5. RISK, OPPORTUNITY, AND FORECAST REPORT
The risk and opportunity policy of the United Internet Group is based on the objective of maintaining and sustainably enhancing the Company’s values by utilizing opportunities while at the same time recognizing and managing risks from an early stage in their development. A risk and opportunity management system which is “lived” ensures that the United Internet Group (“United Internet”) can exercise its business activities in a controlled company environment. The risk and opportunity management system regulates the responsible handling of those uncertainties which are always involved with economic activity.
5.1 Risk report
Risk management
The concept, organization, and task of United Internet’s risk management system are defined by the Management Board and Supervisory Board of United Internet AG, and documented in a risk management strategy and risk management manual which is valid for and available to all members of the Group. These requirements are regularly adapted to changing legal conditions and continuously developed. Corporate Risk Management coordinates the implementation and ongoing development of the risk management system and is responsible for the centrally managed risk management process on behalf of the Management Board. The risk management system covers only the Group’s risks, while responsibility for the early and ongoing identification, evaluation, and management of opportunities lies directly with the Group Management Board and the operating management levels of the respective segments.
Corporate Risk Management is supported by the risk management teams of the respective segments (Company Risk Management). In order to support Company Risk Management, additional local risk managers have been installed in business fields of particular importance for the Company’s business success (such as the areas “Technology & Development”). In order to facilitate the Group-wide exchange and comparison of risk information, regular Risk Manager Meetings are held between the various risk managers and also with the Company-wide, cross-functional managers.
The Corporate Audit department regularly examines the functioning and efficiency of the risk management system. As part of his statutory auditing obligations for the Annual Financial Statements and Consolidated Financial Statements, the external auditor also examines whether the risk early recognition system is generally suitable for the early identification of risks and developments which might endanger the Company so that suitable countermeasures can be swiftly introduced. The system complies with statutory requirements regarding risk early recognition systems, as well as with the version of the German Corporate Governance Code valid at the time of the last Declaration of Conformity of United Internet AG. Its design is based on the specifications of the ISO standard 31000:2018. In accordance with the regulations of the German Stock Corporation Act, the Supervisory Board monitors the efficacy of the risk management system (RMS). The RMS is regularly subjected to external audits. The current audit was started in 2024 and was completed in the first quarter of 2025.
The risk management system comprises those measures which enable United Internet to identify, classify in terms of money and scenario, steer, and monitor from an early stage all possible risks for the attainment of its corporate objectives with the aid of assessments and early warning systems. The aim of the Group-wide and IT-supported risk management system is to provide maximum transparency for management regarding the actual risk situation, its changes, and the available options for action so that a conscious decision can be taken to accept or avoid such risks. Risks endangering the Company must be avoided as a matter of principle. There is always an established indirect connection to central Group-wide risk management via the regular reporting channels throughout the Group and a direct connection for all major divisions. This ensures the completeness of registered risks in the risk management system.
The current status of the main risks is communicated to the Management Board and Supervisory Board four times per year.
Identified significant risks with an immediate impact and changes in the risk situation trigger an ad-hoc reporting obligation. The respective risk is then communicated immediately to the CFO of United Internet AG, who in turn reports it to the Supervisory Board where necessary. In this way, significant risks can be addressed as quickly as possible.
Risks are assessed with their net impact, i.e., effects from mitigating measures are only considered in the risk assessment after their implementation.
The assessment of the overall risk situation is the result of a consolidated examination of all known material risks. Of the total risks identified for the Group, the following sections describe the main risk categories from the Company’s point of view.
The starting point for assessing the materiality of risks is provided by the characteristics “probability of occurrence” in percent and “potential damage” in € million. The potential damage comprises all negative influences on earnings. Based on the combination of probability of occurrence and potential damage, the risks are assigned as follows to one of three risk categories: “Significant”, "Moderate", and "Low" risks.
Specific assessments of the Company’s Management Board regarding the Group’s risk situation, as well as the probability of occurrence, potential damage, and resulting categorization of the risks described below are provided at the end of this Risk Report.
The markets in which United Internet operates are characterized by strong and sustained competition. Depending on the strategy of the parties involved in the market, different effects may occur which may lead also involve adjustments to the Company’s own business models or pricing policy. The entry of new competitors might also jeopardize market shares, growth targets, or margins. In addition, United Internet itself occasionally enters new markets with large competitors. Such an entrepreneurial decision is always associated with new risks.
