Risks and opportunities

In the following section, we present all risks and opportunities of significance to the Group – including emerging risks – that, as things currently stand, could affect the results of operations, financial position, and/or reputation of Deutsche Telekom and, via the subsidiaries’ results, the results of operations, financial position, and/or reputation of Deutsche Telekom AG. We only consider risks and opportunities after the mitigation measures taken (net assessment). If risks and opportunities can be clearly allocated to an operating segment, this is presented accordingly in the following.

In order to make it easier to understand and see their effects, we have assigned the individually assessed risks to the following categories. Where multiple individual risks are assigned to one risk category, we calculate the risk significance on the basis of risk aggregation carried out using a Monte Carlo simulation, in which we consider the individual risks along with their individual extent and probability of occurrence. The outcome, or risk significance, is the “value at risk.” This states that, with a particular probability of occurrence, the risk extent ascertained using the simulation will not be exceeded. An expert assessment is used for risk categories that have not been quantified.

The resulting risk significance for the risk categories is broken down into four levels:

Strategic risks and opportunities

Risks and opportunities relating to the macroeconomic environment. As an international corporation, we operate in a large number of countries, using a range of currencies. A substantial economic downturn could generally reduce the purchasing power of our customers and adversely affect our access to the capital markets. Exchange rate fluctuations could impact on our earnings.

Uncertainty over the global economic outlook remains high. The war in Ukraine has had a significant negative impact on the economic outlook. One repercussion is the sharp rise in energy prices, which in turn are driving up energy, transportation, and manufacturing costs. The general scarcity of energy sources could push up global energy prices further and lead to supply shortages, especially for our Germany and Europe operating segments. The coronavirus pandemic also continues to have implications for the global economy. Although the pandemic has only had a limited negative impact on the telecommunications sector so far, if it were to re-escalate, it could lead to further supply-side shortages. In this context, China’s central role for global supply and value chains poses a particular risk. As a result of the combination of rising prices and prolonged supply bottlenecks, a decline in economic output is expected in the latter part of 2022/early part of 2023 while inflation remains high. A migration to lower-cost rate plans among customers, as well as larger numbers of customers defaulting on payments, could ensue. Similar developments could also arise in the United States, where pandemic-related government aid programs have come to an end. Interest rate hikes in the United States and Europe and the likelihood of yet further increases could drive down overall investment activity and consumption. Additional risks could result from other geopolitical conflicts, for instance between China and Taiwan, and the uncertainty from international trade conflicts. In principle, extreme risks with a high impact of loss and a very low probability of occurrence could also have a substantial impact on the global economy and our business. Examples of these are extensive extreme weather events (e.g., tsunamis, solar storms), a new disruptive technology, further armed conflicts, or new pandemics. We therefore expect the macroeconomic situation in Germany, the United States, and Europe to deteriorate and are raising the risk significance from low to medium.

These risks are counterbalanced by opportunities. Many governments (including in Germany, in particular) have decided to provide extensive support to their citizens and companies – this helps to absorb at least part of the increase in energy prices and could mitigate falling consumption to some extent and reduce insolvency.

Risks from the market environment. The main market risks we face include the steadily falling profitability of voice and data services in the fixed network and in mobile communications. In addition to price reductions imposed by regulatory authorities, this is primarily attributable to ongoing intense competition in the telecommunications industry.

Competitive pressure is expected to continue, especially in the fixed network in Germany and the countries of our Europe operating segment. In the broadband market, the trend of disproportionate growth in the market shares of regional network operators and supra-regional specialist FTTH providers, particularly in Germany, continues to establish itself. They build out their own infrastructure and thus increase their market coverage. Increasingly this is done with fiber-optic infrastructure, thereby increasing their customer numbers and expanding their own value added. There is still strong competition to gain new customers by cutting prices and offering introductory discounts.

We expect ongoing price pressure for mobile voice telephony and mobile data services, which could adversely affect our mobile service revenues. Among the main reasons for this price pressure are data-centric, aggressively priced offers. Providers that do not have their own infrastructure (MVNOs) market such offers over the internet, for instance, while there is also the risk that smaller competitors will take unforeseen, aggressive pricing measures. Technological innovations such as the use of pure eSIMs in smartphones could put further pressure on prices by increasing the willingness of customers to switch providers.

Another competitive risk lies in the fact that, both in the fixed network and in mobile communications, we are increasingly faced with competitors who are not part of the telecommunications sector as such, but are increasingly moving into the traditional telecommunications markets. This mainly relates to major players in the internet and consumer electronics industries. As a result, we are exposed to the risk of a further loss of share of value added and falling margins due to increasingly losing direct customer contact to competitors.

T‑Mobile US is active in a market environment that is characterized by intensive, increasing competition. Alongside traditional telecommunications providers that deliver bundled offerings including content and mobile video services, there is additional competition, as mobile, fixed-networks, and satellite industries increasingly converge. Additionally, potential market saturation in the United States may cause the wireless industry’s customer growth rate to decline in comparison with previous years. There were changes in the market environment of T‑Mobile US among others due to the successful acquisition of spectrum. High-speed internet allows our U.S. subsidiary to offer its own access product and provide a basis on which to continue the business with bundled offerings. Furthermore, in the market environment of T‑Mobile US strategic partnerships and MVNO relationships are being built. T‑Mobile US must continue to successfully refine and implement its market strategy as Value Leader, Customer Service Leader and 5G Network Leader to attract and maintain customers. Increasing competitive pressure due to attractive bundle offers and device promotions could lead to difficulty in achieving targets in terms of business, financial and operating results in the future. Furthermore, social instability may cause protests or demonstrations that could escalate and lead to business disruptions such as store closures or inventory theft.

Innovation cycles are getting shorter and shorter. This confronts the telecommunications sector with the challenge of bringing out new products and services at shorter and shorter intervals. New technologies are superseding existing technologies, products, or services in part, in some cases even completely. This can lead to lower prices and revenues in relation to the services offered, such as telephony, news, internet access, smart home, or television – right through to full substitution by new, global providers. These substitution risks could impact our revenue and earnings. We deal with the impact of substitution risks by, for example, offering integrated solutions with hyper-personalization and contextualization (e.g., HomeOS) in order to “turn customers into fans” and thereby secure their loyalty. In terms of building out fiber-optic networks, more and more new competitors are entering into the markets, which can lead to longer payback periods for all market players. A strategic rivalry is growing between the “West” (United States and Europe) and the “East” (China), which could accelerate various technological areas (e.g., in 6G).

Our Systems Solutions operating segment also faces challenges. Continued strong competition and persistent cost pressure are adversely affecting traditional IT business. In addition, the technological shift toward cloud solutions and digitalization in the IT sector is prompting new, strongly capitalized, competitors to enter the market. This might lead to revenue losses and declining margins at T‑Systems.

Opportunities from the market environment. The telecommunications and IT market is extremely dynamic and highly competitive. The economic and competition conditions as well as customers’ changing wants and needs affect our actions and impact on our Company indicators. We generally expect the situation to develop as described in the section “Forecast.”

