Compliance management system aligned with the company’s risk situation

Our contribution to the SDGs

Our compliance culture is a key component for corporate governance based on integrity and respect. We have expressed our Group-wide commitment to complying with ethical principles and both legal and statutory requirements. We have enshrined this pledge in our Guiding Principles and our Code of Conduct.

Integrity – which necessarily encompasses compliance – forms the basis of all our business decisions and activities. It defines the behavior of all our employees in dealings with customers, employees, investors, managers, and Deutsche Telekom's overall sphere of operations.

We implemented a compliance management system (CMS) with the aim of minimizing risks arising from systematic infringements of legal or ethical standards that could result in regulatory or criminal liability on the part of the Company, its executive body members, or employees, or result in a significant loss of reputation. The Board of Management considers its overall responsibility for compliance as a key leadership task. Our Chief Compliance Officer is responsible for the design and management of the compliance management system. Compliance officers implement the compliance management system and our compliance goals locally at the level of our operating segments and national companies.

We have derived the following objectives for our compliance work:

  • Identifying, analyzing, and assessing compliance risk at an early stage
  • Integrating preventive measures in business processes early and permanently, to prevent breaches of compliance
  • Minimizing liability risks for the company
  • Being viewed as a dependable partner by customers and business partners
  • Adopting a consistent approach to preventing, identifying, and responding to non-compliance
  • Fostering a compliance culture and ethical conduct

Dr. Marie von der Groeben

Do you have questions on this topic?
Ask our expert:

Dr. Marie von der Groeben

Chief Compliance Officer

Reporting against standards


Global Reporting Initiative (GRI)

  • GRI 2-23 (General Disclosures)
  • GRI 2-25 (General Disclosures)
  • GRI 2-26 (General Disclosures)
  • GRI 205 3-3 (Management of material topics)

Ongoing audit of compliance management continued

Since 2010, we have commissioned regular audits img of our compliance management system (CMS), with a focus on anti-corruption, in accordance with IDW audit img standard 980. The last audit run took place in the years 2020 and 2021. 

In total, 22 German and international companies were audited successfully. Details of the audit results are published on Deutsche Telekom’s homepage. The audits focused on processes that are exposed to an increased risk of corruption, for example, in procurement, sales, events, donations, sponsorships, M&A, and human resources. The next external audit is scheduled for 2024.

Further development of the compliance management system through regular risk assessment

To identify, analyze, and assess compliance risks to the company and derive risk-oriented measures to prevent breaches of laws and regulations, our central compliance management organization conducts a high-level CRA (compliance risk assessment) each year. It also covers Deutsche Telekom’s subsidiaries. For this we have established a compliance risk assessment process, established responsibilities, and defined assessment criteria. The individual steps are documented transparently. The 2022 compliance risk assessment had the following detailed outcomes:

  • The companies that participated in the CRA were selected according to a model based on risk and maturity and dependent on governance.
  • In 2022, 69 units (61 companies and 8 Group headquarters units) went through this process. This equates to a coverage level of 93.6 percent (by FTE/full-time equivalents) of fully consolidated companies as of December 2021. T-Mobile US uses a different system for its risk assessment.
  • We list potential risks to our company in a Group risk map. This enables the various Deutsche Telekom companies, with their different business models, to conduct systematic risk analyses. In 2022, the core risk categories were revised and partly consolidated. In 2022, the risk map covered 22 risk categories, including such categories as corruption, anti-trust law violations, and human rights violations. All national companies can add more categories specific to their business needs and as warranted. This involves defining which specific threat each risk poses to the national company and stating which steps have already been implemented to rule out this risk as far as possible. If necessary, additional measures are developed to reduce the risks to a manageable level.
  • Responsibility for conducting the CRA lies with the respective company or Group unit. Based on the results, management approves a compliance program for the coming year that includes appropriate local measures and responsibilities. The central compliance organization supports them with this and provides a standardized methodology. This means the findings from the CRA can be used to derive risk-oriented Group-wide measures.
  • The Board of Management and the Audit img Committee of the Supervisory Board of Deutsche Telekom are notified of the results of the compliance risk assessment.
  • The central compliance department monitors the execution of measures from the compliance program.
Reporting against standards

Global Reporting Initiative (GRI)

  • GRI 2-16 (General Disclosures)
  • GRI 2-25 (General Disclosures)
  • GRI 205-1 (Anti-corruption)

