4.4 Governance Information
Responsible business conduct is one of the cornerstones of sustainability, ensuring that environmental and social responsibility are embedded in United Internet’s structures and processes. The focus here is both on preventing misconduct and on transparently handling risks, reports, and potential breaches. Effective governance with its transparent processes and reliable values creates trust among employees, end users, and other stakeholders.
United Internet’s double materiality assessment identified a material governance risk:
Misconduct and irregularities
Risk
Breaches of the law and directives in force could impact revenue as a result of lost customers who no longer have confidence in the Company. What is more, illegal or unethical business practices could lead to fines and in individual cases to criminal prosecutions (corruption, bribery, and other forms of illegal behavior).
Own operations
IRO category
Description of the material IROs
Value chain
The following table summarizes the policies and guidelines relating to the “Misconduct and irregularities” risk.
Compliance Guideline
IRO reference: Misconduct and irregularities
Description of the compliance management system, definition of roles and responsibilities in the Group-wide Compliance organization
Group-wide in own operations at all United Internet locations
Corporate Compliance
Anti-Corruption Policy
Employee awareness raising for corruption and preventing conflicts of interest, rules for both accepting and giving gifts and contributions
German Anti-corruption Act (Gesetz zur Bekämpfung der Korruption)
Policy for Awarding Incentives to External Parties
A supplement to the Anti-Corruption Policy aimed in particular at sales units, and setting out e.g., binding rules governing invitations to tender and the design and organization of incentives
Group Policy Dealing with Indications of Compliance Violations and Conducting Internal Investigations
Rules for dealing with indications of compliance violations and for ensuring that internal investigations are conducted in a fair and legally compliant manner
German Supply Chain Due Diligence Act (Lieferketten-sorgfaltspflichtengesetz – LkSG)
Code of Conduct, see the “United Internet’s Workers” section
Whistleblower Protection Policy (Group Policy on Protecting Whistleblowers and Using ‘Integrity Line,’ the Electronic Whistleblowing System, in the United Internet Group), see “Introduction to Social Topics”
Supplier Code of Conduct, see the “Workers in the Value Chain” section for details
Guideline for the Implementation of Supply Chain Due Diligence in the UI Group, see the “Workers in the Value Chain” section for details
Aim of the policy/guideline
Scope
Department responsible
National and international standards and legislation
The binding “Guideline for United Internet’s Compliance Functions” (“Compliance Guideline” for short) describes United Internet’s compliance management system (the “UI CMS” for short) and defines roles and responsibilities in the Group-wide, cross-segment Compliance organization.
United Internet is aware that violations of statutory provisions and requirements do not merely result in legal consequences or the threat of fines; they also entail a loss of trust placed in the Company by its shareholders, customers, business partners, and employees. United Internet’s Management Board has established the Group-wide, risk-based UI CMS to preserve this trust and ensure compliance with statutory requirements and internal policies and guidelines.
The UI CMS is supplemented by compliance units at segment level plus a Corporate Compliance department at the Corporate level. Segment compliance managers are responsible for the concrete design of the segment-related CMS and implement compliance measures at segment level.
The Group Compliance Committee serves as a platform for structured exchanges between Corporate Compliance and segment compliance units, and aims to enhance the UI CMS in a harmonized manner and to organize compliance uniformly within the Group. Uniform Group Compliance is ensured using Group-wide rules, common technical systems, and agreed reporting channels, among other things.
United Internet’s segments are responsible in their own right for ensuring compliance with statutory provisions, with the Compliance Guideline, and with additional internal compliance guidelines in their respective segments. The Head of Corporate Compliance, representing the entire Group-wide Compliance organization, reports directly to United Internet’s Group General Counsel, the Group CFO, and the Audit and Risk Committee established by United Internet’s Supervisory Board.
The Compliance Guideline addresses both the compliance organization – consisting of a clear specification of the roles and responsibilities in the UI CMS including the tasks, organizational structure, and the reporting lines – and compliance monitoring, which aims to determine whether the CMS segment is adequately equipped and effective given the minimum requirements set out by Corporate.
