Double Materiality Assessment
A double materiality assessment has been performed and published in the Sustainability Report annually since fiscal year 2022. The methodology for assessing material IROs has been continuously enhanced. In fiscal year 2024, materiality was determined at the level of the IROs oriented on the ESRSs, the FAQs, and EFRAG’s materiality assessment guidance. The IROs were identified on the basis of a long list that was drawn up using the ESRS topics, sub-topics, and sub-sub-topics (ESRS AR 16) plus entity-specific topics (including the segment topics). The entity-specific topics are derived from the double materiality assessments already performed in fiscal years 2022 and 2023. In the course of the current double materiality assessment, a review was also performed, and topics supplemented, on the basis of the Sustainability Accounting Standards Boards (SASB) topic list, while new entity-specific topics such as addressing AI ethically were also added. The relevance of the topics for United Internet was assessed by examining their relationship to its business model, business activities, and value chain.
Materiality Workshop
In 2024, Corporate Sustainability held a materiality workshop with the segments’ sustainability management teams. The goal was to categorize all topics included in the long list on the basis of their relevance, and to provide reasons for this, while taking into account and analyzing the value chain. In addition, the workshop served to capture new IROs so as to be able to take them into account during assessment. One particular focus was on the geographical region and regulatory requirements (health and safety, working conditions, and pollution) at the Company’s own locations, while another was on the areas of origin of purchased products and the raw materials needed for them. In addition, the downstream value chain (such as handling of electric waste) was examined. The core topic of “climate change” played a particular role here. In this context, collection and assessment of the IROs also included the results of the climate risk analysis and the corporate carbon footprint.
Corporate Sustainability combined the IROs collected in the workshop with the IROs from the double materiality assessment from previous years in a consolidated list. The IROs were assigned to the relevant topics (sub-sub-topics) and the segments where this fitted their business model or upstream and downstream supply chain.
Affected stakeholders were represented by Sustainability Management and the segment departments both for the identification of IROs and for their assessment. For example, the views of the Company’s own employees were included by representatives from the HR department. Customer viewpoints were covered by the Customer Experience and Legal departments and by Partner Management. A mapping table was drawn up to ensure that affected stakeholder groups were covered.
After this, the IROs were assessed by Corporate Sustainability, the other segments’ sustainability managers, the stakeholders concerned or the departments representing them, and the risk owners in coordination with Risk Management. Impacts were assessed on a gross basis using the dimensions of scale, scope, irremediable character, and likelihood of occurrence. The severity, which is relevant for determining materiality, is the average of the scale, scope, and irremediable character. Risks and opportunities were also assessed on a gross basis using their financial scale and their likelihood of occurrence. The scales used at segment level were adapted in line with the scales used in classic risk management. Severe impacts were not prioritized.
The stakeholders performing the assessment were requested to take not only their own perspective but also publicly available studies into account.
Following completion of the assessments by the individual segments, the outcomes were consolidated at Group level so as to determine the material IROs from the Group's perspective. Impacts were consolidated by taking over the highest score from the segment assessments (gross assessment) as the figure for the Group. Risks and opportunities were added together, since the individual segment risks represent the total risk for the Group. The financial scale in euros was added up and reassessed using the scale for the Group as a whole. The likelihoods of occurrence were determined by calculating the average value and applying this at Group level.
The materiality threshold at the IRO level is determined by individually examining the likelihood and the severity or financial scale. Actual impacts are an exception to this rule: in this case only the severity is taken into account. All IROs that were assessed as having a likelihood of occurrence of more than 35 % and that have a severity on the risk scale of more than 3 (as for the financial scale for risks and opportunities) were classified as material. In addition, IROs for which at least one criterion was assessed as having a severity of 5 (as for the financial scale) were examined individually for materiality by Corporate Sustainability. Equally, human rights-related impacts were explicitly examined. Where the severity was below the materiality threshold, the impacts were assessed for materiality by Corporate Sustainability as part of the individual examination.
It is planned to transfer the double materiality assessment to Group Risk Management in the first half of 2025, enabling even tighter integration with the existing risk management and due diligence process.
Where discrepancies with respect to the materiality assessment arose in the course of the process, these issues were discussed individually by the responsible staff at the segments or departments and Corporate Sustainability. The fact that Corporate Sustainability was responsible for overall management of the materiality process meant that consistency of assessment was assured by a central body.
The Risk Management team provided advice and support throughout the materiality assessment. The methodology used and the thresholds established were defined in close cooperation with the experts from Risk Management. In addition, the assessment of risks and opportunities was either performed by Risk Management together with the risk owners concerned or at least was checked by Risk Management. This practice ensures that the determination, assessment, and management of the IROs is effectively integrated with United Internet’s general risk management process.
