Deutsche Telekom has a Group-wide risk and opportunity management system. With this system, we systematically record and evaluate risks and opportunities as well as emerging risks for the company. It helps us manage potential threats, seize opportunities, and increase resilience to unpredictable events. In addition, the system supports strategic decision-making.
You can find more detailed information on the risk and opportunity management system in our Annual Report 2025.
Taking a closer look at emerging risks
New or foreseeable risks for the future, the risk potential of which is not yet known with certainty and whose effects are difficult to assess, are referred to as emerging risks. These include, for example, geopolitical tensions, new technologies or macroeconomic factors. While these risks may already be impacting our business today, their effects may increase within three to five years and affect us much more severely in the future.
If we want to protect our company and our customers from emerging risks, we must identify and evaluate them at an early stage and initiate risk mitigation measures as part of our risk and opportunity management system. In order to reduce negative impacts, we may also need to adapt our strategy or business models.
Our 5 Emerging Risks
Cyber attacks
New technologies, in particular AI
Geopolitical instability
Climate change
Increasing regulatory complexity
Cyber attacks
Cyberattacks and cybercrime continue to increase and become more complex and effective. Rapid technological progress, for example, through artificial intelligence (AI), can favor increasingly efficient and sophisticated attack methods that could partially overtake existing security measures. At the same time, the number of possible points of attack is increasing because companies are increasingly networked and data and processes are increasingly running via digital systems, external service providers and Internet-based applications. Geopolitical tensions, evolving threat actors, and the ongoing cybersecurity skills shortage can exacerbate the risk landscape and make it difficult to effectively manage cyber risks.
The potential effects of this risk include, but are not limited to:
System failures and business interruptions
Loss of customer data, which can lead to loss of trust, reputational damage, and legal consequences
Financial losses, particularly due to ransomware attacks and related ransom payments
Rising costs for cybersecurity, such as prevention and protection measures, responsiveness and qualified personnel
Our risk mitigation measures include:
To further develop integrated cyber and AI risk governance and strengthen prevention, detection and response, including AI-powered security solutions
Secure and regularly update IT systems, identity and access management, and reduce the attack surface.
Promoting a risk-aware security culture, cooperation along the supply chain and supplementary protection against financial risks, for example through cyber insurance
You can find more information on cybersecurity here in the CR report.
New technologies, especially AI
New technologies such as AI are rapidly gaining in importance and are increasingly influencing how business models are designed, processes are controlled and decisions are made. AI can open up new opportunities, but it can also bring with it risks, such as automated decisions that are difficult to understand, inadequate protection of sensitive data, and increasing regulatory and liability requirements. The rapidly growing volume of data could make it even more difficult to control and monitor data sets consistently. In addition, AI-enabled applications could facilitate the spread of misinformation, enable new forms of cybercrime and have an environmental impact due to their energy requirements. If technological change is not properly managed, opportunities cannot be exploited effectively.
The potential effects of this risk include, but are not limited to:
Increasing cyberattacks, amplified by new technologies
Liability and compliance risks due to non-transparent or distorted AI systems
Increasing skills gaps due to new qualification requirements
Our risk mitigation measures include:
Strengthening governance and security measures for the use of new technologies, in particular AI
Continuous investments in the qualification and further development of our employees as well as the promotion of a risk-conscious corporate culture
Geopolitical instability
Increasing geopolitical tensions and political unpredictability are threatening the stability of the global economy and financial markets. Economic nationalism, protectionist measures and strategic technological rivalries between states can create new trade barriers and affect international supply chains. At the same time, geopolitical alliances are constantly changing. Existing and potential conflicts can increase the risk of further market dislocations, supply shortages and a global economic slowdown.
The potential effects of this risk include, but are not limited to:
Destruction or impairment of network infrastructure through political uprisings, sabotage, or geopolitically motivated attacks
disruptions or delays in the supply chain, for example as a result of geopolitical conflicts, trade restrictions or protectionist measures; this concerns, among other things, the availability of critical raw materials
Increased uncertainty in strategic and financial planning, coupled with rising costs and increasing market volatility
Our risk mitigation measures include:
Close monitoring of policy developments and adaptation of our shoring strategy
Integrating geopolitical risks into the company-wide risk assessment and developing/validating corresponding contingency plans
Development/review of scenario planning activities
Climate change
Advancing climate change can increase the frequency and intensity of extreme weather events. This is associated with phenomena such as warming of the oceans, higher temperatures and humidity, as well as severe storms and heat waves. These developments can promote natural events such as floods and droughts.
The potential effects of this risk include, but are not limited to:
-
Damage to the network infrastructure
-
Higher costs due to increasing regulatory requirements and necessary investments in physical protective measures
-
Delivery delays and rising delivery costs due to disrupted supply chains
Our risk mitigation measures include:
-
Further development of the business model to reduce CO2 emissions, in particular through the expansion of circular economy approaches such as recycling and waste avoidance as well as through the most resource-efficient product and network design possible
-
Prepare and regularly review contingency and preparedness plans, including the assessment of critical systems and resources
-
Implementation of physical protective measures at our own sites as well as along selected parts of the supply chain with regard to extreme weather events
Further information on our approach to environmental and climate protection can be found under Climate protection and Circular economy here in the CR report and under “Climate change” and “Resource use and circular economy” in our audited Sustainability Statement.
Increasing regulatory complexity
The regulatory requirements for telecommunications companies are continuously increasing and at the same time becoming more complex. In addition to traditional regulatory fields, new areas such as AI, digital markets, data protection and environmental, social and governance aspects (ESG) are gaining in importance. Different national requirements, stricter audits and new enforcement mechanisms can increase the pressure to adapt, legal risks and compliance costs.
The potential effects of this risk include, but are not limited to:
Additional financial burdens due to fines, sanctions and rising legal and procedural costs
Limited strategic room for maneuver and distortions of competition due to different regulatory requirements in individual markets
Increased operational effort and need to adapt processes and business models as a result of new regulatory requirements
Our risk mitigation measures include:
Early monitoring of regulatory developments and continuous dialogue with the relevant regulatory authorities
Further development of our compliance management system, including clear responsibilities, sufficient resources and regular review
Integration of regulatory requirements into company-wide risk and continuity planning in order to address impacts at an early stage
Looking ahead
In order to strengthen Deutsche Telekom’s resilience and minimize the risks described, we are taking targeted measures. At the same time, we use the early understanding of these topics to further develop and strengthen our ecological, social and economic sustainability performance in the long term.
Deep Dive for Experts
Management & Frameworks
Our Group-wide risk and opportunity management system is organized in a decentralized manner. The methods for the system and for the associated reporting, in particular the Group Risk Report, are specified by the Group Risk Governance department. All operating segments as well as the Group Headquarters & Group Services segment are connected to the central Group system via their respective risk and opportunity management systems. In the segments, the respective managers are responsible for identifying, evaluating and continuously monitoring the risks. Opportunities are taken into account by management in the annual planning process and continuously developed in the course of the operational business.