The following core topics in the area of digital ethics and responsibility exist at United Internet in relation to business customers: information security, provision of a resilient telecommunications infrastructure, promoting digital transformation and sustainable competitiveness, and dealing with AI.
United Internet has implemented a number of policies and actions designed to ensure information security and data privacy. By doing so, it is countering the potential impacts of cybersecurity incidents on business customers and partners, and consequential financial losses in its own operations. The actions, guidelines, and processes for minimizing the risk of a cyberattack, the loss of data, or hardware theft are the same as those described in the chapter entitled “Consumers and End-users.”
Due to their vital importance in everyday life, resilient telecommunications networks and comprehensive emergency and security policies are needed, both now and in the future. The Business Access Segment has the strategic goal of creating a resilient structure that can withstand severe events that could lead to an emergency. Preventive measures should avoid emergencies happening as far as possible. Resilience is defined as the network’s ability to withstand internal and external disruptions (such as extreme weather events, cyberattacks, or sabotage) and, despite these, to guarantee the stability and availability of the telecommunications networks and services.
The Business Access Segment implements the requirements set out in international standards in its business processes so as to be able to offer customers stable and secure telecommunications products. The segment is audited every year by external certification bodies and is certified as compliance with ISO/IEC 27001, ISO/IEC 20000, and ISO 9001. This documents its ability to provide secure, reliable, cost-efficient, and uninterrupted services and efficient network planning and operation processes. In addition to these ISO certifications, the Business Access Segment is a recognized secure service provider for the automotive industry, meeting the TISAX procedure’s strict information security requirements.
A number of different technical and organizational measures are taken to increase network resilience:
The Company’s structures and workflows are aligned with its operation of one of Germany’s largest and most powerful fiber-optic networks. Specialized functions and departments such as Network Expansion Planning and the Team Network Management Center ensure the fiber-optic network’s high performance. The Team Network Management Center is responsible for 24 x 7 monitoring, operations, and fault clearance at the fiber-optic network. The Company’s procedures also follow specific standards, while business process design is based on the Business Process Framework (eTOM). This is a comprehensive, industry-recognized presentation of the key business processes needed to operate an efficient, service-driven telecommunications company.
The Business Access Segment has developed detailed emergency planning and crisis management strategies to enable it to react swiftly and effectively in the case of unexpected events. This planning includes defined responsibilities and clear communications channels so as to enable normal operations to be rapidly resumed.
The Business Access Segment regularly conducts maintenance and continuously monitors the network infrastructure. State-of-the-art monitoring tools enable potential discrepancies and problems to be identified and remedied at an early stage before they lead to outages. Incoming messages are captured and error messages, warnings, and status messages are evaluated. These can then be used as the basis for deciding on the measures to be taken.
A number of effective actions were taken in fiscal year 2024 to ensure network stability and availability, and to prevent outages:
The Consumer Access and Business Access segments are helping to promote the digital transformation process. Since fiscal year 2023, mobile services have been offered using the Company’s own 5G mobile network – Europe’s first, fully virtualized 5G network based on the new Open RAN technology.
As a telecommunications specialist, the Business Access Segment’s aspires to be a leading national supplier of fiber-optic connections, and hence an active driver of the Gigabit Society, in Germany. This goal is based on its own telecommunications network and the annual increases in the volumes of fiber-optic connections that are implemented. The segment operates one of Germany’s largest fiber-optic networks, with a length of over 66,000 km. This network infrastructure offers the opportunity to systematically continue to expand the data and infrastructure business for self-employed people, small and medium-sized enterprises, large enterprises, public institutions, local authorities and communal enterprises, and schools, and to protect it with customized IT security solutions.
As a material driver of network expansion, the Business Access Segment focuses on two business areas that it identified in recent years. In the first business area, the Business Access Segment acted as an infrastructure service provider, constructing data centers and fiber-optic connections for antenna locations belonging to the Company’s own-brand 1&1 mobile network. This expansion opened up synergies for the Business Access Segment with respect to its own network expansion and opportunities to connect additional business customers. In the second business area, new regional expansion clusters are specifically connecting customers in selected industrial estates to the fiber-optic network. This targeted expansion offers enhanced scalability and connections that are more efficient for the Business Access Segment and hence more cost-effective for customers.
