31.12.2024

ations of Span Group	111

	117

	118
	120
	121
	123
	124
	146
	161
	192
	207
Board on the
	208
	209
e report for the observed period 214
up and Span d.d.	217

1	Introduction	5
1.1.	Statement by Nikola Dujmović	6
1.2.	About Span	8
1.3.	Overview of operation	40
2	Key features of the period	55
2.1.	Key events in 2024	56
	2.2. Information for shareholders	78
2.3.	Financial indicators for 2024	84
	2.4. Risks	95
3	People and community	103
3.1.	Human resource excellence	104
	3.2. Development of leadership positions in Span	104
	3.3. Successful integrations and promotion of organizational values	104
	3.4. Successful cooperation and enhancing the relationship
	with the academic and IT community	105
	3.5. Span for the education of tomorrow	106
	3.6. Taking care of employees' health and well-being	107
3.7.	Span volunteers: the power of knowledge and community	108
	3.8. Global partnerships for local development	109

4 Key indicators for employees and operations of Span Group 111

5	Processes and technology	117
	5.1. ISO standards	118
5.2.	Partnerships	120
	5.3. Code of Business Conduct	121
6	Sustainability Report	123
	6.1. General information (ESRS 2)	124
	6.2. Environmental information (E1)	146
	6.3. Social information (S1, S3, S4)	161
	6.4. Governance information (G1)	192
7.	Statements	207
	Responsibility Statement of the Management Board on the
	Sustainability Report	208
	Inependent Limited Assurance Report	209
	Statements on responsibility for compiling the report for the observed period 214
8	Audited Financial Reports of Span Group and Span d.d.	217

Introduction

1.1. Statement by Nikola Dujmović

President of the Management Board

The world is flat

Twenty years ago, a famous journalist Thomas Friedman predicted that this century will be marked by breaking down the historical and geographical barriers in his book "The World is Flat: A Brief History of the 21st Century". Breaking down the barriers enables individuals, companies and countries to be globally competitive regardless of the disabilities they had in the past. Friedman warns companies who are reluctant that the power of change will win for sure, and all those reluctant will be left behind. Metaphorically,

the world was becoming more and more flat, and digital technologies significantly contributed to this phenomenon. Language and geographical barriers were disappearing with the acceptance of cloud technologies and AI translators, and the influence was felt in almost all areas of human activities. Although the breaking down of barriers has slowed down, global instability threatens with the return of barriers. We believe that the power of specific changes remains unstoppable, and that the digital technologies and digital industry will continue to grow. This is proved by the results we achieved in 2024, which saw an increase of profitability and all key business indicators. This year, our goal was also to increase consistency and recognisability of the Span brand in the local and international market. That's why we launched a project of change to our visual identity. It was important to us that the new visual identity clearly communicates Span's key values – expertise and innovation, solicitude, honesty and transparency – in a more modern, refreshed way. This report was drawn up according to new standards, and I hope you will like it. New standards are introduced in the

reporting process, as well, so this year we present the first annual report in accordance with the European Sustainability Reporting Standards (ESRS). The entire process of drawing up the non-financial part of the report helped us better understand our business processes and detect key areas for improvement. In 2025, our goal is not only to be in compliance with the regulations, but focus on the elaboration of an overall Sustainability Strategy in accordance with the newly identified material impacts, risks and opportunities.

We were established on 23 March 1993, as a limited liability company. Under the decision of the company's Assembly, we became a joint stock company on 24 December 2019. As professional IT service providers, we design, implement and maintain high-availability systems with the aim of increasing the se-

curity, productivity and success of our users. Our main activities include the provision of services of software asset management and licensing, infrastructure services of design and maintenance of information systems, work in Cloud and cyber security, management of information technology and technical

1.2. About Span

support service centers, as well as the development of software and business solutions. During the 30 years of operation, we have developed from an IT system integrator in Croatia, to a group that today operates on the international market. We are focused on our long-term relationships with customers and we cooperate with leading global and regional corporations. As a leading expert in Microsoft technologies and leading regional Microsoft partner, we are continuously working on improving the knowledge of our employees with the aim of providing higher quality solutions to our customers.

for six solution areas

status for EU/EFTA/Ukraine/ Azerbaijan + BS and CIS

Certified Microsoft Cloud Services Provider

Google Cloud Partner

Dynatrace Master Partner

Certified Gold Partner

Select Consulting Partner

Infrastructure Services, Cloud & Cyber Security

Software and Business Solution Development

Software Asset Management and Licensing

Service Center Management and Technical Support

In the past years, we have recorded a continuing growth of revenues with 74% of our revenues being generated in the international market. As an IT service provider, we successfully monitor and respond to trends in the digital transformation of the operation, and with our work and company values, we try to be an example of the responsible and sustainable operation in Croatia. Today Span has more than 850 developers, IT solutions architects, consultants, IT support specialists, business analysts and researchers. We develop solutions for the fast evolving digital world, from consultation and implementation with regards to Cloud operation, to cyber security and support services.

Company established

386

Successfully completed projects in 2024

24/7

Availability of Span support

238,000+

Resolved tickets in 2024

99.95 %

Incidents resolved in terms of SLA*

Average age of employees

74.06%

Of employees with university or college degree

495

Employees with professional certification

Proactively monitored devices

65,400+

1.2.1. Span in numbers

* Service Level Agreement

We started our journey in 1993 as a license provider and system integrator. Focused on Microsoft technologies, we became the first certified provider of Microsoft solutions in 1996, only to become a Microsoft Certified Solution Provider Partner in 1999. A year later, a Hungarian system integrator, Synergon, joined our ownership structure.

The 1996 to 2001 period saw a significant transformation in the operation. Having ob tained the status of the first Microsoft Gold Partner in Croatia and the leading Microsoft Partner in the Croatian market in 2001, we started providing technical support to cus tomers. At that time, we started offering consultancy services and designing business solutions for our customers.

In the years that followed, we expanded to international markets. We opened affiliated companies in Great Britain, Slovenia, the United States, Azerbaijan, Germany, Ukraine, Switzerland, Moldova, Georgia, and at the end of 2024, we established a company in the Netherlands as well.

One of the goals that we set for ourselves in Span was listing our shares on the regu lated market of the Zagreb Stock Exchange, which we achieved. We became a joint stock company in 2019, and our shares were listed on the Zagreb Stock Exchange in September 2021. By doing so, we started a new devel opment phase of operation oriented to an accelerated organic growth in the existing markets and an opportunity to continue to expand in international markets. Only six months after the Initial Public Offering, our share was included in the CROBEX® and CROBEXtr® indices, whereas in March 2023, it joined the 10 most liquid shares, being listed in the CROBEX10® and CROBEX10tr® indices. In the same year, the largest provider of stock indices on the global level, MSCI, enlisted our share in the MSCI Frontier Market Small Cap Index, which gives it additional visibility with global investors.

We continue to further focus on cloud and cyber security, and in addition to Microsoft as our main partner, we continue to operate with Google, Amazon and other renowned partners. In continuation of the business development plan, in September 2022 we opened Cyber Security Incubator 1 , with a view to providing education, training and consul tancy services to the business community in Croatia and the region. In 2023, we acquired GT Tarkvara, the Estonian leading Microsoft partner, and thus confirmed the strategic direction to further growth and expansion to new markets. In 2024, we also merged affiliated companies Bonsai and Ekobit with Span, combining our offer of software and AI solutions development.

1.2.2. History and development

1 In December 2024, Span Cyber Security Center d.o.o. changed its name to Cyber Security Incubator LLC, but it continues to operate under Span Cyber Security Center brand.

2023

ISO/IEC 22301

Acquisition of GT Tarkvara

12 Microsoft Advanced Specializations achieved

6 Microsoft Solutions Provider designations

Microsoft Partner of the Year - Croatia & Ukraine

Span LLC, Tbilisi, Georgia established

2020

AWS and Google Cloud Services partner

Span LLC, Ukraine awarded best Microsoft partner in Ukraine

Microsoft Partner of the Year – Croatia

2021

McDonald's Global Technology Partner

Microsoft Partner of the Year – Croatia

9 Microsoft Advanced Specializations achieved

Shares listed on Zagreb Stock Exchange

Span-IT SRL, Chișinău, Moldova established

ISO/IEC 14001

ISO/IEC 50001

2022

Cyber Security Incubator established

12 Microsoft Advanced Specializations achieved

Acquisition of Ekobit

Microsoft Partner of the Year – Ukraine

GRIT Award for UN Sustainable Development Goal 8.

2024

Merger of Bonsai and Ekobit

Acquisition of business shares in Trilix

Microsoft Partner of the Year for Croatia

ISO/IEC 42001

First Span Cyber Security Arena conference

Span B.V. established in Amsterdam, Netherlands

1.2.2. History and development

Span d.o.o., Ljubljana Slovenia

Span USA Inc., Chicago IL, USA

Span IT Ltd, London UK

Span GmbH, München Germany

Span Azerbaijan LLC, Baku Azerbaijan

Span BV, Amsterdam Netherlands

Span-IT SRL, Chisinau Moldova

Span GT Tarkvara, Tallinn Estonia

Span LLC, Tbilisi Georgia

Span SWISS AG, Zurich Siwitzerland (in liquidation)

Span LLC, Kyiv Ukraine

1.2.3. Organizational structure of the Group2

International affiliated companies

2 As of December 31st, 2024, Span Group ("Group") consists of Span d.d. ("Company") and its affiliated companies

Span is a joint stock company whose shares are listed on the regulated Zagreb Stock Exchange market and which applies the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (HANFA), which is available online on the sites of the Zagreb Stock Exchange (www.zse.hr/en) and HANFA (www.hanfa.hr/en). A statement on the application of the Corporate Governance Code is a constituent part of the Annual Report of the Span Group. Span's internal rules and management procedures, based on the fundamental principles of corporate governance, particularly the principles of impartiality, transparency, equity, and accountability, ensure more efficient operations and timely and objective communication of all key business activities and results the Company achieved to the public. At the same time, they enable equal treatment of all shareholders, thus strengthening the trust of all stakeholders, including employees, partners, customers and other interested parties.

1.2.4. Corporate governance

1.2.4.1. Statement on the application of the Corporate Governance Code

Pursuant to Article 272.p, and in relation to Article 250.a of the Companies Act (Official Gazette no. 111/1993, 34/1999, 121/1999, 52/2000, 118/2003, 107/2007, 146/2008, 137/2009, 111/2012,125/2011, 68/2013, 110/2015, 40/2019, 34/2022, 114/2022, 18/2023, 130/2023, 136/2024, hereinafter: Companies Act), and Article 25 of the Act on Accounting (Official Gazette no. 85/2024, 145/2024), the Management Board of Span d.d., Zagreb, Koturaška cesta 47, OIB:19680551758 (hereinafter: Span or Company) issues the following

Statement on the application of the Corporate Governance Code

I Span's shares were listed on the regulated market of Zagreb Stock Exchange on 21 September 2021, and Span applies the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (HANFA), which is publicly available online on the sites of the Zagreb Stock Exchange (www.zse.hr/en) and HANFA (www.hanfa.hr/en).

II With this statement, Span confirms that it operates in accordance with good corporate governance practices and, for the most part, according to the recommendations of the Code, publishes all information whose publication is provided for by positive regulations. The reasoning behind deviations from certain recommendations and additional adjustments

shall be submitted in the Annual Compliance Questionnaire for share issuers and the Questionnaire on Management Practices for share issuers, which Span will submit to HANFA for 2024 no later than 30 April of the current calendar year, and publish on the websites of the Company and Zagreb Stock Exchange, in accordance with the Rulebook on information related to corporate governance, which issuers are obliged to submit to the Croatian Financial Services Supervisory Agency, and with the form, deadlines and method of their submission (Official Gazette 59/2020, 12/2023).

III Internal control and risk management system in relation to the financial reporting process is carried out by controlling and internal audit units, with the supervision of the Audit Committee. In accordance with the Audit Act (Official Gazette 127/17, 27/2024, 85/2024, 145/2024), along with the tasks laid down in the Regulation (EU) no. 537/2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC, and all the relevant regulations, the Audit Committee monitors the financial reporting process and submits recommendations or proposals to ensure its integrity, and monitors the effectiveness of internal control and risk management systems, including effectiveness of procedures for approval and announcement of transactions between members of the Management Board and the Supervisory Board and the Company, monitors internal audit, without breaching its independence.

Providing senior management and the Supervisory Board with guarantees and information that will help achieve the organization's goals, including evaluating the effectiveness of risk management actions are key objectives of internal audit. Controlling reports to the Management Board of the Company, and internal audit to the Supervisory Board's Audit Committee and the Management Board.

Internal audit report shall be drawn up at the end of each audit, and contains:

list of performed audits
assessment of the adequacy and effectiveness of internal control systems, as well as improvement recommendations
illegalities and irregularities, if observed during audit, and recommendations and proposals of measures for their elimination
action taken in relation to previously issued recommendations.

Reports shall be submitted to the Management Board and the Audit Committee. In 2024, Span continued to maintain and continuously improve seven existing ISO certified management systems. Particular attention was paid to information security, IT services and business continuity management. In course of the year, we associated risk management methodology with the requirements of ISO 22301 – Business continuity management system (BCMS). In August 2024, we were the first in Croatia and among the first in Europe to certify our artificial intelligence management system according to ISO 42001 standard. With these eight implemented systems, Span ensures high level of reliability of its business processes and adequate degree of trust of all stakeholders.

IV On 31 December 2024, ten most significant shareholders in Span are:

V Companies Act and Company Articles of Association define the manner of work of the General Assembly, its authorizations, rights of shareholders and manner of their realization, while invitation and decision proposals, as well as decisions made are publicly announced in accordance with the provisions of Companies Act, Capital Market Act and Rules of the Zagreb Stock Exchange. Each share carries one vote.

VI The Management Board consisted of 4 members until 16 December 2024, when it was appointed for a new five-year mandate with Nikola Dujmović as president, and Saša Kramar and Ana Vukšić as members. Members and the President of the Management Board are appointed for a maximum of 5 years. After expiry of the mandate, Members and the President of the Management Board can be reappointed, without restriction of the number of mandates. The Management Board manages Company business under its own responsibility, exhibiting all the due diligence of a conscientious businessman, in accordance with the Companies Act, Company Articles of Association and Rules of Procedure of the Management Board.

In 2024, the Supervisory Board consisted of 5 members. Powers of the Supervisory Board are defined by the provisions of the Companies Act, Company Articles of Association and Rules of Procedure of the Supervisory Board. Within the framework of their competence, the Supervisory Board makes decisions, evaluations, opinions, gives approval of decisions made by the Man-

agement Board which was provided for by Rules of Procedure, legislation or Articles of Association, gives orders to auditors and together with the Management Board determines decision proposals which are made by the General Assembly.

The Management and the Supervisory Board generally work on meetings, but also make decisions without holding a meeting, by correspondence, in accordance with the provisions of rules of procedure, legislation and Articles of Association.

According to the provisions of legislation, Corporate Governance Code and Rules of Procedure of the Supervisory Board, the Supervisory Board established two committees, the Audit Committee and the Nomination and Remuneration Committee. Description of tasks and competences of the Audit Committee and the Nomination and Remuneration Committee is available on Span's website (www.span.eu).

VII On 18 December 2023, the Management Board of Span adopted the Policy on Diversity and Inclusion (hereinafter: Policy), and signed the Diversity Charter of the Croatian Business Council for Sustainable Development. The policy is based on diversity, inclusion and emphasizing the importance of fairness in ensuring equality of opportunity, and it includes principles of individual uniqueness, practical adaptation, individual responsibility of each individual, a positive approach to diversity, openness and transparency, zero tolerance for discrimination,

No Name	Number of shares	Percentage (%)
1 DUJMOVIĆ NIKOLA (1/1)	603028	30.7667
2 RAIFFEISENBANK AUSTRIA D.D. / RAIFFEISEN VOLUNTARY PENSION FUND (1/1)	131111	6.6893
3 FIMA-VRIJEDNOSNICE D.O.O. / PONGRAC MARIJAN (1/1)	78266	3.9932
4 ERSTE & STEIERMARKISCHE BANK D.D. / PBZ CO OMF - CATEGORY A (1/1)	71128	3.6290
5 FIMA-VRIJEDNOSNICE D.O.O. / BANEK ZVONIMIR (1/1)	70739	3.6091
6 ERSTE & STEIERMARKISCHE BANK D.D. / PBZ CO OMF - CATEGORY B (1/1)	65200	3.3265
7 OTP BANKA D.D./ ERSTE PLAVI OMF CATEGORY A (1/1)	56056	2.8600
8 PRIVREDNA BANKA ZAGREB D.D. / RAIFFEISEN OMF CATEGORY A (1/1)	52097	2.6580
9 FIMA-VRIJEDNOSNICE D.O.O. / KOLAREK DARKO (1/1)	47725	2.4349
10 FIMA-VRIJEDNOSNICE D.O.O. / BOČKAL DAMIR	46516	2,3733

(1/1)

Span does not have securities holders with special control rights, nor securities holders with limitation of voting rights to a specific percentage or number of votes, time limitations related to exercise of voting rights or cases in which, in cooperation with the company, financial rights from securities are separated from holding of those securities. Span does not have specific rules when it comes to appointing and revocation of members of the Management Board, or Supervisory Board, changes to Company Articles of Association, nor specific rules when it comes to powers of the members of the Management or Supervisory Board. Provisions of the Companies Act and Company Articles of Association, which is available on Span's website (www.span.eu) are applied to all the relations mentioned above.

1.2.4.3.1. Management Board

The Management Board of the Company is responsible for the strategic management and long-term performance of the whole Span Group. It is obliged to act only on behalf of Span and its shareholders at all times, taking care of the interests of the employees and the wider community, with a view to increasing Span value. Members of the Management Board manage the affairs of the Company together, as well as independently as per individual areas of business as specified in more detail in the Rules of Procedure for the Management Board. Irrespective of the division of competences, all members of the Management Board are responsible for the overall management of the affairs of the Company. The Management Board manages its affairs in compliance with the applicable laws and by-laws, the Articles of the Association of the Company and the Rules of Procedure for the Management Board.

The Rules of Procedure for the Management Board (Rules of Procedure for the Manage ment Board) regulates tasks, responsibility, organization, way of operation and decision-making of the Company Management Board, as part of the corporate management process, especially:

a) Management Board tasks and responsibilities
b) organization and workflow and Management Board decision making
c) business areas which are independently managed by Management Board members d) powers and limitations with regards to the Company's management of business affairs
e) preparing and calling for a Management Board meeting
f) working on meetings and the way in which decisions are made
g) minutes and conclusions, acts and archives
h) rules for preventing conflict of interest i) cooperation and relationship towards Supervisory Board
j) other questions of note for Management Board work.

harassment or violence, equal opportunities and inclusive leadership, described in more detail in the Policy. The foundation of the Policy lies in the legal framework prescribed by the Anti-Discrimination Act, and by adopting this Policy, the Management Board has committed to implementing the above-mentioned principles to create a positive and inclusive organizational culture. In Span, the Policy on Diversity and Inclusion is implemented through systematic training, raising awareness and organizing events that foster an open dialogue and positive changes in business environment. In 2024, Span organized lectures for its employees on gender equality in business world and protection of children against violence, while HR and Sustainability Department took part in external educational programs on diversity and corporate social responsibility, and actively participated in panels by sharing their experiences and best practices when it comes to diversity and inclusion. Internal knowledge capacities were thus improved and increased, culture of inclusion was strengthened, and the foundation for future development of new programs and initiatives was built. The implementation of Policy and the results of the report period are published within Sustainability Report, which is an integral part of Annual Report for 2024.

3 The Questionnaire on Management Practices was also submitted to HANFA in the time period prescribed by relevant provisions of law

VIII Pursuant to Article 250.a (4), and Article 272.p (1) of the Companies Act, this Statement forms a specific section and is an integral part of Annual Report for 2024.

Span d.d.

1.2.4.2. Corporate Governance Code – Compliance Questionnaire for 2023

Applying the best practices of corporate governance, we ensure unbiased, transparent and responsible decision-making in our operations. In line with the requirements of the Corporate Governance Code, in 2024 we have published a Compliance Questionnaire for 20233.

1.2.4.3. Corporate Governance Structure

The three fundamental bodies of the corporate governance in Span are as follows:

Management Board
Supervisory Board
General Assembly

With 36 years of an extensive experience, Nikola is a co-founder and has been the company's Director since its foundation. An engineer by trade, he sees the possibilities for improvement and growth in everything he does, with an exceptionally rare talent to recognize or anticipate upcoming global tech trends. Nikola's business philosophy is simple – trust in what you do and follow the social responsibility concept, provide support and try to give the community more than you have received from it. From the start, Nikola saw the importance of investing in people and their skills. That is why today Span's employees have a chance to expand their knowledge by working with state-of-the-art tech, using that knowledge to efficiently solve their clients' business challenges. Nikola is also responsible for Span's expansion far beyond Croatian borders and he was the force behind Span's partnership with Microsoft, making us the company's leading partner in the region. Everything from design and development of strategically important projects, corporate security, quality and compliance with legal matters falls under Nikola's direct jurisdiction. Thanks to his efforts and vision, Span is today one of the leading Croatian IT companies and one of the top Croatian exporters of software and services. He graduated from the Faculty of Electrical Engineering and Computing, University of Zagreb in 2002.

Nikola Dujmović President of the Management Board

Division of work and competence of Company Management Board members is elaborated in more detail in the Appendix of the Rules of Procedure.

Up until 16 December 2024, the Management Board of Span consisted of four members:

1. Nikola Dujmović President
1. Marijan Pongrac Member
1. Dragan Marković Member
1. Saša Kramar Member

At their meeting held on 12 November 2024, the Supervisory Board adopted the Decision on the appointment of the Management Board of the Company for a new five-year mandate.

As of 16 December 2024, Management Board of the Company is composed of:

1. Nikola Dujmović President
1. Saša Kramar Member
1. Ana Vukšić Member

The number of the members of the Management Board is determined by a decision of the Supervisory Board. The Management Board is appointed for a term of office of not more than five years, with a possibility for reappointment, without restriction of the number of terms.

During 2024, 13 meetings of the Management Board took place, with the membership attendance of 98.08%. The Members of the Management Board Nikola Dujmović, Marijan Pongrac and Saša Kramar attended 13 meetings, and Dragan Marković attended 12 meetings.

The Management Board evaluated its effectiveness and the individual members' effectiveness, and communicated its conclusions to the Supervisory Board.

Management Board member	Start of the term	End of the term
Nikola Dujmović	16.12.2024	16.12.2029
Saša Kramar	16.12.2024	16.12.2029
Ana Vukšić	16.12.2024	16.12.2029

	Total number of members	Number of women	Proportion of women	Number of men	Proportion of men
Supervisory Board and Management Board	8	4	50%	4	50%
Supervisory Board	5	3	60%	2	40%
Management Board	3	1	33%	2	66%
Balanced representation achieved in the Supervisory Board, Article 272.p (2)(c)			Yes
Objectives regarding the participation of women and men in the Management Board achieved, Article 272.p (2)(e)			Yes

Information on the execution of the obligation concerning a balanced representation between women and men, pursuant to Article 272.p (2) of the Companies Act on 31 December 2024.

Ana is the newest member of the Span's Management Board, and she is in charge of finance, accounting, controlling, ESG, logistics and office administration. She has more than 18 years of experience in finance, and the thorough knowledge of accounting, controlling, treasury, risks and taxation is her greatest strength. She started her career in 2006 in Iskon Internet d.d., and after that she was the Head of Controlling and Reporting in Proficio d.d. She joined Span in 2020 as Finance Director. She contributed greatly to the development of new policies and procedures with her experience and knowledge, and she was also a key team member in the preparation of Span's listing on the Zagreb Stock Exchange. By managing the segments she is responsible for, Ana actively works on improving Span's business and maintaining and developing relationships with various financial institutions, creditors and investors.

Ana Vukšić Member of the Management Board & CFO

Saša Kramar Member of the Management Board & CBO

As the Member of the Management Board for Marketing, Sales and Business Development, Saša is responsible for Span's international business development, managing a full portfolio of marketing and sales activities. Together with his team, he is strengthening relationships with our current and future clients, suppliers and partners, and besides overseeing these activities in Croatia, he also supervises Slovenia, Ukraine, Moldavia and Azerbaijan, Estonia and Georgia, with a constant focus on expanding to new international markets. During his first year in Span, we have already seen him restructure our Sales and Marketing departments with great success. His immense experience in organizing these corporate branches as well as managing business development and strategic growth help transform Span into a truly international

company. During his 35-year-long productive career, Saša has worked on managing positions in technology and telecommunication companies. He started his career at the Apple Center NOVEL in 1990 and moved to Iskon Internet in 2016. In the same year, he became the member of the Management of Hrvatski Telekom and performed that function until January 2020, at the same time performing the function of the President of the Supervisory Board of Combis since 2016, and the Member of the Supervisory Board of Crnogorski Telekom since 2017. He studied at the Faculty of Electrical Engineering and Computing, University of Zagreb, only to continue to improve his knowledge in Croatia and abroad.

The Supervisory Board of Span consisted of five members in 2024:

1. Ante Mandić, President of the Supervisory Board
1. Aron Paulić, Vice President of the Supervisory Board
1. Ivana Šoljan, Member of the Supervisory Board
1. Mirjana Marinković, Member of the Supervisory Board
1. Barbara Gradečak, Member employees' representative in the Supervisory Board.

Term of office of the Members of the Supervisory Board (under 1 to 4) lasted until 30 September 2024. At the General Assembly that took place on 18 June 2024, the following were re-elected as the Members of the Supervisory Board of Span d.d. for a new four-year mandate, until 30 September 2029:

1. Ante Mandić
1. Aron Paulić
1. Ivana Šoljan
1. Mirjana Marinković.

At the constituent session of the Supervisory Board held on 1 October 2024, Mr. Ante Mandić was appointed as the President of the Supervisory Board, and Mr. Aron Paulić was elected Vice President of the Supervisory Board. Mrs. Barbara Gradečak's term of office as employees' representative lasts for four years, from 29 December 2023, when she was elected, to 29 December 2027.

Ante Mandić President of the Supervisory Board

Ante is the President of the Supervisory Board. He graduated from the Technical Military Academy in Zagreb in 1978, acquiring the title Bachelor of Science in Nuclear Physics, i.e. an expert for nuclear weapons. He obtained a Master's Degree in 1985 in the area of computer simulation. He continued his career in the army, and after initial activities directed to performing commanding duties, he returned to the Technical Military Academy as a lecturer, and then worked as a scientific researcher and military advisor abroad. He left the army in 1991 and then founded a company, IN2 for the development and implementation of software and provision of related services. By 2018, IN2 developed into a Group of 12 regional companies with more than 630 employees, and in the same year, it was sold to the Canadian group, Constellation

Software. Today, Ante is the majority owner of Insig2 and NavBiz, investor and co-owner in a large number of Croatian companies, and occasionally volunteers as a mentor for small and medium-sized enterprises within Sentor, an association he founded. He is an active participant of the Croatian IT community, and through his career, he has performed the functions of the president of associations within the Croatian Employers' Association and the Croatian Chamber of Economy. The President of the Republic of Croatia decorated him with the Order of Danica Hrvatska in 2014 for his contribution to the development of the Croatian economy. He was also declared the Manager of the Year in 1999 and 2021, and the Entrepreneur of the Year in 2014 and 2018.

Aron Paulić Vice President of the Supervisory Board

Aron is the Vice President of the Supervisory Board and President of the Nomination and Remuneration Committee. He is responsible for the recruitment of candidates and the supervision of the process of nomination for the Supervisory Board and the Management Board so as to ensure transparency and decency. Moreover, he considers proposals for the remuneration of the members of the Management Board and supervises the amounts and the structure of remuneration of the senior management and employees as a whole. He started his career as a developer and has worked on system development and the sale of advanced solutions. He has spent the biggest part of his career in managerial positions in the media industry. He has been an active creator of the Croatian information industry for 30 years, a publisher of IT magazines, books and digital publications, an author of numerous articles and interviews, and an organizer of fairs, conferences and seminars. He has collaborated with more than 800 associates in his career, many of whom form the backbone of the local IT industry today. He started his career in 1991 at AC NOVEL, where he worked on software development and sale positions. In 1993 he co-founded the media company BUG and has been its director since then. He graduated from the then Faculty of Electrical Engineering of the University of Zagreb in 1991, now the Faculty of Electrical Engineering and Computing.

Ivana Šoljan graduated with a degree in theater directing and radio broadcasting and business communication, and she also has a Master's degree in communication. She is one of the first female entrepreneurs in Croatia with experience in launching, funding and selling projects in the media, tourism and telecommunication industry. She also boasts great experience in management since she has held executive positions in a couple of managerial teams (IN2, Jupiter Adria, Hrvatski Telekom, Iskon, Europapress Holding, Z3 tv, etc.), as the Executive Director and Member of the Management Board, where she was mostly responsible for sales, marketing and business development. She also has great general management experience. Together with Ivica Mudrinić, she is the co-founder of Foundation Luka (Zaklada Luka), a charity that

finances university tuition fees for talented female students lacking financial resources. Ivana is the Director and a Member of the Management Board in Backstage consulting d.o.o., Include d.o.o., and Nest 01 d.o.o., and the founder and Director of the Hub385 coworking area.

Ivana Šoljan Member of the Supervisory Board

Mirjana is the Director of Sapientia Nova d.o.o. Zagreb, and of a series of project companies where she develops entrepreneurial ideas. She graduated from the Faculty of Economics, the University of Zagreb, in 1998. She went on to acquire formal education at the postgraduate studies in Accounting, Finance and Auditing major. In 2008, Mirjana was awarded the annual award Prof. dr. sc Ferdo Spajić by the professional organization Croatian Association of Accountants and Financial Professionals (Hrvatska zajednica računovođa i financijskih djelatnika - HZRIFD) She is certified as a professional TQ trainer. Her 25-year professional career has been connected to investment funds and the companies Expandia Invest and CAIB Invest since its very beginning, along with the leasing industry in Croatia, for which she organizes and manages the regional education program called Leasing Academy. She took part in important restructuring projects in Croatia, including the position of the Finance Director/Procurator at Hypo Alpe Adria Bank in the period from 2011 to 2012, and the Group Consolidation Manager in the project for Agrokor Group restructuring. She is specialized primarily for launching businesses, risk management, consolidation, IFRS/IAS standards and entrepreneurial activity. Mirjana has been a member of the Supervisory Board of Span d.d. since 14 June 2023.

Mirjana Marinković Member of the Supervisory Board

Barbara acquired the Senior Economist for Internal and Foreign Trade title at the Faculty of Economics in Zagreb in 2006. She started her career in Amadeus M.A.J., and she has worked in Span since 2010. She is assigned with payroll, incoming invoice booking, calculation of VAT and preparation of final accounts for other members of Span Group. She was actively involved in key activities of Span's operation, such as going public on the Zagreb Stock Exchange and implementation of the ESOP (Employee Stock Ownership Plan), which confirmed her expertise and professionalism. At the end of 2023, she was elected the representative of employees in the Supervisory Board of Span, which is also a recognition of her dedication to the improvement of the Company's operation.

Barbara Gradečak Member of the Supervisory Board

Independent members account for 80% of the members of the Supervisory Board.

The Supervisory Board held 5 (five) meetings where it adopted the Annual work plan for 2024, Business plan/budget for 2024, and it assessed the work of the Management and the Supervisory Board for 2023. The Supervisory Board adopted the Annual plan for internal audit and Plan of the selected auditor of Span Group for 2024, reviewed and determined the Annual Financial Statements compiled by the Management Board, and the decision on the distribution of profits, auditor's report composed by the audit company Deloitte d.o.o. and Remuneration reports of the Management Board and the Supervisory Board. Based on the recommendation of the Audit Committee, the Supervisory Board proposed to the Assembly to appoint Deloitte d.o.o. as the auditor of Span Group for 2024, as well as to appoint members of the Supervisory Board for a new four-year mandate. The Supervisory Board adopted the Decision on the election of the President and the Members of the Management Board for a new five-year mandate. The cooperation between the Supervisory Board and the Management Board was assessed positively.
At the meetings, the attendance of members was recorded at 96%. All the members of the Supervisory Board were present at all meetings, except for Ivana Šoljan, who attended 4 out of 5 meetings.
The Supervisory Board decided by correspondence five times in 2024, when it decided on the approval of contracts with associated entities, gave prior consent for the Share Buy-Back Program, and approved the Questionnaire on Management Practices and Compliance Ques tionnaire for issuers.
The Supervisory Board carried out self-evaluation of the profiles and competences of the members of the Supervisory Board and members of its committees where all the circumstances referred to in Article 41 of the Code were evaluated. The self-evaluation was conducted by the Vice President of the Supervisory Board without engaging an external auditor. The Supervisory Board determined that its composition and

profile, as well as the composition and profile of its committees, correspond to the needs and activities of the Company. There were no recommendations since it has been established that all the members of the Supervisory Board and its committees possess knowledge, abilities and professional experience required for decision-making in all the issues that were on the agenda at the meetings of the Supervisory Board and its committees, all the members of the Supervisory Board (except for the employees' representative) are independent, and the level of women's representation being at 60% was evaluated as above average. Administrative support when preparing meetings of the Supervisory Board is provided by the Secretary of the Company in an effective and timely manner.

The Supervisory Board of the Company was informed by the Management Board in a proper, timely and transparent manner about all crucial issues concerning the operation of the Company and companies dependent on it, which are important for the existence of the Company.
No other payments, apart from the fee for their work in the Supervisory Board, were made to the members of the Supervisory Board in 2024.

The Supervisory Board of Span founded the Audit Committee and the Nomination and Remuneration Committee.

1.2.4.3.2.1. Audit Committee

The Audit Committee performed tasks in line with the Audit Act, the Regulation (EU) 537/2014, other positive regulations and the Rules of Procedure of the Audit Committee.

The Rules of Procedure of the Audit Committee of Span are available at the Company websites: Rules of Procedure of the Audit Committee.

In 2024, the Audit Committee acted in the following composition:

Ante Mandić President
Nataša Zelenika Member
Tomislav Skorin Member

Nataša Zelenika

Nataša graduated from the Faculty of Economics and Business in Zagreb. She started her career in 1999 as an auditor at EY Croatia, the position she left in 2008. Then, she occupied the position of the Finance and Accounting Manager at PBZ Croatia d.d., where she was in charge of the finance and accounting of the company and the fund. In 2010, she continued her path in the finance of Agrokor d.d. where she mostly worked on coordination and resolution of taxation issues on the level of the holding company, while cooperating closely with external consultants. Since 2017, she has been the owner and Director of a consultancy company, which provides consulting services in the area of finance and accounting, as well as functions of external accounting to various customers. She has been a member of the Audit Committee of Span since its establishment.

Tomislav Skorin

Tomislav graduated from the Faculty of Economics and Business in Zagreb in 2001. He started his career the same year as an auditor for Deloitte & Touche in Zagreb, and later he worked as an Audit Supervisor for Confida revizija, a company in Zagreb. Tomislav continued his career as a Senior Controller at Iskon Internet only to become the CFO and the member of the Management of Tvornica plinskih turbina d.o.o. in Karlovac, and finally the member of the Management of the Croatian Mint until November of 2023. Tomislav is an experienced CFO with a proven track record in the industry of production and audit and consultancy services. He is exceptionally committed to long-term prosperity and professional goals of the company, he believes in open communication and consistently achieves and overcomes the agreed goals, frequently in very demanding circumstances.

During 2024, the Audit Committee held 3 (three) meetings where the recorded attendance of its members was 100%. During the meetings, the Committee considered and adopted the Internal audit report for 2023 and the Annual work plan for 2024. The Audit Committee considered and gave recommendations to the Supervisory Board to adopt the annual financial statements and consolidated annual financial statements of Span Group, along with a report on the status of the Company and affiliates, with the reports of the authorized auditor, Deloitte d.o.o. for 2023. The Audit Committee gave recommendation to the Supervisory Board to adopt a submitted proposed Decision on appointing the auditor for 2024, appointing Deloitte d.o.o. as the auditor of the Group, and refer it to the General Assembly for decision-making, where the proposal was adopted. The Committee adopted the Annual plan for audit for 2024, as well.

The Audit Committee evaluated the effectiveness of risk management and the internal control system, the status of the personal data protection system, procedures for approval and announcement of transactions between members of the Management Board or the Supervisory Board and the Company (or persons related to any party) and effectiveness of the procedure for reporting irregularities and its application.

The Audit Committee regularly presented its conclusions and recommendations to the Supervisory Board.

1.2.4.3.2.2. Nomination and Remuneration Committee

The Nomination and Remuneration Committee performed tasks specified in the Decision of the Supervisory Board on establishment of the Nomination and Remuneration Committee and provisions of the Rules of Procedure of the Committee, which are available at the websites of the Company: Rules of Proce dure of the Nomination and Remuneration Committee.

Croatian Banking Association and for other business entities, and gave lectures within ESG workshops of Privredna banka Zagreb. She published numerous papers and books. She has been a member of the Span's Nomination and Remuneration Committee since its establishment.

Lucia Ana Tomić

Lucia boasts more than twenty years of experience working in the area of legal affairs and human resources. Working in a law office (banking and insurance sector), she specialized in the area of financial crime, prevention of money laundering and fraud and data protection. She is a Director for Compliance, Regulatory Affairs and Procurement at Wiener Insurance, Vienna Insurance Group d.d. She has been appointed a member of the Nomination and Remuneration Committee in Span. Lucia has acquired degrees at the Faculty of Law in Zagreb and the Faculty of Economics, where she continued her education and acquired an MBA degree in the area of management and international mergers and acquisitions. In 2023, she took part in various conferences as a speaker (Leader events, Money Motion, European Company Law Association…) and gave lectures in universities in the region as a visiting lecturer. She is a full-time lecturer on Social Criteria and Governance at the ESG Academy. She is the author of a series of scientific articles in the HR area concerning remuneration and assessment of eligibility of members of management boards. Her latest paper was published in 2023 under the title "Directors, information, remuneration and risk management // European company case law", 2 (2023), 2; 149-161. doi: DOI: 10.5771/2752- 177X-2023-2-149 (Horak, Hana; Tomić, Lucia). She is the Vice President of the ICC Commission on Corporate Social Responsibility and a licensed coach at the European Mentoring and Coach Council.

