Aspect 3: Social concerns
Access to state-of-the-art information technology is key to participating in the information and knowledge society (Access). Ensuring that products and services are affordable is also important so that people can participate equitably (Affordability). We also want to develop their skills and motivation to use digital media proficiently (Ability). The internet is supposed to be a space in which all people can feel safe and where we interact on the basis of democratic principles. That is why we are actively pushing for a positive culture of online debate, promoting the competent use of ICT, and making a stand against hate speech and for civil courage online.
We aspire to enable as many people as possible to participate – also and especially in times of crisis. We are delivering on that promise with an array of different activities. In this context, the security of our customers’ data is of prime importance. As a relevant player in society, and committed as we are to exercising social responsibility, we also provide help in emergencies. There was particularly high demand for this help in the reporting year in light of the war in the Middle East, the forest fires on Maui, and the earthquakes in Turkey, Syria, and Morocco.
For further information on our corporate identity and our Guiding Principles, please refer to the sections “Group organization” and “Employees.”
Network access and digital responsibility
Having access to state-of-the-art information technologies is a precondition for economic performance and participation in a knowledge and information society. That is why we continue to rapidly expand our infrastructure and improve transmission speeds with new, secure technology.
Demand for faster data services with full-coverage availability is growing continuously. Group-wide, we invested more than EUR 16 billion in 2023, primarily in building and operating networks, with around EUR 4.6 billion of this figure earmarked for the Germany operating segment alone. This is in addition to the investments that we make in acquiring mobile spectrum. Hence, the majority of the Group’s investment volume in Germany is for the build-out of broadband networks. This build-out is based on the goals of our Europe-wide integrated network strategy, which we use to help achieve the EU Commission’s network build-out targets and the Federal Government’s Digital Agenda and broadband strategy. The strategy is founded on the two pillars of building out mobile and fixed networks, with the focus of the former being on 5G coverage – the most powerful technology standard currently available. In the fixed network, we are focusing on rolling out our optical fiber to provide our customers with a reliable connection at gigabit speeds. As well as the pure fiber-optic lines, we are also offering other innovative products: for example, our hybrid router, which combines the transmission bandwidths of fixed-network and mobile communications, thus attaining higher transmission speeds – particularly in rural areas.
Our goal is to ensure a clearer focus on the contributions of the segments. That is why we are presenting the network build-out metrics at segment level in the combined management report. As a consequence, we no longer report on the number of households in Germany covered by optical fiber-based technology. For further information on the corresponding metrics and the network build-out, please refer to the sections “Group strategy” and “Forecast.”
In order to improve accessibility to our digital products and services, the Board of Management decided in July 2022 to integrate the Design for All approach into product development. In the reporting year, we then developed the Design for All guide together with the segments and published it internally. We want to use this guide to avoid marginalization, stigmatization, and discrimination at an early stage in the product development process and include everyone in the digital transformation. It was very important to us to ensure that various diversity dimensions are covered by the guide.
We will publish detailed information on this in our 2023 CR Report.
In general, we want to make our network infrastructure and our products as efficient, environmentally friendly, and harmless to health as possible. That is why we are committed to addressing the topic of mobile communications and health responsibly. In the context of the 5G build-out, there is public debate around the potential effects of 5G on health. We have been providing information on the scientific evidence regarding mobile communications and health for more than 20 years now. In June 2023, the four mobile carriers operating in Germany made a new self-commitment to the Federal Government. Among other steps, they commit themselves to continue operating the joint information platform www.informationszentrum-mobilfunk.de. This platform provides expert, evidence-based information on mobile communications topics subject to controversial public debate, such as health, research, technology, benefits, and applications. Since 2022, the platform has been cooperating with the Federal Government’s communication initiative “Deutschland spricht über 5G” (Germany is talking about 5G), for example, by supporting initiatives to establish a dialog with citizens. In the reporting year, we updated our Group-wide EMF Policy (EMF being short for “electro-magnetic fields”) dating back to 2004. The EMF Policy defines standard requirements – which considerably exceed the applicable national legal requirements – for addressing mobile communications and health-related matters.
For further information, please refer to the section “Risk and opportunity management.”
Responsibility for shaping the digital transformation has to be assumed by society as a whole. Our Board of Management plays an active role in this discussion, which entails looking at matters such as how we can use artificial intelligence (AI) responsibly. AI is a feature of an ever-growing number of ICT products and services that often goes unnoticed. It opens up opportunities, but also presents challenges. Back in 2018, under the auspices of Compliance Management, we were one of the first companies worldwide to adopt Digital Ethics Guidelines on AI. These guidelines provide a framework for a responsible approach to AI. To supplement them, in 2021 we worked with experts to draw up professional ethics guidelines for all developers and product managers working with AI. The guidelines provide best practices, methods, and tips for transferring the Digital Ethics Guidelines on AI to application in development processes.
