Risks and opportunities
In the following section, we present all risks and opportunities of significance to the Group – including emerging risks – that, as things currently stand, could affect the results of operations, financial position, and/or reputation of Deutsche Telekom and, via the subsidiaries’ results, the results of operations, financial position, and/or reputation of Deutsche Telekom AG. We only consider risks and opportunities after the mitigation measures taken (net assessment). If risks and opportunities can be clearly allocated to an operating segment, this is presented accordingly in the following.
In order to make it easier to understand and see their effects, we have assigned the individually assessed risks to the following categories. Where multiple individual risks are assigned to one risk category, we calculate the risk significance on the basis of risk aggregation carried out using a Monte Carlo simulation, in which we consider the individual risks along with their individual extent and probability of occurrence. The outcome, or risk significance, is the “value at risk.” This states that, with a particular probability of occurrence, the risk extent ascertained using the simulation will not be exceeded. An expert assessment is used for risk categories that have not been quantified.
The resulting risk significance for the risk categories is broken down into four levels:
|
|
Risk significance |
Description |
---|---|
Low |
< € 200 million value at risk |
Medium |
≥ € 200 million value at risk |
High |
≥ € 500 million value at risk |
Very high |
≥ € 1.0 billion value at risk |
|
|
|
|
Risk significance |
Change against prior year |
---|---|---|
Strategic risks |
|
|
Macroeconomic environment, Germany |
Medium |
Unchanged |
Macroeconomic environment, United States |
Medium |
Unchanged |
Macroeconomic environment, Europe |
Medium |
Unchanged |
Market environment, Germany |
Low |
Unchanged |
Market environment, United States |
Very high |
Unchanged |
Market environment, Europe |
Low |
Unchanged |
Strategic implementation and integration |
High |
Improved |
Brand and reputation |
Low |
Unchanged |
Sustainability and social responsibility |
Medium |
Unchanged |
Health |
Low |
Unchanged |
Operational risks |
|
|
Technology, Germany |
Low |
Unchanged |
Technology, United States |
Medium |
Unchanged |
Technology, Europe |
Low |
Unchanged |
Procurement and suppliers |
Medium |
Unchanged |
Data privacy and data security |
Very high |
Unchanged |
Other operational risks |
Medium |
Unchanged |
Regulatory risks |
Medium |
Unchanged |
Litigation and anti-trust proceedings |
|
|
Compliance risks |
See “Compliance risks” |
|
Financial risks |
Medium |
Unchanged |
Risks and opportunities relating to the macroeconomic environment. As an international corporation, we operate in a large number of countries, using a range of currencies. A substantial economic downturn could generally reduce the purchasing power of our customers and adversely affect our access to the capital markets. Exchange rate fluctuations could impact on our earnings.
Uncertainty over the global economic outlook remains high. In particular, ongoing high geopolitical tensions constitute a significant risk factor. A further escalation of the conflicts in the Middle East could push up energy prices and disrupt supply chains, especially for our Germany and Europe operating segments. Also, a potential escalation of the war in Ukraine to a global conflict could have a negative impact on economic growth in Europe and on the financial markets. Hybrid warfare is on the rise, bringing even critical infrastructure into greater focus, such that it could become necessary to increase defenses. Additional risks could result from other geopolitical conflicts, for instance between China and Taiwan, or North and South Korea, and the uncertainty from international trade conflicts.
Uncertainty in trade policy has risen sharply in the context of increasing import restrictions in major economies. Further trade barriers would increase import prices, add to production costs for companies, and further drive up prices for consumers. In addition, trade tariffs and/or geopolitical crises could have a substantial impact on economic growth, particularly in Germany.
Furthermore, there are still financial risks, resulting from high debt levels, inflated asset evaluations, and the declining credit quality of some debtors. A rise in company insolvencies could have a negative impact on our business customer segment. Increases in the cost of living and decreases in disposable household income could trigger migration to lower-cost rate plans in the consumer segment, or larger numbers of customers defaulting on payments.
Furthermore, extreme risks with a high impact of loss and a very low probability of occurrence could in principle have a substantial impact on the global economy and our business. Examples of these are extensive extreme weather events (e.g., tsunamis, solar storms), disruptive new technologies, further armed conflicts, or new pandemics.
These risks are counterbalanced by opportunities. In particular, the economy could perform better than expected if consumer restraint among private households eases. A potential settlement of geopolitical conflicts or lower energy prices could also strengthen consumer confidence and improve the general business climate.
Risks from the market environment. The main market risks we face include the steadily falling profitability of fixed-network and mobile services. In addition to price reductions imposed by regulatory authorities, this is primarily attributable to ongoing intense competition in the telecommunications industry.
In the fixed network, competitive pressure is expected to remain high. In the broadband market, competition is growing from providers with their own fiber-optic networks. What’s more, there is still strong price competition with high introductory discounts from cable network operators and providers without their own fixed-network infrastructure.
We also expect ongoing price pressure in mobile communications, which could negatively affect our mobile service revenues. The main reason for this price pressure is data-centric, aggressively priced offers. There is also the risk that smaller competitors will take unforeseen, aggressive pricing measures. Technological innovations could put further pressure on prices by increasing the willingness of customers to switch providers.
Another competitive risk lies in the fact that, both in the fixed network and in mobile communications, we are increasingly faced with competitors who are not part of the telecommunications sector as such, but are increasingly moving into the traditional telecommunications markets. This mainly relates to major players in the internet and consumer electronics industries. As a result, we are exposed to the risk of a further loss of share of value added and falling margins due to increasingly losing direct customer contact to competitors.
Rising dissatisfaction in parts of society could lead to further polarization and controversial debates. More protests, demonstrations, and strikes are possible, which could lead to vandalism, theft of inventory, or disruption to technology sites.
T‑Mobile US is active in a market environment that is characterized by intensive competition. Alongside traditional telecommunications providers that deliver bundled offerings including content and mobile video services, there is additional competition, as mobile, fixed-network, and satellite industries increasingly converge. Additionally, potential market saturation in the United States may cause the wireless industry’s customer growth rate to decline in comparison with previous years. The industry is also highly competitive in spectrum positions, which are crucial to improving existing offerings and introducing new services. T‑Mobile US, through its strategic acquisition of spectrum, enabled the capabilities to offer high-speed internet. High-speed internet allows our U.S. subsidiary to offer its own access product and provide a basis on which to continue the business with bundled offerings. Furthermore, T‑Mobile US continues to develop and maintain strategic partnerships and MVNO relationships. T‑Mobile US must continue to successfully refine and implement its market strategy as Value Leader, Customer Service Leader, and 5G Network Leader to attract and maintain private and business customers. Increasing competitive pressure due to attractive bundle offers and device promotions could lead to difficulty in achieving targets in terms of business, financial, and operating results in the future.
Innovation cycles are getting shorter and shorter. This confronts the telecommunications sector with the challenge of bringing out new products and services at shorter and shorter intervals. New technologies are superseding existing technologies, products, or services in part, in some cases even completely. This could lead to lower prices and revenues in relation to the services offered, such as telephony, internet access, or television – right through to full substitution by new, global providers. These substitution risks could impact our revenue and earnings. We deal with the impact of substitution risks by, for example, offering integrated, in some cases AI-based solutions with hyper-personalization, contextualization, and consistent interoperability of our products, in order to “turn customers into fans” and thereby secure their loyalty. In terms of building out fiber-optic networks, more and more new competitors are entering into the markets, which could lead to longer payback periods for all market players. The strategic rivalry between the “West” (predominantly the United States) and the “East” (predominantly China) could further intensify, accelerating various technological areas (e.g., the further development of standards for telecommunications networks).