The Nomination and Remuneration Committee determined the proposed goals of the Company for 2024, and key performance indicators (KPI) in order to determine the annual bonus for the Management Board, which was referred to the Supervisory Board and adopted, and also determined fulfilment of goals in order to determine the amount of the annual bonus for the Management Board for the previous year. It supervised the amount and structure of remuneration for the senior management and employees as a whole and gave a positive assessment and recommendations to the Management Board concerning the latter's policies. It also assessed the composition, size, membership and quality of work of the Supervisory Board. It determined the proposal of the Remuneration Report of the Management Board and Supervisory Board for 2023. At an

emergency meeting, the Committee gave its positive opinion for the proposal of members of the Management Board of the Company for a new five-year mandate, and recommended to the Supervisory Board to adopt the submitted proposal. The percentage of female members in the proposed and adopted composition of the Management Board was 33%, in line with the provisions of the Directive improving gender balance among directors of listed companies. The Nomination and Remuneration Committee notified the Supervisory Board on a regular basis on recommendations adopted at its meetings and submitted annual reports on their work to the Supervisory Board.

Internal audit

Internal audit that was nominated in Span within good corporate governance practice is performed in line with the internationally recognized audit standards concerning internal audit, the code of professional ethics of internal auditors and rules of action of the internal audit. The internal audit affairs are performed in line with the annual plan.

In 2024, the Committee worked with the following composition:

Aron Paulić President
Hana Horak Member
Lucia Ana Tomić Member.

The Committee held 4 (four) meetings, which were attended by all the members.

Hana Horak

Prof. Hana Horak, PhD is a tenured Professor at the Faculty of Economics and Business, University of Zagreb, Department of Business Law, Jean Monnet Chair. She teaches Commercial Law, European Company Law, EU Internal Market Law, and International Commerce Law. She is also the Head of the university specialist program "Legal and Economic Framework of Business in the European Union". Since 2011, she has been the Chair of the Program Committee of the International Conference on European Company Law and Corporate Governance. She is the Editor-in-Chief of the scientific magazine INTEREULAWEAST – Journal for International and European Law, Economics and Market Integrations. She has been a member of the European Law institute (ELI) for years, and actively participates in ELI SIG Business and Financial Law as a member of the project team on the project: "Corporate Sustainability, Finances, Accounting and Capital." Since 2020, she has been a member of the Advisory Board in the Croatian center of the European Law Institute (ELI Croatian Hub). In 2022, she was elected a member of the Supervisory Board of the Croatian Academy of Legal Sciences. She is the President of ICC Croatia Commission on Corporate Responsibility and Anti-corruption. Within an education by the ESG Academy of the Croatian Chamber of Commerce, she gave a series of lectures on the legal framework of corporate governance in the area of sustainability and implementation of ESG factors. Moreover, she provided education for the The Annual Plan for internal audit is produced by the Company, and it must encompass:

• Areas of operation that are a priority given the risk assessment.

List of planned audits.
Order of internal audits.

The Annual Audit Plan is proposed by the person responsible for managing internal audit, and is adopted by the Audit Committee.

Within the Annual Plan for internal audit for 2024, the following areas of work and scope of implementation, as well as documents analyzed and reviewed within the audit, were identified and audited: human resources, accounting and finance area, application control, audit of the information system in the area of information system security and risk management, and business continuity management.

Company's share capital. In accordance with the published agenda, the Assembly made the following decisions:

Decision on the utilization of profits, by which the payment of dividend in the amount of EUR 0.30 (thirty dents) per share to the shareholders of the Company was determined, proportionally to the number of shares they hold.
Discharge was given to Members of the Management Board and the Supervisory Board of the Company.
Revised Remuneration Report of the Management Board and the Supervisory Board during the business year 2023 was approved.
Decision on the election of the Members of

-

the Supervisory Board was adopted, and the following were re-elected as the Members of the Supervisory Board of Span d.d. for a new four-year mandate, until 30 September 2029: - Ante Mandić

Aron Paulić
Ivana Šoljan
Mirjana Marinković

• Deloitte Limited Liability Company for audit services was appointed as the auditor of the operation of the Company and Span Group in the business year 2024.

All Decisions from the General Assembly meet ings, as well as records thereof have been published in line with the legal regulations and are available at the websites of the Company.

1.2.4.3.3. General Assembly

The General Assembly decides on issues specified by the Company Act and the Articles of the Association of the Company. The Articles of the Association of the Company, available at the websites at the following link: the Articles of the Association of the Company, prescribe the manner of work of the General Assembly, its authorizations, rights of shareholders and manner of their realization. The General Assembly can adopt valid decisions if it is attended by shareholders, in person or through an attorney-in-fact, whose shares make more than a half of the share capital of the Company. The right to participate in the General Assembly is ensured to shareholders

who have the share of the Company registered at their securities account in the computer system of the Central Depository and Clearing Company, and have reported their participation at the General Assembly in advance. An invitation to the General Assembly regulates the conditions for applying for participation at the General Assembly in more detail.

The regular General Assembly of the Company was held on 18 June 2024. The Assembly was chaired by Gorana Grubišić, Attorney at Law. The Assembly was attended by the shareholders and their representatives who held a total of 1,278,391 votes, which makes 65,57% of the total number of Company shares with voting rights, or 65,22% of the share in the

1.3. Overview of operation

1.3.1. Description of the operation and main activities

Our business model is directed to providing a full service, with a possibility to adjust solutions to the business needs of an individual client.

Our business activities are divided into four business segments:

1. Software Asset Management and Licensing4

The first step in the business relationship with a customer is licensing. This business segment includes the sales of program licenses and assistance to customers concerning the selection of the most appropriate program licenses for their operation and taking care of the timely renewal of the licenses purchased. During this phase, the overall business operation of a customer is analyzed with the purpose of identifying the actual needs for adequate software and optimizing its operation. In this way, we strive to achieve savings for the customer and reduce IT risks they are exposed to as early as with the very contracting of the procurement of software, and we become the customer's long-term consultant when the management of their software assets is involved.

We have been the licenses supplier for some of the biggest software solutions manufac-

turers in the world for more than 30 years. Our software asset management service unites expertise and the most sophisticated technology so that we can simplify licensing, ensure compliance, automate governance and optimize software use expenses for our customers. To provide software asset management services, we use modern technological tools and standards.

When it comes to sales of licenses, the most important supplier of the Group is Microsoft, and we have been a part of their partner network since the establishment. As a Microsoft Solutions Partner, we are the hub of expertise for Azure and M365 platforms, Cloud security solutions, business solutions, AI, and the solutions to increase productivity.

4https://www.span.eu/en/solutions-services/software-asset-management-sam-licensing/

We are their leading partner with a permit to provide licensing services (LSP) and Cloud services (CSP) in the EU/EFTA region, Ukraine, Azerbaijan and the CIS region. With our Microsoft Solutions Provider status in 6 areas, we continuously prove our success in innovation and implementation of Microsoft solutions.

Through more than 30 years of business, we have built strategic partnership for the delivery of transformative IT solutions. Also, our wide portfolio of partners is a result of the cooperation with leading software manufacturers to guarantee successful meeting of all user requirements.

Microsoft Dynamics

Microsoft Power Platform

Microsoft Azure services

Services, Cloud & Cyber Security

Infrastructure Microsoft 365 Software and Business Solution Development

Management and Licensing

Technical Support

2. Infrastructure Services, Cloud & Cyber Security5

Infrastructure Services, Cloud & Cyber Security segment includes the design and development of information systems according to the business needs of a customer, as well as Cloud and cyber security services. To that end, we use advanced and innovative solutions and software tools of global leaders in the IT sector. Projects of development of information systems can be of different duration, from one-year to multi-year projects, and we design and develop them according to specific business needs and standards of the customer (tailor-made solutions).

The idea is to develop an IT system adjusted to the customer, which will support their current operation and business growth to the optimum, so this process includes a detailed analysis of the existing business processes of the customer. When Cloud services are

5https://www.span.eu/en/solutions-services/cloud-services/

involved, we have ensured complete solutions to our customers, from the service for the assessment of the preparedness of the customer, preparation and enabling the transition of the customer to the Cloud platform, to the management of Cloud itself. By multicloud environment services (use of more than one Cloud platform of different suppliers in the same environment), we ensure the supervision of the Cloud environment, optimization of expenses and safety of the IT system.

We are a certified provider of Cloud consulting services and implementation for Microsoft Azure, Amazon Web Services and Google Cloud Services, and these companies are our most significant suppliers in the segment of the infrastructure services and Cloud.

This segment of the operation also includes taking care of the security of the IT systems6 which we strive to make resilient to cyber threats or attacks. In the world of continuous threat evolution, increasing mobility and digitalization, you need around-the-clock vigilance, alertness and agility. Our Security Operations Center (SOC) is a full-service solution that protects your company from a wide range of cyber threats, 24 hours a day, 365 days a year. Our security analysts use advanced technologies, their extensive experience, and insight into the most recent threat intelligence knowledge to rapidly and effectively identify and prioritize all key events.

Our professional certifications also prove our competences in this segment:

Our goal is to convey knowledge and empower the business community to respond as efficiently as possible to the ever-present and increasingly sophisticated cyber threats, which are one of the greatest risks for the operation. We strive to achieve this through Cyber Security Incubator, which offers education, training and consultancy services intended for employees in the public and private sector, and the program is tailored to specific needs of the participants or a company, and includes active participation in real-life situations where professional hackers simulate real attacks on their business systems.

6https://www.span.eu/en/solutions-services/security-services/

200 days pass on average before a security breach is discovered

66%

of organizations leave the door open to attackers through misconfigured cloud services 72%

of the companies have quality cyber security experts attraction problems

3. Service Center Management and Technical Support7

This segment of the operation involves services of complete supervision and management of the IT environment which we provide to customers depending on the contracted level of service. We ensure the complete availability of service, 24 hours a day, 7 days a week, and 365 days a year, independent on whether the systems were designed, developed and put into operation by us or the respective supplier.

Even though contracting these services usually follows after we implement or integrate certain technological solutions for the customer in their own IT environment, we also provide them independently of the previous integration of technology in the customer's environment, especially in cases when a customer has a need for specific know-how,

7https://www.span.eu/en/solutions-services/24x7-support-services/ 8 Information Technology Infrastructure Library

better availability of professional IT support or additional resources capable to perform high-risk large-scale operating actions.

Our service is based on the best practice in the IT management (ITIL8). Certification and standardization of business raise the Company's reputation as a reliable and organized partner, and guarantee safe information and confidential information handling, together with clearly defined responsibilities and authorizations within organization. Implementation of ISO standards in business is an important factor for increasing competitiveness in the international market, and Span applies as many as eight of them.

4. Software and Business Solution Development9

This business segment includes the development of our own IT solutions, or software platforms, software solutions, software products, and Microsoft business solutions.

The development of software platforms

implies the development of digital platforms of high performance, ready for global scaling that we base on the solutions of Cloud operation and micro service architecture.

The development of software solutions concerns the development of specific software solutions according to the customer's requirements in the area of different technologies.

The development of software products implies the development of authoring software solutions.

9https://www.span.eu/en/solutions-services/business-solutions-development/

Microsoft business solutions

We are reliable experts for Microsoft technologies with more than 30 years of experience in the design, development and management of information systems based on Microsoft technologies, and a wide range of competencies of our expert employees, based on decades of practical experience, ensure seamless, rapid integration of Microsoft business solutions to our customers.

1.3.2. Main markets

We divide the main markets in:

Key International Clients
Domestic markets (include markets in the Republic of Croatia and the Republic of Slovenia)
Fast-growing markets (include markets in countries of East Europe and Central Asia).

1.3.3. Industry trends

In 2024, we witnessed first-hand and on more than one occasion how cyber security and resilience are interrelated and important for business. There are no time or geographical limits when it comes to technology, that's what we learned after the CrowdStrike incident. All business disruptions have certain financial consequences, so strengthening IT systems and making the business more resilient will be an important issue in 2025.

When it comes to IT systems resilience, we have to mention cyber security that used to be a purely technical topic, but developed into a strategic one with the increasing digitization of business. According to Eurobarometer's survey, as many as 71%10 of organizations identify cyber security as strategically important, but it is concerning that as many as 74%11 of organizations that took part in the survey did not provide education related to the topic, nor did they carry out training sessions to raise awareness.

10https://europa.eu/eurobarometer/surveys/detail/3176 11https://europa.eu/eurobarometer/surveys/detail/3176 Also, lack of cyber security experts has been talked about for years, while at the same time geopolitical instability causes an increasing number of cyber threats, which consequently affects the global security. Cyber espionage, intellectual property theft and targeted attacks on critical infrastructure are increasing according to the global report of the World Economic Forum, and one of the three executive directors thinks these threats represent a major concern12.

Artificial intelligence is no longer a topic of the future. Many believe a symbiotic relationship between humans and machines will be fostered in business. We're not talking about symbiotic relationships we see in movies, yet about alignment of AI tools with our day-to-day needs and tasks so they can help us solve these tasks and improve our skills as well. At the same time, cyber criminals use that same technology to fabricate a large number of attacks and improve their chances of making profit. This is also supported by the prediction that 93% of organizations will be exposed to daily AI-assisted attacks already in 202613.

Artificial intelligence plays an important role in collecting, analysing and summarising big data, and data is extremely valuable for business. That's why knowing where and how to store the data is also highly important, not just collecting and analysing it. Cloud will play a significant role in this process. It is expected that by 2030 an increasing number of organizations will use multi cloud, as in hybrid cloud environments they can

12 https://reports.weforum.org/docs/WEF\_Global\_Cybersecurity\_Outlook\_2025.pdf 13 https://netacea.com/datasheets/flexible-api-integration/

use private and public clouds, and thereby improve their security and operational efficiency. By doing so, organizations will be able to integrate different cloud services providers and use the best of each. An increasing integration of artificial intelligence is expected as well, which will help in process automation and ensure system self-preservation14. Unsurprisingly, investments of organizations in cloud will amount to USD 2 trillion by 203015.

It is expected that artificial intelligence will contribute to investments in cloud with as many as 35% in the next two years16. Reason behind this is the implementation of AI-based solutions that are launched and used through cloud infrastructure to a large extent. That's precisely why the benefits of AI in organizations become easily accessible to employees without high implementation costs. This synergy of cloud and artificial intelligence fosters the implementation of AI in various industries regardless of their size. Since by the implementation of AI in organizations employees are able to use organizational data to complete tasks in day-to-day business, taking care of internal classification and data access management has never been more important. Simply integrate and launch an AI solution is not an option, as it is crucial to prepare the base first – i.e. the data available through AI tools.

Cloud security teams already play an important role in this regard, since they manage identities in IT environment and introduce advanced authentication systems based on Zero Trust model. Aside from the importance of employee identity lifecycle management due to the introduction of AI solutions, organizations must protect the identity of their

employees as well, as their identities are usually on the front line when it comes to cyber threats. Through identity and network access solutions (Microsoft Entra), in 2024 Microsoft recorded more than 600 million attacks on employee identity in their users' organizations on daily basis.

Employees will turn their organizations into AI organizations. With the arrival of AI, it has been said it will replace many jobs, but a research conducted by McKinsey showed employees are more ready to accept AI in their workplace than the leaders within their organizations think. The research showed employees are aware of the possibility of AI replacing part of their jobs, and 71% of them believe their employers will use AI in a safe and ethical manner17.

Regulation adopted by the European Union (AI Act) contributes to a safe and ethical use of the artificial intelligence. Regulation entered into force on 1 August 2024, while the majority of new obligations laid down in the Regulation will start applying on 2 August 2026. Keeping in mind how fast the technologies are changing, improving and being implemented, what lies ahead of us in the years to come remains to be seen.

14https://www.clouddefense.ai/future-of-cloud-computing/

15https://www.goldmansachs.com/insights/articles/cloud-revenues-poised-to-reach-2-trillion-by-2030-amid-ai-rollout

16https://research.g2.com/insights/cloud-trends-2025

17 https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/superagency-in-the-workplace-empowering-people-to-unlock-ais-full potential-at-work

1.3.4. The levels of cyber security measures in the Cyber Security Regulation of the Government of the Republic of Croatia

The Regulation of the Government of the Republic of Croatia concerning Cyber Security (Official Gazette 135/2024, hereinafter: Regulation) defines in detail the thirteen cyber security risk-management measures. Final text of the Regulation was published in the Official Gazette on 22 November 2024.

The Regulation is an expected continuation of the Cyber Security Act (Official Gazette 14/24, hereinafter: CSA) which transposed the NIS2 Directive ("The Network and Information Systems Directive") into national law. With regard to the CSA, the Regulation specifies and clarifies many provisions, including the cyber security measures. It complements the CSA in a linear way and consistently follows its structure. The cyber security risk-management measures can be categorized into technical, personnel-related, procedural, and administrative. As part of the categorization process for entities, which can be defined as key or important, the competent authority will assess each entity's level of cyber security risks (low, medium, or high) and will accordingly determine the level of cyber security that must be met (basic, intermediate, advanced).

This will also define which subsets of measures shall be mandatory for the entity, mandatory under certain conditions, and which shall be voluntary in terms of implementation. This should be clearly stated for each entity in the decision on categorization which is to be sent by the competent authority. Understanding this subject matter is crucial for initiating the process of achieving compliance with the CSA.

1.3.5. DORA – not only financial entities are in focus

In addition to the Directive on measures for a high common level of cybersecurity across the European Union – NIS2, the Regulation on digital operational resilience for the financial sector (DORA) also presents an important part of the EU cybersecurity regulatory framework.

DORA is a sector-specific regulation that applies to financial sector entities such as banks, stock exchanges, crypto exchanges, central depositories, payment and electronic money institutions, etc. It aims to strengthen the financial sector in facing challenges and risks that come with digital business. In other words, its goal is to strengthen the digital operational resilience of the financial sector.

DORA therefore sets unique requirements for the security of network and information systems that support the business processes of financial entities. The official text of the Regulation was published at the end of 2022, and in January 2023 DORA entered into force.

Despite the fact that DORA should impose obligations on financial entities only, it sets a precedent – it directly imposes obligations on entities outside the financial sector. Particularly, DORA is directly applicable to ICT service providers who provide their services to financial entities. From application development, implementation and maintenance of various systems, all the way to SOC and similar services.

Guided by this fact, the legislator stipulated a whole series of obligations for the control and supervision of ICT service providers to financial entities, and direct supervisory powers of financial regulators over ICT service providers to financial entities are defined. As for financial entities themselves, they must establish a comprehensive digital operational resilience testing program and ensure that appropriate tests of all ICT systems and applications supporting key or important functions are conducted at least once a year.

Digital operational resilience testing includes: vulnerability assessment and scanning, analysis of publicly available sources, assessment of network security, gap analysis, review of physical security, software solutions for scanning, source code review (if feasible), scenario-based testing, compatibility and performance testing, and integral testing (end-to-end testing) and penetration testing.

If the competent authorities consider it necessary, the financial entity must also conduct advanced testing in the form of threat-led penetration testing, or in other words, Read Team testing. As reference sources for this type of penetration testing, DORA lists the so-called TIBER-EU as a framework for ethical hacking and the G7 document called Fundamental Elements for Threat-Led Penetration Testing.

In the area of Governance and organization (Article 5), DORA requires actively keeping up to date with knowledge and skills of the mem-

bers of the management body of the financial entity sufficient for them to understand and assess ICT risk and its impact. Moreover, in the Learning and evolving area (Article 13), financial entities are required to implement ICT security awareness programmes for all employees and senior management.

The EU is currently in the phase of defining regulatory technical standards that will further specify the mandatory measures from DORA, it is therefore necessary to start actively thinking and planning the implementation of the measures requested by DORA. This particularly applies to ICT service providers whose users fall within the financial sector since the ICT service providers themselves will be under the supervision of regulators from the financial industry.

1.3.6. AI Act of the European Union

A substantial amount of information in the public space indicates that the new Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act or "AI Act") will have a significant impact on every business with "AI" sign added to its solutions or any business using such solution. However, by carefully reading the mentioned Regulation it can be concluded that this is not quite the case and it is entirely reasonable to assume that most of the new compliance obligations will only apply to a few larger IT companies that offer complex (and thus often expensive) AI solutions in the EU. In addition, even though the Regulation entered into force on 1 August 2024, most of the new obligations will apply only from 2 August 2026. The AI Act will not apply to all AI solutions, but only to those that meet the criteria of the definitions and catego-

ries provided. Competent EU authorities and organizations for standardization will draft numerous implementing acts and guidelines precisely in relation to AI solutions in the field of application. By doing so, they will facilitate the understanding of certain obligations and significantly contribute to legal certainty. Until the competent authorities and organizations publish the aforementioned implementing acts and guidelines, businesses that want to work on the quality of AI solution management can do something in the meantime. Whether from the perspective of manufacturers or users, and regardless of whether the AI Act will apply to them or not, businesses have internationally recognized standards for the management of AI solutions and related risks at their disposal. These standards are ISO/IEC 42001 (AI management system) and ISO/IEC 23894 (AI – Guidance on risk management).

1.3.7. The Group Business Strategy for 2025

The Group's business strategy is growth based on new technologies, solutions and markets. As a provider of professional IT services, Span designs, implements and maintains high-availability systems with the aim of increasing the security, productivity and success of our users. We base business systems and solutions on the platforms of the world's leading cloud technology providers - Microsoft, Amazon and Google. We ensure scalability, reliability and cyber security of the solutions we provide to our users. We also implement artificial intelligence systems with the aim of increasing the productivity of our users.

In order to adequately care for the IT environment of our users, our strategy is also a strategy of learning, in-depth knowledge of technologies and application of best prac-

tices with the aim of improving business. In this context, we are also seeing a shift in the partner channel on the market, i.e. the way in which our major principals (Microsoft, Google) evaluate success. Transactional sales success is no longer key. Expertise, experience and technological focus of partners are required - all three parameters that Span has and has been building for years.

On our development path, we pay great attention to sustainable business. To better understand the key aspects of our business and its impact on the environment, society and the economy, we have identified significant impacts, risks and opportunities that we will continue to focus on in the future. Our goal is to ensure sustainable growth and development and continue to create longterm value for Span.

Key features of the period

2.1. Key events in 2024

2.1.1. Corporate events

2.1.1.1. Establishments, mergers and acquisitions of business shares of companies

AI is no longer only talked about, artificial intelligence is making its grand entrance into the business

— Nikola Dujmović, PRESIDENT OF THE MANAGEMENT BOARD OF SPAN

2.1.1.1.1. Acquisition of 100% of shares in the affiliated company Bonsai d.o.o.

Span d.d signed a contract on purchase of 30% of business shares of the affiliated company Bonsai d.o.o. (hereinafter: Bonsai). Value of the transaction amounted to EUR 750,000.00. By purchasing the remaining 30% of Bonsai's shares, Span acquired full ownership and the intention to merge with that company was announced. At the same time, the intention to merge with the affiliated company Ekobit d.o.o. (hereinafter: Ekobit), which has been fully owned by Span since the acquisition in 2022 was announced.

2.1.1.1.2. Merger of affiliated companies Bonsai d.o.o and Ekobit d.o.o with Span d.d.

In accordance with the above, on the basis of the merger agreements concluded on 14 May 2024 between Span, a joint stock company for the design of information systems, with the registered office in Zagreb, Koturaška cesta 47, registered in the commercial register of the Commercial Court in Zagreb under number (MBS): 080192242, OIB: 19680551758, and companies:

• EKOBIT, a limited liability company for the development of software packages, trade and representation, with the registered office in Zagreb, Radnička cesta 80, registered in the commercial register of the Commercial Court in Zagreb under number (MBS): 080144042, OIB: 69609657776, and

• BONSAI, a limited liability company for the design and implementation of intelligent information systems, with the registered office in Zagreb, Koturaška cesta 47, registered in the commercial register of the Commercial Court in Zagreb under number (MBS): 081100130, OIB: 81255473305, as well as the decisions of the assemblies of the merged companies approving the merger, the merger was registered in the commercial register of the Commercial Court in Zagreb on 1 July 2024, under decision numbers: Tt-24/25570-2 and Tt-24/25567-2 that were published in the commercial register.

Given the fact that Span d.d. is the sole member of Bonsai d.o.o. and Ekobit d.o.o., the provisions of the Article 531 of the Companies Act on specific merger cases shall be applied, and approval of the General Assembly of Span d.d. as the acquiring company for the merger shall not be required.

By registering the merger in the commercial register the merged companies ceased to exist. The acquiring company Span d.d. became the full legal successor of the merged companies and thereby started engaging in all legal relations of the merged companies. By integration of Bonsai and Ekobit into Span, Span's offer of software and AI solutions development was united. The goal is to achieve a unique presence on the market, within the same company and unique Span brand. Alongside cloud and cyber security, artificial intelligence is becoming one of Span's key strategic course in the next period. AI solutions are implemented more intensively in organizations, and the availability of generative artificial intelligence further accelerated the process. In the business environment, it is increasingly being considered how solutions based on artificial intelligence can improve business and improve processes.

"AI is no longer only talked about, artificial intelligence is making its grand entrance into the business. With this merger, we will further enhance Span's AI offer within the key segments of our business, and I expect that development to generate significant profit for us in the years to come", said Nikola Dujmović, President of the Management Board of Span.

2.1.1.1.3. Acquisition of a business share in the affiliated company Trilix d.o.o.

Company Span d.d signed a contract on purchase of 30% of business shares of the affiliated company Trilix d.o.o. (hereinafter: Trilix) from the seller, Mladen Amidžić. By signing this contract, Span became the owner of 90% of Trilix's business shares, while the remaining 10% of the business shares is Trilix's own share. Value of the

transaction amounts to EUR 400,000.00, and the price is paid in 3 (three) annual instalments. Trilix d.o.o. generates its revenue from services of its own software products and systems and from project activities it engages in with clients from various industries. When it comes to services, the largest part of the revenue comes from the trade and tourism sector, while the project activities relate to the industries of urban mobility and electrical systems used for powering vehicles. Within this acquisition, Span obtains significant IP (intellectual property) of Trilix's products and the opportunity to offer its clients services from Span's broader portfolio. Considering the recognition of the Trilix brand and its long-term presence on the market, Trilix d.o.o. continued to function as an independent entity within the Span Group after the acquisition.

2.1.1.1.4. Establishing the company Span B.V. with the registered office in the Netherlands

On 16 December 2024, the company Span B.V., Keizersgracht 482, 1017 EG, Amsterdam, the Netherlands, was established and registered at the Chamber of Commerce of the Netherlands, with the ID: 95799907. The founder and sole member of the company is Span d.d. The company is registered for doing business on the regional market.

2.1.1.2. Reduction of the business share of Span d.d. in the affiliated company Ekobit d.o.o. with purpose of alignment of share capital due to the introduction of the euro

On 13 April 2024, the Commercial Court in Zagreb published the registration of the share capital adjustment to EUR for Span's affiliated company Ekobit d.o.o., Koturaška cesta 47, 10000 Zagreb, OIB: 69609657776 (hereinafter: company Ekobit or Ekobit). In order to adjust the share capital of Ekobit to EUR, and in accordance with the rules laid down in the Companies Act and the Law on the Introduction of the Euro as the Official Currency in the Republic of Croatia, the issuer's business share in the share capital of the company Ekobit was reduced. Until the adjustment of the share capital of the company Ekobit, the issuer had business shares in the company in the total amount of 82.13%, and after the adjustment, it has a business share in the amount of 82.12%.

2.1.1.3. Decision on the utilization of profit and payment of dividend

The meetings of the Management Board and the Supervisory Board of the Company took place on 30 April 2024, and it was then that the proposed Decision on the utilization of profit and payment of dividend in the amount of EUR 0.30 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who, on 24 June 2024, were registered as shareholders of the Company in the Central Depository and Clearing Company (record date). The claim for the dividend payment became due on 5 July 2024 (payment date). The date from which the share of the Company was traded without the right to the dividend payment was 21 June 2024 (ex date). The dividend was paid from the Company's profit realized in 202318, and partly from retained profit from the previous years.

2.1.1.4. General Assembly of Span d.d.

Invitation to the General Assembly of Span d.d. was announced on 6 May 2024. Based on the provisions of the Capital Market Act and Rules of the Zagreb Stock Exchange, a regular meeting of the General Assembly of the Company was held on 18 June 2024. The full contents of the decisions is available on the following link: General Assembly of Span d.d.

2.1.1.5. Election of the President and Vice President of the Supervisory Board

The Supervisory Board of the Company held a constituting meeting on 1 October 2024, following the expiry of the mandate of the President and Vice President of the Supervisory Board on 30 September 2024. At the meeting, Ante Mandić was elected President of the Supervisory Board, and Aron Paulić was elected Vice President of the Supervisory Board.

2.1.1.6. ESOP – allocation of additional shares

In accordance with Article 474 of the Capital Market Act, on 8 October 2024, the Company released 3,858 own shares, in line with the terms and conditions announced in the Prospectus regarding the public offering and listing of shares on the regulated market, which refers to the allocation of Additional Shares that the Issuer will allocate to an individual Employee in accordance with the ESOP program. Prior to the said release, the Company owned 7,860 own shares, representing 0.4010% of the share capital, and after the release, it owns a total of 4,002 shares, representing 0.2042% of the share capital.

2.1.1.7. Appointment of the Management Board of Span d.d.

At their meeting held on 12 November 2024, the Supervisory Board of Span d.d. adopted the Decision on the appointment of the Management Board of the Company for a new five-year mandate. Since 16 December 2024, Management Board of the Company is composed of Nikola Dujmović as the President, and Saša Kramar and Ana Vukšić as Members.

2.1.1.8. Share Buy-Back Program

A meeting of the Management Board of the Company was held on 5 December 2024, at which, with the prior consent of the Supervisory Board, the new Share Buy-Back Pro gram was adopted19, in accordance with the Decision of the General Assembly of 13 June 2022. With the adoption of the new Program, a Share Buy-Back Program adopted at the meeting of the Company's Management Board held on 2 December 2022 ceases to be valid.

2.1.1.9. Acquisitions and disposals of own shares

On 31 December 2023, the share capital of the Company consisted of 1,960,000 shares with the nominal value of EUR 2.00, and the Company held 15,673 own shares. After the noted acquisitions and disposals, on 31 December 2024, the Company held 8,802 own shares, which was 0.4491% of the share capital of the Company.

19 More about the Share Buy-Back Program can be found in point 2.2.4 of the Annual Report for the year 2024.

Acquisitions and disposals of shares over the year:

Number of shares after corporate event	% of share capital before corporate event	% of share capital after corporate event

Date	Corporate event	Purpose	Number of shares	Number of shares after corporate event	% of share capital before corporate event	% of share capital after corporate event

25 March 2024	Disposal of own shares	Share Buy-Back Program	5.208	10,465	0.7996 %	0.5339 %
24 June 2024	Disposal of own shares	Share Buy-Back Program	2.355	8,110	0.5339 %	0.4138 %
	17 September 2024 Disposal of own shares	Share Buy-Back Program	250	7,860	0.4138 %	0.4010 %
	08 October 2024 Disposal of own shares	ESOP - allocation of additional shares	3.858	4,002	0.4010 %	0.2042 %
	31 October 2024 Acquisition of own shares Share Buy-Back Program		870	4,872	0.2042 %	0.2486 %
	04 November 2024 Acquisition of own shares Share Buy-Back Program		130	5,002	0.2486 %	0.2552 %
	06 November 2024 Acquisition of own shares Share Buy-Back Program		1.022	6,024	0.2552 %	0.3073 %
	12 November 2024 Acquisition of own shares Share Buy-Back Program		83	6,107	0.3073 %	0.3116 %
	13 November 2024 Acquisition of own shares Share Buy-Back Program		525	6,632	0.3116 %	0.3384 %
	14 November 2024 Acquisition of own shares Share Buy-Back Program		150	6,782	0.3384 %	0.3460 %
	15 November 2024 Acquisition of own shares Share Buy-Back Program		200	6,982	0.3460 %	0.3562 %
	19 November 2024 Acquisition of own shares Share Buy-Back Program		250	7,232	0.3562 %	0.3690 %
	22 November 2024 Acquisition of own shares Share Buy-Back Program		268	7,500	0.3690 %	0.3827 %
	26 November 2024 Acquisition of own shares Share Buy-Back Program		302	7,802	0.3827 %	0.3981 %
	28 November 2024 Acquisition of own shares Share Buy-Back Program		400	8,202	0.3981 %	0.4185 %
	29 November 2024 Acquisition of own shares Share Buy-Back Program		100	8,302	0.4185 %	0.4236 %
	20 December 2024 Acquisition of own shares Share Buy-Back Program		500	8,802	0.4236 %	0.4491 %
As of 31 December 2024			8,802		0.4491 %

¹⁸ In the business year that was concluded on 31 December 2023, net consolidated profit of the Span Group amounted to EUR 1,246,634.97, and net profit of Span d.d. amounted to EUR 461,445.38.

2.1.1.10. Sustainability report

Our 2023 Sustainability Report, entitled "Charting a course for a resilient future," used the foundations of previous materiality assessments, an in-depth review of potential and actual adverse impacts on people and the environment that began in 2022. What's new is that we've taken a step forward in understanding how our business intersects with the interests and perspectives of diverse stakeholder groups. We did this by conducting a total of ten thematically-defined in-depth interviews and focus groups that covered all of Span's potential material topics, regulatory changes, and business trends. Conversations with key stakeholders and careful consideration of our own impacts resulted in an even better understanding of how Span's business intersects with the interests and perspectives of diverse stakeholder groups.

Our goal is also further development of our ESG business segment to ensure multiple and long-term values for all our stakeholders

— Nikola Dujmović, PRESIDENT OF THE MANAGEMENT BOARD OF SPAN

2.1.2. Business events and achievements

2.1.2.1. Software Asset Management and Licensing

Span remains the leading Microsoft partner for the provision of licensing, technical support and consultancy services in 2024, continuously adapting its services to the dynamic needs of customers. Through licensing and software asset management, we ensure optimization of expenses and efficient license management, helping our users maximize the value of their IT investments. During 2024, we continued to reinforce our teams and improve processes in order to ensure an even higher-quality support to customers in the transition to cloud solutions and optimization of the existing environments. An increasing number of users recognize the advantages of cloud, and our expertise makes their transition efficient and cost-effective. For all the above reasons, we received a special recognition being awarded Microsoft Partner of the Year 2024 in Croatia.

Microsoft is still in the focus of digital transformation with an emphasis on AI solutions, including Copilot for M365, which has drawn a great deal of interest from the market. During 2024, Span continued with the implementation and the adaptation of these solutions to customers' needs, ensuring optimal use of AI solutions through custom strategies and technical support. Alongside Microsoft solutions, we further improved software asset management services, particularly in the area of cloud expenses management and

optimization, enabling us to expand our offer and provide even more precise analyses and recommendations for users with complex IT environments. Given the continuous growth of the licensing complexity and the need for optimization of IT resources, Span remains a reliable long-term consultant to its users. We are continuing to develop our portfolio of services and license selling, keeping up with the technological trends and making sure our users get the best possible solution for their business needs.

2.1.2.2. Infrastructure Services, Cloud & Cyber Security

In the Infrastructure Services, Cloud & Cyber Security segment, we provide users with complete solutions, which include the design and development of information systems, taking care of security and cloud services.

Solution Consulting Services (SCS) Department gathers experts who possess specific knowledge and skills in the areas of project management, architecture of solutions and solution engineering. Our focus is on providing top-level services in shaping, planning, adopting and implementing projects related to Modern Workplace and Modern Desktop solutions, SAP Basis and on-premises technology. There were no significant organizational changes in 2024, but new services were introduced in order to better comply with the requirements of the market. Since the focus of this department is mainly on the Microsoft 365 collaborative platform,

we put a lot of time in the development of Tenant & Data Governance service. The service is designed to provide the user with clear guidelines for the alignment of the configuration to the business requirements and the latest security standards by means of detailed record of the state of the existing environment. With a clear action plan, users can choose areas they want to improve first, or meet the requirements for the introduction of new technologies whose aim is to enhance the security or increase the productivity. We were most successful in the analysis and the preparation of the environment for the activation of Microsoft 365 Copilot service. In 2024, we completed one such project for a client from Croatia, and two projects for international clients.

We started working on a project of migration and integration of two IT environments into one for a large size international client from the food and beverage manufacturing sector, who last year bought a company and the total value of the transaction amounted to USD 1.8 billion. We have been chosen as a partner due to our broad experience, which we gained while working on similar projects. Different departments within Span worked together on the project, and the highest proportion of work, which includes the migration of Microsoft 365 collaborative platform, computers, servers and applications, was assigned to the Solution Consulting Services Department. Even though the project started at the end of 2024, it is expected to continue during the course of 2025.

In 2024, SAP Technical Department established a new service related to security monitoring of the SAP system (Security Operations Center; SOC for SAP), in which we partially rely on a technical solution of our new partner, SecurityHub company from Switzerland. In 2024, this department primarily helped users in the projects of optimization of their SAP licenses, as well as upgrades, technical and security improvements of the SAP system, and the regular maintenance of the SAP system in the SAP Basis area.

A need for an additional focus and specialization of the Project Management office was noticed in 2024. With the integration of Ekobit and Bonsai, Project Management Department was additionally enhanced with experts from the AI and business analytics areas. We organized a number of internal training sessions and workshops in order to ensure a smooth integration of new members, as well as to continue investing in the expertise of our employees. The main goal of the Project Management Department is to improve project management and efficiency by means of process standardization, strategic alignment, and supporting project teams by providing training, consulting and continuous improvement of project management processes.

We adopted new technologies and approaches that enhanced our processes and results. The use of artificial intelligence resulted in the reduction of administrative load and the increased project management efficiency, while Project Intake Request (PIR) application for project ideas application and evaluation ensured a more transparent internal projects launch and prioritization, in accordance with the organization's resources and strategic goals. We standardized processes for different project types, particularly in the areas of cyber security, cloud, AI, and we improved onboarding processes for a faster integration of new members. The "Lessons Learned" initiative provided recommendations for better storage and implementation of the lessons learned, thereby further strengthening the foundations for future success.