Where possible, quantitative data were used when assessing the IROs so as to get as close as possible to an objective assessment. Data sources here included, for example, the examination of the sales volumes for individual business activities, carbon emission figures (in the case of impacts on climate change), own calculations, and external studies.
The first double materiality assessment was performed in fiscal year 2022 and was reviewed for topicality in each of the years since then. The current double materiality assessment from fiscal year 2024 was the first whose methodology was based oriented on the requirements of the ESRSs; as a result, it does not appear sensible to compare the results for this year with those for previous years due to the differences in the level of detail involved, among other things.
The results of the materiality assessment will be reviewed in the upcoming reporting cycle to determine whether they are up to date.
The material IROs determined in the course of the double materiality assessment are described in greater detail in the following chapters of this Sustainability Report: “Climate Change Mitigation and Climate Change Adaptation,” “Resource Use and Circular Economy,” “Employees at United Internet,” “Workers in the Value Chain,” “Consumers and End-users at United Internet,” “Customer Orientation in the Business Customers Segment,” “Business Conduct,“ and “Entity-specific Governance Topics: Digital Ethics and Responsibility.”
The following table summarizes the material IROs and shows where they come in the value chain.
Notes on interpreting the table:
The descriptions in the table are given on a gross basis. This means that IROs are assessed without taking any actions that have already been deployed into account. For example, potential risks are presented in their original, unmitigated form, without any risk reduction actions. This permits a comprehensive view of the maximum risks to which a company or an organization is exposed before any preventive or protective measures are taken into account.
negative Impacts
Climate change
Energy requirements and greenhouse gas emission from United Internet’s business model
Providing internet and telecommunications services consumes energy and causes greenhouse gas emissions that negatively impact climate change. In the upstream supply chain, this particularly affects the expansion of the Company’s own data centers and network infrastructure, plus purchased goods and services. Emissions occur in own operations as a result of the energy consumed by the Company’s own data centers and mobile networks, and as a result of office buildings and employee mobility (commuting, business travel); in addition, coolant can escape as a result of leakages in data centers. Energy requirements are increasing overall, since data loads and the need for telecommunications services are continuing to increase. Downstream emissions result from the devices with which users access United Internet’s services and from the shipping of IT hardware.
x
Resource Use and Circular Economy
Increased extraction of raw materials and resource use for information and telecommunications technology
Greater need for information and telecommunications technology due to customer growth and increasing digitalization and data loads. Expansion (e.g., mobile network, additional server capacity) increases the need for, and extraction of, finite raw materials such as rare earths or metals.
Employees at United Internet
Health risks in the workplace
Employees are exposed to a variety of stresses in the workplace, which can be both physical and psychological in nature. Excessive workloads, a poor work-life balance, and inadequate health and safety measures can increase stress and lead to physical and psychological illnesses. A lack of precautions and safety measures increases the risk of accidents and injuries at work. In addition, inappropriate behavior, physical assaults, mobbing, and harassment may lead to serious psychological stress up to and including an inability to work.
Human rights issues and unethical working conditions in own operations
Respecting workers' rights is essential for a fair, respectful working environment and for employees’ psychological and physical health. Where workers' rights are not adequately protected there is a danger of inappropriate working conditions. The danger of labor rights and human rights issues occurring is particularly pronounced in locations with low human rights standards (child labor, forced labor), something that can impair the health of those affected. The protection of sensitive employee data (e.g., salary data) can also be endangered if the provisions governing this are not observed.
Lack of equal treatment and inclusion
An inclusive corporate culture is decisive for promoting social justice and the well-being of all employees. A lack of awareness on the part of managers and employees leads to a wide range of disadvantages for underrepresented groups. They are excluded from taking part on meetings by language, physical, or time barriers (part-time work) and cannot identify with the corporate culture. The lack of accessible workplaces excludes people with disabilities and reduces their opportunities on the labor market. Unconscious bias and inappropriate working conditions (lack of part-time working options, lack of accessible workplaces) and unequal pay lead to employees having limited career opportunities due to their gender, age, origin, or physical limitations, or to them not being considered for management positions. This can impact them psychologically and financially.
Workers in the Value Chain
Working conditions and human rights issues in the upstream value chain
The provision of internet and telecommunications services depends on IT hardware that use raw materials such as rare earths and metals. Serious human rights issues can occur and labor rights can be disregarded during the extraction of these raw materials in global supply chains, especially in countries with weak regulatory frameworks. Examples include dangerous working conditions in raw material extraction, which may severely damage workers’ health and even results in deaths. In addition, workers are often exposed to abuse, violence, and forced labor without having adequate protection or legal certainty. Child labor, underpayment, and inadequate accommodation for migrant workers and foreign employees aggravate their exploitation. Such conditions impact the physical and psychological health of those affected and endanger their human rights.
Exploitation of service providers in the downstream value chain
Hardware ordered by customers (e.g., mobile phones or network devices) is delivered by shipping service providers. Working conditions there may not comply with social standards and may negatively impact the quality of life of the workers affected, especially as a result of unfair pay.