Our Systems Solutions operating segment also faces challenges. Continued intense competition and persistent cost pressure are adversely affecting traditional IT business. In addition, the technological shift toward cloud solutions and digitalization in the IT sector is prompting strongly capitalized competitors to enter the market. This might lead to revenue losses and declining margins at T‑Systems.
Opportunities from the market environment. The telecommunications and IT market is extremely dynamic and highly competitive. The economic and competition conditions as well as customers’ changing wants and needs affect our actions and impact on our Company indicators. We generally expect the situation to develop as described in the section “Forecast.”
Apart from the risks described, there is the possibility that our customers could move to higher-value combined rate plans, motivated by the leading customer experience in the “best network.” Likewise, further growth could be generated by tapping into new customer segments, especially in the United States (e.g., for business customers and small and medium-sized enterprises). In addition, ever-shorter innovation cycles could enable us to drive the digital transformation of our society and to provide our consumers and business customers with innovative products and solutions. The use of artificial intelligence (AI) also opens up the possibility of digitalizing more processes or implementing them faster and in higher quality. We are already on track for autonomous networks that increasingly monitor, manage, and configure themselves, leading to fewer outages and at the same time, ensuring higher quality and better energy efficiency. That is why, with the growing convergence of networks, IT, and products, our innovation and technology activities are decisive when it comes to identifying opportunities and making the most of them in an increasingly competitive environment. Hence, our Technology and Innovation Board of Management department has joined all relevant functions under a common leadership to ensure a close integration of technology, innovation, IT, and security. By doing so, we are putting the development of human-centered solutions and outstanding, seamless customer experiences front and center, and in the reporting year, we once again won multiple awards, including for the “best network” and our Frag Magenta chatbot.
For further information, please refer to the section “Group strategy.”
The substantial increase in capacity, bandwidth, and availability, and the lower latencies provided by the 5G mobile standard we have rolled out offer greater reliability, security, and guaranteed service quality, for example, for industrial use cases. 5G enables increased requirements for existing business models to be managed more cost-efficiently. In addition, it offers opportunities for further business models, by marketing improved network capabilities (e.g., network access, localization, security, identity, storage location, temporary storage) to relevant partners. We have already implemented many use cases with 5G, such as 5G campus networks, applications for extended reality (XR), and support for autonomous driving. Together with other technologies like the NarrowBand Internet of Things (NB-IoT) and AI, 5G provides the underpinnings for the further digital transformation of society. To further develop telecommunications networks, we are working with industry and researchers on new standards that aim to address a number of current challenges facing communications networks: the connection between all people, the orchestration of various access networks, sustainability, and carbon neutrality, and the further underpinning of data privacy, trust, and security. We thus launched new digital offers in the reporting year, which could open up additional revenue potential. For example, with our first network programming interfaces (Magenta API Capability Exposure), we are giving software developers and companies digital access to certain network services, so as to improve the user experience and security of individual third-party applications like autonomous driving.
Furthermore, opportunities for new project business are emerging in our systems solutions business from data sovereignty, multi-cloud transformation and optimization, and innovation areas such as AI, and industrial metaverse projects.
Risks relating to strategic implementation and integration. We are in a continuous process of strategic adjustments and cost-cutting initiatives. If we are unable to implement these projects as planned, we will be exposed to certain risks. In other words, the benefit of the measures could be less than originally estimated, take effect later than expected, or not at all. Each of these factors, individually or in combination, could have a negative impact on our business situation, financial position, and results of operations.
As a part of the business combination of T‑Mobile US and Sprint, numerous commitments were made to secure approvals. Most commitments have been accomplished. Nevertheless, should any remaining commitments not be achieved, litigation or financial consequences could be a result. In the United States, growth opportunities in the wireless business are becoming more difficult and expensive due to market saturation. Non-core and emerging businesses may be relied on to continue subscriber growth. T‑Mobile US is also engaged in complex digital transformation efforts intended to streamline operations, enhance customer experience, and improve its overall competitiveness. These initiatives involve emerging technologies, advanced analytics, and AI-driven tools, which carry significant uncertainties such as integration challenges, data security and privacy risks, regulatory compliance, and the need for specialized skills. Failure to effectively execute these initiatives – or secure robust adoption – could diminish the expected benefits and adversely affect T‑Mobile US’s competitiveness, financial performance, and reputation.
Collaboration with Chinese suppliers is being impeded by the enduring trade conflict between the United States and China. Since 2020, the United States has restricted the use of U.S. technology for and by Chinese suppliers on account of security concerns. They also put pressure on other countries to do the same. In Germany, the legislator adopted the Second Act to Increase the Security of Information Technology Systems, or the IT Security Act 2.0 (IT-Sicherheitsgesetz 2.0), in 2021. All 5G operators must notify the authorities of new critical components and the suppliers thereof in accordance with the catalog of security requirements pursuant to the Telecommunications Act and prior to first-time operation. If the Federal Government has security concerns, it can introduce a blanket ban on using certain manufacturers. Deutsche Telekom itself has long been scrutinizing security-critical components prior to installation and on an ongoing basis once in operation. In July 2024, the Federal Government and Germany’s three biggest network operators agreed to replace all Huawei and ZTE components in the 5G core networks by the end of 2026 and the critical network configuration management systems of both manufacturers in the 5G access and transport networks by the end of 2029. Deutsche Telekom does not use ZTE components and has already phased out Huawei from its 5G core network. Deutsche Telekom is developing its own software for configuring its antennas and transport network to replace the proprietary software from Huawei. This also has the benefit of further driving forward the ongoing implementation of the Open RAN strategy. In other countries, such as Austria, the Czech Republic, and Poland, it is still possible that components from critical infrastructure suppliers will have to be replaced within specific deadlines. On the basis of the agreement with the Federal Government, we are reducing the risk significance of the risk category “Strategic implementation and integration” from very high to high.
Opportunities relating to strategic implementation and integration. In our Magenta Advantage strategic area of operation, we work with partners to develop new digital business models based on our assets or capabilities. These partnerships provide opportunities for us to increase revenue and strengthen customer loyalty on a sustainable basis. Since the start of 2022, we have offered our customers exclusive products, services, and benefits as part of our loyalty program Magenta Moments in the OneApp. Cooperations with partner firms like Rituals, Lindt, Paramount, and Perplexity are a key component of our activities and will play an even more crucial role going forwards in light of the pan-European expansion of our loyalty measures in Europe.
The disaggregation of the access networks (in mobile communications: Open Radio Access Network, Open RAN; in the fixed-network: Access 4.0) and core networks (e.g., the 5G core network) as part of our network differentiation strategy offers the opportunities of expanding the supplier ecosystem and, as a result, increasing competition, flexibility, and innovation. As we simultaneously drive forward automation and cloudification, we also expect a reduction in total costs and an increase in agility and speed in the provision of new services and features.
We are driving forward the transformation of our IT using agile development, decoupling, and cloudification. These approaches enable us to tap into new possibilities for accelerating developments and increasing the efficiency of IT production, by providing modular components, known as microservices, and APIs and producing them in a scalable cloud with state-of-the-art technology. Furthermore, agile and decoupled development makes it possible to reduce big bang risks in the delivery of major software releases by means of smaller, flexible software releases.