We carried out a number of successful projects of integration of artificial intelligence (AI) in everyday project management activities, both within the organization and for our users. By integrating AI technologies, we improved analytics and reporting, and thus enabled a

faster and more precise data analysis, as well as real-time decision making. Those moves significantly reduced the administrative load, and increased the overall team efficiency. As a Group, we worked on more than 600 projects in the last year, including projects in the areas of cyber security, cloud and AI. We improved processes and project management, which resulted in increased efficiency, risk reduction, and greater satisfaction of all the stakeholders involved. These moves laid strong foundations for further growth and development of our Project Management department, as well as higher-quality delivery of strategic projects at the level of organization.

The Cloud Services department deals with providing support to users when it comes to adopting, migration and production of solutions based on public, private and hybrid cloud, using IaaS and PaaS service models. Our highly specialized experts lead compa-

nies through the whole process of adopting a cloud technology, including business value assessment, migration plan and timeline development, to the implementation of IT solution on the cloud platform, and continuous consultancy and support.

A minor reorganization was carried out in 2024, and it involved the constitution of a Cloud Architecture team, who together with the existing Cloud Monitoring team formed a Cloud Architecture and Engineering department. Cloud Architecture team focuses on the development of cloud architecture, as well as the implementation of all the prerequisites for the installation of business applications and user systems on the cloud platform. In cooperation with the Cloud Monitoring team, this department provides a comprehensive support to users' IT departments and developers, enabling the integration of applications into the IT environment while following the best practices and standards. At mid-year, we began working with an international energy drinks producer exactly in that area, and we already achieved tangible success in the automation of their Azure platform management. Also, this department was the fastest growing in 2024, increasing the number of employees by six.

Cloud Security team also recorded a growth of project volume, particularly in terms of delivery of Microsoft 365 workshops in the area of security and security tools implementation in cloud. We completed 11 such workshops total, five in the Threat Protection area, and six in the Data Security area. We also organized three workshops dedicated to Cloud Security within Cyber Securirity Incubator. The goal of these workshops was to educate and raise awareness of the attendees when it comes to key security challenges and cloud solutions, with a particular focus on Microsoft security solutions.

At the end of the year, Cloud Security team listed identity management service in IT environment in their portfolio. That service includes identity lifecycle management, from onboarding a new employee in the organization, change of their role within organization, to the termination of their employment. The use of specialized tools such as Microsoft Entra ID and Saviynt ensures that, by means of automated processes, the user always has access only to necessary resources. The benefits for the organization include greater data security, reduced administrative load of the IT department, and facilitated alignment to security policies.

We continued to invest in development of services in the area of private and hybrid cloud. Our Private & Hybrid Cloud team got a dedicated hardware demo environment for Azure Stack HCI, a Microsoft solution for launching native cloud services on the user-owned infrastructure. This environment is dedicated to those who want to use modern cloud technologies, and also be totally in control of their infrastructure and data. We had three projects related to Azure Stack HCI solution last year, and a growing interest is observed in other users as well.

Banks being the biggest leaders in adopting cloud technologies in Croatia and in the region is a continuing trend when it comes to large-scale users, and we made contacts and completed or started projects with six banks in total in 2024. These projects fall within the areas of support in the adoption of cloud technologies and creation of basic prerequisites for hosting the IT service, migration of existing IT services to cloud, or consultancy services related to the adaptation of cloud environment in specific scenarios, such as PCI-DSS compliance.

Cyber Security department is mainly oriented towards providing comprehensive security solutions in order to improve the digital resilience of our users. That includes cyber security management, cyber incidents response, vulnerability assessment, design and implementation of complex technological systems for cyber defense, regulatory and legal compliance, and user training.

There were no significant organizational changes in 2024, given the fact that the main focus was on getting ready to face the awaiting challenges in 2024. We put a lot of effort in improving efficiency and effectiveness of our SOC through advanced automation (SOAR) and full compliance of the operational model with the MITRE ATT&CK framework based on the "threat-informed defense" principle, thereby shifting incident detection and response from detecting warning messages to detecting malicious behaviour and incidents at a very early stage. We also established advanced capacities for "detection engineering" in our SOC (Security Operations Center), which continuously helps us identify threats faster and more precisely.

When it comes to events that marked 2024, we must mention NIS2 Directive and DORA Regulation that were adopted at the European Union level and resulted in Cyber Security Act. It was important to prepare Span, and the offer for our users as well, in order to comply with the new act in time. We recorded an increase in the number of incidents and security events of 57%, while the most critical, "Priority 1" incidents were 2.5 times higher compared to 2023. Our offensive security team (Red Team) was active as well, doubling the number of completed penetration tests compared to the previous year, and was 100% successful while doing so.

These results show there is a strong need for continuous improvement of the security situation of organizations on the market, as well as the need for continuous investment in security in order to protect the business. That is why we introduced a new service – strategic consultant for cyber security (CISOas-a-service), to improve security protocols, defense mechanisms, and to increase overall resilience to cyber attacks of our users. With this service, we currently cover a large number of organizations from different areas – from manufacturing, financial services, to HoReCa and food industry.

In 2024 we implemented ISO 27001 standard in our affiliated company in Slovenia for the first time, and we also supported the implementation of ISO/IEC 42001 (Artificial Intelligence Management System) standard in Span. Moreover, great focus was placed on exercises simulating phishing attacks on native Microsoft platforms, pen tests, training sessions carried out within ENISA program, and training sessions within Cyber Security Incubator.

Looking at the year in numbers, our SOC received and resolved 91 000 tickets in 2024, 202 of which were highest priority incidents. In accordance with global trends, most of the incidents (21%) relate to phishing attacks (T1566)20, identity theft attempts, and initial system compromise (T1586)21. Our team represented us in Huntress CTF competition, and ended in 49th place out of 3 471 teams. Also, our team won 102nd place out of 943 participants in HTB Business CTF competition. In June we hosted a large-scale exercise that simulated the coordinated cyber security attack on European critical infrastructure, organized by European Network and Information Security Agency (ENISA) Cyber Europe 2024. The exercise was coordinated by CARNET's National CERT at national level, and a total of 78 cyber experts participated, 40 of which participated in person in Cyber Security Incubator.

In December we took part in the largest and most well-known NATO exercise in the area of cyber defense – Cyber Coalition 24, which gathered more than a thousand participants from more than 30 countries. NATO's allies and partners participate in this exercise, and its goal is strengthening the resilience and defense against cyber threats.

20 Phishing, Technique T1566 - Enterprise | MITRE ATT&CK® 21 Compromise Accounts, Technique T1586 - Enterprise | MITRE ATT&CK®

2.1.2.3. Software and Business Solution Development

The department which in 2023 covered the development of solutions for users and the development of software products and business platforms, in 2024 focuses on the development of AI and data solutions as well. That was primarily the result of integration of Bonsai and Ekobit into Span, carried out in 2024. An increased need for data engineers, data analysts and machine learning experts is observed on the market, and it was precisely with this integration into Span that we gathered an excellent team of experts with broad experience in projects covering this area.

In a new lineup and in AI team, they continued working on the development and the implementation of solutions based on machine learning (ML), using the architectures of large language models (LLMs), such as those implemented in Microsoft Copilot and ChatGPT. The activities include the use of available language models with a view to integrating advanced AI functionalities into existing business systems.

By means of advanced tools and methodologies, Data Solutions team provides a comprehensive support in the processing, analysis and visualization of our users' data. On the basis of this data, user can better understand the business through an insight into key metrics and indicators, and make decisions based on evidence, not intuition.

Although the main hype was around AI and data technologies in the recent years, we shouldn't forget DevSecOps – the basis for everything we do at Span. The main task of the DevSecOps team is to make sure the security is integrated in each phase of the development and the implementation of software and other solutions. They also cooperate closely with development, operational

and security teams that test and improve whatever it is necessary to comply with all the security and quality standards during the entire lifecycle of software development. For secure coding we mainly use .NET/C# and Angular for development, although we easily adapt to React as a frontend technology. On the subject of software development, we cooperate closely with our users during the entire process to better understand their unique challenges and to develop the most helpful or useful solution for their business.

Product Development team plays an important role in this process as well, as they turn the users' ideas into excellent solutions by means of a structured process of research, design, prototyping and testing. Working together reduces risks, accelerates entering the market and yields products that strengthen the competitive advantage and business success of our clients. And in the future we strive exactly to that – to further development of teams in our department in order to continue providing innovative and excellent solutions to our current and future users.

The Enterprise Business Solutions department develops solutions on the Microsoft Business Applications platform with the focus on Microsoft Dynamics 365 and Microsoft Power Platform solutions.

During 2024, Microsoft continued to strongly invest in and develop the Business Applications Platform, constantly improving it with new functionalities, thus enabling the EBS department to deliver even more higher-quality solutions. Focus has been on the use of artificial intelligence in specific business processes, and the improvement of the digital contact centre in which AI functionalities were added to the omnichannel approach in order to save even more resources through automation of the communication with users. Major benefit our users gain with the implementation of Business Applications solution is the digitization of their business

processes, particularly in the area of sales, customer support, marketing, finance and manufacturing.

This is supported by the projects we worked on in 2024 for national and foreign users, which were based on the implementation of CRM systems, business processes automation, and the delivery of BI solutions – and we're very proud of that since it was only last year that our Data team was formed.

We take pride in a series of completed projects that year after year become more demanding and more interesting. We expanded our collaboration with a global fast food chain through new Power Platform solutions, and with an international pharmaceutical company through implementation of CRM system in additional, more complex markets. We upgraded existing systems for an international investment company, and we developed a platform for data unification, loyalty program and guest relations management for one of the leading Croatian hotel chains.

Also, we successfully implemented CRM for a leading Croatian energy company, and we carry out numerous CRM and Data projects in energy, insurance, manufacturing, food and publishing industry sectors for Croatian and regional clients.

Our employees, who continuously improve their knowledge, are the ones responsible for the delivery of these excellent solutions to our users. That's why we are happy our Microsoft Business Application Solution status was renewed in 2024, thereby confirming our expertise in the delivery of solutions built on Dynamics 365 and Power Platform technology.

Furthermore, with the integration of Bonsai into Span we were joined by our colleagues specialized in business processes automation, which added novelty to our department, as well. Thereby the competency of our team was expanded to RPA (Robotic Process Automation) technology, implementing software robots who automate structured and repetitive processes.

2.1.2.4. Service Center Management and Technical Support

Service Center Management and Technical Support business segment offers support, supervision and consultancy 24 hours a day. During 2024 we recorded an increase in the workload, mainly in the areas of Cloud and Identity technologies. When it comes to processes, we focused on the optimization of business processes and the introduction of AI technologies into the business. Through these technologies we expanded our expertise, and while maintaining business-critical services on a high level, we successfully integrated and maintained highly variable Cloud platforms that serve as information services and enhance users' business. In order to be ready for business challenges, the growth and development of internal expertise was our main focus when it comes to our people. The recruitment processes we carried out were aimed at strengthening the Service Desk and engineers specialized in SQL databases and Cloud technologies (AWS, GCS and Azure). The number of tickets we resolved in 2024 increased by 6.6% compared to prior year, and users rated their satisfaction with our services with a high 4.92 out of 5 rating.

2.1.2.5. International operation

Slovenia

Span Slovenia has been on the market for more than 15 years, and has been growing significantly in the last four years. We have more than 28 employees who, based on their knowledge and experience, provide services and solutions to customers in various business segments, among which the greatest interest is in the areas of cloud and cybersecurity.

Cyber security services were our focus in 2024. We wanted to further strengthen our position as a local cyber security service provider, so for the first time in Span Slovenia we introduced services such as CISM (Certificate in Information Security Management) and SOC (Security Operations Center). By doing so, we achieved our primary goal, but also improved our service portfolio.

One of our greatest achievements was the collaboration with a world-renowned brand whose solutions can be found in more than 80 countries around the world. We introduced Azure Landing Zone concept for that client, which led to the improvement of their security, compliance with the standards, and operational effectiveness through platform automation and DevOps. We are proud of our achievements and key objectives we accomplished. Our commitment to excellence and innovations is still the driver of our growth and success in the constantly evolving IT environment.

Ukraine

Span has been operating in Ukraine for six years, and has 37 employees. In 2024, the Company focused primarily on public and financial sector. Over the year, there has been an increasing demand for Microsoft licences as a result of increased use of Microsoft 365 Copilot by users and an increased interest in security solutions. Licences demand recorded a significant growth compared to 2023, and nearly reached its 2021 level. Security became a burning issue due to the use of Microsoft Defender package (MDE, MDI, MDA, MDO) and Sentinel, Intune and Entra ID solutions. We carried out a successful migration from Google Workspace to M365 solution, and developed hybrid infrastructure solutions. Users are also becoming more interested in business process automation and data management tools, particularly Power BI, Power Automate, Power Apps and Azure.

The implementation of Microsoft Entra ID solution for a well-known investment holding company, development of Modern Workplace infrastructure for a national digital agency, introduction of MDM platform for a national authority, and M365 platform security services testing for a number of government entities were among key projects.

Moreover, the Company carried out a successful migration to M365 platform for a number of enterprises, introduced Yarooms platform in leading automotive and banking companies, as well as Ribbon SBC platform in a large-scale financial institution, and participated in international projects of global food processors and biotechnology companies.

We are leaders in the implementation of Yaroom and Ribbon in Ukraine, for which we are extremely proud. Also, we must mention the golden partnership with Dell and Span Ukraine, new Cisco Internetwork Expert certificate and AWS, Cisco, Kemp, Ribbon and Fortinet certifications as our main achievements in 2024.

Azerbaijan

In 2024, Span Azerbaijan proudly celebrated eight years of operation on the local market, marked by a steady growth owing to the commitment of four of our experts. We still hold a prominent position in financial services (FSI) and telecommunications sector (Telco). As we align our portfolio with the growing needs of our users, we are focusing more on Azerbaijan's public sector at the same time, with the purpose of participating in scalable G2G (Government to Government), G2C(Government to Citizen) i G2B (Government to Business) projects.

Azerbaijan's market is distinguished by the great potential due to ever increasing number of digital transformation initiatives and increasingly more demanding security requirements. Information security has become a priority in all areas of society, which is confirmed by the establishment of two new local Security Operations Centers (SOCs) in the last year.

We successfully renewed our Microsoft Enterprise Agreement (EA) with the second

largest holding company in Azerbaijan. This further strengthened our partnership with the customer and opened the door to new opportunities, such as a strategic security project in cooperation with one of the two leading telecommunications service providers in the country.

Despite constant challenges, such as software piracy, we concluded a couple of important licensing agreements with large-scale users, which also serves as the confirmation of our efforts to tackle this problem. In addition, coordinated marketing activities improved the visibility and competitive position of our brand, thus further enhancing the reputation of Span Azerbaijan as an important member of Azerbaijan's ICT community.

Span Azerbaijan will continue fostering innovation, conducting important projects and supporting digital transformation of the local market with its proven international competencies in the future.

Moldova

Span's affiliated company in Moldova has been operating for three years. During this time, we have been attempting to leave our mark and position ourselves on the local market. The majority of our clients in 2024 came from the public and financial sectors, and in most cases our clients were large companies. We have been focusing on the small and medium-sized enterprises as well, especially when it comes to licensing services.

New trends on our market include cyber security, infrastructure services, cloud services, SOC, and managed services. Furthermore, an increased demand for penetration testing and a full information security audit was noted. When it comes to cloud, clients are becoming more interested in Microsoft Teams adoption, migration of Microsoft Dynamics 365 CRM platform from a local server to cloud, and the migration of enterprises of all sizes to cloud.

The most important projects we worked on in 2024 were related to banking sector. In 2024, we became the main and only provider of Microsoft Enterprise Agreement and Azure for one of the largest banks in Moldova. Moreover, we delivered a first services agreement, including the audit of Microsoft Exchange infrastructure and Microsoft Data Protection Manager system, and troubleshooting for Exchange Servers system and IT infrastructure.

We are content with our achievements and collaborations in the last three years. Our clients recognize the expertise we are proud of, and think of us not only as a solutions provider, but as a long-term partner as well.

Estonia

With more than 25 years of experience, GT Tarkvara is the leading software and service provider for the largest commercial clients, as well as clients from the public and education sector in Estonia. After becoming a part of Span Group in 2023, our capabilities and reach significantly improved and we were offered new business opportunities on Estonian and Baltic markets.

When it comes to trends on our market, we notice an increasing interest of organizations for solutions based on artificial intelligence, although the majority of them are only beginning to realize their potential and use. Also, a notable trend is higher demand for comprehensive cyber security solutions, with substantial investments being made in security testing, threat protection, and security operations solutions.

Our 2024 business highlights confirm that we're not just talking about trends, but a real need. We conducted several security assessments for our key customers, including security testing, threat protection, and security operations, in order to strengthen defences against cyber threats. Also, we executed numerous Microsoft Copilot workshops which helped customers to use new AI digital tools better, making their work easier and more productive.

One of our biggest projects in 2024 was the migration of more than 25,000 workplaces to the Microsoft Cloud for our customer, and enabling the access to advanced digital tools, streamlining workflows, and improving overall productivity, ensuring that public sector services remain resilient and forward-thinking.

Georgia

In 2024, Span concluded its first full financial year in Georgia, making it a crucial step in expanding its presence on the local market. Our team still consists of a one committed local representative, and one remote sales manager, who mainly focus on the banking sector as the steady leading driver of technological progress in the country.

There has been a growing demand for innovative solutions and products on the Georgian market, particularly in the are of information security. Span Georgia actively addresses these needs using its international experience in offering user-tailored solutions.

One of our greatest achievements of 2024 was winning the Microsoft Enterprise Agreement (EA) tender for the largest bank in Georgia That pivotal moment, the biggest deal with Microsoft in that country so far, significantly increased Span's recognizability on the Georgian market. It also opened doors to new opportunities for collaboration with the bank, and further strengthened our position in the banking sector. While Span continues to build its reputation in Georgia, we keep being committed to carrying out important projects, meeting the ever increasing demand on the market, and strengthening our role of the reliable partner for digital transformation of the country.

2.1.2.6. Business awards, recognitions and achievements

2.1.2.6.1. Microsoft Partner of the Year 2024 for Croatia

We were awarded Microsoft Partner of the Year 2024 for Croatia. This recognition by Microsoft honors the best partners for demonstrating excellence in their work and delivering solutions based on Microsoft technologies.

"The greatest strength of the people of Span is a great desire for knowledge, continuous skills development and following trends. I am happy we received the Microsoft Partner of the Year Award 2024 as well, which reflects our commitment to creating superior solutions for our users that are based on Microsoft technologies, with an emphasis on AI and security standards", said Mihaela Trbojević22, Product Marketing Director of Span.

Microsoft's Partner of the Year is granted to companies that have successfully conceived, developed and implemented solutions using Microsoft technologies in the previous year, focusing on Microsoft Cloud solutions and innovations in the field of artificial intelligence. The award is bestowed in several categories, and winners are selected among more than 4700 nominated companies from more than 100 countries worldwide. We have been awarded for providing superb services and solutions in Croatia.

"Congratulations to the winners and finalists of the 2024 Microsoft Partner of the Year Awards!", said Nicole Dezen, Chief Partner Officer and Corporate Vice President at Microsoft. "Numerous AI and Copilot

22 As of April 1st, 2025, Mihaela Trbojević became a Member of the Management Board for Product and Service Management

announcements this year have fueled our partners' innovations, enabling revolutionary services and solutions for customers. I am inspired by the capabilities and creativity of our partner ecosystem, and this year's winners best demonstrate what can be achieved with artificial intelligence and the Microsoft Cloud."

2.1.2.6.2. Successful re-certification of ISO 14001 and 50001 standards

In April, we conducted a certification audit for our IT service management system according to ISO 20000 standard for the fifth time. By doing this we once again demonstrated our commitment to a methodological and structured approach to our key business processes.

At the beginning of June, we successfully conducted re-certification audits for our environmental and energy management systems according to ISO 14001 and ISO 50001 standards. This way, Span continues to implement socially responsible practices.

I am happy we received the Microsoft Partner of the Year Award 2024 as well, which reflects our commitment to creating superior solutions for our users

— Mihaela Trbojević, PRODUCT MARKETING DIRECTOR OF SPAN

2.1.2.6.3. Hewlett Packard Enterprise Gold Partner and Aruba Gold Partner Status

We are proud to have been recognized for many years as Hewlett Packard Enterprise Gold Partner. This 2024 recognition is a new evidence of our dedication and excellence in the area of hybrid cloud with tested quality products and services of the IT infrastructure. We are also holders of Aruba Gold Partner Status, and we also take pride in the fact that we were awarded HPE Aruba Networking Champion of the Year 2023 at the HPE Intelligent Data conference.

Our expertise in the HPE hybrid cloud portfolio and completion of the training program and certification for HPE hybrid solutions are a confirmation of the high level of knowledge of our team, and this recognition further confirms our commitment to providing superior solutions and support to our users. Our focus remains on providing quality service to users when implementing demanding and complex HPE solutions so that they could respond faster to unpredictable business requirements.

2.1.2.6.4. ISO/IEC 42001 AIMS Certificate

At the beginning of September, we were certified for the ISO/IEC 42001 standard. It is a standard that defines the requirements for artificial intelligence (AI) management systems. Precisely, the standard is based on best practices that ensure the ethical, safe, and effective use of AI technologies.

Through certification, we demonstrated owning the processes and resources enabling the management of the entire life cycle of AI solutions – from development to implementation and monitoring. The system includes quality control, transparency in prediction and generation models, as well as ongoing evaluation and adjustment to meet regulatory requirements and user needs. This ensures that generative and predictive AI systems meet high performance standards, as well as ethical and security requirements.

2.1.2.6.5. Fourth Employer Partner Status and first Above and Beyond Certificate

In the past two years, Span employed almost 300 new experts and now has more than 850 employees. We continuously invest in improving the knowledge and skills of Span's employees. We further improve business aspects and introduce new practices with a view to creating a positive and motivating atmosphere. Another proof that we're on the right track is the fourth Employer Partner Certification carried out by Selectio, leading Croatian consulting company.

This certification highlighted high quality of human resources management and implemented practices. Our HR processes were evaluated in seven categories and achieved a 92% score, which is as many as 7% higher than the average score of other certified organizations. We are especially proud of 100% score achieved in the area of Inclusion and Inspiration, a confirmation of our commitment to attracting, employing, preserving and improving our employees.

"Although we are aware of the effort put into implementing the best HR practices, it's great to see the numbers extracted from the conducted analysis. As we strive to become market leaders, but also to follow and set new trends, investing time and resources in employee training is crucial", explained Ana Visković, HR Development Manager of Span, and pointed out another fact she's very proud of: "Undesirable employee turnover rate in Span amounted to 3.8%, and the average rate of the participating companies for the same amounted to 7%".

Thanks to this extraordinary result in the Employee Partner Certification, we were given the opportunity to participate in the

As we strive to become market leaders, but also to follow and set new trends, investing time and resources in employee training is crucial

— Ana Visković, HR DEVELOPMENT MANAGER OF SPAN

new Above and Beyond Certification. This recognition is granted by Selectio to employers who showed continuous excellency in all the aspects of HR management.

Our expertise was endorsed in the categories of Impact, Satisfaction and Future, clearly indicating a positive impact of HR activity on business success, high employee satisfaction and our commitment to sustainable business. With this recognition, Span has been officially included in the list of Top 10% Employer Partners.

2.1.2.6.6. Workplace Inclusion Champion

In order to better understand the concepts of diversity, inclusion and belonging, last year we took part in a semi-annual Workplace Inclusion Champion training program organized by the Croatian Business Council for Sustainable Development. Span has been a member of the Croatian Business Council for Sustainable Development since 2023.

By means of the said program, we gained knowledge and mastered different tools that are crucial for implementing, promoting and supporting the basic principles of inclusion, equality and diversity in our organization.

In order to achieve better synergy in the future, especially when these areas of work largely intertwine, including the HR and ESG departments was of great importance. We are planning to use the gained knowledge to spread awareness of all the important topics in the area of sustainability among the Span employees.

2.1.2.6.7. Span Cyber Security Arena: all about the newest trends and upcoming risks

For the first time, we organized the Span Cy ber Security Arena conference at The Westin Zagreb Hotel, gathering over 500 attendees. On this occasion, Croatian and international

experts shared their knowledge and experiences with the aim of strengthening cyber resilience. A panel discussion and 15 lectures covered topics related to the technological aspects of cyber security, the role of artificial intelligence in cyber security, compliance with the latest regulatory requirements and financing of cyber security from EU funds.

"Cyber security is no longer just a technical challenge, it concerns everyone today and is necessary for the stability and growth of the economy and society. In an age where attacks are becoming more and more sophisticated, it is important that we treat cyber security as a public good. Only by investing in prevention and intensive cooperation can we ensure system resilience and protect data that is an integral part of our business and everyday life. That is why we launched the Span Cyber Security Arena", emphasized Nikola Dujmović, President of the Management Board of Span at the opening of the conference, where it was also pointed out that cyber security is not only intended for large organizations, but also small and medium-sized companies, which are increasingly becoming the target of cyber attacks.

Two keynote lectures by world experts in the field of IT and law at the very beginning were the highlights of the conference. Paula Januszkiewicz is a worldwide recognised cyber security expert who talked about the increasing challenges we are facing today in relation to highly coordinated, state-sponsored attacks in which artificial intelligence plays one of the biggest roles.

Besides Januszkiewicz, Austrian lawyer and activist Max Schrems gave a lecture. His legal proceeding against Facebook in 2013 laid the foundation for today's data privacy regula-

tion between the EU and the US. Schrems emphasised protecting people's rights in an era of increasingly intensive monitoring and exploitation of data.

The rest of the conference program was divided into so-called tech part and regulatory part, with numerous renowned experts who also provided significant input.

The first Span Cyber Security Arena is an introduction to an even larger conference that will be held in Opatija in 2025 and will last for three days, from 19 to 21 May.

2.2. Information for shareholders

The Company's share capital amounts to EUR 3,920,000.00 and is split into 1,960,000 common shares with a nominal value of EUR 2.00, under the symbol SPAN-R-A and ISIN symbol HRSPANRA0007.

The Company has one type of common shares that do not confer the right to a fixed return. The Company has no losses in 2024 and no carried-forward losses from previous years.

2.2.3. Share movements and trading volume

In 2024, the trading of the share started on 2 January 2024 with its price being EUR 49.20. The last day of trading on the Zagreb Stock Exchange was on 30 December 2024, when

the price of the share amounted to EUR 44.20, which was a decrease of 10.16%. Compared to the price of the share in the Initial Public Offering (HRK 175 / EUR 23.23), the price of the share had increased by 90.30%. The trading volume of the share in the observed period amounted to EUR 11,128,422.50.

Nikola Dujmović 30.77%
Raiffeisen Voluntary Pension Fund 6.69%
Marijan Pongrac 3.99%
PBZ CO OMF Category A 3.63%
Zvonimir Banek 3.61%
PBZ CO OMF Category B 3.33%
2.2.1. Share Capital

2.2.2. Ownership structure and 10 largest shareholders

On 31 December 2024, the largest individual share of 30.77% in the ownership structure was held by Nikola Dujmović, President of the Management Board. The following table shows information on the number of shares held by the Members of the Management Board and the Supervisory Board on 31 December 2024.

Management Board

Name and surname	Position	Number of shares	%
Nikola Dujmović	President of the Management Board	603,028	30.77 %
Saša Kramar	Member of the Management Board	10,249	0.52 %
Ana Vukšić	Member of the Management Board	283	0.01 %
Supervisory Board
Name and surname	Position	Number of shares	%

Name and surname	Position	Number of shares	%
Nikola Dujmović	President of the Management Board	603,028	30.77 %
Saša Kramar	Member of the Management Board	10,249	0.52 %
Ana Vukšić	Member of the Management Board	283	0.01 %
Supervisory Board
Name and surname	Position	Number of shares	%
Aron Paulić	Member of the Supervisory Board	300	0.02 %

Barbara Gradečak Member of the Supervisory Board 133 0.01 %

Erste Plavi OMF Category A 2.86%
Raiffeisen OMF Category A 2.66%
Darko Kolarek 2.43%
Damir Bočkal 2.37%
Others 37.66%

2.2.4. Share Buy-Back Program

Until 5 December 2024, the Company had a Share Buy-Back Program in place, which had been adopted on the meeting of the Management and the Supervisory Board of the Company that was held on 2 December 2022.

A meeting of the Management Board of Span d.d. was held on 5 December 2024, at which, with the prior consent of the Supervisory Board, the new Share Buy-Back Program ("Program") was adopted, in accordance with the Decision of the General Assembly of 13 June 2022. With the adoption of the new Program, a Share Buy-Back Program adopted at the meeting of the Company's Management Board held on 2 December 2022 ceases to be valid.

The new Program is implemented with the purpose of the disposal of shares within the ESOP Program of the Company, remuneration of the members of the Management Board, the employees of the Company and affiliated

companies, potential acquisition of companies, and for any other purposes that are provided for as such and allowed under the applicable legislation of the Republic of Croatia, in line with the decision of the General Assembly of the Company of 13 June 2022.

The Company plans to repurchase treasury shares on the regulated market of the Zagreb Stock Exchange, up to the maximum of 150,000 (one hundred and fifty thousand) shares23 with the amount of funds allocated with the Program in the amount of EUR 11,250,000.00 (eleven million two hundred and fifty thousand). The Company is not obliged at any point to purchase its own shares, acting as a purchaser depending on the market conditions. The Program started on 5 December 2024, and will end by 12 June 2027, at the latest. It depends on the market conditions and strategic decisions of the Company, and may be suspended, discontinued, or modified in any way during the Program period. This Program does not regulate the purchase of own shares through organized tender offers at the Zagreb Stock Exchange.

23 The price at which the shares can be purchased cannot be 10% (ten percent) higher, and respectively 10% (ten percent) lower than the average market price for a Share achieved during the previous trading day.

2.2.5. Acquisitions and disposals of own shares

In accordance with the above-mentioned Share Buy-Back Programs, the Company acquired and disposed its own shares during the year. On 31 December 2023, the Company held 15,673 own shares, which represents 0.7996% of the share capital of the Company. After the above-mentioned acquisitions and disposals during the year, on 31 December 2024, the Company held 8,802 own shares, which represents 0.4491% of the share capital of the Company.

2.2.6.Dividend Payment Policy

At the meeting of the Management Board of the Company that took place on 25 February 2022, a Dividend Payment Policy of the Company was adopted, which will be implemented in line with the development plans of the Company, the capital market situation, net profit growth, revenue levels,

and other relevant factors. When adopting the proposed decision on the payment and the amount of dividend, the Company will pay regard to ensuring successful regular operations, continuing growth on the markets where it already operates, as well as the growth on new markets. In the event the described conditions are met, the Company will pay the shareholders 20 to 50 percent of the consolidated profit in the form of dividend. The proposals of the Management Board and the Supervisory Board of the Company for the payment of dividend will reflect the stated position, but the final decision on the dividend payment, its amount and the method of its disbursement will be determined by a decision of the General Assembly of the Company. According to the above-mentioned, a session of the Management Board and the Supervisory Board of the Company took place on 30 April 2024, and it was then that the proposed Decision on the utilization of profit and payment of dividend in the amount of EUR 0.30 per share was adopted. The Man-

Zoom 1m 3m 6m YTD 1y All Acquisitions and disposals of shares over the year:

Number of shares after	% of share capital before % of share capital after corporate event corporate event

Date	Corporate event	Purpose	Number of shares	Number of shares after corporate event	% of share capital before corporate event	% of share capital after corporate event

25 March 2024	Disposal of own shares	Share Buy-Back Program	5.208	10,465	0.7996 %	0.5339 %
24 June 2024	Disposal of own shares	Share Buy-Back Program	2.355	8,110	0.5339 %	0.4138 %
	17 September 2024 Disposal of own shares	Share Buy-Back Program	250	7,860	0.4138 %	0.4010 %
	08 October 2024 Disposal of own shares	ESOP - allocation of additional shares	3.858	4,002	0.4010 %	0.2042 %
	31 October 2024 Acquisition of own shares Share Buy-Back Program		870	4,872	0.2042 %	0.2486 %
	04 November 2024 Acquisition of own shares Share Buy-Back Program		130	5,002	0.2486 %	0.2552 %
	06 November 2024 Acquisition of own shares Share Buy-Back Program		1.022	6,024	0.2552 %	0.3073 %
	12 November 2024 Acquisition of own shares Share Buy-Back Program		83	6,107	0.3073 %	0.3116 %
	13 November 2024 Acquisition of own shares Share Buy-Back Program		525	6,632	0.3116 %	0.3384 %
	14 November 2024 Acquisition of own shares Share Buy-Back Program		150	6,782	0.3384 %	0.3460 %
	15 November 2024 Acquisition of own shares Share Buy-Back Program		200	6,982	0.3460 %	0.3562 %
	19 November 2024 Acquisition of own shares Share Buy-Back Program		250	7,232	0.3562 %	0.3690 %
	22 November 2024 Acquisition of own shares Share Buy-Back Program		268	7,500	0.3690 %	0.3827 %
	26 November 2024 Acquisition of own shares Share Buy-Back Program		302	7,802	0.3827 %	0.3981 %
	28 November 2024 Acquisition of own shares Share Buy-Back Program		400	8,202	0.3981 %	0.4185 %
	29 November 2024 Acquisition of own shares Share Buy-Back Program		100	8,302	0.4185 %	0.4236 %
	20 December 2024 Acquisition of own shares Share Buy-Back Program		500	8,802	0.4236 %	0.4491 %
As of 31 December 2024			8,802		0.4491 %

agement Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who, on 24 June 2024, were registered as sharehold ers of the Company in the Central Depository and Clearing Company (record date). The claim for the dividend payment became due on 5 July 2024 (payment date). The date from which the share of the Company was traded without the right to the dividend payment was 21 June 2024 (ex date). The dividend was paid from the Company's profit realized in 2023, and partly from retained profit from the previous years24.

2.2.7. Contracts with affiliated persons

During 2024, Span signed two contracts with Bug d.o.o., a company whose Director is the Vice President of the Supervisory Board, Mr.

25 Dragan Marković's term of office in the Management Board of the Company ended on 16 December 2024

Aron Paulić. One contract concerned the re alization of an annual media and sponsorship package in the amount of EUR 30,000.00 for the period from 1 January to 31 December 2024.

The second contract was a renewal of the Contract on the provision of subscription services and delivery of Microsoft services via CSP program, which Span offers to Bug d.o.o., and the annual value of the contract was EUR 1,657.50.

The same contract was concluded with Prava formula d.o.o., whose founder and director is the affiliated person of the Member of the Management Board, Mr. Dragan Marković25. The annual value of the contract was EUR 1,708.00.

All the above contracts and affairs had been approved by the Supervisory Board.

24 In the business year that was concluded on 31 December 2023, net consolidated profit of the Span Group amounted to EUR 1,246,634.97, and net profit of Span d.d. amounted to EUR 461,445.38.

2.3. Financial indicators for 2024 2.3.1. Key features of the period – 2024

Operating revenue	+26% YoY	Operating revenue
180.2 mil. EUR		110.0 mil. EUR
EBITDA before one-off items	+40% YoY	EBITDA before one-off items
10.0 mil. EUR		5.1 mil. EUR
EBITDA after one-off items	+63% YoY	EBITDA after one-off items
9.2 mil. EUR		4.4 mil. EUR
Net Profit after one-off items	+173% YoY	Net Profit after one-off items

2.3.1.1. Operating Revenue, EBITDA and Net Profit of Span Group

2.3.1.2. Operating Revenue, EBITDA and Net Profit of Span d.d.

Revenues

The total consolidated revenues increased by EUR 37,691 thousand, or 26%, compared to 2023. Operating revenues grew by EUR 37,347 thousand in the same observed pe riod. The highest absolute growth was re corded by the Software Asset Management and Licensing segment, which in most part resulted from Span Ukraine (Microsoft has discontinued the use of products and ser vices free of charge for most of its users), and partly from GT Tarkvara acquired in the second quarter of 2023. The highest relative growth (31%) in 2024 was recorded by the Software and Business Solution Develop ment segment. Total revenue growth from IT services with high added value amounts to EUR 7,342 thousand.

In the same period, Span d.d. recorded a growth of its revenues by EUR 10,134 thou sand, or 10%. The growth results from op erating revenues, which were higher by EUR 10,483 thousand. Revenue growth is the result of growth in all business segments, particularly the IT services segment with high added value.

Operating expenses

The total consolidated operating expenses saw an increase by EUR 34,147 thousand, or 25% compared to 2023. The largest generator of the growth of expenses was the cost of goods and services sold, following the revenue growth.The personnel expenses increased by EUR 4,254 thousand, or 13% compared to 2023. The average number of employees in the Group in 2024 was 859, compared to the prior year when the average number of employees in the Group was 834.

Total expenses of Span d.d. increased by EUR 9,122 thousand compared to the same period last year. Cost of goods and services sold increased by EUR 2,492 thousand, while personnel expenses increased by EUR 5,494 thousand, which is mostly due to the merger of the companies Ekobit and Bonsai.

The average number of employees in the Company in the observed period was 698, an increase compared to the prior year when the average number of employees in the Company was 626, which is mostly due to the merger of the companies Ekobit and Bonsai. After the merger, the employees continue to work in the segments of services with high added value.

EBITDA

EBITDA of the Group before one-off items increased by EUR 2,840 thousand, or 40% and amounts to EUR 9,951 thousand. Oneoff items of EBITDA of the Group were EUR 757 thousand and related to: 1) costs of tax and surtax on capital gains arising from the Share Allocation Plan awarding employ ees of Ekobit, defined in the purchase and sale agreement; 2) reserved expenses for the ESOP for the allocation of shares to employees; 3) severance pay to a former member of the Management Board 4) addi tional expenses arising from the acquisition of GT Tarkvara.

According to the requirements announced in the Prospectus, Span is committed to award every employee who keeps in their ownership one or more ESOP packages in a period of three years with 25% shares in relation to the number of shares the respective employee holds within the ESOP package. 5% of the total number of shares has been awarded after the expiry of the first year from the date of the public announcement, and 10% of shares has been awarded upon the expiry of the second and third years each. The last allocation of shares from the ESOP program was in 2024.

EBITDA after one-off items in 2024 recorded an increase of 63% compared to the same period of the prior year.

Span d.d. recorded an increase of EBITDA before one-off items of EUR 1,294 thousand, or 34%, amounting to EUR 5,053 thousand.