We founded the Digital Ethics interdisciplinary working group in 2022 that addresses the development, monitoring, and implementation of digital ethics, further anchoring the topic within the Group. The working group is also preparing the implementation of the planned EU AI Act. To ensure that AI is developed that complies with our high ethical requirements in the supply chain, too, our Supplier Code of Conduct has since early 2020 included relevant content from our AI Guidelines.
In January 2023, we established the ChatGPT/GenAI expert group as part of the Digital Ethics working group to consider the emergence of generative AI such as ChatGPT and its impacts. In February 2023, this group published a Group-wide framework of action for employees providing guidance for the use of the free trial version of ChatGPT. Initially, the mission of the expert group was to support our functional units in assessing the ethical and legal requirements for the integration of generative AI into our business. The expert group now meets to identify cross-divisional synergies and integrate appropriate solutions into existing standard processes. In the reporting year, we also introduced a large number of training offerings on the potential, functioning, and risks of generative AI. In September 2023, we organized the first Prompt-A-Thon on how to use prompts – i.e., instructions or research questions to an AI system – to introduce employees to the topic of generative AI.
We at Deutsche Telekom are committed to bringing about digitalization that focuses on people and values. Corporate digital responsibility (CDR) refers to efforts to manage the opportunities and risks of the digital transformation responsibly. The goals of our CDR activities are twofold: to prevent negative impacts, and to help shape the digitalization process in a positive way. In our Corporate Digital Responsibility framework, which we published in 2022, we set forth our perspectives on the far-reaching subject area of digital responsibility.
We will publish detailed information on this in our 2023 CR Report.
Connect the unconnected
The ability to use digital media safely, responsibly, and to the benefit of all is becoming increasingly important. That is why we are working to build media literacy and democracy skills in the population.
The implementation of digital participation projects is the responsibility of the individual national companies. With the “Changemaker Challenge,” T‑Mobile US is mobilizing the next generation to imagine and plan how to create positive change in their communities. Teams compete across three categories: Digital Equity, Diversity, Equity & Inclusion, and Sustainability. Project 10Million, which was launched by T‑Mobile US in 2020, aims to overcome the digital divide in education with a commitment to offer up to 10 million disadvantaged student households with free connectivity for five years. Across its education programs, including Project 10Million, T‑Mobile US has worked with parents, schools, and community organizations to connect 5.8 million of students through the end of 2023.
All media literacy initiatives for various target groups in Germany can be found on the website Media, sure! But secure, where we provide information material for all target groups. Our multiple award-winning Teachtoday initiative promotes the safe and competent use of online media by children and young people. A toolbox is provided by the initiative for multipliers and teachers. It comprises more than 140 formats that deal mainly with media literacy and democracy skills. The initiative additionally publishes the interactive digital children’s magazine SCROLLER, which also provides material and background information to be used in media literacy lessons. The Teachtoday Academy is a platform for people who want to expand their knowledge and skills in various areas of digital education. As part of the Bitkom Digital Day in June 2023, we organized various media literacy activities, including on the topic of AI for All, in which the risks and potential of AI were explored interactively.
In 2023, we continued our No Hate Speech initiative – with the message “No Hate Speech – Our decision!.” For example, the accompanying campaign ad shows what a single positive comment can achieve against hate speech. We also tackled hate speech in a joint campaign with FC Bayern München. As part of this campaign, we showed realistic hate comments and called for a stronger stance. We want to encourage people to actively combat hate speech and abusive language online. As in the previous year, the initiative focused on issues such as gaming and e-sports. In the reporting year, we worked with the esports player foundation to develop ten principles for fair play, the FIFA Fairplay Guide. We reached around 865 million media contacts in the reporting year with our No Hate Speech initiative. We reached 5.7 million people directly or through multipliers such as parents and educators (e.g., in workshops) in 2023 alone (prior year: more than 4 million). We have labeled the initiative with #GoodMagenta. We also won various awards and prizes in the reporting year for the No Hate Speech campaign.
The topic of data privacy is part and parcel of using digital media safely and securely. Our “Digitally secure” online guidebook offers practical advice on how to use digital media safely and securely. This is why we launched the international ShareWithCare campaign in 2023, which addresses the topic of “sharenting” – a combination of “sharing” and “parenting.” Using the deepfake video “A message from Ella” based on this, we want to raise people’s awareness of how important it is to protect children’s photos and data online.
