Close all Expand all

A compliance management system aligned with the company’s risk situation

Our compliance culture is a key component for corporate governance based on integrity and respect. We have expressed our Group-wide commitment to complying with ethical principles and both legal and statutory requirements. This commitment has been incorporated in our Guiding Principles and Code of Conduct.

Integrity – which necessarily encompasses compliance – forms the basis of all our business decisions and activities. It defines the behavior of all our employees in dealings with customers, employees, investors, managers, and Deutsche Telekom’s overall sphere of operations.

We have implemented a compliance management system (CMS) with the objective of minimizing risks from systematic breaches of legal or ethical standards. In this approach, we address risks that could result in regulatory or criminal liability of the company, its executive bodies, or its employees – or in significant harm to the company’s reputation. The Board of Management considers its overall responsibility for compliance as a key leadership task. Our Chief Compliance Officer is responsible for the design and management of the CMS. Compliance officers implement the CMS and our compliance goals locally at the level of our operating segments and national companies.

Our compliance work pursues the following objectives in particular:

  • Fostering a compliance culture and ethical conduct
  • Identifying, analyzing, and assessing compliance risks at an early stage
  • Integrating preventive measures in business processes early and permanently, to prevent breaches of compliance
  • Responding consistently to any breaches of compliance
  • Minimizing liability risks for the company
  • Being viewed as a dependable partner by customers and business partners



Global Reporting Initiative (GRI)

  • GRI 2-23 (General Disclosures)
  • GRI 2-25 (General Disclosures)
  • GRI 2-26 (General Disclosures)
  • GRI 205 3-3 (Management of material topics)
Please do not enter any personal data in the question field.
After you have sent your question, you will receive a prompt reply from our experts.

Send question

Our contribution to the SDGs


Ongoing audit of compliance management continued

We have our compliance management system audited img and certified regularly by independent auditors, with particular attention paid to anti-corruption measures. In the 2020 and 2021 financial years, 22 companies were audited successfully: nine German companies in 2020 and 13 international companies in 2021. The audits focused in particular on processes in the companies that are exposed to an increased risk of corruption in general, for example, in procurement, sales, events, donations, sponsorships, mergers and acquisitions, and human resources. The next audit of selected Group companies for certification purposes (IDW PS 980 audit standard) is planned for the 2024 and 2025 financial years.


Further development of the compliance management system through regular risk assessment

Compliance risk assessments (CRAs) are a foundation of our compliance management system. We use CRAs to identify and assess compliance risks and implement appropriate preventive measures based on their results. To this end, we have introduced a process to be carried out at regular intervals. The companies that are inspected through CRAs are selected according to risk, using a model based on the maturity of the companies in question.

The Board of Management and the Audit Committee of the Supervisory Board of Deutsche Telekom are notified of the results of a compliance risk assessment.

The CRA methodology was adjusted in the reporting year and a focus CRA carried out. The focus CRA is a further evolution of the existing CRA approach. Under the new approach, the goal is to assess the effectiveness of the control environment in selected compliance risk areas. We piloted this approach in 2023, with a primary focus on our procurement processes. Ten international companies (the Europe and Systems Solutions operating segments) and one national company (Germany operating segment img) participated in this focus CRA pilot project. The companies were selected according to risk, with a focus on international companies with their own procurement organization. The respective Group companies are responsible for carrying out both the focus CRA and the standard CRA. The central compliance organization manages the overall process, providing support and advice at all stages.

As a company listed on a United States stock exchange, T-Mobile US uses its own methodology to carry out a risk assessment; it reports regularly on this risk assessment to the relevant bodies, which include representatives of Deutsche Telekom AG.


Global Reporting Initiative (GRI)

  • GRI 2-16 (General Disclosures)
  • GRI 2-25 (General Disclosures)
  • GRI 205-1 (Anti-corruption)

A clear reference framework: Deutsche Telekom’s compliance policies

Our compliance culture is a key component for corporate governance based on integrity and respect. We have expressed our Group-wide commitment to complying with ethical principles and both legal and statutory requirements. This commitment has been incorporated in our Guiding Principles and Code of Conduct.

The Code of Conduct is further detailed by additional internal policies aimed, for example, at preventing corruption and breaches of antitrust laws.