Apart from the risks described, there is the possibility that our customers could move to higher-value rate plans since the data volume of the applications used is rising steadily. Likewise, further growth could be generated by tapping into new customer segments, especially in the United States (e.g., for business customers and small and medium-sized enterprises). In addition, ever-shorter innovation cycles could enable us to drive the digital transformation of our society and to provide our consumers and business customers with innovative products and solutions. That is why, with growing convergence of networks, IT, and products, our innovation and technology activities are decisive when it comes to identifying opportunities and making the most of them in an increasingly competitive environment. Hence, our Technology and Innovation Board of Management department has joined all relevant functions under a common leadership to ensure a close integration of technology, innovation, IT, and security. By doing so, we are putting the development of human-centered solutions and outstanding, seamless customer experiences front and center, and in the reporting year we won multiple awards, for example, for our digital assistant Frag Magenta and the product MagentaZuhause (SmartHome).

For further information on our innovation activities, please refer to the section “Technology and innovation.”

The substantial increase in capacity, bandwidth, and availability, and the lower latencies provided by the 5G mobile standard we have rolled out offer greater reliability, security, and guaranteed service quality, for example, for industrial use cases. 5G enables increased requirements for existing business models to be managed more cost-efficiently going forward. In addition, it offers opportunities for further business models, by marketing improved network capabilities (e.g., network access, localization, security, identity, storage location, temporary storage) to relevant partners. We have already implemented many use cases with 5G, such as 5G campus networks, applications for extended reality (XR), support for autonomous driving and mobile edge computing, in which data is processed in a decentralized manner (at the edges of the network). Together with other technologies like the NarrowBand Internet of Things (NB-IoT) and artificial intelligence (AI), 5G and edge computing provide the underpinnings for the further digital transformation of society. To develop the next, sixth mobile generation, we are working with industry and researchers on a standard that aims to address a number of current challenges facing telecommunications networks: the connection between all people, the orchestration of various access networks, sustainability, and carbon neutrality, and the further underpinning of data privacy, trust, and security.

Furthermore, opportunities for new project business are arising in our systems solutions business from data sovereignty, innovation areas such as AI, and industrial IoT initiatives.

Risks relating to strategic implementation and integration. We are in a continuous process of strategic adjustments and cost-cutting initiatives. If we are unable to implement these projects as planned, we will be exposed to certain risks. In other words, the benefit of the measures could be less than originally estimated, take effect later than expected, or not at all. Each of these factors, individually or in combination, could have a negative impact on our business situation, financial position, and results of operations.

The business combination of T‑Mobile US and Sprint was consummated on April 1, 2020. The combination of the two companies to form the new T‑Mobile US affects all operational areas; for instance, the integration of the mobile networks and the IT and technology environments, customer management, sales, HR management, logistics, and the control environment. T‑Mobile US is making progress with leveraging synergies from the business combination with Sprint. By combining and optimizing the mobile networks, T‑Mobile US has already been able to migrate the vast majority of customers to its own network. T‑Mobile US is ahead of plan with the network decommissioning. The legacy Sprint CDMA retirement was substantially completed in the second quarter of 2022 and the orderly shut-down of the LTE network was completed in the third quarter of 2022. The last major part of the integration is the billing conversion, which is expected to be largely complete by the end of 2023. It remains necessary to fulfill multiple conditions, including those agreed with the antitrust and regulatory authorities. Numerous commitments exist, particularly with respect to the network build and to support DISH as they build a stand-alone network.

Collaboration with Chinese suppliers is being impeded by the enduring trade conflict between the United States and China. Since 2020, the United States has restricted the use of U.S. technology for and by Chinese suppliers on account of security concerns. They also put pressure on other countries to do the same. In Germany, the legislator has put an end to many years of intensive discussion concerning the security of critical infrastructure with the Second Act to Increase the Security of Information Technology Systems, or the IT Security Act 2.0 (IT-Sicherheitsgesetz 2.0). A positive outcome is that a number of long-disputed requirements for critical infrastructure (KRITIS) have now been laid down. Deutsche Telekom itself has long been scrutinizing security-critical components prior to installation and on an ongoing basis once in operation. We therefore assume that the assessment by the authorities will also be compatible with rapid network build-out and will not lead to any long-term delays. The IT Security Act 2.0 does not include any ban on individual manufacturers. The German Federal Ministry of the Interior and Community is currently drafting the necessary rules (on the certification of critical components, manufacturer declarations of trustworthiness, among others) for the practical application of the IT Security Act 2.0. The requirements laid down in the security catalog, drawn up by the Bundesnetzagentur and the Federal Office for Information Security in accordance with the Telecommunications Act and published in early August 2021, will be relevant to any critical components that could potentially be affected. In respect of the certification obligation for components that have already been installed, the catalog stipulates a transition period expiring on December 31, 2025. This is why the affected components can largely be considered to be grandfathered until that point in time. The risk of a retrospective order to remove components already installed in the network is low under current legislation. However, we cannot rule out the possibility that critical components from certain manufacturers currently in use may not be deployed from January 1, 2026 onwards. Several network operators have taken steps to file official objection proceedings to clarify the ambiguous legal terminology and scope of application of the security catalog. Irrespective of this, the hurdles for retrospective orders to remove components already approved will be high. In other countries, such as Austria and Poland, it is still possible that suppliers in critical infrastructure will have to be replaced within specific deadlines.

Opportunities relating to strategic implementation and integration. In our Magenta Advantage strategic area of operation, we work with partners to develop new digital business models based on our assets or capabilities. These partnerships provide opportunities for us to increase revenue and strengthen customer loyalty. Since the start of 2022, we have made exclusive offers from partner firms available to customers on our OneApp, for example TIER Mobility, GetYourGuide, and Disney+. We will continue to expand this pan-European loyalty program in our European markets going forward.

The logical network that has resulted from the completed IP transformation (all IP) speaks one language and, in technical terms, functions largely independently of the services transmitted. This will enable efficiency gains, e.g., by reducing the complexity of maintenance and operation, switching off service-specific legacy platforms, and saving energy. In addition, all IP will generate growth potential both by improving the customer experience of existing services (e.g., better voice quality, more customer self-service, greater configuration flexibility) and by providing an indispensable basis for convergence products and the Internet of Things, and by shortening the time to market for new products.

One of the key benefits of the all-IP network is that it also acts as a foundation for the future cloud- and software-based production of networks and services. It creates opportunities to increase efficiency, accelerate the provision of new services and features, improve quality, and tap into new revenue potential, while at the same time increasing automation.

The disaggregation of the access networks (in mobile communications: Open Radio Access Network, O-RAN; in the fixed-network: Access 4.0) and core networks (e.g., the 5G core network) as part of our network differentiation strategy offers the opportunities of expanding the supplier ecosystem and, as a result, increasing competition, flexibility, and innovation. As we simultaneously drive forward automation and cloudification, we also expect a reduction in total costs and an increase in agility and speed in the provision of new services and features.

We are driving forward the transformation of our IT using agile development, decoupling, and cloudification. These approaches enable us to tap into new possibilities for accelerating developments and increasing the efficiency of IT production, by providing modular components, known as microservices, and APIs and producing them in a scalable cloud with state-of-the-art technology. Furthermore, agile and decoupled development makes it possible to reduce big bang risks in the delivery of major software releases by means of smaller, flexible software releases.

Risks and opportunities arising from brand and reputation. An unforeseeable negative media report on our products and services or our corporate activities and responsibilities may have a huge impact on the reputation of our Company and our brand image. Social networks may make it possible that such information and opinions can spread much faster and more widely. Ultimately, negative reports may impact on our revenue and our brand value. In order to avoid this, we engage in a constant, intensive, and constructive dialog, in particular with our customers, the media, and the financial world. For us, the top priority is to take as balanced a view as possible of the interests of all stakeholders and thereby uphold our reputation as a reliable partner.