Span Group

In thousands of EUR	2023	2024	∆%
Total revenue	144,332	182,023	26%
Operating revenue	142,836	180,183	26%
Other revenue	1,496	1,840	23%
Total costs	138,683	172,830	25%
Costs of goods and services sold	94,695	124,395	31%
Personnel expenses	32,197	36,451	13%
Other business expenses	11,791	11,984	2%
EBITDA before one-off items	7,111	9,951	40%
EBITDA one-off items	1,463	757	-48%
EBITDA after one-off items	5,648	9,194	63%
Depreciation and amortization	3,559	3,748	5%
EBIT	2,089	5,446	161%
Net financial result	(343)	(653)	-90%
Profit/loss before taxation before one-off items	3,209	5,550	73%
Profit/loss before taxation after one-off items	1,746	4,792	175%
Corporate tax	499	1,394	179%
Profit/loss after taxation before one-off items	2,710	4,155	53%
Profit/loss after taxation after one-off items	1,247	3,398	173%

Span d.d.

In thousands of EUR	2023	2024	∆%
Total revenue	100,433	110,567	10%
Operating revenue	99,550	110,033	11%
Other revenue	883	534	-40%
Total costs	97,094	106,216	9%
Costs of goods and services sold	65,618	68,109	4%
Personnel expenses	23,476	28,970	23%
Other business expenses	8,001	9,137	14%
EBITDA before one-off items	3,759	5,053	34%
EBITDA one-off items	420	702	67%
EBITDA after one-off items	3,339	4,351	30%
Depreciation and amortization	2,303	2,782	21%
EBIT	1,036	1,569	51%
Net financial result	(371)	1,547	517%
Profit/loss before taxation before one-off items	1,085	3,818	252%
Profit/loss before taxation after one-off items	665	3,116	368%
Corporate tax	204	360	77%
Profit/loss after taxation before one-off items	882	3,458	292%
Profit/loss after taxation after one-off items	461	2,756	497%

In the observed period, Span d.d. recorded an increase of EBITDA after one-off items of EUR 1,012 thousand, to EUR 4,351 thousand, which was a 30% increase.

The increase of amortization and depreciation in the Company is the result of the merger of the company Ekobit.

The Group's net financial result is mostly the result of foreign exchange losses in Span Ukraine.

Net profit

Profit after taxation before one-off items of the Group increased by EUR 1,445 thousand, to EUR 4,155 thousand. In the observed period, profit after taxation after one-off items of the Group increased by EUR 2,151 thousand, to EUR 3,398 thousand. One-off items are lower by EUR 706 thousand compared to the same period last year.

The cost of profit tax reflected the release of the deferred tax assets for both tax reliefs obtained based on the Investment Promotion Act. Due to the reorganization changes as a result of the merger, Ekobit had an obligation to return the used tax support for the 2021 – 2023 period. In addition, the payment of dividends of GT Tarkvara according to the tax laws of Estonia created a tax liability.

Span d.d. recorded a growth of profit after taxation before one-off items by EUR 2,576 thousand, to EUR 3,458 thousand. Span d.d. recorded a growth of profit after taxation after one-off items by EUR 2,295 thousand, to EUR 2,756 thousand. A dividend was paid to Span d.d. from affiliated companies in the total amount of EUR 1,650 thousand.

The Management Board of Span d.d. continuously considers all risks related to the Russian – Ukrainian war and is of opinion that those risks do not threaten the financial results of the Group.

2.3.2. Revenues by segments

The Span Group generates revenues in the following segments:

1. Software Asset Management and Licensing
1. Infrastructure Services, Cloud & Cyber Security
1. Service Center Management and Technical Support
1. Software and Business Solutions Development

Data on revenues by segments of operation of the Group and Span d.d. for 2023 and 2024 is presented below.

1. Software Asset Management and Li-

censing recorded a growth of revenues by 30%. The Group recorded higher revenues compared to 2023, mostly as a result of revenue growth in Span Ukraine and GT Tarkvara. The share of revenues in the total operating revenues was 72%.

2. Infrastructure Services, Cloud & Cyber Security increased by 16% in the observed period, compared to the same period of the prior year. The growth reflects an expected realization of investment in this segment. 3. Service Center Management and Tech-

nical Support contributed to a continuous growth of revenues through the supervision and management of the IT surroundings services, with the increase of revenues of this segment amounting to 8% compared to the same period last year.

4. Software and Business Solutions Development recorded a 31% increase in the observed period. The growth of this segment came from the development of specific business solutions for individual key customers, such as CRM, automation and robotization of their business processes. After the merger, the software and AI solutions development services provided by Ekobit and Bonsai continue to be provided within this portfolio.

Cloud & Cyber Security 12.6% Service Center Manage-

ment & Technical Support 16.9%

Software & Business Solution Development 5.9%

Span Group

-

In thousands of EUR	2023	2024	∆%
Total operating revenue	142,836	180,183	26%
Software Asset Management and Licensing	99,147	129,152	30%
Infrastructure Services, Cloud & Cyber Security /*	13,892	16,135	16%
Service Center Management and Technical Support *	17,836	19,193	8%
Software and Business Solutions Development **	11,961	15,704	31%

Span d.d.

In thousands of EUR	2023	2024	∆%
Total operating revenue	99,550	110,033	11%
Software Asset Management and Licensing	64,268	66,576	4%
Infrastructure Services, Cloud & Cyber Security /*	12,507	14,058	12%
Service Center Management and Technical Support *	16,828	18,730	11%
Software and Business Solutions Development **	5,947	10,669	79%

* the Security Operations Center has become an integral part of the Cyber Security segment therefore we adjusted the revenue in 2023 to make it comparable to the current period

** by consolidating the software development and AI solutions offer, we started to track a part of the projects from 2024 within the segment Software and Business Solutions Development, which is why we adjusted the revenue in 2023

Software Asset Management & Licensing 71.7%
Infrastructure services, Cloud & Cyber Security 8.9%
Service Center Management & Technical Support 10.7%
Software & Business Solution Development 8.7%

Software Asset Management & Licensing 60.6%
Infrastructure services, Cloud & Cyber Security 12.8%
Service Center Management & Technical Support 17%
Software & Business Solution Development 9.7%

Revenues by segments

Span d.d. 2023 Span d.d. 2024

2.3.3. Revenues by geographic markets

Revenues by geography show the geographic market where goods, or services are invoiced. The share of revenues the Group makes in foreign markets accounts for 74% of the total revenues. The significant growth of revenues was recorded by the Ukrainian market (EUR 18,661 thousand). Growth additionally expanded in the Slovenian market. The Estonian market also recorded growth, but primarily due to the fact that in 2023 we were showing revenues from the Q2. In the observed period, 41% of the Span d.d.'s revenues refers to the Croatian market. The UK market achieved the highest growth in 2024.

Assets

The total value of the assets of the Group was higher by EUR 8,916 thousand. The increase of the total assets is primarily the result of the increase of cash made in the operating activities.

Investment in assets

Investments of Span Group in tangible assets mostly related to expenditure for the procurement and replacement of worn-out computers and other equipment required for the work of employees and the procurement of servers. Right-of-use assets related to

business premises and leased vehicles. Investment in intangible assets in preparation related to internally generated intangible assets that resulted from the continuation of the development of software available for further sale/use.

Deferred tax assets

Deferred tax assets represent income tax return amounts which are recoverable based on future taxable profit deductions. Deferred tax assets are recognized up to the amount of taxable earnings which are likely to be achieved. When determining future taxable

Croatia 34% Slovenia 15% USA 11% UK 9% Estonia 8% Other 23% Span Group 2023 Span Group 2024

Revenues by geographic markets

Span d.d. 2023 Span d.d. 2024

In thousands of EUR	31.12.2023	31.12.2024
ASSETS	72,261	81,177
Fixed assets	23,927	25,063
Deferred tax assets	1,724	1,158
Current assets	28,314	25,997
Cash and cash equivalents	14,379	24,368
Prepaid expenses and accrued income	3,916	4,590
LIABILITIES	72,261	81,177
Equity and reserves	30,423	33,853
Long-term liabilities	3,509	2,414
Current liabilities	32,014	39,334
Accrued expenses and deferred revenue	6,315	5,575

Span Group Span d.d. 31.12.2023 31.12.2024 52,984 61,034 28,870 30,024 1,145 933 14,456 17,091 4,832 8,994 3,681 3,992 52,984 61,034 27,082 29,840 2,995 2,377 18,093 25,461 4,813 3,356

Span d.d.

Span Group

2023	2024	2023	2024
958	739	544	704
4	23	1	-
961	2,302	810	2,223
3,218	39	406	3
1,188	312	1,475	429
6,329	3,415	3,236	3,359

Investment in assets

2.3.4. Balance Sheet

profit and the amount of taxable revenues which are likely to be achieved in the future, the Group judges and creates an estimate based on taxable profit from the previous years and the expected future revenues which are considered to be reasonable in existing circumstances. The Group made an assessment of the usability of tax relief for the estimate of the amount of deferred tax assets, based on support received from the Ministry of Economy, Entrepreneurship and Crafts. The aforementioned financial support allows Span d.d. to be exempt from paying corporate income tax from 2015 to 2025, for 50% of the amount of the tax base, up to the maximum threshold in the amount of the total investment according to the Investment Promotion Act (ZOPI). In December 2021, Span d.d. applied for the use of a new round of supports named Investment in expansion of the research and development capacity and capacity for the delivery of IT solutions project. We got a positive decision on 25 February 2023 based on which the Company accomplished additional 50% relief of the tax rate. Thus, Span d.d. ensured that by 2025, i.e. by the utilization of the maximum threshold of the investment, it has a current corporate income tax rate of 0%.

Due to the reorganization changes as a result of the merger, Ekobit had an obligation to return the used tax support for the 2021 – 2023 period. The remainder of the unused deferred tax assets was reduced accordingly.

Equity and reserves

The total equity and reserves of the Group increased by EUR 3,431 thousand. The increase results from the profit of the current period, and the revaluation of the business facility owned by the Company.

Long-term and short-term liabilities.

Total long-term liabilities decreased by EUR 1,095 thousand. Long-term liabilities decreased due to the transfer to shortterm ones, related to the acquisition of GT Tarkvara.

Short-term liabilities increased primarily as a result of the increase in liabilities to banks and suppliers.

The current liquidity ratio points to the ability of the Group to settle its short-term liabilities.

2.3.5. Cash flow

The Group recorded positive cash flows from operating activities.

Negative cash flow from investment activities was a result of the payment of the second instalment for the acquisition of GT Tarkvara and acquisition of the remainder of the Bonsai's and Trilix's business shares. The positive cash flow from financial activities mostly resulted from the withdrawal of short-term loan frameworks in order to bridge liquidity.

Span d.d.

Current Assets, Current Liabilities and Working Capital Span Group

In thousands of EUR	31.12.2023	31.12.2024	31.12.2023	31.12.2024
Current assets	46,609	54,956	22,969	30,077
Current liabilities	38,329	44,910	22,907	28,817
Working capital	8,280	10,046	62	1,260
Current liquidity ratio	1.22	1.22	1.00	1.04

Span d.d.

	31.12.2023	31.12.2024
	2,107	5,522
	4,832	8,994
	(2,725)	(3,472)
	27,082	29,840

- -

Net debt Span Group

In thousands of EUR	31.12.2023	31.12.2024
Short-term and long-term loans	2,107	5,522
Cash and cash equivalents	14,379	24,368
Net debt	(12,273)	(18,846)
Total equity	30,423	33,853
Net debt and total equity ratio	-	-

Span d.d.

In thousands of EUR	2023	2024	2023	2024
Net cash from operating activities	6,009	11,772	4,324	3,320
Net cash used in investment activities	-6,881	-2,943	-10,495	-530
Net cash used in financial activities	-3,564	1,159	-3,209	1,372
Net increase / decrease in cash and cash equivalents	-4,436	9,988	-9,380	4,162

Span Group

Net cash used in financial activities -3,564 1,159
Net increase / decrease in cash and cash equivalents -4,436 9,988

Cash flow

2.4. Risks

Span has established and maintained a risk management system on the level of the Company in order to connect strategic goals and risks with the operative risks and in this way manage the operations in the best possible way. By late 2022, the Company started the implementation of the risk management system according to ISO 31000 standard. The standard contains recommendations and good practice in the area of risk management

and there is no official ISO certificate for it.

The Risk Management Policy26 was defined, applying to all temporary, occasional and permanent employees of Span, depending on defined roles and responsibilities. The policy specified competences, responsibilities and principles.

The risk assessment frequency and reference to the Risk Appetite document were defined.

It is specified that Span will accomplish its business goals offering products and services while taking taking into account:

Maintenance and respect of high ethical standards of operation and sustainability (ESG).
Preservation of long-term financial profitability and business sustainability of Span.
Protection of interests of customers and

ensuring decent treatment by providing high quality services.

• Ensuring operations in full compliance with the legislation and regulatory requirements. • Maintaining the internal control system in order to preserve and maintain continuity and security of operation.

Furthermore, a document with the context of the influence of the main shareholders was created, as well as Risk Appetite27, and the Risk Management Methodology, elaborated based on the previous Information Security Management System methodology.

A further progress in risk management was achieved in 2024. Through activities of identification, training and education, and the systemic application of controls, the Company created an environment that encourages proactivity in facing risks.

The goal was to create a transparent risk management system suitable for risk processing in every domain of the operation of Span.

Based on the probability of occurrence and the potential reach of negative impacts of the operations, the financial condition and results of the operation of the Group, the following risks were identified:

26 Created on 30 November 2022, and the actual version is from 6 November 2023. 27 The Management Board of the Company adopted the Risk Appetite Statement on 23 March 2023, which defined the appetites of operative, reputational and financial risks, as well as compliance risk in accordance with strategic guidelines.

The risks were distributed by categories depending on their nature, and they can be mutually connected. There is a possibility of the occurrence of additional risks that could influence the operations, financial condition and results of the operations of the Group, if they were realized, but they are currently not known or they are not considered key risks at the moment.

2.4.1. Financial risks

Risk of the susceptibility of the profitability of the Group, its operating results and working capital to significant fluctuations

The operating results of the Group can be influenced by the fact that the operations on which the Group makes a significant part of its revenues are not contracted for the long term and thus there is no certainty that the Company will make revenues of these jobs in the long run. Customers are not obliged by volume commitment. Revenues of the Group based on license subscription are relatively stable in the short term (excluding the effects of potential foreign currency fluctuations), but in the long run, they can vary due to the pace of the IT industry and market in which the Group operates. However, low margins in relation to license subscription reduce the effects of the concerned revenues on the profitability of the Group. With a strong focus on long-term growth and investments oriented to strengthening the capacities for growth of the Group, the Group expects the profitability and the working capital to vary on quarterly and annual level.

Foreign currency risk

Span Group operates on an international level and is exposed to the foreign currency risk that arises from changes in the exchange rate of foreign currencies. The most significant risk is the one related to the change in the exchange rate of the US dollar (USD). The risk is mostly present in relation to the conversion costs USD - EUR and Ukrainian Hryvnia (UAH) – USD. Exchange rate changes between the aforementioned currencies may have an impact on the operation results and future cash flows of Group companies. The company has concluded an agreement on derivative financial instruments for protection against exchange rate risk. More detailed description can be found in the audit report under note 37. Financial instruments.

Accounts receivable risk (credit risk) Accounts receivable risk (credit risk) is a risk of a customer's failure to pay, i.e. default by the customer concerning the contracted liabilities, which impacts possible financial loss of the Company or the Group. To reduce the accounts receivable risk, the Group adopted a policy of operation only with creditworthy customers, obtaining collaterals securing the collection and securing the claims. The exposure of the Group, credit worthiness of the customers, and orderliness in meeting the contracted obligations of customers towards the Group is continuously monitored. More detailed description can be found in the audit report under note 37. Financial instruments.

Liquidity risk

Liquidity means the maintenance of sufficient quantities of cash and working capital and ensuring adequate financial instruments in form of credit lines. The liquidity risk itself relates to a case where the Group cannot meet its due financial liabilities on time due to the lack of its own cash, shortage of available assets on the cash market or impossibility of crediting by financial institutions. The Management Board has responsibility for the liquidity risk management, and it has set up an appropriate framework for the liquidity risk management by which it is guided in the management of the short-term, medium term, and long-term requirements of the Group for funding and liquidity. The Group manages the liquidity risk in a manner that it maintains adequate reserves and credit lines, constantly oversees the projected

and actual cash inflows and outflows and adjusts maturity of the financial assets and financial liabilities. More detailed description can be found in the audit report under note 37. Financial instruments.

Interest rate risk

The Group is exposed to interest rate risk because the Company and its affiliated companies are debited at fixed and variable interest rates. The Group manages the stated risk by maintaining an appropriate borrowing ratio with the fixed and changing interest rate. More detailed description can be found in the audit report under note 37. Financial instruments.

Risk of over-indebtedness

The risk of over-indebtedness is expressed in the too high level of debt that adversely affects the financial stability. The Group monitors its status of over-indebtedness and manages the risk of over-indebtedness through the indicators of the level of indebtedness.

2.4.2. Legal risks

Risks related to the protection of personal

data and intellectual property Within their operations, the members of the Group process the personal data of participants (e.g. employees, clients, business partners and third persons, such as job candidates). Obligations concerning processing personal data differ depending on whether the members of the Group process them in the role of the controller or in the role of the processor. GDPR and the Croatian Act on the Implementation of the GDPR, i.e. national and other regulations on data protection according to the territorial application for different members of the Group, provide for regulations in accordance with which the members of the Group act in relation to personal data, and competent bodies, primarily Croatian Personal Data Protection Agency (AZOP) in Croatia, monitor the compliance with the said regulations. Risks arising from this area are primarily related to potential incidents that could result in personal data leak, and improper handling of personal data. Span mitigates the above focusing on technical and organizational data protection measures, such as ISO certification, regulations governing data processing, implementation of security solutions, use of verified applications owned by reputable companies, presentation of material related to personal data protection to employees, etc.

The Group encounters different forms of intellectual property of its partners and customers through its operation. There is a risk posed by possible violations of the intellectual property rights specific for the operation of the Group, such as the use of the source code and IT products contrary to the terms and conditions from the license and the use of open source solutions contrary to restrictions set by the clients of the Group. An additional risk is reflected in unauthorized and/or improper use of intellectual property of partners and clients, in particular the use of different types of trade marks during marketing and similar activities. Span makes sure to prevent mentioned risk by coordinating teams in consultation with the legal team, and informing interested internal stakeholders about specific provisions of certain contracts. A risk is also posed by potential and successful cyber attacks directed at personal data. The very perception that a threat or violation of personal data has occurred, whether the danger is real or not, can significantly disturb the business reputation and make future operation of the Group difficult.

Risk of change of regulations and regulatory risk

Given that the Group does business in the international markets, it is subject to the risk of change of tax regulations in a manner that would adversely affect profitability of the operations of the Group. This risk is also reflected through possible changes of tax rates as well as the subject of taxation. The presence of the Group in different jurisdictions implies different global and regional economic, political, legal, regulatory and operational risks, which instils additional complexity in the operation due to diversity of the rules applied, including regulations governing the access to and use of the Internet, data privacy and IT security, along with labor law and other issues in each jurisdiction where the Group operates. There is a risk that the Group will not be able to detect and/or prevent a breach of regulations, i.e. that the standards of control and risk management applied by the Group will not be implemented efficiently in all affiliated companies.

2.4.3. Risks related to the operation of the Company

Risk of exposure to cyber attacks

The Group, as well as the customers of the Group, are exposed to risks of cyber attacks and security threats. In its operations with customers, the Group is obliged to maintain systemic security, provide security patches and improvements, antivirus measures of protection against a malicious code, and ensure credibility of its own employees who cooperate with the customers of the Group. IT security breaches can lead to setbacks in the provision of services and/or functioning of the system controlled by the Group and to potential endangering of reliable information. Every year, the Group increases investments in order to better protect itself against risks of exposure to cyber attacks and security threats. One of the key services the Group provides to its clients are IT solutions related to cyber attacks and threats, which means that the Group has the required expertise to take the required precautions. Since cyber risks can critically impact the operation, the Group regularly carries out simulations, exercises and testing of crisis management plans, crisis communication, recovery and continuation of business in case of cyber attacks. We also evaluated the ability of the management team to make informed and timely decisions during crisis. We raise awareness of our management team and educate them about risks and the impact of ransomware or other cyber attacks. In addition, we implement extensive security training measures and training of our IT and security experts.

Risk of the loss of key employees and of the lack of skilled labor

Successful operation of the Group largely depends on its ability to retain and motivate the existing employees, but also the ability to identify and attract new professional employees required for a successful operation to key positions. A demand for IT experts has increased, and the labor market features a constant lack and increased turnover of IT experts on all levels of expertise. Therefore, there is a risk that the Group will not be able to respond adequately to the demanding pace of the labor market and timely engage the required additional employees or retain the existing ones, which could lead to distortion of competitive position of the Group or increased costs related to increased employment competition, which could consequently negatively affect the Group's operation. To maintain the quality of IT experts it employs, the Group organizes training for advancement and obtaining professional certificates required for the performance of specific IT services, demanded by technology partners on the one hand, and customers on the other. The Company recognizes the importance of continuous investment in knowledge and development of employees as the key element in preserving the competitive advantage. Compared to 2023, in 2024 additional 46 employees were certified, increasing the number of active certificates by 252. Thus it was achieved that as many as 67.53% of employees on technical positions hold active professional certificates. Global trends, such as increased employee turnover, can be seen in the operation of Span Group as well. In 2024, turnover rate amounted to 13.90% at Span d.d level, while it was a bit higher at the level of Span Group and amounted to 14.44% Despite these challenges, the Group managed to retain a stable total number of employees thanks to strategic employment of employees whose profiles best suit key business objectives, and development of priority competencies. Span Group is committed to further developing its human resources and providing a basis for sustainable development and successful operation in demanding IT sector.

Risk of business environment and political

risk

The risk of the business environment is determined by political, economic and social conditions in a country, and includes political, macroeconomic and economic risks. The political risk of a country includes all the risks related to a possibility for political instability, and in its extreme, includes the integrity and survival of the state. Risks of this nature are not present significantly relating to the Group, apart from the Ukrainian market, where Russian aggression and war are still taking place. The decline in revenues in Ukraine in 2022 was fully compensated in other markets and at the end of 2024, revenues in Ukraine accounted for 15% of the Group's revenues.

Supplier risk

Results of the Group largely depend on a possibility of sale of Microsoft program licenses and use of Microsoft solutions of operation in Cloud, which the services the Group renders to their customers are based on to a significant extent. Therefore, global acceptance of Microsoft programs and solutions in relation to operation in Cloud is a significant factor in the business model of the Group. Even though Microsoft IT solutions are widely prevalent, there is no guarantee that they will keep the current market position in the future so the risk of adjustment to fast changes in technology on the competitive market is applicable to Microsoft itself as well. The authorization of the Group for sales of Microsoft products to customers and the business requirements of the cooperation are related to the status of the provider of services of licensing that is based on a contract that is not exclusive and should be renewed on an annual basis for each geographic area where the Group sells Microsoft products. Successful cooperation of the Group with Microsoft also depends on a successful adjustment to business requirements of cooperation specified by Microsoft, which include various incentives in form of rebates, investments, marketing assets and other payments. The incentives Microsoft offers to its Microsoft LSP (Licensing Solution Provider) partners, including the Group, depend on whether a partner meets certain indicators of success such as the revenue growth in certain areas of products or services, finding new customers, acquiring certain Microsoft competencies and specializations, etc. Business requirements for cooperation are subject to annual changes, so if the Group is not able to adapt to those changes on time, this can result in a significant reduction of the received incentives and adversely affect the profit margins of the Group. The Group, a multiyear Microsoft partner with more than 30 years of successful cooperation, enjoys business trust, but there is no guarantee that the cooperation will continue equally successfully in the future. Finally, concerning Microsoft as a supplier, along with other IT companies whose products are used by the Group, one cannot rule out that the mentioned companies will offer their products and services directly at certain markets or to certain customers. Such a change of the business model of companies that can be considered suppliers of the Group could adversely impact the operation of the Group.

Reputational risk

Reputational risk is the risk of losing reputation and trust of users, suppliers, employees and other interest groups of the Group. It is manifested as a consequence of either operational, financial, or other previously mentioned risk. Occurrence and active lack of management of one of the mentioned risks can significantly affect the operation of the Group and its long-term financial position. Through implementation of the risk management system in accordance with ISO 31000 standard and internal coordination of all the Group's activities according to interest groups, the Group actively manages all the risks that could lead to the manifestation of this one.

Risk related to retaining the current and finding new customers and risk of concentration of key customers

The operation of the Group depends on its ability to keep and expand the cooperation with the current customers through cross-selling and up-selling, and successfully attracting new customers. Growth of revenues of the Company depends on the growth of sales to the current customers through an increase of the number and types of services rendered, which makes the retaining of the existing customer base especially important. A significant category of users of the Group, as per their share in the revenues, is made up of customers of the Microsoft licenses that are by rule renewed annually. However, customers are not obliged to renew their subscription after the expiry of the contracted duration of a license, therefore we cannot be certain that after the expiry, those same customers will renew the subscription for a license. In addition, we are exposed to the risk of the concentration of key users. The risk is reflected in the concentration of revenue in relation to customers that belong to one business group given that a possibility cannot be ruled out that they can cease to use the services of the Group for any reason, or to continue to use them to a lower extent.

Competition risk

Markets in which the Group operates are highly competitive and are characterized by fast changes in technology and frequent introduction of new products and services. Future profitability of the Group significantly depends on the successful improvement of its solutions and implementation of new services, and on efficient interoperability between an increasing number of operative systems, applications and software solutions. There is no guarantee that the future effort of the Group to be harmonized with the current requirements of the market will be successful. Any belatedness in adopting new technologies, which would result in the lack of competition, would reflect adversely on the business results of the Group. Moreover, it is possible that competitor companies will meet the requirements for changes in the IT technologies in the future more efficiently, and in that way jeopardize the profitability of the operation of the Group. Even though the Company is among the leading companies in its industry, there is a risk that some of the current competitors could make a high financial investment and launch an attempt to take over users or employees of the Group. Given the trends of consolidation in markets where the Group competes, some of the global competitors are also likely to try to access the market.

Maintenance of the continuity of operation risk

The total operation of the Group depends on the possibility for proper functioning of its own IT infrastructure and ability of the Group to protect it in case of unpredictable events (continuity of operation). Smooth functioning of its own IT systems is a prerequisite for regular operation and the foundation of trust the customers have in the Group's services. Besides, technology used by the IT infrastructure is susceptible to difficulties in functioning caused by the human factor, delays in the supply of electricity, systemic errors, telecommunication problems, natural disasters, and similar events that can cause significant obstructions in regular operation of the Group and cause violations of the assumed contractual obligations, if the Group cannot eliminate them within a reasonable time span. The Group uses the IT infrastructure of renowned global technological companies such as Microsoft Corporation, Cisco Systems, Amazon Web Services, Google and others and has backups of all important data, which is not stored at one location. Furthermore, the Group also uses the IT infrastructure of third persons that it does not control, such as services of operation in Public Cloud, i.e. the operation of the Group is largely dependent on proper functioning of the infrastructure concerned and the connection with customers of the Group. IT infrastructure risks that can significantly impact the continuity of operation and the achievement of business objectives are identified in the business impact analysis. Also, based on the Business Continuity Plan, Disaster Recovery Plans are created for all the higher importance risks. Each of the plans was successfully tested, and Span demonstrated its compliance with ISO 22301 standard – Business continuity management system.

People and community

3.1. Human resource excellence

In 2024, Span worked intensively on strengthening and development of its human resources, recognizing the importance of employees as an essential resource for long-term success and sustainability of organization. Our commitment to quality human resources management was proven by the fourth Employer Partner certification in a row, whereby we were included in the list of Top 10% Employer Partners according to Selectio methodology. Our expertise was endorsed in the categories of Impact, Satisfaction and Future, clearly indicating a positive impact of HR activity on business success and our commitment to sustainable business.

3.2. Development of leadership positions in Span

In order to improve management processes and increase the efficiency of organization, in 2024 we launched a comprehensive project of development of leadership positions, including the analysis of job descriptions and design of leadership competencies. Furthermore, the implementation of a digital performance monitoring framework through SAP module Performance & Goals will enable better monitoring of individual contributions of employees, and ensure alignment with long-term plans of the organization. These activities present a direct response to identified risks, such as loss of key employees, opposition to changes and reduced productivity, thus ensuring stability and resilience of organization.

3.3. Successful integrations and promotion of organizational values

Merger of affiliated companies Bonsai and Ekobit with Span in 2024 was carried out while ensuring continuity of operation and transparent communication with all of the stakeholders. Data transfer, digitization through the internal SAP system and reorganization of the business structure were

carried out while preserving the operational continuity in full. During the entire process, particular attention was paid to communication with employees, investors and business partners, ensuring transparency and trust. In 2024, we worked intensively on bringing GT Tarkvara closer to its parent company through strengthening HR support and process standardization. The above-mentioned processes further reinforced our organizational structure and demonstrated the ability to successfully manage changes, reducing the risks such as inconsistent organizational values and employee resistance.

3.4. Successful cooperation and enhancing the relationship with the academic and IT community

Span continued with activities concerning development of future experts through cooperation with the academic community again this year. Through participation in expert conferences, events and workshops, as well as through conducting professional practices

such as Span IT Gym, we are building a relationship between education and industry. Youth employment and development of their skills has been a particular focus, thereby responding to circumstances related to lack of skilled labor and improvement of diversity.

3.5. Span for the education of tomorrow

Span has been actively supporting STEM education for years, recognizing the importance of investing in the youngest generations and fostering scientific development. Span has been supporting the "STEMwave – School of

the future" project that provides the latest knowledge from the industry within school programs of artificial intelligence, robotics, video game development and citizen of the future. Also, Span's cooperation with the charity association RTL pomaže djeci has now developed into a tradition. So, in 2024, we implemented three projects together. First project involved The Lipovljani Technical Culture Club, a non-profit organization dedicated to educating children and young people in robotics, computer science, photography, and aeromechanics. In our second project, we secured funding for Children's Creative Center DOKKICA. In particular, we secured funding for an innovative learning system called Play Attention that helps children

build skills important for personal success and success in school. In our last project of 2024 we secured funding for the new STEM laboratory "Dandelion's research center in nature" for Sisak Novi nursery school. This innovative space allows children to foster love for science through research and playing games.

3.6. Taking care of employees' health and well-being

LifeSpan program concerning the health and well-being of employees consisted of a number of initiatives this year. Activities

such as Fit Happens, participating in B2Run races and lectures concerning the protection of children against violence further contributed to achieving balance between work and private life of employees, helping prevent stress and burnout at work.

Our commitment to these initiatives was proven by the recertification of Health-Friendly Company status, ensuring long-term motivation and engagement of employees and reducing the risks related to mental health and efficiency.

3.7. Span volunteers: the power of knowledge and community

In the past several years, Span has been implementing two types of corporate volunteering – volunteering based on skills and volunteering actions.

Using expertise, know-how and technology at our disposal, we improve the work of associations and contribute to the development of the civil society in Croatia. In 2024, we collaborated with Krijesnica, an association that has been helping those affected by malignant diseases for almost 25 years. Our experts have extensive knowledge in the fields of automation, licensing, and Microsoft education – all areas in which we could help the association have even more time for their users. The entire project team involved in corporate volunteering worked on this project alongside their standard jobs.

In addition, we carried out a volunteering action in collaboration with Volunteers' Center Zagreb and the Park Home for the Elderly, where we arranged the joint areas of the home.

3.8. Global partnerships for local development

Span has been a member of UN Global Compact and Croatian Business Council for Sustainable Development since 2023. The

inclusion of Span in the initiatives and organizations that actively promote and encourage the business sector towards accomplishing the goals of the sustainable development and achieving corporate sustainability is essential because it gives us an opportunity to contribute as a company to raising the awareness about sustainable development.

This year's Sustainable Development Conference organized by the Croatian Business

Council for Sustainable Development was named "Initiating Circularity for Sustainability". At the conference, HR business partners Paulina Degiuli and Melita Ferjanić presented their work "Reboarding – Support for women returning to work after maternity and paternity leave."

In addition, cooperation with Croatian Business Council for Sustainable Development continued through organizing training for all the directors and managers of Span, and it was attended by the Management Board of Span as well. The requirements of the Corporate Sustainability Reporting Directive, with particular focus on the provisions regarding Reporting Standards (ESRS) were presented at the workshop.

Key indicators for employees and operations of Span Group

8) Share of women in managerial positions

Women account for 28.87% of managerial positions in Span Group, while that share amounts to 32.14% in Span d.d. Also, four women were promoted to managerial positions in 2024.

4) Age structure of employees

1) Overview of number of employees over years

3) Overview of employees by business segment

2) Share of employees by country

9) Employee structure according to the degree of education

10) Share of certified employees

11) Employee turnover

Processes and technology

We started 2024 with seven certified management systems compliant with the ISO standards:

ISO 9001 Quality management system (QMS)
ISO/IEC 27001 Information security management system (ISMS)
ISO/IEC 20000 Service management system (SMS)
ISO 14001 Environmental management system (EMS)
ISO 50001 Energy management system (EnMS)
ISO 37001 Anti-bribery management system (ABMS)
ISO 22301 Business continuity management system (BCMS)

In January 2024, we successfully completed a control audit for our anti-bribery management system according to ISO 37001. At the beginning of March, we successfully performed external control audits for ISO 9001 (Quality management system) and ISO/IEC 27001 (Information security management system). In March, we additionally successfully carried out a control audit for our business continuity system according to ISO 22301, which is a very important progress in supporting our key business processes. In September, we were the first in Croatia to be certified for the artificial intelligence management system according to ISO/IEC 42001 standard. We continue to maintain the existing management systems and implement new ones. We finished the year with eight certificates:

ISO 9001 (Quality management): Maintaining the strong system of quality management since 2006, we continue to support and improve our dedication to providing exceptional products/services, ensuring satisfaction of customers and continuous improvement.

ISO 27001 (Information security management): Since 2011, our practice of information security management has developed, complying with the latest standards so that we can secure integrity, reliability and availability of data. This experience will help us adjust to the NIS2 Directive in the following years, and we are developing competencies for assisting our customers in the adjustment.

ISO 20000 (Service management system): With the certificate obtained in 2012, our service management practice has consistently

5.1. ISO standards

met the international standards, ensuring the effective delivery of services.

ISO 14001 (Environmental management) and ISO 50001 (Energy management): Obtained in 2021, these certifications emphasize our commitment to environmentally sustainable practice and energy effectiveness, contributing to a greener future.

ISO 37001 (Anti-bribery management): Implemented in 2022, this certification strengthens our dedication to operations in an ethical and transparent manner, preventing bribery and corruption. In line with ISO 14001 and ISO 50001, this system significantly helps us comply with the ESG initiative, one of a few strong regulatory guidelines in the next few years.

ISO 22301 (Business continuity management): We successfully implemented and certified

this system in early 2023. Our business con-
tinuity management system ensures resil-
ience to disruptions, preserving key business processes and trust of the customers.

ISO 42001 (Artificial intelligence management): We were the first in Croatia to be certified for the ISO/IEC 42001 standard, an international standard that defines the requirements for an artificial intelligence management system. The standard is based on best practices that ensure the ethical, safe and effective use of AI technologies. Through certification, Span confirmed owning the processes and resources enabling the management of the entire life cycle of AI solutions – from development to implementation and monitoring.

Implementation of ISO 31000 recommen-

dations:

During 2022, 2023 and 2024, Span d.d. implemented ISO 31000 Recommendations, improving risk management practice. This integration ensures a proactive approach to recognition, assessment and mitigation of risks in all business functions. By adopting these systems, we have enabled: • Risk and opportunity management.

- Improving the quality of our products/services. • Better organization of internal processes.

Adequate protection of information in accordance with their sensitivity.
Managing the environmental impact and energy efficiency.

2015

Compliance with best global practice.
Independent proof of the strategic focus on the structure of our processes.

As we are always strongly committed to excellence, the proactive maintenance of our management systems reflects our orientation to continuous improvement, ensuring the highest standards of quality, security, responsibility to the environment and total operational resilience.

tions that can adequately respond to modern-day challenges in business.

In 2024, Microsoft recognized Span as Partner of the Year for Croatia, awarding the Company for extraordinary results in the implementation of Microsoft technologies. What particularly stood out was the successful implementation of Microsoft 365 and Microsoft Azure solutions, as well as Microsoft 365 Copilot scenario, which significantly improved the productivity and security standards of users.

In addition, Span concluded a partnership agreement with Radiflow, a renowned company in the area of OT security, which further strengthened cooperation in the matter of cyber security and providing innovative solutions for the protection of critical infrastructure and industrial control systems.

This year, Span is also recognized as Hewlett Packard Enterprise (HPE) Gold Partner, which is another recognition of our extreme dedication and excellence in the area of hybrid cloud, with tested quality products and services of the IT infrastructure.

Span was also recognized as Aruba Gold Partner, and received a prestigious HPE Aruba

5.2. Partnerships

In 2024, Span renewed all six Solutions Partner for Microsoft Cloud platform statuses, thus further confirming its expertise and credibility as Microsoft partner. Holding these statuses and possessing advanced specializations means Span regularly goes through validation and certification processes, guaranteeing a high level of expertise and reliability in the delivery of complete solutions to its users.

Span continuously develops its competencies within Microsoft ecosystem, integrating its solutions and services with Microsoft platform, with a special focus on artificial intelligence and cyber security. This approach provides Span's users with innovative soluNetworking Champion of the Year recognition on HPE Intelligent Data conference in March 2024, thereby further confirming own expertise in the area of network solutions. These recognitions and partnerships are a reflection of Span's continuous dedication to providing premium technologies and solutions that help organizations tackle challenges around modern business environment, with a particular focus on innovations, security, and optimization of business processes.

5.3. Code of Business Conduct

Span is one of the leading Croatian IT companies. We have devoted more than 30 years to software development, and service and system integration. Our work is guided by the principles and standards mentioned in the Code of Business Conduct, which we adhere to in all our interactions with customers, partners, employees and the wider public.