Risks and opportunities arising from brand and reputation. An unforeseeable negative media report on our products and services or our corporate activities and responsibilities may have a huge impact on the reputation of our Company and our brand image. Social media may make it possible that such information and opinions can spread much faster and more widely. This may also include misinformation or disinformation concerning Deutsche Telekom produced by AI. Ultimately, negative reports may impact on our revenue and our brand value. In order to avoid this, we engage in a constant, intensive, and constructive dialogue with our stakeholders, in particular with our customers, the media, and the financial world. For us, the top priority is to take as balanced a view as possible of the interests of all stakeholder groups and thereby uphold our reputation as a reliable partner.
Risks and opportunities relating to sustainability and social responsibility. For us, comprehensive risk and opportunity management also means considering the opportunities and risks arising from ecological or social aspects or from the management of our Company. The Board of Management has implemented systems for risk identification and mitigation, in particular the risk and opportunity management system and the internal control system, including the compliance management system. Sustainability topics are integrated into both the risk and opportunity management system and the internal control system. Both systems incorporate sustainability matters, which are becoming increasingly important as regulatory requirements continue to evolve. In the reporting year, we once again used our materiality assessment as a starting point for identifying and evaluating financial risks and opportunities that arise in connection with our sustainability issues. Risks and opportunities in the Group are essentially assessed through the risk and opportunity management process. As a result, many topics are covered that are also highly relevant from a sustainability perspective. The complementary analysis of risks and opportunities in the context of the materiality assessment also helps us take the impact of our business activities on society and the environment, as well as financial impacts on our Company, into account. If new findings arise in this process, they are incorporated into the risk and opportunity management process. To this end, we actively and systematically involve all relevant stakeholders in the process so as to identify current and potential risks and opportunities along our entire value chain. In parallel with our ongoing monitoring of ecological, social, and governance issues, we systematically determine our stakeholders’ positions on these issues. The key tools we use here are: a document analysis, covering legal texts, studies, and media publications, among other things; our involvement in working groups and committees of (inter)national business associations and social organizations, e.g., GeSI, Connect Europe, BDI, Bitkom, Econsense, and BAGSO; dialogue formats organized by us; our various publications, such as the press review and newsletters; and workshops with experts from our Company, thereby recording the associated positioning and development of measures in the various business areas.
For further information on sustainability, please refer to the section “Combined sustainability statement.”
We have identified the following as our main sustainability management issues:
- Reputation. How we deal with sustainability issues also entails both opportunities and risks for our reputation. A high level of service quality is one of the most important factors for improving customer perception. Customer satisfaction has been embedded in our Group management as a non-financial performance indicator to underline the importance of this issue. Transparency and reporting help to promote the trust of other external stakeholders in our Group. Our annual and CR reports also serve this purpose. However, issues such as business practices, data privacy and work standards among suppliers, conduct in relation to human rights, and ethical conduct in relation to and use of AI also entail reputational risks: if our brands, products, or services are connected with such issues in negative media reports, this may cause substantial damage to our reputation. We continuously review such potential risks and take mitigation measures to minimize them. This includes determining the relevance of the risks in relation to sustainability issues and their effect on reputation across units. We also ascertain how our products and services make a positive contribution to sustainability in order to enhance our reputation. Potential reputational risks are incorporated into our compliance risk assessment.
-
Climate protection. We pursue an integrated climate strategy, which means focusing not only on the risks that climate change poses for us and our stakeholders, but also on the opportunities it presents. By 2030, ICT products and services will have the potential to save up to nine times as much in CO2 emissions in other industries as the growth in the ICT sector itself will generate, even taking into account the expected rebound effects (according to a Bitkom study on the climate effects of digitalization). The savings potential of digital technologies hence far outweighs the generated CO2 emissions. Taking an optimistic view, this could mean a 9 % reduction in global CO2 emissions by 2030. In addition, investments of around USD 3 trillion in innovative solutions are expected by 2030, which will not only expand the business, but will also support the SDGs. We are supporting this trend by evaluating our product portfolio to identify sustainability benefits. In addition, we want to continuously improve the ratio of the emissions that our products and services save to those generated in our own value chain.
Climate change risks are already visible in the form of increasingly extreme weather conditions. Such storm events could damage our infrastructure and disrupt network operation. This would have a direct effect on our stakeholders, e.g., our customers, suppliers, and employees, and could result in revenue losses or lower customer satisfaction. The risk is assessed in relation to the continuation of operations as part of risk management and is managed at an operational level in the business units. Deutsche Telekom welcomes the targets behind the Task Force on Climate-related Financial Disclosures (TCFD) and is actively working to implement them. Based on a gap analysis on the coverage of TCFD recommendations, we defined Deutsche Telekom AG’s material climate-related opportunities and risks and gave them an initial weighting in a number of workshops with relevant players from technology, procurement, strategy, and risk management. As a next step, we conducted a location analysis, with the example of Germany, of the physical climate risks in various climate scenarios (business as usual and four-degree scenario), which have been internationalized as part of a transnational project involving our companies in Germany, Hungary, Croatia, Greece, Slovakia, the Czech Republic, Poland, Austria, and the United States, which represent around 97 % of the Group’s net revenue. In addition to the physical risks, transitory risks (threats arising from sudden adaptations to climate change made by economic sectors) were also analyzed in detail by means of a workshop.
For further information on this, please refer to the section “Combined sustainability statement.”
We can take further preventive action in this area by also reducing our own CO2 emissions. For this reason, in 2021 we set ourselves the ambitious target of cutting our CO2 emissions across the Group (Scope 1 and 2) to net zero by 2025. To achieve this, we will reduce emissions from our own operations globally by up to 95 % against the 2017 level. We plan to offset the remaining emissions of our carbon footprint by way of high-quality offsetting measures to remove CO2 from the atmosphere, for example, through reforestation. Climate protection also carries financial risks, whether from the introduction of levies on CO2 emissions or increased energy costs, as well as stricter requirements for products, for example in relation to energy efficiency. The mitigation measures we are taking to counter these risks include measuring our own energy efficiency and finding ways to improve it. Our sustainability-related targets agreed in 2021 for Board of Management remuneration with regard to the respective annual energy consumption and the annual CO2 emissions for Scope 1 and 2 also contribute to achieving the climate targets and energy efficiency measures. We have a Group-wide program to specifically address our supply chain and we are working to optimize our products and their packaging. Since 2021, the Group has covered 100 % of its electricity requirements with renewable energy. This is achieved through power purchase agreements and other forms of direct purchase, such as through guarantees of origin.
For further information on this, please refer to the section “Combined sustainability statement.”
-
Due diligence obligations in the Group (German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz – LkSG)). As part of our global procurement activities in particular, we could be exposed to country- and supplier-specific risks. These include, for example, inadequate local working and safety conditions. Violations could cause severe damage to those affected and could result in reputational damage and negative financial consequences for companies. Our LkSG management system includes due diligence processes directed at identifying risks or also violations related to human rights and environmental concerns and, building on this, taking appropriate preventive and/or corrective measures. It encompasses our own business areas, i.e., all Group companies over which Deutsche Telekom exercises a decisive influence (which in particular does not apply to T‑Mobile US), and our direct and indirect suppliers. The LkSG management system is linked with various established risk processes in the Group, e.g., with the compliance risk assessment of our compliance management system. The annual risk analysis for Group companies belonging to our own business areas and their direct suppliers is a central component of the LkSG management system. In addition, ad hoc risk assessments are carried out for the entire value chain, for example, before acquisitions. In order to monitor the effective functioning of the LkSG management system, Deutsche Telekom has defined the roles of human rights officer and LkSG officer, which will be exercised by the Vice President for Group Corporate Responsibility. This person reports directly to the Chair of the Board of Management of Deutsche Telekom AG and has further supporting functions. Where required to under national regulations (e.g., under the German Act on Corporate Due Diligence in Supply Chains (LkSG)), Group companies have appointed monitoring roles in the same form for their business areas.