The services that build on the fiber-optic network range from the higher bandwidth offered by location connections compared to DSL or cable down to cybersecurity solutions. In this way, United Internet is helping to promote Germany’s digital transformation. The high transmission rates, high bandwidths, and stable latencies offered by fiber-optic connections make it possible or easier for companies to use cloud services, big data, or AI applications, facilitating the development of new products and services. Fast internet links and location connections improve communication and cooperation and make efficiency increases possible, whereas companies that have a better digital infrastructure find it easier to leverage digital or international market opportunities and to remain competitive. For public sector companies and institutions, fiber-optic connections offer the chance to digitalize administrative and service processes. For schools and educational institutions, the fiber-optic internet provides the technical basis for using digital learning and teaching methods to create more modern and more successful educational content.
A number of different actions were taken in fiscal year 2024 to expand the Company’s own network infrastructure and to drive forward digitalization of small enterprises, companies, and public institutions:
As is the case with conventional mobile networks, ensuring the security of OpenRAN networks requires in-depth risk assessment and continuous monitoring of all security-related facilities and systems. The detailed risk assessments were performed by a third-party general contractor that operates an ISO 27001-certified security management system. Not only is the OpenRAN technology from the 1&1 brand, which belongs to the Company, independent of dominant Chinese manufacturers, but its cloud-native network architecture is application-ready in real time without the need for modifications. All network functions are managed by software in the brand’s private cloud. The Consumer Access Segment has already commissioned more than 200 of the roughly 500 decentralized far-edge data centers planned by 2030 for this. Only fiber-optic connections and gigabit antennas are used throughout the network.
An infrastructure project of this size inevitably involves challenges. At the end of May 2024, the mobile network belonging to the Company’s 1&1 brand experienced a temporary disruption. The fault clearance work revealed that core components in the two core data centers made available up to that point had not been designed at a scale to sufficiently accommodate continuing network growth. The fact that certain network components were not sufficiently scaled also temporarily restricted the planned migration of existing customers to the 1&1 mobile network. The migration was fully resumed in the fourth quarter of 2024, after a number of measures had been implemented and upgrades made. In the meantime, four core data centers are operational, creating the necessary redundancies and hence reliable stability in the 1&1 mobile network.
The national roaming partnership with Vodafone started at the end of August 2024. It provides mobile communications customers with access to the 5G network – currently the highest available mobile communications standard. This enables customers in regions where the Consumer Access Segment is not yet able to provide coverage during the expansion phase of the 1&1 Open-RAN network to nevertheless use 5G. At the same time, continuing to expand the Consumer Access Segment’s mobile network as fast as possible and to make the Open-RAN technology available in more and more areas remain a core goal.
United Internet has developed an AI Guideline so as to discharge its responsibility to address AI ethically and in a legally compliant manner. The Guideline sets out general principles for United Internet’s use of AI technologies. The goal of the Guideline is to create a Group-wide framework for addressing AI technologies in a legally complaint, ethical manner. In particular, it aims to work towards implementing the requirements of Regulation (EU) 2024/1689 (the Artificial Intelligence Act, or AI Act for short) in all Group segments. It is binding on the Corporate, Consumer Applications, and Business Access segments, and serves as a recommendation for the other segments. The Business Access Segment already developed a framework in the form of working instructions back in fiscal year 2023 so as to create a basic security level for deploying AI and at the same time to increase security in handling generative AI. The Business Applications Segment has also implemented its own guidance in line with the guideline.
The Guideline assigns responsibility for implementing the AI Act and the AI Guideline to corporate management at the Group companies and also sets out responsibilities for monitoring implementation of the Guideline . The Guideline is based on the four ethical principles drawn up by the European Commission’s Expert Group on Artificial Intelligence: respect for human autonomy, prevention of harm, fairness, and explicability. The Guideline states that these principles should be applied at United Internet when dealing with AI systems. The key obligations set out in the AI Guideline are as follows:
The AI Guideline has currently been submitted to the management boards and is to take effect as soon as possible after approval. Most requirements must be implemented by the companies concerned by August 2 , 2026, although individual requirements (such as training measures) have to be implemented earlier, in line with the deadlines specified in the AI Act.
Since AI systems are also software products, they are already covered by the software approval processes in force in the individual segments today. These focus in particular on checking data privacy and IT security aspects and, where necessary, on prescribing risk mitigation measures. The Legal AI Management expert group, which comprises representatives from Corporate Privacy and Corporate Legal, is currently working on rules that will specify additional checks where necessary. These will be used to integrate specific aspects of the AI Act into the process.
The AI Guideline and the guidelines to be issued to implement it will provide greater clarity about the legal and ethical use of AI applications. The training policy already mentioned will also contribute to this, and will also address the risks associated with handling publicly available AI systems.
Links
Downloads