Risks and opportunities relating to sustainability and social responsibility. For us, comprehensive risk and opportunity management also means considering the opportunities and risks arising from ecological or social aspects or from the management of our Company. To this end, we actively and systematically involve all relevant stakeholders in the process so as to identify current and potential risks and opportunities along our entire value chain. In parallel with our ongoing monitoring of ecological, social, and governance issues, we systematically determine our stakeholders’ positions on these issues. The key tools we use here are: a document analysis, covering legal texts, studies, and media publications, amongst other things; our involvement in working groups and committees of national and international business associations and social organizations, e.g., GeSI, ETNO, BDI, Bitkom, Econsense, and BAGSO; stakeholder dialog formats organized by us; our various publications, such as the press review and newsletters; and workshops with experts from our Company. We also integrate the biggest sustainability risks in our internal compliance assessment, thereby recording the associated positioning and development of measures in the various business areas.

For further information on sustainability, please refer to the section “Combined non-financial statement.”

We have identified the following as our main sustainability management issues:

• Reputation. How we deal with sustainability issues also entails both opportunities and risks for our reputation. A high level of service quality is one of the most important factors for improving customer perception. Customer satisfaction has been embedded in our Group management as a non-financial performance indicator to underline the importance of this issue. Transparency and reporting help to promote the trust of other external stakeholders in our Group. Our annual and CR reports also serve this purpose. However, issues such as business practices, data privacy, and work standards in the supply chain, conduct in relation to human rights, and ethical conduct in relation to and use of AI also entail reputational risks: if our brands, products, or services are connected with such issues in negative media reports, this may cause substantial damage to our reputation. As part of our sustainability management activities, we continuously review such potential risks and take measures to minimize them. This includes systematically incorporating them in the Group’s internal compliance management system, so as to determine the relevance of the risks in relation to sustainability issues and their effect on reputation across units. We also ascertain how our products and services make a positive contribution to sustainability in order to enhance our reputation.

• Climate protection. We pursue an integrated climate strategy, which means focusing not only on the risks that climate change poses for us and our stakeholders, but also on the opportunities it presents. By 2030, ICT products and services will have the potential to save up to seven times as much in CO₂ emissions in other industries as the growth in the ICT sector itself will generate, even taking into account the expected rebound effects (according to the GeSI Digital for Purpose study). Taking an optimistic view, this could mean a 9 % reduction in global CO₂ emissions by 2030. In addition, investments of around USD 3 trillion in innovative solutions are expected by 2030, which will not only expand the business, but will also support the SDGs. We are supporting this trend by evaluating our product portfolio to identify sustainability benefits. In addition, we want to continuously improve the ratio of the emissions that our products and services save to those generated by our own value chain and report on our corresponding successes using an enablement factor.

  Climate change risks are already visible in the form of increasingly extreme weather conditions. Such storm events can damage our infrastructure and disrupt network operation. This would have a direct effect on our stakeholders, e.g., our customers, suppliers, and employees and can result in revenue losses or lower customer satisfaction. The risk is assessed in relation to the continuation of operations as part of risk management and is managed at an operational level in the business units. Deutsche Telekom welcomes the targets behind the Task Force on Climate-related Financial Disclosures (TCFD) and is actively working to implement them. In a first step, we conducted a gap analysis on the coverage of TCFD recommendations. In a number of workshops with relevant players from technology, procurement, strategy, and risk management, we defined Deutsche Telekom AG’s key climate-related opportunities and risks and gave them an initial weighting. As a next step, we conducted a location analysis, with the example of Germany, of the physical climate risks in various scenarios (business as usual/4-degree scenario), which is now being internationalized as part of a transnational project. In addition to the physical risks, transitory risks (threats arising from sudden adaptations to climate change made by economic sectors) were also being analyzed in detail.

  We will publish detailed information on this in the 2022 CR Report.

  We can take further preventive action in this area by also reducing our own CO₂ emissions. For this reason, in 2021 we set ourselves the ambitious target of cutting our CO₂ emissions across the Group (Scope 1 and 2) to net zero by 2025. Up to 95 % of these emissions will be actually cut. Any remaining emissions will be offset through compensatory measures. Climate protection also carries financial risks, whether from the introduction of levies on CO₂ emissions or increased energy costs, as well as stricter requirements for products, for example in relation to energy efficiency. The measures we are taking to counter these risks include measuring our own energy efficiency and finding ways to improve it. Our new ESG targets agreed from 2021 for Board of Management remuneration in relation to the respective annual energy consumption as well as the planned annual CO₂ emissions for Scope 1 and 2 also contribute to achieving the climate targets and energy efficiency measures. We have a Group-wide program to specifically address our supply chain and we are working to optimize our products and their packaging. Since 2021, the Group has covered 100 % of its electricity requirement with renewable energy. This is achieved through power purchase agreements (PPAs) and other forms of direct purchase, also by other means, such as through guarantees of origin.

  For further information on this, please refer to the section “Combined non-financial statement.”

• Suppliers. We see more sustainability in our supply chain as an opportunity – for our reputation and our business success. Apart from the general risks associated with our global procurement activities, we could be exposed to country- and supplier-specific risks. These include, for example, the use of child labor, the conscious acceptance of environmental damage, or inadequate local working and safety conditions. We systematically review our processes, including in terms of upcoming requirements (e.g., the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz)). Our due diligence obligations relate both to our own operating activities and to our supply chain. We regularly analyze and assess potential risks and introduce preventive and corrective measures as required. We conduct audits mainly within the scope of the Joint Audit Corporation (JAC). The aim of the JAC is to reduce sustainability risks in our supply chain and to improve ecological and social aspects, including the issue of human rights. As such, the audit is compliant with internationally recognized guidelines and standards, such as the ILO Core Labor Standards, the UN Guiding Principles on Business and Human Rights, and the OECD Guidelines for Multinational Enterprises. Our partnerships with suppliers that comply with international sustainability standards ensure a high level of product quality and reliable procurement. We have a special development program in place to help strategic suppliers introduce business practices that are both socially and ecologically acceptable while remaining economically efficient. This program showed measurable successes again in the reporting period and has three major advantages: It has a positive impact on our suppliers’ working conditions, enhances their profitability, and makes the economic relevance of sustainability clear for both sides, i.e., for our suppliers and for the Group alike. For instance, better working conditions at our suppliers reduces the number of work-related accidents as well as the attrition rate. That, in turn, ensures high product quality and increases productivity, while at the same time lowering costs for recruitment and training. Thus, not only are we strengthening our suppliers’ profitability and CR performance, we are also significantly reducing identified risks.

Health. Mobile communications, or the electromagnetic fields used in mobile communications, regularly give rise to concerns among the general population about potential health risks. This issue continues to be the subject of public, political, and scientific debate. Acceptance problems among the general public mostly concern mobile communications networks and occasionally the use of mobile terminals such as smartphones, tablets, and laptops. The discussion has intensified repercussions for the build-out of the mobile infrastructure. In the fixed network, this could affect the use of traditional IP and DECT (digital cordless) phones, and devices that use Wi-Fi technology. There is a risk of regulatory interventions, such as tightened thresholds for electromagnetic fields or the implementation of precautionary measures in mobile communications, e.g., amendments to building law, or also the risk of a labeling requirement for handsets.