For further information about the results of the annual risk analysis, please refer to the section “Combined sustainability statement” and our annual LkSG report.
Health. Mobile communications, or the electromagnetic fields used in mobile communications, regularly give rise to concerns among the general population about potential health risks. This issue continues to be the subject of public, political, and scientific debate. Acceptance problems among the general public mostly concern mobile communications networks and occasionally the use of mobile terminals such as smartphones, tablets, and laptops. The discussion has intensified repercussions for the build-out of the mobile infrastructure. There is a risk of regulatory interventions, such as raised thresholds for electromagnetic fields or the implementation of precautionary measures in mobile communications, e.g., amendments to building law.
Over the past few years, recognized expert organizations such as the World Health Organization (WHO) and the International Commission on Non-Ionizing Radiation Protection (ICNIRP) have repeatedly reviewed the current thresholds for mobile communications and confirmed that – if these values are complied with – the use of mobile technology is safe based on current scientific knowledge. (Inter)national expert organizations will continue to regularly review the recommended thresholds.
We are convinced that mobile communications technology is safe if specific threshold values are complied with. We are supported in this conviction by the assessment of the recognized bodies. Our responsible approach to this issue finds expression in our Group-wide EMF Policy, with which we commit ourselves to more transparency, information, participation, and to a focus on scientific facts, far beyond that which is stipulated by legal requirements. We aim to overcome concerns among the general public by providing objective, scientifically well-founded, and transparent information. We thus continue to see it as our duty to continue our trust-based dialogue with local authorities and to ensure its successful progress. This particularly applies since our collaboration with municipalities to expand the mobile network was incorporated in law.
Risks arising from technology. We have an increasingly complex information/network technology (IT/NT) infrastructure, which we constantly expand and upgrade to ensure the best customer experience and consolidate our technology leadership. Outages in the current and also future technical infrastructure cannot be completely ruled out and could in individual cases result in revenue losses or increased costs. After all, our IT/NT resources and structures are the key organizational and technical platform for our operations. The ongoing convergence of IT and NT harbors risks. In order to counter these holistically, our technology, innovation, IT, and security activities are combined under the Board of Management department for Technology and Innovation.
Risks could arise in this area relating to all IT/NT systems and products that require internet access. For instance, faults between newly developed and existing IT/NT systems could cause interruptions to business processes, products, and services, such as smartphones and MagentaTV, or to connectivity for business customers. In order to avoid the risk of outages, e.g., due to natural disasters or fires, we use technical early warning systems and redundant IT/NT systems. The Computer Emergency Response Team (CERT) at Deutsche Telekom Security is in charge of protecting our business customers’ IT infrastructure and applications. In cloud computing, all data and applications are stored at a data center. Our European data centers have security certification and meet strict data protection provisions and the EU regulations. All data relating to companies and private persons is protected from external access. Constant maintenance and automatic updates keep the security precautions up to date at all times. On the basis of a standardized Group-wide business continuity management (BCM) process, we also take organizational and technical measures to prevent damage from occurring or, if we cannot, to mitigate the subsequent effects. We also have insurance cover for insurable risks.
T‑Mobile US relies upon its systems and networks and the systems and networks of other providers and suppliers, to provide and support services. T‑Mobile US’ business, like that of most retailers and wireless companies, involves the receipt, storage, and transmission of customers’ confidential information, including sensitive personal information, payment card information, and confidential information about their employees and suppliers, as well as other sensitive information about T‑Mobile US, such as business plans, transactions, and intellectual property. Cyberattacks, such as denial of service and other malicious attacks, or other systems and IT failures, such as hardware or software failures, could disrupt T‑Mobile US’ internal systems, networks, and applications, impair its ability to provide services to customers, and have other adverse effects on its business.
In order to grow and remain competitive with new and evolving network technologies in the industry, T‑Mobile US will need to adapt to future changes in network technology, such as 6G or AI RAN. While T‑Mobile US currently leads in 5G, if it fails to anticipate market trends, efficiently integrate innovative solutions, or maintain network quality and reliability, its competitiveness could erode, adversely affecting business and operating results.
Opportunities arising from technology. The utilization of large data volumes (big data) from our networks and their analysis using artificial intelligence (AI) or machine learning (ML) can – thanks to increased transparency – improve and speed up decision-making processes, and in some cases even automate them (e.g., to identify and remediate error situations in the network, through to autonomous networks). It does so by shifting the basis for decisions from hypotheses to facts and, for example, enabling correlations to be recognized. In this way, ML can be used, for example, to manage the energy consumption of our technology in a forward-looking way based on the analysis of network data. We are conducting research projects to test the extent to which quantum technology can be used to improve the protection of our networks against unauthorized access and manipulation.
Our Systems Solutions operating segment covers innovative business areas in the digital transformation of business processes, such as cloud computing, AI, automation, and cybersecurity. These business areas could develop faster than expected. As a pioneer of the digital transformation, we have an opportunity to actively shape market trends through a variety of projects in the fields of healthcare, public administration, the automotive sector, and mobility solutions. Under these data-based digital business models, our partner-oriented approach is a highly promising way of contributing our core competencies – in advisory services, added value services for hybrid IT landscapes, and cybersecurity – to various projects. In addition, we have references regarding strategic engagements in our focal sectors automotive, healthcare, and public. We also see potential for development in the sovereign clouds, professional services, and managed services environment for public cloud services.
As a technology and development partner for toll collection business in Europe, we already have a strong competitive position. By operating a European Electronic Toll System (EETS) as the majority shareholder and IT provider for Toll4Europe, we have earned valuable references that will help to give us an edge over our competitors.
Procurement and supply risks. Deutsche Telekom cooperates with a large number of suppliers of technical (information and communication technology) and non-technical products and services. Products and services that might involve a higher risk include software and hardware, network technology components, and all products and services provided directly to end customers.
Deutsche Telekom’s supply chains could be disrupted by a number of factors, such as geopolitical tensions, (e.g., the United States’ technology sanctions against China), cyberattacks, or supply chain restructuring. Furthermore, additional risks may also result from the dependence on individual suppliers or from individual vendors defaulting. This applies in particular for Chinese suppliers of telecommunications technology. We employ organizational, contractual, and procurement strategy measures to counteract these challenges. At T‑Mobile US, in certain areas such as terminal equipment, there are few suppliers who can provide adequate support, which may lead to unfavorable contract terms and decreased flexibility to switch to alternative third parties. Unexpected termination or difficulties in renewing the commercial arrangements with the suppliers, or any business disruptions at the suppliers could have a material adverse effect on T‑Mobile US.
Data privacy. All Group companies are subject to specific data privacy regulations (in the EU especially the General Data Protection Regulation (GDPR)). These requirements must be implemented and their compliance must be monitored. Data privacy incidents could be sanctioned with very high administrative fines (up to between 2 and 4 % of the total worldwide annual revenue of an undertaking). The European supervisory authorities’ concept for administrative fines would apply. It stipulates high fines even for violations with a low criticality. The supervisory authorities’ practice with respect to fines demonstrates that more and higher fines are being imposed. Despite mitigation measures and well-established data privacy management structures, it is not possible to fundamentally rule out data privacy incidents as almost all procedures/processes in the Group are relevant in terms of data protection. Errors might occur that are linked to reputation, cost, and sanction risks.
