be seen as relevant early-stage activities. Deutsche Telekom Security even develops its own malware in a shielded environment and uses it to test whether new systems can reliably detect and mitigate these attack vectors. In this way we ensure our own critical IT infrastructure is protected. We also offer other operators of critical infrastructure advisory services, for example energy providers.
Our security experts use their experience to help develop security solutions for our customers. Deutsche Telekom has brought a wide range of solutions to market maturity; in 2022, these included the Magenta Managed Detection & Response Endpoint, a solution enabling companies to react rapidly to threats and, if necessary, to stop processes in time to prevent further damage. With SASE, we also provide our customers with comprehensive protection in the cloud, so that they can work securely from anywhere. Data privacy and security play a fundamental role in the development of our products and services. We review the security of our systems at every step of development using the Privacy and Security Assessment process for new and existing systems when the technology or method of data processing is modified. We use a standardized procedure to also document the data privacy and data security status of our products throughout their entire life cycle. Our security management systems are certified externally. At the same time, we ensure that our services also comply with specific regulatory requirements from other industries, such as TISAX®, an established standard in the automotive industry.
Youth protection aspects are also taken into consideration in our product and service design. When we develop services that could be relevant in terms of youth protection in Germany, we consult our Youth Protection Officer for suggestions of restrictions or changes. In 2014, we appointed a Child Safety Officer (CSO) in each of our national companies in Europe. The CSO acts as a central contact for the relevant stakeholders of the community, and plays a key internal role in coordinating issues relevant to youth protection. Since protecting minors when they interact with media is a challenge across many different industries, we cooperate with different youth protection organizations and participate in alliances such as the “Alliance to better protect minors online,” which aims to make the internet a safer place for children and young people.
We work with research institutes, industry partners, initiatives, standardization bodies, public institutions, and other internet and telecommunications service providers worldwide with a view to fighting cybercrime and enhancing internet security together. For instance, we collaborate with the German Federal Office for Cybersecurity throughout Germany, and with the European Union Agency for Cybersecurity (ENISA) at EU level. We have also been involved in other national and international organizations for many years, such as the Federation of German Industries, Bitkom, and the Munich Security Conference. The Cyber Security Cluster Bonn is an association of authorities and companies in Bonn that are dedicated to consulting, education, and research in the field of cybersecurity. As an expert committee, the Cyber Security Cluster Bonn offers direct advice to German and European government bodies.