Over the past few years, recognized expert organizations such as the World Health Organization (WHO) and the International Commission on Non-Ionizing Radiation Protection (ICNIRP) have repeatedly reviewed the current thresholds for mobile communications and confirmed that – if these values are complied with – the use of mobile technology is safe based on current scientific knowledge. National and international expert organizations will continue to regularly review the recommended thresholds.

We are convinced that mobile communications technology is safe if specific threshold values are complied with. We are supported in this conviction by the assessment of the recognized bodies. Our responsible approach to this issue finds expression in our Group-wide EMF Policy, with which we commit ourselves to more transparency, information, participation, and support of independent mobile communications research, far beyond that which is stipulated by legal requirements. We aim to overcome concerns among the general public by pursuing an objective, scientifically well-founded, and transparent information policy. We thus continue to see it as our duty to continue our trust-based dialog with local authorities and to ensure its successful progress. This particularly applies since our long-standing collaboration with municipalities to expand the mobile network was enshrined in law in 2013. Previously, this collaboration was based on voluntary self-commitments by the network operators.

Operational risks and opportunities

Risks arising from technology. We have an increasingly complex information/network technology (IT/NT) infrastructure, which we constantly expand and upgrade to ensure the best customer experience and consolidate our technology leadership. Outages in the current and also future technical infrastructure cannot be completely ruled out and could in individual cases result in revenue losses or increased costs. After all, our IT/NT resources and structures are the key organizational and technical platform for our operations. The ongoing convergence of IT and NT harbors risks. In order to counter these holistically, our technology, innovation, IT, and security activities are combined under the Board of Management department for Technology and Innovation.

Risks could arise in this area relating to all IT/NT systems and products that require internet access. For instance, faults between newly developed and existing IT/NT systems could cause interruptions to business processes, products, and services, such as smartphones and MagentaTV, or to connectivity for business customers. In order to avoid the risk of outages, e.g., due to natural disasters or fires, we use technical early warning systems and redundant IT/NT systems. The Computer Emergency Response Team (CERT) at Deutsche Telekom Security is in charge of protecting our business customers’ servers. In cloud computing, all data and applications are stored at a data center. Our European data centers have security certification and meet strict data protection provisions and the EU regulations. All data relating to companies and private persons is protected from external access. Constant maintenance and automatic updates keep the security precautions up to date at all times. On the basis of a standardized Group-wide business continuity management (BCM) process, we also take organizational and technical measures to prevent damage from occurring or, if we cannot, to mitigate the subsequent effects. We also have insurance cover for insurable risks.

T‑Mobile US relies upon its systems and networks and the systems and networks of other providers and suppliers, to provide and support services. T‑Mobile US’ business, like that of most retailers and wireless companies, involves the receipt, storage, and transmission of customers’ confidential information, including sensitive personal information, payment card information, and confidential information about their employees and suppliers, as well as other sensitive information about T‑Mobile US, such as business plans, transactions, and intellectual property. Cyberattacks, such as denial of service and other malicious attacks, could disrupt T‑Mobile US’ internal systems, networks, and applications, impair its ability to provide services to customers, and have other adverse effects on its business.

In order to grow and remain competitive with new and evolving technologies in the industry, T‑Mobile US will need to adapt to future changes in technology, continually invest in its network, increase network capacity, enhance existing offerings, including through digital channels, and introduce new offerings to address its current and potential customers’ changing demands. If T‑Mobile US is unable to take advantage of technological developments on a timely basis, then it may experience a decline in demand for its services or face challenges in implementing or evolving its business strategy. Following the business combination with Sprint, T‑Mobile US operates and maintains several customer billing systems and will continue to run them until all of Sprint’s legacy customers have been successfully migrated to T‑Mobile US’ existing billing systems. Unexpected difficulties or delays could cause major system or business disruptions. As the customer migration of Sprint customers is on track and the churn of legacy Sprint customers has been reduced, we have lowered the risk significance from “high” to “medium” of the risk category Technology Risks USA.

Opportunities arising from technology. The utilization of large data volumes (big data) from our networks can improve and speed up decision-making processes by enhancing transparency. It does so by shifting the basis for decisions from hypotheses to facts and, for example, enabling correlations to be recognized. In this way, machine learning can be used, for example, to manage the energy consumption of our technology in a forward-looking way based on the analysis of network data.

Our Systems Solutions operating segment covers innovative business areas in the digital transformation of business processes, such as cloud computing, edge computing, and cybersecurity. These business areas could develop faster than expected. As a pioneer of the digital transformation, we have an opportunity to actively shape market trends through a variety of projects in the fields of healthcare, public administration, and mobility solutions. Under these data-based digital business models, our partner-oriented approach is a highly promising way of contributing our core competencies – in cloud computing, edge computing, and cybersecurity – to various projects. In addition, we have references regarding strategic engagements in our focal sectors Automotive, Public Administration, Health, and Public Transport. We also see potential for development in the sovereign clouds environment.

As a technology and development partner for toll collection business in Europe, we already have a strong competitive position. We have earned valuable references in European toll collection projects in Belgium and Austria and through the launch of a Europe-wide toll collection system (Toll4Europe). This will help to give us an edge over our competitors.

Procurement and supply risks. Deutsche Telekom cooperates with a variety of suppliers of technical (information and communication technology) and non-technical products and services. Products and services that might involve a higher risk include software and hardware, network technology components, and all products and services provided directly to end customers.

Deutsche Telekom’s supply chains are currently being negatively impacted by a number of factors, e.g., by a shortage of semiconductor chips, the coronavirus pandemic, geopolitical tensions, e.g., between China and Taiwan, and the war in Ukraine. There has been an imbalance between supply and demand on the global market for semiconductor chips since 2021. In addition, pandemic-related restrictions (e.g., lockdowns in Asian countries in the form of temporary factory and seaport closures) and geopolitical tensions (e.g., technology sanctions imposed by the United States) were impeding the global logistics stability regarding raw and other materials. Furthermore, the general costs of semiconductor materials, production, global logistics, energy, and wages are rising, driven in part by inflation and exchange rates. This leads to general price rises for products and services. Europe is experiencing supply delays. However, short-term shortages were avoided thanks to countermeasures taken. Inventory shortages could also arise in the United States. The establishment of additional production capacities means that the situation regarding the availability of semiconductors is expected to ease in the medium term. Additional risks may also result from the dependence on individual suppliers or from individual vendors defaulting. This applies in particular for Chinese suppliers of telecommunications technology. We employ organizational, contractual, and procurement strategy measures to counteract these challenges. For example, in early 2021, the Group-wide Supply Chain Resilience task force was set up to assess the risk situation at regular intervals and, where necessary, take relevant mitigating measures, and monitor their implementation.

Risks and opportunities arising from data privacy and data security

Data privacy. All Group companies are subject to specific data privacy regulations (in the EU especially the General Data Protection Regulation (GDPR)). These requirements must be implemented and their compliance must be monitored. Data privacy incidents could be sanctioned with extremely high fines (up to between 2 and 4 % of the global Group revenue). The European supervisory authorities’ concept for fines has been applied. It stipulates very high fines even for violations with a low criticality. Despite mitigation measures and well-established data privacy management structures, it is not possible to fundamentally rule out data privacy incidents as almost all procedures/processes in the Group are relevant in terms of data protection. Errors may occur that are linked to reputation, cost, and sanction risks.

