We revised our risk management system in 2023 and incorporated it to a greater extent into all relevant business workflows. The aim of risk management is to recognize, prevent, or minimize human rights or environmental risks. It is based on individual due diligence obligations, which comprise the following core elements:
- Risk assessments for the entire supply chain
- Preventive and remedial action incl. audits and effectiveness reviews
- Complaints process
- Reporting
Risk assessments for the entire supply chain
We want to use risk assessments to help gain transparency regarding human rights and environmental risks within the supply chain. They should enable us to derive targeted follow-up measures and therefore effectively eradicate or minimize any actual or potential risks. As part of the LkSG risk management system, we carry out annual risk assessments for our own business units in the Group companies included as well as their direct suppliers. This came to 248 Group companies and approx. 20 000 direct suppliers in 2023. The T-Mobile US subgroup is excluded from this and has its own system for carrying out risk assessments.
When carrying out these assessments, we inspected external and internal information, reviewing it for plausibility and prioritizing it accordingly. We have included information from publicly accessible reports on country and industry risks, as well as information from our existing management processes. We received internal information from sources such as complaints processes, the results of the compliance risk assessment, employee surveys, audits, and certifications. We also take into account internal and external knowledge on human rights and the environment from the relevant experts who are appointed and reviewed each year as LkSG specialists. As of the year under review, we are following this process to create an annual risk matrix for our own business as well as a risk scale for suppliers which differentiates between high, medium, and low human rights and environmental risks in the supply chain. The results of the risk matrix are adopted by the Group Board of Management. They form the basis for deriving further measures and are furthermore incorporated into decision-making processes for the company. They also influence our approach to internal and external communication. The results for 2023 were published in our “Annual Policy Statement on the human rights strategy (Annual report LkSG)”.
In addition to the annual assessments, ad hoc risk assessments are carried out for the entire supply chain, including business partners. This also includes considering the risks before entering into a new business relationship such as part of company acquisitions, for example. In 2023, ad hoc risk assessments were triggered by situations such as extreme weather in Greece and the war in the Middle East. Such an assessment was also required within our own business due to the foundation of the new company, Deutsche Telekom Tiefbau GmbH. Other triggers included tip-offs regarding potential risks or violations which were submitted via our TellMe complaints channel.
Deriving and implementing preventive and remedial action
As soon as a high-level risk and/or violation of a due diligence obligation is identified as part of an annual or ad hoc risk assessment, we step in immediately with suitable, risk-based preventive and/or remedial action. This includes, for example, revising and implementing policies or instructions. We also carry out training as needed and perform local, risk-based controls, such as in the form of Human Rights Impact Assessments or internal and external audits.
For example, the following measures were carried out in 2023:
- Amending our Code of Human Rights, incl. our policy statement and adjusting our expectations of employees and suppliers
- Revising and implementing Group-wide human rights training for all Group employees (without T-Mobile US)
- Carrying out in-depth training for employees with a focus on discrimination as part of a newly devised e-learning course
- Implementation of specialist training, such as for procurement roles
- Engagement in networks and associations such as the Joint Alliance for CSR (JAC, formerly known as Joint Audit Cooperation) for the purposes of carrying out joint audits for suppliers on industry-wide and/or overarching topics, the United Nations Global Compact, or econsense.
Based on the risk position as determined, we saw no need for a risk-based audit in 2023 in the form of an on-site Human Rights Impact Assessment for any of the Group companies in scope.
Complaints process
Our whistleblower portal TellMe provides people from all stakeholder groups with the option to report information regarding misconduct. This also provides an opportunity to give tip-offs regarding misconduct affecting human rights or environmental concerns which relate to Deutsche Telekom or our supply chain.
The public can access the procedure through our homepage and via the websites of the Group companies. To ensure that everyone is able to access the complaints process, we accept tip-offs both by phone via a free, international service number as well as via email, post, or online submission through the aforementioned website – all this can be done anonymously too, if needed.
All tip-offs are taken on and processed by trained staff from our Compliance unit. Our experts make sure to adhere to the statutory requirements in doing so and do their best to protect the whistleblower. Insights from complaints and tip-offs are incorporated into the annual risk assessments.
Via the TellMe whistleblower and complaints portal, employees and external third parties can submit information and report complaints – anonymously, if needed. A total of five tip-offs and complaints relating to human rights or environmental law were received via TellMe in the reporting year. In particular, risks relating to civil engineering work for the rollout of optical fiber were derived from the complaints and tip-offs received and factored into the annual risk analysis.
Reporting
We published the following reports and documents focusing on the subject of human rights in the reporting year:
- Code of Human Rights: Part of the policy statement on the human rights strategy in accordance with § 6 II Supply Chain Act (LkSG)
- Annual LkSG report: Results of the annual risk assessment for 2023 as a supplementary policy statement on the human rights strategy of Deutsche Telekom AG as well as the other German Group companies that are subject to reporting duties in accordance with LkSG.
We plan to disclose the official reporting to the supervisory authorities in accordance with LkSG four months after the end of the respective reporting year at the latest via our website in accordance with § 10 LkSG.