Our compliance culture is a key component for corporate governance based on integrity and respect. We have expressed our Group-wide commitment to complying with ethical principles and both legal and statutory requirements. This commitment has been incorporated in our Guiding Principles and Code of Conduct.
Integrity – which necessarily encompasses compliance – forms the basis of all our business decisions and activities. It defines the behavior of all our employees in dealings with customers, employees, investors, managers, and Deutsche Telekom’s overall sphere of operations.
We have implemented a compliance management system (CMS) with the objective of minimizing risks from systematic breaches of legal or ethical standards. In this approach, we address risks that could result in regulatory or criminal liability of the company, its executive bodies, or its employees – or in significant harm to the company’s reputation. The Board of Management considers its overall responsibility for compliance as a key leadership task. Our Chief Compliance Officer is responsible for the design and management of the CMS. Compliance officers implement the CMS and our compliance goals locally at the level of our operating segments and national companies.
Our compliance work pursues the following objectives in particular:
Global Reporting Initiative (GRI)
We have our compliance management system audited 
and certified regularly by independent auditors, with particular attention paid to anti-corruption measures. In the 2020 and 2021 financial years, 22 companies were audited successfully: nine German companies in 2020 and 13 international companies in 2021. The audits focused in particular on processes in the companies that are exposed to an increased risk of corruption in general, for example, in procurement, sales, events, donations, sponsorships, mergers and acquisitions, and human resources. The next audit of selected Group companies for certification purposes (IDW PS 980 audit standard) is planned for the 2024 and 2025 financial years.
Compliance risk assessments (CRAs) are a foundation of our compliance management system. We use CRAs to identify and assess compliance risks and implement appropriate preventive measures based on their results. To this end, we have introduced a process to be carried out at regular intervals. The companies that are inspected through CRAs are selected according to risk, using a model based on the maturity of the companies in question.
The Board of Management and the Audit Committee of the Supervisory Board of Deutsche Telekom are notified of the results of a compliance risk assessment.
The CRA methodology was adjusted in the reporting year and a focus CRA carried out. The focus CRA is a further evolution of the existing CRA approach. Under the new approach, the goal is to assess the effectiveness of the control environment in selected compliance risk areas. We piloted this approach in 2023, with a primary focus on our procurement processes. Ten international companies (the Europe and Systems Solutions operating segments) and one national company (Germany operating segment ) participated in this focus CRA pilot project. The companies were selected according to risk, with a focus on international companies with their own procurement organization. The respective Group companies are responsible for carrying out both the focus CRA and the standard CRA. The central compliance organization manages the overall process, providing support and advice at all stages.
As a company listed on a United States stock exchange, T-Mobile US uses its own methodology to carry out a risk assessment; it reports regularly on this risk assessment to the relevant bodies, which include representatives of Deutsche Telekom AG.
Global Reporting Initiative (GRI)
Our compliance culture is a key component for corporate governance based on integrity and respect. We have expressed our Group-wide commitment to complying with ethical principles and both legal and statutory requirements. This commitment has been incorporated in our Guiding Principles and Code of Conduct.
The Code of Conduct is further detailed by additional internal policies aimed, for example, at preventing corruption and breaches of antitrust laws.
Our compliance policies include strict requirements for providing gratuities to public officials, including facilitation payments in particular.
The Group Policy on Avoiding Corruption and Other Conflicts of Interest includes a basic rule that requires all employees to keep their personal interests separate from those of the company. In individual cases where conflicts of interest are unavoidable, employees are required to disclose and document such conflicts.
With our digital ethics guidelines for artificial intelligence (AI), we are committed to ensuring that our AI-based products and services are used responsibly, including future developments. AI must be designed to be human-centered, to protect the sovereignty, freedom from discrimination, and freedom of speech of the persons involved.
An overview of our most important policies is available on our website.
We support our employees Group-wide with a variety of measures to ensure that their everyday work remains ethical and legally compliant: This includes:
module on the fundamentals of compliance to all domestic and international Group employees (not including TMUS) that addresses anti-corruption and other topics. This module is available in 14 languages. It also contains an in-depth section on dealing with (potential) conflicts of interest (see GRI 205-2)Regular commitment by the members of the DTAG Board of Management to strict compliance with applicable laws (particularly the ban on corruption)
For Deutsche Telekom, compliance with valid laws, internal policies, and principles of conduct is essential, because we know that corporate success is built on a foundation of integrity, ethics, and personal responsibility. That’s why we want to avoid all risks that could question our integrity and harm others.
