Risks and opportunities
In the following section, we present all risks and opportunities of significance to the Group – including emerging risks – that, as things currently stand, could affect the results of operations, financial position, and/or reputation of Deutsche Telekom and, via the subsidiaries’ results, the results of operations, financial position, and/or reputation of Deutsche Telekom AG. We only consider risks and opportunities after the mitigation measures taken (net assessment). If risks and opportunities can be clearly allocated to an operating segment, this is presented accordingly in the following.
In order to make it easier to understand and see their effects, we have assigned the individually assessed risks to the following categories. Where multiple individual risks are assigned to one risk category, we calculate the risk significance on the basis of risk aggregation carried out using a Monte Carlo simulation, in which we consider the individual risks along with their individual extent and probability of occurrence. The outcome, or risk significance, is the “value at risk.” This states that, with a particular probability of occurrence, the risk extent ascertained using the simulation will not be exceeded. An expert assessment is used for risk categories that have not been quantified.
The resulting risk significance for the risk categories is broken down into four levels:
|
|
Risk significance |
Description |
---|---|
Low |
< € 200 million value at risk |
Medium |
≥ € 200 million value at risk |
High |
≥ € 500 million value at risk |
Very high |
≥ € 1.0 billion value at risk |
|
|
|
|
Risk significance |
Change against prior year |
---|---|---|
Strategic risks |
|
|
Macroeconomic environment, Germany |
Medium |
Unchanged |
Macroeconomic environment, United States |
Medium |
Unchanged |
Macroeconomic environment, Europe |
Medium |
Unchanged |
Market environment, Germany |
Low |
Unchanged |
Market environment, United States |
Very high |
Unchanged |
Market environment, Europe |
Low |
Unchanged |
Strategic implementation and integration |
Very high |
Deteriorated |
Brand and reputation |
Low |
Unchanged |
Sustainability and social responsibility |
Medium |
Unchanged |
Health |
Low |
Unchanged |
Operational risks |
|
|
Technology, Germany |
Low |
Unchanged |
Technology, United States |
Medium |
Unchanged |
Technology, Europe |
Low |
Unchanged |
Procurement and suppliers |
Medium |
Deteriorated |
Data privacy and data security |
Very high |
Deteriorated |
Other operational risks |
Medium |
Unchanged |
Regulatory risks |
Medium |
Unchanged |
Litigation and anti-trust proceedings |
|
|
Compliance risks |
See “Compliance risks” |
|
Financial risks |
Medium |
Improved |
Strategic risks and opportunities
Risks and opportunities relating to the macroeconomic environment. As an international corporation, we operate in a large number of countries, using a range of currencies. A substantial economic downturn could generally reduce the purchasing power of our customers and adversely affect our access to the capital markets. Exchange rate fluctuations could impact on our earnings.
Uncertainty over the global economic outlook remains high. The war in Ukraine and/or the conflict in the Middle East could intensify and further drive up energy and food prices. War-related embargoes could push up energy prices further and lead to supply shortages, especially for our Germany and Europe operating segments. China’s central role for global supply and value chains also poses a risk. Greater geoeconomic fragmentation poses the risk of increased distortions and political uncertainty. If the crisis in the Chinese real estate sector intensifies, it could further slow economic growth in China, with potential cross-border effects. Current high interest rates are expected to lead to a downturn in economic growth in the United States in 2024. In Europe too, the impact of companies, households, and state finances adapting to the high-interest environment could prove more severe than expected. Germany could see recession again in 2024 as a result of declining business investments on account of poor conditions in global trade and budgetary consolidation. A rise in company insolvencies could have a negative impact on our business customer segment. A potential decrease in household income could trigger migration to lower-cost rate plans in the consumer segment, as well as larger numbers of customers defaulting on payments. Additional risks could result from other geopolitical conflicts, for instance between China and Taiwan, and the uncertainty from international trade conflicts. Furthermore, extreme risks with a high impact of loss and a very low probability of occurrence could in principle have a substantial impact on the global economy and our business. Examples of these are extensive extreme weather events (e.g., tsunamis, solar storms), disruptive new technologies, further armed conflicts, or new pandemics.
These risks are counterbalanced by opportunities. In particular, the economy could perform better than expected, if inflation declines faster and benchmark interest rates are lowered sooner than expected.
Risks from the market environment. The main market risks we face include the steadily falling profitability of voice and data services in the fixed network and in mobile communications. In addition to price reductions imposed by regulatory authorities, this is primarily attributable to ongoing intense competition in the telecommunications industry.
Competitive pressure is expected to continue, especially in the fixed network in Germany and the countries of our Europe operating segment. In the broadband market, the trend of disproportionate growth in the market shares of regional network operators and supra-regional specialist FTTH providers, particularly in Germany, continues to establish itself. They build out their own infrastructure and thus increase their market coverage thereby increasing their customer numbers and expanding their own value added. There is still strong competition to gain new customers by cutting prices and offering introductory discounts.
We expect ongoing price pressure for mobile voice telephony and mobile data services, which could adversely affect our mobile service revenues. Among the main reasons for this price pressure are data-centric, aggressively priced offers. Providers that do not have their own infrastructure (MVNOs) market such offers over the internet, for instance, while there is also the risk that smaller competitors will take unforeseen, aggressive pricing measures. Technological innovations could put further pressure on prices by increasing the willingness of customers to switch providers.
Another competitive risk lies in the fact that, both in the fixed network and in mobile communications, we are increasingly faced with competitors who are not part of the telecommunications sector as such, but are increasingly moving into the traditional telecommunications markets. This mainly relates to major players in the internet and consumer electronics industries. As a result, we are exposed to the risk of a further loss of share of value added and falling margins due to increasingly losing direct customer contact to competitors.
T‑Mobile US is active in a market environment that is characterized by intensive competition. Alongside traditional telecommunications providers that deliver bundled offerings including content and mobile video services, there is additional competition, as mobile, fixed-network, and satellite industries increasingly converge. Additionally, potential market saturation in the United States may cause the wireless industry’s customer growth rate to decline in comparison with previous years. The industry is also highly competitive in spectrum positions, which are crucial to improving existing offerings and introducing new services. T‑Mobile US, through its strategic acquisition of spectrum, enabled the capabilities to offer high-speed internet. High-speed internet allows our U.S. subsidiary to offer its own access product and provide a basis on which to continue the business with bundled offerings. Furthermore, T‑Mobile US continues to develop and maintain strategic partnerships and MVNO relationships. T‑Mobile US must continue to successfully refine and implement its market strategy as Value Leader, Customer Service Leader, and 5G Network Leader to attract and maintain private and business customers. Increasing competitive pressure due to attractive bundle offers and device promotions could lead to difficulty in achieving targets in terms of business, financial, and operating results in the future. Furthermore, social instability may cause protests or demonstrations that could escalate and lead to business disruptions such as store closures or inventory theft.
Innovation cycles are getting shorter and shorter. This confronts the telecommunications sector with the challenge of bringing out new products and services at shorter and shorter intervals. New technologies are superseding existing technologies, products, or services in part, in some cases even completely. This could lead to lower prices and revenues in relation to the services offered, such as telephony, internet access, or television – right through to full substitution by new, global providers. These substitution risks could impact our revenue and earnings. We deal with the impact of substitution risks by, for example, offering integrated solutions with hyper-personalization, contextualization, and consistent interoperability of our products, in order to “turn customers into fans” and thereby secure their loyalty. In terms of building out fiber-optic networks, more and more new competitors are entering into the markets, which could lead to longer payback periods for all market players. A strategic rivalry is growing between the “West” (predominantly the United States) and the “East” (predominantly China), which could accelerate various technological areas (e.g., the further development of standards for telecommunications networks).