Our compliance policies include strict requirements for providing gratuities to public officials, including facilitation payments in particular.

The Group Policy on Avoiding Corruption and Other Conflicts of Interest includes a basic rule that requires all employees to keep their personal interests separate from those of the company. In individual cases where conflicts of interest are unavoidable, employees are required to disclose and document such conflicts.

With our digital ethics guidelines for artificial intelligence (AI), we are committed to ensuring that our AI-based products and services are used responsibly, including future developments. AI must be designed to be human-centered, to protect the sovereignty, freedom from discrimination, and freedom of speech of the persons involved.

An overview of our most important policies is available on our website.


Global Reporting Initiative (GRI)

  • GRI 2-28 (General Disclosures)

Raising awareness of compliance risks among staff

We support our employees Group-wide with a variety of measures to ensure that their everyday work remains ethical and legally compliant: This includes:

  • A policies database that helps staff find and implement applicable regulations
  • Regular compliance and anti-corruption training, which is also part of our onboarding processes for new employees. In the year under review, we rolled out an e-learning img module on the fundamentals of compliance to all domestic and international Group employees (not including TMUS) that addresses anti-corruption and other topics. This module is available in 14 languages. It also contains an in-depth section on dealing with (potential) conflicts of interest (see GRI 205-2)
  • It features short, to-the-point videos on compliance topics of relevance to everyday work procedures. They are available to employees at all times, via the YAM UNITED intranet portal and LinkedIn
  • Since 2013, to mark the worldwide UN Anti-Corruption Day each December 9: annual implementation of Group-wide communication campaigns and a variety of anti-corruption awareness activities at the companies
  • AskMe – the advisory portal for questions regarding compliance and integrity. This portal gives employees answers to compliance issues that often come up at work (FAQs). Employees also have the opportunity to contact the AskMe consulting team with any questions they may have about compliance. The number of inquiries and the topics covered can be viewed here

Regular commitment by the members of the DTAG Board of Management to strict compliance with applicable laws (particularly the ban on corruption)


Global Reporting Initiative (GRI)

  • GRI 2-26 (General Disclosures)
  • GRI 205-2 (Anti-corruption)

Systematic handling of breaches of compliance through the TellMe whistleblower portal

For Deutsche Telekom, compliance with valid laws, internal policies, and principles of conduct is essential, because we know that corporate success is built on a foundation of integrity, ethics, and personal responsibility. That’s why we want to avoid all risks that could question our integrity and harm others.

If we are to live up to this responsibility, it is important that we are made aware of any misconduct that could have an impact on compliance.

Deutsche Telekom therefore provides all employees and external parties with a means of reporting violations of laws and internal regulations – even anonymously – through the TellMe whistleblower portal, which has been in place since 2006. This also includes tip-offs regarding human rights-related and environmental risks, as well as legal violations in our global supply chain. It can involve the actions of our employees in internal business units of Group companies, as well as those of our suppliers or business partners. We follow up on all tip-offs related to a violation of legal or internal regulations, provided the description of the facts is adequate.

If requested, all information provided by whistleblowers will be treated in confidence to the extent permitted by law. Provided that whistleblowers have acted to the best of their knowledge and in good faith and have not broken any applicable law themselves, they will not suffer any disadvantage or harm as a result of raising their concern. Reprisals against whistleblowers are prohibited, including threats of and attempts at reprisals. Every report will be thoroughly examined, suspected cases will be investigated, and any breaches rigorously followed up. Any violations we uncover will be rigorously sanctioned, without exception, according to legal provisions, regardless of the rank and position of the persons involved. This also includes possible termination of the employment relationship and an assertion of claims for damages. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.

We have introduced a Group-wide reporting process to control and monitor these activities.

  • Most of the tip-offs received in 2023 focused on “financial interests” (possible cases of fraud, embezzlement, manipulation of targets, and unfair sales methods).
  • In confirmed cases, we impose systematic sanctions that are proportionate to the act and the guilt of the perpetrator and are in line with applicable legal provisions. We publish other details, such as information about implemented measures, on our website.