The rapid development and increasing market penetration of AI technologies increase the risk that existing sales markets will shrink or shift to the detriment of the Company.
United Internet counters these risks by means of detailed planning based on internal experience and external market studies, as well as by constantly monitoring the market and the competition.
Compared to the previous year, the risk assessment is unchanged and continues to be categorized as moderate.
A gap in the procurement or delivery of resources required for business operations may also lead to bottlenecks or outages at United Internet. This applies to the purchase of hardware, e.g., high-performance AI processors, as well as to the purchase of wholesale services. Increases in the price of purchased products and services represent a risk for the targeted margins. Planned positive effects from contractually fixed price adjustment rounds can become a risk for the achievement of the Company's periodic targets due to time delays.
United Internet counters these risks by cooperating with several long-term service providers and suppliers, contractual obligations, and – where it makes economic sense – by expanding its own value chain. Although significant and unforeseeable developments on the procurement market as a result of events such as the Ukraine war cannot be fully offset, they can be countered by taking preventive measures such as rapidly restocking inventories.
The acquisition and holding of shares in other companies and the making of strategic investments represent a key success factor for United Internet AG. In addition to improved access to existing and new growth markets, as well as to new technologies and know-how, investments also serve to exploit synergy and growth potential. However, these opportunities involve risks. For example, there is a risk that the targeted potential cannot be exploited as forecast or that acquired shareholdings will not develop as expected (non-scheduled write-downs/impairments, disposal losses, absence of dividend, or reduction of hidden reserves).
All investments are therefore subject to a continuous monitoring process by the Investment Management team. The value of investments is continuously monitored by management and the Controlling division.
A further important success factor for United Internet is the development of new and constantly improved products and services in order to enhance sales and earnings, attract new customers, and expand existing customer relationships. There is always a risk, however, that new developments might be launched too late on the market or not be accepted by the target group as expected.
United Internet counters such risks by constantly and closely observing market, product, and competition trends, as well as by undertaking product development which constantly responds to customer feedback.
Compared to the previous year, the risk assessment increased from low to moderate. The reason for this is the identification of possible changes in consumer behavior.
External events such as natural disasters (earthquakes, floods, tsunamis, etc.), personnel crises (pandemics, strikes, etc.), infrastructure crises (power outages, road damage, etc.), or violent incidents (rampage, terrorist attacks, war, etc.) may affect United Internet's operations.
United Internet counters these risks as far as possible with a variety of measures. Examples include the establishment of building access restrictions, the operation of georedundant data centers, or hygiene precautions, location-independent workplaces, the use of modern communication media to avoid travel, and the elaboration of emergency concepts.
The latter has become more important as a result of the growing geopolitical tensions. The United Internet Group has taken this as an opportunity to revise its existing security measures and concepts and, if necessary, to adapt them to the higher threat levels.
Changes in existing legislation, the enactment of new laws, and changes in government regulation issues may have unexpected negative effects on the business models pursued by United Internet and their further development. The decisions of the Federal Network Agency and the Federal Cartel Office have an influence on network access and the pricing of internet access tariffs. As United Internet purchases advance services for its own customers, regulatory changes may have a negative impact on the profitability of its own tariffs. In the same way, there is also the possibility that a lack of regulation may lead to a deterioration of market circumstances for United Internet.
In 2024, the Administrative Court of Cologne declared the 5G decision on the allocation conditions and auction rules of 2018 to be unlawful and obliged the Federal Network Agency to make a new decision. The ruling has been legally binding since the Federal Network Agency's appeals against non-admission were rejected. According to the Federal Network Agency, however, the 5G spectrum allocation decision and the existing spectrum allocations to companies will remain in effect unless they are revoked or amended by the Federal Network Agency. This new decision presents both opportunities and risks for 1&1. Among other things, the regulatory requirements could be changed to the advantage or disadvantage of 1&1, or, in the event of a new auction, there could be a lower or higher price for the purchase of spectrum.
The previously reported risk of a possible fine as a result of failing to meet the expansion target of 1,000 5G base stations by the end of 2022 will not be pursued by the Federal Network Agency due to the above-mentioned ruling.