The Anti-Corruption Policy specifies clear rules for accepting and giving gifts and contributions, and explains the measures and processes derived from this. At the same time, it offers United Internet employees practical instructions for avoiding and countering inappropriate requests from third parties effectively and in an ethically acceptable manner. In-person and electronic reporting channels have been established for detecting allegations of corruption and bribery.
The Policy for Awarding Incentives to External Parties supplements the Anti-Corruption Policy for the sales units in particular. It contains binding rules governing invitations to tender, the design and organization of incentives, and events with an incentive character.
The Group Policy Dealing with Indications of Compliance Violations and Conducting Internal Investigations sets out binding, Group-wide requirements. It sets a high standard for dealing with indications of compliance violations, including human rights issues and breaches of environmental due diligence requirements, and ensures that internal investigations are conducted in a fair, legally compliant manner. With it, the Company has established procedures to clarify any (potential) compliance violations without undue delay, stop any violations that have been established, and appropriately sanction misconduct.
The policy sets out requirements for plausibility checking initial suspicions, defines circumstances that serve as triggers for internal investigations, and specifies clear responsibilities and the workflow for the latter. In addition, it defines clear reporting channels for the results of internal investigations and takes the requirements of the German Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG) with respect to grievance procedures into account.
The Whistleblowing Committee is a core element in ensuring that circumstances are investigated adequately. As an internal, ad hoc advisory body it assesses materially important reports of potential compliance violations once they have been plausibility-checked and recommends actions for dealing with these (such as performing internal investigations). The committee is composed of representatives from Corporate Compliance and the relevant segment compliance unit(s), plus representatives from other functions (such as Corporate Audit or HR), where appropriate.
If Corporate Audit is entrusted in certain cases with implementing an internal investigation, the audit findings and the recommendations derived from them are documented in an investigation report and communicated to the senior executive management concerned. Based on the recommendations made, measures are then defined and resolved by the senior executive management responsible. The measures resolved are documented and their implementation is monitored by Corporate Audit.
The Compliance policies and guidelines contain both organizational and workflow-related actions. These are permanent, cyclical actions that have not been assigned an end date.
The overarching objective of all compliance activities is to prevent compliance violations. The aim is to achieve this by taking appropriate measures that are aligned with the Company’s risk position. The three levels of activity – “Prevent, Detect, and Respond” – are taken into account in all cases ( see the “Preventive Measures,” “Determination of Issues,” and “Taking of any Remedial Actions Required” subsections of the “Workers in the Value Chain” section).
Risk assessments are a key way of preventing and detecting corruption and bribery. The goal of risk assessment is for United Internet to evaluate the risks associated with corruption and bribery while taking
into account.
The risk assessments help estimate the potential for incidents and to support the design of strategies and procedures for combating such behavioral risks in a risk-based manner.
Information about corporate policies and guidelines is provided in comprehensive training programs. E-learning courses, such as the e-learning course on the Code of Conduct, are an integral part of the onboarding process and offer employees an interactive approach to their content.
The training policies can vary at segment level and depending on the topic. Data privacy training must be repeated by all employees every two years and is evaluated using end-of-course tests. As a matter of principle, an e-learning format is used for training, which is also tailored by company and target group.
Anti-corruption Training for Preventing Corruption in Relation to At-risk Functions
In fiscal year 2025, United Internet conducted an anti-corruption e-learning course in all segments apart from Business Applications. The training was mandatory for employees in at-risk functions. These functions include the following:
In addition to these at-risk functions, decision-makers (the Management Board, senior executive management, and managers), and functions involved in anti-corruption processes, were included in the mandatory e-learning course.
Compliance Onboarding
United Internet uses the virtual Welcome Days that form part of its employee onboarding procedure to ensure that new employees are informed of the existing reporting channels and material compliance processes from the start. This promotes a clear understanding of, and trust in, the existing systems from the beginning.
E-learning Course on the Code of Conduct
Compliance with the Code of Conduct is facilitated using an e-learning course. Successful knowledge transfer in the e-learning course on the Code of Conduct is tested using multiple-choice questions. The e-learning course on the Code of Conduct is in the planning phase in the Business Access Segment. The Business Applications Segment has held training courses for its own code of conduct since the end of fiscal year 2024.