Consumers and End-users
Dangers for fact-based opinion-forming
The editorial content on pages such as WEB.DE and GMX involves a social responsibility, especially as regards informed, well-founded opinion-forming. The dissemination of fake news can lead to readers developing a distorted perception of reality. In the long run, subjective reporting leads to people no longer trusting the news. This facilitates the development of bubbles in which one-sided content, fake news, and algorithms constantly reinforce one’s own perspective and blank out other viewpoints. In the long term, this seriously impacts democracy by suppressing diverse, balanced opinion-forming.
Consequential damage for customers due to poor service quality
Poor customer service quality can lead to people losing access to their digital services, e.g., if they are unable to log in to their e-mail mailbox and do not receive any help. For example, they could be unable to access their online banking programs, something that not only strongly impacts the customer experience and further damages trust in digital services but can also lead to financial losses for users. This affects particularly vulnerable groups, making social inclusion even more difficult.
Digital security and consumer protection
As a digital service operator, United Internet has a high level of responsibility for the data entrusted to it, e.g., e-mails, personal photos, or payment data. A lack of data privacy, inadequate cybersecurity, or data center outages could lead to the loss or publication of sensitive user data. This could result in financial losses or psychological damage for those affected, e.g., as a result of identity theft or fraud.
Breaches of youth protection requirements in the digital environment
Failing to provide the protective measures required to allow children and young people to access the internet securely can have serious consequences. Insufficient control can lead to content that is harmful to young people or illegal, such as extreme right-wing articles, being distributed by e-mail, advertising, or in editorial contexts. This can lead to psychological damage to young users and affect their digital education, negatively impacting their quality of life in the long-term. Parents can also be indirectly affected due to the danger to their children.
Business Conduct
Infringements of internal guidelines/rules
Inadequate prevention/a lack of awareness among employees regarding internal guidelines such as the Code of Conduct can result in a negative corporate culture or disrespectful behavior. The impacts can lead to psychological stress and consequences for employee health.
Digital Ethics and Responsibility
Ethical and legal dangers from the use of AI in processes and services (within the Company)
The use of AI in processes and services entails a variety of legal and ethical dangers. These include breaches of data privacy if sensitive data are fed into publicly available language models. This could lead to financial and intangible losses for the people affected (e.g., as a result of the publication of payment data or sensitive personal information). In addition, AI models may exhibit bias, leading to discriminatory decisions and promoting social injustice. Excessive automation reduces personal contact with customers, which can negatively impact their user experience. Uncertainty also exists about the legal and ethical use of third-party AI applications, a situation that entails compliance and human rights risks.
Telecommunications infrastructure outages
An outage of, or damage to, the telecommunications infrastructure provided by United Internet could have severe consequences for society by causing long-term supply bottlenecks, severe disturbances to public order, or other dramatic consequences for critical infrastructure. Since telecommunications systems serve as the basis for many central services such as emergency communications, traffic management, energy supplies, and financial transactions, outages affecting these systems could have a domino effect. This could interrupt the ability of vital sectors to function and hinder the coordination of emergency services deployments and governmental measures.
Impacts of cybersecurity incidents on the value chain
Inadequate cybersecurity actions and the failure to perform security updates make IT systems vulnerable to large-scale attacks, potentially resulting in business interruptions and the theft of sensitive personal or business data. Such cyberattacks not only affect the Company, but also its customers, partners, and dependent service providers. This could lead to blackmail and considerable economic losses. In addition, there is a danger that corporate services could be misused for illegal activities. In the long term, such incidents can undermine trust in digital technologies and services.
Positive Impacts
Reduced use of resources and waste generation due to circular economy
The conscious purchasing of sustainable materials and awareness-raising among business partners can increase the use of recyclable and renewable raw materials, and of secondary materials in IT hardware. This promotes enhanced resource efficiency and supports the transition to a circular economy. Environmentally friendly transportation packaging further reduces material requirements. Hardware that is returned both by customers and within the Company itself is analyzed, refurbished, and resold, extending product life cycles. Devices that cannot be reused are recycled. The growing portfolio of refurbished products also helps reduce the need for new resources and to strengthen the circular economy.
Social stability through fair working conditions
Secure, permanent employment contracts with protection against dismissal and fair, transparent pay can offer social protection and promote a stable society. An open social dialog allows actions to improve working conditions to be identified on a regular basis, enhancing employees’ long-term satisfaction. Clear development prospects and equal opportunities can enhance workers’ feeling of being valued, while comprehensive benefits in the areas of health, finance, and the environment can enhance their quality of life.