Similarly, the previously reported risk of a fine in the event of failing to meet the expansion target by the end of 2025 has not materialized. Just two years after the launch of mobile services on Germany's fourth mobile network, the 1&1 5G network reached 27% of German households in December 2025. This means that 1&1 has met the first coverage target ahead of schedule, before December 31, 2025.
In connection with the establishment of a high-performance mobile network, 1&1 is dependent on the allocation of relevant spectrum by the German Federal Network Agency. At the end of 2025, the rights to use the 800 MHz, 1,800 MHz, and 2,600 MHz bands expired. The frequencies are currently used by the three established mobile network operators. In March 2025, the Federal Network Agency announced the extension of these frequencies in the mid- and low-band spectrum for Deutsche Telekom, Vodafone, and Telefónica for five years. The extension is linked to the obligation that the three established network operators make part of their low-band spectrum available to 1&1 for shared use. However, negotiations on this matter remained unsuccessful until the end of the year. Low-band spectrum is particularly important for the economic operation of a mobile network. Without access to such frequencies, 1&1 would have to purchase significantly more wholesale services from Vodafone via national roaming. 1&1 expects the Federal Network Agency to either grant 1&1 access to frequencies in the low-band spectrum or compensate 1&1 for the damage caused by the higher wholesale costs.
United Internet attempts to counter this tendency toward an increasing regulation risk by cooperating with various pre-service providers and by actively participating in the activities of industry associations.
Compared to the previous year, the risk assessment is unchanged and continues to be categorized as significant.
In view of the ever-increasing complexity and interoperability of the products offered, there are steadily growing demands placed on the development of internal work processes. This also involves an ever-higher degree of coordination The particular challenge is to ensure quality standards especially in view of fast-changing market events – and on numerous differing domestic and foreign markets.
The Company counters these risks by continuously developing and enhancing its internal processes, pooling and retaining its experts and key personnel, and continuously optimizing its organizational structures.
In order to meet the requirements of dynamic customer growth and provide services as quickly as possible in the interests of its customers, United Internet has largely automated its order and provision processes – as have many other companies in such mass market businesses. The nature of such automated processes provides possibilities for attacks from fraudsters. Due to the strong appeal of the products and services offered, not only the number of customers is increasing but also the risk of an increase in the number of non-payers and fraudsters, as well as the possible unauthorized access to customer accounts.
United Internet attempts to prevent such fraud attacks – or at least to recognize and end them at an early stage – by permanently expanding its fraud management capabilities, working closely with pre-service providers, and taking account of such risks in the design of its products.
United Internet generates its commercial success largely in the telecommunications market and within the environment of the internet. In order to provide products and services, the Company uses information and telecommunication technologies (data centers, transmission systems, connection nodes, etc.) in its business processes which are closely networked with the internet and whose availability may be endangered by threats from the internet.
The threat potential of the internet is one of the largest threat groups for United Internet with regard to its effects, which are all monitored and reduced by numerous technical and organizational measures. Of particular relevance in this respect are the operation and continuous improvement of the security management system and the steady enhancement of system resilience.
In order to continue to deal with such risks quickly, the existing monitoring, building access, and alarm system, together with the necessary processes and documentation, is continuously optimized.
It can never be fully ruled out that data privacy regulations may be contravened, e.g., by human error or technical weaknesses. In such cases, United Internet faces fines and the loss of customer confidence.
United Internet stores the data of its customers on servers according to international security standards at its own and at rented data centers. The handling of these data is subject to extensive legal regulations.
The Company is aware of this great responsibility and attaches a high degree of importance and care to data privacy. By using state-of-the-art technologies, continuously monitoring all data-privacy and other legal regulations, providing extensive staff training, and involving data protection aspects and requirements as early as possible in product development, United Internet continuously invests in improving the standard of its data privacy.
Compared to the previous year, the risk assessment has decreased from significant to moderate, as the occurrence of feared restrictions in the sales business is now considered less likely.
It is essential for United Internet that human resources are effectively controlled so that the Company can ensure its short- and long-term needs for staff and the requisite expertise. If it is unable to attract managers and employees with specialist and technological knowledge, United Internet would not be able to effectively conduct its business and achieve its growth targets.
Highly skilled and well trained employees form the basis for the economic success of United Internet. In addition to the successful recruitment of qualified personnel, personnel development and the long-term retention of top performers within the Company are strategically important. If the Company fails to develop and retain executives and employees with specialist or technological knowledge, there is the danger that United Internet may not be able to effectively conduct its business and achieve its growth targets. The concentrated accumulation of strategic knowledge and skills (so-called head monopoly) can have a considerable impact on the performance of the Company if the corresponding employee is no longer available.