Compliance Training
Compliance managers, United Internet Vertrauenspersonen, and HR staff receive special training so as to enable them to provide whistleblowers with effective support and to promote a culture of openness.
The topics of anti-corruption and whistleblower management are managed using policies and guidelines, actions, and checks rather than defined targets. The degree of ambition defined consists of using preventive measures to ensure compliance with the rules, and to identify potential breaches at an early stage, clarify them completely, stop them, and sanction them systematically.
The effectiveness of the existing policies and guidelines and actions is monitored on an ongoing basis. This is done in particular by regularly conducting and evaluating mandatory training sessions (e.g., on anti-corruption) and by actively monitoring the whistleblowing system. Effectiveness is assessed e.g., using participation rates for compliance training and metrics that measure the effectiveness of the whistleblowing system. The latter include usage metrics (e.g., the number of reports received), report quality metrics (e.g., the proportion of substantiated reports), and processing metrics.
In fiscal year 2025, the anti-corruption e-learning course was held at all United Internet segments with the exception of the Business Applications Segment, which conducted it most recently in fiscal year 2024.
Training in the Business Access Segment is held regularly every two years. Since the last training course there took place in fiscal year 2025, this segment was included in this year's assessments, in contrast to the information given in the 2024 Sustainability Statement.
The Group-wide training policy, including the intervals at which the course is held, will be harmonized in fiscal year 2026.
The target group for the training comprises all employees in at-risk and process-related functions (2,610), managers (776), and senior executive management (23). Consequently, the target group consisted of 3,409 people in fiscal year 2025. Given a total of 6,432 employees in the segments in which the training was held as planned (i.e., excluding the Business Applications Segment), this corresponds to 53% of the workforce.
All in all, 2,684 employees who were invited successfully completed the training. This corresponds to a 79% participation rate for this year’s target group.
In fiscal year 2024, the figure for the participation rate for the target group was 67%. Comparability is limited here due to the different populations involved, since the Business Access Segment was not included in fiscal year 2024.
The training period in both fiscal year 2025 and the previous years extended beyond the reporting date. Consequently, the participation rates mentioned do not represent the final situation at the end of the respective training periods.
Additional compliance KPIs relating to human rights are to be found in the “Social Information – United Internet’s Workers: Metrics – Human Rights Incidents and Complaints” section.
Template: Proportion of turnover from products or services associated with Taxonomy aligned economic activities — disclosure 2025
€ million
%
Y; N; N/EL
Y/N
E
T
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (Taxonomy-aligned)
Turnover of environmentally sustainable activities (Taxonomy-aligned) (A.1)
0.0
0.0%
N
Of which Enabling
Of which Transitional
A.2 Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)
EL; N/EL
Data processing, hosting, and related activities
CCM 8.1
1,446.2
23.6%
EL
N/EL
25.8%
Sale of second-hand goods
CE 5.4
24.9
0.4%
Turnover of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)
1,471.1
24.0%
26.1%
A. Turnover of Taxonomy eligible activities (A.1+A.2)
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of Taxonomy-non-eligible activities
4,648.8
76.0%
Total
6,119.9
100.0%
Fiscal year 2025
Substantial Contribution Criteria
DNSH criteria
(‘Does Not Significantly Harm’)
Economic Activities (1)
Code(s) (1) (2)
Turnover (3)
Proportion of turnover, year 2025 (4)
Climate Change Mitigation (5)
Climate Change Adaptation (6)
Water (7)
Pollution (8)
Circular Economy (9)
Biodiversity (10)
Climate Change Mitigation (11)
Climate Change Adaptation (12)
Water (13)
Pollution (14)
Circular Economy (15)
Biodiversity (16)
Minimum Safe-guards (17)
Proportion of Taxonomy-aligned (A.1.) or eligible (A.2.) turnover,
