Risks and opportunities

In the following section, we present all risks and opportunities of significance to the Group – including emerging risks – that could affect the results of operations, financial position, and/or reputation of Deutsche Telekom and, via the subsidiaries’ results, the results of operations, financial position, and/or reputation of Deutsche Telekom AG. We only consider risks and opportunities after the mitigation measures taken (net assessment). If risks and opportunities can be clearly allocated to an operating segment, this is presented accordingly in the following.

In order to make it easier to understand and see their effects, we have assigned the individually assessed risks and opportunities to the following categories. Where multiple individual risks and opportunities are assigned to one risk category, we calculate the risk significance on the basis of risk aggregation carried out using a Monte Carlo simulation, as multiple risks/opportunities cannot simply be added up. In this simulation, we consider the individual risks and opportunities along with their individual extent and probability of occurrence. The outcome, or risk significance, is the “value at risk.” This states that, with a particular probability of occurrence, the risk extent ascertained using the simulation will not be exceeded. An expert assessment is used for risk categories that have not been quantified.

The resulting risk significance for the risk categories is broken down into four levels:

Strategic risks and opportunities

Risks and opportunities relating to the macroeconomic environment

Uncertainty over the global economic outlook remains high. In particular, ongoing high geopolitical tensions constitute a significant risk factor. A renewed escalation of the conflicts in the Middle East could push up energy prices and disrupt supply chains, which would affect our Germany and Europe operating segments in particular. Also, an escalation of the war in Ukraine could have a negative impact on economic growth in Europe and the financial markets. The increasingly hybrid nature of warfare also brings critical infrastructure into greater focus, such that it could become necessary to increase defenses and business disruptions could occur. Other geopolitical conflicts, such as between China and Taiwan, North and South Korea, or in the South China Sea, as well as uncertainties in international trade constitute additional risk factors.

Uncertainty in trade policy has risen further in the context of increasing import restrictions in major economies. An expansion of trade barriers, such as higher tariffs or export controls on critical intermediate products like rare earth elements, battery technologies, or semiconductor components, could have a significant adverse effect on global supply chains, push up production costs, and lead to price increases. Such measures would further restrict economic conditions, especially for export-oriented countries like Germany, and could push up inflation, especially in the United States. Furthermore, changes in the political and institutional environment of individual countries could affect the predictability of economic conditions.

There are also still financial risks resulting from high debt levels and asset valuations, as well as the declining credit quality of some debtors. A rise in company insolvencies could have a negative impact on our business customer segment. The rising cost of living and decreases in disposable household income could trigger migration to lower-cost rate plans in the consumer segment, or larger numbers of customers defaulting on payments.

Furthermore, extreme risks with a high impact of loss and a very low probability of occurrence could have a substantial impact on the global economy and our business. Examples of these are extensive extreme weather events (e.g., tsunamis or solar storms), disruptive new technologies, further armed conflicts, or new pandemics.

These risks are counterbalanced by opportunities. In particular, the economy could perform better than expected if consumer restraint among private households eases. A potential settlement of geopolitical conflicts or lower energy prices could also strengthen consumer confidence and improve the general business climate. In addition, stronger fiscal stimulus through higher public investment – for instance in infrastructure, digitalization, or defense – could give a boost to economic momentum and create a more favorable macroeconomic environment. Deregulation and reduced bureaucracy could also promote growth in the medium term.

Risks from the market environment

The main market risks we face include the steadily falling profitability of fixed-network and mobile services. In addition to price reductions imposed by regulatory authorities, this is primarily attributable to ongoing intense competition in the telecommunications industry.

In the fixed network, competitive pressure is expected to remain high. In the broadband market, competition is growing from providers with their own fiber-optic networks. What’s more, there is still strong price competition with high introductory discounts from cable network operators and providers without their own fixed-network infrastructure. These factors could have a direct impact on connection rates and indirectly lead to longer payback periods for market participants.

We also expect ongoing price pressure in mobile communications, which could negatively affect our mobile service revenues. The main reason for this price pressure is data-centric, aggressively priced offers. There is also the risk that smaller competitors will take unforeseen, aggressive pricing measures. Technological innovations could put further pressure on prices by increasing the willingness of customers to switch providers.

Another competitive risk lies in the fact that, both in the fixed network and in mobile communications, we are increasingly faced with competitors who are not part of the telecommunications sector as such, but are increasingly moving into the traditional telecommunications markets. This mainly relates to major players in the internet and consumer electronics industries. As a result, we are exposed to the risk of a further loss of share of value added and falling margins due to increasingly losing direct customer contact to competitors.

Our Germany operating segment is facing market risks in the Consumers, Business Customers, and Wholesale segments due to an increasingly strained market environment (particularly with competition) and uncertain economic trends amid geopolitical challenges. This trend could continue in the medium term, such that we have raised the risk significance of the risk category “Market environment, Germany” from low to medium.

It is difficult for companies to take a stance on sociopolitical topics. With regard to many sociopolitical questions, a company’s reaction or the lack of a reaction represents a risk to reputation, revenue, and employee satisfaction. Meeting the requirements of government institutions, customers, and investors is becoming ever more challenging.

T‑Mobile US is active in a market environment that is characterized by intensive competition. Alongside traditional telecommunications providers that deliver bundled offerings including content and mobile video services, there is additional competition, as mobile, fixed-networks, and satellite industries increasingly converge. Additionally, potential market saturation in the United States may cause the wireless industry’s customer growth rate to decline in comparison with previous years. The industry is also highly competitive in spectrum positions, which are crucial to improving existing offerings and introducing new services. T‑Mobile US, through its strategic acquisition of spectrum, enabled the capabilities to offer 5G broadband. 5G broadband allows our U.S. subsidiary to offer its own access product and provide a basis on which to continue the business with bundled offerings. Furthermore, T‑Mobile US continues to develop and maintain strategic partnerships and MVNO relationships. T‑Mobile US must continue to successfully refine and implement its market strategy as Value Leader, Customer Service Leader and 5G Network Leader to attract and maintain private and business customers. Increasing competitive pressure due to attractive bundle offers and device promotions could lead to difficulty in achieving targets in terms of business, financial and operating results in the future.

Innovation cycles are getting shorter and shorter. This confronts the telecommunications sector with the challenge of bringing out new products and services at shorter and shorter intervals. New technologies are superseding existing technologies, products, or services in part, in some cases even completely. This could lead to lower prices and revenues in relation to the services offered, such as telephony, internet access, or television – right through to full substitution by new, global providers. These substitution risks could impact our revenue and earnings. We deal with substitution risks by, for example, offering integrated, in some cases AI-based solutions with hyper-personalization, contextualization, and consistent interoperability of our products, in order to “turn customers into fans” and thereby secure their loyalty. The geopolitical dynamics between the three economic areas of the United States, Europe, and China could pose the risk of increasing fragmentation in the global technology landscape, in part due to different regulatory requirements and diverging technology policies. This could result in heightened strategic uncertainties in investment and technology decisions as well as higher compliance costs. The AI era is also characterized by high regulatory and technological complexity.

Our Systems Solutions operating segment also faces challenges. Continued intense competition and persistent cost pressure are adversely affecting traditional IT business. In addition, the technological shift toward cloud solutions and digitalization in the IT sector is prompting strongly capitalized competitors to enter the market – including in the field of sovereign cloud offers. This might lead to revenue losses and declining margins at T‑Systems.