Since the introduction of the GDPR, data privacy law has been largely harmonized in Europe. Deutsche Telekom benefits from this as a Group, since the majority of special national data privacy regulations no longer apply and no longer have to be implemented in the individual entities in the European Union (EU). This has somewhat reduced the need for coordination. An appropriate level of security is also ensured when transmitting personal data to countries outside of the EU. Deutsche Telekom’s Binding Corporate Rules on Privacy (BCRP), in the current Version 3.0, form the Group-wide internal data privacy regulations. All participating companies have committed themselves to this Group Policy, thus ensuring an appropriate level of data privacy for the transmission of data to third countries. Under the Schrems II ruling by the European Court of Justice (ECJ) from 2020, companies are subject to stricter requirements for the transmission of data to third countries without the adequacy decision of the EU Commission, compliance with which entails a substantial workload for companies. Deutsche Telekom therefore welcomes the EU-U.S. Data Privacy Framework agreed between the EU and the United States, which is intended to provide greater legal certainty for collaborations with U.S. companies. A number of actions are pending against this agreement and more have been announced. By way of mitigation, Deutsche Telekom additionally safeguards the transmission of personal data to companies in the United States, regardless of final legal clarification, by means of standard contractual clauses of the European Commission.
In the United States, the telecommunications industry is also examined closely by the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) with regards to the state data privacy laws. Non-compliance with the stricter data privacy laws could result in high fines. The growing demand for data means the challenges with respect to the collection, usage, transfer, and management of customers’ personal data are also growing.
Deutsche Telekom carefully examines technical developments and digital transformation projects on an ongoing basis to verify if they are in line with the Group strategy. For example, the use of IT systems with AI within the Group always complies with the applicable data privacy laws and provisions. The Privacy and Security Assessment (PSA) must be carried out as soon as a new AI solution is to be introduced in the Group. This process, which is now fully digital, meets the requirements of the GDPR with regard to carrying out a Privacy Impact Assessment for evaluating and documenting the risks posed by data processing. In the PSA process all data privacy and security requirements relevant to the system or project are automatically assigned and then worked through by the functionally responsible units. This also includes a separate AI data privacy requirement which helps to develop systems based on or using AI in a way that is data privacy-compliant. This takes account not only of general data privacy principles (legality, transparency, limitation of use, etc.), but also specific application scenarios, such as generative AI and profiling.
The ePrivacy Regulation and the corresponding national implementation acts are yet another sector-specific regulatory challenge for the telecommunications sector in the EU. As telecommunications providers’ data processing options are substantially restricted compared with what is possible under the GDPR, innovative big data and AI applications in the field of telecommunications cannot realize the same kind of potential as those of companies that are only subject to the GDPR.
One example of a major initiative with relevance for data privacy is the long-term partnership between T‑Systems and Google Cloud, which began in 2021. The jointly operated T‑Systems Sovereign Cloud powered by Google Cloud combines the open-source expertise of Google Cloud with the sovereign services of T‑Systems and enables customers to manage their workloads in full compliance with German and EU regulatory requirements. The joint service covers all three aspects of digital sovereignty in various solutions: data sovereignty, operational sovereignty, and software sovereignty, so that companies from regulated industries can process their sensitive data in the cloud in line with sovereignty requirements.
T‑Systems had already signed the EU Cloud Code of Conduct (EU Cloud CoC) in 2021. After all, the EU Cloud is synonymous with the digital sovereignty of Europe in cloud services. This refers to the complete control of stored and processed data and independent decision-making on who can access the data. This requires clear rules and requirements, which the EU Cloud CoC offers. The European data protection authorities approved this Code of Conduct. By becoming a signatory, the Company and hence also T‑Systems undertakes to continue to increase the data protection level for cloud services in the interests of customers and European data protection. In this way they provide proof that data is processed in accordance with the requirements of the GDPR. Compliance with the rules is reviewed by an independent body. We will continue to support the development of the standard in the future and ensure further harmonization with ISO and internal standards.
Data security. IT security continues to pose major challenges. In addition to preventive measures such as integrated security in business processes and measures to raise security awareness among employees, we counter these challenges with increased focus on the analysis of threats and cyber risks. This is where our early warning system comes in: It detects new sources and types of cyberattack, analyzes the behavior of the attackers while maintaining strict data privacy, and identifies new trends in the field of security. Along with the honeypot systems, which simulate vulnerabilities in IT systems, our early warning system includes alerts and analytical tools for spam mails, viruses, and Trojans. We exchange the information we obtain from all these systems with public and private bodies to detect new attack patterns and develop new protection systems. We are also currently seeing new developments in the increased and fast-growing use of generative AI, both on the part of criminal attackers and in terms of options for protection. Here, too, we are working to exploit the opportunities offered by the development and use of AI and to counter the potential new risks arising from this technology.
Cybercrime and industrial espionage continue to be on the rise, and they are becoming ever more complex due to rapidly advancing technologies and attack methods. There is also the risk that geopolitical conflicts such as the war in Ukraine will have a negative impact on the cybersecurity situation in Germany and the countries of our European subsidiaries. As a result, we face constant challenges and adjustments to protect our customer and business partner data, as well as our networks, technologies, products, and services against these attacks. Such incidents can lead, among other implications, to business disruptions, embezzlement, or unauthorized access to confidential or personal information, and to loss of reputation. We are addressing this development with comprehensive mitigation measures, such as security concepts, automated testing and approval processes, as well as regular training and awareness-raising measures. In order to also create greater transparency and thus be in a stronger position to tackle these threats, we are relying more and more on partnerships, e.g., with public and private organizations. By means of the Security by Design principle we have made security an integral part of our development process for new products and information systems and follow the Zero Trust principle in our network security. Furthermore, we carry out intensive and obligatory digital security tests.
We are continually striving to accelerate our growth through IT security solutions. To this end, we have combined our security units within Deutsche Telekom Security. Whether intelligent data analysis, secure networks, or effective cyber security – we want to leverage this end-to-end security portfolio to secure market shares and, as part of our digitalization strategy, score points with security concepts on the back of megatrends like security, connected business, sustainability, and future of work. We are also continuing to gradually expand our partner ecosystem in the area of cybersecurity.
We provide regular updates on the latest developments in data protection and data security on our website.
Employees. Our employees play a crucial role in the transformation of Deutsche Telekom. Their skills are a key factor in our business success. Both this success and our service provision are dependent on the ability to acquire, retain, and develop specialist staff and talents. The growing competition for these resources, especially from the fields of technology and IT (war for talents), and the growing desire for flexibility, e.g., through mobile work, are increasing the risk of losing important employees while demand continues to grow. Rising salaries intensify the situation and push up costs. Nearshore and offshore locations are also of huge strategic significance for Deutsche Telekom, since they hold not only operational but also strategically important profiles. The availability of experts with the appropriate qualifications at these locations is essential to delivering services on time, with the right skills profiles, and on budget. The demands of the talents with regard to potential employers have also increased. Apart from remuneration, they care about flexible working, ESG, diversity, and innovations. We systematically work to address these challenges head on, for example, by strengthening Deutsche Telekom and T‑Mobile US as an attractive employer brand and by proactively seeking out new specialist staff and talents worldwide.
In 2024, we once again used socially responsible measures to restructure the workforce in our Group. Early retirement models such as phased and dedicated retirement, and severance payments have been largely taken up, but also the training and placement of civil servants and employees in the public sector by the next.JOB unit has proved very popular. The transformation with the associated staff restructuring is extremely important for achieving the Group’s goals. Nevertheless, it is essential the restructuring is managed in a targeted way. That is why, for each request by an employee to take up a staff reduction instrument, it must be ensured on principle that the arrangement is voluntary on both sides (agreed by employee and manager), so as to avoid, for example, the loss of high performers.