year 2024 (18)
Category enabling activity (19)
Category transitional activity (20)
(1) The Code constitutes the abbreviation of the relevant objective to which the economic activity is eligible to make a substantial contribution, as well as the Section number of the activity in the relevant Annex covering the objective, i.e.: - CCM (Climate Change Mitigation) - CE (Circular Economy) Y – Yes, Taxonomy-eligible and Taxonomy-aligned activity with the relevant environmental objective N – No, Taxonomy-eligible but not Taxonomy-aligned activity with the relevant environmental objective EL – eligible, Taxonomy eligible activity for the relevant environmental objective N/EL – not eligible, Taxonomy non-eligible activity for the relevant environmental objective
Template: Proportion of CapEx from products or services associated with Taxonomy-aligned economic activities — disclosure 2025
CapEx of environmentally sustainable activities (Taxonomy-aligned) (A.1)
Transport by motorbikes, passenger cars, and light commercial vehicles
CCM 6.5
5.4
0.5%
0.7%
Acquisition and ownership of buildings
CCM 7.7
32.5
2.9%
2.5%
70.7
6.3%
5.9%
Manufacture of electrical and electronic equipment
CE 1.2
160.2
14.3%
21.2%
Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)
268.8
9.7%
30.3%
A. CapEx of Taxonomy-eligible activities (A.1+A.2)
CapEx of Taxonomy-non-eligible activities
850.2
1,119.0
Year
CapEx (3)
Proportion of CapEx, year 2025 (4)
Minimum Safeguards (17)
Proportion of Taxonomy aligned (A.1.) or eligible (A.2.) CapEx, 2024 (18)
Template: Proportion of OpEx from products or services associated with Taxonomy-aligned economic activities — disclosure 2025
OpEx of environmentally sustainable activities (Taxonomy-aligned) (A.1)
1.3
1.1%
1.2%
Installation, maintenance, and repair of energy efficient equipment
CCM 7.3
0.7
0,6%
20.0
17.8%
16.5%
0.1
0.1%
1.7
1.5%
0.5% (2)
OpEx of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)
23.9
19.6%
1.6%
18.3% (2)
A. OpEx of Taxonomy-eligible activities (A.1+A.2)
OpEx of Taxonomy-non-eligible activities
88.8
78.8%
112.7
Code (1) (2)
OpEx (3)
Proportion of OpEx, year 2025 (4)
Proportion of Taxonomy aligned (A.1.) or eligible (A.2.) OpEx, year 2024 (18)
(2) The prior-year figures have been adjusted. During this year’s review of the EU Taxonomy allocation logic, it was found that repair and maintenance costs for electronic devices were allocated to activity CE 1.2 in the previous year. The corresponding OpEx items were therefore corrected retroactively so as to ensure consistent presentation.
Template 1 – Nuclear and fossil gas related activities
1.
The undertaking carries out, funds or has exposures to research, development, demonstration and deployment of innovative electricity generation facilities that produce energy from nuclear processes with minimal waste from the fuel cycle.
NO
2.
The undertaking carries out, funds or has exposures to construction and safe operation of new nuclear installations to produce electricity or process heat, including for the purposes of district heating or industrial processes such as hydrogen production, as well as their safety upgrades, using best available technologies.
3.
The undertaking carries out, funds or has exposures to safe operation of existing nuclear installations that produce electricity or process heat, including for the purposes of district heating or industrial processes such as hydrogen production from nuclear energy, as well as their safety upgrades.
Fossil gas related activities
4.
The undertaking carries out, funds or has exposures to construction or operation of electricity generation facilities that produce electricity using fossil gaseous fuels.
5.
The undertaking carries out, funds or has exposures to construction, refurbishment, and operation of combined heat/cool and power generation facilities using fossil gaseous fuels.
6.
The undertaking carries out, funds or has exposures to construction, refurbishment and operation of heat generation facilities that produce heat/cool using fossil gaseous fuels.
Row
Nuclear energy related activities
The Supervisory Board of the company is responsible for reviewing the content of the sustainability reporting. The Supervisory Board is supported in this task by a limited assurance review of the non-financial group report conducted by PricewaterhouseCoopers GmbH Wirtschaftsprüfungsgesellschaft.
Links
Downloads