A clear reference framework: Deutsche Telekom’s compliance policies

Integrity, respect, and compliance with the law and internal policies and regulations – these are the principles on which Deutsche Telekom’s business activities are based. Our Code of Conduct is the central reference framework for lawful and ethical conduct. It is supplemented by other specific policies, such as the Group Policy on Avoiding Corruption and Other Conflicts of Interest, the antitrust policy, and our digital ethics guidelines on AI. In following the AI guidelines, we have made it our goal to use and refine our AI products and services in a responsible manner. AI must be designed to be human-centric, to protect the sovereignty, freedom from discrimination, and freedom of speech of the persons involved.

An overview of our most important policies is available on our website.

Raising awareness of compliance risks among staff

We support our employees Group-wide with a variety of measures to ensure that their everyday work remains ethical and legally compliant:

  • A policies database that helps staff find and implement applicable regulations
  • Regular compliance and anti-corruption training, which is also part of our onboarding process for new employees (see GRI 205-2)
  • International introduction of “Compliance Basics” online training course in 2021. Our employees must repeat this course every two to three years. 
  • It features short, to-the-point videos on compliance topics of relevance to everyday work procedures. They are available to employees at all times, via the internal portal YAM UNITED and LinkedIn
  • Since 2013, on the occasion of UN International Anti-Corruption Day on December 9: Annual execution of international communication campaigns and a variety of measures at the companies. In 2022, for instance, we held an international live stream featuring a comprehensive talk with Board of Management member Birgit Bohle, Chief Compliance Officer Marie von der Groeben, and the Wirecard whistleblower Pav Gill. The objective of the session was to raise awareness among employees of the topics of whistleblowing, a speak-up culture, and corruption. In addition, the Board of Management members pointed out the risks of corruption in a joint email.
  • AskMe - the consultation desk for compliance and ethical and lawful conduct. This portal gives employees answers to compliance issues that often come up at work (FAQs).  They also have the possibility of contacting the AskMe advisory team, which provides reliable recommendations for behavioral uncertainties relevant to compliance. The number of inquiries and the topics covered can be viewed here
  • Annual compliance risk assessment (CRA), which we use to identify and assess compliance risks in Group companies and organizational units and then derive key areas for suitable preventive measures
  • Regular anti-corruption statements by Deutsche Telekom Board of Management members
  • Additional preventive measures in our annual compliance program derived from the compliance risk situation.
Reporting against standards


Global Reporting Initiative (GRI)

  • GRI 2-26 (General Disclosures)
  • GRI 205-2 (Anti-corruption)

Systematic handling of infractions

We follow up on all tip-offs related to a violation of legal or internal regulations, provided the description of the facts is adequate. One of the channels we use to receive tip-offs is the whistleblower portal TellMe.

  • All tip-offs are treated as confidential, checked for plausibility, and carefully investigated.
  • Any violations we uncover will be rigorously sanctioned, without exception, according to legal provisions, regardless of the rank and position of the persons involved. This also includes possible termination of the employment relationship and an assertion of claims for damages. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.
Reporting against standards


Global Reporting Initiative (GRI)

  • GRI 2-25 (General Disclosures)
  • GRI 2-26 (General Disclosures)

TellMe whistleblower portal

Our TellMe whistleblower portal gives our employees, as well as external parties such as business partners and customers, the possibility to report misconduct – and do so anonymously. We have introduced a Group-wide reporting process to control and monitor these activities.

  • All compliance-relevant tip-offs are treated as confidential, checked for plausibility, and carefully investigated. This is also true of tip-offs we receive through other channels.
  • Most of the tip-offs received in 2022 focused on “financial interests” (possible cases of fraud, breach of trust, manipulation of targets, and unfair sales methods).
  • In confirmed cases, we impose systematic sanctions that are proportionate to the act and the guilt of the perpetrator and are in line with applicable legal provisions. We publish other details, such as information about implemented measures, on our website.

Receipt and handling of tip-offs on the TellMe portal*

  2022 2021 2020

Reports (overall)




Compliance-relevant tip-offs




Thereof anonymous tip-offs




Confirmed misconduct




Under investigation




Non-plausible tip-offs




* Tip-offs received directly by the international companies are only included here if they are relevant to the Group.