Our Systems Solutions operating segment also faces challenges. Continued strong competition and persistent cost pressure are adversely affecting traditional IT business. In addition, the technological shift toward cloud solutions and digitalization in the IT sector is prompting strongly capitalized competitors to enter the market. This might lead to revenue losses and declining margins at T‑Systems.
Opportunities from the market environment. The telecommunications and IT market is extremely dynamic and highly competitive. The economic and competition conditions as well as customers’ changing wants and needs affect our actions and impact on our Company indicators. We generally expect the situation to develop as described in the section “Forecast.”
Apart from the risks described, there is the possibility that our customers could move to higher-value rate plans since the data volume of the applications used is rising steadily. Likewise, further growth could be generated by tapping into new customer segments, especially in the United States (e.g., for business customers and small and medium-sized enterprises). In addition, ever-shorter innovation cycles could enable us to drive the digital transformation of our society and to provide our consumers and business customers with innovative products and solutions. That is why, with the growing convergence of networks, IT, and products, our innovation and technology activities are decisive when it comes to identifying opportunities and making the most of them in an increasingly competitive environment. Hence, our Technology and Innovation Board of Management department has joined all relevant functions under a common leadership to ensure a close integration of technology, innovation, IT, and security. By doing so, we are putting the development of human-centered solutions and outstanding, seamless customer experiences front and center, and in the reporting year we won multiple awards, for example, for our digital assistant Frag Magenta.
For further information on our innovation activities, please refer to the section “Technology and innovation.”
The substantial increase in capacity, bandwidth, and availability, and the lower latencies provided by the 5G mobile standard we have rolled out offer greater reliability, security, and guaranteed service quality, for example, for industrial use cases. 5G enables increased requirements for existing business models to be managed more cost-efficiently going forward. In addition, it offers opportunities for further business models, by marketing improved network capabilities (e.g., network access, localization, security, identity, storage location, temporary storage) to relevant partners. We have already implemented many use cases with 5G, such as 5G campus networks, applications for extended reality (XR), and support for autonomous driving. Together with other technologies like the NarrowBand Internet of Things (NB-IoT) and artificial intelligence (AI), 5G provides the underpinnings for the further digital transformation of society. To further develop telecommunications networks, we are working with industry and researchers on new standards that aim to address a number of current challenges facing communications networks: the connection between all people, the orchestration of various access networks, sustainability, and carbon neutrality, and the further underpinning of data privacy, trust, and security.
Furthermore, opportunities for new project business are arising in our systems solutions business from data sovereignty, innovation areas such as AI, and industrial IoT initiatives.
Risks relating to strategic implementation and integration. We are in a continuous process of strategic adjustments and cost-cutting initiatives. If we are unable to implement these projects as planned, we will be exposed to certain risks. In other words, the benefit of the measures could be less than originally estimated, take effect later than expected, or not at all. Each of these factors, individually or in combination, could have a negative impact on our business situation, financial position, and results of operations.
As a part of the business combination of T‑Mobile US and Sprint, numerous commitments were made to secure approvals. Most commitments have been accomplished. Nevertheless, should any remaining commitments not be achieved, litigation or financial consequences could be a result. In the United States, growth opportunities in the wireless business are becoming more difficult and expensive due to market saturation. Non-core and emerging businesses may be relied on to continue subscriber growth. T‑Mobile US is currently integrating, upgrading, and replacing many existing applications and systems, including numerous legacy systems from previous acquisitions. This process is complex and involves challenges in integrating and modernizing outdated IT infrastructure within a limited time frame. The success of these efforts depends on the effective allocation of resources, expansion of our development capabilities, leveraging artificial intelligence and emerging technologies, and ensuring access to subject-matter experts. Any delays or failures in these initiatives could impact the ability to comply with legal or regulatory requirements, ensure reliable system performance, recover promptly from system outages, and maintain satisfactory customer and employee experiences. These issues could also hinder the capacity to meet customer expectations in terms of service capabilities and offerings, potentially affecting T‑Mobile US’ operational, financial, and reputational standing.
Collaboration with Chinese suppliers is being impeded by the enduring trade conflict between the United States and China. Since 2020, the United States has restricted the use of U.S. technology for and by Chinese suppliers on account of security concerns. They also put pressure on other countries to do the same. In Germany, the legislator adopted the Second Act to Increase the Security of Information Technology Systems, or the IT Security Act 2.0 (IT-Sicherheitsgesetz 2.0), in 2021. All 5G operators must notify the authorities of new critical components and the suppliers thereof in accordance with the catalog of security requirements pursuant to the Telecommunications Act and prior to first-time operation. If the Federal Government has security concerns, it can introduce a blanket ban on using certain manufacturers. Deutsche Telekom itself has long been scrutinizing security-critical components prior to installation and on an ongoing basis once in operation. In 2023, under the IT Security Act 2.0, the Federal Ministry of the Interior and Community (BMI) asked German network operators to identify all 5G components from the Chinese suppliers Huawei and ZTE that have already been installed, and to notify the authority accordingly. Although BMI speaks of an impartial review, there is public speculation over the possibility that, in Germany, in 2024, the findings could lead to a ban or restrictions on deploying Chinese equipment in parts of the network, within certain time frames. In other countries, such as Austria, the Czech Republic, and Poland, it is still possible that components from critical infrastructure suppliers will have to be replaced within specific deadlines. Compared to 2022, we have raised the risk significance of the risk category “Strategic implementation and integration” from high to very high, due to the extensive costs that could be incurred should there be a retrospective order to remove components.
Opportunities relating to strategic implementation and integration. In our Magenta Advantage strategic area of operation, we work with partners to develop new digital business models based on our assets or capabilities. These partnerships provide opportunities for us to increase revenue and strengthen customer loyalty on a sustainable basis. Since the start of 2022, we have offered our customers exclusive products, services, and benefits as part of our loyalty program Magenta Moments in the OneApp. Cooperations with partner firms like booking.com, Rituals, Netflix, Disney+, and Octopus Energy are a key component of our activities and will play an even more crucial role going forwards in light of the pan-European expansion of our loyalty measures in Europe.
The completed IP transformation (all IP) laid the foundations for the cloud- and software-based production of networks and services. It creates opportunities to increase efficiency, accelerate the provision of new services and features, improve quality, and tap into new revenue potential, while at the same time increasing automation.
The disaggregation of the access networks (in mobile communications: Open Radio Access Network, O-RAN; in the fixed-network: Access 4.0) and core networks (e.g., the 5G core network) as part of our network differentiation strategy offers the opportunities of expanding the supplier ecosystem and, as a result, increasing competition, flexibility, and innovation. As we simultaneously drive forward automation and cloudification, we also expect a reduction in total costs and an increase in agility and speed in the provision of new services and features.
We are driving forward the transformation of our IT using agile development, decoupling, and cloudification. These approaches enable us to tap into new possibilities for accelerating developments and increasing the efficiency of IT production, by providing modular components, known as microservices, and APIs and producing them in a scalable cloud with state-of-the-art technology. Furthermore, agile and decoupled development makes it possible to reduce big bang risks in the delivery of major software releases by means of smaller, flexible software releases.
Risks and opportunities arising from brand and reputation. An unforeseeable negative media report on our products and services or our corporate activities and responsibilities may have a huge impact on the reputation of our Company and our brand image. Social networks may make it possible that such information and opinions can spread much faster and more widely. Ultimately, negative reports may impact on our revenue and our brand value. In order to avoid this, we engage in a constant, intensive, and constructive dialog, in particular with our customers, the media, and the financial world. For us, the top priority is to take as balanced a view as possible of the interests of all stakeholders and thereby uphold our reputation as a reliable partner.