Employment and inclusion of persons with disabilities (workers in the value chain)
Working together with inclusive business partners actively supports inclusion and promotes the employment of persons with disabilities in the value chain. This not only contributes to a more diverse and integrative working environment but also enhances equal opportunities and social justice. At the same time, it promotes independence, a feeling of self-worth, and social integration among persons with disabilities.
Facilitating digital participation
United Internet provides the infrastructure and products to participate in the digital world by offering and operating telecommunications services and selling devices and services.
Sustainable value creation and resilience through responsible, long-term business conduct
Responsible, long-term business conduct promotes sustainable value creation within the Company, conserving resources and reducing pollution. At the same time, a fair, respectful, and rules-based interaction throughout the Company creates a positive working environment that supports social justice. This contributes to the Company’s resilience and hence to long-term job stability and to a sustainable value chain.
Supporting digital transformation and long-term competitiveness
United Internet is contributing to the digital transformation process by expanding fast digital data networks and connecting companies, small enterprises, schools, and public facilities to them. This is smoothing the way for innovations and hence promoting long-term competitiveness and preserving jobs. For example, digitalization can be used to expand education and business travel can be replaced by digital meetings, positively impacting the environment and society.
Risiks
Cost increases due to the consequences of climate change
Climate change is leading to the increased occurrence of extreme weather events such as floods, heavy rainfall, or heat waves. These can cause considerable damage to buildings and technical infrastructure, and business interruptions (e.g., data center cooling systems can fail during heat waves). Consequential financial losses include the loss of customers, the need for new buildings, repairs, conversions, and additional long-term resilience-building measures that may become necessary (such as additional cooling systems or flood protection measures).
Increasing resource/material shortages
Geopolitical conflicts, natural disasters, and increasingly scarce raw materials lead to delays or outages in supply chains and hence to higher costs, since the competition for raw materials and strategic metals is increasing (one example of this is the material-intensive expansion of the fiber-optic network). Time lags could lead to a delay in new customer growth and to financing risks. The failure to replace data center hardware as a result of supply chain outages could lead to revenue being lost from business interruptions.
Shortage of specialist staff and employee turnover due to unattractive working conditions
United Internet competes with other companies for good specialists and managers, and there is a shortage of specialists in some areas. Insufficient investment in employee development (e.g., training and skills development) and in attractive, secure working conditions reduces employee satisfaction. This leads to higher turnover rates and time lost due to sickness. Employer attractiveness declines, making retaining and recruiting qualified specialists more difficult. In the long term, this leads to a loss of innovative ability, slower implementation, and lower potential growth, entailing costs and the loss of customers due to competitive disadvantages
Failure of own mobile network
Failure of the Company’s own mobile network, e.g., due to a data center overload, could lead to claims for damages, contract terminations, reputational damage, and difficulties in acquiring new customers.
Misconduct and irregularities
Breaches of the law and directives in force (e.g., in connection with liability risks, environmental regulations, etc.) could impact revenue as a result of lost customers who no longer have confidence in the Company. What is more, illegal or unethical business practices could lead to fines and in individual cases to criminal prosecutions (corruption, bribery, and other forms of illegal behavior).
Failure to integrate sustainability matters with product development
If the Company were to fail to live up to its responsibility to society and the environment and not to develop any sustainable products or services, this could lead to it losing customers to competitors with a sustainable approach, since both business customers and consumers are increasingly emphasizing the need for sustainable practices and energy-efficient technologies. If the Company were to fail to act sustainably, this could result in a negative brand image and hence to a decline in profitability, which in turn would have negative effects on financing. In the long term, this would adversely affect the Company’s competitiveness.
Digitale Ethik und Verant-wortung
Folgekosten durch Cyberangriffe oder Hardwaredieb-stahl
Durch Cyberangriffe oder Hardwarediebstahl besteht die Gefahr, dass Unberechtigte Zugriff auf Daten von Kundinnen und Kunden oder Geschäftsdaten erhalten oder die Systeme von United Internet für kriminelle Aktivitäten missbrauchen. Dem Unternehmen entstehen hohe Folgekosten durch die gesetzlich vorgeschriebene Untersuchung des Angriffs, Systemausfälle und Wiederherstellungsaufwände, Verlust von Kundinnen und Kunden, Rechtskosten, etc.
Chapter
Name
Description
Up-stream
Own opera-tions
Down-stream
Further details on the impacts on people and the environment, the links to strategy and the business model, and the associated time horizons and involvement with material impacts are provided in the topical chapters. Entity-specific disclosures have been assigned to the chapters they fit best in terms of content. They examine topics of particular importance to stakeholders, providing more detailed insights into the segments’ individual business activities and strategic priorities.
The segment strategies and business models were reviewed for resilience both qualitatively and in selected areas so as to ensure that material impacts and risks are dealt with as effectively as possible and that material opportunities can be optimally exploited. This resilience analysis will be standardized and expanded to cover all IROs in the coming reporting cycles.
Links
Downloads