Since the introduction of the GDPR, data privacy law has been largely harmonized in Europe. As a Group with its focus in Europe, Deutsche Telekom has benefited from this, since the majority of special national data privacy regulations no longer apply and no longer have to be implemented in the individual entities in the European Union, reducing additional costs. In the recent past, European institutions have further strengthened data protection. On July 16, 2020, the European Court of Justice (ECJ) issued a landmark judgment on Schrems II. With this ruling, Europe’s highest court addressed the concerns on the level of data protection in the United States and declared the adequacy decision of the EU Commission for the United States (Privacy Shield) void. Since then, our Group Privacy unit has worked with all affected Group units to implement the requirements arising from the ruling and the publications of the European Data Protection Board. Nevertheless, a residual risk remains since the authorities’ regulatory practice has yet to be clarified. All companies in the EU, but also their contractual partners around the globe, must rise to the significant challenges of this ruling in order to be able to ensure data continues to be processed in compliance with data protection regulations going forwards. Group Privacy sees the current developments between the EU Commission and the United States concerning the conclusion of a new “EU-U.S. Data Privacy Framework” as an opportunity for greater legal certainty in international cooperation.

The new requirements also affect the Group’s Privacy and Security Assessment (PSA) process. This process, which is now fully digital, meets the requirements of the GDPR with regard to carrying out a Privacy Impact Assessment for evaluating and documenting the risks posed by data processing. For example, a Transfer Impact Assessment was integrated in the PSA process. In all new procedures with a third-country involvement, all requirements from the ruling are taken into account and documented right from development. The new standard contractual clauses published by the European Commission in 2021 have been mandatory for all new agreements concluded since September 27, 2022. Under the Schrems II project, existing agreements with suppliers and partners in third countries were amended to take account of the new standard contractual clauses by the implementation deadline of December 27, 2022.

In addition, we have carefully examined technical developments and digital transformation projects to verify if they are in line with the Group strategy. Take, for example, the service app, which our customers can use to manage their Telekom products and contracts. In 2021, this standardized technical and data privacy-compliant solution was also launched in Germany. Another example is the German Corona-Warn-App and the subsequent European solution, which we continue to further develop together with the Robert Koch Institute, SAP, and other partners. Deutsche Telekom played a role in developing this app with partners, the Federal Government and other institutions.

T‑Systems signed the EU Cloud Code of Conduct (EU Cloud CoC) in 2021. After all, the EU Cloud is synonymous with something essential, namely, nothing less than the digital sovereignty of Europe in cloud services. This refers to the complete control of stored and processed data and independent decision-making on who can access the data. This requires clear rules and requirements, which is what the EU Cloud CoC offers. The European data protection authorities authorized this Code of Conduct. By becoming a signatory, the Company and hence also T‑Systems undertakes to continue to increase the data protection level for cloud services in the interests of customers and European data protection. In this way they provide proof that data is processed in accordance with the requirements of the GDPR. Compliance with the rules is reviewed by an independent body.

However, since the ePrivacy Regulation has still not yet been adopted, there is yet another sector-specific regulatory challenge for the telecommunications sector in the EU. As telecommunications providers’ data processing options are substantially restricted compared with what is possible under the GDPR, innovative big data and artificial intelligence applications in the field of telecommunications cannot realize the same kind of potential as those of companies that are only subject to the GDPR.

Data security. IT security continues to pose major challenges. In addition to preventive measures such as integrated security in business processes and measures to raise security awareness among employees, we counter these challenges with increased focus on the analysis of threats and cyber risks. This is where our early warning system comes in: It detects new sources and types of cyberattack, analyzes the behavior of the attackers while maintaining strict data privacy, and identifies new trends in the field of security. Along with the honeypot systems, which simulate vulnerabilities in IT systems, our early warning system includes alerts and analytical tools for spam mails, viruses, and Trojans. We exchange the information we obtain from all these systems with public and private bodies to detect new attack patterns and develop new protection systems.

Cybercrime and industrial espionage are on the rise and they are becoming ever more complex due to rapidly advancing technologies and attack methods. As a result, we face constant challenges and adjustments to protect our customer and business partner data, as well as our networks, technologies, products, and services against these attacks. Such incidents can lead, among other things, to business disruptions, embezzlement, or unauthorized access to confidential or personal information, and to loss of reputation. Due to the rise in successful, significant cyberattacks against Deutsche Telekom in recent years, and on the basis of the updated financial evaluation of cyber risks, we have raised the risk significance of the risk category “Data privacy and data security” from “medium” to “high.” We are addressing this development with comprehensive security concepts. In order to create greater transparency and thus be in a stronger position to tackle these threats, we are relying more and more on partnerships, e.g., with public and private organizations. By means of the Security by Design principle, we have made security an integral part of our development process for new products and information systems. In addition, we carry out intensive and obligatory digital security tests.

We are continually striving to accelerate our growth through IT security solutions. To this end, we have combined our security units within Deutsche Telekom Security. We want to leverage this end-to-end security portfolio to secure market shares and score points with security concepts on the back of megatrends like the Internet of Things and Industry 4.0. We are also continuing to gradually expand our partner ecosystem in the area of cybersecurity.

We provide regular updates on the latest developments in data protection and data security on our website.

Other operational risks and opportunities

Employees. Our employees play a crucial role in the transformation of Deutsche Telekom. Their skills are a key factor to our business success. Both this success and our service provision are dependent on the ability to acquire, retain, and develop specialist staff and talents. Growing competition for experts and the war for talents, coupled with the need to offer increasingly flexible working conditions (e.g., remote working), could lead to key employees (in particular those in technical and IT-related roles) leaving the company, while demand continues to grow unabated. Sharply rising entry-level salaries could exacerbate the situation and increase costs further. The availability of staff with an appropriate skill set at nearshore and offshore sites is crucial when it comes to rendering services on budget, in line with requirements, and on time. The demands of the talents with regard to potential employers have also increased. Apart from remuneration, factors they care about include flexible working, environmental social governance, culture, diversity, and innovations. Due to the intensifying war for talents and potential salary-driven cost increases, we are raising the significance of the risk category “Other operational risks” from low to medium. We systematically work to address these challenges head on, for example, by strengthening Deutsche Telekom and T‑Mobile US as an attractive employer brand and by proactively seeking out new specialist staff and talents worldwide.

In 2022, we once again used socially responsible measures to restructure the workforce in our Group. Early retirement models such as phased and dedicated retirement, and severance payments have been largely taken up, but also the training and placement of civil servants in the public sector by Vivento has proved very popular. The transformation with the associated staff restructuring is extremely important for achieving the Group’s goals. Nevertheless, it is essential the restructuring is managed in a targeted way. That is why, for each request by an employee to take up a staff reduction instrument, it must be ensured on principle that the arrangement is voluntary on both sides (agreed by employee and manager), so as to avoid, for example, the loss of high performers.

The Company still employs numerous civil servants, who originally belonged to Group units of Deutsche Telekom that have since been sold. Where requested, these civil servants have been granted temporary leave from their civil servant status. However, there is a risk that they may return to us from a sold entity, for instance after the end of their temporary leave from civil servant status, without the Company being able to offer them jobs. Currently, 1,061 civil servants are entitled to return from outside the Group in this way (as of December 31, 2022), thus posing a risk.