We measure the impact of our social commitment with a set of three ESG KPIs. The Community Contribution ESG KPI maps our social commitment in terms of financial, human, and material resources: in 2023, it amounted to around EUR 1,504 million (prior year: EUR 2,346 million). A particular effect in 2022 was our support for Ukrainian refugees in the form of free or heavily discounted telecommunications services (EUR 550 million in Germany). We continued to offer telecommunications services at lower-cost rates in 2023, albeit to a lesser extent (EUR 24 million in Germany). The Reach – Focus Topics ESG KPI shows the number of media contacts we have reached with our communication on our focus topics of digital society (with the subtopics digital participation and digital values) and low-carbon society. This includes, for instance, the people we reached in 2023 with advertising and content on socially relevant topics, such as online hate speech: we recorded a decrease to around 1,734 million people compared with the prior year (2,070 million). The Beneficiaries ESG KPI shows the number of people who have benefited directly or indirectly (based on assumptions) from our commitment to digital participation and the low-carbon society, for example, workshop participants and users of lower-cost rate plans, including other household members, and many more. In 2023, the number of beneficiaries was around 51 million (prior year: 41 million).
We will publish detailed information in our 2023 CR Report.
Emergency disaster aid
It is especially important in disaster situations that people who are affected and their relatives can communicate with each other. The comprehensive aid measures for Ukrainians in need launched in Europe in spring 2022 were partly continued in the reporting year. Ukrainian citizens were again eligible to receive a discounted prepaid card in 2023.
As a gesture of solidarity with Israel, Telekom Deutschland enabled free phone calls and text messages to and from Israel and within the country via the mobile and fixed network from October 12 to 31, 2023, including roaming for data, text messages, and voice services in Israel.
Following the powerful earthquakes in Syria and Turkey in spring 2023, we enabled phone calls to and from the affected countries free of charge for three weeks in February. On top of this, the Group donated EUR 1 million to the “Aktion Deutschland Hilft” relief coalition for direct disaster aid in response to the earthquake. And following the earthquake in Morocco, we also enabled phone calls free of charge to and from Morocco and within the country via the Deutsche Telekom network in Germany and at T‑Mobile US for three weeks in September 2023, and offered free roaming for data and voice services.
T‑Mobile US also offered its customers support in 2023 so that they could stay in touch with people affected by disasters and severe weather. During the August 2023 wildfires on the island of Maui in the U.S. state of Hawaii, T‑Mobile US worked quickly to restore network connectivity in affected areas. T‑Mobile US provided unlimited talk, text, and data to T‑Mobile US customers with Maui addresses, distributed activated phones with service and charging supplies, as well as set up Starlink Wi-Fi hotspots to support, e.g., residents, evacuees, and first responders, with high-speed internet. Also, the company raised donations from employees and customers through matching, text to give, and other programs.
Also in 2023, T‑Mobile US’ emergency teams prepared for or responded to several additional incidents including Hurricane Idalia in Florida, Georgia, and South Carolina; tornados in Alabama, Georgia, Mississippi, and Texas; winter storms in California and across the Northwest and Midwest; Typhoon Mawar in Guam; flooding in Vermont; wildfires in Oregon and Washington; and Hurricane Hilary near Southern California.
Data privacy and data security
People will use ICT solutions if they trust that their personal data will be kept secure. These solutions can then also unleash their potential for more sustainable development. As a result, we attach particularly great importance to protecting and securing data.
For further information, please refer to the section “Risk and opportunity management.”
Our active data privacy and compliance culture, which has been built up over many years, sets national and international standards. The data privacy management system outlines the measures, processes, and audits we use to ensure compliance with laws, regulations, and self-commitments to uphold data privacy in the Group. Since 2009, the Group Board of Management has been advised by an independent Data Privacy Advisory Board comprising reputable experts from politics, the research community, business, and independent organizations.
Through our global data privacy organization, we are continually pursuing the objective of a transparent, high level of data protection in all of the Group companies. As far as legally possible, the companies of the Deutsche Telekom Group have additionally committed to the Binding Corporate Rules Privacy, which are intended to ensure a uniform high level of data protection for our products and services in accordance with ISO 27701.
The Group Security Policy contains significant security-related principles valid within the Group, which are based on the international ISO 27001 standard. Similar to the data privacy organization, the Group has established a global security organization which operates both on a centralized basis and in all Group entities. These elements lay the foundation for ensuring an adequate and consistent level of security within our entire Group.
We issue an annual transparency report – since 2014 in Germany, and since 2016 in our other national companies in Europe – in which we set out the nature and scope of our disclosures to security authorities. We are thus fulfilling our statutory duty as a telecommunications company.
