Sitowise Group Oyj

Governance Information • Mar 30, 2023

Corporate Governance Statement 2022

Corporate Governance Statement 2022

1. Introduction

Sitowise Group Plc (hereinafter referred to as 'Sitowise ' in respect of the entire group and as 'Company' in respect of the parent company alone) complies with the Securities Market Association's Finnish Corporate Governance Code 2020 for Finnish listed companies, which is publicly available at www.cgfinland.fi. Sitowise complies with the recommendations of the Finnish Corporate Governance Code without exception.

This Corporate Governance Statement ("CG Statement") is separate from the Board of Directors' report of the financial period from 1 January to 31 December 2022, and both documents can be found together with the Annual Report on Sitowise's website at www.sitowise.com. This CG Statement has been reviewed by the Audit Committee of Sitowise's Board of Directors and approved by the Board. Sitowise's auditor has verified that the CG Statement has been issued and confirmed that the description of the main features of the internal control

and risk management systems relating to the Company's financial reporting process is consistent with the description included in the Company's financial statements.

Sitowise adheres to good corporate governance by complying with all applicable laws and regulations and by implementing the recommendations for good corporate governance. The Company's corporate governance system complies with the Company's Articles of Association and in particular with regard to the Finnish legislation the Limited Liability Companies Act, the Accounting Act, laws governing the securities market and other rules and regulations related to the corporate governance of public limited liability companies. During the financial year 2022, Sitowise's vision was to be the most responsible partner in developing a prosperous living environment and Sitowise was also guided by the Company's strategy, values and internal operating principles.

2. Descriptions Concerning Corporate Governance

Name Year of birth Education Main occupation Assessment by the Board of Directors of each director's independence of the Company and of any significant shareholders Shares of each director and corporations over which he/she exercises control in the Company at the end of the financial period Eero Heliövaara 1956 M.Sc. (Economics and Business Administration), M.Sc. (Technology) Professional Board Member Independent of the Company and of any significant shareholders Shareholding: 92,520 shares, of which 64,520 through Heliocabala Oy Leif Gustafsson 1967 Bachelor of Civil Engineering Professional Board Member Independent of the Company and of any significant shareholders Shareholding: 20,000 shares Taina Kyllönen 1967 M.Sc. (Economics and Business Administration) Director of Communications and Community Relations at the University of Helsinki Independent of the Company and of any significant shareholders Shareholding: 9,320 shares Mirel Leino-Haltia 1971 D.Sc. (Economics and Business Administration), CFA Professional Board Member, professor of Practice at Aalto University School of Business Independent of the Company and of any significant shareholders Shareholding: 5,500 shares Elina Piispanen 1963 M.Sc. (Economics and Business Administration) Professional Board Member Independent of the Company and of any significant shareholders Shareholding: 70,000 shares, of which 50,000 through Fit Advice Oy Petri Rignell 1962 M.Sc. (Technology) Professional Board Member Independent of the Company and of any significant shareholders Shareholding: 80,340 shares, of which 30,340 through PriRock Oy Tomi Terho 1984 M.Sc. (Economics and Business Administration) Partner in Intera Partners Oy Independent of the Company but not of significant shareholders Shareholding: 0 shares

BIOGRAPHICAL DETAILS OF THE BOARD OF DIRECTORS

The members of the board of directors have no share-based rights, and they or the entities they control do not have shares or sharebased rights in other group companies of the Company.

DESCRIPTION OF THE OPERATIONS AND COMMITTEES OF THE BOARD OF DIRECTORS

The Board of Directors has general competence to decide and act in all matters not reserved for other corporate governing bodies by law or under provisions of the Company's Articles of Association. The Board of Directors prepares for its work an annual clock according to which matters are handled. The Board of Directors convenes monthly and otherwise when needed. The Board of Directors convened 25 times during the financial period from 1 January to 31 December 2022 and Eero Heliövaara, Taina Kyllönen, Mirel Leino-Haltia, Petri Rignell, and Tomi Terho have participated in all meetings, Elina Piispanen in 24 meetings, and Leif Gustafsson in 23 meetings. The charter of the Board of Directors can be found on Sitowise's website.