Risks and opportunities relating to sustainability and social responsibility. For us, comprehensive risk and opportunity management also means considering the opportunities and risks arising from ecological or social aspects or from the management of our Company. To this end, we actively and systematically involve all relevant stakeholders in the process so as to identify current and potential risks and opportunities along our entire value chain. In parallel with our ongoing monitoring of ecological, social, and governance issues, we systematically determine our stakeholders’ positions on these issues. The key tools we use here are: a document analysis, covering legal texts, studies, and media publications, amongst other things; our involvement in working groups and committees of (inter)national business associations and social organizations, e.g., GeSI, ETNO, BDI, Bitkom, Econsense, and BAGSO; stakeholder dialog formats organized by us; our various publications, such as the press review and newsletters; and workshops with experts from our Company. We also integrate the biggest sustainability risks in our internal compliance assessment, thereby recording the associated positioning and development of measures in the various business areas.
For further information on sustainability, please refer to the section “Combined non-financial statement.”
We have identified the following as our main sustainability management issues:
- Reputation. How we deal with sustainability issues also entails both opportunities and risks for our reputation. A high level of service quality is one of the most important factors for improving customer perception. Customer satisfaction has been embedded in our Group management as a non-financial performance indicator to underline the importance of this issue. Transparency and reporting help to promote the trust of other external stakeholders in our Group. Our annual and CR reports also serve this purpose. However, issues such as business practices, data privacy and work standards among suppliers, conduct in relation to human rights, and ethical conduct in relation to and use of AI also entail reputational risks: if our brands, products, or services are connected with such issues in negative media reports, this may cause substantial damage to our reputation. As part of our sustainability management activities, we continuously review such potential risks and take mitigation measures to minimize them. This includes systematically incorporating them in the Group’s internal compliance management system, so as to determine the relevance of the risks in relation to sustainability issues and their effect on reputation across units. We also ascertain how our products and services make a positive contribution to sustainability in order to enhance our reputation.
-
Climate protection. We pursue an integrated climate strategy, which means focusing not only on the risks that climate change poses for us and our stakeholders, but also on the opportunities it presents. By 2030, ICT products and services will have the potential to save up to seven times as much in CO2 emissions in other industries as the growth in the ICT sector itself will generate, even taking into account the expected rebound effects (according to the GeSI Digital for Purpose study). Taking an optimistic view, this could mean a 9 % reduction in global CO2 emissions by 2030. In addition, investments of around USD 3 trillion in innovative solutions are expected by 2030, which will not only expand the business, but will also support the SDGs. We are supporting this trend by evaluating our product portfolio to identify sustainability benefits. In addition, we want to continuously improve the ratio of the emissions that our products and services save to those generated by our own value chain and report on our corresponding successes using an enablement factor.
Climate change risks are already visible in the form of increasingly extreme weather conditions. Such storm events could damage our infrastructure and disrupt network operation. This would have a direct effect on our stakeholders, e.g., our customers, suppliers, and employees, and could result in revenue losses or lower customer satisfaction. The risk is assessed in relation to the continuation of operations as part of risk management and is managed at an operational level in the business units. Deutsche Telekom welcomes the targets behind the Task Force on Climate-related Financial Disclosures (TCFD) and is actively working to implement them. In a first step, we conducted a gap analysis on the coverage of TCFD recommendations. In a number of workshops with relevant players from technology, procurement, strategy, and risk management, we defined Deutsche Telekom AG’s key climate-related opportunities and risks and gave them an initial weighting. As a next step, we conducted a location analysis, with the example of Germany, of the physical climate risks in various scenarios (business as usual/4-degree scenario), which have now been internationalized as part of a transnational project encompassing our major companies in Germany, Hungary, Croatia, and Greece. In addition to the physical risks, transitory risks (threats arising from sudden adaptations to climate change made by economic sectors) were also analyzed in detail by means of a workshop. The full roll-out of the climate risk analysis and the measurement of vulnerability are set to follow in 2024.
We will publish detailed information on this in our 2023 CR Report.
We can take further preventive action in this area by also reducing our own CO2 emissions. For this reason, in 2021 we set ourselves the ambitious target of cutting our CO2 emissions across the Group (Scope 1 and 2) to net zero by 2025. Up to 95 % of these emissions will be actually cut. Any remaining emissions will be offset through compensatory measures. Climate protection also carries financial risks, whether from the introduction of levies on CO2 emissions or increased energy costs, as well as stricter requirements for products, for example in relation to energy efficiency. The mitigation measures we are taking to counter these risks include measuring our own energy efficiency and finding ways to improve it. Our ESG targets agreed from 2021 for Board of Management remuneration in relation to the respective annual energy consumption as well as the planned annual CO2 emissions for Scope 1 and 2 also contribute to achieving the climate targets and energy efficiency measures. We have a Group-wide program to specifically address our supply chain and we are working to optimize our products and their packaging. Since 2021, the Group has covered 100 % of its electricity requirement with renewable energy. This is achieved through power purchase agreements and other forms of direct purchase, such as through guarantees of origin.
For further information on this, please refer to the section “Combined non-financial statement.”
-
Due diligence obligations in the Group (German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz – LkSG)). In 2022 and 2023, we reviewed and extended our human rights and environment-related due diligence processes, among others, in order to better accommodate new legal requirements, such as those arising from the LkSG. As part of our global procurement activities in particular, we could be exposed to country- and supplier-specific risks. These include, for example, inadequate local working and safety conditions. Violations could cause severe damage to those affected and could result in reputational damage and negative financial consequences for companies. Our LkSG risk management system includes due diligence processes directed at identifying risks or also violations related to human rights and environmental concerns and, building on this, taking appropriate preventive and/or corrective measures. It encompasses our own business areas, i.e., all Group companies over which Deutsche Telekom exercises a decisive influence (which in particular does not apply to T‑Mobile US), and our direct and indirect suppliers. The LkSG risk management system is linked with various established risk processes in the Group, e.g., with the compliance risk assessment of our compliance management system. The annual risk analysis for Group companies belonging to our own business areas and their direct suppliers is a central component of the LkSG risk management system. In addition, ad hoc risk assessments are carried out for the entire value chain, for example, before acquisitions. In order to monitor the effective functioning of the LkSG risk management system, Deutsche Telekom AG has defined the roles of human rights officer and LkSG officer, which will be exercised by the Vice President for Group Corporate Responsibility. This person reports directly to the Chair of the Board of Management of Deutsche Telekom AG and has further supporting functions. Where required to under national regulations (e.g., under the German Act on Corporate Due Diligence in Supply Chains (LkSG)), Group companies have appointed monitoring roles in the same form for their business areas.
We will publish detailed information on the results of the annual risk analysis in our 2023 CR Report and in our 2023 LkSG Report.
Health. Mobile communications, or the electromagnetic fields used in mobile communications, regularly give rise to concerns among the general population about potential health risks. This issue continues to be the subject of public, political, and scientific debate. Acceptance problems among the general public mostly concern mobile communications networks and occasionally the use of mobile terminals such as smartphones, tablets, and laptops. The discussion has intensified repercussions for the build-out of the mobile infrastructure. In the fixed network, this could affect the use of traditional IP and DECT (digital cordless) phones, and devices that use Wi-Fi technology. There is a risk of regulatory interventions, such as tightened thresholds for electromagnetic fields or the implementation of precautionary measures in mobile communications, e.g., amendments to building law, or also the risk of a labeling requirement for handsets.
Over the past few years, recognized expert organizations such as the World Health Organization (WHO) and the International Commission on Non-Ionizing Radiation Protection (ICNIRP) have repeatedly reviewed the current thresholds for mobile communications and confirmed that – if these values are complied with – the use of mobile technology is safe based on current scientific knowledge. (Inter)national expert organizations will continue to regularly review the recommended thresholds.