Reporting against standards


Global Reporting Initiaitve (GRI)

  • GRI 2-25 (General Disclosures)

Measures to strengthen our corporate culture

Our culture of compliance, which fosters lawful and ethical conduct, is a central component of our corporate culture.

The world is getting increasingly complex and we are confronted with new challenges and regulations every day. This makes it more important than ever to offer reliable guidance to all employees, to enable them to act confidently and ethically in different situations.

Our eLearning offerings for compliance have been established. Group-wide, these eLearnings also include value-based, cultural, and integrity-related aspects – such as our eLearning Code of Conduct, Basic ethical concepts in day-to-day business and Compliance Basics. We also held in-person training with Board of Management members and top management in 2022, in which we processed and discussed the best conduct in typical compliance dilemma situations based on case examples.

Our ICARE check, a self-test with five simple questions, supports our employees in making the right, responsible decisions in difficult situations.

Worldwide cooperation for compliance

Different legal frameworks and cultural values in the countries where Deutsche Telekom is active represent a significant compliance challenge for us. The increasingly dynamic development of global markets, new digital business models, and intensified international competition also influence our compliance strategy.

To meet the Group’s demands as an international corporation, we regularly discuss strategic compliance topics with compliance officers at our international Group companies worldwide. In 2022, the compliance officers at the largest and most strategically important international units once again met in person, together with experts from the Group Compliance unit at a conference for the first time since the coronavirus pandemic. The onboarding process of our new international compliance managers involves inviting them to Germany, to familiarize them with compliance topics, our culture of compliance, and the challenges facing the Group, in addition to introducing them to their colleagues. International interaction also takes place during monthly online “compliance community calls.” Topics for 2022 included: “Presenting new features in the compliance reporting tool,” “Compliance tasks in the ESG img governance framework,” “Digital ethics,” and “Presenting the international compliance teams and work priorities.” The compliance community calls also involved presentations of best practices that were developed from compliance audits img in the Group and explanations by the units.

We also discuss compliance issues with other companies and with expert groups. In addition, we regularly promote the further development of compliance standards and management systems through specialist presentations, publications, and other contributions.  

Commitment to anti-corruption initiatives

We participate regularly in the work of national and international organizations that focus primarily on compliance issues. As a member of associations and organizations such as the German Institute for Compliance (DICO e.V.), the Compliance & Integrity forum of ZfW (Center for Business Ethics) and BITKOM, Germany’s digital association, we make use of opportunities to exchange ideas and experiences related to compliance.

For years now we have been using the United Nations International Anti-Corruption Day on December 9 as an opportunity to raise awareness in the Group about the issue of bribery and corruption. For more details, see the section “Raising awareness among staff”.

Responsible use of artificial intelligence (AI)

Digital responsibility img is a task for society as a whole. Deutsche Telekom develops artificial intelligence (AI) and uses it in a variety of products. Our Board of Management members Claudia Nemat and Birgit Bohle actively contribute to discussions on this topic. AI systems have long become an integral component of how we work. For example, they are used to answer inquiries as quickly as possible.
Like our commitments to high service quality and digital sovereignty, we are committed to the ethical use of AI that focuses on people and their needs. 

Against this backdrop, in 2018 we were one of the first companies in the world to develop digital ethics guidelines on AI. They clarify how we at Deutsche Telekom intend to use AI responsibly and develop our AI-based products and services. Our AI guidelines outline an approach in which AI is developed with people and their needs in mind. They are oriented to the pertinent legal foundations – and to our Code of Human Rights & Social Principles, in which we commit ourselves to upholding and promoting human rights.

To support the specifics of implementing our AI guidelines, we saw a need to take additional steps, issue additional rules, and introduce additional processes. To that end, we have initiated the following measures:

  • True to the motto “share and enlighten,” we have created an online training course on “Digital Ethics” for our employees and held presentations on AI-related topics at the German and international levels.
  • As part of our work as a member of various bodies, we share our experiences and insights with other companies. This occurs, for example, in our work in the Federation of German Industries (BDI); the German Association for Information Technology, Telecommunications and New Media (Bitkom); the German Association for the Digital Economy (BVDW); and the D21 digitalization initiative.