Sitowise's Board of Directors has four committees: Audit Committee, Personnel Committee, Nomination Committee and Acquisitions Committee. Each committee has its own charter, and the charters can be found on Sitowise's website.

With regard to financial reporting and audit, the duty of the Board of Directors is in particular to monitor and assess Sitowise's financial reporting system, and the efficiency of internal controls, internal audit, and risk management systems. The Board shall also monitor audit, the independence of the auditor and that the auditor's non-audit services are compatible with the auditor's independence. The Board shall also prepare the appointment of the auditor. Preparation of matters relating to these duties is the responsibility of the Audit Committee.

The Audit Committee consists of Mirel Leino-Haltia (chair as of 28 February 2022), Taina Kyllönen and Tomi Terho (chair until 28 February 2022). The committee convened eight times during the financial period from 1 January to 31 December 2022, and Mirel Leino-Haltia and Taina Kyllönen participated to all meetings, Tomi Terho to seven meetings. The Audit Committee is responsible for the mandatory duties laid down in the Finnish Auditing Act and the EU Audit Regulation relating to, for example, preparing the appointment of an auditor, monitoring the services offered by the auditor and evaluating the independence of the auditor, and auditing itself. The Audit Committee handles the auditor's report, possible audit minutes and the audit report presented by the auditor to the Audit Committee and prepared to the Board of Directors. If necessary, the Audit Committee discusses any key items arising in the course of the aforementioned duties with the auditor. Additionally, the Audit Committee is responsible for ensuring that the corporate governance system, supervision and risk management are in accordance with the Limited Liability Companies Act, including for example proposals to the Board

regarding the internal audit charter and plan, establishing principles concerning the monitoring and assessment of related party transactions and participating in reviewing major legal disputes and other legal matters.

The Personnel Committee consists of Eero Heliövaara (chair), Elina Piispanen and Leif Gustafsson. The committee convened seven times during the financial period from 1 January to 31 December 2022, and all the members were present. The Personnel Committee is responsible for recommending and evaluating executive nominations and compensations including CEO's, evaluating the performance of the CEO, and making recommendations to the Board on compensation matters regarding the members of the management team and with regard to the group's remuneration systems. In addition, the Personnel Committee may discuss and handle matters relating to Sitowise's corporate culture and the development of its personnel policy. The Board appoints the CEO and approves his/her compensation as well as the nomination and compensation of the other members of the group management team. The Personnel Committee is also responsible for the preparation of a policy and report concerning the remuneration of the Board of Directors, CEO and deputy CEO's.

The Acquisitions Committee consists of Tomi Terho (chair as of 20 April 2022), Eero Heliövaara (chair until 20 April 2022), Leif Gustafsson, and Petri Rignell (as of 20 April 2022). The committee convened eight times during the financial period from 1 January to 31 December 2022, and Tomi Terho and Eero Heliövaara participated to all meetings, Leif Gustafsson to four meetings, and Petri Rignell to all meetings during his term. The Committee assists the Board of Directors in the acquisition strategy and in the execution thereof.

The Nomination Committee consists of Eero Heliövaara (chair), Petri Rignell and Tomi Terho. The committee convened once during the financial period from 1 January to 31 December 2022, and all the members were present. Sitowise does not have a shareholders' nomination board. The Nomination Committee is responsible for preparing proposals regarding the election and remuneration of the members of the Board of Directors for the Annual General Meeting and, when necessary, the Extraordinary General Meeting, as well as for identifying potential candidates for the Board of Directors. The Nomination Committee must ensure that the Board of Directors and its members maintain and represent sufficient expertise, knowledge, competence and diversity.