The Company still employs numerous civil servants, who originally belonged to Group units of Deutsche Telekom that have since been sold. Where requested, these civil servants have been granted temporary leave from their civil servant status. However, there is a risk that they may return to us from a sold entity, for instance after the end of their temporary leave from civil servant status, without the Company being able to offer them jobs. Currently, 910 civil servants are entitled to return from outside the Group in this way (as of December 31, 2024), thus posing a risk.
In the following section, we describe the main regulatory risks and opportunities that, as things currently stand, could affect our results of operations and financial position, and our reputation.
Regulatory risks arise from telecommunications-specific statutory regulations at the national, European, and U.S. level, and from the consequent powers of national authorities to regulate or intervene in the market and limit our freedom as regards product design and pricing. Deregulation can give rise to regulatory opportunities. Regulatory intervention, which we can only anticipate to a limited extent, may exacerbate existing price and competitive pressure. There are concerns that regulation in the United States, Germany, and other European countries may also impact revenue and earnings trends in the medium to long term.
Changes in regulatory policy and legislation
European legislation constantly influences our pricing and product design. The main legal frameworks are the European Electronic Communications Code (EECC), the new EU Gigabit Infrastructure Act (GIA), as well as the EU Roaming Regulation. In 2024, preparations started for further legislative initiatives at a European level, in particular the planned Digital Networks Act and a potential revision of the EU Roaming Regulation. These changes in legislation fall under the mandate of the new European Commission, which took office on December 1, 2024.
In an agreement in February 2024, the European Council and the EU Parliament resolved to extend the regulation of charges for phone calls between EU member states until the end of 2028. Before this date, another review is to be held of whether a change in regulation is required. As a result, no intensification of the situation has yet occurred.
Political decisions can bring opportunities and risks with them. In Germany and our European core markets, regulatory developments and measures to support the infrastructure build-out could have a substantial impact on the framework conditions and investment incentives. It is to be expected in this regard that the primary coverage targets will continue to apply until 2030.
In view of the highly topical debates regarding the security of critical infrastructure, the legislator has already announced adjustments in this regard, which will be implemented by regulatory and other authorities. This will lead to new requirements, for which the costs of implementation for Deutsche Telekom are not yet possible to estimate.
For more information on risks relating to strategic implementation and integration, please refer to the section “Strategic risks and opportunities.”
In the United States, too, new or amended wireless-related provisions and laws can increase the complexity of processes and lead to higher costs for T‑Mobile US.
Awarding of spectrum
Risks could arise from the fact that inappropriate auction rules or the conditions for extending awards, frequency usage requirements, excessive reserve prices, and disproportionately high annual spectrum fees could jeopardize our planned acquisition of spectrum or give rise to adverse effects from the conditions for the allocation of spectrum. Inappropriate conditions for the awarding of spectrum can include, for example, extensive build-out requirements and, in some cases, requirements to grant network access (national roaming, service provider access). The specific details are down to the national regulatory authorities. By contrast, we see an opportunity in particular in the fact that such spectrum award procedures enable mobile network operators to obtain the optimum amount of spectrum for their future business. We would thus be equipped for further growth and innovation. Changes to award procedures generally entail opportunities and risks. The upcoming award procedures relate to awards in all mobile frequency ranges between 700 MHz and 2.6 GHz. Major award procedures are currently being prepared, primarily in Austria, Poland, and Slovakia.
In Germany, consultations were held regarding the usage rights expiring at the end of 2025 for the 800 MHz, 1,800 MHz, and 2,600 MHz bands to determine which award procedure to select (auction or extension) and the possible conditions of allocation. The draft does not provide for any tightening of the network access rules in favor of service providers, but it does include additional coverage obligations. In addition, as a condition for the extension, an agreement is to be reached with 1&1 concerning the co-use of frequencies by a network operator. An extension period of five years is under discussion. On January 9, 2025, a public consultation was held on the Bundesnetzagentur’s updated draft, followed by a consultation period ending on January 23, 2025. A final decision on this has not yet been made. Furthermore, in its ruling dated August 26, 2024, the Cologne Administrative Court declared the awarding conditions of the 2019 auction (2.1 and 3.6 GHz) to be unlawful. The ruling is not yet legally binding. On January 9, 2025, the Bundesnetzagentur filed a complaint against the non-allowance of appeal. If this ruling becomes final and legally binding, the Bundesnetzagentur must make a new decision on the award and auction rules, which could result in a change in the existing usage rights.
In the United States, the spectrum in the 2.5 GHz band acquired in Auction 108 in September 2022 for around USD 0.3 billion (EUR 0.3 billion) was allocated in the first quarter of 2024. The majority of this spectrum was connected immediately. Hence this risk no longer applies.
For further information on spectrum auctions that were completed in 2024 or are still ongoing, please refer to the section “Major regulatory decisions.”
Areas in which national regulators may intervene
European and national laws and regulations grant national regulators extensive powers of intervention.
Our Group companies in Germany and Europe continue to be subject to extensive regulation of wholesale products, obligating us to make our network and services available to our competitors wherever we are deemed to have significant market power as an operator. The national regulators regularly check and determine the corresponding terms, conditions, and prices of these wholesale offerings. The key wholesale products subject to regulation are unbundled local loop lines, bitstream products, leased lines, and the associated services.
In July 2022, the Bundesnetzagentur published its decision on the future regulation of access to Deutsche Telekom’s copper and fiber-optic network. With this decision, rules for FTTB/H networks are laid down, the previous regulation for Layer2 (VDSL) is discontinued, and access to ducts and poles is also imposed. The precise access conditions will be set down in the subsequent procedures, by means of which the authority will influence Deutsche Telekom’s pricing and product design.
For further information, please refer to the section “Major regulatory decisions.”
Regulatory requirements for mobile communications could arise from conditions imposed in connection with the allocation of frequencies. In Germany, a negotiation obligation for wholesale access has been in place since 2018, for which the Bundesnetzagentur can be called upon in cases of dispute. This can give rise to restrictions on our freedom of contract when concluding wholesale agreements with regards to wholesale customers, as well as in terms of scope of services and prices.
Within the scope of the subsidized network build-out, companies have an obligation to ensure access to the subsidized network. In addition, all operators of public supply networks have an obligation, among others, to ensure shared use of passive network infrastructure. The Bundesnetzagentur can be called on to settle disputes. To this end, it can impose, for example, product and price requirements on operators. Since 2021, termination rates have been determined directly by the European Commission by way of a delegated act. In addition, European and national consumer protection regulations apply.
In addition to the requirements of telecommunications and competition law, our media products are also subject to special European and national regulations under media law, as well as non-sector specific regulations such as copyright, data, and consumer protection. These include, in the broader sense, regulations concerning the responsibility/liability for published content, requirements in relation to ensuring the protection of minors in the media, accessibility, and requirements in relation to the content design of user interfaces, including by users themselves. Assuming the ongoing relevance of the Federal Republic and KfW as major shareholders on the one hand, and barring any changes in the legal situation, or the prevailing opinions of media regulators on the other, it is unlikely that Telekom Deutschland will be granted a license to broadcast radio and TV programs. Compliance with the relevant stipulations can be relevant for the design of the TV products, or require adjustments in relationships with licensors, suppliers, and customers. Breaches of obligations can result in the responsible regulatory authorities issuing complaints, orders or injunctions, or even imposing fines.
Major ongoing legal proceedings
Deutsche Telekom is party to proceedings both in and out of court with government agencies, competitors, and other parties. The proceedings listed below are of particular importance from our perspective. If, in extremely rare cases, required disclosures on individual legal proceedings are not made, we concluded that these disclosures may seriously undermine the outcome of the relevant proceedings.