Opportunities from the market environment

The telecommunications and IT market is extremely dynamic and highly competitive. The economic and competition conditions as well as customers’ changing wants and needs affect our actions and impact on our Company indicators. We generally expect the situation to develop as described in the section “Forecast.”

Apart from the risks described, there is the possibility that our customers could move to higher-value combined rate plans, motivated by the leading customer experience in the “best network.” Likewise, further growth could be generated by tapping into new customer segments, especially in the United States (e.g., for business customers and small and medium-sized enterprises). In the United States, the changing fixed-network market with the increased use of fiber-to-the-home (FTTH) and fixed wireless access (FWA), along with the corresponding fixed-network/mobile bundled products, offers additional opportunities. In addition, ever-shorter innovation cycles could enable us to drive the digital transformation of our society and to provide our consumers and business customers with innovative products and solutions. The use of artificial intelligence (AI) also opens up the possibility of digitalizing more processes or implementing them faster and in higher quality. We are already on track for autonomous networks that increasingly monitor, manage, and configure themselves, leading to fewer outages and at the same time, ensuring higher quality and better energy efficiency. That is why, with the growing convergence of networks, IT, and products, our innovation and technology activities are decisive when it comes to identifying opportunities and making the most of them in an increasingly competitive environment. Hence, our Product and Technology Board of Management department has joined all relevant functions under a common leadership to ensure a close integration of technology, products, IT, and security. This is how we are shaping the future of telecommunications in the AI era with innovative technology and trustworthy products that delight our customers, and once again won awards in the reporting year, among other things, for the best network, our Frag Magenta chatbot, the MagentaTV television product, and for the newly launched AI phone (T Phone 3).

For further information, please refer to the section “Group strategy.”

The substantial increase in capacity, bandwidth, and availability, and the lower latencies provided by the 5G mobile standard we have rolled out, especially in the standalone variant, offer greater reliability, security, and guaranteed service quality, for example for industrial use cases. 5G enables increased requirements for existing business models to be managed more cost-efficiently. In addition, it offers opportunities for further business models, by marketing improved network capabilities (e.g., network access, localization, security, identity, storage location, temporary storage) to relevant partners. We have already implemented many use cases with 5G, such as 5G campus networks, mobile gaming, and support for autonomous driving. Together with other technologies like the NarrowBand Internet of Things (NB-IoT) and AI, 5G provides an important basis for the further digital transformation of society. In addition, we launched new digital offers in the reporting year, which could open up new revenue potential: For example, with our network programming interfaces (Magenta API Capability Exposure), we are giving software developers and companies digital access to certain network services, so as to improve the user experience and security of individual third-party applications like autonomous driving. We will further extend this offering. Looking ahead to the next generation telecommunications networks (6G), we are working with industry and research to drive new standards that strengthen the connectivity of all people, the orchestration of heterogeneous access networks, sustainability (including carbon neutrality), as well as data privacy, trust, and security – while at the same time enabling AI‑powered, highly automated network operation with falling operating costs, ever increasing capacities and performance, greater resilience of the networks operated as critical infrastructure, and integrated features for new products and business models.

Furthermore, opportunities for new project business are emerging in our systems solutions business from data sovereignty, multi-cloud transformation and optimization, and innovation areas such as AI, and industrial metaverse projects. The increased demand for sovereign cloud offers, in particular for GPU infrastructures (graphics processing units) for sovereign AI development, offer potential for business development.

Risks relating to strategic implementation and integration

We are in a continuous process of strategic adjustments and cost-cutting initiatives. If we are unable to implement these projects as planned, we will be exposed to certain risks. In other words, the benefit of the measures could be less than originally estimated, take effect later than expected, or not at all. Each of these factors, individually or in combination, could have a negative impact on our business situation, financial position, and results of operations.

As a part of the business combination of T‑Mobile US and Sprint, numerous commitments were made to secure approvals. Most commitments have been accomplished. Nevertheless, should any remaining commitments not be achieved, litigation or financial consequences could be a result. In the United States, growth opportunities in the wireless business are becoming more difficult and expensive due to market saturation. Non-core and emerging businesses may be relied on to continue subscriber growth. T‑Mobile US is also engaged in complex digital transformation efforts intended to streamline operations, enhance customer experience, and improve its overall competitiveness. These initiatives involve emerging technologies, advanced analytics, and AI-driven tools, which carry significant uncertainties such as integration challenges, data security and privacy risks, regulatory compliance, and the need for specialized skills. Failure to effectively execute these initiatives – or secure robust adoption – could diminish the expected benefits and adversely affect T‑Mobile US’s competitiveness, financial performance, and reputation.

Opportunities relating to strategic implementation and integration

We are tapping into strategic growth areas outside of our core business by working with partners to develop new digital business models on the basis of our assets or capabilities so as to create new customer experiences. These partnerships open up opportunities for us to increase revenue and strengthen long-term customer loyalty. Since 2022, we have offered our customers exclusive products, services, and benefits as part of our Magenta Moments loyalty program integrated in the MeinMagenta app. Cooperations with partner firms like Rituals, Lindt, Disney, and Perplexity are a key component of our activities and will play an even more crucial role in light of the pan-European expansion of our loyalty measures in Europe. In this growth area, we are piloting a number of partnerships involving artificial intelligence applications and capabilities, which include knowledge transfer, creative image processing, generation of podcasts and much more, for example with Perplexity, OpenAI, ElevenLabs, or Black Forest Labs. AI applications are either integrated in our MeinMagenta app for a seamless customer experience, or natively bundled in our AI phone or AI tablet.

The strategically driven disaggregation of access networks (in mobile communications, Open Radio Access Network, Open RAN; in the fixed network, Access 4.0) and core networks (such as the 5G core network) will lead to an expansion of our supplier ecosystem and as such to opportunities through increased competition, greater flexibility, and additional innovations. The promotion of (also AI-based) automation of network management and global scaling of technical platforms will also lead, in the medium term, to a reduction in overall costs and increased agility and speed in the provision of new services and features. By rigorously implementing regulatory requirements and strategic targets on network resilience and data privacy, we can expand our market position as a reliable partner. The integration of satellite networks also contributes to this, allowing for network coverage and availability in previously undeveloped geographies. Together with partners, Deutsche Telekom has brought the first products to the market in the United States and Europe.

We are driving forward the transformation of our IT by working with state-of-the-art technology, integrating AI solutions, and developing in an agile manner. In this process, we consistently focus on measurable business results, reduce complexity, and gradually replace outdated systems. Our IT solutions are scaled globally instead of being developed repeatedly. This approach increases efficiency, strengthens the consistency and resilience of our systems, and creates the basis for end-to-end digital customer experiences. Our global IT strategy is rigorously focused on digital product organization. It is based on a cloud-native, scalable infrastructure and robust architecture that accelerates innovation and enables seamless customer experiences.

Risks and opportunities arising from brand and reputation

An unforeseeable negative media report on our products and services or our corporate activities and responsibilities may have a huge impact on the reputation of our Company and our brand image. This can also be intensified through increasing regulation and the expectation that Deutsche Telekom take a position with regard to political and social topics. Social media may make it possible that such information and opinions can spread much faster and more widely. This may also include misinformation or disinformation concerning Deutsche Telekom produced by AI. Ultimately, negative reports may impact on our revenue and our brand value. In order to avoid this, we engage in a constant, intensive, and constructive dialogue with our stakeholders, in particular with our customers, the media, and the financial world. For us, the top priority is to take as balanced a view as possible of the interests of all stakeholder groups and thereby uphold our reputation as a reliable partner.