PRINCIPLES CONCERNING THE DIVERSITY OF THE BOARD OF DIRECTORS

The duties set out for Sitowise's Nomination Committee in its charter include, among other things, the preparation of proposals to the General Meeting relating to the nomination of directors and the identification of potential candidates. In order for both genders to continue to be represented on the Company's Board of Directors, the charter of Sitowise's Nomination Committee stipulates that both genders must be represented on the Board and that the Nomination Committee must ensure that the Board and its members maintain and represent sufficient expertise, experience, competence and diversity. The Nomination Committee's charter also stipulates that the Board as a whole must have sufficient experience and competence in, among other things, Sitowise's business and business sector, the management of public limited liability companies, corporate governance and financial administration, and corporate transactions. The selection of Board members is based on candidates' background and ability to understand Sitowise's current and future markets, strategy, employees and customers. The Board must collectively have experience in various markets and in important issues such as

digitalization and corporate responsibility. The most important criteria for candidates for Board membership are competence, experience, personal qualities and reliability.

Of the seven members currently serving on Sitowise's Board of Directors, three are women, and both genders are therefore represented. The educational background of the current Board members is commercial or technical and their work experience ranges from universities and construction to consulting, investor relations and finance industry. The age range of the directors is wide, as they were born in four different decades. There are two different nationalities represented on the Board: Finnish and Swedish.

The Company recognizes that the diversity of the Board of Directors supports Sitowise's business operations and development and that the diversity of the know-how, experience and opinions of the directors promotes the ability to have an open-minded approach and innovative ideas.

CEO

Pekka Eloholma (M.Sc. (Technology), born in 1960) was Sitowise's CEO since 2019 until 30 April 2022. Heikki Haasmaa (M.Sc. (Technology), born in 1978) was elected as CEO of Sitowise in January 2022 and he started in the position on 1 May 2022. Haasmaa's total shareholding amounts to 60,000 shares, and he has 160,000 options. Regarding compensation of the CEO, please see the remuneration report concerning the accounting period 2022 which is a part of the annual report. The CEO sees to the daily administration and oversight in accordance with the Limited Liability Companies Act as well as the powers

GROUP MANAGEMENT TEAM

The CEO is assisted in the daily administration by a group management team, the biographical details of whose members are given below. The group management team sees to the strategic and operative guidance of the group in accordance with the guidelines given by the Board of Directors. Its duties include among other things setting up, following up and guidance to the

conferred on him and the guidelines given by the Board of Directors. The CEO leads and supervises the business activities of the group, which includes among other things seeing to the group strategy process and legality of book-keeping and reliable organization of asset management, as well as acting as chairman of the group management team and supervisor of the group management team members. The CEO takes care that the members of the Board of Directors receive all information that the Board of Directors needs in order to see to its duties.

strategic development projects, steering of strategic client relations and sales guidance, approval of action plans of business areas and group services, risks and possibilities management, and approval of significant changes to the operating system principles.

Name and role in the organization	Year of birth	Education	Shares and share-based rights of each member and corporations over which he/she exercises control in the Company at the end of the financial period
Jonas Larsson, Head of Swedish Operations	1970	Master's degree in Sustainable Product Development	Shareholding 10,000 shares, 28,000 options
Taija Lehtola, Chief Human Resources Officer	1973	Master's degree in Economics and Business Administration	Shareholding 18,000 shares, 36,000 options
Hanna Masala, CFO	1976	Master's degree in Finance	Shareholding 9,000 shares, 36,000 options
Jannis Mikkola, Business Director, Infrastructure Solutions, Executive Vice President	1973	M.Sc. (Technology)	Shareholding: 356,740 shares, options: 36,000
Timo Palonkoski, Business Director, Building Solutions, Executive Vice President	1982	Master of Engineering	Shareholding: 154,000 shares, options: 36,000
Turo Tinkanen, Chief Information Officer	1982	Bachelor of Engineering in Telecommunications	Shareholding: 52,000 shares, options: 14,400
Minttu Vilander, Chief Communications and Corporate Responsibility Officer	1981	Master of Arts	Shareholding: 19,200 shares, options: 14,400
Teemu Virtanen*, Business Director, Digital Solutions	1972	M.Sc. (Technology)	Shareholding: 170,000 shares, options: 36,000

* Teemu Virtanen's employment at Sitowise ended on 31 December 2022.