We have achieved our position on the market based on solid professional and ethical foundations, and are resolved to make all future business decisions in accordance with all legal requirements and moral principles. We, therefore, expect all our employees and

partners to commit to honest business practices and behaviour in accordance with our core values. We are growing according to all business parameters year after year – Span Group is currently employing over 850 people and is constantly increasing that number. 495 of our employees have been awarded one or more professional certificates.

Thus, the Code of Business Conduct is an expression of Span values that reflects the principles and policies that govern our business, and provides concrete guidelines for employee and partner behaviour. We believe that strong corporate governance requires transparency and trust of all stakeholders. Therefore, our governance principles, in addition to compliance with rules and regulations, emphasize the need for socially responsible business conduct and the application of our core values in relationships with partners, employees, and customers.

Our Code applies to Span and all its affiliated companies (Span Group), all our employees and business partners, including users, suppliers, consultants, external associates, shareholders and other business partners appropriately associated with Span in accordance with local legal requirements and regulations.

Sustainability Report

6.1. General information (ESRS 2)

BP-1- General basis for preparation of sustainability reports

Sustainability Report of Span d.d. (Company/ Span) and its subsidiaries (together: Group/ Span Group) for 2024 has been prepared in accordance with the Act on Accounting (Official Gazette no. 85/24, 145/24), and European Sustainability Reporting Standards (ESRS) under Corporate Sustainability Reporting Directive (CSRD). Also, the Group has included information from Article 8 of the Regulation (EU) 2020/852 (Taxonomy Regulation) in this report. Information required by the Taxonomy Regulation can be found in the topical part of the report related to the environment (page 146). Sustainability report is drawn up on a consolidated basis. The scope of consolidation is the same as for the financial statements. Number of subsidiary undertakings included in the consolidation can be found in Note 21.1 of the Company's annual financial report. Report has been prepared at the level of Span Group for the financial year concluded on 31 December 2024. Information provided relates exclusively to Span and, where applicable, its value chain and business relations. No subsidiary undertakings were exempted from consolidated sustainability reporting pursuant to Article 29a of Directive 2013/34/EU.

Sustainability report includes information on the material impacts, risks and opportunities connected with the undertaking through its direct and indirect business relationships in the upstream and/or downstream value chain, which is the result of double materiality assessment (DMA) in 2024. While preparing this report, expectations of our stakeholders were taken into account, as well as passive involvement of our stakeholders in terms of publicly available information (sectoral analysis – publication of existing sustainability reports of our business partners) in order to take into account impacts from upstream and downstream value chains through passive inclusion, making sure we address issues of utmost importance to them. No relevant information was exempted for reasons related to confidential and sensitive information, as well as information about intellectual property, knowledge and experience or innovation performance.

BP-2 - Disclosures in relation to specific circumstances

Span Group decided to make use of the transitional provision under Chapter 10.2 ESRS 1. To calculate Scope 3 GHG emissions related to our suppliers and users, we used indirect sources such as average industrial emission factors; they are therefore subject to high uncertainty of measurement (> 50%). Data was collected for categories 3-1: Purchased goods and services, 3-2: Capital goods, 3-3: Fuel and energy-related Activities, 3-4: Upstream transportation and distribution, 3-5: Waste generated in operations, 3-6: Business traveling, 3-7: Employee commuting, 3-9: Downstream transportation and distribution. To calculate emissions, generic emission factors from relevant emission factors databases were used, such as: Croatian emission factors database, ADEME, Exiobase, DEFRA, etc. For more details, see topical chapter: Environmental information, greenhouse gas emissions (E1-6).

We are dedicated to continuous improvement of accuracy, and in the future we hope to obtain emission factors for goods purchased from suppliers, make agreements with all the transport companies to submit the quantity of fuel used for the transport of goods and capital goods, obtain specific emission factors for waste categories from waste disposal companies, and increase turnout in the survey concerning employees' means of arrival to work. Given that this is the first reporting period conducted under ESRS, all the previous information related to sustainability is not directly comparable with the current report, nor was it revised. This non-comparability derives from differences in methodologies used in previous reports, compared to standardized approach under ESRS. List of data in cross-cutting and topical

standards that derive from other EU legislation are shown in the table on page 198 (Appendix B from ESRS guidelines).

List of the Disclosure Requirements complied with in preparing the sustainability statement, following the outcome of the materiality assessment, including the page numbers and/or paragraphs where the related disclosures are located in the sustainability statement are shown in the table: List of the Disclosure Requirements complied with in the Sustainability report of Span Group.

ESRS 2 – General information	124		Included in disclosures
BP-1- General basis for preparation of the sustainability statement	124	MDR-P – Policies adopted to manage material sustainability matters	related to policies in the thematic
BP-2 - Disclosures in relation to specific circumstances	124		standards Included in
GOV-1 - The role of the administrative, management and supervisory bodies	128	MDR-A – Actions and resources in relation to material sustainability matters	disclosures related to policies in the
GOV-2 – Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies	131		thematic standards Included in disclosures
GOV-3 – Integration of sustainability related performance in incentive schemes	131	MDR-M – Metrics in relation to material sustainability matters	related to policies in the thematic standards
GOV–4 – Statement on due diligence	132		Included in disclosures
GOV–5 – Risk management and internal controls over sustainability reporting	132	MDR-T - Tracking effectiveness of policies and actions through targets	related to policies in the thematic
SBM-1 - Strategy, business model and value chain	132		standards
SBM-2 - Interests and views of	135	Environmental information ESRS E1 – Climate change	146
stakeholders		EU Taxonomy Disclosures	146
SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model	137	E1-1 Transition plan for climate change mitigation	152
IRO-1 – Description of the process to identify and assess material impacts, risks and opportunities	141	ESRS 2 SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model	152
ESRS 2 IRO –1 E1– Description of the	143	E1-2 - Policies related to climate change mitigation and adaptation	152
process to identify and assess material impacts, risks and opportunities related to climate change		E1-3 – Actions and resources in relation to climate change policies	153
ESRS 2 IRO –1 E2, E3, E4, E5 – Description of the processes to identify and assess		E1-4 - Targets related to climate change mitigation and adaptation	153
material impacts, risks and opportunities related to pollution, water and marine	145	E1-5 – Energy consumption and mix	153
resources, biodiversity and ecosystems, resource use and circular economy		E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions	154
ESRS 2 IRO –1 G1– Description of the processes to identify and assess material impacts, risks and opportunities related to business conduct	145	Social information ESRS S1 – Own workforce	161
IRO-2 – Disclosure requirements in ESRS covered by the undertaking's	145	ESRS 2 SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model	161
sustainability statement		S1-1 – Policies related to own workforce	163

S1-2 – Processes for engaging with own workers and workers' representatives about impacts	167
S1-3 – Processes to remediate negative impacts and channels for own workers to raise concerns	168
S1-4 – Taking action on material impacts on own workforce, and approaches to mitigating material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions	170
S1-5 – Targets related to managing material impacts, advancing positive impacts, as well as to risks and opportunities	180
S1-6 – Characteristics of the Undertaking's Employees	180
S1-9 – Diversity metrics	181
S1-16 – Remuneration metrics (pay gap and total remuneration)	181
S1-17 - Incidents, complaints and severe human rights impacts	181
ESRS S3 – Community - Entity-specific disclosures	182
ESRS 2 SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model	182
S3-1 – Policies related to affected communities	182
S3-2 – Processes for engaging with affected communities about impacts	183
S3-3 – Processes to remediate negative impacts and channels for affected communities to raise concerns	182
S3-4 – Taking action on material impacts, and approaches to mitigating material risks and pursuing material opportunities related to affected communities, and effectiveness of those actions and approaches	182
S3-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities	182

List of the Disclosure Requirements complied with in the Sustainability Report of Span Group

ESRS S4 – Consumers and end-users	184
ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model	184
S4-1- Policies related to consumers and end-users	185
S4-2 – Processes for engaging with consumers and end-users about impacts	186
S4-3 – Processes to remediate negative impacts and channels for consumers and end-users to raise concerns	187
S4-4 – Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions	188
S4-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities	191
Governance information ESRS G1 - Business conduct	192
G1-1 Business conduct policies and corporate culture	192
G1-2 Management of relationships with suppliers	194
G1-3 Prevention and detection of corruption and bribery	194
G1-4 Confirmed incidents of corruption or bribery	194
G1-6 Payment practices	194
G1 – Company-specific disclosures	195
Development of security solutions for cyber attacks
Appendix B

List of datapoints in cross-cutting and topical standards that derive from other EU legislation 198

GOV-1 - The role of the administrative, management and supervisory bodies

Composition and diversity of the administrative, management and supervisory bodies

	Number
The number of executive members (Management Board)	3
The number of non-executive members (Supervisory Board and subcommittees)	11

More information about the corporate governance structure can be found on page 22.

Experience relevant to the sectors, products and geographic locations of the organization is issued in the Rules of Procedure for the Management Board, which is publicly available on Span's website.

Roles and responsibilities of the managing bodies

Role of the Management Board

Responsibilities of Span's Management Board are issued in the Articles of Association and elaborated in the Rules of Procedure for the Management Board in compliance with the provisions of the Conflict of Interest Management Policy. The Management Board operates on the principles of transparency, efficiency, setting clear boundaries between authorisations and responsibility, implementing supervisory mechanisms, all while taking care of sustainability and improving business. Also, the Management Board manages business independently, without any dependency on other bodies. Management Board members must not conduct tasks which influence Span's business for their own or somebody else's gain, must not be members of the management board or supervisory board of the companies which conduct such activities, nor possess more than 5% share in such companies. Moreover, no transaction between members of the Management Board and Span (or persons associated with any party) can be concluded without prior consent of the Supervisory Board.

Joint arrangements of the Management Board are defined in the Rules of Procedure for the Management Board. These arrangements are of utmost importance for Span's business. Business management complying with all the relevant regulations and previously stated principles is thus ensured. A duty of business management while respecting prohibition of the conflict of interest is imposed on the members of the Management Board. The Management Board is also responsible for the implementation of Policy of Assessment of Span's Influence on the Environment and Community and Management of Associated Risks. When making business decisions, the Management Board takes into account impact on the environment and community, and considers, evaluates and manages impact on the environment and society. Likewise, it is responsible for monitoring impacts, risks and opportunities for the entire Span Group. The Management Board is involved in the DMA process, and it approved significant impacts, risks and opportunities recognized at the end of 2024. In the course of 2025, the Management Board will determine the strategy for monitoring and managing impacts, risks and opportunities for the entire Span Group that is not delegated to a specific position or committee at the Management Board level.

Members of the undertaking's administrative, management and supervisory authorities	Percentage (%)	The Board's gender diversity
Female	50	33.33% F
Male	50	66.67% M
Other*	0
*Gender as specified by the employees themselves
		Percentage (%)
Independent members of the Management Board		90.90

The Management Board manages business independently, without any dependency on other bodies. The Supervisory Board supervises business management and gives approval in specific cases. The Audit Committee and the Nomination and Remuneration Committee perform their duties as prescribed in the rules of procedure of those committees.

When it comes to sustainability, no member of the Management Board is a certified expert in this area, but member of the Management Board in charge of finances is responsible for the implementation of sustainability related activities. She regularly participates in weekly meetings in which she is briefed on current issues in this area. In order to comply with the new regulation and reporting method, all members of the Management Board took part in an internal training organized by the Croatian Business Council for Sustainable Development, where the requirements of the Corporate Sustainability Reporting Directive were presented in detail and obligations of the organization and processes to be established were described. With a view to ensure compliance with the latest requirements and practices in the area of sustainability, members of the Management Board continue their education.

Role of the Supervisory Board

Responsibilities of the Supervisory Board are defined in the Articles of Association of Span, the Rules of Procedure of the Supervisory Board, and the Policy of managing conflict of interest.

Within the framework of its competence, the Supervisory Board makes decisions, evaluations, opinions, gives approval of decisions made by the Management Board of Span which was provided for by the relevant rules. Gives orders to auditors and together with the Management Board determines decision proposals which are made by the Span's General Assembly. Members of the Supervisory Board act with great care, taking into account Span's interests, as well as interests of its shareholders, employees, creditors and other stakeholders. Supervisory Board is obligated to review the Annual Financial Report, Annual Business Report, Auditor Report on conducted supervision of Span's and Span Group's business, as well as a proposed decision on the disposal of profits and payment of dividends submitted by the Management Board. The Supervisory Board also gives prior consent to the policy of managing conflict of interest. Members of the Supervisory Board are prohibited from exercising activities in competition with Span. The Supervisory Board is responsible for supervising the implementation of Policy of Assessment of Span's Influence on the Environment and Community and Management of Associated Risks. It is authorized to organize meetings with external stakeholders when considered necessary for better understanding of matters important to Span. Span's Supervisory Board also has one employees' representative among its members. Role of the Audit Committee

The Audit Committee is responsible for monitoring the financial reporting process and submitting recommendations and proposals to ensure its integrity. It monitors the effectiveness of internal control and risk management systems, including effectiveness of procedures for approval and announcement of transactions between members of the Management Board and the Supervisory Board and Span, and it monitors internal audit. The Audit Committee monitors the statutory audit of annual financial statements and consolidated annual statements without breaching its independence. It examines and monitors independence of individual auditors or audit firms performing the audit. It discusses plans and the annual internal audit report, as well as significant plans related to this area. The Audit Committee is responsible for the selection of an audit firm, and proposes its appointment. Moreover, it reports to the Supervisory Board about the outcome of the statutory audit in accordance with additional report that the authorized auditor is obliged to submit to the Audit Committee, it explains how the statutory audit contributed to the integrity of financial reporting, and the Audit Committee's role in that process. The Audit Committee performs all duties in accordance with the applicable regulations, and all its responsibilities are defined in the Rules of Procedure of the Audit Committee.

The Audit Committee assesses the quality of internal control and risk management system at least once a year, with a view to appropriately identify and make publicly available the main risks that Span is exposed to, and to appropriately manage those risks.

Role of the Nomination and Remuneration Committee

The Nomination and Remuneration Committee is responsible for supervising the process of nomination of the members of the Supervisory Board and Management Board, so as to ensure transparency and decency. Its responsibilities are defined in the Rules of Procedure of the Nomination and Remuneration Committee.

Also, the Nomination and Remuneration Committee establishes the independence of independent members of the Supervisory Board, at least once a year assesses the composition, size, membership and quality of work of the Supervisory Board and Management Board, and gives recommendations to the Supervisory Board. It prepares the succession plan for re-appointment or change of members of the Supervisory Board and Management Board, adopts the plan and monitors the progress in achieving target percentage of female members of the Management Board and Supervisory Board. It considers the Management Board's policy on recruitment of senior management, gives recommendations to the Supervisory Board in relation to the remuneration policy for members of the Management Board and Supervisory Board. Once a year, it gives recommendations to the Supervisory Board in relation to remuneration the members of the Management Board should receive based on Span's business performance assessment and their personal performance, as well as contribution to the achievement of Span's results. It supervises the amount and structure of remuneration for the senior management and employees as a whole, it gives recommendations to the Management Board concerning the latter's policies, and it supervises the draw up of obligatory annual remuneration report for the approval of the Supervisory Board.

When we establish targets, administrative, management and supervisory bodies, as well as senior management will monitor the established targets related to material impacts, risks and opportunities. They will monitor progress in achieving those targets through notifications and reports of the department responsible for sustainable development and the compliance officer, which shall be given at the monthly meetings of the senior management and submitted to the Management Board at least once a year.

GOV-2 – Information provided to and sustainability matters addressed by the organization's administrative, management and supervisory bodies

Span adopted the Policy of Assessment of Company's Influence on the Environment and Community and Management of Associated Risks, whose implementation is the responsibility of the Management Board, and whose enforcement is supervised by the Supervisory Board. The ESG Department and the Compliance Officer shall report to the Management Board about the results and efficiency at least once a year. In addition, part of the Management Board was involved in a task force that actively participated in the development of Span's double materiality. Their involvement enabled a comprehensive consideration of key impacts, risks and opportunities, as well as future appropriate addressing of those impacts, risks and opportunities in organization's further actions. Also, administrative, management and supervisory bodies approved the material impacts, risks and opportunities defined for this reporting period.

When it comes to results and effectiveness of policies, actions, metrics and targets adopted to address them, the Management Board will establish a mechanism for their monitoring in 2025. The Management Board established the ESG Department that deals with development and coordination of the implementation of Span Group ESG Strategy, planning, leading and supervising ESG initiatives and projects, organizing and managing teams involved in ESG activities, drawing up and supervising ESG reports for internal and external stakeholders, as well as monitoring and analysing new statutory and regulatory requirements in the ESG area and ensuring compliance. ESG Department also works with different departments in order to integrate ESG standards into business processes and strategy, organizes training, workshops and campaigns for employees in order to raise awareness about ESG matters, and communicates with external stakeholders, including partners, users, auditors and regulatory authorities. ESG Department prepares guidelines and develops internal policies related to ESG. Person responsible for the management of the ESG Department reports to the Management Board member about the status of the activity on weekly meetings. Given the depth of the process, administrative, management and supervisory

bodies this year dealt with all the identified material impacts, risks and opportunities, and a detailed list can be found in the table "An overview of material impacts, risks and opportunities (IRO)" (see SBM-3). In the following periods, the Group will include identified material impacts, risks and opportunities during strategy monitoring, and in the risk management process.

GOV-3 – Integration of sustainability-related performance in incentive schemes and ESRS E1- ESRS 2 GOV-3

Span has a remuneration policy related to sustainability factors in place, but no specific targets related to material impacts, risks and opportunities were indicated for 2024. Also, climate change considerations are currently not included in remuneration of the members of administrative bodies. Same responses apply to the Remuneration Report of the members of the Management Board and Supervisory Board as they apply to the Remuneration Policy.

GOV–4 – Statement on due diligence

Pursuant to the requirements of the ESRS, Span Group initiated the implementation of the due diligence process related to ESG matters. In 2024, through double materiality assessment, we used OECD guidelines as a framework for assessing and managing risks and impacts within our value chain. Given the high level of uncertainty related to the available information, especially from our suppliers and partners, we relied on external sources and relevant analyses in order to ensure necessary due diligence in the process. In the next two years, we plan on implementing a formalized due diligence process in accordance with the international standards and guidelines in order to enhance monitoring and managing ESG risks and opportunities on our value chain.

GOV–5 – Risk management and internal controls over sustainability reporting

Span and Span Group apply relevant internal control processes to collect data and report about sustainability. The primary internal control processes relate to the 4 Eyes Principle, where one person is responsible for collecting/ entering the data, while the other is responsible for reviewing of that data. Additional control processes are implemented through approval system extending across several levels within the Group, the Management Board included. Moreover, we hire external experts in order to ensure the quality of assessment of specific input where necessary. Main risks identified when reporting about sustainability were completeness and accuracy of input data when drawing up the report, as well as the risk of lack of adequacy of assessments used. We believe that identified risks were minimized with the implementation of internal control processes. These processes are regularly reported to the Management Board member during weekly meetings dedicated to the topic of sustainability.

supply disruptions, and monitoring global trends and challenges. We use technology and data as the basis for delivering advanced solutions and services that allow for digital transformation of our users.

Span Group currently does not have identified sustainability-related goals in terms of significant groups of products and services, customer categories, geographical areas and relationships with stakeholders. We are

SBM-1 - Strategy, business model and value chain

For the description of key elements of our strategy that relate to or impact sustainability considerations, as well as the description of key elements of our business model and value chain, see Overview of operation on page 40.

Headcount of employees by geographical areas:

Croatia	776
Ukraine	32
Slovenia	28
Estonia	8
Azerbaijan	4
USA	2
Moldova	1
Georgia	1

Highly skilled and diverse workforce is the basis of our business, where we continuously invest in training, development and engagement of our employees. Financial resources ensure our stability and allow for further growth through reinvestments and smart capital control. Collaboration with shareholders, banks and business partners is crucial for our financial success. We maintain transparent and open relationships with financial partners in order to ensure stability and growth of our business. We also work with students, community and other stakeholders in order to ensure access to talents, as well as to provide support to our users and community that is necessary for our development and growth. Natural resources also play an important role in our business. Although we do not use water directly in our operations, we took water into account in our value chain. IT sector uses energy to supply power to data centers, maintain network infrastructure and support the development of software solutions, enabling high-quality services for our users. In order to ensure value chain continuity and resistance, Span is approaching risk management proactively, including identifying and mitigating potential

looking to establish goals that will be in line with our long-term plans and sustainability-related obligations. Pilot projects related to cloud, precisely to emission reduction are being developed at this moment. More about this can be found in the topical part "Environmental information E1-4". An overview of key activities in Span's value chain is shown in the diagram, as well as geographic areas in which Span operates:

SBM-2 - Interests and views of stakeholders

– Enhancing user satisfaction and improving products and services offered

– Protection of business information related to user

and/or its employees and business partners

									Key stakeholder Method of engagement	Purpose and outcome of engagement
	management Waste	electronic waste Disposal of	other waste Disposal of	Circular economy Water discharge activities			workers in the own workforce Human resources: value chain • •		Users – A year-round dialogue through sales, marketing and costumer support teams – Collaborating with users on product development and responding to users'	and services offered – Protection of personal data of users – Protection of business information related to user
Downstream	Clients and end users	Original equipment manufacturers	Direct clients						questions about sustainability through questionnaires – Compliance with the Corporate Governance Code of the Zagreb Stock Exchange	and/or its employees and business partners – Maintained business continuity
	Partnerships	(e.g., customer Value-added support and training) services				Dependence on resources	electricity for operation various sources of Natural resources: water for use • •		Employees – "Ask the Management" is the platform for open communication between employees and members of the Management Board – Employees' representative in the Supervisory Board acts as the employees' voice at the management level – Regular work climate assessment is an essential tool for understanding actual and potential impacts on labor force	– Attractive employment and career opportunities – Skills, talent and experience building belonging – Creating an environment where employees are engaged and feel a strong sense of belonging
									Suppliers and – Regular quality reviews, audits, surveys and partners collaborations	– Fulfilment of obligations towards suppliers in accordance with negotiated contract terms
Own operations	management and Software asset licensing	software asset Licensing and management								– Protection of sensitive information of suppliers, users – Protection of personal data of suppliers – Maintained business continuity
	Business solutions and development	business, Microsoft, and Span solutions Development of	Security Center, NIS security, Cyber Center, Cloud Companies in the Group outside Croatia 2, DORA Span Cyber Security Incubator Companies in the Group in Croatia Fintech Digital Services						Investors – A year-round dialogue through global program of events and meetings for investor relations – Regular engagement with analysts – Annual shareholder meeting	the Company and fully participate in the General Assembly – Protection of data and business secret – Protection of personal data of shareholders – Maintained business continuity
	IT security	Security Operations Cyber security,					Dodatne aktivnosti podrške (npr. HR, računovodstvo, financije, nabava)	Communities – Various programs of support for our communities around the world	– Availability of our products and services where necessary – Engagement of our employees in the community
					Span Azerbaijan Baku Span d.o.o. Ljubljana			Double materiality assessment (DMA)
	Cloud business	solution adoption monitoring, and migrations, and management, Preparation, innovations,				Span USA Chicagp Span LLC Kyiv	Span GT Tarkvara Span IT Chișinău Span LLC Tbilisi		Double materiality assessment is the fun -
				Trilix 2. 3. 1.		2. 3. 4. 1.	5. 6. 7.		damental tool that we use to listen to our
									stakeholders, and it helps us create long-term
									value. It includes a dynamic and proactive
									stance when it comes to environmental,
				finished electronics		Financial services		Intellectual capital	social and governance matters, enabling us
		Direct inputs	Manufactured	Packaging and Assemblers of distributors		Financial capital	Investments		to adequately address emerging risks and	sustainability-related actions.
	Tier 1		capital		Utilities Storage		Leasing		relevant problems. When conducting double materiality assessment, we take into account
Upstream									different sources, in order to cover topics
		components, parts,							from the IT industry material to our stake -
		Processing of raw production and	Reverse logistics/	Production of components, components,					holders. Impacts, risks and opportunities in
	Tier 2 & 3	and products materials, supply of	recycling	Delivery of parts, and parts, and products	products				environmental, social and governance matters
									that are significant from the point of view of

– Attractive employment and career opportunities – Skills, talent and experience building – Promoting diversity, equality, inclusion and sense of belonging

– Creating an environment where employees are engaged and feel a strong sense of belonging

– Fulfilment of obligations towards suppliers in accordance with negotiated contract terms – Reliability, financial stability and business continuity – Protection of sensitive information of suppliers, outsourcing partners and other business partners and users

– Equal treatment of all shareholders so they can access the Company and fully participate in the General Assembly

– Protection of data and business secret – Protection of personal data of shareholders – Maintained business continuity

– Availability of our products and services where necessary – Engagement of our employees in the community

double materiality assessment are assessed

through impact materiality and financial ma teriality. During the analysis, feedback and views of the relevant external stakeholders on impacts, risks and opportunities were taken into account. By including various views, we ensured a more comprehensive under standing of the matters considered material and relevant for our long-term strategy and sustainability-related actions.

Internal stakeholders involved are the rep resentatives of their departments, and their insights were taken into account as expert insights for a particular matter. Internal stake holders involvement was carried out through online surveys and focus workshops conduct ed in collaboration with external consultants. They evaluated 11 material topics representing the results of focus workshops. Significance of the impact, severity of the consequences and likelihood of the occurrence of an impact, as well as Span's performance in impact management were evaluated for each topic.

External stakeholders are involved through passive engagement activities, such as value chain mapping, benchmark analysis (peer companies, sector-specific material topics of GRI standards for reporting and agency rating), i.e. collecting material ESG information about stakeholders through reports and websites, as stated in EFRAG Materiality Assessment Implementation Guidance. External stakeholders, i.e. Span's largest suppliers and users are thus involved in the value chain, and are as such identified as key stakeholders. External stakeholders were also involved through interviews and focus groups. Our internal "owners" of individual departments and topics recognized their key stakeholders, which we then contacted directly, interviewed those who responded, and conducted focus groups with them and external consultants.

All the data obtained through such engagement is reviewed by the Management Board, which applies that data when considering new services and solutions. The Management Board is reported to regularly during dedicated sustainability-related meetings.

ESRS S1 - ESRS 2 SBM-2 – employees

Services management, technical support and Security Operations Center (SOC) are among the key pillars of our business, and so is their availability 24/7, 365 days a year. This high work intensity is applicable regardless of whether the systems were designed, developed and put into service by our organization or other suppliers. Together with technical support, we provide a comprehensive user protection from a wide range of cyber threats within SOC. This business model, although indispensable for quality and timely service, can significantly impact working conditions of employees, including potential stress, challenging working hours, and difficulties in maintaining work-life balance.

Although employees are not directly involved in framing Span's strategy, their views and feedback significantly impact the process of adaptation of business practices. A key source of such information is the regular work climate analysis in which employees rate the level of their satisfaction through 12 aspects, satisfaction with the management included. This assessment includes their opinion on how efficient the Management Board is in managing business policy, organization and communication within Span. Also, we examine employee satisfaction with working conditions, working hours, salary and work-life balance. Based on the results of the analysis and employee feedback, we introduce specific actions in order to improve working conditions. (More information about the actions can be found in the topical part "Information on social factors – S1"). In addition, employees are able to anonymously express their needs and interests through digital channel "Virtual Inbox", available on Viva Engage internal network. In order to further reinforce the engagement of employees in decision making, employees' representative was appointed a member of the Supervisory Board of Span for a four-year mandate at the end of last year. This way, Span incorporates own workforce perspectives into strategic processes and management.

ESRS S3- ESRS 2 SBM-2 – community

Span's positive impact on educational institutions and non-profit organizations stems from our expertise in providing infrastructure services, cloud solutions, cyber security, technical support, software and business solution development. Lectures and workshops that our employees teach in faculties, and know-how that they share are related to our business through specific technology topics and practices. In the collaboration with non-profit organizations segment, we develop applications using Microsoft Power Platform, thereby contributing to making their business more efficient by implementing our business solutions (read more on page 108). Although a direct adaptation of strategy is not the main goal for now, in the long term, activities with educational institutions and non-profit organizations can contribute to the adaptation of business models. Connecting with future experts and raising awareness about the importance of cyber security, we get recognized among students, which can lead to their employment and further development in the organization. These initiatives also foster innovations, and increase visibility and reputation in technological community. We actively collaborate with community representatives in order to understand their needs and integrate them into our business processes.

ESRS S4- ESRS 2 SBM-2 – users

Span puts consumers and end users (hereinafter: users) in the centre of its strategy and business model, ensuring their interests, views and rights are acknowledged through an integrated approach targeted at transparency, security and innovations. Regular interaction with users, including questionnaires, workshops and feedback from customer support allow for the acknowledgement of specific needs and opportunities to improve the services. This approach enables Span to adapt its solutions to specific demands of users, such as custom-made IT solutions and cyber security solutions. Span undertakes to protect the privacy and confidential data of users (that it has access to with a view to fulfil a contractual obligation), which is crucial for the IT industry. Implementation of cyber security standards and compliance with applicable legal requirements (e.g. GDPR) makes users trust Span's services. Therefore, our strategy and business model play a key role in mitigating material impacts on users. Implementing more stringent measures when it comes to data protection and

GDPR compliance helps reduce the risk of invasion of privacy and misuse of personal data. Furthermore, through its services, Span provides a safe and efficient approach to digital solutions to its end users, thereby contributing to the improvement of their digital rights and freedoms.

Span's business model and strategy are adapted in order to ensure compliance with applicable regulations and standards, and to protect the identified impact of data privacy, as well as users' rights. For example, privacy policy available on our website provides clear guidelines for collection, processing and storage of users' personal data. Also, we regularly educate our employees about the importance of privacy protection and data security, and we conduct internal audits in order to ensure compliance with our policies and procedures.

SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model

In the course of DMA, we identified and assessed a total of 41 impacts, and 30 risks and opportunities. As the result of double materiality assessment, we identified a total of 18 material impacts, risks and opportunities (IRO) – 11 material impacts, and 7 material risks and opportunities. Given the fact that Span Group does desk job only, no specific impacts on economy, society and environment by specific location were identified. Therefore, we don't have impacts defined for a specific subsidiary undertaking, but solely for the Group.

More information about material impacts, risks and opportunities (IRO) can be found in topical parts of non-financial statement (Environmental information, Social information and Governance information). These parts provide a comprehensive overview of how material impacts, risks and opportunities relate to our business, and how we plan on managing them.

			Location in the value chain			Time horizon
Sustainability matters and related IROs	I/R/O	Upstream	Own operations	Down stream	Short term	Medium term	Long term
E1 – Climate change mitigation – Scope 1&2&3 Impact on global warming with Scope 1&2 GHG emissions caused by the energy consumption for the purpose of company vehicles and desk jobs (electricity, air conditioning, etc.). Also, Scope 3 GHG emissions from the value chain (upstream and downstream).	Negative impact	X	X		X
E1 – Energy – Energy consumption In the IT industry, a large amount of electricity is used for cooling, heating, ventilation, air conditioning, lighting and equipment operation (computers, servers, etc.). Span uses non-renewable sources for primary energy consumption.	Negative impact		X		X
E1 – Climate change mitigation – sector specific (cloud solutions) Transition to cloud solutions reduces the use of individual servers, thus reducing total energy consumption and GHG emissions. Span's transition to such solutions optimizes the majority of business processes, from development and testing to creation and scaling, which can also help organization increase its agility, reduce costs and improve time to market on global level.	Positive impact			X	X
S1 – Equal treatment for all – Diversity Lack of equal treatment and opportunities for all (covering age, gender, culture), including equal pay – equal work, can negatively impact employee satisfaction and their performance. Span systematized its salaries, but unequal pay may still exist in specific circumstances.	Negative impact		X		X
S1 – Working conditions – Work-life balance Inadequate management of working days and days off can negatively impact employees and their mental health. This impact can be seen in employees doing shift work and night shifts, and Span operates in that way.	Negative impact		X		X
S1 – Other work-related right – Privacy Potential negative impact on employees through violation of data privacy.	Negative impact		X		X
S3 – Company-specific Span partners with educational institutions and thus makes a positive impact on local and wider community. Also, Span offers education opportunities and a possibility to increase digital competences of children in schools.	Positive impact			X	X
S4 – Information-related impacts for consumers and/or end-users – Privacy Non-compliance with GDPR can lead to the invasion of privacy of consumers and end-users, exposing their personal data to unauthorized access and misuse. It can result in identity theft, financial losses and	Negative impact			X	X

a sense of insecurity among consumers and

end-users.

Overview of material impacts, risks and opportunities (IRO): Location in the value chain Time horizon

Sustainability matters and related IROs I/R/O Upstream G1 – Management of relationships with suppliers including payment practices Positive impact on suppliers through better relationships that enhance cooperation, e.g. expansion of the product/service range of suppliers, open communication on improving the quality of suppliers' services and consistency in standards. Positive impact can be seen in all the locations where Span operates. Positive impact G1 – Supplier selection If the organization does not take into account social and environmental criteria in its supplier selection, it might be interpreted as supporting unsustainable and unethical practices. It can negatively impact the environment and society, and threaten the long-term sustainability of Negative impact G1 – Corruption and bribery – Prevention and detection including training Lack of efficient measures to prevent and detect corruption and bribery can result in unethical conduct within the organization. It can threaten the working culture and create an unfair working environment for Negative impact E1 – Climate change adaptation Given the importance of telecommunication networks for our core business, network infrastructure problems caused by the climate change (during severe weather conditions, such as flooding, fire) may result in disruption of service, leading to loss of revenue and/or unintended capital expenditures for the repair of damaged or Risk X X X

business.

employees.

	Own operations	Down stream	Short term	Medium	Long
				term	term
Positive impact	X		X
Negative impact		X	X
Negative impact	X		X
Risk X	X		X
Risk	X		X
Opportunity	X		X
Opportunity	X		X

jeopardized equipment.

S1 – Working conditions – Secure
employment
Loss of key staff holding strategic
positions may disrupt business operations,
prevent strategic initiatives and weaken
the organizational abilities, leading to
the decline of productivity, moral and
innovations within the organization.

S1 – Equal treatment and opportunities for

all – Diversity

Promoting equal opportunities to advance diversity and inclusion of women, which

may lead to higher employee retention rate and their increased satisfaction. S1 – Equal treatment and opportunities for all – Training and skills development Opportunities for career development (e.g. career development plan and upskilling opportunities) may cause moral development and lead to employee

satisfaction, turnover reduction and the reduction of costs for the organization related to training of newly employed staff.

			Location in the value chain			Time horizon
Sustainability matters and related IROs	I/R/O	Upstream	Own operations	Down stream	Short term	Medium term	Long term
S1 – Equal treatment and opportunities for all – Training and skills development Through internal recruitment, employees feel a sense of belonging to the organization, and they are also proved there are further opportunities for skills development, leading to increased employee satisfaction, turnover reduction and the reduction of costs for the organization related to recruitment and training of newly employed staff.	Opportunity		X			X
S1 – Company-specific Acquisitions, environment in which we operate (IT industry) is a rapidly changing one, and that's why the topic of change management is very important. It goes hand in hand with employee resistance due to changes in the business model.	Risk		X		X
G1 – Company-specific Increased demand for cyber security solutions and services paves the way for the offer of innovative solutions and a potential opportunity for returns on investments.	Opportunity		X		X

We assessed financial effects in respect of the assumed effects on operations, i.e. in what way that risk can financially affect us in case of complete suspension of the possibility to provide services. This is a qualitative analysis and the actual financial effects were estimated. We focused on potential costs of three-day process stoppage and how those risks could directly affect operations. This includes potential days of inability to work, loss of key users, decline in trust, loss of reputation and degradation of service. In 2024, there were no actual financial effects deriving from risks and opportunities identified through double materiality assessment. Expected financial effects of material risks and opportunities on financial position, financial performance and cash flows over the short-, medium- and long-term were not systematically assessed so far.

As part of the double materiality assessment, resilience of the business model of Span Group in the course of this reporting period was taken into account, with a view to identifying, understanding and managing material impacts, risks and opportunities, i.e. the Group considered whether it is able to respond to them, and in what ways.

As part of the Business Continuity Plan, Span analysed physical climate risks, including risk of fire and flooding. These risks can seriously jeopardize network infrastructure and business continuity, especially if they occur in central locations in Zagreb. More information about this can be found in chapter IRO-1 – Climate change. In the future, the Group plans on conducting a quantitative analysis, with a view to disclosing detailed information on impacts, risks and opportunities in future periods. Also, with respect to the results of qualitative analysis of the resilience and already identified material impacts, risks and opportunities, a sustainability strategy will be put in place, and goals will be set, in order to mitigate negative impacts and risks, and embrace opportunities, i.e. further develop positive impacts. No analysis of the resilience was conducted for identified material impacts and risks related to other sustainability factors.

Since this is the first reporting year, we are currently not able to compare changes in material impacts, risks and opportunities to a previous period. In future reports, we plan on tracking and analysing these changes in order to ensure continuous improvement and business adaptation.

IRO-1 – Description of the process to identify and assess material impacts, risks and opportunities

In Span, we developed a comprehensive methodology of double materiality assessment based on regulatory requirements of the CSRD and ESRS. This methodology allows us to identify and prioritize key sustainability topics over four phases: understanding, identification, assessment and consolidation.

and financial effect for risks and opportunities. Assessment process is supported by the rating mechanisms (1 to 5) that ensure objectivity and consistency. In this phase, results were verified through consultations with internal experts.

In the consolidation phase, we consolidated and analysed assessment results in accordance with set thresholds of materiality (3.5 of 5). Topics that require managing and reporting were defined based on that, in accordance with ESRS.

Impact materiality:

The first dimension of double materiality is the impact materiality ("inside-out" perspective). According to EFRAG standards, a topic is material from the following perspective: "when it pertains to the organization's material actual or potential, positive or negative impacts on people or the environment". It is defined as "impacts in relation to environmental, social and governance factors".

For this part of the analysis, impacts in relation to environmental, social and governance factors were identified in discussions with key internal stakeholders, through research and active and passive involvement of external stakeholders from the value chain, as well as through benchmark analysis. The analysis aims to identify cause/effect relationships between Span's practices and its value chain, as well as its impact on society or the environment.