Risks and opportunities relating to sustainability and social responsibility

For us, comprehensive risk and opportunity management also means considering the opportunities and risks arising from ecological or social aspects or from corporate management and control. The Board of Management has implemented systems for risk identification and mitigation, in particular the risk and opportunity management system and the internal control system, including the compliance management system. Sustainability topics are integrated into both the risk and opportunity management system and the internal control system. Both systems incorporate sustainability aspects, which remain of great importance as regulatory requirements continue to evolve. We again used our materiality assessment as a starting point for identifying and evaluating financial risks and opportunities that may arise from our sustainability topics. Risks and opportunities in the Group are essentially assessed through the risk and opportunity management process. As a result, topics are covered that are also highly relevant from a sustainability perspective. The complementary analysis of risks and opportunities in the context of the materiality assessment also helps us take the impact of our business activities on society and the environment, as well as financial impacts on our Company, into account. If new findings arise in this process, they are incorporated into the risk and opportunity management process. To this end, we actively and systematically involve all relevant stakeholders in the process so as to identify current and potential risks and opportunities along our entire value chain. In parallel with our ongoing monitoring of ecological, social, and governance issues, we systematically determine our stakeholders’ positions on these issues. The key tools we use here are: an AI-based trend analysis, a document analysis, covering legal texts, studies, and media publications, among other things; our involvement in working groups and committees of (inter)national business associations and social organizations, e.g., GeSI, Connect Europe, BDI, Bitkom, econsense, UN Global Compact, and BAGSO; dialogue formats organized by us; our various publications, such as the press review and newsletters; and workshops with experts from our Company, thereby recording the associated positioning and development of measures in the various business areas.

For further information on sustainability, please refer to the section “Combined sustainability statement.”

We have identified the following as the most financially significant issues for our sustainability management:

Reputation. How we deal with sustainability issues also entails both opportunities and risks for our reputation. A high level of service quality is one of the most important factors for improving customer perception. Customer retention/satisfaction has been embedded in our Group management as a non-financial performance indicator to underline the importance of this issue. Transparency and reporting help to promote the trust of other external stakeholders in our Group. Our annual and CR reports also serve this purpose. However, issues such as business practices, data privacy and security and work standards among suppliers, conduct in relation to human rights, and ethical conduct in relation to and use of AI also entail reputational risks: if our brands, products, or services are connected with such issues in negative media reports, this may cause substantial damage to our reputation. We continuously review such potential risks and take mitigation measures to minimize them. This includes determining the relevance of the risks in relation to sustainability issues and their effect on reputation across units. We also ascertain how our products and services make a positive contribution to sustainability in order to enhance our reputation. Potential reputational risks are incorporated into our compliance risk assessment.

Climate protection. We pursue an integrated climate strategy, which means focusing not only on the risks that climate change poses for us and our stakeholders, but also on the opportunities it presents. By 2030, ICT products and services will have the potential to save up to nine times as much in CO₂ emissions in other industries as the growth in the ICT sector itself will generate, even taking into account the expected rebound effects (according to a Bitkom study on the climate effects of digitalization). The savings potential of digital technologies hence far outweighs the generated CO₂ emissions. Taking an optimistic view, this could mean a 9 % reduction in global CO₂ emissions by 2030. In addition, investments of around USD 3 trillion in innovative solutions are expected by 2030, which will not only expand the business, but will also support the SDGs. We are supporting this trend by evaluating our product portfolio to identify sustainability benefits. In addition, we want to continuously improve the ratio of the emissions that our products and services save to those generated in our own value chain.

Climate change risks are already visible in the form of increasingly extreme weather conditions. Such storm events could damage our infrastructure and disrupt network operation. This would have a direct effect on our stakeholders, e.g., our customers, suppliers, and employees, and could result in revenue losses or lower customer satisfaction. The risk is assessed in relation to the continuation of operations as part of risk management and is managed at an operational level in the business units. Deutsche Telekom welcomes the targets behind the Task Force on Climate-related Financial Disclosures (TCFD) and is actively working to implement them. Based on a gap analysis on the coverage of TCFD recommendations, we defined Deutsche Telekom AG’s material climate-related opportunities and risks and gave them a weighting in a number of workshops with relevant players from technology, procurement, strategy, and risk management. As a next step, we conducted a location analysis, with the example of Germany, of the physical climate risks in various climate scenarios (business as usual and four-degree scenario), which have been internationalized as part of a transnational project involving our companies in Germany, Hungary, Croatia, Greece, Slovakia, the Czech Republic, Poland, Austria, and the United States, which represent around 97 % of the Group’s net revenue. In addition to the physical risks, transitory risks (threats arising from sudden adaptations to climate change made by economic sectors) were also analyzed in detail by means of a workshop.

For further information on this, please refer to the section “Combined sustainability statement.”

We can take further preventive action in this area by also reducing our own CO₂ emissions. For this reason, in 2021 we had set ourselves the ambitious target of cutting our CO₂ emissions across the Group (Scope 1 and 2) to net zero by 2025. And we reached our target of achieving net zero emissions in our own business operations by the end of 2025. To achieve this, we reduced emissions from our own operations globally by more than 94 % against the 2017 level. We offset the remaining emissions of our CO₂e footprint through high-quality projects to remove CO₂ from the atmosphere, for example, through reforestation. By 2040 at the latest, we want to achieve net zero emissions along the entire value chain – across Scope 1, 2 and 3 emissions. Regardless of this, climate protection also carries financial risks, whether from the introduction of levies on CO₂ emissions or increased energy costs, as well as stricter requirements for products, for example in relation to energy efficiency. The mitigation measures we are taking to counter these risks include measuring our own energy efficiency and finding ways to improve it. Our sustainability-related targets agreed for Board of Management remuneration with regard to the respective annual energy consumption and the annual CO₂ emissions for Scope 1 and 2 also contribute to achieving the climate targets and energy efficiency measures. We have a Group-wide program to specifically address our supply chain and we are working to optimize our products and their packaging. Since 2021, the Group has covered 100 % of its electricity requirements with renewable energy. This is achieved through power purchase agreements and other forms of direct purchase, such as through guarantees of origin.

For further information on this, please refer to the section “Combined sustainability statement.”

Due diligence obligations in the Group (German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz – LkSG)). As part of our global procurement activities in particular, we could be exposed to country- and supplier-specific risks. These include, for example, inadequate local working and safety conditions. Violations could cause severe damage to those affected and could result in reputational damage and negative financial consequences for companies. Our LkSG management system includes due diligence processes directed at identifying risks or also violations related to human rights and environmental concerns and, building on this, taking appropriate preventive and/or corrective measures. It encompasses our own business areas, i.e., all Group companies over which Deutsche Telekom exercises a decisive influence (which in particular does not apply to T‑Mobile US), and our direct and indirect suppliers. The LkSG management system is linked with various established risk processes in the Group, e.g., with the compliance risk assessment of our compliance management system. A central component of the LkSG management system is the regular risk analyses for the own business operations of the consolidated Group companies (Deutsche Telekom excluding T‑Mobile US) and their direct suppliers. In addition, ad hoc risk assessments are carried out for the entire value chain, for example, before acquisitions. In order to monitor the effective functioning of the LkSG management system, Deutsche Telekom AG has defined the roles of human rights officer and LkSG officer, which will be exercised by the Vice President for Group Corporate Responsibility. This person reports directly to the Chair of the Board of Management of Deutsche Telekom AG and has further supporting functions. Where required to under national regulations (e.g., under the German Act on Corporate Due Diligence in Supply Chains (LkSG)), Group companies have appointed monitoring roles in the same form for their business areas.