The group management team or the entities they control do not have shares or share-based rights in the group companies of the Company. The group management team is not a governing body within the meaning of the Limited Liability Companies Act.

3. Descriptions of Internal Control Procedures and the Main Features of Risk Management Systems

This CG Statement includes among other things descriptions of the main features of the internal control and risk management systems relating to the financial reporting process, i.e. information on how the Company's internal control and risk management systems ensure that financial reports disclosed by the Company provide in all material respects true and accurate information about the Company's financial position. The aforementioned information is issued at the group level, i.e. the CG Statement describes how the reliability of the financial reporting of group companies is ensured at the group level. The intention is not to give a description of the financial reporting process or the details of the systems.

Sitowise's Board of Directors takes care that the group has defined the operating principles for internal control and that the functioning of the internal control is monitored. The purpose of the operating principles for internal control is to ensure that the objectives relating to matters such as the group's strategy, operations, practices, and especially financial reporting, are achieved, and that laws and regulations are complied with. The internal control framework of Sitowise group is based on group's values, code of conduct, policies, charters and guidelines.

Sitowise's risk management is integrated into the group's management, monitoring and reporting systems. Risk management covers the identification of risks, the assessment of the relevance of risks and the definition of the necessary management measures, and if necessary, separate contingency plans. In accordance with the group's risk framework, risks are divided into strategic, financial, operational, and damage risks.

The risk management actions are targeted on the most significant risks on each level. Necessary actions are decided case-by-case. For each case, there is a person responsible of the planning, implementation, and monitoring of the actions and their effectiveness.

In practice, risk management is implemented on three main levels: 1) Sitowise group level risk management is carried out in accordance with annual clock through group's annual risk assessment. Its results are reported to the group management team which decides on key risks and their management actions. Status reports are presented to the Board of Directors. 2) Assessment of the key risks is continued on the business area and group services level, and actions needed are identified. Risk monitoring is performed among other things as part of the followup of action plan implementation. 3) The risk management of Sitowise's offers and projects is based on a risk-based project classification. The classification specifies the level of risk management needed in a certain project. The purpose is to focus risk management on those projects and themes that are most critical to the project's progress and achievement of the set goals. Risk identification, assessment and management is separately carried out regarding acquisitions.

Risk management procedures have been discussed and their adequacy has been assessed in connection with audit and external audits. In addition, the management of offer and project operations risks, and complaints are developed together with the insurance company, e.g. through training. In project operations, risk management measures are implemented together with customers, if needed. More information is available at our website https://www.sitowise.com/investors/governance/riskmanagement.

Compliance of Code of Conduct and other instructions and laws applies to all Sitowise employees, units, business areas and boards of directors of Sitowise Group Plc and its subsidiaries. The CEO has overall responsibility of the risk management. The CEO is responsible for organizing operations and implementing the main principles of risk management, as well as reporting to the Board. The Group Management Team is responsible for the implementation of risk management, meaning the identification of the group's risks, the monitoring and assessment of risks and measures related to risks. Management of the business area is responsible for managing the business area specific risks, as well as the risks of offer and project activities. Actions include ensuring adequate insurance to cover project assignments. The Board's Audit Committee is responsible for ensuring that the corporate governance system, supervision and risk management are in accordance with the Limited Liability Companies Act. The duties of the Audit Committee are described in more detail in the chapter above concerning the committee and in its charter. Sitowise's

Board of Directors has responsibility for assessing and monitoring the financial reporting system, the efficiency of internal control, internal audit and risk management as well as how agreements between the Company and its related parties meet the requirements of the ordinary course of business and arm's-length terms.

