Sustainability Accounting Standards Board (SASB) Index



The Sustainability Accounting Standards Board (SASB) provides a collection of industry-specific standards to help measure and communicate performance on environmental, social and corporate governance (ESG) topics.

Inclusion of information in this index should not be construed as a characterization of the financial materiality or impact of that information. Please see our corporate Annual Report or Form 10-K for the year ended December 31, 2021 and other publicly-filed documents available at

In July 2021, we completed a transaction with TPG Capital involving our North America video business – including DIRECTV, AT&T TV and U-verse – to form a new​ company called DIRECTV. In November 2021, we completed the sale of our Latin America video operations, Vrio, to Grupo Werthein. In April 2022, we completed a​ transaction to combine our WarnerMedia segment, subject to certain exceptions, with a subsidiary of Discovery Inc. In June 2022, we completed the sale of the​ programmatic advertising marketplace component of Xandr Inc to Microsoft.

HTML Editor Component
*Contents may not have visible height



Telecommunication Services

SASB Code(s)

SASB Requested Metric(s)

AT&T Response


Wireless subscribers

Total N. America wireless customers: 222.153 million

  • U.S.: 201.791 million
  • Mexico: 20.362 million

Please see our Q4 2021 Earnings Statement.


Wireline subscribers

Total voice connections: 9.510 million

  • Network Access Lines: 6.177 million
  • U-verse VoIP Connections: 3.333 million

Please see our Q4 2021 Earnings Statement.


Broadband subscribers

Global broadband subscribers: 15.504 million

Please see our Q4 2021 Earnings Statement.


Network traffic:
  • Percentage on cellular network
  • Percentage on fixed network

In Q4 2021, our advanced network carried more than 484 petabytes of traffic on an average business day.

AT&T is not able to provide further breakdown of this data as requested, as it is proprietary and confidential.

For more information, please see our Network Quality & Reliability issue brief.


  • Total energy consumed (GJ):
  • Percentage grid electricity
  • Percentage renewable energy
  • Data center PUE
  • Total energy consumed: 61.2 million GJ*
  • Percentage grid electricity: 80.6%*
  • Data center Power Usage Effectiveness (PUE): 1.58

We continue to be one of the largest corporate purchasers of renewable energy in the United States. AT&T is currently ranked 8th on the EPA’s Green Power Partnership Fortune 500 Partners List. In 2021, we supported the production of more than 2.3 billion kWh of renewable energy.

The energy production of our domestic renewable energy portfolio (both on- and off-site) is more than 2.5 billion kWh annually, with more than 5.7 million kWh coming from on-site sources.* Most of our renewable energy now comes from off-site solar and wind contracts currently in production, along with hydropower received through supply contracts.

For more information on AT&T’s energy use and programs, visit our Energy Management issue brief.

* All 2021 data is inclusive of all operations (DIRECTV, Vrio and WarnerMedia).


Description of policies and practices relating to behavioral advertising and customer privacy

AT&T privacy policies associated with the company’s apps and services are accessible directly from within those apps and through other appropriate means, such as the website of the service. Through these policies, consumers can learn about their choices for opting out of certain data collection and marketing programs, such as behavioral advertising. Consumers can view the AT&T Privacy Center online. Also, consumers can send questions or feedback on our privacy policies at any time, either by emailing or writing us at AT&T Privacy Policy, Chief Privacy Office, 208 S. Akard St., Room 2100, Dallas, TX 75202.

Likewise, when we make updates to our privacy policies, we appropriately notify our consumers (via their bill, direct mail, email or text), to provide them with resources to understand the changes made and explain the changes on notices available on our Privacy Center websites.

AT&T is committed to compliance with applicable privacy laws and regulations in domestic and international markets where we operate. The AT&T Communications Privacy Center includes a Global Approach section, which details our compliance with regulations in geographic areas throughout the world. We have identified the common elements of numerous privacy laws and extended these to support our products and services around the world. We also account for unique, additional or variant aspects of the laws of each country in which we offer services.

For more information on AT&T’s data protection and security practices, please see our Privacy issue brief.


Number of customers whose information is used for secondary purposes

  • Percentage who have opted-in


AT&T is not able to provide this data, as it is proprietary and confidential.


Total amount of monetary losses as a result of legal proceedings associated with customer privacy

AT&T is not able to provide this data, as it is proprietary and confidential.


Number of law enforcement requests for customer information:
  • Number of customers whose information was requested
  • Percentage resulting in disclosure

Like all companies, we are required by law to provide information to government and law enforcement entities, as well as parties to civil lawsuits, by complying with court orders, subpoenas, lawful discovery requests and other legal requirements. Twice a year, we issue a Transparency Report listing (1) specific data regarding the number and types of legal demands to which we responded for the prior 6 months that compelled AT&T to provide information about (a) communications or (b) our customers, as well as (2) information permitted by law to be disclosed about Foreign Intelligence Surveillance Act demands.

The Transparency Report also provides information about legal demands that were partially or completely rejected, and for which no data was provided.

AT&T does not currently disclose the number of individual customers whose records were requested.


Number of data breaches:
  • Percentage involving customers’ personally identifiable information (PII)
  • Number of customers affected

AT&T is not able to provide information on data security breaches, as it is proprietary and confidential.