Claims relating to charges for the shared use of cable ducts. In 2012, Kabel Deutschland Vertrieb und Service GmbH (today Vodafone Deutschland GmbH (VDG)) filed a claim against Telekom Deutschland GmbH to reduce the annual charge for the rights to use cable duct capacities. In similar proceedings, the then Unitymedia Hessen GmbH & Co. KG, Unitymedia NRW GmbH, and Kabel BW GmbH (today all Vodafone West) filed claims against Telekom Deutschland GmbH in January 2013, demanding that it cease charging the plaintiffs more than a specific and precisely stated amount for the shared use of cable ducts, including in the future. The claims were rejected by the Frankfurt/Main Higher Regional Court (VDG) and by the Düsseldorf Higher Regional Court (Vodafone West) and an appeal was not allowed in both cases. In response to the complaints of the plaintiffs against non-allowance of appeal, the Federal Court of Justice allowed the appeal by VDG to the extent that it relates to claims dating from January 1, 2012 onward; the appeal by Vodafone West was allowed to the extent that it relates to claims dating from January 1, 2016 onward. The claims were rejected with legally binding effect for the time periods prior to this. In a ruling on December 14, 2021, the Federal Court of Justice referred the proceedings concerning the remaining claims back to the responsible Higher Regional Courts for a new hearing and decision. VDG has since updated its claim, which it now puts at around EUR 903 million plus interest for the period from January 2012 to December 2023. The plaintiff Vodafone West has also updated its claim, which it now puts at around EUR 538 million plus interest for the period from January 2016 to April 2024. It is currently not possible to estimate the financial impact of both these proceedings with sufficient certainty.
Sprint Merger class action. On June 1, 2021, a shareholder class action and derivative action was filed in the Delaware Court of Chancery against Deutsche Telekom AG, SoftBank, T‑Mobile US, and all of our officers and directors at that time, asserting a breach of fiduciary duties relating to the purchase price amendment to the Merger Agreement, as well as SoftBank’s subsequent monetization of its T‑Mobile US shares. On October 29, 2021, the complaint was amended. The amended complaint is directed at the same defendants and the same underlying transactions as in the original action; however, it includes additional submission on alleged facts. It is currently not possible to estimate the resulting claim and financial risk of these proceedings with sufficient certainty.
Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in August 2021. In August 2021, T‑Mobile US confirmed that their systems had been subject to a criminal cyberattack that compromised data of millions of their customers, former customers, and prospective customers. With the assistance of outside cybersecurity experts, T‑Mobile US located and closed the unauthorized access to their systems and identified customers whose information was impacted and notified them, consistent with state and federal requirements. As a result of the cyberattack, numerous consumer class actions including mass arbitrations were filed against T‑Mobile US. The class actions brought before the federal courts were consolidated into one action in December 2021. The plaintiffs claimed damages in an unspecified amount. On July 22, 2022, T‑Mobile US entered into an agreement to settle the consumer class action in the Federal Court for USD 350 million. In addition, T‑Mobile US committed to spending a total of USD 150 million in 2022 and 2023 on data security and related technologies. The settlement was approved by the court in June 2023. T-Mobile US paid the outstanding USD 315 million of the original settlement amount of USD 350 million in November 2024, which resolves materially all claims made to date by current, former, and potential customers, who were affected by the cyberattack in 2021. The consumer class actions will therefore no longer be reported.
Furthermore, in November 2021, a derivative action was brought against the members of the Board of Directors of T‑Mobile US and against T‑Mobile US as nominal defendant. This action has since been withdrawn. In September 2022, a further purported shareholder filed a new derivative action against the members of the Board of Directors of T‑Mobile US and against T‑Mobile US as nominal defendant alleging claims for breach of fiduciary duties relating to the company’s cybersecurity practices. The derivative action was dismissed in its entirety in May 2024. The plaintiff has appealed against this decision. It is currently not possible to estimate the resultant financial risk with sufficient certainty.
In addition, inquiries have been made by various government agencies, law enforcement and other state authorities, with which T‑Mobile US is cooperating in full. An agreement was reached with the Federal Communications Commission (FCC). It is currently not possible to estimate the resultant financial risk of these proceedings with sufficient certainty.
Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in January 2023. On January 5, 2023, T‑Mobile US identified that a bad actor was obtaining data through an application programming interface (API). Investigations by the company have found that the affected API was only able to provide a limited set of customer account data, including name, billing address, email address, telephone number, date of birth, T‑Mobile account number, and information such as the number of lines on the account and plan features. The results of the investigation indicate that, in total, around 37 million current postpaid and prepaid customer accounts were affected, although many of these accounts did not include the full data set. T‑Mobile US assumes that the attacker retrieved data via the affected API for the first time from or around November 25, 2022. In accordance with federal and state requirements, the company has notified those individuals whose data was affected. In connection with this cyberattack, consumer class actions were filed against T‑Mobile US and official inquiries were submitted to the company, to which it will respond and, as a result of which, it may incur substantial expenses. It is currently not possible to estimate the resultant financial risk with sufficient certainty.
Patents and licenses. Like many other large telecommunications and internet providers, Deutsche Telekom is regularly exposed to intellectual property rights disputes. There is a risk that we may have to pay license fees and/or compensation; we are also exposed to a risk of cease-and-desist orders, for example relating to the sale of a product or the use of a technology.
Further, Deutsche Telekom intends to defend itself vigorously in each of these proceedings.
Major ongoing anti-trust proceedings
Like all companies, our Group is subject to anti-trust law. In recent years, we have notably stepped up our compliance efforts in this area too. Nevertheless, Deutsche Telekom and its subsidiaries are from time to time subject to proceedings under anti-trust law or follow-on damage actions under civil law. In the following, we describe material anti-trust proceedings and resulting claims for damages. If, in extremely rare cases, required disclosures on individual anti-trust proceedings are not made, we concluded that these disclosures may seriously undermine the outcome of the relevant proceedings.
Claims for damages against Slovak Telekom following a European Commission decision to impose fines. The European Commission decided on October 15, 2014 that Slovak Telekom had abused its market power on the Slovak broadband market and as a result imposed fines on Slovak Telekom and Deutsche Telekom AG, which were paid in full in January 2015. After the General Court of the European Union partially overturned the European Commission’s decision in 2018 and reduced the fines by a total of EUR 13 million, the legal recourse following the ruling of the European Court of Justice on March 25, 2021 is exhausted. Following the decision of the European Commission, competitors filed damage actions against Slovak Telekom with the civil court in Bratislava. These claims seek compensation for alleged damages due to Slovak Telekom’s abuse of a dominant market position, as determined by the European Commission. Three claims totaling EUR 219 million plus interest are currently pending. It is currently not possible to estimate the financial impact with sufficient certainty.
Claims for damages against Deutsche Telekom AG, including due to insolvency of Phones4U. Phones4U was an independent British mobile retailer, which declared insolvency in 2014. The insolvency administrator is pursuing claims before the High Court of Justice in London against the mobile providers active on the UK market at that time and their parent companies on the grounds of alleged collusion in violation of anti-trust law and breach of contract. Deutsche Telekom AG, which at that time held 50 % of the mobile company EE Limited, has rejected the claims as unsubstantiated. The High Court of Justice in London heard testimony from several witnesses and experts in the period between mid-May and the end of July 2022 with a view to establishing the legal basis for a claim. On November 10, 2023, the High Court of Justice in London rejected all claims made by Phones4U against all defendants. In December 2023, Phones4U filed an application for leave to lodge an appeal with the High Court of Justice in London. The hearing took place on December 19, 2023. The High Court of Justice in London rejected the application by Phones4U for leave to lodge an appeal. Phones4U is pursuing the application further with the Court of Appeal. The Court of Appeal partially allowed the appeal by Phones4U. It is currently not possible to estimate the financial impact with sufficient certainty.