Sitowise sees the risk management and internal control that ensures the accuracy of financial reporting as an organizational, functional, and system-based process that runs through all of its operations. The Company's financial performance is reviewed at regular intervals. In addition to continuous monitoring by the finance function, the financial performance of the group companies is reported and analyzed internally monthly and the Company's group management team, led by the CEO, conducts monthly reviews of the Company's financial figures and parameters, which the CEO presents to the Board of Directors once a month. The group has uniform requirements for the financial information to be reported. The group management team also handles selected project-specific details. The parent company publishes interim reports, half-year reports and financial statement releases quarterly. The Audit Committee reviews the interim report, the half-year report and the financial statement, which are approved by the Board of Directors.

To ensure accuracy of the reporting, there are analysis and control points on business area, company- and group-level. The financial forecasts are updated to the Board quarterly, but the profit forecast can be followed continuously. The annual budget is handled by the Board on a framework level and in preliminary and final forms, the latter of which is approved. Organizationally, risk management and internal control are implemented through authorizations and capping of those powers starting with the delegation of the CEO's powers by Sitowise's Board of Directors, based on which the CEO grants the authorizations, powers and limitations to Sitowise Group Plc and its subsidiaries.

Job descriptions and system user rights related to purchases and payments are appropriately segregated within the financial function (appropriate segregation of duties). On a system-level, internal control and risk management are implemented through controls built into the financial systems. The controls are reviewed in the audit during the accounting period. The purpose for the control measures is to ensure that possible errors or deviations are prevented or are observed and repaired.

The Company's Board of Directors has approved the audit plan with the audit focus areas for the financial period 2022. The audit plan includes among other things the audit during the financial period and the auditor has reported his findings to the Audit Committee. There were no significant findings in the audit during the financial period or in the financial statement audit.

4. Other Information to be Provided in the CG Statement

INTERNAL AUDIT

The duty of the internal audit is to evaluate, among other things, the appropriateness and functioning of the Company's internal control system, risk management, and the management and corporate governance processes. The internal audit is a mean to support the development of the organization and it improves the efficient fulfilment of the supervision obligation of the Board of Directors.

The internal audit work is conducted by an external partner, supported by group services of Sitowise. The duties of the Audit Committee include approving the internal audit charter, audit activities, the allocation of resources to the internal audit and the audit plan and following up its execution, as well as evaluating the quality, scope and summary reports of the internal audit and the management's views relating to the internal audit. The responsibilities of the internal auditor are set out in the Company's Internal Audit charter.

In accordance with the Sitowise's internal audit charter, the internal auditor has composed a risk-based rolling annual plan for years 2021–2023 which is reviewed by the Board of Directors. Topics for the internal audit concerning the year 2022 have been

approved by the group management team and the Board of Directors.

The main principles applied in the internal audit, such as the reporting principles, include the following:

• The purpose of internal audit is to act as an independent and objective function.
• To ensure organizational independence, the audit function reports to the audit committee of the Board of Directors.
• The scope of internal audit work includes coverage of material risks which could impact the accomplishing of business objectives of Sitowise.
• The internal audit report contains management's comments with corrective actions taken or action plans with a timeframe for the anticipated completion with regard to internal audit's specific observations and identified opportunities for improvement, if applicable.
• The Audit Committee follows up together with internal audit the management implementation of observations and identified opportunities for improvement. Observations based on a reporting criteria framework will remain as open issues until cleared.

PRINCIPLES FOR RELATED PARTY TRANSACTIONS

The Company defines the related parties of the Company in accordance with the Limited Liability Companies Act (IAS 24) and keeps a list of its related parties. The Company's related parties include the subsidiaries, a stake in Fimpec Group Oy which is considered an investment, members of the Company's Board of Directors, the CEO and members of the group's management team, and management's family members and the companies they control.