We are convinced that mobile communications technology is safe if specific threshold values are complied with. We are supported in this conviction by the assessment of the recognized bodies. Our responsible approach to this issue finds expression in our Group-wide EMF Policy, with which we commit ourselves to more transparency, information, participation, and scientific facts, far beyond that which is stipulated by legal requirements. We aim to overcome concerns among the general public by pursuing an objective, scientifically well-founded, and transparent information policy. We thus continue to see it as our duty to continue our trust-based dialog with local authorities and to ensure its successful progress. This particularly applies since our long-standing collaboration with municipalities to expand the mobile network was enshrined in law in 2013. Previously, this collaboration was based on voluntary self-commitments by the network operators.
Operational risks and opportunities
Risks arising from technology. We have an increasingly complex information/network technology (IT/NT) infrastructure, which we constantly expand and upgrade to ensure the best customer experience and consolidate our technology leadership. Outages in the current and also future technical infrastructure cannot be completely ruled out and could in individual cases result in revenue losses or increased costs. After all, our IT/NT resources and structures are the key organizational and technical platform for our operations. The ongoing convergence of IT and NT harbors risks. In order to counter these holistically, our technology, innovation, IT, and security activities are combined under the Board of Management department for Technology and Innovation.
Risks could arise in this area relating to all IT/NT systems and products that require internet access. For instance, faults between newly developed and existing IT/NT systems could cause interruptions to business processes, products, and services, such as smartphones and MagentaTV, or to connectivity for business customers. In order to avoid the risk of outages, e.g., due to natural disasters or fires, we use technical early warning systems and redundant IT/NT systems. The Computer Emergency Response Team (CERT) at Deutsche Telekom Security is in charge of protecting our business customers’ IT infrastructure and applications. In cloud computing, all data and applications are stored at a data center. Our European data centers have security certification and meet strict data protection provisions and the EU regulations. All data relating to companies and private persons is protected from external access. Constant maintenance and automatic updates keep the security precautions up to date at all times. On the basis of a standardized Group-wide business continuity management (BCM) process, we also take organizational and technical measures to prevent damage from occurring or, if we cannot, to mitigate the subsequent effects. We also have insurance cover for insurable risks.
T‑Mobile US relies upon its systems and networks and the systems and networks of other providers and suppliers, to provide and support services. T‑Mobile US’ business, like that of most retailers and wireless companies, involves the receipt, storage, and transmission of customers’ confidential information, including sensitive personal information, payment card information, and confidential information about their employees and suppliers, as well as other sensitive information about T‑Mobile US, such as business plans, transactions, and intellectual property. Cyberattacks, such as denial of service and other malicious attacks, or other systems and IT failures, such as hardware or software failures, could disrupt T‑Mobile US’ internal systems, networks, and applications, impair its ability to provide services to customers, and have other adverse effects on its business.
In order to grow and remain competitive with new and evolving technologies in the industry, T‑Mobile US will need to adapt to future changes in technology, continually invest in its network, increase network capacity, enhance existing offerings, including through digital channels, and introduce new offerings to address its current and potential customers’ changing demands. If T‑Mobile US is unable to take advantage of technological developments on a timely basis, then it may experience a decline in demand for its services or face challenges in implementing or evolving its business strategy.
Opportunities arising from technology. The utilization of large data volumes (big data) from our networks and their analysis using artificial intelligence (AI) or machine learning (ML) can improve and speed up decision-making processes by enhancing transparency. It does so by shifting the basis for decisions from hypotheses to facts and, for example, enabling correlations to be recognized. In this way, ML can be used, for example, to manage the energy consumption of our technology in a forward-looking way based on the analysis of network data.
Our Systems Solutions operating segment covers innovative business areas in the digital transformation of business processes, such as cloud computing, AI, automation, and cybersecurity. These business areas could develop faster than expected. As a pioneer of the digital transformation, we have an opportunity to actively shape market trends through a variety of projects in the fields of healthcare, public administration, and the automotive segment. Under these data-based digital business models, our partner-oriented approach is a highly promising way of contributing our core competencies – in cloud computing, edge computing, and cybersecurity – to various projects. In addition, we have references regarding strategic engagements in our focal sectors. We also see potential for development in the sovereign clouds environment.
As a technology and development partner for toll collection business in Europe, we already have a strong competitive position. We have earned valuable references in European toll collection projects in Belgium and Austria and through the launch of a Europe-wide toll collection system (Toll4Europe). This will help to give us an edge over our competitors.
Procurement and supply risks. Deutsche Telekom cooperates with a large number of suppliers of technical (information and communication technology) and non-technical products and services. Products and services that might involve a higher risk include software and hardware, network technology components, and all products and services provided directly to end customers.
Deutsche Telekom’s supply chains could be disrupted by a number of factors, such as geopolitical tensions, (e.g., the United States’ technology sanctions against China), cyberattacks, or supply chain restructuring. Furthermore, additional risks may also result from the dependence on individual suppliers or from individual vendors defaulting. This applies in particular for Chinese suppliers of telecommunications technology. We employ organizational, contractual, and procurement strategy measures to counteract these challenges. At T‑Mobile US, in certain areas such as terminal equipment, there are few suppliers who can provide adequate support, which may lead to unfavorable contract terms and decreased flexibility to switch to alternative third parties. Unexpected termination or difficulties in renewing the commercial arrangements with the suppliers, or any business disruptions at the suppliers could have a material adverse effect on T‑Mobile US. We are therefore raising the risk significance of the risk category “Procurement and suppliers” from low to medium.
Risks and opportunities arising from data privacy and data security
Data privacy. All Group companies are subject to specific data privacy regulations (in the EU especially the General Data Protection Regulation (GDPR)). These requirements must be implemented and their compliance must be monitored. Data privacy incidents could be sanctioned with very high administrative fines (up to between 2 and 4 % of the total worldwide annual revenue of an undertaking). The European supervisory authorities’ concept for administrative fines would apply. It stipulates high fines even for violations with a low criticality. The supervisory authorities’ practice with respect to fines demonstrates that more and higher fines are being imposed. Despite mitigation measures and well-established data privacy management structures, it is not possible to fundamentally rule out data privacy incidents as almost all procedures/processes in the Group are relevant in terms of data protection. Errors might occur that are linked to reputation, cost, and sanction risks.
Since the introduction of the GDPR, data privacy law has been largely harmonized in Europe. Deutsche Telekom benefits from this as a Group, since the majority of special national data privacy regulations no longer apply and no longer have to be implemented in the individual entities in the European Union (EU). This has reduced the need for additional coordination. An appropriate level of security is also ensured when transmitting personal data to countries outside of the EU. Under the Schrems II ruling by the European Court of Justice (ECJ) from 2020, companies are subject to strict requirements for the transmission of data to third countries without the adequacy decision of the EU Commission, compliance with which entails a substantial workload for companies. Deutsche Telekom therefore welcomes the EU-U.S. Data Privacy Framework agreed between the EU and the United States, which is intended to provide greater legal certainty for collaborations with U.S. companies. A number of actions are pending against this agreement and more have been announced. By way of mitigation, Deutsche Telekom safeguards the transmission of personal data to companies in the United States, regardless of final legal clarification, by means of standard contractual clauses of the European Commission.
In the United States, the telecommunications industry is also examined closely by the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) with regards to the state data privacy laws. Non-compliance with the stricter data privacy laws could result in high fines. The growing demand for data means the challenges with respect to the collection, usage, transfer, and management of customers’ personal data are also growing.
Deutsche Telekom carefully examines technical developments and digital transformation projects on an ongoing basis to verify if they are in line with the Group strategy. For example, the use of IT systems with AI within the Group always complies with the applicable data privacy laws and provisions. The Privacy and Security Assessment (PSA) must be carried out as soon as a new AI solution is to be introduced in the Group. This process, which is now fully digital, meets the requirements of the GDPR with regard to carrying out a Privacy Impact Assessment for evaluating and documenting the risks posed by data processing. In the PSA process all data privacy and security requirements relevant to the system or project are automatically assigned and then worked through by the functionally responsible units. One new addition is the separate AI data privacy requirement, which helps to develop systems based on or using AI in a way that is data privacy-compliant. This takes account not only of general data privacy principles (legality, transparency, limitation of use, etc.), but also specific application scenarios, such as generative AI and profiling. These data privacy requirements also take an important first step in preparing for the European AI Act (EU AI Act).