Firstly, topics were contextualised in order to explain why they are relevant to Span and its value chain. Next, impacts of each topic on society or the environment were described. Finally, impacts were classified as prescribed in ESRS 1. (para. 43). In the identification process, it was taken into account whether an impact:

is actual or potential;
is negative or positive on people or the environment;
occurs over the short-, medium- or long-
1. In the understanding phase, we defined the scope of the reporting, mapped the value chain, and identified relevant sustainability topics through benchmark analysis and a review of previous materiality assessments. This analysis includes taking into account external sources, such as sectoral reports and suppliers' data, involvement of stakeholders through focus groups, as well as internal insights of Span's key departments.
1. In the identification phase, we recognized potential and actual impacts, risks and opportunities (IRO) within own operations and the entire value chain. Internal and external stakeholders were involved in order to ensure the integrity of analysis, and contextual factors, such as IT industry specifics were further taken into account.
1. In the assessment phase, we assessed the identified impacts, risks and opportunities based on clearly defined criteria: severity, scale, scope and likelihood for impacts,

term, covering all affected stakeholders (own operations and upstream and downstream value chain)

related to availability of those resources can impact the business. Connection of impacts and dependencies with the risks and opportunities is further considered through benchmark analysis and sectoral data, thus ensuring the comparison with competitors and industry standards. In addition, consultations with stakeholders (internal and external) provide additional insights into potential opportunities arising from sustainability, such as implementation of new technologies or entry into markets with increased sustainability requirements.

The analysis aims to establish how risks and opportunities (e.g. legal, reputational, operational, financial, as proposed in ESRS 1 AR 13.) related to topics identified in the short list can impact Span's activities over short-, medium- and long-term. Structure of the analysis comprises of topic definitions and topic contextualisations that provide details in relation to scope (i.e. own operations, upstream, downstream) for each topic, as well as potential details about the company in relation to topic relevance. It describes how a topic can be either risk or opportunity for Span, as well as operational, financial, reputational and legal risks for Span relating to particular topic, on the basis of research. Financial assessment of risks or opportunities is drawn up through the assessment of scale, likelihood and impact on long-term performance of topic on Span, and it sums up main sustainability related risks and opportunities.

Since ESRS does not specify range of scores, we decided to define thresholds of materiality: 3.0 for materiality of actual impacts (1 to 5 on severity scale); 3.5 for materiality of potential impacts (1 to 5 on a scale with likelihood dimension); 3.5 for financial materiality (on a 1 to 5 scale). Impacts, risks and opportunities below these thresholds of materiality are not considered significant enough to be defined as material (ESRS 1, para. 31). Different thresholds of materiality for the impact assessment are the result of assessment methodology in order to ensure that actual impacts have greater significance with respect to potential impacts.

Scale of the assessment comprises financial effect of risks or opportunities on key business metrics (e.g. revenue, costs, operational activities). As a starting point for determining the threshold of significant financial impact, the materiality threshold for financial statements was taken, which was then adjusted for short-term and long-term periods, as well as the estimated financial impact that the Group could suffer due to the negative impact of risks, but also the positive impact of opportunities. Assessment combines quantitative analyses (e.g. assessments of financial effect) with qualitative insights (e.g. feedback from stakeholders and internal experts). That process allows for clear understanding of priorities among identified risks and opportunities.

Administrative, management and supervisory bodies are notified about the views and interests of the stakeholders concerning sustainability through reports and during meetings of the Management Board. Sustainability related controls have not yet been implemented in the integrated framework of internal control, and this activity is planned for 2025. Decision-making process is done by way of a structured framework in which roles and responsibilities of key participants are clearly defined. ESG coordinator and task force for sustainability are in charge of the analysis and gathering material for materiality assessment, which is then presented to the Management Board and senior management. At the moment, Span Group does not have a completely integrated process to identify, assess and manage sustainability impacts and risks within overall risk management system. However, we are aware of the importance of systematic integration of ESG risks into a wider context of risk management in order to

ensure compliance with regulatory requirements and long-term business resilience. We plan on developing and implementing a framework in order to enable a complete integration of ESG risks into risk management processes of the organization.

IRO-1 – Climate change

At the level of Span Group, an analysis of activities and plans was conducted in order to identify actual and potential impacts on climate change by way of calculating GHG Scope 1, 2 and 3 emissions in own operations and in the entire value chain for 2024. Those results will be used as starting point for future comparison of emissions. This process includes an analysis of emissions that are directly related to our operations (Scope 1), emissions from the consumption of purchased electricity (Scope 2), and emissions that occur in the value chain (Scope 3). More detailed information can be found in the topical part "Environmental information – E6". Also, drivers of other impacts related to climate change were identified, such as energy consumption. This analysis will enable further development of our strategy to reduce emissions and improve energy efficiency.

When identifying and assessing material impacts, risks and opportunities related to climate change, we identified the following material impacts:

Span's assessment process focuses on identifying key risk factors related to business, entire value chain (including own operations, suppliers and users) and geographical areas. Looking at inherent impacts, and on the basis of Span's sector (IT industry), we assumed that the impacts deriving from Span's business are negative. Along with negative impacts, we identified several positive impacts.

Negative impacts are prioritized under severity (scale, scope, irremediable character) and likelihood criteria. Identification comprises short-, medium- or long-term impacts on people or the environment, including own operations and the entire value chain. Positive impacts are also prioritized, but the emphasis is placed on their relative scale, scope and long-term benefit

Financial materiality:

The second dimension of double materiality is the financial materiality ("outside-in" perspective). According to EFRAG standards, a topic is material from the following perspective: "if it triggers material financial effects on the organization".

Span approaches the assessment of risks and opportunities with financial effects through an integrated model that connects business impacts and value chain dependencies with potential risks and opportunities. Through value chain mapping, Span identifies key business aspects that may have financial effects, including direct (e.g. increase of energy costs) and indirect ones (e.g. reputational risks related to suppliers and users). Analysis of dependencies includes an assessment of the dependency of business model on key resources (human, technological or natural), and how potential disruptions

a) Climate change mitigation (GHG emissions – Scope 1, 2 and 3):

We assess GHG emissions that are directly related to our operations (Scope 1 and 2), and they largely derive from the energy consumption for the purpose of company vehicles, air conditioning and heating, and electricity for offices. Moreover, we analyse Scope 3 emissions in the supply chain (upstream and downstream) and focus on transport, product use and other activities related to value chain. We analyse the impact of our largest supplier as well.

b) Energy consumption:

We analyse the total energy consumption and focus on the consumption of electricity in the IT industry for the purpose of equipment operation, cooling, heating, ventilation and air conditioning.

c) Sector-specific impacts (cloud solutions):

Transition to cloud solutions reduces the use of individual servers, thus reducing total energy consumption and GHG emissions. Also, redesign of system architecture includes replacing platform resources, such as virtual servers, with more efficient resources that are automatically scaled depending on their load, or using newer types of resources that perform better with fewer emissions.

In addition, a risk for the business model was identified and recognized in sub-topic:

d) Climate change adaptation:

This risk concerns inability of exercising core business activities due to network infrastructure problems caused by the climate change consequences, such as acute hazards related to climate (e.g. flooding and fire).

First assessment of physical climate risks for critical infrastructure we manage, and for buildings that we own and operate was conducted in 2022. The assessment was conducted within the certification process for ISO 22301 (Business continuity management), a standard we were certified for in April 2023. Our assets and business activities may be exposed and susceptible to hazards related to physical risks, and that's why we carry out regular assessments as part of the Business Continuity Plan in order to identify high risk areas and develop strategies for their mitigation.

We did not identify major hazards in the short-term in daily operational activities, except for fires, flooding and earthquake. These physical risks can seriously jeopardize business continuity or even cause disruption of services, especially if they occur in central locations in Zagreb. IT director and CISO were consulted, with IT director being in charge of the risk. Business Continuity Plan was indicated as an initial control process, and risk treatment plan was created. Activity proposed was reconfiguration of network resources in such a way as to support functioning of only one location in Zagreb. Performance measure of the plan was a successfully carried out exercise of relocating Service Desk from location in Savska, and SOC to a location in Koturaška. We continue to monitor and analyse business impacts and resulting risks. Testing of existing recovery procedures has proved to be successful. In case of changes of architecture and functionalities, if necessary, we will repeat the testing , but for now we focus on potential new risks and recovery procedures as a result of their analysis.

Overall formal assessment to analyse the exposure of all assets and business activities to climate-related hazards, taking into consideration the likelihood, magnitude and duration of the hazards was not conducted, nor were the geospatial coordinates specific for our locations and supply chains taken into account. However, we are aware of the importance of climate-related risks, and in the future we plan on developing more systematic approach to identifying and assessing potential climate-related impacts on our business that will cover all locations.

We identified key transition events, such as regulatory changes (government measures), market pressure for reducing emissions and technological innovations. At this moment, we did not identify transition risks as material.

IRO-1 Pollution, IRO-1 Water and marine resources, IRO-1 Resource use and circular economy, IRO-1 Biodiversity and ecosystems

Tangible and intangible assets, locations and business activities of Span were included in double materiality assessment in order to assess actual and potential impacts, risks and opportunities related to pollution, water and marine resources, biodiversity, circular economy and ecosystems. In own operations, and taking into account results of the DMA conducted, previously indicated actual and potential impacts, risks and opportunities were identified as non-material. They were also assessed in the value chain, by way of research and interviews with external stakeholders and experts. Taking into account the first year of analysis and the transitional provision 10.2., which allows for three-year period to establish a process for obtaining information from the value chain, we did not make particular effort to involve stakeholders for this purpose, but we used previously obtained information and existing processes and channels of communication with local communities and wider public.

IRO1 – Business conduct

In the process of identifying material impacts, risks and opportunities related to business conduct, we focused on Span's existing good practices. We analysed our business conduct by way of comparison with other organizations and interviews with internal experts, taking into account relationships with users by all means. As a result of this assessment, the topics of anti-corruption and supplier relationship management, including payment practices, were highlighted. Opportunity for developing security solutions to combat cyber attacks was also recognized.

IRO-2 – Disclosure requirements in ESRS covered by the organization's sustainability statement

We identified information to be disclosed related to our material impacts, risks and opportunities. To that end, we used principles and criteria from ESRS 1 section 3.2 "Material matters and materiality of information". This process was developed in order to ensure that disclosed information faithfully reflects organization's impact on sustainability and its exposure to risks and opportunities that may have material impact on business model, strategy and financial results.

The process of identification was initiated by a comprehensive double materiality assessment to analyse sustainability matters from two perspectives: (1) impact of company's business on the environment, society and governance, and (2) financial and strategic effects of sustainability-related risks and opportunities on the company. Feedback from various sources was gathered in the process, including consultations with stakeholders, regulatory requirements, industry standards and internal business data.

Span's Management Board reviewed and approved the identified material topics. Through this approach, we ensure that disclosed information provides a comprehensive and transparent insight into our most important sustainability-related impacts, risks and opportunities. We also enable our stakeholders to make informed decisions, and we are committed to reinforcing transparency in sustainability reporting.

6.2. Environmental information (E1)

Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation)

Regulation (EU) 2020/852 (Taxonomy Regulation) is a classification scheme of environmentally sustainable economic activities and a vital tool for achieving the strategic goals of the European Green Deal. In its 2024 report, Span Group discloses the proportions of environmentally sustainable economic activities aligned with the taxonomy related to the first two taxonomy objectives: (1) climate change mitigation and (2) climate change adaptation; taxonomy-eligible activities related to all six taxonomy objectives; and taxonomy-non-eligible activities in its group turnover, capital expenditure (CapEx), and operational expenditure (OpEx).

In calculating the key indicators, we used the following interpretations: taxonomy-eligible economic activities are those described in the delegated acts supplementing the Taxonomy Regulation, regardless of whether they meet any or all of the technical screening criteria established in the delegated acts. Taxonomy-aligned economic activities meet the criterion of significant contribution to one or more environmental objectives; do not cause significant harm to any of the environmental objectives; are conducted in compliance with minimum safeguards; and comply with the technical screening criteria in the delegated acts supplementing the taxonomy. A taxonomy-uneligible economic activity is any economic activity not described in the delegated acts supplementing the Taxonomy Regulation. Key performance indicators for reporting under Taxonomy Regulation (taxonomy KPIs) include turnover taxonomy KPI, CapEx taxonomy KPI and OpEx taxonomy KPI, and they are calculated separately for eligibility and alignment.

Eligibility analysis

The proportion of taxonomy-eligible economic activities in our turnover is calculated as the share of turnover derived from products and services related to taxonomy-eligible economic activities (numerator) divided by total turnover (denominator) for the reporting year 2024. The numerator of the turnover taxonomy KPI is defined as the revenue generated from products and services related to the taxonomy-eligible economic activity from the section Computer programming, consultancy, and related activities.

The CapEx KPI for eligibility is defined as the ratio of taxonomy-eligible capital expenditures (numerator) and total capital expenditures for the reporting year. Capital expenditures include the acquisition/commissioning of new fixed assets, revaluation of property, capitalized internal software development, and capitalized long-term leases. In this segment, we compared the activities with taxonomy-eligible economic activities. We identified the internal development of software solutions, ownership of vehicles, and ownership and use of property, as described in the sections Computer programming, consultancy, and related activities, Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings.

The OpEx KPI for eligibility is defined as the ratio of total taxonomy-eligible operating expenditures (numerator) and total operating expenditures (denominator) in the reporting year. According to the taxonomy definition, total operating expenditures consist of direct non-capitalized costs related to research and development, building renovation measures, short-term leases, maintenance and repairs, and all other direct expenses related to the day-to-day servicing of property, plant, and equipment. In our case, this includes costs for the maintenance of the Group's business premises, maintenance and car rentals related to sections Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings.

Analysing Span's business activities in accordance with the requirements of Taxonomy Regulation, we identified that our only taxonomy-eligible turnover falls under the section Computer programming, consultancy, and related activities, pertaining to IT services. The total turnover generated from taxonomy-eligible IT services in 2024 amounted to EUR 51 031 thousand (28%), and the capital expenditures related to internal development costs associated with these services amounted to EUR 544 thousand (15%).

Considering that the Taxonomy Regulation is not limited to activities related to our core

business, we recognized taxonomy-eligible activities in our capital expenditures and operating expenses under the sections Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings. Capital expenditures related to the Transport by motorcycles, passenger cars and light commercial vehicles activity include car purchases in 2024, amounting to EUR 464 thousand (13%), while the operating expenses amounted to the total of EUR 611 thousand (52%), including car maintenance and rental costs. In the reporting period, the taxonomy activity Acquisition and ownership of buildings, specifically the right-of-use assets accounted for 53% of total capital expenditures (EUR 1,947 thousand) and 19% of operating expenses (EUR 227 thousand) for the maintenance and rental of right-ofuse properties.

Alignment analysis

We subjected the identified eligible activities to a taxonomy alignment assessment. We followed the prescribed evaluation steps for taxonomy-eligible activities from sections Computer programming, consultancy and related activities, and Acquisition and ownership of buildings. Given that according to the EU taxonomy both groups of activities can contribute to the taxonomy objective of climate change adaptation, we determined to what extent they contribute to this objective. For economic activities related to Transport by motorcycles, passenger cars and light commercial vehicles, we examined whether they significantly contribute to climate change mitigation. Next, we verified whether these activities met the technical screening criteria for doing no significant harm to other taxonomy objectives and checked their alignment. Finally, we ensured that we met the minimum safeguards in their implementation, in alignment with the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights, including the principles and rights set out in the eight core conventions defined in the ILO Declaration on Fundamental Principles and Rights at Work and the International Bill of Human Rights.

A prerequisite for determining that an eco nomic activity contributes to the goal of climate change adaptation for recognized taxonomy-eligible IT services and proper ty is conducting a process of analysis and assessment of physical climate risks. The first evaluation of physical climate risks for the critical infrastructure we manage and for buildings we own and operate was carried out in 2022 as part of the ISO 22301 Business Continuity Management certifi cation process (for which we received the certification in April 2023).

The carried out assessment included a limited number of physical climate risks. The assessment was not carried out using location-based climate projections and impact assessments, considering the latest scientific advancements in sensitivity and risk analysis and related methodologies in line with the latest reports from the In tergovernmental Panel on Climate Change. Until we conduct a comprehensive physical climate risk assessment that includes cli mate projections based on various climate scenarios for all our locations, we cannot assert that our activities are aligned with this technical screening criterion. In 2024, we invested EUR 29 thousand in new ve hicles that meet the criteria for emissions from light vehicles and road vehicle tires. These are new cars, manufactured in the European Union, which comply with the recyclability criteria and will be given back by Span to the leasing company at the end of the lease period.

Span's Code of Business Conduct outlines the values and ethical principles we rely on in our operations. At Span, we respect the fundamental human rights defined in the United Nations Universal Declaration of Human Rights and internationally recognized principles and guidelines. As an employer, Span is committed to working in accordance with the International Labour Organization's Declaration on Fundamental Principles and Rights at Work. In 2024, we conducted an assessment of our potential and actual adverse impacts on the environment and society, including human rights, and did not encounter any cases of human rights vio lations. We will continue to strengthen our responsible policies and practices regarding human rights protection by examining the impacts of our activities across our entire value chain.

Taxonomy-aligned economic activities con stitute 1% of our capital expenditures and 1% of our operating expenditures.

Turnover

Substantial Contribution Criteria

DNSH criteria ('Does Not Significantly Harm')

Economic activities

TAXONOMY-ELIGIBLE ACTIVITIES

A.1. Environmentally sustainable activities (Taxonomy-aligned)

activities (Taxonomy-aligned) (A.1)

0.00

0.00%

A.2 Taxonomy-Eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)

8.2. Computer programming, consultancy and related activities	51,031,284.30	28.32%		E					30.60%
environmentally sustainable activities (not Turnover of Taxonomy-eligible but not Taxonomy-aligned activities) (A.2)	51,031,284.30	28.32%	0.00%	28.32%	0.00%	0.00%	0.00%	0.00%	30.60%
Total (A.1+A.2)	51,031,284.30	28.32%	0.00%	28.32%	0.00%	0.00%	0.00%	0.00%	30.60%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of Taxonomy-non-eligible activities	129,151,670.17	71.86%

Total turnover (A+B)

180,182,954.47 100%

Capital expenditure

A.2 Taxonomy-Eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)

6.5. Transport by motorbikes, passenger cars and light commercial vehicles	611,189.93	51.98%	E						57.03%
Operating expenditure of Taxonomy-eligible 7.7. Acquisition and ownership of buildings	226,840.86	19.29%	E						17.68%
but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)	838,030.79	71.27%	71.27%	0.00%	0.00%	0.00%	0.00%	0.00%	74.71%
Total (A.1+A.2)	845,968.54	71.94%	71.27%	0.00%	0.00%	0.00%	0.00%	0.00%	74.98%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Operating expenditure of Taxonomy-non eligible activities (B.)	337,858.81	28.73%

Total operating expenditure (A+B)

1,175,889.60

100%

E1-1 - Transition plan for climate change mitigation

Currently, there is no transition plan for climate change mitigation at the level of Span Group, but we plan on adopting one until 2028.

SBM-3 E1

At Company level, material physical risks related to climate change were identified, risk of fire and flooding in particular. These risks can impact business operations, infrastructure and supply chains, and cause potential breakdowns in our business, material damage and increased operating expenses. The Company continuously monitors these risks and analyses potential mitigation actions, including business continuity plans within Business continuity management system (BCMS), and infrastructure adaptations in order to reduce the impact of extreme weather conditions. More about physical risks resilience and our BCMS can be found in chapter ESRS 1 – ESRS 2 – IRO-1. However, the carried out assessment included a limited number of physical climate risks, and was not carried out using location-based climate scenarios and impact assessments, considering the latest scientific advancements in sensitivity and risk analysis and related methodologies in line with the latest reports from the Intergovernmental Panel on Climate Change. Until we conduct a comprehensive physical climate risk assessment that includes climate projections based on various climate scenarios for all our locations, we cannot assert that our activities are aligned with this technical screening criterion.

Currently, there are no identified material transitional risks at Span Group level. Analysis of value chain resilience was conducted through a sectoral analysis of 15 of Span's key users and suppliers and their vulnerability in terms of transition to low-carbon economy. Except for publicly available information (sustainability reports), Span does not possess detailed information from the suppliers, which is a challenging factor in the assessment of total vulnerability. Span Group did not establish critical assumptions and analyses related to transition to a lower-carbon and resilient economy until now. However, we are aware of the potential impacts and we are considering integrating other climate-related risks and opportunities into our long-term strategy. In the following period, a channel for obtaining more accurate information from the suppliers will be set in place, and financial analysis was qualitative. We plan on conducting quantitative analysis in the next two years. We did not identify the need to adapt the strategy and business model in order to secure ongoing access to finance.

E1-2 - Policies related to climate change mitigation and adaptation

At Span, we do not have a policy that involves climate-related impacts in place at the moment. There are plans to review the Environment and energy efficiency policy in order to adapt the policy to material impacts, risks and opportunities.

In the IT industry, a large amount of energy is used for cooling, heating, ventilation, air conditioning, lighting and equipment operation. Our policy will include actions to reduce energy consumption and increase energy efficiency. Also, cloud solutions optimization reduces the use of individual servers, thus reducing total energy consumption and GHG emissions. This positive impact will be identified and included in our policy.

E1-3 i E1- 4 - Actions and resources in relation to climate change policies and Targets related to climate change mitigation and adaptation

In 2024, the only climate-related action was the system architecture redesign to reduce emissions. However, Span currently does not have formal action plans and goals in place to address each climate-related material impact, risk or opportunity. Formal process for establishing goals and plans is being developed at the moment.

System architecture redesign to reduce emissions:

In 2024, we redesigned system architecture of the Span Resolution application. It is a business-critical IT Service Management application fully developed for Microsoft Azure cloud. Application is currently hosted in the West Europe Azure region. Reasons for redesign were cost savings, fulfilling the business continuity requirements, and reducing adverse impact on the environment. The project was initiated in mid-2023, and it was completed in June 2024. Redesign included replacing platform resources, such as virtual servers, with more efficient resources that are automatically scaled depending on their load, or using newer types of resources that perform better with lower costs. As a result of the project, we lowered monthly costs for more than 30%, increased the application's level of resilience to data center faults, and reduced GHG emissions.

Significant GHG emissions savings are achieved by the sole fact that we use Azure cloud as a platform for hosting this application. According to the Microsoft reports used to calculate GHG emissions, in the whole of 2024, we indirectly emitted 2.7 metric tonnes of CO2 (mtCO2e) for the infrastructure supporting the Span Resolution application. 1.64 mtCO2e was emitted

in the first half of 2024, and 1.06 mtCO2e was emitted in the second-half. To compare, using the "on-premises" data center we would emit greenhouse gas that is equal to 17.43 mtCO2e in the atmosphere. If we maintain the same amount of infrastructure capacities for Span Resolution, in 2025 we expect to further reduce GHG emissions compared to 2024.

Last year we also began building Span infrastructure in Sweden Central Azure region. That region currently consists of some of the most efficient Microsoft data centers in the world, with power usage effectiveness (PUE) of 1.172, and water usage effectiveness (WUE) of 0.16 L/kWh. This data center is unique because 100% of the electricity used is recovered in renewable energy network, and all the water used for air humidifying during winter months comes from rainwater collected around data centers. In addition, diesel generators use Preem Evolution Diesel Plus fuel, produced from a minimum of 50% renewable materials and having at least 45% lower CO2 emissions compared to regular fuel. For these reasons we decided to migrate a proportion of existing internal applications, and build all of our future projects and applications in that region.

In 2024, we used 32,770 hours of processing power, disc space and data transfer, a measure for calculation of GHG emissions used by Microsoft. In 2025, we plan on doubling that number through building new and migrating existing applications from other regions and on-premises data center to further reduce emissions.

E1-5 – Energy consumption and mix

Information on energy consumption of Span Group for 2024 includes Scope 2 electricity and thermal energy, and natural gas and fuel for vehicles indicated in Scope 1 (whereby conversion factors for fuels are used).

E1 Climate change

Energy consumption and mix	2024
(1) Fuel consumption from coal and coal products (MWh)	0
(2) Fuel consumption from crude oil and petroleum products (MWh)	67.60
(3) Fuel consumption from natural gas (MWh)	123.04
(4) Fuel consumption from other fossil sources (MWh)	0
(5) Consumption of purchased or acquired electricity, heat, steam, or cooling from fossil sources (MWh)	987.95
(6) Total energy consumption from fossil sources (MWh) calculated as the sum of rows 1-5)	1,782.59
The share of energy from fossil sources in total energy consumption (%)	87.12
(7) Total energy consumption from nuclear sources (MWh)	0
The share of energy from nuclear sources in total energy consumption (%)	0
(8) Fuel consumption for renewable sources including biomass (also comprising industrial and municipal waste of biologic origin), biofuels, biogas, hydrogen from renewable sources (MWh)	0
(9) Consumption of purchased or acquired electricity, heat, steam, and cooling from renewable sources (MWh)	263.36
(10) Consumption of self-generated non-fuel renewable energy (MWh)	0
(11) Total energy consumption from renewable sources (MWh) calculated as the sum of rows 8-10	263.36
The share of energy from renewable sources in total energy consumption (%)	12.87
Total energy consumption (MWh) calculated as the sum of rows 6 and 11	2,045.95

Scope 1

Our Scope 1 emissions include direct emissions from sources that are owned or under operative control by Span Group. These emissions derive from mobile sources (company vehicles owned or leased) that account for the biggest proportion of Scope 1, emissions from stationary sources (fuel consumption for heating), and direct fugitive emissions from refrigerating appliances. There are no direct process emissions in Span Group. Scope 1 accounts for 14.20% of total emissions.

Locations in Varaždin, Rijeka, Zagreb (Trilix), Azerbaijan and Estonia used natural gas for heating, while a small amount of diesel for the regular check of back-up power generator is used on the location in Koturaška. Span Group uses passenger cars (owned or leased), and diesel fuel and motor gasoline were used to propel them. For the purpose of calculation, odometer data was collected for gas, diesel and hybrid (electricity and motor gasoline) vehicles. To determine fuel consumption, data on the average consumption of petrol (7.5L / 100km) and diesel (5.9L / 100km) was used according to the Ordinance on the System for Monitoring, Measurement and Verification of Energy Savings (Official Gazette 98/2021). For six hybrid plugin vehicles, on the basis of detailed WLTP (Worldwide Harmonised Light Vehicle Test Procedure) data on emissions of CO2 in g / km, an average petrol consumption of 2.25L / 100km was estimated. After determining the average fuel consumption in litres, fuel consumption in terms of energy units was calculated by using the density and lower heating values. Corresponding conversion values were taken from the reference (CDP Technical Note: Conversion of fuel data to MWh, 2024).

In 2024, fugitive emissions of hydrofluorocarbons (HFCs) occurred due to the leakage of refrigerants in refrigerating systems on the locations in Zagreb (Savska), Osijek, Ljubljana (Slovenija) and Baku (Azerbaijan).

Due to high level of reliability of available data, level of uncertainty of calculation is low, whereby the most precise were fuel and natural gas calculations. However, level of uncertainty was somewhat higher for fugitive emissions of refrigerating gases, given the potential variations in losses of substances from the system.

Scope 2

Scope 2 emissions include indirect emissions from the consumption of purchased electricity, heat and cooling, and account for 12.53% of total emissions of Span Group. Electricity consumption data was collected at the level of Span Group (establishments in Moldova, USA and Georgia do not use office space, so there was no electricity consumption), and locations in Zagreb (Koturaška and Savska) account for the largest proportion.

For Span Group establishments in Croatia and their locations, we used emission factor for electricity from the Croatian emission factors database for 2022, the last year available. For the market-based approach, emission factor for HEP Opskrba was used for establishments in Koturaška (Zagreb), Rijeka and Osijek, subsidiary undertaking Trilix (Zagreb), and Varaždin, while green certificates for total electricity consumption were purchased for the establishment in Savska (Zagreb) in 2024, so the emission factor for electricity

E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions

To calculate greenhouse gas (GHG) emissions and their CO₂ equivalents, Span Group applies the GHG Protocol (Greenhouse Gas Protocol). In 2024, Span included Scope 3 emissions in its calculation for the first time, and for that reason will use this calculation as the base value for managing GHG emissions, and for setting emission reduction targets in the future. The calculation included emissions of CO₂, N₂O and CH₄ in Scope 1 and 2 categories, while fluorinated gas emissions, such as emissions of PFCs, SF₆ and NF₃ were not identified in Span Group's business and were therefore not included in the calculation. Global Warming Potential for refrigerants used in the establishments of Span Group was taken from the Sixth Intergovernmental Panel on Climate Change (IPCC) report.

When calculating emissions, relevant emission factors were applied taking into account national, international and industry recognized databases. Information on GHG emissions from the previous year was not included due to changes in the calculation methodology and the application of GHG Protocol. In addition, there were changes in the reporting methodology, transitioning from Global Reporting Initiative (GRI) standards to ESRS. These changes resulted in different methods of obtaining and presenting data, thereby making it impossible to directly compare the new and last year's information.

was 0 g/kWh in that location. When calculating emissions from electricity consumption in subsidiary undertakings outside Croatia, for location- and market-based approach emission factors from the publicly available database were used (for Ukraine and Azerbaijan, emission factors for the remaining mixture were not available, and emission factors used were the same as in the location-based approach).

To determine indirect GHG emissions from the consumption of heat generated in district heating systems in Zagreb and Osijek, factors from Croatian GHG emission factors database were used, taking into account the average for all heat plants in Croatia for location-based approach. Data for local heat plants was used for market-based approach. For Slovenia, factors from the study "Ogljični odtis SPAN d.o.o. Ljubljana za leto 2022" were taken into account.

Given the high level of reliability of these sources, level of uncertainty of calculation is low as well, ensuring a relatively precise assessment of the impact of energy consumption on total emissions of Span Group.

Scope 3

Scope 3 emissions encompass indirect emissions that occur upstream or downstream in the value chain of Span Group, outside of own operations. Upstream emissions are emissions from purchased goods and services, including purchased materials, low value-adding services, and emissions from capital goods – such as investing in IT equipment and furniture. Also, fuel and energy-related activities are covered as well (not covered in Scope 1 and 2), and they include gas, electricity and heat consumption, as well as emissions from upstream transportation and distribution of goods. Furthermore, Scope 3 includes emissions from waste generated in operations, business traveling and day-to-day employee commuting. In the business traveling category, emissions are calculated on the basis of travel orders and travel agency data, while estimates based on modal split were used for day-to-day employee commuting, whereby some employees use public transport, bus or passenger car. Since Span Group does not produce nor sell physical products, no emissions were identified in the following downstream categories: processing of sold products, use of sold products, end-of-life treatment of sold products, downstream leased assets and franchises. Scope 3 emissions account for 73.27% of total emissions.

Span Group invested EUR 206 thousand in investment funds on 31 December 2024 (31 December 2023: EUR 100 thousand), accounting for less than 1% of total net value of the fund's assets, and does not estimate emissions from said investment. The Company does not invest in securities. Scope 3 emission estimates are associated with high levels of uncertainty, mainly due to limited availability of primary data obtained from suppliers and users, and using estimates and conversion factors for specific activities. Depending on the category of emissions, the level of uncertainty varies between 50 and 100%, whereby more uncertain estimates are mainly related to upstream and downstream transportation, purchased goods and services and capital goods due to the use of consumption-based method. Emission factors used were from Croatian, French and UK databases, as well as Exiobase emission factors database. Employee commuting contributed to Scope 3 emissions the most (32.61%), followed by capital goods (14.14%), business traveling (9.24%) and purchased goods and services (9.80%).

Data for calculating indirect emissions from purchased goods and services (Category 3-1)

Purchased goods and services concern emissions related to purchased goods, materials, raw materials and services used by the Company for its production or business. Data on water, paper and the consumption of other office supplies was collected, as well as data on external services cost. Data on water and paper consumption was collected in natural units of measurement (m3 and kg), while data on other office supplies and external services was collected in monetary units (EUR). External services cost was aggregated in two groups, namely services with high equipment cost whose production involves the use of fuel or energy, or they cause high emissions, and services with low equipment cost (socalled intellectual services), with relatively low emissions. Apart from that, data was collected concerning the cost of cloud services and Microsoft licences.

Data for calculating indirect emissions from capital goods (Category 3-2)

Capital goods are products that have a lifespan longer than 12 months. In the organization's accounting system, capital goods are treated as fixed assets. Data was collected concerning the mass of purchased furniture and vehicles, and the number of purchased pieces of IT equipment, pieces of furniture, white goods, mobile phones and televisions in 2024 for Span Group.

Data for calculating indirect emissions from fuel and energy-related activities (Category 3-3)

Category concerning fuel and energy-related activities includes emissions related to fuel and energy production that the Group consumed in the reporting period, which are not included in Scope 1 or Scope 2. Data on the consumption of fuel from stationary and mobile energy sources (Scope 1) and data on the consumption of electricity and heat (Scope 2) is used to calculate emissions from this category, but emission factors concerning fuel and energy-related activities are applied.

Data for calculating indirect emissions from upstream transportation and distribution (Category 3-4)

Category concerning upstream transportation and distribution of goods includes transporting company emissions due to transportation and distribution of goods (including materials and capital goods) purchased in the reporting year, between our locations and supplier's location, when transportation costs are covered by Span Group (by lorries and airplanes).

Data for calculating indirect emissions from waste generated in operations (Cate-

gory 3-5)

Category concerning waste generated in operations includes emissions from disposal and recovery of solid waste (hazardous and non-hazardous) generated in operations of Span Group in the reporting year. Data was collected on mixed municipal waste, waste paper, plastic, organic waste, textile and electric and electronic waste in 2024. Information regarding method of disposal and recovery was submitted for different types of waste. In addition, data on wastewater volume was used, and it equals to water consumed in the observed year.

Data for calculating indirect emissions from business traveling (Category 3-6)

Category concerning business traveling includes emissions from employee transportation during business traveling in the course of the reporting year, in vehicles not owned or controlled by the Group. Data on business traveling of Span Group employees in 2024 was submitted. Business traveling by means of company vehicles are considered within Scope 1, while business traveling by other means of transportation is considered in this category. Diesel fuel, motor gasoline and liquefied petroleum gas consumed in private vehicles is considered, as well as passenger-kilometres travelled by trains and airplanes for the pur-

pose of business traveling. For business traveling by airplane, data on CO2 emissions shown on flight tickets was collected and used.

Data for calculating indirect emissions from employee commuting (Category 3-7)

Category concerning employee commuting includes emissions resulting from transportation of employees from their homes to their workplaces in the course of the reporting year, in vehicles not owned or controlled by the Group. Data required to calculate emissions from employee commuting was collected through a survey. Survey was completed by 64.2% of employees in Span Group establishments in Croatia, and 87.5% of employees in Span Group establishments outside Croatia. An average of 215 commutes in 2024 was assumed for the purpose of calculation. Employees estimated diesel fuel and motor gasoline consumption for private vehicles, and passenger-kilometres for commuting by tram, bus or train.

Data for calculating indirect emissions from downstream transportation and distribution (Category 3-9)

Category concerning upstream transportation and distribution of goods includes transporting company emissions due to transportation and distribution of goods purchased in the reporting year, between Span's locations and supplier's location, when transportation costs are not covered by Span Group. Emissions resulted from the combustion of diesel fuel in lorries and vans, and jet fuel in airplanes for the purpose of goods transportation.

Uncertainty of emissions calculation:

Uncertainty of GHG emissions calculation is an essential parameter implying the quality of collected data and emission factors used. In the calculation of uncertainty for Scope 1 and Scope 2 categories, Tier 1 approach from IPCC Good Practice Guidance was used. Estimated uncertainty of emissions calculation from each emission source represents a combination of uncertainty of input data on activities and corresponding emission factors. For Scope 3 categories a qualitative expert evaluation of uncertainty was provided, whereby the lowest level of uncertainty was marked "A" (uncertainty: 0-15%), then "B" (uncertainty: 15-50%) and "C" (uncertainty: 50-100%), and the highest level of uncertainty was marked "D" (uncertainty: more than 100%). Results of the evaluation of uncertainty of GHG emissions calculation by category is shown in the table:

Label	Category	Qualitative assessment of uncertainty
O1-1	Stationary energy sources	A (0-15%)
O1-2	Mobile energy sources	A (0-15%)
O1-4	Fugitive sources	C (50-100%)
O2-1	Electricity consumption	A (0-15%)
O2-2	Consumption of thermal and cooling energy	A (0-15%)
O3-1	Purchased goods and services	C (50-100%)
O3-2	Capital goods	C (50-100%)
O3-3	Fuel and energy-related Activities (not included in Scope1 or Scope 2)	B (15-50%)
O3-4	Upstream transportation and distribution	B (15-50%)
O3-5	Waste generated in operations	C (50-100%)
O3-6	Business traveling	B (15-50%)
O3-7	Employee commuting	C (50-100%)
O3-9	Downstream transportation and distribution	B (15-50%)

Uncertainties of carbon footprint calculation for Span Group (location-based approach), 2024

Base year 2024

Scope 1 GHG emissions

Scope 2 GHG emissions

Significant Scope 3 GHG emissions

Scope 1 GHG emissions
Gross Scope 1 GHG emissions (tCO2 eq)	214.40
Percentage of Scope 1 GHG emissions from regulated emission trading schemes (%)	0
Scope 2 GHG emissions
Gross location-based Scope 2 GHG emissions (tCO2 eq)	224.29
Gross market-based Scope 2 GHG emissions (tCO2 eq)	189.24
Significant Scope 3 GHG emissions
Total Gross indirect (Scope 3) GHG emissions (tCO2 eq)	1,106.27
1. Purchased goods and services	136.16
Optional sub-category: Cloud computing and data centre services	11.74
2. Capital goods	213.51
3 Fuel and energy-related activities (not included in Scope1 or Scope 2)	78.86
4 Upstream transportation and distribution	0.44
5 Waste generated in operations	13.67
6 Business traveling	139.53
7 Employee commuting	492.32
8 Upstream leased assets	0

A detailed presentation of emissions for Span Group in 2024 for Scope 1, 2 and 3 is shown in the table.