Risks and opportunities relating to regulation

In the following section, we describe the main regulatory risks and opportunities that, as things currently stand, could affect our results of operations and financial position, and our reputation.

Regulatory risks arise from telecommunications-specific statutory regulations at the national, European, and U.S. level, and from the consequent powers of national authorities to regulate or intervene in the market and limit our freedom as regards product design and pricing. Deregulation can give rise to regulatory opportunities. Regulatory intervention, which we can only anticipate to a limited extent, may exacerbate existing price and competitive pressure. There are concerns that regulation in the United States, Germany, and other European countries may also impact revenue and earnings trends in the medium to long term.

Changes in regulatory policy and legislation

European legislation constantly influences our pricing and product design. After the European Electronic Communications Code (EECC) resulted in adjustments to national laws in the previous year, the EU Roaming Regulation entered into force on July 1, 2022. It extends the Roam Like at Home requirements for another ten years, establishes provisions for transparency and quality, and sets prices for charging between providers.

For more information on the European roaming rules, please refer to the section “Major regulatory decisions.”

Policy decisions can give rise to risks, but also opportunities. The Federal Government’s Digital Strategy adopted in August 2022 is a first step for potential further measures, for example, in connection with digitalization projects in administration or a modern legal framework for the data economy. The Gigabit Strategy contained therein aims, among other goals, to ensure nationwide fiber-optic coverage and state-of-the-art mobile technology. To this end, measures are expected in relation to approval processes or the realignment of the subsidized build-out, which could significantly affect conditions for the continued network build-out.

For more information on the Federal Government’s digital strategy, please refer to the section “Major regulatory decisions.”

In view of the highly topical debates regarding the network security of critical infrastructure, the legislator has already announced adjustments in this regard, which will be implemented by regulatory and other authorities. This will lead to new requirements, for which the costs of implementation for Deutsche Telekom are not yet possible to estimate.

In the United States, too, new or amended wireless-related provisions and laws can increase the complexity of processes and lead to higher costs for T‑Mobile US.

Awarding of spectrum

Risks could arise from the fact that inappropriate auction rules and frequency usage requirements, excessive reserve prices, or disproportionately high annual spectrum fees could jeopardize our planned acquisition of spectrum. Inappropriate conditions for the awarding of spectrum can include, for example, extensive build-out requirements and, in some cases, requirements to grant network access (national roaming, service provider access). By contrast, we see an opportunity in particular in the fact that such spectrum award procedures enable mobile network operators to obtain the optimum amount of spectrum for their future business. We would thus be equipped for further growth and innovation. The upcoming award procedures mainly relate to the auctioning of additional spectrum in the 700 MHz, 800 MHz, 900 MHz, 1,800 MHz, 3,400 to 3,800 MHz, and the 26,000 MHz ranges. In addition, spectrum licenses, especially in the 2,100 MHz and 2,600 MHz ranges, will expire by 2024 in some countries and need to be renewed. Major award procedures are currently being prepared, primarily in Croatia, Austria, Poland, Hungary, Slovakia, and the Czech Republic. In Germany, consultations were held regarding the 800 MHz, 1,800 MHz, and 2,600 MHz bands to determine which award procedure to select (auction or extension). A final decision on this has not yet been made.

For further information on spectrum auctions that were completed in 2022 or are still ongoing, please refer to the section “Major regulatory decisions.”

Areas in which national regulators may intervene

European and national laws and regulations grant national regulators extensive powers of intervention.

Our Group companies in Germany and Europe continue to be subject to extensive regulation of wholesale products, obligating us to make our network and services available to our competitors wherever we are deemed to have significant market power as an operator. The national regulators regularly check and determine the corresponding terms, conditions, and prices of these wholesale offerings. The key wholesale products subject to regulation are unbundled local loop lines, bitstream products, leased lines, and the associated services.

In July 2022, the Bundesnetzagentur published its decision on the future regulation of access to Deutsche Telekom’s copper and fiber-optic network. With this decision, rules for FTTH networks are laid down, the previous regulation for Layer2 (VDSL) is discontinued, and access to ducts and poles is also imposed. The precise access conditions will be set down in the subsequent procedures, by means of which the authority will influence Deutsche Telekom’s pricing and product design.

For further information, please refer to the section “Major regulatory decisions.”

Within the scope of the subsidized network build-out, companies have an obligation to ensure access to the subsidized network. The Bundesnetzagentur can be called on to settle disputes. Since 2021, termination rates have been determined directly by the European Commission by way of a delegated act. In addition, European and national consumer protection regulations apply.

In addition to the requirements of telecommunications law, our media products are also subject to special European and national regulations under media law, as well as non-sector-specific regulations such as data and consumer protection. These include, in the broader sense, copyright law, regulations concerning the responsibility for published content, requirements in relation to ensuring the protection of minors in the media, and requirements in relation to the content and user interfaces of media distribution platforms. Barring any changes to its shareholder structure on the one hand (the Federal Republic and KfW being its major shareholders), or to the legal situation, or the prevailing opinions of media regulators on the other, it is unlikely that Telekom Deutschland will be granted a license to broadcast radio and TV programs.

Litigation

Major ongoing legal proceedings

Deutsche Telekom is party to proceedings both in and out of court with government agencies, competitors, and other parties. The proceedings listed below are of particular importance from our perspective. If, in extremely rare cases, required disclosures on individual litigation and anti-trust proceedings are not made, we concluded that these disclosures may seriously undermine the outcome of the relevant proceedings.

Prospectus liability proceedings (third public offering, or DT3). This relates to initially around 2,600 ongoing lawsuits from some 16,000 alleged buyers of T-Shares sold on the basis of the prospectus published on May 26, 2000. The plaintiffs assert that individual figures given in this prospectus were inaccurate or incomplete. The amount originally in dispute totaled approximately EUR 78 million plus interest. Some of the actions are also directed at KfW and/or the Federal Republic of Germany as well as the banks that handled the issuances. The Frankfurt/Main Regional Court had issued orders for reference to the Frankfurt/Main Higher Regional Court in accordance with the German Capital Investor Model Proceedings Act (Kapitalanleger-Musterverfahrensgesetz – KapMuG) and has temporarily suspended the initial proceedings. On May 16, 2012, the Frankfurt/Main Higher Regional Court had ruled that there were no material errors in Deutsche Telekom AG’s prospectus. In its decision on October 21, 2014, the Federal Court of Justice partly revoked this ruling, determined that there was a mistake in the prospectus, and referred the case back to the Frankfurt/Main Higher Regional Court. On November 30, 2016, the Frankfurt/Main Higher Regional Court ruled that the mistake in the prospectus identified by the Federal Court of Justice could result in liability on the part of Deutsche Telekom AG, although the details of that liability would have to be established in the initial proceedings. Following an appeal from both parties, in February 2021, the Federal Court of Justice once again referred the proceedings back to the Frankfurt/Main Higher Regional Court for further consideration. In November 2021, Deutsche Telekom AG presented a settlement concept under which a concrete settlement offer is to be made to every eligible plaintiff. The settlement offers are made without any judicial decision and do not constitute an admission of liability on the part of Deutsche Telekom AG. Settlements have now been agreed with the majority of the eligible plaintiffs. Deutsche Telekom AG has recognized appropriate provisions for risk in the statement of financial position.