Since the ePrivacy Regulation has still not yet been adopted, there is yet another sector-specific regulatory challenge for the telecommunications sector in the EU. As telecommunications providers’ data processing options are substantially restricted compared with what is possible under the GDPR, innovative big data and AI applications in the field of telecommunications cannot realize the same kind of potential as those of companies that are only subject to the GDPR.
Another example of a major initiative with relevance for data privacy is the long-term partnership between T‑Systems and Google Cloud, which began in 2021. In operation since April 2022, the shared T‑Systems Sovereign Cloud powered by Google Cloud combines the open-source expertise of Google Cloud and the sovereign services of T‑Systems and enables customers to manage their workloads in full compliance with German and EU regulatory requirements. Compliance with all three aspects of digital sovereignty (data sovereignty, operational sovereignty, and software sovereignty) is continuously monitored by T‑Systems, such that even companies from regulated industries are able to confidently process their sensitive data in the cloud in accordance with the GDPR and Schrems II and at the same time profit from the scalability, innovative power, and reliability of public cloud functionalities.
Prior thereto, T‑Systems signed the EU Cloud Code of Conduct (EU Cloud CoC) in 2021. After all, the EU Cloud is synonymous with something essential, namely, nothing less than the digital sovereignty of Europe in cloud services. This refers to the complete control of stored and processed data and independent decision-making on who can access the data. This requires clear rules and requirements, which the EU Cloud CoC offers. The European data protection authorities authorized this Code of Conduct. By becoming a signatory, the Company and hence also T‑Systems undertakes to continue to increase the data protection level for cloud services in the interests of customers and European data protection. In this way they provide proof that data is processed in accordance with the requirements of the GDPR. Compliance with the rules is reviewed by an independent body. We will continue to support the development of the standard in 2024 and ensure further harmonization with ISO and internal standards.
Data security. IT security continues to pose major challenges. In addition to preventive measures such as integrated security in business processes and measures to raise security awareness among employees, we counter these challenges with increased focus on the analysis of threats and cyber risks. This is where our early warning system comes in: It detects new sources and types of cyberattack, analyzes the behavior of the attackers while maintaining strict data privacy, and identifies new trends in the field of security. Along with the honeypot systems, which simulate vulnerabilities in IT systems, our early warning system includes alerts and analytical tools for spam mails, viruses, and Trojans. We exchange the information we obtain from all these systems with public and private bodies to detect new attack patterns and develop new protection systems. We are also currently seeing new developments in the increased and fast-growing use of generative AI, both on the part of criminal attackers and in terms of options for protection. Here, too, we are working to exploit the opportunities offered by the development and use of AI and to counter the potential new risks arising from this technology.
Cybercrime and industrial espionage are on the rise and they are becoming ever more complex due to rapidly advancing technologies and attack methods. As a result, we face constant challenges and adjustments to protect our customer and business partner data, as well as our networks, technologies, products, and services against these attacks. Such incidents can lead, among other implications, to business disruptions, embezzlement, or unauthorized access to confidential or personal information, and to loss of reputation. We are addressing this development with comprehensive mitigation measures, such as security concepts. In order to also create greater transparency and thus be in a stronger position to tackle these threats, we are relying more and more on partnerships, e.g., with public and private organizations. By means of the Security by Design principle, we have made security an integral part of our development process for new products and information systems. Furthermore, we carry out intensive and obligatory digital security tests.
We are continually striving to accelerate our growth through IT security solutions. To this end, we have combined our security units within Deutsche Telekom Security. We want to leverage this end-to-end security portfolio to secure market shares and score points with security concepts on the back of megatrends like the Internet of Things and Industry 4.0. We are also continuing to gradually expand our partner ecosystem in the area of cybersecurity.
We provide regular updates on the latest developments in data protection and data security on our website.
Due to the rise in successful cyberattacks against Deutsche Telekom in recent years, predominantly in the United States, and the growing overall threat level imposed by cyberattacks, as well as the supervisory authorities’ tougher practice with respect to data privacy-related fines, the risk significance of the risk category “Data privacy and data security” is rising from high to very high.
Other operational risks and opportunities
Employees. Our employees play a crucial role in the transformation of Deutsche Telekom. Their skills are a key factor in our business success. Both this success and our service provision are dependent on the ability to acquire, retain, and develop specialist staff and talents. Growing competition throughout the entire labor market for experts (especially in technology and IT) and the war for talents, coupled with the need to offer increasingly flexible working conditions (e.g., remote working), could lead to key employees (in particular those in technical and IT-related roles) leaving the company, while demand continues to grow unabated. Sharply rising entry-level salaries could exacerbate the situation and increase costs further. The availability of staff with an appropriate skill set at nearshore and offshore sites is crucial when it comes to rendering services on budget, in line with requirements, and on time. The demands of the talents with regard to potential employers have also increased. Apart from remuneration, factors they care about include flexible working, environmental social governance, culture, diversity, and innovations. We systematically work to address these challenges head on, for example, by strengthening Deutsche Telekom and T‑Mobile US as an attractive employer brand and by proactively seeking out new specialist staff and talents worldwide.
In 2023, we once again used socially responsible measures to restructure the workforce in our Group. Early retirement models such as phased and dedicated retirement, and severance payments have been largely taken up, but also the training and placement of civil servants and employees in the public sector by the next.JOB unit has proved very popular. The transformation with the associated staff restructuring is extremely important for achieving the Group’s goals. Nevertheless, it is essential the restructuring is managed in a targeted way. That is why, for each request by an employee to take up a staff reduction instrument, it must be ensured on principle that the arrangement is voluntary on both sides (agreed by employee and manager), so as to avoid, for example, the loss of high performers.
The Company still employs numerous civil servants, who originally belonged to Group units of Deutsche Telekom that have since been sold. Where requested, these civil servants have been granted temporary leave from their civil servant status. However, there is a risk that they may return to us from a sold entity, for instance after the end of their temporary leave from civil servant status, without the Company being able to offer them jobs. Currently, 1,041 civil servants are entitled to return from outside the Group in this way (as of December 31, 2023), thus posing a risk.
Risks and opportunities relating to regulation
In the following section, we describe the main regulatory risks and opportunities that, as things currently stand, could affect our results of operations and financial position, and our reputation.
Regulatory risks arise from telecommunications-specific statutory regulations at the national, European, and U.S. level, and from the consequent powers of national authorities to regulate or intervene in the market and limit our freedom as regards product design and pricing. Deregulation can give rise to regulatory opportunities. Regulatory intervention, which we can only anticipate to a limited extent, may exacerbate existing price and competitive pressure. There are concerns that regulation in the United States, Germany, and other European countries may also impact revenue and earnings trends in the medium to long term.
Changes in regulatory policy and legislation
European legislation constantly influences our pricing and product design. The main legal frameworks are the European Electronic Communications Code (EECC) and the EU Roaming Regulation. Further legislative initiatives are expected at a European level in 2024, such as the plans to adopt the Gigabit Infrastructure Act, which aims to reduce the costs of infrastructure build-out. It is also possible that the regulation of charges for phone calls between EU member states will be extended or tightened. The current regulation only applies until mid-2024.
Policy decisions can give rise to risks, but also opportunities. The Federal Government’s Digital Strategy adopted in August 2022 is a first step for potential further measures, for example, in connection with digitalization projects in administration or a modern legal framework for the data economy. The Gigabit Strategy contained therein aims, among other goals, to ensure nationwide fiber-optic coverage and state-of-the-art mobile technology. To this end, measures are expected in relation to approval processes or the realignment of the subsidized build-out, which could significantly affect conditions for the continued network build-out. However, there is skepticism in the industry about the legislative proposals so far set out by the Federal Government in this regard and progress is expected to be tentative.