Antitrust class action complaint following the merger with Sprint. T‑Mobile US is defending against an antitrust class action complaint from June 17, 2022, in which the plaintiffs allege that the merger of T‑Mobile US and Sprint violated the antitrust laws and harmed competition in the U.S. retail cell service market. Plaintiffs seek injunctive relief and trebled monetary damages on behalf of a purported class of AT&T and Verizon customers who plaintiffs allege paid artificially inflated prices due to the merger. It is currently not possible to estimate the financial impact with sufficient certainty.
Compliance risks are risks arising from systematic infringements of legal or ethical standards that could result in regulatory or criminal liability on the part of the company, its executive body members, or employees, or result in a significant loss of reputation. In order to minimize these risks, we have set up a compliance management system.
For further information on the compliance management system, please refer to the section “Combined sustainability statement.”
Liquidity, credit, currency, interest rate risks
With regard to its assets, liabilities, and planned transactions, our Group is particularly exposed to liquidity risks, credit risks, and the risk of changes in exchange rates and interest rates. We want to contain these risks. Risks with an impact on cash flows are monitored in a standard process and hedged accordingly using derivative and non-derivative hedges. Derivative financial instruments are used solely for hedging and never for speculative purposes. The following risk areas – liquidity, credit, currency, and interest rate risks – are evaluated taking into account all hedges.
For further information on the risk assessment, please refer to the “Corporate risks” table above.
Liquidity risk. To ensure the Group’s and Deutsche Telekom AG’s solvency and financial flexibility at all times, we maintain a liquidity reserve in the form of credit lines and cash as part of our liquidity management. T‑Mobile US has pursued its own separate financing and liquidity strategy.
Deutsche Telekom excluding T‑Mobile US: Primarily bilateral credit agreements with 20 banks with an aggregate total volume of EUR 12.0 billion were available as of December 31, 2024, which were not utilized. Our liquidity reserve covered maturing bonds and long-term loans at all times for at least the next 24 months (see graphic below). Furthermore, cash on hand of EUR 3.0 billion were available to Deutsche Telekom.
Development of the liquidity reserve (Deutsche Telekom excluding T‑Mobile US), maturities in 2023/2024
billions of €
Bilateral credit lines with an aggregate total volume of USD 7.5 billion (EUR 7.2 billion) plus a cash balance of USD 5.4 billion (EUR 5.2 billion) were available to T‑Mobile US as of December 31, 2024.
Credit risks. In our operating business and certain banking activities, we are exposed to a credit risk, i.e., the risk that a counterparty will not fulfill its contractual obligations. To keep this credit risk to a minimum, we conclude transactions with regard to financing activities only with counterparties that have at least a credit rating of BBB+/Baa1; we also actively manage limits. In addition, we have concluded collateral agreements for our derivative transactions. At the level of operations, the outstanding debts are continuously monitored in each area, i.e., locally.
Currency risks. Currency risks result from dividend payments received, investments, financing measures, and operations. Risks from foreign currency fluctuations are hedged on a pro rata basis depending on their probability of occurrence, if they affect the Group’s cash flows (transaction risks). However, foreign-currency risks that do not influence the Group’s cash flows, for example, risks resulting from the translation of assets and liabilities of foreign operations into euros (translation risks) are generally not hedged. Deutsche Telekom may nevertheless also hedge these foreign-currency risks under certain circumstances.
Interest rate risks. Our interest rate risks mainly result from Group financing: On the one hand, we have an interest rate risk relating to the issue of new liabilities, and on the other, we have an interest rate risk arising from variable-interest liabilities. The EUR interest rate position is actively managed as part of our interest rate management activities. Each year, a maximum is set for the percentage of variable-interest liabilities, taking into account the planned finance costs. Given the inverted interest rate curve, the variable-interest EUR debt portfolio was kept at a low level. The USD debt position of T‑Mobile US primarily comprises partially cancelable, fixed-income bonds.
For further information, please refer to Note 43 “Financial instruments and risk management” in the notes to the consolidated financial statements.
Tax risks
We are subject to the applicable tax laws in many different countries. Risks can arise from changes in local taxation laws or case law and different interpretations of existing provisions. These risks can impact both our tax expense and benefit as well as tax receivables and liabilities.
Other financial risks and opportunities
This section contains information on other financial risks that we consider to be immaterial at present or cannot evaluate based on current knowledge.
Rating risk. Deutsche Telekom’s credit rating affects our access to the capital markets, to the international finance markets, and our refinancing costs. A lower rating could impede access to the capital market and, over time, would lead to an increase in the cost of debt financing. We intend to maintain our rating in a corridor from A- to BBB and thereby safeguard undisputed access to the capital market. As of December 31, 2024, Deutsche Telekom AG’s credit rating with Moody’s was Baa1 with a positive outlook, while Standard & Poor’s and Fitch rated us BBB+ with a stable outlook. From today’s perspective, access to the international debt capital markets for both Deutsche Telekom AG and T‑Mobile US is not jeopardized.
Control environment. Compliance with business and regulatory requirements, in particular for the internal control system, requires high efforts. Not meeting these demands could lead to difficulties or weaknesses in Deutsche Telekom’s overall control environment and with regard to financial reporting.
Sales of shares by the Federal Republic or KfW Bankengruppe. As of December 31, 2024, the Federal Republic and KfW Bankengruppe jointly held 27.80 % in Deutsche Telekom AG. It is possible that the Federal Republic will continue its policy of privatization and sell further equity interests in a manner designed not to disrupt the capital markets and with the involvement of KfW Bankengruppe. There is a risk that the sale of a significant volume of shares by the Federal Republic or KfW Bankengruppe, or any speculation to this effect, could have a negative impact on the price of the T-Share.
Subsidiaries and equity investments. Subsidiaries and equity investments of Deutsche Telekom could face difficult market conditions, e.g., increased competition, in particular price pressure, and economic fluctuations. Additional fundings may be needed to safeguard these business activities.
Impairment of Deutsche Telekom AG’s assets. The value of the assets of Deutsche Telekom AG and its subsidiaries is reviewed periodically. In addition to the regular annual measurements that are also performed for the carrying amounts of investments in the annual financial statements of Deutsche Telekom AG prepared in accordance with German GAAP, specific impairment tests may be carried out, for example, where changes in the economic, regulatory, business, or political environment suggest that the value of goodwill, intangible assets, property, plant and equipment, investments accounted for using the equity method, or other financial assets might have changed. These tests may lead to the recognition or reversal of impairment losses that do not, however, result in cash outflows or inflows. This could impact to a considerable extent on our results, which in turn may negatively or positively affect the T‑Share price.
For further information, please refer to the section “Summary of accounting policies – Judgments and estimates” in the notes to the consolidated financial statements.
Covers the entire virtuality spectrum: augmented reality, virtual reality, mixed reality, and simulated reality, as well as potential future developments.
- AR – Augmented Reality. The computer-generated enhancement of the real world with perceptual information. The information can address all the human senses. However, augmented reality often only encompasses the visual representation of information, i.e., the augmenting of images or videos with additional computer-generated information or virtual objects using overlaying/superimposition.
- VR – Virtual Reality. A simulated experience of the real world and its physical characteristics in real time in a computer-generated, interactive virtual environment. Unlike AR, which focuses on enhancing the real world with visual representations of additional data, VR fully immerses the user in a virtual world.