For further information about the results of the annual risk analysis, please refer to the section “Combined sustainability statement” and our annual LkSG report.

Health

Mobile communications, or the electromagnetic fields used in mobile communications, regularly give rise to concerns among the general population about potential health risks. This issue continues to be the subject of public, political, and scientific debate. Acceptance problems among the general public mostly concern mobile communications networks and occasionally the use of mobile terminals such as smartphones, tablets, and laptops. The discussion has repercussions for the build-out of the mobile infrastructure. There is a risk of regulatory interventions, such as raised thresholds for electromagnetic fields or the implementation of precautionary measures in mobile communications, e.g., amendments to building law.

Over the past few years, recognized expert organizations such as the World Health Organization (WHO) and the International Commission on Non-Ionizing Radiation Protection (ICNIRP) have repeatedly reviewed the current thresholds for mobile communications and confirmed that – if these values are complied with – the use of mobile technology is safe based on current scientific knowledge. (Inter)national expert organizations will continue to regularly review the recommended thresholds.

We are convinced that mobile communications technology is safe if specific threshold values are complied with. We are supported in this conviction by the assessment of the recognized bodies. Our responsible approach to this issue finds expression in our Group-wide EMF Policy, with which we commit ourselves to more transparency, information, participation, and to a focus on scientific facts, far beyond that which is stipulated by legal requirements. We aim to overcome concerns among the general public by providing objective, scientifically well-founded, and transparent information. We thus continue to see it as our duty to continue our trust-based dialogue with local authorities and to ensure its successful progress. This particularly applies since our collaboration with municipalities to expand the mobile network was incorporated in law.

Operational risks and opportunities

Risks arising from technology

We have increasingly complex information technology/network infrastructure (IT/NT), which we constantly expand and upgrade to ensure the best customer experience and consolidate our technology leadership. Outages in the technical infrastructure cannot be completely ruled out and could in certain circumstances result in revenue losses or increased costs. What’s more, our IT/NT resources and structures are the main organizational and technical platform for our operations. The growing dependence on IT and the general increase in complexity harbors risks. In order to counter these holistically, our technology, product, innovation, IT, and security activities are combined under the Board of Management department for Product and Technology.

Risks could arise in this area relating to all IT/NT systems and products that require internet access. For instance, faults between newly developed and existing IT/NT systems could cause interruptions to business processes, products, and services, such as smartphones and MagentaTV, or to connectivity for business customers. In order to avoid the risk of outages, e.g., due to natural disasters or fires, we use technical early warning systems, redundant IT/NT systems, and available emergency infrastructure. The Computer Emergency Response Team (CERT) at Deutsche Telekom Security is in charge of protecting our business customers’ IT infrastructure and applications. In cloud computing, all data and applications are stored at a data center. Our European data centers have security certification and meet strict data protection provisions and the EU regulations. All data relating to companies and private persons is protected from external access. Constant maintenance and automatic updates keep the security precautions up to date at all times. On the basis of a standardized Group-wide business continuity management (BCM) process, we also take organizational and technical measures to prevent damage from occurring or, if we cannot, to mitigate the subsequent effects. We also have insurance cover for insurable risks.

T‑Mobile US relies upon its systems and networks and the systems and networks of other providers and suppliers, to provide and support services. T‑Mobile US’ business, like that of most retailers and wireless companies, involves the receipt, storage, and transmission of customers’ confidential information, including sensitive personal information, payment card information, and confidential information about their employees and suppliers, as well as other sensitive information about T‑Mobile US, such as business plans, transactions, and intellectual property. Cyberattacks, such as denial of service and other malicious attacks, or other systems and IT failures, such as hardware or software failures, could disrupt T‑Mobile US’ internal systems, networks, and applications, impair its ability to provide services to customers, and have other adverse effects on its business.

In order to grow and remain competitive with new and evolving network technologies in the industry, T‑Mobile US will need to adapt to future changes in network technology, such as 6G or AI RAN. While T‑Mobile US currently leads in 5G, if it fails to anticipate market trends, efficiently integrate innovative solutions, or maintain network quality and reliability, its competitiveness could erode, adversely affecting business and operating results. New technological developments such as artificial intelligence or machine learning require a flexible adaptation of corporate strategy and processes to remain competitive and seize opportunities for innovation and growth.

Efficient processes and coordination are necessary when developing new business requirements. Complex structures and unclear responsibilities, especially between departments and IT, could hinder effective planning and resource allocation resulting in project delays, cost overruns, and failure to achieve goals.

Opportunities arising from technology

The analysis of extensive technical data from our networks using artificial intelligence (AI) and machine learning (ML) increases transparency in network operation and enables more informed, faster, and automated decisions – from the early detection and clearing of faults to networks that operate autonomously. It does so by shifting the basis for decisions from hypotheses to facts and, for example, enabling correlations to be recognized. In this way, AI/ML can be used, for example, to manage the energy consumption of our technology in a forward-looking way based on the analysis of network data. Overall, this creates the basis for more efficient network operation while at the same time increasing stability and service quality. We are conducting research projects to test the extent to which quantum technology can be used to improve the protection of our networks against unauthorized access and manipulation.

Our Systems Solutions operating segment covers innovative business areas in the digital transformation of business processes, such as cloud computing, AI, automation, and cybersecurity. These business areas could develop faster than expected. As a pioneer of the digital transformation, we have an opportunity to actively shape market trends through a variety of projects in the fields of healthcare, public administration, the automotive sector, and mobility solutions. Under these data-based digital business models, our partner-oriented approach is a highly promising way of contributing our core competencies – in advisory services, added value services for hybrid IT landscapes, and cybersecurity – to various projects. In addition, we have references regarding strategic engagements in our focal sectors automotive, healthcare, and public. We also see potential for development in the sovereign cloud, sovereign AI, professional services, and managed services environment for multi-cloud services.

As a technology and development partner for toll collection business in Europe, we already have a strong competitive position. By operating a European Electronic Toll System (EETS) as the majority shareholder and IT provider for Toll4Europe, we have earned valuable references that will help to give us an edge over our competitors.

Procurement and supply risks

Deutsche Telekom cooperates with a large number of suppliers of technical (information and communication technology) and non-technical products and services. Products and services that might involve a higher risk include software and hardware, network technology components, and all products and services provided directly to end customers.

Deutsche Telekom’s supply chain could be disrupted, for example, by geopolitical tensions, component or raw material shortages, as well as by cyberattacks. Furthermore, additional risks may result from the dependence on individual suppliers or technology products. We employ logistical, organizational, contractual, and procurement strategy measures to counteract these challenges. At T‑Mobile US, in certain areas such as terminal equipment, there are few suppliers who can provide adequate support, which may lead to unfavorable contract terms and decreased flexibility to switch to alternative third parties. Unexpected termination or difficulties in renewing the commercial arrangements with the suppliers, or any business disruptions at the suppliers could have a material adverse effect on T‑Mobile US. The U.S. administration has imposed import tariffs on all countries set at varying rates. Suppliers could pass on the increased costs to T‑Mobile US. We have therefore raised the risk significance of the risk category “Procurement and suppliers” from medium to high.