United Internet counteracts this risk by continuously nurturing employee and management skills. For example, it offers targeted measures for professional development, mentoring and coaching programs, as well as special offers for high potentials geared to talent development and retention and leadership skills.
In recent years, the shortage of skilled workers has become an increasingly important issue. As an attractive employer, however, United Internet believes it is well placed to hire highly skilled specialists and managers with the potential to drive its business success in the future.
Compared to the previous year, the risk assessment has decreased from significant to moderate. This was achieved by filling vacant positions.
Some operating divisions of United Internet work together with specialized cooperation and outsourcing partners in certain areas of the Company. The focus here is on objectives such as focusing on the actual core business, reducing costs, or leveraging the expertise of partners. These opportunities also involve risks in the form of dependencies on external service providers, as well as contractual and default risks.
In order to reduce these risks, detailed market analyses and due diligence reviews are carried out before major contracts are concluded with external service providers, and close and cooperative relationships are maintained with the cooperation and outsourcing partners after the contracts have been concluded.
For the expansion of the 1&1 mobile network, 1&1 works together with selected partners, with whom it has concluded predominantly long-term contracts with clear cost structures. Due to the high complexity of the project and its significant scale, there is a risk that the content of the agreements could be interpreted differently by the parties. In 2025, proceedings were initiated with an expansion partner to discuss mutual claims. The outcome of the proceedings is currently open and presents both opportunities and risks.
United Internet is currently involved in various legal disputes and arbitration proceedings arising from its normal business activities. The outcome is by definition uncertain and thus represents a risk. Insofar as the prospects of success are negative in specific cases and the size of the obligation can be reliably estimated, accruals are formed for such risks from litigation.
In 2019, an advance service provider filed claims against 1&1 in the low three-digit million range (for the purposes of internal classification, amounts of up to € 333 million are defined as being in the low three-digit million range, and the claims filed do not exceed this amount in total). 1&1 considers the claims of the respective counterparty to be unfounded and regards an outflow of resources as unlikely.
United Internet’s products and related business processes are based on a complex technical infrastructure and a number of success-critical software systems (servers, customer relationship databases, and statistics systems, etc.). Constantly adapting this infrastructure to changing customer needs leads to greater complexity and regular changes. In addition to major events, like the migration of databases, this may lead to various disruptions or defects. Should this affect our business systems or their databases, for example, daily account debiting may be delayed or no longer possible. Should this affect our performance systems, for example, United Internet may not be able to provide its customers with the promised service, on a temporary or longer-term basis.
Compared to the previous year, the risk assessment has decreased from significant to moderate, as additional capacity has been built up and customer migration to the Company’s own network has been completed.
The main financial liabilities incurred by United Internet AG for the financing of its activities include bank loans, overdraft facilities, and other financial liabilities. Some of the bank loans are subject to financial covenants. Non-compliance with these covenants can have a negative impact on the financing of the United Internet Group. In extreme cases, a loan might be terminated. As of the balance sheet date, the Company almost exclusively held primary financial instruments. The aim of financial risk management is to limit risks through ongoing operating and financial activities.
The general liquidity risk of United Internet AG consists of the possibility that the Company may not be able to meet its financial obligations, such as the redemption of financial debts. The Company’s objective is to continuously cover its financial needs and secure flexibility, for example by using overdraft facilities and loans. Group-wide cash requirements and surpluses are managed centrally by the cash management system. By netting these cash requirements and surpluses within the Group, the amount of external bank transactions can be minimized. This is managed, e.g., by using cash pooling processes. The Company has established standardized processes and systems to manage its bank accounts and internal netting accounts, as well as for the execution of automated payment transactions. In addition to operating liquidity, United Internet AG also holds other liquidity reserves, which are available at short notice.