In view of the highly topical debates regarding the network security of critical infrastructure, the legislator has already announced adjustments in this regard, which will be implemented by regulatory and other authorities. This will lead to new requirements, for which the costs of implementation for Deutsche Telekom are not yet possible to estimate.
In the United States, too, new or amended wireless-related provisions and laws can increase the complexity of processes and lead to higher costs for T‑Mobile US.
Awarding of spectrum
Risks could arise from the fact that inappropriate auction rules or the conditions for extending awards, frequency usage requirements, excessive reserve prices, and disproportionately high annual spectrum fees could jeopardize our planned acquisition of spectrum or give rise to adverse effects from the conditions for the allocation of spectrum. Inappropriate conditions for the awarding of spectrum can include, for example, extensive build-out requirements and, in some cases, requirements to grant network access (national roaming, service provider access). The specific details are down to the national regulatory authorities. By contrast, we see an opportunity in particular in the fact that such spectrum award procedures enable mobile network operators to obtain the optimum amount of spectrum for their future business. We would thus be equipped for further growth and innovation. Changes to award procedures generally entail opportunities and risks. The upcoming award procedures mainly relate to the auctioning of spectrum in the 700 MHz, 800 MHz, 900 MHz, 1,800 MHz, 2,100 MHz, 3,400 to 3,800 MHz, and the 26,000 MHz ranges. In addition, spectrum licenses, especially in the 2,100 MHz and 2,600 MHz ranges, will expire by 2024 in some countries and need to be renewed. Major award procedures are currently being prepared, primarily in Austria, Poland, Slovakia, and the Czech Republic. In Germany, consultations were held regarding the 800 MHz, 1,800 MHz (partial), and 2,600 MHz bands to determine which award procedure to select (auction or extension) and the possible conditions of allocation. Up for discussion are, among other aspects, a potential tightening of the rules for network access in favor of service providers, and additional coverage obligations. The extension periods under discussion are for five or eight years. A final decision on this has not yet been made. In the United States, T‑Mobile US acquired frequency in the 2.5 GHz range for approx. USD 300 million in an auction that ended on August 29, 2022. The receipt of these licenses was delayed after the FCC’s authority concerning the organization of spectrum auctions had expired. However, on December 19, 2023, the 5G Sale Act, which had shortly before been adopted by the U.S. Congress, entered into force, which granted the FCC 90 days from that date to allocate the licenses to T‑Mobile US.
For further information on spectrum auctions that were completed in 2023 or are still ongoing, please refer to the section “Major regulatory decisions.”
Areas in which national regulators may intervene
European and national laws and regulations grant national regulators extensive powers of intervention.
Our Group companies in Germany and Europe continue to be subject to extensive regulation of wholesale products, obligating us to make our network and services available to our competitors wherever we are deemed to have significant market power as an operator. The national regulators regularly check and determine the corresponding terms, conditions, and prices of these wholesale offerings. The key wholesale products subject to regulation are unbundled local loop lines, bitstream products, leased lines, and the associated services.
In July 2022, the Bundesnetzagentur published its decision on the future regulation of access to Deutsche Telekom’s copper and fiber-optic network. With this decision, rules for FTTB/H networks are laid down, the previous regulation for Layer2 (VDSL) is discontinued, and access to ducts and poles is also imposed. The precise access conditions will be set down in the subsequent procedures, by means of which the authority will influence Deutsche Telekom’s pricing and product design.
For further information, please refer to the section “Major regulatory decisions.”
Regulatory requirements for mobile communications could arise from conditions imposed in connection with the allocation of frequencies. In Germany, a negotiation obligation for wholesale access has been in place since 2018, for which the Bundesnetzagentur can be called upon in cases of dispute. This can give rise to restrictions on our freedom of contract when concluding wholesale agreements with regards to wholesale customers, as well as in terms of scope of services and prices.
Within the scope of the subsidized network build-out, companies have an obligation to ensure access to the subsidized network. In addition, all operators of public supply networks have an obligation, among others, to ensure shared use of passive network infrastructure. The Bundesnetzagentur can be called on to settle disputes. Since 2021, termination rates have been determined directly by the European Commission by way of a delegated act. In addition, European and national consumer protection regulations apply.
In addition to the requirements of telecommunications law, our media products are also subject to special European and national regulations under media law, as well as non-sector specific regulations such as data and consumer protection. These include, in the broader sense, copyright law, regulations concerning the responsibility for published content, requirements in relation to ensuring the protection of minors in the media, and requirements in relation to the content and user interfaces of media distribution platforms. Barring any changes to its shareholder structure on the one hand (the Federal Republic and KfW being its major shareholders), or to the legal situation, or the prevailing opinions of media regulators on the other, it is unlikely that Telekom Deutschland will be granted a license to broadcast radio and TV programs.
Litigation and anti-trust proceedings
Major ongoing legal proceedings
Deutsche Telekom is party to proceedings both in and out of court with government agencies, competitors, and other parties. The proceedings listed below are of particular importance from our perspective. If, in extremely rare cases, required disclosures on individual legal proceedings are not made, we concluded that these disclosures may seriously undermine the outcome of the relevant proceedings.
Prospectus liability proceedings (third public offering, or DT3). This relates to initially around 2,600 ongoing lawsuits from some 16,000 alleged buyers of T-Shares sold on the basis of the prospectus published on May 26, 2000. The plaintiffs assert that individual figures given in this prospectus were inaccurate or incomplete. The amount originally in dispute totaled approximately EUR 78 million plus interest. Some of the actions are also directed at KfW and/or the Federal Republic of Germany as well as the banks that handled the issuances. The Frankfurt/Main Regional Court had issued orders for reference to the Frankfurt/Main Higher Regional Court in accordance with the German Capital Investor Model Proceedings Act (Kapitalanleger-Musterverfahrensgesetz – KapMuG) and has temporarily suspended the initial proceedings. On May 16, 2012, the Frankfurt/Main Higher Regional Court had ruled that there were no material errors in Deutsche Telekom AG’s prospectus. In its decision on October 21, 2014, the Federal Court of Justice partly revoked this ruling, determined that there was a mistake in the prospectus, and referred the case back to the Frankfurt/Main Higher Regional Court. On November 30, 2016, the Frankfurt/Main Higher Regional Court ruled that the mistake in the prospectus identified by the Federal Court of Justice could result in liability on the part of Deutsche Telekom AG, although the details of that liability would have to be established in the initial proceedings. Following an appeal from both parties, in February 2021, the Federal Court of Justice once again referred the proceedings back to the Frankfurt/Main Higher Regional Court for further consideration. In November 2021, Deutsche Telekom AG presented a settlement concept under which a concrete settlement offer is to be made to every eligible plaintiff. The settlement offers are made without any judicial decision and do not constitute an admission of liability on the part of Deutsche Telekom AG. Settlements have now been agreed with almost all of the eligible plaintiffs. Appropriate provisions for risk have been recognized in the statement of financial position for the remaining still pending actions. Given the very low residual risk, this matter will no longer be reported on in the future.