Risks and opportunities arising from data privacy and data security

Data privacy. All Group companies are subject to specific data privacy regulations (in the EU especially the General Data Protection Regulation (GDPR)). These requirements must be implemented and their compliance must be monitored. Data privacy incidents could be sanctioned with very high administrative fines (up to between 2 and 4 % of the total worldwide annual revenue of an undertaking). The European supervisory authorities’ concept for administrative fines would apply. It stipulates high fines even for violations with a low criticality. The supervisory authorities’ practice with respect to fines demonstrates that more and higher fines are being imposed. Despite implementing mitigation measures and well-established data privacy management structures, it is not possible to fundamentally rule out data privacy incidents, including at partners, as almost all procedures/processes in the Group are relevant in terms of data protection. Errors might occur that are linked to reputation, cost, and sanction risks.

Since the introduction of the GDPR, data privacy law has been largely harmonized in Europe. Deutsche Telekom benefits from this as a Group, since the majority of special national data privacy regulations no longer apply and no longer have to be implemented in the individual entities in the European Union (EU). This has somewhat reduced the need for coordination. An appropriate level of security is also ensured when transmitting personal data to countries outside of the EU. Deutsche Telekom’s Binding Corporate Rules on Privacy (BCRP), in the current Version 3.0, form the Group-wide internal data privacy regulations. All participating companies have committed themselves to this Group Policy, thus ensuring an appropriate level of data privacy for the transmission of data to third countries. Under the Schrems II ruling by the European Court of Justice (ECJ) from 2020, companies are subject to stricter requirements for the transmission of data to third countries without the adequacy decision of the EU Commission, compliance with which entails a substantial workload for companies. Deutsche Telekom therefore welcomes the EU-U.S. Data Privacy Framework agreed between the EU and the United States in 2023, which provides greater legal certainty for collaborations with U.S. companies. A number of actions are pending against this agreement at the European Court of Justice (ECJ) and more cannot be ruled out. By way of mitigation, Deutsche Telekom additionally safeguards the transmission of personal data to companies in the United States, regardless of final legal clarification, by means of standard contractual clauses of the European Commission.

In the United States, the telecommunications industry is also examined closely by the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) with regards to the state data privacy laws. Non-compliance with data privacy laws could result in high fines. The growing demand for data means the challenges with respect to the collection, usage, transfer, and management of customers’ personal data are also growing.

Deutsche Telekom carefully examines technical developments and digital transformation projects on an ongoing basis to verify if they are in line with the Group strategy. For example, the use of IT systems with AI within the Group always complies with the applicable data privacy laws and provisions. The Privacy and Security Assessment (PSA) must be carried out as soon as a new AI solution is to be introduced in the Group. This fully digital process meets the requirements of the GDPR with regard to carrying out a Privacy Impact Assessment for evaluating and documenting the risks posed by data processing. In the PSA process all data privacy and security requirements relevant to the system or project are automatically assigned and then worked through by the functionally responsible units. This also includes a separate AI data privacy requirement and the Digital Ethics Assessment, which help to develop systems based on or using AI in a way that is data privacy-compliant. This takes account not only of general data privacy principles (legality, transparency, limitation of use, etc.), but also specific application scenarios, such as generative AI and profiling.

The ePrivacy Regulation and the corresponding national implementation acts are yet another sector-specific regulatory challenge for the telecommunications sector in the EU. As telecommunications providers’ data processing options are substantially restricted compared with what is possible under the GDPR, innovative big data and AI applications in the field of telecommunications cannot realize the same kind of potential as those of companies that are only subject to the GDPR.

One example of a major initiative with relevance for data privacy is the long-term partnership between T‑Systems and Google Cloud, which began in 2021. Since 2022, the jointly operated T‑Systems Sovereign Cloud powered by Google Cloud combines the open-source expertise of both providers, enabling business customers to manage workloads in compliance with German and European regulatory requirements (GDPR and Schrems II). This joint offering means that even companies from regulated industries can process their data in the cloud in line with sovereign requirements.

T‑Systems had already signed the EU Cloud Code of Conduct (EU Cloud CoC) in 2021. After all, the EU Cloud is synonymous with the digital sovereignty of Europe in cloud services. This refers to the complete control of stored and processed data and independent decision-making on who can access the data. This requires clear rules and requirements, which the EU Cloud CoC offers. The European data protection authorities approved this Code of Conduct. By becoming a signatory, the Company and hence also T‑Systems undertakes to continue to increase the data protection level for cloud services in the interests of customers and European data protection. In this way they provide proof that data is processed in accordance with the requirements of the GDPR. Compliance with the rules is reviewed by an independent body.

Data security. IT security continues to pose major challenges. In addition to preventive measures such as integrated security in business processes and measures to raise security awareness among employees, we counter these challenges with increased focus on the analysis of threats and cyber risks. This is where our early warning system comes in: It detects new sources and types of cyberattack, analyzes the behavior of the attackers while maintaining strict data privacy, and identifies new trends in the field of security. Along with the honeypot systems, which simulate vulnerabilities in IT systems, our early warning system includes alerts and analytical tools for spam mails, viruses, and Trojans. We exchange the information we obtain from all these systems with public and private bodies to detect new attack patterns and develop new protection systems. In the event of corresponding irregularities or cases of abuse among our customers, we inform them without delay and point out options for protection. We are currently continuing to see new developments in the increased and fast-growing use of generative AI, both on the part of criminal attackers and in terms of options for protection. Here, too, we are working to exploit the opportunities offered by the development and use of AI and to counter the potential new risks arising from this technology.

Cybercrime and industrial espionage continue to be on the rise, and they are becoming ever more complex due to rapidly advancing technologies and attack methods. There is also the risk that geopolitical conflicts such as the war in Ukraine will have a negative impact on the cybersecurity situation in Germany and the countries of our subsidiaries. As a result, we face constant challenges and adjustments to protect our customer and business partner data, as well as our networks, technologies, products, and services against these attacks. Such incidents can lead, among other implications, to business disruptions, embezzlement, or unauthorized access to confidential or personal information, and to loss of reputation. We address these issues with comprehensive risk-based countermeasures in accordance with the all risks approach, which includes, for example, security concepts based on internationally recognized security standards (in particular ISO standards), active cyberdefense measures along the chain of prevention, detection, and response, automated testing and approval processes, and regular training and awareness-raising measures. In order to also create greater transparency and thus be in a stronger position to tackle these threats, we are relying more and more on partnerships, e.g., with public and private organizations. By means of the Security by Design principle, we have made security an integral part of our development process for new products and information systems and follow the Zero Trust principle in our network security. Furthermore, we carry out intensive and obligatory digital security tests.

We are continually striving to accelerate our growth through IT security solutions. To this end, we have combined our security units within Deutsche Telekom Security. Whether intelligent data analysis, secure networks, or effective cyber security, we want to leverage this end-to-end security portfolio to secure market shares and, as part of our digitalization strategy, score points with security concepts on the back of megatrends like security, connected business, sustainability, and future of work. We are also continuing to gradually expand our partner ecosystem in the area of cybersecurity.

We provide regular updates on the latest developments in data protection and data security on our website.

Other operational risks and opportunities

Employees. Our employees play a crucial role in the transformation of Deutsche Telekom. Their skills are a key factor in our business success. Both this success and our service provision are dependent on the ability to acquire, retain, and develop specialist staff and talents. The growing competition for these resources, especially from the fields of technology and IT (war for talents), and the growing desire for flexibility, e.g., through mobile work, are increasing the risk of losing important employees while demand continues to grow. Rising salaries intensify the situation and push up costs. Nearshore and offshore locations are also of huge strategic significance for Deutsche Telekom, since they hold not only operational but also strategically important profiles. The availability of experts with the appropriate qualifications at these locations is essential to delivering services on time, with the right skills profiles, and on budget. The demands of the talents with regard to potential employers have also increased. Apart from remuneration, they care about flexible working, ESG, diversity, and innovations. We systematically work to address these challenges head on, for example, by strengthening Deutsche Telekom and T‑Mobile US as an attractive employer brand and by proactively seeking out new specialist staff and talents worldwide.