9 Downstream transportation	20.04
10 Processing of sold products	0
11 Use of sold products	0
12 End-of-life treatment of sold products	0
13 Downstream leased assets	0
14 Franchises	0
15 Investments	0

Total GHG emissions

Total GHG emissions (location-based) (tCO2 eq)	1,544.96
Total GHG emissions (market-based) (tCO2 eq)	1,509.91

	tCO2
Scope 1 GHG emissions - the consolidated accounting group	214.40
Scope 1 GHG emissions - investees such as associates, joint ventures, or unconsolidated subsidiaries that are not fully consolidated in the financial statements of the consolidated accounting group, as well as contractual arrangements that are joint arrangements not structured through an entity (i.e., jointly controlled operations and assets), for which it has operational control	0
Scope 2 GHG emissions - the consolidated accounting group	224.29
Scope 2 GHG emissions - investees such as associates, joint ventures, or unconsolidated subsidiaries that are not fully consolidated in the financial statements of the consolidated accounting group, as well as contractual	0

arrangements that are joint arrangements not structured through an entity (i.e., jointly controlled operations and assets), for which it has operational control

GHG intensity per net revenue	2024
Total GHG emissions (location-based) per net revenue (tCO2 eq)	0.0000086
Total GHG emissions (market-based) per net revenue (tCO2 eq)	0.0000084

	Amount
Net revenue used to calculate GHG intensity	183,047,536
Net revenue (other)	0
Total net revenue (in financial statements)	183,047,536

6.3. Information on social factors (S1, S3, S4)

S1 - Own workforce

SBM–3 S1 Own workforce

Our strategy and business model greatly affect actual and potential material impacts on our workforce. As an organization operating in the IT sector, with a particular focus on technical support and cyber security, key aspect of our business is the continuous 24/7 availability of service, 365 days a year. This includes shift work that can lead to employee fatigue and increased employee turnover. On the other hand, our employee feedback from regular annual work climate analyses plays a crucial role in the adaptation of our strategy and business model. Thus, for example, the results of the work climate analyses had an effect on increasing number of days of annual leave and increasing salaries in technical support. We therefore aim to reduce potentially adverse impacts of an intensive business model and ensure a more content and productive workforce. Given the general shortage of specialists in the IT sector, and especially because areas such as cybersecurity and artificial intelligence are relatively new in the job market, we are facing challenges in finding qualified workforce. By adapting working conditions, namely introducing flexible working hours, increased number of days of annual leave and more competitive salaries, we can attract and attain skilled employees, and increase their motivation and productivity.

Although women are under-represented in the IT industry, investing in coaching programs, empowering women talents and attracting young female experts can improve our competitiveness and enhance our working culture. In order to improve balance, at the level of the Company we actively participate in projects such as Work in Tech, a project providing education programs and opportunities to gain practical experience to young women without prior IT education or experience. At the end of the program, we offer job opportunities to participants, thereby fostering their integration in the IT sector and contributing to higher gender diversity within our industry. Being focused on the career development of employees allows us to develop talents within our organization and reduce dependency on external labour market.

Except for full-time employees, people employed on the basis of student contracts, fixed-term employment contracts, service contracts and copyright contracts are also included in Span's own workforce. We currently don't focus on impacts related to organization's value chain, but we plan on dedicating our time to these matters in the next three years, in accordance with 10.2. – transitional provision that allows for three-year period to establish a process for obtaining information from the value chain.

In Span, majority of material impacts is widespread, but some of them are systemic depending on the business segment. Therefore, impact related to work-life balance will be intensified in the business segment of providing continuous 24/7 availability of service, 365 days a year (technical support and SOC), where employees do shift work.

In addition, ongoing geopolitical situation in our affiliated company Span LLC in Ukraine leads to further serious challenges.

Material risks and opportunities arising from impacts and dependencies on own workforce are the following: loss of key staff, diversity and inclusive employment with equal opportunities, training and education for employees, internal recruitment, employee resistance to measure implementation. At Span, there are no operations with high risk of incidents of forced labour or compulsory labour in terms of type of operation (such as manufacturing plant), and in terms of countries or geographic areas with operations considered at risk. There are no operations with high risk of incidents of child labour in terms of type of operation (such as manufacturing plant), and in terms of countries or geographic areas with operations considered at risk.

There are specific groups within the workforce that are exposed to potentially greater risk of adverse impacts:

1. Women in IT industry

We operate in the IT sector, where women are usually under-represented workforce. This issue is further emphasized by the limited number of skilled female candidates on the labour market, which makes it difficult to achieve gender equality within organization. Increased awareness of these issues made us implement programs and initiatives to foster employment and development of female experts in IT.

2. Young employees and beginners

In the context of lack of skilled workforce in the IT industry, we employ young experts who often begin their careers in technical support. These positions may bear higher risks to work-life balance due to the nature of job position that involves shift work, sporadic exposure to stressful situations and continuing learning and adaptation requirements.

3. Employees of the subsidiary undertaking Span LLC, Ukraine

Taking into account the ongoing geopolitical situation, employees in our subsidiary undertaking in Ukraine are faced with additional, material risks. War makes these employees carry a psychological and emotional weight, which impacts their mental health. Every day, these employees are faced with threats of violence and instability, exposing them to a lot of stress and anxiety, and also having negative impacts on their safety. As a result of war, there is a risk of reduced motivation and engagement, which may further aggravate impacts on workforce.

Material risks and opportunities related to impacts and dependencies on specific groups within our workforce include issues concerning diversity, inclusive employment and equal opportunities, with a particular focus on achieving gender equality. Work-life balance is also extremely challenging, especially for employees working in shifts and during night time, such as technical support and SOC employees. Those working conditions may increase the risk of stress, burnout and other negative impacts on mental health of employees.

It is also important to point out the issue related to loss of key staff due to the lack of elaborated succession plan for key roles in the organization. Various impacts, such as stress, insufficient education, sense of uncertainty in terms of future advancement or work-life balance can encourage people with key roles to leave, which as a result can seriously impact the business and financial stability of the company.

S1-1 – Policies related to own workforce

Policies at the level of the Company cover the entire workforce. For the most part, there are no policies at the level of Group. This is due to the existing focus on business priorities and allocation of resources to areas with more immediate impact on growth

and development of the Group. Taking into account the growth and business expansion, we recognize the need to formalize policies at the level of Span Group in order to ensure consistency and compliance of all business units with our values and strategic goals.

Policy name General	objectives	Material impacts, risks, opportunities	Scope	Accountable level	Monitoring/ Interests of workforce	Policy availability
Rules of Procedure	Regulating the rights and obligations of workers and employer in accordance with the Labour Act.	Violation of human rights, discrimination and inequality; Diversity and inclusive employment with equal opportunities; Work-life balance (burnout, stress, mental health).	It applies to all Span d.d.'s employees, except for people employed on the basis of student and service contracts.	Members of the Management Board	Workers may request to exercise their rights if they believe their rights were infringed within 15 days of the notification of the decision.	Available on intranet
Rulebook on procedures and measures for the protection of employee dignity	Ensuring working con ditions free of discrimination, harassment and sexual harass ment.	Violation of human rights, discrimination and inequality; Diversity and inclusive employment with equal opportunities.	It applies to all Span d.d.'s employees; it protects them from the harassment on the part of colleagues, superiors or third parties.	Members of the Management Board	Workers can report violation of dignity to Commissioners for the protection of employee dignity.	Available on intranet
Diversity and Inclusion Policy	Promoting diversity and inclusion in work environment, with guidelines and principles of action within and outside of the organization.	Violation of human rights, discrimination and inequality; Diversity and inclusive employment with equal opportunities.	It applies to Span d.d.; it is recommended to partners, suppliers and associates within the value chain.	Members of the Management Board	Employees can report violation of dignity or discrimination to Commissioners, and partners can report violation on compliance@ span.eu.	Available on intranet and public web site
Span Code of Business Conduct	Providing guidelines for ethical conduct and good business practices; defining principles and business rules for employees and partners.	Violation of human rights, discrimination and inequality; Diversity and inclusive employment with equal opportunities; Work-life balance (burnout, stress, mental health).	It applies to Span Group and all the business partners in accordance with local legislation.	Management and Supervisory Board	Employees and partners are obliged to report unlawful or unethical conduct using available channels, including compliance@ span.eu.	Available on intranet and public web site
Whistleblower protection procedure; Violation or suspected violation reporting procedure	Regulating the rights and obligations of whistleblowers, and obligations of employer in relation to the process of protection of whistleblowers.	Violation of human rights, discrimination and inequality; Diversity and inclusive employment with equal opportunities; Privacy of Employee Data.	It applies to Span Group, business partners and third parties.	Members of the Management Board	Employees and partners are obliged to report unlawful or unethical conduct using available channels.	Available on intranet

Details of specific policies Third party standards and initiatives

• Not applicable for said policies at the moment.

Involvement of workforce in the elaboration and implementation of policies

When adopting and implementing policies, we take into account employee feedback by means prescribed in mentioned policies.
Particular attention is paid to ensuring the availability of policies to all employees through intranet, onboarding process and training.

Comprehensive policies relating to own workforce of the Company are a combination of broader documents and stand-alone policies. Code of Business Conduct of Span Group is a broader document that includes key guidance for the workforce, such as respect for human rights, diversity, equality and employee well-being, while the Rules of Procedure also make part of this system, providing fundamental provisions on the rights and obligations arising from employment relationship, although it is not singled out as a stand-alone policy. On the other hand, Rulebook on procedures and measures for the protection of employee dignity, Diversity and Inclusion Policy, Whistleblower protection procedure and Violation or suspected violation reporting procedure represent stand-alone policies regulating specific areas in detail, such as protection of dignity and promoting diversity and equal opportunities.

As regulated by our Code of Business Conduct, at Span, we respect the fundamental human rights defined in the United Nations Universal Declaration of Human Rights and internationally recognized principles and guidelines, including the ILO Declaration on Fundamental Principles and Rights at Work, which concerns freedom of association and collective bargaining, prohibition of forced labour, child labour and discrimination. In addition, we respect relevant laws and standards of human rights in all countries in which we operate, thus ensuring consistent compliance with international obligations.

Company monitors compliance through several key mechanisms described in S1.

1. Policies and internal codes We adopt and apply internal policies and procedures aligned with principles of human rights, such as Code of Business Conduct, Diversity and Inclusion Policy, etc.
1. Risk assessment As part of non-financial reporting, we regularly analyse potential and actual impacts of business on human rights, including impact on employees and communities.
1. Notification mechanisms and whistleblower protection – To our employees and external stakeholders we offer the possibility to report human rights violation anonymously by means of safe channels, and protection from retaliation.
1. Monitoring working conditions We regularly evaluate working conditions, including salaries, working hours, work-life balance, etc. (work climate survey).
1. Regular reporting and transparency With the publication of sustainability report, we ensure transparent communication about mentioned topics, and we report on potential violations, impact management, etc.
1. Training and raising awareness We conduct surveys and carry out trainings for employees and management on human rights, discrimination, equality.

Cooperation with people from own workforce takes place through regular communication, open dialogues and engagement of employees in initiatives related to human and labour rights. We regularly conduct satisfaction surveys and surveys on working conditions in order to identify potential issues. At the level of the Company, employees have access to commissioners for the protection of dignity, and they are actively encouraged to submit proposals and feedback in relation to work environment and the implementation of policies that have impact on their rights. In addition, employees' representative is also a member of

the Supervisory Board, and she represents employees' interests and provides a channel for two-way communication between employees and the Management Board.

Furthermore, all employees of Span Group have the possibility to ask anonymous questions or submit comments through virtual inbox available on Viva Engage internal network. We also organize an annual event called "Ask the Management", where employees have the opportunity to pose questions directly to the members of the Management Board, who respond to them.

In order to protect the employees from discrimination, harassment and sexual harassment on the part of other employees, superiors, partners and other people that employees have regular contact with when doing their job, we adopted the Rulebook on procedures and measures for the protection of employee dignity, and appointed two people of opposite sex authorized to receive and handle complaints in relation to the protection of employee dignity.

Our corporate policies and practices are in compliance with universally adopted principles related to own workforce.

Span has the Rulebook on Occupational Safety, as well as Fire Protection Rules in place. We use them to ensure safe work environment through regular risk assessments and implementation of measures to prevent accidents and injuries.

UN GLOBAL COMPACT PRINCIPLES

HUMAN RIGHTS	Principle 1 Principle 2	Businesses should support and respect the protection of internationally proclaimed human rights. Businesses should make sure that they are not complicit in human rights abuses.	Span d.d. promotes its corporate values and culture through aligned policies and procedures in terms of human rights, equal opportunities and safe and healthy working conditions. These policies and procedures, including Code of Business Conduct, Rules of Procedure, Diversity and Inclusion Policy, and Rulebook on procedures and measures for the protection of employee dignity are made available to all employees through intranet. In addition, Code of Business Conduct was made public on Span's website in order to ensure its transparency and availability to all the stakeholders.
LABOUR	Principle 3	Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining.	Span d.d. is a signatory of the Diversity Charter – an initiative launched in 16 EU countries, which in Croatia was developed under project of the Croatian Business Council for Sustainable Development. In addition, Span adopted its own Diversity
	Principle 4	Businesses should uphold the elimination of all forms of forced and compulsory labour.	and Inclusion Policy used to clearly express its commitment to equal opportunities and respecting diversity in all business aspects. Principles explicitly stated in Code of Business Conduct of the Group are freedom of association, prohibition of forced labour and abolition of
	Principle 5	Businesses should uphold the effective abolition of child labour.	child labour. In order to protect workers from discrimination, harassment and sexual harassment, Span d.d. adopted a dedicated Rulebook on procedures and measures for the protection of employee dignity, and appointed Commissioners for
	Principle 6	Businesses should uphold the elimination of discrimination in respect of employment and occupation.	the protection of employee dignity to further ensure systematic and effective protection of employee rights.

Basis of the Diversity and Inclusion Policy lies in the legal framework defined by the Anti-discrimination Act (Official Gazette 85/08, 112/12). This Act, based on the principles of protection and promotion of equality, acknowledges seventeen basic types of discrimination grounds, including race, ethnic affiliation, colour, gender, language, religion, political or other belief, national or social origin, property, trade union membership, education, social status, marital or family status, age, health condition, disability, genetic heritage, native identity, expression or sexual orientation. We don't have ongoing specific policy commitments related to inclusion or positive action for people from groups at particular risk of vulnerability in our own workforce.

Zero tolerance for discrimination is deeply rooted in Span's culture. This rigorous approach to discrimination is reflected during the entire employee life cycle, especially in crucial phases, such as selection and recruitment, talent management, leadership, professional development, rewarding and advancement, as well as adaptation to different stages of life, including parenthood, family care, and even termination of employment contract. In case our employees experience or notice discrimination, violence or harassment, they have the right to contact the Commissioners for the protection of employee dignity and raise a complaint. Protection measures, as well as the procedures for the protection of employee dignity are laid down in the Rulebook on procedures and measures for the protection of employee dignity.

Span does not have insights into codes of conduct of all suppliers, however, it obliges them to respect Span Code of Business Conduct in its contractual arrangements. Provisions of available supplier codes of conduct include the protection of labour rights, however, available codes do not correspond completely to requirements of the International Labour Organization (ILO) standard. Span is

-

establishing supplier check mechanism that will also include compliance check in terms of the said standard.

S1-2 – Processes for engaging with own workforce and workers' representatives about impacts

The Company has several key processes in place in order to ensure open and transparent engagement with own workforce. One of them is the annual Ask the Management event, providing employees with the opportunity to pose questions directly to the Management Board and receive responses. During this event, employees can ask questions anonymously in advance or directly during the event. Answers to the questions are given live, and the entire event is broadcast via the Microsoft Teams platform to be accessible to all employees. Participants have the opportunity to ask additional questions and actively participate. In addition, assessment of satisfaction with work climate is carried out regularly, where employees can express their opinions and views. Suggestions for improvement and specific action plans for upgrading the work environment are made on the basis of obtained feedback.

The assessment covers various aspects of the work environment, including:

basic working conditions
work organization
reward system
team and organizational climate
dimensions of personal job experience, such as health and work-life balance

The assessment results are used to identify problems and as an opportunity for improvement. Based on this feedback, proposals and action plans are created to enhance the work environment and increase employee satisfaction. The work climate survey is conducted annually at Span, and every two years at the Span Group level.

Through said processes, employees have the opportunity to communicate directly with the Management Board, express their opinions and point to the challenges they face with. Their questions and comments are often related to key aspects of the work environment, and consequently to identified potential and actual impacts. Topics included are work-life balance, just working conditions, professional development and equality.

Role of the employees' representative in the Supervisory Board

Employees' representative in the Supervisory Board represents employees' voice at the highest level of management of the Company. Her role is to pass on questions and concerns of employees to the Supervisory Board and notify employees of decisions and responses of the Management Board.

Engaging with own workforce at different levels

Engaging with own workforce takes place at the level of entire organization, and within business units and sectors, as well. HR Business Partners ensure activity coordination at the level of business units, and integration of information and action plans within organization's broader framework.

If needed, there is the possibility of consulting with the employee representative. So far, we have not had such requests from employees. Overall, engaging with own workforce is performed directly, and also through employees' representative of the organization.

HR experts are primarily engaged, as well as experts from other departments, such as corporate communications and digital production, as appropriate. Financial resources are used to hire external consultants that conduct work climate surveys and other analyses.

Communication of results and engagement with employees

Employees are notified about the results of surveys and actions plans through official communication channels, such as Span TV, Span Chronicles newsletter and Viva Engage, internal social media platform. In addition, there is a possibility of direct communication through superiors and HR department. Regular 1:1 and Performance Evaluation meetings foster the two-way communication further. In addition to this, direct communication through superiors and HR department is possible.

S1-3 – Processes to remediate negative impacts and channels for own workers to raise concerns

The Company established a number of measures to protect employee dignity and ensure availability of efficient channels that employees may use to raise concerns or report irregularities. These are the defined procedures for reporting and remediating discrimination, harassment and sexual harassment, and for the protection of persons that use reporting mechanisms.

Rulebook on procedures and measures for the protection of employee dignity

In order to protect the employees from discrimination and harassment on the part of colleagues, superiors and other people that employees have regular contact with, Rulebook on procedures and measures for the protection of employee dignity ("Dignity Rulebook") was adopted. On the basis of the Dignity Rulebook, two people of opposite sex authorized to receive and handle complaints in relation to the protection of employee dignity were appointed. The Dignity Rulebook is made easily available to all employees through Company's Intranet, ensuring the transparency and availability of relevant information.

Reviewing complaints

In accordance with the Dignity Rulebook, within 8 days of notification, Commissioners are obliged to initiate a review of the complaint related to the protection of dignity, and notify complainants and the Company of the process. When reviewing complaints, Commissioners may hear the opinions of complainant, person against whom the complaint was submitted and witnesses, or obtain written observations, examine the documentation or labour assets, and take other evidence that according to the circumstances of the case they consider purposeful in order to determine relevant facts. Although we received no complaints in this area so far, we regularly analyse existing mechanism in order to ensure our employees know how and where to report possible irregularities, and that they trust the system. For example, we conducted a survey on the perception of diversity and inclusion, where we analysed the level of trust in protection mechanisms. In case we received complaints, we would file them in our internal database, and their handling would be performed by keeping track of the steps clearly defined in the Dignity Rulebook.

Although there were no complaints from employees so far, we are aware of the fact that violation of human rights, discrimination and inequality may negatively impact the work environment, including challenges women returning to work after maternity leave are faced with, and ensuring fair working conditions for all employees. In order to have a mechanism for identifying and addressing these potential negative impacts in place, we established a system which includes commissioners and clearly defined procedures for

enabling employees to report irregularities and ensuring timely and effective action of protecting their rights.

Channel for raising concerns

To ensure unbiased and objective handling of complaints, Commissioners for the protection of employee dignity appointed were external legal experts. In addition, other channels for raising concerns are available to employees:

• Anonymous virtual inbox within the internal Viva Engage network enables employees to ask questions, raise concerns and making suggestions with full anonymity

• Employees can also directly communicate with HR department in relation to reporting or problem resolving.

The Company has a grievance/complaints handling mechanism in place specifically related to employee matters. Each employee who believes that their dignity was violated, i.e. that they were discriminated, harassed or sexually harassed has the right to raise a complaint to the Commissioners in relation to the protection of dignity. The complaint shall be submitted in writing, stating the circumstances in which the harassment occurred, and it must be signed by the complainant. The complaint may be submitted by mail as a registered letter, or to the Commissioners' e-mail address: [email protected], taking into account the information published on Span's website, expressly indicating that the letter is intended for the Commissioners for the protection of employee dignity. Within 8 days of notification Commissioners are obliged to initiate a review of the complaint related to the protection of dignity, and notify complainants and employer of the process. When reviewing complaints, Commissioners may hear the opinions of the complainant, person against whom the complaint was submitted and witnesses, or obtain written observations, examine the documentation or labour assets, and take other evidence

that according to the circumstances of the case they consider purposeful in order to determine relevant facts. In the process of reviewing complaints, Commissioners take action together. In exceptional cases, if one Commissioner is prevented from participating, and actions that need to be taken in the process of reviewing complaints are of immediate necessity, they can be taken independently by the other Commissioner. After the process, the Commissioners will prepare and submit their decision to employer in writing, in which they will: 1. determine that complainant's dignity was violated or 2. reject the complaint as unfounded.

Employee perception of the protection system

At the end of 2023, a survey on the perception of diversity and inclusion within organization was conducted. Based on the survey conducted, the Company makes decisions to take appropriate actions.

Safeguarding the confidentiality and preventing retaliation

Span Group implemented a number of measures in order to ensure confidentiality and protection of employees who report irregularities:

• Confidentiality of data: All the data obtained during the process of the protection of dignity is considered a business secret and must not be disclosed to third parties, unless absolutely necessary, e.g. in legal proceedings.
• Protection against retaliation: Code of Business Conduct commands the prohibition of any retaliation on employees who report irregularities in good faith. Any retaliation, such as threats or demotion is subject to disciplinary action.
• Protection of whistleblowers: Whistleblower protection procedure defines the protection of whistleblowers, ensures the confidentiality of investigations and, where appropriate, allows for temporary relocation of whistleblowers for their protection.

Handling questions and notifying employees

Questions asked through anonymous virtual inbox are processed by the HR and Internal Communications department experts. After analysing and taking necessary actions, responses and information on the outcomes are communicated via Viva Engage platform.

Span is continuously working on raising awareness and promoting trust in existing systems of the protection of employee dignity, as well as on providing training on employee rights and available protection and reporting mechanisms.

S1-4 – Taking action on material impacts on own workforce, and approaches to mitigating material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions

List of key actions taken in order to prevent or mitigate negative impacts on own workforce in 2024 and those planned for the future, as well as their expected outcomes and contribution to objectives:

1. Improvement of work climate and dialogue with employees:

Actions taken:

• Work climate survey conducted at the level of the Company in order to identify the needs, challenges and potential issues of employees, and ensure timely response. Through different aspects and dimensions of work climate, we aim to cover and address the majority of negative impacts on own workforce.

Future actions:

• Continue with regular work climate surveys once a year.

Connection with material impacts:

• Equal treatment and opportunities for all – Diversity; Working conditions – work-life balance.

Expected outcomes:

• Maintaining or improving results of the work climate survey compared to previous year through 12 aspects that cover employee satisfaction, engagement, transparency and cooperation.

Contribution to objectives:

• Active inclusion of employees in the dialogue and timely addressing of identified challenges helps build trust and ensures continuous improvement in terms of satisfaction and working conditions.

2. Development of leadership competencies and responsibilities:

Project of development of management positions within the organization was launched, including the analysis of job descriptions and defining key responsibilities.

Actions taken:

Workshops to get the management acquainted with the catalogue of leadership competencies were organized, and a new 360 assessment of the management was conducted.
End of Span Management Academy program, in which 15 new team leaders and managers developed their leadership competencies. Future actions:
Work continuously with the management in order to ensure the implementation.
Continue with regular periodic 360 assessments.

Connection with material negative impacts:

Equal treatment and opportunities for all – equality.
Other work-related right privacy. Expected outcomes:
Empowered management capable of responsible team leading, making strategic decisions and providing support to employees. Contribution to objectives:
Clearly defining leadership competencies and developing leadership skills helps align-

ing the goals of organization with employee needs.

3. Digitalisation of employee performance management:

Start of the implementation process for SAP module Performance & Goals for the improvement and digitalisation of the performance monitoring system.

Actions taken:

• Defining the process, implementation in SAP test environment and testing.

Future actions:

• Implementation to production and putting into service for employees will take place during 2025.

Connection with material negative impacts: • Other work-related right – privacy.

Expected outcomes:

• Transparent monitoring of performance and goals of employees, increasing the objectivity of evaluation.

Contribution to objectives:

• Provides employees with clear guidance for achieving goals and ensures fair evaluation of their work. 4. Digitalisation of employee training

management:

Start of the implementation process for SAP Learning module for the improvement and digitalisation of the training management system. The goal of this module is to centralize and facilitate access to training, making resources for the development of skills and knowledge easily accessible to employees, thus addressing the potential negative impact of insufficient employee training.

Actions taken:

• Defining the process, implementation in SAP test environment and testing.

Future actions:

• Implementation to production and putting into service for employees will take place during 2025.

Connection with material negative impacts: • Other work-related right – privacy.

• Equal treatment and opportunities for all – equality.

Expected outcomes:

• Centralization and digitalisation of the training system, which aims at ensuring the availability of resources for the development of skills and knowledge of all employees.

Contribution to objectives:

• It facilitates the access to training programs to employees, improves continuous learning and development, and reduces negative impact related to lack of education.

5. Initiatives for employee health and well-being:

Investing in programs such as Fit Happens, B2Run races, and MultiSport activities, aiming at promoting physical activity and healthy lifestyle. Through collaboration with "Brave phone" association, parents are provided with training and resources for better understanding and addressing challenges of parenthood.

Actions taken:

Completed Fit Happens programs, B2Run race, Multisport, training for parents.
Successfully recertified as a "Health-Friendly Company" by the Croatian Institute of Public Health.

Future actions:

• Continue with similar programs on a regular basis.

Connection with material negative impacts:

Equal treatment and opportunities for all – equality.
Working conditions work-life balance.

Successfully recertified as a "Health-Friendly Company" by the Croatian Institute of Public Health.

Expected outcomes:

• Improved physical and mental health of employees, contributing to their productivity and satisfaction in the workplace.

Contribution to objectives:

• Activities such as Fit Happens and health education help create the culture of care for employees, reducing the risks related to illness and stress.

6. Supporting diversity and inclusion:

Actions taken:

Participation of employees in programs such as "Workplace Inclusion Champion" and UNICEF training on integrating child rights in business. Connection with material negative impacts:
Equal treatment and opportunities for all – equality
Working conditions work-life balance. Expected outcomes:
Increased awareness of the importance of equality, diversity and inclusion within organization.

Contribution to objectives:

• These actions help create an inclusive work environments, thus increasing the sense of belonging among employees.

7. Youth employment and education:

Actions taken:

• Organization of internships and employment of young talents – Span IT Gym.

Connection with material negative impacts:

• Equal treatment and opportunities for all – equality.

Expected outcome:

Increased number of young employees and their professional development. Contribution to objective:
Securing access to talents for the future growth of organization.

8. Improving data security:

Actions taken:

• Two workshops on the topic of data security conducted, including using technologies such as Passwordless authentication, with 50 employees who participated.

Future actions:

• Conduct the same or similar workshops by the end of 2025 on the topic of improving data security.

Connection with material negative impacts:

Other work-related right privacy. Expected outcomes:
Increased awareness of the importance of data protection and reduced risk of security incidents.

Contribution to objectives:

• Through workshops and training, employees become more aware of their responsibilities related to data security, thus reducing the operational risks.

9. Integration of affiliated companies Bonsai and Ekobit:

Actions taken:

During the merger process, special attention was paid to the communication with employees, by means of transparent informing about changes and adaptation to new conditions.
Connection with material negative impacts: • Equal treatment and opportunities for all
equality • Working conditions – work-life balance. Expected outcomes:
Successful transition of employees to new conditions, preserving the business continuity and adapting to new roles.

Contribution to objectives:

• Transparent communication during the merger process ensure employee trust and minimizes negative impacts of changes.

10. Acknowledgement of excellence of HR practices:

Actions taken:

• Fourth Employee Partner Certification in a row, along with the additional "Above and Beyond" certificates in the categories of Impact, Satisfaction and Future.

Connection with material negative impacts:

Equal treatment and opportunities for all – equality.
Working conditions work-life balance.

11. Increasing salaries and fair working conditions

Actions taken:

• Ensuring competitive salaries and fair working conditions in order to increase the satisfaction of employees and retain key talents within the Group.

Connection with material negative impacts:

- Equal treatment and opportunities for all – equality.

-

Outcome:

• Increased employee satisfaction and talent retention.

Contribution to objective:

• Securing competitive position on the labour market.

The scope of key measures:

Actions taken covered different groups of employees:
All employees of the Company in actions oriented towards well-being, education and work climate.
Leadership positions through specific programs of the development of leadership competencies and responsibilities.
Employees of Span Group who were part of the merger process.

Most actions are currently being taken at the level of the Republic of Croatia and were implemented and completed during 2024. The implementation of the SAP module Performance & Goals is the exception, whose final phase is planned for mid-2025, and the implementation of SAP Learning module, with planned completion in the first half of 2025. Some actions, such as regular training, monitoring of the results and continuous support to employees are integrated within continuing organizational processes, and will be carried out in the future as well: climate survey, working with the management, 360 assessment, initiatives for employee well-being, workshops related to data security. All the relevant information on remedies and processes were already elaborated in detail in chapter S1-1.

Some of the actions stated affect achieving positive impacts on own workforce, such as:

1. Improvement of work climate and dialogue with employees:

Positive impacts:

• Increased overall satisfaction of employees through open and transparent communication.

• Improvement of the results of work climate survey compared to last year through 12 aspects.

2. Development of leadership competencies and responsibilities:

Positive impacts:

Improvement of leadership skills that contribute to better team leading.
Greater clarity in expectations from managers and employees, thus reducing misunderstandings and frustrations.

3. Span Management Academy (development program for future leaders):

Positive impacts:

Development of future leaders through targeted training and practical exercises.
Empowering employees with potential for team leading.
Improvement of internal mobility and preparing employees for strategic positions within organization.

4. Digitalisation of employee performance management system (SAP module Performance & Goals):

Positive impacts:

Increased transparency and fairness in the evaluation of employee performance.
Clearly defined individual objectives that empower employees to achieve their potential.
Better alignment of personal goals with strategies of the organization, fostering productivity and engagement.

5. Support for young employees through professional practices and employment:

Positive impacts:

Ensuring fresh perspectives and new talents for future development of the organization.
Fostering the professional growth of young employees through coaching and expert training.
Building a reputation of the Company as a desirable employer among young experts.

6. Initiatives for employee health and well-being (B2Run, Fit Happens, MultiSport):

Positive impacts:

Promoting physical and mental health of employees.
Encouraging employees to have an active and healthy lifestyle by participating in sports activities and trainings.
Team building through participating in initiatives such as B2Run race or Fit Happens program together.

Group uses the following mechanisms to track the effectiveness of actions:

1. Work climate survey: Analysis of employee satisfaction through 12 aspects.
1. Tracking the engagement: Tracking the numbering of employees participating in initiatives such as B2Run, Fit Happens and MultiSport.
1. Quantitative metrics: Number of participants in programs such as Span Management Academy or professional practices for young people.
1. Qualitative feedback: Feedback from employees or managers on the benefits of initiatives implemented.
1. Program evaluation: Results of trainings such as Span Management Academy.
1. Health metrics: Results related to health promotion, such as reduced number of days of sick leave or increased engagement in health initiatives.

Material impact management primarily draws upon human resources, including human resources (HR) experts and leadership positions within the Group. Depending on specific actions and action plans required for effective impact management, appropriate financial resources are provided and planned, if necessary.

Through regular work climate surveys and performance interviews with employees and managers, HR department obtains regular feedback by means of a virtual inbox.

On the basis of the information obtained, HR department considers the overall picture and suggests actions or activities to target actual or potential negative impacts on own workforce.

HR department and management work together to revise and complete the proposal that is then validated by the Management Board or Business Unit Director (if related to only one business unit).

Next comes the implementation and further tracking. Material impact management primarily draws upon human resources, including human resources experts and leadership positions within the organization. Depending on specific actions and action plans required for effective impact management, appropriate financial resources are provided and planned, if necessary.

There are no ongoing specific measures for the mitigation of negative impacts on own workforce arising from the transition to a greener, climate-neutral economy, such as training, reskilling or employment guarantees, given the fact such challenges have not been identified in our business up until this moment. Additionally, there have been no cases of workforce reductions or mass layoffs. Consequently, measures such as job counselling, coaching, intra-company placements and early retirement plans were not necessary or applied.

Measures for the mitigation of material risks for the Group arising from impacts and dependencies on own workforce:

1. Loss of key staff (poorly defined succession plan):

Leadership competences for the identification of potential successors were developed.
A potential and impact assessment tool (9 Box Grid) was implemented.
Standards for potential and impact were defined, a basis for the future succession plan development, planned for the following years.

2. Employee resistance to measure implementation (M&A processes):

• Great attention was paid to change management, especially during the merger process and the integration of organizational cultures.

• Focusing on the inclusion of employees in changes and providing support in order to reduce the resistance. As part of these activities, sector gatherings and joint trainings were organized, enabling employees to get to know one another better and encouraging cooperation. These initiatives further contributed to the reduction of resistance and facilitated the adaptation to new working conditions.

3. Employee health and well-being:

• Regular satisfaction monitoring through work climate analyses.

• Implementing initiatives such as providing support for employees doing shift work and night shifts, and activities and initiatives focused on health and well-being.

Measures for pursuing material opportunities for the organization arising from impacts and dependencies on own workforce:

1. Diversity and inclusive employment:

• Introduction of organizational standards that highlight tolerance and respect through managerial responsibilities.

• Developed leadership competences for human resources management, including diversity and inclusion.

• Span is a signatory of the Diversity Charter, and it adopted the Diversity Policy. We plan on further developing this topic.

2. Employee training and education:

• Continuous training for building expertise, including topics such as project management, security awareness, communication and managerial skills.

• Training programs for future cyber security experts, in order to improve security capacities of the organization.

3. Internal recruitment:

Promotion of internal development and in terdepartmental mobility possibilities before employing external candidates.
Providing career development opportunities within organization.

4. Change management:

• Investing in the integration of different organi zational cultures during acquisition processes, in order to ensure a successful implemen tation of changes.

The Company has established and main tained a risk management system in order to connect strategic goals and risks with the operative risks and in this way manage the operations in the best possible way. By late 2022, the Company started the implementation of the risk management system according to ISO 31000 standard. The standard contains recommendations and good practice in the area of risk man agement and there is no official ISO cer tificate for it. The Risk Management Policy was defined ("Risk Policy"), applying to all temporary, occasional and permanent employees of Span, depending on defined roles and responsibilities. The Risk Policy specified competences, responsibilities and principles. The risk assessment frequency and reference to the Risk Appetite document were defined. It is specified that Span will accomplish its goals offering products and services while taking into account mainte nance and respect of high ethical standards of operation and sustainability, which shows the integration of material risks related to own workforce into existing risk manage ment processes.

Risks application of controls and treatment plan for significant risks are presented to the Management Board twice a year. Cor rections are made and tasks are assigned to individuals within teams at the meet ings of the Management Board. Aim of the system which is set up in such a way is to train the Company in terms of management of existing and identified risks, regulating their importance and effect. We approach the assessment of effectiveness of such management system by considering the reduction of residual risks in relation to the initial ones due to applied controls, and we define treatment plans for unacceptable levels of key risks. This systematic approach enables the Company to identify, manage and mitigate risks related to workforce, while supporting strategic goals and sustainable development at the same time.

Implementation of the action plan does not require significant operating expenditures and/ or capital expenditures at the moment, since the action plan has not yet been defined.

Action	Expected outcomes	Contribution to objectives	Extent	Affected groups	Geography	Period of completion	Qualitative/quantitative information
1. Developed leadership competences for the identification of potential successors	• Clear identification of potential successors for key roles. • Reducing the risk of losing key staff.	Timely identification of employees with high level of business sustainability and reducing individual dependence potential.	Key roles in Span d.d.	Management and potential successors.	Span d.d., with plans to extend to affiliated companies.	Completed in 2024.	• Defined responsibilities for all management levels. • Developed leadership competences. • Conducted training. • 360 survey assessment for management.
2. Implemented a potential and performance assessment tool (9 Box Grid)	• Structural and objective employee assessment. • Talent identification.	Objective analysis of employees, transparency of assessment, reinforcement of trust and succession planning.	Assessment of all employees.	Management and employees.	Span d.d., with plans to extend to Group.	Completed in 2024, with regular audit once or twice a year.	• 100% of employees concerned.
3. Defined standards for potential and performance	• Clearly defined assessment criteria. • Basis of the succession plan development.	Reduces subjectivity, ensures consistency and fairness in human resources management.	All departments and levels of employment.	Management and employees.	Span d.d., with possibility to extend to Group.	Completed in 2024.	• Clearly defined criteria for potential and performance. • Set standardized approach at the organizational level.
4. Great attention paid to change management (M&A processes)	• Successful integration of organizational cultures. • Reduction of employee resistance.	Community building, reducing uncertainty and facilitating the adaptation to new working conditions.	Departments involved in integrations.	Employees affected by the M&A processes, managers and HR team.	All locations in which Span does or plans to do acquisitions.	Completed in 2024, with the continuation of actions in 2025.	• Organized activities (social gatherings, training). • Reduction of employee resistance. • Successful integration of cultures.
5. Regular satisfaction monitoring through work climate analyses	• Timely challenge identification. • Improvement of working conditions.	Informed decisions, continuous employee satisfaction, reduction of turnover and burnout.	All employees of Span d.d.	All employees.	Span d.d	Completed in 2024, carried out annually.	• Survey completion rate. • Qualitative and quantitative analysis of results. • Number of initiatives for employee welfare.
6. Support for employees doing shift work and night shifts	• Health and welfare improvement. • Stress reduction and satisfaction increase.	Improvement of productivity and long-term business stability.	Technical support, SOC, shift workers.	Employees working in demanding working conditions.	Span d.d	Implementation of actions started in 2024; it is being carried out continuously.	• Survey completion rate. • Analysis of satisfaction and key trends.
7. Introduction of organizational standards for tolerance and respect	• Increase of diversity and inclusion. • Reducing discrimination.	Promoting inclusive organizational culture, attracting diverse talents and fostering innovation.	Entire organization.	All employees, especially underrepresented groups.	Span d.d., with plans to extend to international level.	Implementation started in 2024; it is developing continuously.	• Defined leadership responsibilities and competences, with a focus on diversity and inclusion.
8. Continuous training for building expertise	• Improvement of expert and technical knowledge. • Reinforcing innovation and competitiveness. • Training of cyber experts.	Reinforcing key competences, reducing the need for outside experts, resilience to cyber threats.	All departments and levels.	All employees.	Span d.d., with plans to extend to international level.	Continuously.	• Amount of training, certified employees, certificates obtained. • Training and instructor satisfaction.
9. Promotion of internal development and mobility possibilities	• Increase of employee engagement. • Reducing costs of external recruitment.	Provides career development opportunities within organization, reduces turnover and ensures business support.	All departments.	Employees interested in career development.	Span d.d., with plans to extend to Group.	Continuously.	• Amount of internal transitions. • Turnover rate.