If we are to live up to this responsibility, it is important that we are made aware of any misconduct that could have an impact on compliance.
Deutsche Telekom therefore provides all employees and external parties with a means of reporting violations of laws and internal regulations – even anonymously – through the TellMe whistleblower portal, which has been in place since 2006. This also includes tip-offs regarding human rights-related and environmental risks, as well as legal violations in our global supply chain. It can involve the actions of our employees in internal business units of Group companies, as well as those of our suppliers or business partners. We follow up on all tip-offs related to a violation of legal or internal regulations, provided the description of the facts is adequate.
If requested, all information provided by whistleblowers will be treated in confidence to the extent permitted by law. Provided that whistleblowers have acted to the best of their knowledge and in good faith and have not broken any applicable law themselves, they will not suffer any disadvantage or harm as a result of raising their concern. Reprisals against whistleblowers are prohibited, including threats of and attempts at reprisals. Every report will be thoroughly examined, suspected cases will be investigated, and any breaches rigorously followed up. Any violations we uncover will be rigorously sanctioned, without exception, according to legal provisions, regardless of the rank and position of the persons involved. This also includes possible termination of the employment relationship and an assertion of claims for damages. Any weaknesses identified in the internal control system during the investigation are systematically analyzed and remedied.
We have introduced a Group-wide reporting process to control and monitor these activities.
Receipt and handling of tip-offs on the TellMe portal*
| 2021 | 2022 | 2023 | |
|---|---|---|---|
| Reports (overall) | 901 | 839 | 1 047 |
| Compliance-relevant tip-offs | 87 | 81 | 85 |
| Thereof anonymous tip-offs | 29 | 28 | 41 |
| Confirmed misconduct | 47 | 39 | 29 |
| Under investigation | 13 | 13 | 15 |
| Non-plausible tip-offs | 18 | 9 | 20 |
| Non-compliance-relevant tip-offs | 814 | 758 | 962 |
* Tip-offs received directly by the international companies are only included here if they are relevant to the Group.
In addition to Deutsche Telekom’s internal points of contact and reporting channels like the TellMe portal, whistleblowers can also use external reporting channels (only available in German).
Global Reporting Initiative (GRI)
Compliance and integrity are key components of our corporate culture.
The world is getting increasingly complex and we are confronted with new challenges and regulations every day. This makes it more important than ever to offer reliable guidance to all employees, to enable them to act confidently and ethically in different situations.
Our e-learning offerings for compliance have been established Group-wide, including those covering value-based, cultural, and integrity-related aspects. In 2023, we rolled out an e-learning module on the fundamentals of compliance to all domestic and international Group employees (not including T-Mobile US) that addresses anti-corruption and other topics. This module is available in 14 languages. We also held in-person training with Board of Management members and top management in 2023, in which we processed and discussed proper conduct in typical compliance dilemmas based on practical examples.
Our ICARE check, a self-test with five simple questions, supports our employees in making the right, responsible decisions in difficult situations.
Different framework conditions in the countries where Deutsche Telekom is active represent a significant compliance challenge for us. The increasingly dynamic development of global markets, new digital business models, and intensified international competition also influence our compliance strategy.
To meet the Group’s demands as an international corporation, we regularly discuss strategic compliance topics with compliance officers at our international Group companies. At our International Compliance Days in 2023, compliance officers and compliance managers from our international and local units met in person with experts from Group Compliance to discuss current topics. In addition, new compliance managers were invited to an onboarding session at Deutsche Telekom’s headquarters in the year under review. In addition to the opportunity to meet their colleagues on the central Compliance team in person, the employees also learned about compliance processes, topics, and culture, along with challenges in the Group. Two classroom courses were held for new compliance managers in the year under review, culminating in the designation “Certified Compliance Manager.”
Each local department has a key account manager from the Group Compliance team, who exchanges information with them on a regular basis. More international exchange takes place in regular, virtual compliance community calls, where compliance managers from local units take part in activities such as presenting their departments and local challenges to the community. Other topics in the virtual meetings included the compliance strategy, results from the compliance risk assessment, the compliance e-learning , the German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz – LkSG), and generative AI.
We also discuss compliance issues with other companies and with expert groups. In addition, we regularly promote the further development of compliance standards and management systems through specialist presentations, publications, and other contributions.
We participate regularly in the work of national and international organizations that focus primarily on compliance issues. As a member of associations and organizations such as the German Institute for Compliance (DICO e. V.), the Compliance & Integrity forum of ZfW (Center for Business Ethics) and Bitkom, Germany’s digital association, we make use of opportunities to exchange ideas and experiences related to compliance.