Claims relating to charges for the shared use of cable ducts. In 2012, Kabel Deutschland Vertrieb und Service GmbH (today Vodafone Deutschland GmbH (VDG)) filed a claim against Telekom Deutschland GmbH to reduce the annual charge for the rights to use cable duct capacities. In similar proceedings, the then Unitymedia Hessen GmbH & Co. KG, Unitymedia NRW GmbH, and Kabel BW GmbH (today all Vodafone West) filed claims against Telekom Deutschland GmbH in January 2013, demanding that it cease charging the plaintiffs more than a specific and precisely stated amount for the shared use of cable ducts, including in the future. The claims were rejected by the Frankfurt Higher Regional Court (VDG) and by the Düsseldorf Higher Regional Court (Vodafone West) and an appeal was not allowed in both cases. In response to the complaints of the plaintiffs against non-allowance of appeal, the Federal Court of Justice allowed the appeal by VDG to the extent that it relates to claims dating from January 1, 2012; the appeal by Vodafone West was allowed to the extent that it relates to claims dating from January 1, 2016. The claims were rejected with legally binding effect for the time periods prior to this. In a ruling on December 14, 2021, the Federal Court of Justice referred the proceedings concerning the remaining claims back to the responsible Higher Regional Courts for a new hearing and decision. VDG has since updated its claim, which it now puts at around EUR 749 million plus interest for the period from January 2012 to December 2021. The plaintiff Vodafone West has also updated its claim, which it now puts at around EUR 418 million plus interest for the period from January 2016 to June 2022. At present the financial impact of both these proceedings cannot be assessed with sufficient certainty.

Sprint Merger class action. On June 1, 2021, a shareholder class action and derivative action was filed in the Delaware Court of Chancery against Deutsche Telekom AG, SoftBank, T‑Mobile US, and all of our officers and directors at that time, asserting a breach of fiduciary duties relating to the purchase price amendment to the Merger Agreement, as well as SoftBank’s subsequent monetization of its T‑Mobile US shares. On October 29, 2021, the complaint was amended. The amended complaint is directed at the same defendants and the same underlying transactions as in the original action; however, it includes additional submission on alleged facts. At present, the financial impact of these proceedings cannot be assessed with sufficient certainty.

Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in August 2021. In August 2021, T‑Mobile US confirmed that their systems had been subject to a criminal cyberattack that compromised data of millions of their customers, former customers, and prospective customers. With the assistance of outside cybersecurity experts, T‑Mobile US located and closed the unauthorized access to their systems and identified customers whose information was impacted and notified them, consistent with state and federal requirements. As a result of the cyberattack, numerous consumer class actions including mass arbitrations were filed against T‑Mobile US. The class actions brought before the federal courts were consolidated into one action in December 2021. The plaintiffs are claiming damages in an as yet unspecified amount. On July 22, 2022, T‑Mobile US entered into an agreement to settle the consumer class action in the Federal Court for USD 350 million (EUR 331 million). In addition, T‑Mobile US has committed to spending a total of USD 150 million in 2022 and 2023 on data security and related technologies. The settlement is subject to final court approval. T‑Mobile US expects that the settlement of the consumer class action, if approved by the court, together with further settlements already or still to be concluded with consumers, will satisfy essentially all claims asserted to date by current, former, and potential customers affected by the cyberattack in 2021. T‑Mobile US has recognized corresponding provisions for risks in the statement of financial position of around USD 0.3 billion (EUR 0.3 billion).

Furthermore, in November 2021, a derivative action was brought against the members of the Board of Directors of T‑Mobile US and against T‑Mobile US as nominal defendant. This action has since been withdrawn. In September 2022, a further purported shareholder filed a new derivative action against the members of the Board of Directors of T‑Mobile US and against T‑Mobile US as nominal defendant alleging claims for breach of fiduciary duties relating to the company’s cybersecurity practices. It is currently not possible to estimate the resultant financial risk with sufficient certainty.

In addition, inquiries have been made by various government agencies, law enforcement and other state authorities, with which T‑Mobile US is cooperating in full. At present the financial impact of these proceedings cannot be assessed with sufficient certainty.

Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in January 2023. On January 5, 2023 T‑Mobile US identified that a bad actor was obtaining data through an application programming interface (API). Based on the company’s preliminary investigation, the affected API was only able to provide a limited set of customer account data, including name, billing address, email address, telephone number, date of birth, T‑Mobile account number, and information such as the number of lines on the account and plan features. The preliminary results of the investigation indicate that, in total, around 37 million current postpaid and prepaid customer accounts were affected, although many of these accounts did not include the full data set. Based on an initial assessment, T‑Mobile US assumes that the attacker retrieved data via the affected API for the first time from or around November 25, 2022. The company continues to investigate the incident and, in accordance with federal and state requirements, has notified those individuals whose data was affected. In connection with this cyberattack, consumer class actions were filed against T‑Mobile US and official inquiries were submitted to the company, to which it will respond and, as a result of which, it may incur substantial expenses. It is currently not possible to estimate the resultant financial risk with sufficient certainty.

Patents and licenses. Like many other large telecommunications and internet providers, Deutsche Telekom is exposed to a growing number of intellectual property rights disputes. There is a risk that we may have to pay license fees and/or compensation; we are also exposed to a risk of cease-and-desist orders, for example relating to the sale of a product or the use of a technology.

Further, Deutsche Telekom intends to defend itself and/or pursue its claims vigorously in each of these proceedings.

Anti-trust proceedings

Like all companies, our Group is subject to anti-trust law. In recent years, we have notably stepped up our compliance efforts in this area too. Nevertheless, Deutsche Telekom and its subsidiaries are from time to time subject to proceedings under anti-trust law or follow-on damage actions under civil law. In the following, we describe material anti-trust proceedings and resulting claims for damages.

Claims for damages against Slovak Telekom following a European Commission decision to impose fines. The European Commission decided on October 15, 2014 that Slovak Telekom had abused its market power on the Slovak broadband market and as a result imposed fines on Slovak Telekom and Deutsche Telekom AG, which were paid in full in January 2015. After the General Court of the European Union partially overturned the European Commission’s decision in 2018 and reduced the fines by a total of EUR 13 million, the legal recourse following the ruling of the European Court of Justice on March 25, 2021 is exhausted. Following the decision of the European Commission, competitors filed damage actions against Slovak Telekom with the civil court in Bratislava. These claims seek compensation for alleged damages due to Slovak Telekom’s abuse of a dominant market position, as determined by the European Commission. A further claim was filed with the court in the reporting period, such that there are now three claims pending, amounting to a total of EUR 219 million plus interest. It is currently not possible to estimate the financial impact with sufficient certainty.

Claims for damages against Deutsche Telekom AG, including due to insolvency of Phones4U. Phones4U was an independent British mobile retailer, which declared insolvency in 2014. The insolvency administrator is pursuing claims before the High Court of Justice in London against the mobile providers active on the UK market at that time and their parent companies on the grounds of alleged collusion in violation of anti-trust law and breach of contract. Deutsche Telekom AG, which at that time held 50 % of the mobile company EE Limited, has rejected the claims as unsubstantiated. The High Court of Justice in London heard testimony from several witnesses and experts in the period between mid-May and the end of July 2022 with a view to establishing the legal basis for a claim. Phones4U is still seeking damages in an as yet undisclosed amount. It is currently not possible to estimate the financial impact with sufficient certainty.