While we work hard to safeguard the privacy of consumer and employee information, there are occasions when unauthorized parties attempt to gain access to our consumers’ or employees’ information. In partnership with stakeholders such as the AT&T Chief Security Office, our Corporate Compliance Office provides oversight of privacy and security incidents, including periodic testing of incident response plans. The AT&T Incident Response team follows a carefully designed governance structure and response process for these incidents, investigating suspected breaches and evaluating their potential impact. If we determine that a data breach has occurred, we notify affected consumers and authorities as required by applicable law.

For more information on our data protection and security practices, please see the AT&T Privacy Center website and our Privacy or Network & Data Security issue brief.


Description of approach to identifying and addressing data security risks, including use of third-party cybersecurity standards

AT&T has developed and maintains the AT&T Security Policy and Requirements (ASPR), a comprehensive set of security control standards based, in part, on leading industry standards such as ISO/IEC 27001:2013. ASPR also aligns with laws and standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and NIST 800-53, as well as the European Union’s General Data Protection Regulation (GDPR), Criminal Justice Information Services (CJIS) Security Policy, and the California Consumer Privacy Act (CCPA).

AT&T also performs annual third-party certifications/audits – such as those for the Payment Card Industry (PCI) Data Security Standard, the Information Security Standard (ISO/IEC 27001), Sarbanes-Oxley Act (SOX) and SSAE 18/ISAE 3402 (SOC) and the Quality Management Standard (ISO 9001)*– to demonstrate compliance to our customers and our stakeholders.

AT&T maintains two global ISO/IEC 27001:2013 certifications. The scope of these certifications covers the AT&T global IP infrastructure and certain customer-facing products and services.

For details on our managerial approach to security, please see our Network & Data Security issue brief.

* ISO 9001 certification is applicable in the following areas within AT&T: Network Operations, Supply Chain, and Government Solutions.


Materials recovered through take back programs, percentage of recovered materials that were:

  • Reused
  • Recycled
  • Landfilled

Materials from take-back programs:

  • Reused or sold: 87%
  • Recycled: 13%
  • Landfilled: 0%

To ensure responsible recycling, all our device recycling and salvage vendors in the U.S. are R2 certified. The R2 Standard for electronics recycling and refurbishment facilities covers areas such as worker health and safety, environmental protection, chain-of-custody reporting and data security.

AT&T works with Sustainable Electronics Recycling International (SERI), the housing body for the R2 Standard. We participate on SERI’s R2 Technical Advisory Committee, which works to develop standards updates that maintain leadership in the electronics recycling value chain.

For more information, please visit our Product Life Cycle and Waste Management issue briefs.


Total amount of monetary losses as a result of legal proceedings associated with anti-competitive behavior regulations

For the fiscal year 2021, AT&T had no material losses related to litigation or to non-appealable regulatory decisions involving anti-competitive behavior.


Average actual sustained download speed of:
  • Owned and commercially associated content
  • Non-associated content

AT&T does not favor certain websites or internet applications by blocking or throttling lawful internet traffic on the basis of content, application, service, user or use of nonharmful devices on its broadband internet access services.

In the provisioning of broadband internet access services, AT&T does not directly or indirectly favor some traffic over other traffic in exchange for consideration from a third party or to benefit an affiliate, except to address the needs of emergency communications, law enforcement, public safety (including FirstNet), or national security authorities, consistent with or as permitted by applicable law.

For more information on our approach to network traffic management, see the AT&T Broadband Information: Network Practices webpage. 

For information on the expected and actual performance of our wireline and mobility network services, see the AT&T Broadband Information: Performance Characteristics webpage. 


Description of risks and opportunities associated with net neutrality, paid peering, zero rating, and related practices

For information on the topics, see AT&T’s public policy statements about net neutrality and network-to-network connections on the AT&T Public Policy Blog, and the AT&T Global IP Network Peering Policy.


  • System average interruption frequency
  • Customer average interruption duration
  • System average interruption frequency: 0.000627294
  • Customer average interruption duration: 0.055291054
  • System average interruption frequency = total unplanned interruptions / total customer ports
  • Customer average interruption duration = total unplanned interruption duration (minutes) / total customer ports


Discussion of systems to provide unimpeded service during service interruptions

At AT&T, we design our network and operations to be resilient – so we’re prepared to provide essential communications and data connectivity for our customers and communities, even before disaster strikes. Our global team of certified and experienced business continuity experts, led by our President – Network Engineering and Operations, works to maintain operations of key business processes by utilizing documented business continuity strategies, plans and procedures that are updated and exercised on an annual basis, or more frequently as business conditions require. Regular reports on our business continuity efforts are shared with the Audit Committee of the AT&T Board of Directors.

The AT&T Business Continuity Management Program is certified to the international business continuity standard, ISO 22301:2012. It is also aligned with the Disaster Recovery Institute International (DRII) Professional Practices, Business Continuity Institute Good Practice Guidelines, Department of Homeland Security National Incident Management System and ISO 31000. Our alignment with these standards demonstrates our ability to resume business operations and deliver customer service in the vital hours and days after a disaster.

Our systems collect billions of service-assurance measurements across our wired and wireless network every hour and make adjustments as needed to improve service. We aggregate and analyze this data in near real-time to derive insights that help manage our network, improve performance and deliver the best possible customer experience. To learn about our network management policies, see our Network Practices.

If disruption occurs, network technicians – and if needed, our Network Disaster Recovery personnel and fleet – are deployed to rapidly restore communications to affected areas. For additional details on our managerial approach, please see our Business Continuity, Longevity & Innovation and Network Quality & Reliability issue briefs.