Receipt and handling of tip-offs on the TellMe portal*

  2021 2022 2023

Reports (overall)



1 047

Compliance-relevant tip-offs




Thereof anonymous tip-offs




Confirmed misconduct




Under investigation




Non-plausible tip-offs




Non-compliance-relevant tip-offs 814 758 962

* Tip-offs received directly by the international companies are only included here if they are relevant to the Group.

In addition to Deutsche Telekom’s internal points of contact and reporting channels like the TellMe portal, whistleblowers can also use external reporting channels (only available in German).


Global Reporting Initiative (GRI)

  • GRI 2-25 (General Disclosures)
  • GRI 2-26 (General Disclosures)
  • GRI 2-27 (General Disclosures)
  • GRI 406-1 (Non-discrimination)

Measures to strengthen our corporate culture

Compliance and integrity are key components of our corporate culture.

The world is getting increasingly complex and we are confronted with new challenges and regulations every day. This makes it more important than ever to offer reliable guidance to all employees, to enable them to act confidently and ethically in different situations.

Our e-learning img offerings for compliance have been established Group-wide, including those covering value-based, cultural, and integrity-related aspects. In 2023, we rolled out an e-learning module on the fundamentals of compliance to all domestic and international Group employees (not including T-Mobile US) that addresses anti-corruption and other topics. This module is available in 14 languages. We also held in-person training with Board of Management members and top management in 2023, in which we processed and discussed proper conduct in typical compliance dilemmas based on practical examples.

Our ICARE check, a self-test with five simple questions, supports our employees in making the right, responsible decisions in difficult situations.


Crossing borders: Worldwide cooperation for compliance

Different framework conditions in the countries where Deutsche Telekom is active represent a significant compliance challenge for us. The increasingly dynamic development of global markets, new digital business models, and intensified international competition also influence our compliance strategy.

To meet the Group’s demands as an international corporation, we regularly discuss strategic compliance topics with compliance officers at our international Group companies. At our International Compliance Days in 2023, compliance officers and compliance managers from our international and local units met in person with experts from Group Compliance to discuss current topics. In addition, new compliance managers were invited to an onboarding session at Deutsche Telekom’s headquarters in the year under review. In addition to the opportunity to meet their colleagues on the central Compliance team in person, the employees also learned about compliance processes, topics, and culture, along with challenges in the Group. Two classroom courses were held for new compliance managers in the year under review, culminating in the designation “Certified Compliance Manager.”

Each local department has a key account manager from the Group Compliance team, who exchanges information with them on a regular basis. More international exchange takes place in regular, virtual compliance community calls, where compliance managers from local units take part in activities such as presenting their departments and local challenges to the community. Other topics in the virtual meetings included the compliance strategy, results from the compliance risk assessment, the compliance e-learning img, the German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz – LkSG), and generative AI.

We also discuss compliance issues with other companies and with expert groups. In addition, we regularly promote the further development of compliance standards and management systems through specialist presentations, publications, and other contributions.


Commitment to anti-corruption initiatives

We participate regularly in the work of national and international organizations that focus primarily on compliance issues. As a member of associations and organizations such as the German Institute for Compliance (DICO e. V.), the Compliance & Integrity forum of ZfW (Center for Business Ethics) and Bitkom, Germany’s digital association, we make use of opportunities to exchange ideas and experiences related to compliance.

For years now we have been using the United Nations International Anti-Corruption Day on December 9 as an opportunity to raise awareness in the Group about the issue of bribery and corruption. For more details, see the “Raising awareness of compliance risks among staff” section.


Responsible use of artificial intelligence (AI)

Digital responsibility img is a task for society as a whole. Deutsche Telekom develops artificial intelligence (AI) and uses it in a variety of products and services for our customers and for internal use. AI systems have long become an integral component of how we work. For example, they are used to answer customer inquiries in the best possible way.

Like our commitments to high service quality and digital sovereignty, we are committed to the ethical use of AI that focuses on people and their needs (human-centered AI).