Claims relating to charges for the shared use of cable ducts. In 2012, Kabel Deutschland Vertrieb und Service GmbH (today Vodafone Deutschland GmbH (VDG)) filed a claim against Telekom Deutschland GmbH to reduce the annual charge for the rights to use cable duct capacities. In similar proceedings, the then Unitymedia Hessen GmbH & Co. KG, Unitymedia NRW GmbH, and Kabel BW GmbH (today all Vodafone West) filed claims against Telekom Deutschland GmbH in January 2013, demanding that it cease charging the plaintiffs more than a specific and precisely stated amount for the shared use of cable ducts, including in the future. The claims were rejected by the Frankfurt/Main Higher Regional Court (VDG) and by the Düsseldorf Higher Regional Court (Vodafone West) and an appeal was not allowed in both cases. In response to the complaints of the plaintiffs against non-allowance of appeal, the Federal Court of Justice allowed the appeal by VDG to the extent that it relates to claims dating from January 1, 2012 onward; the appeal by Vodafone West was allowed to the extent that it relates to claims dating from January 1, 2016 onward. The claims were rejected with legally binding effect for the time periods prior to this. In a ruling on December 14, 2021, the Federal Court of Justice referred the proceedings concerning the remaining claims back to the responsible Higher Regional Courts for a new hearing and decision. VDG has since updated its claim, which it now puts at around EUR 826 million plus interest for the period from January 2012 to December 2022. The plaintiff Vodafone West has also updated its claim, which it now puts at around EUR 418 million plus interest for the period from January 2016 to June 2022. It is currently not possible to estimate the financial impact of both these proceedings with sufficient certainty.
Sprint Merger class action. On June 1, 2021, a shareholder class action and derivative action was filed in the Delaware Court of Chancery against Deutsche Telekom AG, SoftBank, T‑Mobile US, and all of our officers and directors at that time, asserting a breach of fiduciary duties relating to the purchase price amendment to the Merger Agreement, as well as SoftBank’s subsequent monetization of its T‑Mobile US shares. On October 29, 2021, the complaint was amended. The amended complaint is directed at the same defendants and the same underlying transactions as in the original action; however, it includes additional submission on alleged facts. It is currently not possible to estimate the resulting claim and financial risk of these proceedings with sufficient certainty.
Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in August 2021. In August 2021, T‑Mobile US confirmed that their systems had been subject to a criminal cyberattack that compromised data of millions of their customers, former customers, and prospective customers. With the assistance of outside cybersecurity experts, T‑Mobile US located and closed the unauthorized access to their systems and identified customers whose information was impacted and notified them, consistent with state and federal requirements. As a result of the cyberattack, numerous consumer class actions including mass arbitrations were filed against T‑Mobile US. The class actions brought before the federal courts were consolidated into one action in December 2021. The plaintiffs are claiming damages in an as yet unspecified amount. On July 22, 2022, T‑Mobile US entered into an agreement to settle the consumer class action in the Federal Court for USD 350 million. In addition, T‑Mobile US committed to spending a total of USD 150 million in 2022 and 2023 on data security and related technologies. The settlement was approved by the court in June 2023. A member of the class action appealed against the final decision on approval and is objecting to the awarding of lawyers’ fees by the court to the lawyer for the class action. This is further delaying the closure of the proceedings. T‑Mobile US expects that the settlement of the consumer class action, together with further settlements already or still to be concluded with consumers, will satisfy essentially all claims asserted to date by current, former, and potential customers affected by the cyberattack in 2021. T‑Mobile US has recognized corresponding provisions for risks in the statement of financial position of around USD 0.3 billion (EUR 0.3 billion).
Furthermore, in November 2021, a derivative action was brought against the members of the Board of Directors of T‑Mobile US and against T‑Mobile US as nominal defendant. This action has since been withdrawn. In September 2022, a further purported shareholder filed a new derivative action against the members of the Board of Directors of T‑Mobile US and against T‑Mobile US as nominal defendant alleging claims for breach of fiduciary duties relating to the company’s cybersecurity practices. It is currently not possible to estimate the resultant financial risk with sufficient certainty.
In addition, inquiries have been made by various government agencies, law enforcement and other state authorities, with which T‑Mobile US is cooperating in full. It is currently not possible to estimate the resultant financial risk of these proceedings with sufficient certainty..
Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in January 2023. On January 5, 2023, T‑Mobile US identified that a bad actor was obtaining data through an application programming interface (API). Investigations by the company have found that the affected API was only able to provide a limited set of customer account data, including name, billing address, email address, telephone number, date of birth, T‑Mobile account number, and information such as the number of lines on the account and plan features. The results of the investigation indicate that, in total, around 37 million current postpaid and prepaid customer accounts were affected, although many of these accounts did not include the full data set. T‑Mobile US assumes that the attacker retrieved data via the affected API for the first time from or around November 25, 2022. In accordance with federal and state requirements, the company has notified those individuals whose data was affected. In connection with this cyberattack, consumer class actions were filed against T‑Mobile US and official inquiries were submitted to the company, to which it will respond and, as a result of which, it may incur substantial expenses. It is currently not possible to estimate the resultant financial risk with sufficient certainty.
Patents and licenses. Like many other large telecommunications and internet providers, Deutsche Telekom is exposed to a growing number of intellectual property rights disputes. There is a risk that we may have to pay license fees and/or compensation; we are also exposed to a risk of cease-and-desist orders, for example relating to the sale of a product or the use of a technology.
Further, Deutsche Telekom intends to defend itself and/or pursue its claims vigorously in each of these proceedings.
Major ongoing anti-trust proceedings
Like all companies, our Group is subject to anti-trust law. In recent years, we have notably stepped up our compliance efforts in this area too. Nevertheless, Deutsche Telekom and its subsidiaries are from time to time subject to proceedings under anti-trust law or follow-on damage actions under civil law. In the following, we describe material anti-trust proceedings and resulting claims for damages. If, in extremely rare cases, required disclosures on individual anti-trust proceedings are not made, we concluded that these disclosures may seriously undermine the outcome of the relevant proceedings.
Claims for damages against Slovak Telekom following a European Commission decision to impose fines. The European Commission decided on October 15, 2014 that Slovak Telekom had abused its market power on the Slovak broadband market and as a result imposed fines on Slovak Telekom and Deutsche Telekom AG, which were paid in full in January 2015. After the General Court of the European Union partially overturned the European Commission’s decision in 2018 and reduced the fines by a total of EUR 13 million, the legal recourse following the ruling of the European Court of Justice on March 25, 2021 is exhausted. Following the decision of the European Commission, competitors filed damage actions against Slovak Telekom with the civil court in Bratislava. These claims seek compensation for alleged damages due to Slovak Telekom’s abuse of a dominant market position, as determined by the European Commission. Three claims totaling EUR 219 million plus interest are currently pending. It is currently not possible to estimate the financial impact with sufficient certainty.
Claims for damages against Deutsche Telekom AG, including due to insolvency of Phones4U. Phones4U was an independent British mobile retailer, which declared insolvency in 2014. The insolvency administrator is pursuing claims before the High Court of Justice in London against the mobile providers active on the UK market at that time and their parent companies on the grounds of alleged collusion in violation of anti-trust law and breach of contract. Deutsche Telekom AG, which at that time held 50 % of the mobile company EE Limited, has rejected the claims as unsubstantiated. The High Court of Justice in London heard testimony from several witnesses and experts in the period between mid-May and the end of July 2022 with a view to establishing the legal basis for a claim. On November 10, 2023, the High Court of Justice in London rejected all claims made by Phones4U against all defendants. In December 2023, Phones4U filed an application for leave to lodge an appeal with the High Court of Justice in London. The hearing took place on December 19, 2023. The High Court of Justice in London rejected the application by Phones4U for leave to lodge an appeal. Phones4U is pursuing the application further with the Court of Appeal. It is currently not possible to estimate the financial impact with sufficient certainty.
Antitrust class action complaint following the merger with Sprint. T‑Mobile US is defending against an antitrust class action complaint from June 17, 2022, in which the plaintiffs allege that the merger of T‑Mobile US and Sprint violated the antitrust laws and harmed competition in the U.S. retail cell service market. Plaintiffs seek injunctive relief and trebled monetary damages on behalf of a purported class of AT&T and Verizon customers who plaintiffs allege paid artificially inflated prices due to the merger. It is currently not possible to estimate the financial impact with sufficient certainty.