For years now we have been using the United Nations International Anti-Corruption Day on December 9 as an opportunity to raise awareness in the Group about the issue of bribery and corruption. For more details, see the “Raising awareness of compliance risks among staff” section.
Digital responsibility is a task for society as a whole. Deutsche Telekom develops artificial intelligence (AI) and uses it in a variety of products and services for our customers and for internal use. AI systems have long become an integral component of how we work. For example, they are used to answer customer inquiries in the best possible way.
Like our commitments to high service quality and digital sovereignty, we are committed to the ethical use of AI that focuses on people and their needs (human-centered AI).
We are taking the following measures to ensure that human-centric AI is embedded at the company:
, DT Service, Legal, Group Privacy, Group Public and Regulatory Affairs, Patent & Brand, T-Systems, and Deutsche Telekom Services Europe and organizationally incorporated into the Law and Integrity area of the Compliance department. It deals with the ongoing development, support, and implementation of digital ethics throughout the Deutsche Telekom Group. It focuses on the implementation of foreseeable requirements from future AI regulation by the European Union.Against backdrop of human-centered AI, in 2018 we were one of the first companies in the world to develop guidelines for the ethical use of our AI. These guidelines illustrate how we use AI responsibly. Our AI guidelines outline an approach in which AI is developed with people and their needs in mind. They are oriented to the pertinent legal foundations – and to our Code of Human Rights, in which we commit ourselves to upholding and promoting human rights and taking responsibility.
To further detail our AI guidelines and put them into practice, we have initiated measures such as the following:
Dynamic challenges in our market environment, increasing regulatory requirements, and changes in the working world require continual adjustments to our compliance management system. We also keep our Compliance staff’s knowledge up to date with requirement-based, situation-related training courses and cross-company interchange formats, among other measures. In addition to professional development, these courses cover topics such as agility , modern working, and tools and processes.
To adapt our Compliance organization to the increasing demands of our internal and external customers and to agile working methods, the Group Compliance organization has been structured according to an agile organizational model with a focus on customer centricity, processes, and digitalization and has been working with agile methods since 2021.
This ongoing development of our Compliance organization is intended to contribute to our customer-centric, lawful, sustained success as a company. Our compliance strategy focuses on our target vision of a leading digital compliance management system (leading digital CMS).
We envision a compliance management system (CMS) that does the following:
The key components of leading digital CMS are culture, trust, and simplicity.
To achieve the objective of having a leading digital CMS, we have defined specific measures that we are implementing step by step.
module on the fundamentals of compliance to all domestic and international Group employees (not including T-Mobile US) that addresses anti-corruption and other topics. This module is available in 14 languages. Based on a new learning concept, it incorporates a “tone from the top” approach – compliance as practiced by Board of Management members – combined with many interactive elements. The aim is to teach employees about compliance in a simple, playful manner.Our measures for the organization’s evolution with regard to artificial intelligence (AI) are listed here.
As a US-listed company, T-Mobile US conducts a risk assessment based on its own methodology. The outcome is regularly reported to the relevant bodies, including representatives of Deutsche Telekom AG. Before T-Mobile US selects suppliers, a centralized Third-Party Risk Management (TPRM) process screens for anti-corruption, global sanctions, and human rights violations, as well as financial, security, reputational, and environmental risks. Supplier risk assessments are performed on an ongoing basis depending on the risk profile of the supplier. Automated, real-time workflows in TPRM look for any adverse news or changes in supplier risk profiles and continually monitor current suppliers for policy violations and risks. Events or issues detected by TPRM monitoring are escalated to the enterprise legal, compliance, and business teams for review and recommended handling.
T-Mobile US expects its affiliates, business partners, suppliers, and their stakeholders to comply with its Human Rights Statement. This covers areas such as discrimination, working conditions, and freedom of expression. Furthermore, T-Mobile US uses its Responsible Sourcing Policy to encourage suppliers to set their own science-based emissions reduction targets, and the policy tracks supplier performance through regular assessments managed by EcoVadis .
Finding solutions
means finding the courage
for open dialog, even beyond
the boundaries of a company.
Let’s all dare to be
more transparent!
Finding solutions means finding the courage for open dialog, even beyond the boundaries of a company. Let’s all dare to be more transparent!
Find out more about the topic
Strategy in the topic specials
Find out more about the topic Strategy in the topic specials