In 2025, we once again used socially responsible measures to restructure the workforce in our Group. Early retirement models such as phased and dedicated retirement, and severance payments have been largely taken up, but also the training and placement of civil servants and employees in the public sector by the next.JOB unit has proved very popular. The transformation with the associated staff restructuring is extremely important for achieving the Group’s goals. Nevertheless, it is essential the restructuring is managed in a targeted way. That is why, for each request by an employee to take up a staff reduction instrument, it must be ensured on principle that the arrangement is voluntary on both sides (agreed by employee and manager), so as to avoid, for example, the loss of high performers.

The Company still employs numerous civil servants, who originally belonged to Group units of Deutsche Telekom that have since been sold. Where requested, these civil servants have been granted temporary leave from their civil servant status. However, there is a risk that they may return to us from a sold entity, for instance after the end of their temporary leave from civil servant status, without the Company being able to offer them jobs. Currently, 784 civil servants are entitled to return from outside the Group in this way (as of December 31, 2025), thus posing a risk.

Regulatory risks and opportunities

In the following section, we describe the main regulatory risks and opportunities that, as things currently stand, could affect our results of operations and financial position, and our reputation.

Regulatory risks arise from telecommunications-specific statutory regulations at the national, European, and U.S. level, and from the consequent powers of national authorities to regulate or intervene in the market and limit our freedom as regards product design and pricing. Deregulation can give rise to regulatory opportunities. Regulatory intervention, which we can only anticipate to a limited extent, may exacerbate existing price and competitive pressure. There are concerns that regulation in the United States, Germany, and other European countries may also impact revenue and earnings trends in the medium to long term.

Changes in regulatory policy and legislation

European legislation constantly influences our pricing and product design. The main legal frameworks are the European Electronic Communications Code (EECC), the EU Gigabit Infrastructure Act (GIA), as well as the EU Roaming Regulation. Since 2021, termination rates have been determined directly by the European Commission by way of a delegated act.

In February 2024, the European Commission presented its white paper containing a set of proposals aimed at expanding digital networks, managing the transition to new technologies and business models, covering the future need for connectivity, and safeguarding economic competitiveness and secure, resilient infrastructure in the EU. On the basis of this white paper, the proposed Digital Networks Act and proposed amendments to the Cybersecurity Act were published on January 21, 2026.

For further information on the European Commissions’ legislative proposals (Digital Networks Act and Cybersecurity Act), please refer to the section “The economic environment – Major regulatory decisions.”

Political decisions can bring opportunities and risks with them. In Germany and our European core markets, regulatory developments and measures to support the infrastructure build-out could have a substantial impact on the framework conditions and investment incentives. The coalition agreement of the new German Federal Government provides for measures to support network build-out and digitalization. Targets include nationwide FTTH coverage as well as a strengthening of Germany’s digital sovereignty. One amendment to the Telecommunications Act (TKG), under which the laying and changing of telecommunications lines for the expansion of telecommunications networks is in the overriding public interest until the end of 2030, came into force in July 2025. This priority for network expansion aims to accelerate approval processes for the mobile and fixed network.

For further information on the TKG amending act in Germany, please refer to the section “The economic environment – Major regulatory decisions.”

In view of the highly topical debates regarding the security of critical infrastructure, the German legislature has made adjustments that expand the powers of the Federal Ministry of the Interior and Community (BMI) and strengthen its powers of intervention. Furthermore, security legislation as a whole was tightened. The Bundesnetzagentur is also currently revising the catalog of security requirements, which are expected to increase as a result. It is not yet possible to estimate the associated implementation costs for Deutsche Telekom.

In the United States, too, new or amended wireless-related provisions and laws can increase the complexity of processes and lead to higher costs for T‑Mobile US.

Awarding of spectrum

Risks could arise from the fact that inappropriate auction rules or the conditions for extending awards, frequency usage requirements, excessive reserve prices, and disproportionately high annual spectrum fees could jeopardize our planned acquisition of spectrum or give rise to adverse effects from the conditions for the allocation of spectrum. Inappropriate conditions for the awarding of spectrum can include, for example, extensive build-out requirements and, in some cases, requirements to grant network access (national roaming, service provider access). The specific details are down to the national regulatory authorities. By contrast, we see an opportunity in particular in the fact that such spectrum award procedures enable us to obtain the optimum amount of spectrum for our future business. We would thus be equipped for further growth and innovation. Changes to award procedures generally entail opportunities and risks. The upcoming award procedures relate to awards in all mobile frequency ranges between 900 MHz and 4.2 GHz, as well as 26 GHz. Major award procedures are currently being prepared, primarily in Austria and Hungary.

In Germany, the Cologne Administrative Court, in its ruling dated August 26, 2024, declared the conditions of award of the 2019 auction to be unlawful. Following the decision of the Federal Administrative Court on October 16, 2025 to reject the Bundesnetzagentur’s complaint against non-allowance of appeal, the ruling is now legally binding. Furthermore, the Federal Administrative Court has instructed the Bundesnetzagentur to revoke and reassess the award and auction rules. For the time being, our spectrum usage rights in the 2.1 GHz and 3.6 GHz bands continue unchanged.

For further information, please refer to the section “The economic environment – Major regulatory decisions.”

For further information on spectrum auctions that were completed in 2025 or are still ongoing, please refer to the section “The economic environment – Major regulatory decisions.”

Areas in which national regulators may intervene

European and national laws and regulations grant national regulators extensive powers of intervention.

Wholesale products. Our Group companies in Germany and Europe continue to be subject to extensive regulation of wholesale products, obligating us to make our network and services available to our competitors wherever we are deemed to have significant market power as an operator. The national regulators regularly check and determine the corresponding terms, conditions, and prices of these wholesale offerings. The key wholesale products subject to regulation are unbundled local loop lines, bitstream products, leased lines, and the associated services.

Network access. In July 2022, the Bundesnetzagentur published its decision on the future regulation of access to Deutsche Telekom’s copper and fiber-optic network. With this decision, rules for FTTB/H networks are laid down, the previous regulation for Layer2 (VDSL) is discontinued, and access to ducts and poles is also imposed. The precise access conditions will be set down in the subsequent procedures, by means of which the authority will influence Deutsche Telekom’s pricing and product design.

For further information on access regulation including FTTB/H network access by the Bundesnetzagentur, please refer to the section “The economic environment – Major regulatory decisions.”

Regulatory requirements for mobile communications could arise from conditions imposed in connection with the allocation of frequencies. In Germany, a negotiation obligation for wholesale access has been in place since 2018, for which the Bundesnetzagentur can be called upon in cases of dispute. This can give rise to restrictions on our freedom of contract when concluding wholesale agreements with regards to wholesale customers, as well as in terms of scope of services and prices.

Open access in development areas. Within the scope of the subsidized network build-out, companies have an obligation to ensure access to the subsidized network. In addition, all operators of public supply networks have an obligation, among others, to ensure shared use of passive network infrastructure. The Bundesnetzagentur can be called on to settle disputes. To this end, it can impose, for example, product and price requirements on operators.

In addition, European and national consumer protection regulations apply.