We are taking the following measures to ensure that human-centric AI is embedded at the company:

  • An interdisciplinary working group on digital ethics was formed with employees from Group Compliance, T-Labs img, DT Service, Legal, Group Privacy, Group Public and Regulatory Affairs, Patent & Brand, T-Systems, and Deutsche Telekom Services Europe and organizationally incorporated into the Law and Integrity area of the Compliance department. It deals with the ongoing development, support, and implementation of digital ethics throughout the Deutsche Telekom Group. It focuses on the implementation of foreseeable requirements from future AI regulation by the European Union.
  • Our Board of Management members Claudia Nemat (Technology and Innovation) and Birgit Bohle (HR and Legal Affairs, Labor Director) are actively involved in coordinating activities in this area. The interdisciplinary working group on digital ethics, for example, was coordinated in a co-creation approach by the two Board of Management members, along with the Chief Compliance Officer and the Head of Group Public & Regulatory Affairs.
  • Deutsche Telekom is taking a pioneering role in the use of AI in IT systems related to employment. To this end, an “AI Manifesto” (only available in German) was developed together with employee representatives to acknowledge the specific challenges posed by AI and incorporate technical and regulatory developments in internal processes. A body of experts consisting of representatives from both groups was formed to support further implementation.
  • A body of experts on ChatGPT was founded at the beginning of the year to address the challenges of generative AI and enable exchange on and assessment of these new technologies across the relevant corporate disciplines. In February 2023, the body developed an action framework called “ChatGPT,” aimed at promoting understanding of the risks and opportunities that large language models present to our employees and establish a culture of enablement. The “ChatGPT” action framework regulates voluntary use of the test version of ChatGPT offered by OpenAI, to ensure that our employees who use this technology do so effectively and with awareness of their responsibilities.
  • To further promote a culture of enablement, the first “Deutsche Telekom Generative AI Prompt-A-Thon” was organized in September, where participants were encouraged to develop prompts to solve a variety of tasks and explore potential future uses of generative AI.
  • In addition, communities focused on topics such as “Human-centered Technology” and operational implementation efforts such as the AI Competence Center (AICC), the Telekom Deutschland Data Tribe, and the T-Systems AI Factory receive central support within this framework to synchronize efforts at the corporate level with existing processes focused on digital ethics.

Against backdrop of human-centered AI, in 2018 we were one of the first companies in the world to develop guidelines for the ethical use of our AI. These guidelines illustrate how we use AI responsibly. Our AI guidelines outline an approach in which AI is developed with people and their needs in mind. They are oriented to the pertinent legal foundations – and to our Code of Human Rights, in which we commit ourselves to upholding and promoting human rights and taking responsibility.

To further detail our AI guidelines and put them into practice, we have initiated measures such as the following:

  • The “Professional ethics” guide was developed together with technology experts and project managers. The guide presents best practices, methods, and tips for applying the AI Guidelines to development processes. With this guide, we seek to ensure that all developers who work with AI conform to the AI guidelines and implement them in the systems and products they develop.
  • We use our “Digital Ethics Assessment” to ensure that our ethical AI requirements can still easily be followed and implemented in our development processes, as part of our “ethics by design” approach.
  • In addition, we have added the AI Guidelines to the curricula for various training and development courses for our employees. For example, we developed advanced training courses for data scientists and for our “Re-Skilling Academy,” in which we offer a variety of attractive formats – such as virtual guided tours and online training – and provide support for learning journeys on AI with extensive coverage of digital ethics.
  • To ensure that our high ethical standards for AI development are also reflected in our supply chain, we supplemented our Supplier Code of Conduct in 2020 with content related to our AI guidelines and updated it in 2022 – making us a pioneer in this area as well.
  • As part of our work as a member of various bodies, we proactively share our experiences and insights with other companies. This occurs, for example, in our work in the Federation of German Industries (BDI); the German Association for Information Technology, Telecommunications and New Media (Bitkom); the German Association for the Digital Economy (BVDW); and the D21 digitalization initiative.

Further development of the Compliance organization

Dynamic challenges in our market environment, increasing regulatory requirements, and changes in the working world require continual adjustments to our compliance management system. We also keep our Compliance staff’s knowledge up to date with requirement-based, situation-related training courses and cross-company interchange formats, among other measures. In addition to professional development, these courses cover topics such as agility img, modern working, and tools and processes.

To adapt our Compliance organization to the increasing demands of our internal and external customers and to agile working methods, the Group Compliance organization has been structured according to an agile organizational model with a focus on customer centricity, processes, and digitalization and has been working with agile methods since 2021.