The Company is exposed to interest risks as the major share of its borrowing bears variable interest rates with varying terms. As part of its liquidity planning, the Company constantly monitors the various investment possibilities and debt conditions. Any borrowing requirements are met by using suitable instruments to manage liquidity. Surplus cash is invested on the money market to achieve the best possible return. Due to developments on the global finance markets, i.e., adjustments to central bank interest rates around the world, there was a slight increase in the interest rate risk, but at the same time opportunities from more attractive investment options. Market interest rate changes might have an adverse effect on the interest result and are included in our calculation of sensitive factors affecting earnings. In order to present market risks, United Internet has developed a sensitivity analysis which shows the impact of hypothetical changes to relevant risk variables on pre-tax earnings. The reporting period effects are illustrated by applying these hypothetical changes in risk variables to the stock of financial instruments as of the balance sheet date. The Company regularly reviews the possibility of interest rate hedging in order to mitigate the negative effects of rising interest rates.
The currency risk predominantly results from operations (if revenue and/or expenses are in a currency other than the Group’s functional currency) and its net investments in foreign subsidiaries.
As an internationally operating company, United Internet is subject to the tax laws applicable in the respective countries. Risks may arise from changes in tax laws and double taxation agreements, or case law, as well as from differences in the interpretation of existing regulations.
United Internet counters these risks by continuously expanding its existing tax management system.
Compared to the previous year, the risk assessment has decreased from significant to moderate. The reduction is the result of the ongoing development of a current tax audit and the elimination of previous uncertainties as a result of this development.
Further details on risks, financial instruments, and financial risk management are provided in note 44 “Objectives and methods of financial risk management“ in the Notes to the Consolidated Financial Statements.
Information on sustainability risks can be found in chapter “4. Non-financial Group Statement”.
The continuous expansion of its risk management system enables United Internet to limit risks to a minimum, where economically sensible, by implementing specific measures.
The overall risk situation for United Internet has increased moderately compared to the previous year. The increase in the overall risk situation – despite improvements in four risk fields – results from the increase of the overall risk in the field of “Operational risks”.
In the assessment of the overall risk situation, the existing opportunities for United Internet were not taken into consideration. There were no risks which directly jeopardized the continued existence of United Internet in the fiscal year 2025, nor as of the preparation date for this Management Report, neither from individual risk positions nor from the overall risk situation.
Probability of occurrence, potential damage, and the classification of risks from the Group's perspective and their relevance for the various segments/divisions :
Risks in the “Strategic Market & Business Risks” field
Sales market & competition
Consumer Applications Business Applications
High
Moderate
Unchanged
Procurement market
Consumer Access Business Applications
Shareholdings & investments
Holding / Corporate
Low
Business development & innovations
Deteriorated
Acts of God
Regulatory environment
Consumer Access
Very low
Extremely high
Significant
Risks in the field of “operational risks”
Work processes
Business Applications
Fraud & credit default
Cyber and information security
Data privacy
Very high
Improved
Employees
Partner management
Litigation
Technical plant operation
Risks in the field of “financial and tax risks”
Financial and liquidity risks
Tax risks
Main segment relevance
Probability of occurrence
Potential damage
Risk classification
Change over previous year
Society, politics, and the economy are currently facing complex macroeconomic challenges. The increase in geopolitical tensions worldwide is generally leading to heightened uncertainty, which might be reflected in a combination of volatile interest rates, subdued growth expectations, a tense financing framework, falling trade growth, disrupted supply chains, and declining confidence among companies and consumers.
In addition to the destabilizing effects of the wars in Ukraine and Iran and the associated impact on the entire Middle East, countries and regions in which United Internet itself is not active, there is also increasing geo-economic uncertainty due to rising protectionism. In addition to declining international cooperation, this can also mean the rigorous introduction of tariffs and, as a result, price increases for raw materials and goods. For example, the US government is pursuing an unpredictable tariff policy with tariffs and/or tariff threats against countries and associations of states, which in turn are responding with counter-tariffs and/or tariff threats.
The United Internet Group responds to such complex challenges by actively addressing the prevailing challenges and integrating them into its business decisions. The focus here is on developing strategies to minimize risk, such as diversified procurement strategies to ensure a constant and fair energy supply, and the stockpiling of hardware.
To counteract potential effects on the Group's global business operations, United Internet has also developed proactive risk management and mitigation strategies. For example, in view of the increased cybersecurity threats posed by the wars and conflicts in Ukraine and the Middle East, the Group is stepping up its investments in cybersecurity measures. These include the use of advanced monitoring technologies, conducting regular security audits, and training employees to improve their resistance to cyberattacks.
The Management Board and the operational managers will closely monitor further developments very closely and initiate any appropriate countermeasures (if possible).
Links
Downloads