In order to ensure even better data privacy and data security within our Group, audits and certifications are carried out regularly by internal and external experts. This includes the annual (re-)certification of the Telekom Security Management in accordance with ISO 27001, regular Group-wide internal security checks, and the annual review of the individual Group units in connection with security maturity reporting. These audits help us assess the status quo of security in our Group and respond to requirements at Group or entity level at an early stage.
Every two years, we perform a sample survey of data privacy and data security awareness across the Company. In the course of the Group Data Privacy Audit (GDPA), we survey around 21,000 Deutsche Telekom employees (excluding T‑Mobile US) on topics related to data privacy and data security. Of the employees invited to take part in 2022, around 16,000 responded. The data protection level in the units is determined on a scale of 0 to 100 % on the basis of employees’ answers regarding their thoughts, actions, and knowledge around data privacy. The resulting Data Protection Award indicator was calculated most recently in 2022 at 88 % (2020: 86 %).
We use our Online Awareness Survey (OAS) as a tool for collecting indicators on security awareness within the Company. Some 43,700 employees (excluding T‑Mobile US) across all levels of the hierarchy were invited to take part in the survey in 2023. Around a third responded. With academic support, we use the results from this survey to determine the Security Awareness Index (SAI). In 2023, the index was 80.6 (2021: 80.9) of a maximum of 100 points, higher than in any other company in the benchmark. We also have our processes and management systems as well as products and services certified by external, independent organizations such as TÜV, DQS, DEKRA, and auditing firms.
Telecommunications companies are required to train their employees on issues related to data protection law when they begin their employment. Deutsche Telekom goes above and beyond these legal requirements: Every two years, we train all of our employees in Germany and place them under an obligation to uphold data privacy and telecommunications secrecy. Corresponding requirements apply to our international subsidiaries. Where there is a greater risk of data such as customer or employee information being misused, we also offer additional online training designed for self-study, give data privacy presentations, and host classroom training courses on specialized topics such as protection of customer data.
We react to new emerging threats and continuously develop innovative processes for defending against attacks. And for good reason: cyberattacks on companies are becoming more aggressive and sophisticated across all industries. In the reporting period alone, we registered on average almost 50 million attacks per day on our honeypot systems (prior year: 54 million). At its peak, the number of attacks per day reached up to 95.6 million. Of course, not all of the attacks picked up by our sensors are high-level. Most are automatic scanning processes to detect potential vulnerabilities. While these do not necessarily count as fully fledged attacks, they are still to be seen as relevant early-stage activities. Deutsche Telekom Security even develops its own malware in a shielded environment and uses it to test whether new systems can reliably detect and mitigate these attack vectors. In this way we ensure our own critical IT infrastructure is protected. We also offer other operators of critical infrastructure advisory services, for example energy providers.
Our security experts use their experience to help develop security solutions. Deutsche Telekom Security’s portfolio was systematically refined in 2023. In light of the ever-increasing number of complex threat scenarios, the focus was on the continued automation and standardization of solutions. This enables our customers to react even faster if they are attacked using Managed Detection and Response (MDR) and to stop processes in time if necessary. Our SASE (Secure Access Service Edge) solutions offer our customers comprehensive cloud-based protection so that they can work securely wherever they are.
Data privacy and security play a fundamental role in the development of our products and services. We review the security of our systems at every step of development using the Privacy and Security Assessment process for new and existing systems when the technology or method of data processing is modified. We use a standardized procedure to also document the data privacy and data security status of our products throughout their entire life cycle. Our security management systems are certified externally. At the same time, we ensure that our services also comply with specific regulatory requirements from other industries, such as TISAX®, an established standard in the automotive industry.
Youth protection aspects are also taken into consideration in our product and service design. When we develop services that could be relevant in terms of youth protection in Germany, we consult our Youth Protection Officer for suggestions of restrictions or changes. In 2014, we appointed a Child Safety Officer (CSO) in each of our national companies in Europe. The CSO acts as a central contact for the relevant stakeholders of the community, and plays a key internal role in coordinating issues relevant to youth protection. Since protecting minors when they interact with media is a challenge across many different industries, we cooperate with different youth protection organizations that aim to make the internet a safer place for children and young people.
We work with research institutes, industry partners, initiatives, standardization bodies, public institutions, and other internet and telecommunications service providers worldwide with a view to fighting cybercrime and enhancing internet security together. For instance, we collaborate with the German Federal Office for Cybersecurity throughout Germany, and with the European Union Agency for Cybersecurity (ENISA) at EU level. We have also been involved in other national and international organizations for many years, such as the Federation of German Industries, Bitkom, and the Munich Security Conference. The Cyber Security Cluster Bonn is an association of authorities and companies in Bonn that are dedicated to consulting, education, and research in the field of cybersecurity. As an expert committee, the Cyber Security Cluster Bonn offers direct advice to German and European government bodies.