Telecommunications companies

Orange S.A.

Rank: 8th

Score: 36%out of 100

Headquartered in France, Orange provides mobile, landline, broadband, mobile financial services, and B2B services. With 340 million customers in 26 countries across Europe, Africa, and the Middle East, Orange is one of the largest mobile telecommunications companies in the world.

Telefónica1

57%

MTN2

42%

41%

40%

39%

38%

38%

36%

e&9

21%

Axiata10

20%

Bharti Airtel10

20%

Ooredoo12

14%

Orange achieved the greatest transparency gains among the 12 telcos evaluated by RDR. Although the company remained in 8th place, behind its European and U.S. peers, the gap between Orange and those companies narrowed significantly with its progress. It improved its transparency and accountability across advertising, user data management, and compliance practices which has increased its overall score. Orange also reaffirmed its commitment to net neutrality and enhanced security oversight through third-party security audits and ISO certifications.

In business, Orange expanded into the security sector, launching a new defence and homeland security division in June 2025 to provide connectivity, AI and cybersecurity services to European ministries and security operators. In October 2025, the company strengthened its European footprint by agreeing to acquire the remaining 50% stake in MasOrange for €4.25 billion, consolidating its position in the Spanish market.

This strategic expansion coincided with a series of cybersecurity incidents. In August 2025, Orange confirmed that data of some business customers had been stolen in a ransomware cyberattack. That same month, the company disclosed a separate breach affecting approximately 850,000 Belgian customers. Earlier in July 2025, Orange filed a formal complaint after detecting a cyberattack that disrupted services for business customers in France. The company only committed to notify affected users and relevant authorities “when Orange is legally or contractually required to do so.”

Orange also faced significant regulatory scrutiny. In late 2024 and January 2025, the French regulator fined Orange €50 million for inserting advertisements disguised as emails in its “ Mail Orange” service and for continuing to read cookies without valid user consent. In September 2025, France’s data protection authority closed the injunction after Orange corrected its unlawful cookie practices.

Key takeaways

Orange recorded the largest improvement in its overall transparency among all companies evaluated. It also showed the strongest progress in policies and practices affecting users’ freedom of expression, driven in part by the introduction of new advertising content and targeting policies.

Orange published a “ Data and Artificial Intelligence Ethical Charter” that sets out high-level ethical values and commitments concerning AI. However, these commitments are not anchored in international human rights standards. No evidence showed that the company conducted any risk assessment on its AI practices or algorithmic systems. Orange did not establish concrete, enforceable rules for the design, development and deployment of its algorithmic systems, nor did it clarify whether users’ information is used in its algorithmic model training.

Orange clarified that the authorities may order network shutdowns and described its process for handling such demands. However, the company did not share whether any of its operations across its global markets received shutdown orders from local authorities over the past year. Nor did it publish any data on websites or apps blocked in compliance with government demands.

Key recommendations

Expand the scope of human rights impact assessments. Orange should conduct human rights impact assessments on its policy implementation, its use and development of algorithmic systems, and its targeted advertising policies.

Strengthen transparency and user notification. Orange should commit to clearly notifying users of any changes to its policies, including terms of service, privacy rules, and advertising practices. It should also publish regular, detailed data on content moderation actions, account restrictions, and advertising enforcement measures, enabling greater accountability and public oversight of how its terms are applied.

Clarify privacy policies and practices. Orange should detail how it manages user information, including how it collects user information directly, what profile information it infers, and what user information it collects from third parties. The company should also share if it responds to any private requests for user information, other than the government demands.

Services evaluated:

Orange France (Prepaid mobile)
Orange France (Postpaid mobile)
Orange France (Fixed-line broadband)

Operating company evaluated: Orange FranceFor telecommunications companies, the RDR Index evaluates relevant policies of the parent company, the operating company, and selected services of that operating company.
Market cap: USD 56.93B (as of May 18, 2026)
ENXTPA, based in Paris: ORA
Read more about how stock structures can be a barrier to shareholder participation
Website: https://www.orange.fr

The 2026 RDR Index: Telco Giants Edition covers policies that were active on August 31, 2025. Policies that came into effect after August 31, 2025 were not evaluated for this ranking.

Scores reflect the average score across the services we evaluated, with each service weighted equally.

Lead researchers: Farah Rasmi, Afef Abrougui

Download data and sources

Changes since 2022

Orange published advertising content and targeting policies, detailing what ad content is not permitted on its platform.

The company clarified the legal basis and uniform procedures for responding to government data requests.

Orange updated its data protection policies: it pledged to minimize data collection; broke down user data retention periods for different types of data collected, and offered users with greater control over personal data.

The company reinforced service and regulatory commitments, including compliance with net neutrality regulation of the EU and third-party auditing, such as ISO certification.

Scores since 2017

Most companies’ scores dropped between 2019 and 2020 with the inclusion of our new indicators on targeted advertising and algorithmic systems. To learn more, please visit our Methodology development archive.

Governance

Freedom of expression

Privacy

We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.

Governance 65%

Orange maintained a strong position in the Governance category, ranking 4th among telecommunications companies evaluated, although it did not make any improvement in its governance disclosures this year. The company continued to articulate a clear commitment to freedom of expression and privacy (G1), supported by robust governance oversight of human rights issues (G2). It also provided considerable evidence of conducting comprehensive human rights impact assessments for government regulations, existing products and services, and new initiatives, with slightly less detail for the latter (G4a). Nonetheless, the company did not disclose whether it carried out similar assessments for its own policy enforcement (G4b), targeted advertising practices (G4c) or algorithmic systems (G4d).

Indicators

G1. Policy commitment

83%

G2. Governance and management oversight

100%

G3. Internal implementation

100%

16%

G5. Stakeholder engagement and accountability

50%

39%

Freedom of expression 25%

Orange enhanced its policy disclosures in the freedom of expression category. The company published a brand new ad policy, specifying ad content banned on its platform and explained how targeted ads track users (F1b, F1c, F3b). However, the company failed to release any data around ads it prohibited (F4c), nor did it publish any data about the messages or phone calls blocked to enforce its own policies (F4a, F4b). Orange made a new net neutrality commitment (F9) and indicated that it may receive network shutdown orders from the authorities (F10). Nevertheless, the company’s transparency report did not include numbers of content or services blocked to comply with government demands (F6).

Indicators

58%

40%

21%

F6. Data about government demands to restrict for content and accounts

F7. Data about private requests for content or account restriction

F8. User notification about content and account restriction

17%

F9. Network management (telecommunications companies)

100%

F10. Network shutdown (telecommunications companies)

31%

F11. Identity policy

F12. Algorithmic content curation, recommendation, and/or ranking systems

F13. Automated software agents (“bots”)

Privacy 33%

Despite some progress in this field, Orange continued to lag behind its European and U.S. peers in transparency around user privacy practices. It committed to minimizing user data collection this year (P3a); however, the company did not reveal whether or not it infers any user data (P3b). Orange specified data retention periods for various types of user data, but it did not commit to deleting all user information after users terminate their accounts (P6). Moreover, the company did not clarify whether users can fully opt out from its targeted ads or whether any user data is used to train its algorithmic systems (P7). While its transparency report provided some information about how it handles government demands for user information (P10a) and some data on the volume of such requests (P11a), the report still lacked key details. Orange received regular internal and external security auditing and established a vulnerability reporting center (P13, P14).