Compliance risks

Compliance risks are risks arising from systematic infringements of legal or ethical standards that could result in regulatory or criminal liability on the part of the company, its executive body members, or employees, or result in a significant loss of reputation. In order to minimize these risks, we have set up a compliance management system.

For further information on the compliance management system, please refer to “Aspect 5: Fighting corruption” in the section “Combined non-financial statement.”

Financial risks and opportunities

Liquidity, credit, currency, interest rate risks

With regard to its assets, liabilities, and planned transactions, our Group is particularly exposed to liquidity risks, credit risks, and the risk of changes in exchange rates and interest rates. We want to contain these risks. Risks with an impact on cash flows are monitored in a standard process and hedged accordingly using derivative and non-derivative hedges. Derivative financial instruments are used solely for hedging and never for speculative purposes. The following risk areas – liquidity, credit, currency, and interest rate risks – are evaluated taking into account all hedges.

For further information on the risk assessment, please refer to the “Corporate risks” table above.

Liquidity risk. To ensure the Group’s and Deutsche Telekom AG’s solvency and financial flexibility at all times, we maintain a liquidity reserve in the form of credit lines and cash as part of our liquidity management. Since the successful business combination of T‑Mobile US and Sprint, T‑Mobile US has pursued its own separate financing and liquidity strategy.

Deutsche Telekom (excluding T‑Mobile US): Primarily bilateral credit agreements with 21 banks with an aggregate total volume of EUR 12.6 billion were available as of December 31, 2022, of which EUR 0.2 billion were utilized. Our liquidity reserve covered maturing bonds and long-term loans at all times for at least the next 24 months (see graphic below).

Development of the liquidity reserve (excluding T‑Mobile US), maturities in 2021/2022

billions of €

Furthermore, bilateral credit lines with an aggregate total volume of USD 7.5 billion (EUR 7.0 billion) plus a cash balance of USD 4.6 billion (EUR 4.3 billion) were available to T‑Mobile US as of December 31, 2022.

Credit risks. In our operating business and certain banking activities, we are exposed to a credit risk, i.e., the risk that a counterparty will not fulfill its contractual obligations. To keep this credit risk to a minimum, we conclude transactions with regard to financing activities only with counterparties that have at least a credit rating of BBB+/Baa1; we also actively manage limits. In addition, we have concluded collateral agreements for our derivative transactions. At the level of operations, the outstanding debts are continuously monitored in each area, i.e., locally.

Currency risks. Currency risks result from investments, financing measures, and operations. Risks from foreign currency fluctuations are hedged on a pro rata basis depending on their probability of occurrence, if they affect the Group’s cash flows (transaction risks). However, foreign-currency risks that do not influence the Group’s cash flows, for example, risks resulting from the translation of assets and liabilities of foreign operations into euros (translation risks) are generally not hedged. Deutsche Telekom may nevertheless also hedge these foreign-currency risks under certain circumstances.

Interest rate risks. Our interest rate risks mainly result from Group financing: On the one hand, we have an interest rate risk relating to the issue of new liabilities, and on the other, we have an interest rate risk arising from variable-interest liabilities. The euro interest rate position is actively managed as part of our interest rate management activities. Each year, a maximum is set for the percentage of variable-interest liabilities, taking into account the planned finance costs. The USD debt position of T‑Mobile US primarily comprises partially cancelable, fixed-income bonds.

For further information, please refer to Note 42 “Financial instruments and risk management” in the notes to the consolidated financial statements.

Tax risks

We are subject to the applicable tax laws in many different countries. Risks can arise from changes in local taxation laws or case law and different interpretations of existing provisions. These risks can impact both our tax expense and benefit as well as tax receivables and liabilities.

Other financial risks and opportunities

This section contains information on other financial risks that we consider to be immaterial at present or cannot evaluate based on current knowledge.

Rating risk. Deutsche Telekom’s credit rating affects our access to the capital markets, to the international finance markets, and our refinancing costs. A lower rating could impede access to the capital market and, over time, would lead to an increase in the cost of debt financing. We intend to maintain our rating in a corridor from A- to BBB and thereby safeguard undisputed access to the capital market. As of December 31, 2022, Deutsche Telekom AG’s credit rating with Moody’s was Baa1 with a stable outlook, while Standard & Poor’s rated us BBB with a positive outlook, and Fitch BBB+ with a stable outlook. From today’s perspective, access to the international debt capital markets for both Deutsche Telekom AG and T‑Mobile US is not jeopardized.

Energy. The war in Ukraine and the current situation on the world market are driving sharp rises in energy costs. Energy prices are highly volatile. Further increases in electricity, gas, and oil prices are possible, which could drive up energy, transportation, and manufacturing costs. Depending on the market conditions, our national companies pursue different procurement strategies whereby attempts are made to balance long-term supply reliability, appropriate prices, and favorable market trends.

Control environment. Compliance with business and regulatory requirements in particular for internal controls requires high efforts. Not meeting these demands could lead to difficulties or weaknesses in the overall control environment of Deutsche Telekom and could result in inaccurate financial statements.

Sales of shares by the Federal Republic or KfW Bankengruppe. As of December 31, 2022, the Federal Republic and KfW Bankengruppe jointly held 30.5 % in Deutsche Telekom AG. It is possible that the Federal Republic will continue its policy of privatization and sell further equity interests in a manner designed not to disrupt the capital markets and with the involvement of KfW Bankengruppe. There is a risk that the sale of a significant volume of shares by the Federal Republic or KfW Bankengruppe, or any speculation to this effect, could have a negative impact on the price of the T-Share.

Impact of the CR strategy on the value of the Company. Growing numbers of investors take sustainability aspects into account in their investment decisions (Socially Responsible Investments, SRI). SRI investment products consist of securities from companies that have been reviewed based on environmental, social, and governance (ESG) criteria. The development of demand from socially responsible investors for the T‑Share is an indicator we can use to assess our sustainability performance. The Socially Responsible Investment ESG KPI indicates the percentage of Deutsche Telekom AG shares held by such investors. Our commitment to greater sustainability is paying off: as of December 31, 2022, around 31.3 % of all T-Shares were held by investors who show concern for environmental, social, and governance criteria in their investment choices. We have refined the methodology and underlying data and have switched to monitoring the sustainably managed shares at fund level and no longer at an institutional level. For better comparability with other companies, the total number of shares given pertains to the number of Deutsche Telekom shares in free float.

Impairment of Deutsche Telekom AG’s assets. The value of the assets of Deutsche Telekom AG and its subsidiaries is reviewed periodically. In addition to the regular annual measurements that are also performed for the carrying amounts of investments in the annual financial statements of Deutsche Telekom AG prepared in accordance with German GAAP, specific impairment tests may be carried out, for example, where changes in the economic, regulatory, business, or political environment suggest that the value of goodwill, intangible assets, property, plant and equipment, investments accounted for using the equity method, or other financial assets might have decreased. These tests may lead to the recognition of impairment losses that do not, however, result in cash outflows. This could impact to a considerable extent on our results, which in turn may negatively affect the T-Share price.

For further information, please refer to the section “Summary of accounting policies – Judgments and estimates” in the notes to the consolidated financial statements.