The following measures have been implemented in support of active application of our AI guidelines:

  • We developed the “Professional Ethics” guide together with our technology experts and project managers. The guide presents best practices, methods, and tips for applying the AI Guidelines to development processes. With this guide, we are seeking to ensure that all developers who work with AI conform to the AI guidelines and implement them in the systems and products they develop.
  • We conduct “digital ethics assessments” to ensure that our ethical AI requirements can continue to be considered and implemented in our development processes, as part of our “ethics by design” approach.
  • In addition, we have added the AI Guidelines to the curricula for various training and development courses for our employees. For example, we have developed relevant training events for our Data Scientist training program and our “Re-Skilling Academy,” and we offer these events in various attractive formats in the framework of Telekom Vocational Training, including virtual tours, online training and “Digital Learning Journeys.”
  • To ensure that our high ethical standards for AI development are also reflected in our supply chain, we supplemented our Supplier Code of Conduct in 2020 with content related to our AI guidelines and updated it in the year under review – making us a pioneer in this area as well.
  • In addition, an interdisciplinary “digital ethics” team was founded in 2022, which takes care of the further development, support, and implementation of digital ethics issues at the Deutsche Telekom Group, also preparing the enforcement of the upcoming EU AI Act. The Group is steered by the Board of Management members for Technology and Innovation (VTI) and for HR and Legal Affairs, Labor Director (VP) in a co-creation approach.

Further development of the Compliance organization

Dynamic challenges in our market environment, increasing regulatory requirements, and changes in the working world require continual adjustments to our compliance management system. We also keep the knowledge of our Compliance staff up to date with requirement-based, situation-related training courses and cross-company interchange formats, among other measures. In addition to professional development, these courses cover topics such as agility img, modern working, and tools and processes.

To adapt our Compliance organization to the increasing demands of our internal and external customers and to agile img working methods, the Group Compliance organization has been structured according to an agile organizational model and has been working with agile methods since 2021. This organization continued to evolve in 2022, with a focus on customers, processes, and digitalization.  

This ongoing development of our Compliance organization is intended to contribute to our customer-centric, lawful, sustained success as a company. Our compliance strategy focuses on our target vision of a leading digital compliance management system (leading digital CMS). 

In this vision, the CMS supports the following: 

  • Integrating compliance requirements in business processes as seamlessly as possible 
  • Showing the Group-wide status of the CMS and existing compliance risks at all times, transparently and up to date 
  • It actively takes up and addresses new developments in the business and regulatory domains and uses the insights gained for continuous improvement

The key components of leading digital CMS are culture, trust, and simplicity. 

  • Culture is the foundation of how we work together. Compliance cannot succeed without a good, open corporate culture in which every individual is willing to take responsibility, admit mistakes, and point out risks. 
  • Trust goes in two directions: The Compliance function serves as a trusted advisor, which develops solutions for dealing with compliance risks together with the business units. Conversely, the Compliance unit also returns this trust by only defining binding guidelines, where deemed necessary under risk aspects.  
  • Simplicity means that we want to make it as simple as possible for everyone at the company to follow the rules and implement compliance requirements. This means formulating the rules clearly and simply, for instance, and limiting them to what is essential.

To achieve the objective of a leading digital CMS, we have defined specific measures that we are implementing step by step. We achieved initial successes with it in 2022

  • We created the Compliance Digital Transformation cluster to consolidate digitalization know-how and drive forward the ongoing development and digitalization of compliance processes. 
  • Digitalization starts with a critical analysis of existing processes. Over the past year, we have identified significant simplifications in our compliance toolkit that intensify cross-functional collaboration with all risk owners with regard to the compliance risk assessment, and also designed a digital compliance reporting tool.  
  • To address “trust,” “culture,” and “simplicity” overall, we developed the ICARE check, a simple self-test with five questions for critical situations. The test is intended to help all employees master difficult situations and judge whether they should obtain advice before deciding on how to proceed further. 
  • We also supplemented our classroom training courses with dilemma situations from everyday business. Joint, interactive discussion of situations from everyday business that often make it difficult to find the right answer has resulted in a trusting, open dialog in the training courses, contributing to both the “culture” and “trust” elements.
  • Together with colleagues from the Board of Management department for Technology and Innovation, we initiated the Digital Ethics squad, to ensure together that we also act in accordance with our requirements of compliance and integrity in the digital world and when using artificial intelligence, and are prepared for new European frameworks like the EU AI Act. 
  • In addition, we responded to new statutory requirements, making changes to our compliance risk assessment and our TellMe whistleblower portal, within the framework of a project headed by Corporate Responsibility to implement German Supply Chain Act.
More... All news