Media law. In addition to the requirements of telecommunications and competition law, our media products are also subject to special European and national regulations under media law, as well as non-sector specific regulations such as copyright, data, and consumer protection. These include, in the broader sense, regulations concerning the responsibility/liability for published content, requirements in relation to ensuring the protection of minors in the media, accessibility, and requirements in relation to the content design of user interfaces, including by users themselves. Assuming the ongoing relevance of the Federal Republic and KfW as major shareholders on the one hand, and barring any changes in the legal situation, or the prevailing opinions of media regulators on the other, it is unlikely that Telekom Deutschland will be granted a license to broadcast radio and TV programs. Compliance with the relevant stipulations can be relevant for the design of the TV products, or require adjustments in relationships with licensors, suppliers, and customers. Breaches of obligations can result in the responsible regulatory authorities issuing complaints, orders or injunctions, or even imposing fines.

Litigation and anti-trust proceedings

Major ongoing legal proceedings

Deutsche Telekom is party to proceedings both in and out of court with government agencies, competitors, and other parties. The proceedings listed below are of particular importance from our perspective. If, in extremely rare cases, required disclosures on individual legal proceedings are not made, we concluded that these disclosures may seriously undermine the outcome of the relevant proceedings.

Claims relating to charges for the shared use of cable ducts. In 2012, Kabel Deutschland Vertrieb und Service GmbH (today Vodafone Deutschland GmbH (VDG)) filed a claim against Telekom Deutschland GmbH to reduce the annual charge for the rights to use cable duct capacities. In similar proceedings, the then Unitymedia Hessen GmbH & Co. KG, Unitymedia NRW GmbH, and Kabel BW GmbH (today all Vodafone West) filed claims against Telekom Deutschland GmbH in January 2013, demanding that it cease charging the plaintiffs more than a specific and precisely stated amount for the shared use of cable ducts, including in the future. The claims were rejected by the Frankfurt/Main Higher Regional Court (VDG) and by the Düsseldorf Higher Regional Court (Vodafone West) and an appeal was not allowed in both cases. In response to the complaints of the plaintiffs against non-allowance of appeal, the Federal Court of Justice allowed the appeal by VDG to the extent that it relates to claims dating from January 1, 2012 onward; the appeal by Vodafone West was allowed to the extent that it relates to claims dating from January 1, 2016 onward. The claims were rejected with legally binding effect for the time periods prior to this. In a ruling on December 14, 2021, the Federal Court of Justice referred the proceedings concerning the remaining claims back to the responsible Higher Regional Courts for a new hearing and decision. VDG has since updated its claim, which it now puts at around EUR 980 million plus interest for the period from January 2012 to December 2024. The plaintiff Vodafone West has also updated its claim, which it now puts at around EUR 538 million plus interest for the period from January 2016 to April 2024. It is currently not possible to estimate the financial impact of both these proceedings with sufficient certainty.

Sprint Merger class action. On June 1, 2021, a shareholder class action and derivative action was filed in the Delaware Court of Chancery against Deutsche Telekom AG, SoftBank, T‑Mobile US, and all of our officers and directors at that time, asserting a breach of fiduciary duties relating to the purchase price amendment to the Merger Agreement, as well as SoftBank’s subsequent monetization of its T‑Mobile US shares. The complaint, which was amended several times, remains directed at the same defendants and the same underlying transactions as in the original action; however, it includes an additional submission on alleged facts. It is currently not possible to estimate the resulting claim and financial risk of these proceedings with sufficient certainty.

Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in August 2021. In August 2021, T‑Mobile US confirmed that their systems had been subject to a criminal cyberattack that compromised data of millions of their customers, former customers, and prospective customers. With the assistance of outside cybersecurity experts, T‑Mobile US located and closed the unauthorized access to their systems and identified customers whose information was impacted and notified them, consistent with state and federal requirements.

A shareholder derivative action that had remained pending in this context, filed in September 2022 against the members of the Board of Directors of T‑Mobile US and against T‑Mobile US as nominal defendant alleging claims for breach of fiduciary duties relating to the company’s cybersecurity practices, was dismissed with legal effect in the first quarter of 2025. The proceeding is thus concluded.

In addition, inquiries have been made by various government agencies, law enforcement and other state authorities, with which T‑Mobile US is cooperating in full. An agreement was reached in 2024 on the inquiries made by the Federal Communications Commission (FCC). It is currently not possible to estimate the resultant financial risk of these proceedings with sufficient certainty.

The proceedings relating to the cyberattack in August 2021 will no longer be reported as the main lawsuits have been concluded.

Proceedings against T‑Mobile US in consequence of the cyberattack on T‑Mobile US in January 2023. On January 5, 2023, T‑Mobile US identified that a bad actor was obtaining data through an application programming interface (API). Investigations by the company have found that the affected API was only able to provide a limited set of customer account data, including name, billing address, email address, telephone number, date of birth, T‑Mobile account number, and information such as the number of lines on the account and plan features. The results of the investigation indicate that, in total, around 37 million current postpaid and prepaid customer accounts were affected, although many of these accounts did not include the full data set. T‑Mobile US assumes that the attacker retrieved data via the affected API for the first time from or around November 25, 2022. In accordance with federal and state requirements, the company has notified those individuals whose data was affected. In connection with this cyberattack, consumer class actions were filed against T‑Mobile US and official inquiries were submitted to the company, to which it will respond and, as a result of which, it may incur substantial expenses. It is currently not possible to estimate the resultant financial risk with sufficient certainty.

Class action relating to shareholder return programs of T‑Mobile US. On February 25, 2025, a shareholder class action and derivative action was filed in the Delaware Court of Chancery against Deutsche Telekom AG, T‑Mobile US, and all of T‑Mobile USʼ directors, asserting breach of fiduciary duties relating to the 2022 share buy-back program and the 2023–2024 shareholder return program of T‑Mobile US. It is currently not possible to estimate the resulting claim and financial risk of these proceedings with sufficient certainty.

Patents and licenses. Like many other large telecommunications and internet providers, Deutsche Telekom is regularly exposed to intellectual property rights disputes. There is a risk that we may have to pay license fees and/or compensation; we are also exposed to a risk of cease-and-desist orders, for example relating to the sale of a product or the use of a technology.

Further, Deutsche Telekom intends to defend itself vigorously in each of these proceedings.

Major ongoing anti-trust proceedings

Like all companies, our Group is subject to anti-trust law. In recent years, we have notably stepped up our compliance efforts in this area too. Nevertheless, Deutsche Telekom and its subsidiaries are from time to time subject to proceedings under anti-trust law or follow-on damage actions under civil law. In the following, we describe material anti-trust proceedings and resulting claims for damages. If, in extremely rare cases, required disclosures on individual anti-trust proceedings are not made, we concluded that these disclosures may seriously undermine the outcome of the relevant proceedings.

Claims for damages against Slovak Telekom following a European Commission decision to impose fines. The European Commission decided on October 15, 2014 that Slovak Telekom had abused its market power on the Slovak broadband market and as a result imposed fines on Slovak Telekom and Deutsche Telekom AG, which were paid in full in January 2015. After the General Court of the European Union partially overturned the European Commission’s decision in 2018 and reduced the fines by a total of EUR 13 million, the legal recourse following the ruling of the European Court of Justice on March 25, 2021 is exhausted. Following the decision of the European Commission, competitors filed damage actions against Slovak Telekom with the civil court in Bratislava. These claims seek compensation for alleged damages due to Slovak Telekom’s abuse of a dominant market position, as determined by the European Commission. Three claims totaling EUR 219 million plus interest are currently pending. It is currently not possible to estimate the financial impact with sufficient certainty.