This ongoing development of our Compliance organization is intended to contribute to our customer-centric, lawful, sustained success as a company. Our compliance strategy focuses on our target vision of a leading digital compliance management system (leading digital CMS).

We envision a compliance management system (CMS) that does the following:

  • Integrating compliance requirements in business processes as seamlessly as possible
  • Showing the Group-wide status of the CMS and existing compliance risks at all times, transparently and up to date
  • Actively takes up and addresses new developments in the business and regulatory domains and uses the insights gained for continuous improvement

The key components of leading digital CMS are culture, trust, and simplicity.

  • Culture is the foundation of how we work together. Compliance cannot succeed without a good, open corporate culture in which every individual is willing to take responsibility, admit mistakes, and point out risks.
  • Trust goes in two directions: The Compliance function serves as a trusted advisor, which develops solutions for dealing with compliance risks together with the business units. Conversely, the Compliance unit also returns this trust by only defining binding guidelines, where deemed necessary under risk aspects.
  • Simplicity means that we want to make it as simple as possible for everyone at the company to follow the rules and implement compliance requirements. This means formulating the rules clearly and simply, for instance, and limiting them to what is essential.

To achieve the objective of having a leading digital CMS, we have defined specific measures that we are implementing step by step.

  • We created the Compliance Digital Transformation cluster to consolidate digitalization expertise and drive forward the ongoing development and digitalization of compliance processes. Our efforts in 2023 included the implementation of our new Compliance Reporting Tool (CRT).
  • To address the modules of trust, culture, and simplicity overall, we developed the ICARE check, a simple self-test with five questions for critical situations. The test is intended to help all employees master difficult situations and judge whether they should obtain advice before deciding on how to proceed further.
  • We also supplemented our classroom training courses with dilemmas from everyday business. Joint, interactive discussion of situations from everyday business that often make it difficult to find the right answer has resulted in a trusting, open dialog in the training courses, contributing to both the “culture” and “trust” elements.
  • In 2023, we rolled out an e-learning img module on the fundamentals of compliance to all domestic and international Group employees (not including T-Mobile US) that addresses anti-corruption and other topics. This module is available in 14 languages. Based on a new learning concept, it incorporates a “tone from the top” approach – compliance as practiced by Board of Management members – combined with many interactive elements. The aim is to teach employees about compliance in a simple, playful manner.
  • In addition, adjustments to compliance risk assessments and the handling of our TellMe whistleblower portal that were needed to implement the German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtgesetz – LkSG) took effect on January 1, 2023.

Our measures for the organization’s evolution with regard to artificial intelligence (AI) are listed here.


United States segment: compliance risk assessment

As a US-listed company, T-Mobile US conducts a risk assessment based on its own methodology. The outcome is regularly reported to the relevant bodies, including representatives of Deutsche Telekom AG. Before T-Mobile US selects suppliers, a centralized Third-Party Risk Management (TPRM) process screens for anti-corruption, global sanctions, and human rights violations, as well as financial, security, reputational, and environmental risks. Supplier risk assessments are performed on an ongoing basis depending on the risk profile of the supplier. Automated, real-time workflows in TPRM look for any adverse news or changes in supplier risk profiles and continually monitor current suppliers for policy violations and risks. Events or issues detected by TPRM monitoring are escalated to the enterprise legal, compliance, and business teams for review and recommended handling.

T-Mobile US expects its affiliates, business partners, suppliers, and their stakeholders to comply with its Human Rights Statement. This covers areas such as discrimination, working conditions, and freedom of expression. Furthermore, T-Mobile US uses its Responsible Sourcing Policy to encourage suppliers to set their own science-based emissions reduction targets, and the policy tracks supplier performance through regular assessments managed by EcoVadis img.

please rotate your device


  • Tim Hoettges

    Foreword by Tim Höttges

    Finding solutions

    means finding the courage

    for open dialog, even beyond

    the boundaries of a company.

    Let’s all dare to be

    more transparent!

    Finding solutions means finding the courage for open dialog, even beyond the boundaries of a company. Let’s all dare to be more transparent!

    Topic overview

    Read more

    Find out more about the topic

    Strategy in the topic specials

    Find out more about the topic Strategy in the topic specials

    More Specials