Compliance risks
Compliance risks are risks arising from systematic infringements of legal or ethical standards that could result in regulatory or criminal liability on the part of the company, its executive body members, or employees, or result in a significant loss of reputation. In order to minimize these risks, we have set up a compliance management system.
For further information on the compliance management system, please refer to section “Combined non-financial statement – Aspect 5: Fighting corruption.”
Financial risks and opportunities
Liquidity, credit, currency, interest rate risks
With regard to its assets, liabilities, and planned transactions, our Group is particularly exposed to liquidity risks, credit risks, and the risk of changes in exchange rates and interest rates. We want to contain these risks. Risks with an impact on cash flows are monitored in a standard process and hedged accordingly using derivative and non-derivative hedges. Derivative financial instruments are used solely for hedging and never for speculative purposes. The following risk areas – liquidity, credit, currency, and interest rate risks – are evaluated taking into account all hedges.
For further information on the risk assessment, please refer to the “Corporate risks” table above.
Liquidity risk. To ensure the Group’s and Deutsche Telekom AG’s solvency and financial flexibility at all times, we maintain a liquidity reserve in the form of credit lines and cash as part of our liquidity management. Since the successful business combination of T‑Mobile US and Sprint, T‑Mobile US has pursued its own separate financing and liquidity strategy.
Deutsche Telekom (excluding T‑Mobile US): Primarily bilateral credit agreements with 20 banks with an aggregate total volume of EUR 12.0 billion were available as of December 31, 2023, which were not utilized. Our liquidity reserve covered maturing bonds and long-term loans at all times for at least the next 24 months (see graphic below).
Furthermore, bilateral credit lines with an aggregate total volume of USD 7.5 billion (EUR 6.8 billion) plus a cash balance of USD 5.2 billion (EUR 4.7 billion) were available to T‑Mobile US as of December 31, 2023.
Credit risks. In our operating business and certain banking activities, we are exposed to a credit risk, i.e., the risk that a counterparty will not fulfill its contractual obligations. To keep this credit risk to a minimum, we conclude transactions with regard to financing activities only with counterparties that have at least a credit rating of BBB+/Baa1; we also actively manage limits. In addition, we have concluded collateral agreements for our derivative transactions. At the level of operations, the outstanding debts are continuously monitored in each area, i.e., locally.
Currency risks. Currency risks result from dividend payments received, investments, financing measures, and operations. Risks from foreign currency fluctuations are hedged on a pro rata basis depending on their probability of occurrence, if they affect the Group’s cash flows (transaction risks). However, foreign-currency risks that do not influence the Group’s cash flows, for example, risks resulting from the translation of assets and liabilities of foreign operations into euros (translation risks) are generally not hedged. Deutsche Telekom may nevertheless also hedge these foreign-currency risks under certain circumstances.
Interest rate risks. Our interest rate risks mainly result from Group financing: On the one hand, we have an interest rate risk relating to the issue of new liabilities, and on the other, we have an interest rate risk arising from variable-interest liabilities. The euro interest rate position is actively managed as part of our interest rate management activities. Each year, a maximum is set for the percentage of variable-interest liabilities, taking into account the planned finance costs. Inflationary pressure in Germany, Europe, and the United States resulted in further interest rate hikes by central banks in 2023. Given the heavily inverted yield curve, the variable-interest debt portfolio and hence interest sensitivity further declined substantially. The USD debt position of T‑Mobile US primarily comprises partially cancelable, fixed-income bonds.
For further information, please refer to Note 43 “Financial instruments and risk management” in the notes to the consolidated financial statements.
Tax risks
We are subject to the applicable tax laws in many different countries. Risks can arise from changes in local taxation laws or case law and different interpretations of existing provisions. These risks can impact both our tax expense and benefit as well as tax receivables and liabilities.
Other financial risks and opportunities
This section contains information on other financial risks that we consider to be immaterial at present or cannot evaluate based on current knowledge.
Rating risk. Deutsche Telekom’s credit rating affects our access to the capital markets, to the international finance markets, and our refinancing costs. A lower rating could impede access to the capital market and, over time, would lead to an increase in the cost of debt financing. We intend to maintain our rating in a corridor from A- to BBB and thereby safeguard undisputed access to the capital market. As of December 31, 2023, Deutsche Telekom AG’s credit rating with Moody’s was Baa1 with a stable outlook, while Standard & Poor’s and Fitch rated us BBB+ with a stable outlook. From today’s perspective, access to the international debt capital markets for both Deutsche Telekom AG and T‑Mobile US is not jeopardized.
Control environment. Compliance with business and regulatory requirements, in particular for the internal control system, requires high efforts. Not meeting these demands could lead to difficulties or weaknesses in Deutsche Telekom’s overall control environment and with regard to financial reporting.
Sales of shares by the Federal Republic or KfW Bankengruppe. As of December 31, 2023, the Federal Republic and KfW Bankengruppe jointly held 30.46 % in Deutsche Telekom AG. It is possible that the Federal Republic will continue its policy of privatization and sell further equity interests in a manner designed not to disrupt the capital markets and with the involvement of KfW Bankengruppe. There is a risk that the sale of a significant volume of shares by the Federal Republic or KfW Bankengruppe, or any speculation to this effect, could have a negative impact on the price of the T-Share.
Impact of the CR strategy on the value of the Company. Growing numbers of investors take sustainability aspects into account in their investment decisions (Socially Responsible Investments, SRI). SRI investment products consist of securities from companies that have been reviewed based on environmental, social, and governance (ESG) criteria. The development of demand from socially responsible investors for the T‑Share is an indicator we can use to assess our sustainability performance. The Socially Responsible Investment ESG KPI indicates the percentage of Deutsche Telekom AG shares held by such investors. Our commitment to greater sustainability is paying off: as of December 31, 2023, around 32 % of all T-Shares were held by investors who show concern for environmental, social, and governance criteria in their investment choices. We have refined the methodology and underlying data and have switched to monitoring the sustainably managed shares at fund level and no longer at an institutional level. For better comparability with other companies, the total number of shares given pertains to the number of Deutsche Telekom shares in free float.
Impairment of Deutsche Telekom AG’s assets. The value of the assets of Deutsche Telekom AG and its subsidiaries is reviewed periodically. In addition to the regular annual measurements that are also performed for the carrying amounts of investments in the annual financial statements of Deutsche Telekom AG prepared in accordance with German GAAP, specific impairment tests may be carried out, for example, where changes in the economic, regulatory, business, or political environment suggest that the value of goodwill, intangible assets, property, plant and equipment, investments accounted for using the equity method, or other financial assets might have decreased. These tests may lead to the recognition of impairment losses that do not, however, result in cash outflows. This could impact to a considerable extent on our results, which in turn may negatively affect the T-Share price.
For further information, please refer to the section “Summary of accounting policies – Judgments and estimates” in the notes to the consolidated financial statements.
In 2023, the price level on the world energy market declined compared with 2022. By taking account of fluctuating energy prices and the changes to the debt portfolio during the planning process, we were able to lower the risk significance of the risk category “Financial risks” from high to medium.
Covers the entire virtuality spectrum: augmented reality, virtual reality, mixed reality, and simulated reality, as well as potential future developments.
- AR – Augmented Reality. The computer-generated enhancement of the real world with perceptual information. The information can address all the human senses. However, augmented reality often only encompasses the visual representation of information, i.e., the augmenting of images or videos with additional computer-generated information or virtual objects using overlaying/superimposition.
- VR – Virtual Reality. A simulated experience of the real world and its physical characteristics in real time in a computer-generated, interactive virtual environment. Unlike AR, which focuses on enhancing the real world with visual representations of additional data, VR fully immerses the user in a virtual world.