Antitrust class action complaint following the merger with Sprint. T‑Mobile US is defending against an antitrust class action complaint from June 17, 2022, in which the plaintiffs allege that the merger of T‑Mobile US and Sprint violated the antitrust laws and harmed competition in the U.S. retail cell service market. Plaintiffs seek injunctive relief and trebled monetary damages on behalf of a purported class of AT&T and Verizon customers who plaintiffs allege paid artificially inflated prices due to the merger. It is currently not possible to estimate the financial impact with sufficient certainty.

Proceedings concluded

Claims for damages against Deutsche Telekom AG, including due to insolvency of Phones4U. Phones4U was an independent British mobile retailer, which had declared insolvency in 2014. The insolvency administrator had pursued claims before the High Court of Justice in London against the mobile providers active on the UK market at that time and their parent companies on the grounds of alleged collusion in violation of anti-trust law and breach of contract. On November 10, 2023, the High Court of Justice in London rejected all claims made by Phones4U against all defendants. The appeal lodged against this by Phones4U was dismissed in full on July 11, 2025. The proceedings are thus completed and will no longer be reported.

Compliance risks

Compliance risks are risks arising from systematic infringements of legal or ethical standards that could result in regulatory or criminal liability on the part of the company, its executive body members, or employees, or result in a significant loss of reputation. In order to minimize these risks, we have set up a compliance management system.

For further information on the compliance management system, please refer to the section “Combined sustainability statement.”

Financial risks and opportunities

Liquidity, credit, currency, interest rate risks

With regard to its assets, liabilities, and planned transactions, our Group is particularly exposed to liquidity risks, credit risks, and the risk of changes in exchange rates and interest rates. We want to contain these risks. Risks with an impact on cash flows are monitored in a standard process and hedged selectively using derivative and non-derivative hedges. Derivative financial instruments are used solely for hedging and never for speculative purposes. The following risk areas – liquidity, credit, currency, and interest rate risks – are evaluated taking into account all hedges.

For further information on the risk assessment, please refer to the “Corporate risks” table above.

Liquidity risk. To ensure the Group’s and Deutsche Telekom AG’s solvency and financial flexibility at all times, we maintain a liquidity reserve in the form of credit lines and cash as part of our liquidity management. T‑Mobile US has pursued its own separate financing and liquidity strategy.

Deutsche Telekom excluding T‑Mobile US had access to primarily bilateral credit agreements with 20 banks with an aggregate total volume of EUR 12.0 billion as of December 31, 2025, which were not utilized. Our liquidity reserve covered maturing bonds and long-term loans at all times for at least the next 24 months (see graphic below). Furthermore, cash on hand of EUR 2.8 billion was available.

Development of the liquidity reserve (Deutsche Telekom excluding T‑Mobile US), maturities in 2024/2025

billions of €

Bilateral credit lines with an aggregate total volume of USD 7.5 billion (EUR 6.4 billion) plus a cash balance of USD 5.6 billion (EUR 4.8 billion) were available to T‑Mobile US as of December 31, 2025.

On January 5, 2026, T‑Mobile US concluded a revised credit agreement with certain financial institutions. The credit agreement raises the previous bilateral credit lines to USD 10.0 billion and extends the term until January 5, 2031.

Credit risks. In our operating business and certain banking activities, we are exposed to a credit risk, i.e., the risk that a counterparty will not fulfill its contractual obligations. To keep this credit risk to a minimum, we conclude transactions with regard to financing activities only with counterparties that have at least a credit rating of BBB+/Baa1; we also actively manage limits. In addition, we have concluded collateral agreements for our derivative transactions. At the level of operations, the outstanding debts are continuously monitored in each area, i.e., locally.

Currency risks. Currency risks result from dividend payments received, investments, financing measures, and operations. Risks with an impact on cash flows (transaction risks) resulting from foreign currency fluctuations will be hedged selectively. However, foreign-currency risks that do not influence the Group’s cash flows, for example, risks resulting from the translation of assets and liabilities of foreign operations into euros (translation risks) are generally not hedged. Deutsche Telekom may nevertheless also hedge these foreign-currency risks under certain circumstances.

Interest rate risks and opportunities. Our interest rate risks mainly result from Group financing: On the one hand, we have an interest rate risk relating to the issue of new liabilities, and on the other, we have an interest rate risk arising from variable-interest liabilities. The interest rate position is actively managed as part of our interest rate management activities. Each year, a maximum is set for the percentage of variable-interest liabilities, taking into account the planned finance costs. For new issues and variable-interest liabilities, an opportunity arises at the same time from potential interest rate declines.

For further information, please refer to Note 43 “Financial instruments and risk management” in the notes to the consolidated financial statements.

Tax risks and opportunities

We are subject to the applicable tax laws in many different countries. Risks and opportunities can arise from changes in local taxation laws or case law and different interpretations of existing provisions. These risks can impact both our tax expense and benefit as well as tax receivables and liabilities.

Other financial risks and opportunities

This section contains information on other financial risks that we consider to be immaterial at present or cannot evaluate based on current knowledge.

Rating risk. Deutsche Telekom’s credit rating affects our access to the capital markets, to the international finance markets, and our refinancing costs. A lower rating could impede access to the capital market and, over time, would lead to an increase in the cost of debt financing. We intend to maintain our rating in a corridor from A- to BBB and thereby safeguard undisputed access to the capital market. As of December 31, 2025, Deutsche Telekom AG’s credit rating with Moody’s was A3 with a stable outlook, while Standard & Poor’s rated us BBB+ with a positive outlook, and Fitch BBB+ with a stable outlook. From today’s perspective, access to the international debt capital markets for both Deutsche Telekom AG and T‑Mobile US is not jeopardized.

Control environment. Compliance with business and regulatory requirements, in particular for the internal control system, requires high efforts. Not meeting these demands could lead to difficulties or weaknesses in Deutsche Telekom’s overall control environment and with regard to financial reporting.

Sales of shares by the Federal Republic or KfW. As of December 31, 2025, the Federal Republic of Germany and KfW jointly held 28.3 % in Deutsche Telekom AG. It is possible that the Federal Republic will continue its policy of privatization and sell further equity interests in a manner designed not to disrupt the capital markets and with the involvement of KfW. There is a risk that the sale of a significant volume of shares by the Federal Republic or KfW, or any speculation to this effect, could have a negative impact on the price of the T-Share.

Subsidiaries and equity investments. Subsidiaries and equity investments of Deutsche Telekom could face difficult market conditions, e.g., increased competition, in particular price pressure, and economic fluctuations. Additional fundings may be needed to safeguard these business activities.

Impairment of Deutsche Telekom AG’s assets. The value of the assets of Deutsche Telekom AG and its subsidiaries is reviewed periodically. In addition to the regular annual measurements that are also performed for the carrying amounts of investments in the annual financial statements of Deutsche Telekom AG prepared in accordance with German GAAP, specific impairment tests may be carried out, for example, where changes in the economic, regulatory, business, or political environment suggest that the value of goodwill, intangible assets, property, plant and equipment, investments accounted for using the equity method, or other financial assets might have changed. These tests may lead to the recognition or reversal of impairment losses that do not, however, result in cash outflows or inflows. This could impact to a considerable extent on our results, which in turn may negatively or positively affect the T‑Share price.

For further information, please refer to the section “Summary of accounting policies – Judgments and estimates” in the notes to the consolidated financial statements.