Sitowise's Board of Directors has defined the principles for the monitoring and evaluation of related party transactions as follows:

• The Board assesses and monitors how agreements and other legal acts between the Company and its related parties meet the requirements of the ordinary course of business and arm's-length terms.
• The Board of Directors decides on related party transactions that are not conducted in the ordinary course of Sitowise's business or that are not implemented in arm's-length terms.
• The Board of Directors takes into account in its decision-making the provisions of the Limited Liability Companies Act on conflicts of interest, because Board members cannot participate in the decision-making

when it concerns themselves or a transaction with one of their related parties if that transaction is not in the Company's ordinary course of business or implemented in arm's-length terms.

• The duties of the Audit Committee include overseeing transactions with related parties and reporting potential conflicts of interest, as well as determining the principles for monitoring and evaluating related party transactions for approval by the Board.
• The Company's finance department makes regular checks based on the list of related parties as to whether any transactions with related parties have taken place.

Sitowise Group Plc

Linnoitustie 6D, FI-02600 Espoo

Company-ID 2335445-0, Domicile Espoo, Finland Email firstname.lastname@sitowise.com

Sitowise has a small number of related parties that are not group companies, and there were no other transactions with these parties during the financial period except as reported in the consolidated financial statements' notes 6.3 regarding the accounting period 2022. This is why the Company prioritizes keeping its list of related parties up to date and controls related party transactions by knowing the operations of its related parties. In the event that a potential related party transaction is identified, the group's legal counsel as the person responsible for the Company's related party matters notifies, in confidence, those Sitowise employees who might be involved in the preparation of the related party transaction as to (i) the potential

related party transaction in question, (ii) the need to examine the nature and terms of the transaction particularly carefully, and (iii) the circumstances in which a decision on the transaction must be taken by the Company's Board of Directors. Sitowise has no transactions with private individuals who constitute related parties.

Related party transactions are reported to the CEO and the Board of Directors in connection with the preparation of each interim report and those are included in the notes to interim reports under a separate entry titled 'Related parties'.

For more information on related party transactions, please see the consolidated financial statements' notes 6.3 concerning the accounting period 2022.

MAIN PROCEDURES RELATING TO INSIDER ADMINISTRATION

The Company's insider administration is organized based on the Market Abuse Regulation (MAR), other applicable laws and regulations, and NASDAQ Helsinki Ltd's Guidelines for Insiders of Listed Companies. The group's legal counsel attends to Sitowise's insider administration. The main insider administration procedures are set out in Sitowise's Insider Guidelines and Disclosure Policy, which are published on the Company's website. Sitowise does not have a list of permanent insiders. An individual included in a project-specific insider list is always reminded of the obligations regarding insider information.

Persons discharging managerial responsibilities within the meaning of the MAR include Sitowise's Board of Directors, the CEO and members of the group's management team. Sitowise keeps lists of persons discharging managerial responsibilities, natural and legal persons closely associated to them as well as persons belonging in the scope of closed period, since Sitowise has expanded the group of people who are not allowed to trade during the closed period by also including employees who are not members of the management and other persons who could obtain information about the Company's interim reports or financial statements release prior to disclosure by virtue of their position or duties. The persons on these lists have been informed of their obligations: persons discharging managerial responsibilities and natural and legal persons closely associated to them have been informed of their obligation to notify the Company and the Finnish Financial Supervisory Authority of any transactions relating to the Company's financial instruments, and the people who are not allowed to trade during the closed period have been informed of the applicable trading restrictions.

Sitowise operated a whistleblowing system which can be used for instance for reporting suspected violations of the rules and regulations governing financial markets and market abuse during the 2022 financial period. The system allows those employed by Sitowise and any external persons to report suspected violations anonymously within Sitowise via an independent channel.

AUDIT

Sitowise's auditor was KPMG Oy Ab, with Turo Koila, Authorized Public Accountant, as the auditor-in-charge. The total remuneration paid for the audit for the financial period from 1 January to 31 December 2022 was EUR 146 thousand. The remuneration paid to the auditing firm, KPMG Oy Ab, for non-audit services during the financial period amounted to EUR 275 thousand. Non-audit services mainly consist of tax advice services and services related to mergers and acquisitions. (Notes to the financial statements 2.6.1)