S1-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities

At the moment, the Group does not have defined targets in place related to specific sustainability matters, since there is still an ongoing process of identification of such matters.

S1-6 – Characteristics of the Span Group employees

In 2024, there were 124 departures from the Span Group, and our employee turnover rate was 14.44%. Calculated as the ratio of the number of departures to the average number of employees in 2024. The average number of employees is calculated as the arithmetic mean of the number of employees at the beginning and at the end of the reporting year. Employee turnover increase is partly a reflection of global trends in the IT industry. Root causes include adaptation to post-pandemic conditions, inflation, need for optimization of expenses and dynamic changes imposed by the global market circumstances. Despite the increased employee turnover, total number of employees was stable, owing it to being focused on employing profiles that best suit our strategic goals and the development of key competencies.

All data related to the number and distribution of employees were taken from internal databases. Estimates to arrive at the presented information were not included.

S1-9 – Diversity metrics

Senior management consists of the members of the Management Board, Senior Directors and Directors.

Gender diversity at top management level	Gender distribution in number at top management level	Percentage (relative to the total at top management level)
Male	23	82.1%
Female	5	17.9%
Other*	0	0
*Gender as specified by the employees themselves

The Company predominantly has highly specialized technical and engineering positions (e.g., software engineers, system architects), which are highly competitive in the labor market. Most employees in these positions

are men.

Excessive CEO pay ratio is 5.20.

The total compensation ratio for the reporting period is 5.20, which means that the total annual compensation of the highest-paid employee, including base salary, bonuses, allowances, benefits in kind, and other forms of remuneration, is 5.20 times greater than the medial compensation of other employees within the organization.

This ratio indicates a moderate difference between the compensation of the highest-paid employee and the medial compensation of employees in the organization. The ratio of 5.20 reflects the practice of rewarding key management with competitive compensation packages, aiming to attract and retain highly qualified leaders while maintaining balance and fairness in the distribution of compensation among a broader range of employees.

The total compensation ratio also demonstrates the organization's responsibility in structuring the compensation system, taking into account industry standards and best practices. This ratio is in line with the organization's policy based on transparency and fairness, ensuring competitiveness in relation to the labor market.

S1-17 – Incidents, complaints and severe human rights impacts

There were no reported cases of discrimination or harassment so far, and there were also no complaints or fines. In addition, there were no severe human rights incidents connected to the workforce, or cases of non-respect of the UN Guiding Principles or ILO Declaration, and there were also no fines.

Gender	Number of employees
Male	589
Female	263
Other*	0
Not reported	0
Total Employees	852
Cross-referencing of the information mentioned above to the most representative number in the financial statements	Reference 10. Staff Costs
Country	Number of employees

Croatia	776

2024

Span	Croatia
Number of employees (head count)	776
Number of permanent employees (head count)	773
Number of temporary employees (head count)	3
Number of non-guaranteed hours employees (head count)	0

2024.

Span	Male	Female	Total
Number of employees (head count)	534	242	776
Number of permanent employees (head count)	532	241	773
Number of temporary employees (head count)	2	1	3
Number of non-guaranteed hours employees (head count)	0	0	0

*Gender as specified by the employees themselves

S1-16 - Remuneration metrics (pay gap and total remuneration)

The gender pay gap in Group is 14.25%.

As part of the analysis of the employee structure and their average earnings, a gender pay gap of approximately 14% was recorded. The difference is primarily the result of the specific distribution of genders by function, the level of seniority in highly specialized technical positions, and the market value of certain positions.

S3 – Community – Company specific SBM-3 – Community – Company specific

In the process of DMA, Span Group did not identify any negative impact, risk or opportunity on affected communities with particular characteristics, nor did it identify risks that could lead to adverse effects. Communities in the business locations of the Group are not exposed to material impacts because the Group operates primarily in the digital environment, without physical production activity. Throughout our value chain, we collaborate with non-profit organizations, providing them with technical support and developing solutions for the improvement of their business. Therefore, we identified a Company-specific positive impact.

Our engagement in the educational sector naturally derives from strategic orientation and business model. As an organization specializing in infrastructure services, cloud solutions, cyber security, technical support and software development, we aspire to pass our knowledge and experience on future experts. Our employees regularly take part in lectures, workshops and coaching programs, sharing their expertise in key technological areas, including infrastructure, service management, cloud technology, cyber security and software development, thereby enhancing the digital competences of the community.

Apart from that, Span supports non-profit organizations with application development in order to facilitate their business, using technologies such as Microsoft Power Platform. In addition, we ensure support during licences activation, creating user accounts, data migration and user training regarding the basic use of Office 365 services, enabling them to be more efficient in managing day-to-day operations. Thereby we contribute to the improved efficiency of those organizations, and we support the local community in their work. More information about this can be found in the chapter: 3.7 Span volunteers: the power of knowledge and skills, and on the Company's website.

These activities positively impact the educational communities and civil society in the regions in which the Company operates. Although a direct adaptation of strategy is not the main goal for now, in the long term, activities with educational institutions and non-profit organizations can contribute to the adaptation of business models

S3-1, S3-4, S3-5 –Policies, Measures, and Targets related to Affected Communities

The Group did not adopt specific policies, actions nor targets related to affected communities, given the fact we did not identify material negative impacts or risks related to the community, but a positive company-specific impact. However, we are aware of the importance of continuous monitoring of our sustainable activities, and we plan on conducting further analyses that will help us identify possible needs for the development of targeted policies, actions and targets in the future.

Respect for the human rights of communities, and indigenous peoples specifically

Span Code of Business Conduct reflects core values of the Group, and includes guidance for fair and responsible operation. Compliance with internationally recognized principles is highlighted in the Code, including the United Nations Universal Declaration of Human Rights and the ILO Declaration on Fundamental Principles and Rights at Work. Although no specific provisions related to affected communities are stated directly in the Code, our partners and employees are obliged to adhere to the principles of honest business practices and Span's core values, including indirectly advancing positive impacts on communities.

Measures to provide and/or enable remedy for human rights impacts

At the moment, there are no explicitly prescribed measures or mechanisms to ensure the protection of human rights of affected communities or enable remedy.

S3-2 – Processes for engaging with affected communities about impacts

Engaging with communities is done based on needs and characteristics of each community. Projects and initiatives are arranged in accordance with identified needs of each community. Although no cooperation mechanisms are formalised, the Group is open to adaptation of its activities in order to achieve a positive impact on communities.

Key activities and collaborations

In the course of last year, we contributed to enhancing the digital competences of young people and connecting the educational sector with IT industry through a number of activities and collaborations:

• Participating in career events: We actively participated in job fairs, such as FER Job Fair, Career Day at Algebra University, Career Day at Faculty of Transport and Traffic Sciences and TVZ Career Day, where we presented career opportunities in our organization.

• Engaging with high-school students: We visited high schools for the first time to present career opportunities and the IT industry to graduates, and through Span IT Gym internal program we provided professional practices and coaching to young people interested in pursuing a career in IT. Upon completion of professional practices, we even employed a few of the students.

• Gaming community: By participating in Good Game Zagreb 2024, a charity gaming tournament, we continued our cooperation with the gaming community, further reinforcing our connection with young people interested in technology and IT industry.

These activities are not only single events, but a part of long-term strategy of investing into future IT experts and reinforcing the digital competences of the society. Although formalised polices have not yet been adopted, our approach is based on the following principles:

• Talent development and connecting with the

industry: We aim to continuously improve our cooperation with educational institutions in order to ensure access to knowledge and resources necessary for a career in IT to students and pupils.

• Practical training and coaching: By way of lectures, workshops and professional practices, we help young people to gain practical knowledge to help facilitate their entry into the labour market.

• Promoting cyber security: Through trainings and workshops, we raise awareness of security threats and the importance of data protection.

Our activities in the educational sector and supporting young people in development of

• Cooperation with the academic community: We organized lectures, workshops and panel discussions at the Faculty of Engineering in Rijeka, the University of Applied Sciences in Zagreb, the Faculty of Organization and Informatics in Varaždin, and other institutions. In these lectures, we share practical IT knowledge and promote the importance of cyber security and technological innovations.
• Supporting talent development: As a RiTeh Web Team gold sponsor, we supported initiatives such as Ri-Hack hackaton and Ri-Comp conference, providing students with the opportunity to acquire practical skills in software solution development.

their digital competences have a long-term positive impact on community and industry. Cooperation with educational institutions, coaching and professional practices enable students and pupils to gain practical knowledge necessary for success in the digital world. In addition, such activities also help educational institutions to adapt the syllabus to the actual needs of the industry. In the long run, such partnerships contribute to the development of the IT sector and increase employability of young talents, while ensuring a high level of technical expertise in the community at the same time.

Coding, Computer Forensics, AD Tier Model, Ethical Hacking, Cloud Security, Windows Internals, EDR Internals & Evasion, Database Security, Computer Forensics, Secure Your Cloud: Hands-On workshop, Cyber Security Analyst Academy, Advanced Memory Forensics, Active Directory Security, Cyber Threat Intelligence and Cyber Security for IT Professionals. Mentioned public specialized trainings were attended by 219 participants from 120 legal entities, and in addition to that, 24 private trainings were held, most of them being trainings for the leading staff, with a particular focus on risk and crisis management, and security incident responses.

You can read more about Span's development of security solutions for cyber attacks in the topical chapter Governance information, G1 – Company-specific, on page 195.

S4 – Consumers and end-users

SBM-3 – Consumers and end-users

The only identified material impact on users derives from the close link betweens Span's strategy and business model and personal information management. Given the fact we provide IT services and solutions that include data processing and protection, personal information included, one of our crucial responsibilities is to ensure GDPR compliance. The compliance will prevent invasion of privacy of natural persons (subjects) and exposing their personal information to unauthorized access and misuse. Data security breaches (e.g. unauthorized access, unauthorized disclosure) may cause identity theft, financial loss or sense of insecurity among end-users. This risk directly impacts the adaptation of our strategy and business model. Span continuously invests in the improvement of data protection policies, implementation of advanced protection mechanisms and employee training. Our business activities include establishing a compliance monitoring system, and proactive measures to ensure responsible data management, thus further reducing the possibility of adverse impacts.

Span identified the development of security solutions for tackling cyber attacks as a material opportunity directed at its users. We impact the protection of personal information. More information about this can be found in the chapter 1.3.1: Description of the operation and main activities, and in the topical part Governance information – company-specific: Development of security solutions for tackling cyber attacks. Our identified material impact does not relate to a specific user group.

All users on whom the Group has, or will have, a significant impact — either through its own operations or the value chain — are included in the scope of the DMA. Span Group does not have products inherently harmful to people, products that increase risks for chronic disease, products that particularly impact the children or financially vulnerable individuals. When assessing the materiality of impacts on users, we did not identify specific user groups with particular characteristics that may be at greater risk of harm compared to other users. Our products and services do not target specific vulnerable user groups, and data management processes are equally rigorous for all users, regardless of their age, location or other specifics. Users of our digital services may be subject to personal information privacy and protection risks, i.e. they depend on accurate and accessible information in order to prevent potentially harmful use. The impact is widespread in the context of digital services that we provide, particularly in relation to user privacy, and it concerns individual cases.

S4-1- Policies related to consumers and end-users

Although the Group does not have a separate policy aimed at direct user privacy protection, the Company includes the rights related to

user privacy and personal data protection in publicly available policies, such as: Privacy Policy, Code of Business Conduct and User Personal Data Processing Rules. These policies ensure GDPR compliance and define means by which we collect, process, protect and manage personal data of users.

Also, Span adopted internal policies and procedures related to handling of requests or incidents, and the User Personal Data Processing Rules, which not only further elaborate on the processing of their personal data, but on the employee obligations in case they work on the processing of personal data for Span, as well.

General objectives of the policy:

Cyber Security Incubator:

The mission of our Cyber Security Incubator (CSI) is to provide cyber training experience and empower the cyber competencies of all employees, both within Span and our clients' employees, helping them develop the knowledge and skills needed for secure operations in a digital environment. In the last year, CSI focused on intensively educating the market on key aspects of cyber security, raising awareness of threats and empowering organizations through expert training.

We developed and conducted more than 35 different trainings, and some of them were held several times due to increased interest. Trainings held can be divided into three groups: trainings for raising awareness of the cyber security, trainings for the management, and technical specialized trainings. Trainings for raising awareness of risks and means of protection are intended for all employees, management trainings are intended for different levels of leading staff in organizations, while technical trainings are intended for IT and cyber security specialists. All trainings are composed of theory and practice, with scenarios defined in advance. 23 trainings for raising awareness were held, including trainings such as: Cyber Security Essentials, Security Practices for Phishing Attacks, which were attended by more than 1 100 participants. Specialized trainings held were Secure • Ensure protection of privacy and security of user personal data.

• Align business activities with GDPR requirements and the requirements of other relevant laws.

• Encourage users to trust our services through

transparent data management. We are aware of the fact that GDPR incompliance may result in the invasion of user privacy, exposing their data to unauthorized access, financial losses and loss of trust of users. Therefore, the implementation of policy is monitored by responsible persons who conduct periodic audits, risk assessments, and monitor the compliance with standards and regulatory requirements in force. Policy applies to all business activities that include collecting, processing and storing user personal data. It encompasses all the value chain levels and geographic regions in which Span operates. There are no exemptions in the policy, it applies to all users and stakeholders equally. Executive Director for Information Systems and Security has the highest level of responsibility for the implementation of policy, managing a team of experts for data protection. Data Protection Officer (DPO) is also appointed, ensuring GDPR compliance and supervising

The interests of users are taken into account through:

Transparency: Clear communication about the modes of collecting, processing and protecting data in the Privacy Policy is available on our website.

Rights of users: We enable users to exercise rights such as access, rectification, erasure and restriction of processing of their data.

Feedback: We offer the opportunity of direct communication concerning enquiries or complaints to our users, according to the procedure of handling of requests.

Privacy policy is made publicly available to all users on our website. We thus ensure transparency and user awareness in terms of way we protect their data. It is not particularly aimed at specific groups of users, and it is applied universally to all persons whose personal data is processed in the context of Span's business activities. This is because our goal is to ensure equally high level of privacy protection and data security for all users, regardless of their characteristics or specific needs.

Protection of human rights

Span acknowledges the importance of the protection of human rights and is committed to ensuring compliance with the UN Guiding Principles on Business and Human Rights, the ILO Declaration on Fundamental Principles and Rights at Work, and the OECD Guidelines for Multinational Enterprises. Matters that are material in relation to respect for the human rights include the protection of privacy and personal data. Span applies stringent measures when it comes to data protection in order to ensure that personal data of users is collected, processed and stored in compliance with the GDPR and other relevant regulations. Our general approach consists of transparency in data collection, informing users of their rights and enabling them to manage their personal data. In cooperation with users, Span is focused on building trust through transparent communication and providing clear information on ways their data is used. The Company provides remedy for human rights impact by establishing a mechanism for reporting and handling complaints of users as subjects in relation to violation of personal data. The subjects may raise complaints by visiting our website or contacting our Data Protection Officer, whose contact information is also available on Span's website. All complaints are carefully considered and handled in accordance with our internal policies and relevant legislation.

Policies related to users are mostly in compliance with internationally recognized standards that are particularly related to users, including the UN Guiding Principles on Business and Human Rights. Span does not have a due diligence system established when it comes to respect for the human rights in relation to users. There were no reported cases of non-respect of the UN Guiding Principles on Business and Human Rights, the ILO Declaration on Fundamental Principles and Rights at Work, or the OECD Guidelines for Multinational Enterprises that include users.

S4-2 – Processes for engaging with consumers and end-users about impacts

In the Span Group different channels of communication and engagement with users already exist in the context of our Customer support service, appointing responsible persons for the performance of contracts, Data Protection Officer, as well as the Compliance Officer. Depending on the type of relationship, these departments communicate with users in order to provide information, respond to enquiries and process their requests. Also, we regularly evaluate user satisfaction by means of surveys in the IT services management system, and after the project completion as well. The process of handling user complaints is clearly defined in our Complaint Management Procedure. Results of the user satisfaction analysis are discussed at monthly meeting of the management, and yearly at the Management Report. Also, there is a basic process for engaging with users, which includes direct communication via telephone, e-mail, and online channels (website and social media platforms).

In case situations that may impact the workforce occur (e.g. if user data is likely to impact employee security or business processes), we conduct internal consultations with relevant teams, including the Legal Department, Data Protection Officer and IT departments, in order to ensure timely addressing of all potential impacts. In addition, our employees responsible for tracking the user satisfaction and Data Protection Officer regularly monitor end-user feedback in order to ensure that each potential impact on our workforce is timely identified and addressed.

Basic interactions with users occur in the process of license selling, management of IT services of users, and project activities at the level of IT infrastructure of users, and in all those aspects we monitor the security of data privacy. Data and product security is a key aspect of Span Group's operation, and the cooperation with users and relevant stakeholders takes place in accordance with ISO 27001, which ensures comprehensive measures of data protection and safe product development. In this context, cooperation with users and other stakeholders takes place by means of exchanging information on security requirements, compliance and risks, and adapting security policies to the latest regulatory and market requirements. Director of the relevant

business unit is responsible for assessing the relevance of the information and for integrating the information into security measures, in cooperation with security and compliance teams. Effectiveness of the engagement is evaluated by analysing the complaints and through user satisfaction surveys. We have been monitoring user satisfaction since 2014, using defined survey processes while managing services and projects, and through complaints received. The Management Board and management are informed about these parameters at regular monthly meetings, and they can act and make strategic decisions accordingly.

S4-3 – Processes to remediate negative impacts and channels for consumers and end-users to raise concerns

We defined the Complaint Management Procedure, which describes the process of handling user complaints. This procedure ensures that all complaints are carefully considered and handled in accordance with our internal policies and relevant legislation. Each complaint must be registered and processed, by means of communicating the reason for dissatisfaction to the user representative and attempting to correct the mistake or misunderstanding.

Within our anti-bribery management system, we established a Violation or suspected violation reporting procedure, which enables employees, partners, users and other relevant stakeholders to anonymously raise concerns in relation to any occurrence or conduct they consider irregular. Depending on the type of irregularity, users can submit their complaint to the Compliance Officer, Data Protection Officer and Span's Legal Department (whose e-mail addresses are available on the website). The Reporting Committee, which consists of the Compliance Officer and the directors of the Legal Affairs, Human Resources and Quality Department of Span, is responsible for receiving and further processing of all anonymously reported cases. We thereby guarantee transparency and responsibility in

the implementation of policy. The policy is in compliance with the General Data Protection Regulation and other relevant regulatory requirements. In addition, it is based on the best industry practices and information security standards, including ISO 27001.

handling reported cases. We have not yet been able to assess the effectiveness of the legal remedy introduced, and we did not assess the user awareness of these processes. More about this can be found in topical chapter: Governance information, G1-1.

Span respects the rights of users to legal protection, and it established mechanisms that users may utilize to report their concerns or irregularities observed, in order to ensure and facilitate the right to a remedy.

In case an employee is exposed to any type of discrimination, harassment or sexual harassment, Span also appointed Commissioners for the protection of employee dignity. Those Commissioners are authorized to receive and handle complaints related to the protection of employee dignity in accordance with the Rulebook on procedures and measures for the protection of employee dignity, which is available to all employees on Span's intranet.

Employees may address all complaints, notifications, questions, requests and other findings that fall under the scope of responsibility of the Commissioners for the protection of employee dignity: via e-mail on: povjerenici. [email protected] or in writing to the address of the Commissioners "Odvjetničko društvo Jelavić & partneri j.t.d.": Palmotićeva 70, 10000 Zagreb.

S4-4 – Taking action on material impacts on consumers and end- users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions

Span implements technical and organizational measures in order to ensure the highest possible degree of data protection. Measures applied vary from technical protection measures, such as access limitation to certain spaces, supervising access to spaces, use of firewall and technical solutions that prevent data leakage, to organizational measures, such as implementation of ISO 27001 and ISO 22301, adopting rules on data protection, procedures related to handling cases of requests or incidents, training and raising awareness of employees in terms of data protection. Span enabled the subjects to submit requests in relation to the protection and exercise of their rights by way of information available on Span's website or by contacting the Data Protection Officer via e-mail. Additional measures were not identified as necessary at the moment.

At Span Group, we don't have ongoing targets in the context of the GDPR compliance. However, we monitor the effectiveness of our policies and measures related to the protection of privacy and data security using monitoring and reporting processes. These processes include monitoring of the GDPR compliance by way of legal and security teams. Although we do not monitor specific targets related to the GDPR, we monitor relevant metrics that help us evaluate the effectiveness of our measures and policies. Progress is assessed on the basis of internal and external evaluations, with a particular focus on achieving high standards of data protection. Qualitative metrics include user feedback and the results of satisfaction surveys, whereas quantitative metrics include number of user complaints, time needed to handle complaints and the percentage of successfully handled complaints. In addition to that, we measure progress using quantitative metrics such as number of successfully conducted audits and the percentage of employees that received training on the topic of data protection. Reference period for monitoring progress covers a calendar year, and the results are analysed at monthly meetings of the management and at the yearly Management Report. Based on those metrics and the results of regular reports, we are able to evaluate the effectiveness of the implementation of our policies in relation to the GDPR compliance, despite the fact we do not have specific targets when it comes to this topic.

The process by which we determine actions needed and appropriate in response to a particular actual or potential negative impact on users is based on the risk analysis and the evaluation of existing policies and procedures. Teams from the Legal Department and Customer support and data protection service take part in this process, and they evaluate potential negative impacts of our services and products on users, including the violation of data privacy. If an actual or potential negative impact is noticed, internal analyses are conducted and they may include questionnaires or surveys for users, as well as consultations with external experts, if applicable, in order to determine appropriate measures. Based on those analyses, we develop specific measures to mitigate negative impacts or to prevent the recurrence of incidents.

Based on our approach, particular material negative impacts on users largely depend on the compliance of products and services with the regulations, quality of customer support and rights of users to privacy protection. If specific negative impacts occur, we apply measures that include improvement of product design, improvement of customer support, and the implementation of measures to increase the security and the GDPR compliance. We also take action when it comes to monitoring user feedback and adapting our practices to their needs. We consider taking a broader measure at sectoral level, when necessary, such as cooperating with regulatory authorities or launching initiatives to raise awareness of data security and rights among users, in accordance with the regulations. We may also be in touch with other relevant parties, such as consumer protection organisations, in order to join forces and align our approaches.

We have taken the steps to enable remedy in case of material negative impacts on users. We ensured users have access to clear information on their rights to remedy through our privacy policies and complaints procedure. In addition, all our users have access to the channel for anonymous reporting, by means of which they may report any suspicions in relation to negative impacts of our services. We ensured our complaints procedures are effective, clearly defined and easily accessible to all users. Complaints are handled within a reasonable period of time, and updated reports about the status of their cases are sent to users. In case of serious complaints or disputes, we ensure the possibility of outof-court procedure for resolving disputes in cooperation with relevant authorities. By doing so, we guarantee the availability and effectiveness of remedy for our users. We haven't had the opportunity to evaluate the results of securing remedy for those affected, and so far there have been no serious incidents and cases related to human rights of our users. At Span Group, human capital and expertise in the form of interdisciplinary teams that include experts in the area of legal affairs, protection of data privacy, customer support, product development and marketing are assigned the management tasks related to our material impacts on users. We use advanced technologies for data protection, such as encryption, firewalls and systems for the detection and prevention of threats as measures for the mitigation of impacts. These teams cooperate closely in order to ensure that all our products, services and processes are in compliance with the relevant legislation, data protection standards and best practices in the area of customer support.

We implemented the risk management system according to the recommendations of the ISO 31000, which enables us a systematic risk assessment based on their likelihood,

potential impact and source. We integrate additional controls and assess the residual risk, and we plan and conduct risk treatment plans where necessary. Material risks are presented to the Management and Supervisory Board once a year, or where appropriate. The Legal Department, in cooperation with the Data Protection Officer ensures that provisions regulating the processing of personal data according to the GDPR are included in all the contracts with users. We also sign separate Data Processing Agreements, whose content is in compliance with the GDPR in all legal relationships as applicable.

Expected outcomes for each of the measures we implement include improvement of user satisfaction, increased compliance with the relevant legislation (especially GDPR), reduced number of user complaints, and the optimization of our business processes. Each measure contributes to the achievement of the objectives by reducing the risks related to data privacy, increasing the transparency when it comes to communication with users, and improving our ability to respond promptly to user needs.

All the measures described are applied to all the relevant sectors within the Company, including internal IT, human resources, legal affairs and customer support. Measures are aimed at all our users, including end-users of our products and services, and stakeholders such as business partners that come in contact with our services and products. Geographically speaking, measures are applied in all the markets in which we operate. Span is in the process of defining a period for the completion of each key measure.

Previously, measures related to the GDPR, involvement and improvement of customer support have already yielded positive developments, proven by the reduced number of complaints compared to last year. In addition to that, the results of user surveys show an increase of user satisfaction in relation to data privacy and right of access to information, with a 15% improvement in the last six months.

S4-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities

At the moment, we do not have targets related to specific sustainability factors, such as protection of data privacy or GDPR com-

pliance. Reasons for not establishing our targets include the nature of dynamics in the area of data protection, where priorities tend to rapidly change in accordance with the applicable regulatory requirements and specific needs of our users. However, the Group is open to further assessment and adaptation of its policies and resources in accordance with future needs or changes in assessing the materiality of impacts on communities.

1.4. Governance information (G1)

G1-1 – Corporate culture and business conduct policies

Span Group is committed to maintaining high standards of business conduct and fostering a positive corporate culture. In this context, we developed policies that guide our operations in the key aspects of business conduct, including management of relationships with suppliers and prevention and detection of corruption and bribery.

Code of Business Conduct: Code of Business Conduct defines the standards of conduct we expect from all employees, as well as business partners and shareholders. The Code covers topics such as decency, integrity, respect and responsibility.

Anti-corruption and anti-bribery policy The Company has rigorous policies in place for the prevention and detection of corruption and bribery. These policies include procedures for reporting suspicious activity, measures for the protection of whistleblowers, policy of managing conflict of interest, and gift giving and receiving rules.

Data protection policy: Data protection policy of the Company ensures a unified approach when it comes to the processing of personal data in accordance with the relevant laws.

Our corporate culture is based on the principles of cooperation, professionalism, ethical conduct, responsibility and transparency. We actively foster open communication, we promote employee improvement and ensure the availability of mechanisms for reporting unethical conduct. Internal code of conduct and business policies are regularly updated and adjusted to the regulatory requirements and best industry practices.

Identified material impacts, risks and opportunities related to governance:

1. Impact of the management of relationships with suppliers, including payment practices: The Company maintains positive relationships with suppliers through open communication and cooperation, including the expansion of product/service range of suppliers, improving the quality of services and regular payment for services. Also, if the organization does not take into account social and environmental criteria in its supplier selection, it might be interpreted as supporting unsustainable and unethical practices, which can negatively impact the environment and society and threaten the long-term sustainability of business.
2. Impact of corruption and bribery: Lack of efficient measures to prevent and detect corruption and bribery can result in unethical conduct within the Group, it can threaten the

working culture and create an unfair working environment for employees.

3. Opportunity related to the increased demand for cyber security solutions: Span Group identified this opportunity because

the demand paves the way for the offer of innovative solutions and a potential opportunity for returns on investments..

Our Anti-bribery management system (ABMS) in accordance with ISO 37001 was certified in 2022. Within this system, we created a Violation or suspected violation reporting procedure, defining the ways in which one can report a violation or suspected violation of internal code of conduct (valid for internal and external users). Internal code of conduct is defined in our Code of Business Conduct, which refers to other procedures we defined within ABMS, and our Anti-corruption policy is available on our website. Reports of suspicions or violations of internal rules of conduct can be submitted in several ways, depending on the situation and the preferences of the person submitting the report. The report can be verbally addressed to the superior. If such a method is not possible for any reason, the report can be sent by email to [email protected] or anonymously via the online form available on our website, within the Procedure for Reporting Suspicion or Violation. Received reports are reviewed by a committee consisting of the compliance officer and the directors of the legal affairs, human resources, and quality departments.

In cases where employees or third parties, such as clients, wish to submit a report outside of the mentioned channels, they can do so via any of our official contact details, either by phone call to SPAN LINE +385 1 6690 240 or by sending a letter to Span d.d., attn: Compliance Officer, Koturaška cesta 47, 10 000 Zagreb, with a clear note 'DO NOT OPEN'. When it comes to reports related to violations of employees' dignity, reports are

directly addressed to the dignity protection officer at the email address dostojanstvo. [email protected]

Except for the Code, Policy and Reporting procedure mentioned, we also developed:

Gift giving and receiving procedure 2. Whistleblower protection procedure (described in detail in the topical part S1-1).

During onboarding, all employees are obliged to watch a presentation about our Code of Business Conduct and pass a short test on our Learning Management System (LMS). This is our standard onboarding process, which is the responsibility of our Human Resources Department. During our regular Management Academies, where we prepare potential employees for managing positions, we also conduct a training program for combating corruption and bribery, given by the representative of the Management Board for countering bribery. The percentage of high-risk functions covered by the training program is 6.46%. We have defined high-risk functions covered by the training program as members of the Management Board and all employees in the finance, accounting, controlling, sales, and legal departments at Span d.d. Finally, we cooperate closely with Microsoft, whose Partner Code of Conduct is very similar to ours, and members of the Management Board and the Sales Department have already watched the training on that code a couple of times, and they passed an extensive test after the training.

Investigating committee is represented by the independent representative of the Management Board and the Director of Legal Affairs, and we consider them separate from the chain of management. Once a year, the Management Report is drawn up, consisting of the outcomes of internal and external monitoring related to ABMS, and it is presented to the Management and Supervisory Board. All our policies and procedures related to anti-corruption are based on the fundamental principles of the United Nations Convention against Corruption, and they respect those principles.

G1-2 Management of relationships with suppliers

Span is guided by the principles of equitable operations, ensuring all suppliers have transparent terms of cooperation. We respect the scheduled payment dates, we foster open communication and encourage suppliers to continuously improve their services and products. Payments are made twice a week in order to minimise the risk of late payment in general (including payments to micro-, small- and medium-sized enterprises). Payments are prepared in our accounting system, and timely entry of data into the system is ensured by internal controls.

We have been assessing suppliers within our Quality Management System since 2006, based on the quality of delivery and feedback. In the last few years, we identified the need for raising the level of assessment within other management systems, including the sustainability requirements and the recommendations of the Cyber Security Act (NIS2 Directive transposed into Croatian legislation).

In order to ensure a systematic and comprehensive approach, we launched a pilot project of supplier assessment in 2024. In the following period, we plan on sending a questionnaire to our key suppliers and defining criteria of choice. Although Span Group still has not applied a formal framework for the assessment of social and environmental criteria in its supplier selection, environmental aspects are already being taken into account for certain categories of services. For example, when choosing the provider of cloud services, Span Group assesses their practices in relation to sustainability, including GHG emissions, energy consumption and governance of water resources.

G1-3 Prevention and detection of corruption and bribery

By way of contractual clauses, Span obliges primarily its suppliers, but the users as well, to respect all the relevant regulations in the area of anti-corruption and money laundering, and the Span Code of Business Conduct. A breach of said contractual clauses, as well as an infringement results in the termination of the contract and a right to compensation. The Anti-corruption policy and the Code of Business Conduct are available on Span's website in six languages for our external stakeholders, and there is also basic information about our commitment for a successful functioning of all our management systems, our anti-bribery management system included. More on anti-corruption is described in G1-1.

Also, the results are presented to the Management and Supervisory Board once a year, and they relate to all eight ISO systems implemented in Span, with a particular focus on ISO 37001, since the obligation of such reporting is a mandatory requirement of the standard concerned.

Span has not been convicted, nor have there been fines imposed on Span for violation of anti-corruption and anti- bribery laws. In addition, there have been no actions taken to address breaches in procedures and standards of anti-corruption and anti-bribery, since there have been no breaches.

G1-6 Payment practices

The average time of payment of Span d.d. is 15 days. Standard payment terms in the Company are defined as follows: for large enterprises: 60 days, and for micro, small- and medium-sized enterprises: 30 days. In order to reduce the risk of late payment, payments are made twice a week. Despite that, 2.5% of all payments were late, whereby we continuously work on improving the process and increasing the

number of timely payments. Currently, there are no legal proceedings outstanding for late payments.

G1 – Company specific: Development of security solutions for tackling cyber attacks

Span Group acknowledges the importance of cyber security as a key element in the protection of its own, as well as its users data and business operations. In accordance with our business strategy, we continuously invest in the development of advanced security solutions that keep up with the new types of cyber attacks. Span possesses the ISO/IEC 27001 Certificate since 2011, which proves our continuous investment in security measures and data protection. Information security is particularly important since we have access to the confidential information of users (for the purpose of execution of the contractual obligations).

Policies and processed implemented in ac cordance with ISO 27001 include:

Management of incidents related to cyber security for existing operations, including pro active monitoring and responding to incidents.
Compliance with the legal requirements relat ed to the protection of sensitive information, personal data and information systems.
Risk and emergency management ensuring timely response to security incidents.

During 2022, a new version of ISO/IEC 27001 was published, introducing new and chal lenging the existing security measures. In accordance with the certification scheme, Span will be in compliance with the new version of standard during 2025.

We were the first in Croatia to be certified for the ISO/IEC 42001 standard, an international standard that defines the requirements for an artificial intelligence management system. The standard is based on best practices that ensure the ethical, safe and effective use of AI technologies.

When it comes to Span's cyber security lev el, we continuously work on improvements caused by new forms of attacks as well as technologies. . In 2024, as in the previous years, we worked on different areas, particularly:

• Introducing the phishing-resistant multi-factor authentication, based on the FIDO2 standard.

Continuing internal training related to cyber security, with additional voluntary training related to personal online security of our employees.
Modernization of our internal processes en abled us to shut down all the servers in satellite/remote offices. The overall security in the Span environment was thus increased because the surface for potential cyber at tacks was reduced. Apart from that, the maintenance cost and electricity consumption will therefore be reduced.
Refactoring and security testing of applica tions for internal use.
Introducing the new Network Detection and Response (NDR) solution, and enhancing our 24/7 Security Operations Centre for its efficient use.
Modernization of internal policies and pro cedures, where the introduction of a new internal procedure for the acceptable use of artificial intelligence should be pointed out.
Although Span is not subject to Regula tion (EU) 2022/2554 on digital operational resilience for the financial sector (DORA Regulation), we plan to conduct Threat-Led Penetration Testing (TLPT), given our col laboration with the financial sector, which is subject to DORA. This allows us to follow and apply new trends in testing the security of our infrastructure.

In this reporting period, there were no secu rity incidents in Span that undermined the confidentiality, integrity or availability of data.

Disclosure Requirement and related datapoint	SFDR (1) reference	Pillar 3 (2) reference	Benchmark Regulation (3) reference	EU Climate Law (4) reference	Page number	Not significant
ESRS 2 GOV-1 Board's gender diversity paragraph 21 (d)	Indicator number 13 of Table #1 of Annex 1		Commission Delegated Regulation (EU) 2020/1816 ( 5 ), Annex II		128
ESRS 2 GOV-1 Percentage of board members who are independent paragraph 21 (e)			Delegated Regulation (EU) 2020/1816, Annex II		128
ESRS 2 GOV-4 Statement on due diligence paragraph 30	Indicator number 10 Table #3 of Annex 1				132
ESRS 2 SBM-1 Involvement in activities related to fossil fuel activities paragraph 40 (d) i	Indicators number 4 Table #1 of Annex 1	Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 ( 6 ) Table 1: Qualitative information on Environmental risk and Table 2: Qualitative information on Social risk	Delegated Regulation (EU) 2020/1816, Annex II			Not significant
ESRS 2 SBM-1 Involvement in activities related to chemical production paragraph 40 (d) ii	Indicator number 9 Table #2 of Annex 1		Delegated Regulation (EU) 2020/1816, Annex II			Not significant
ESRS 2 SBM-1 Involvement in activities related to controversial weapons paragraph 40 (d) iii	Indicator number 14 Table #1 of Annex 1		Delegated Regulation (EU) 2020/1818 ( 7 ), Article 12(1) Delegated Regulation (EU) 2020/1816, Annex II			Not significant
ESRS 2 SBM-1 Involvement in activities related to cultivation and production of tobacco paragraph 40 (d) iv			Delegated Regulation (EU) 2020/1818, Article 12(1) Delegated Regulation (EU) 2020/1816, Annex II			Not significant
ESRS E1-1 Transition plan to reach climate neutrality by 2050 paragraph 14				Regulation (EU) 2021/1119, Article 2(1)	152
ESRS E1-1 Undertakings excluded from Paris aligned Benchmarks paragraph 16 (g) točka 16. podtočka (g)		Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 1: Banking book-Climate Change transition risk: Credit quality of exposures by sector, emissions and residual maturity	Delegated Regulation (EU) 2020/1818, Article12.1 (d) to (g), and Article 12.2			Not significant
ESRS E1-4 GHG emission reduction targets paragraph 34	Indicator number 4 Table #2 of Annex 1	Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 3: Banking book – Climate change transition risk: alignment metrics	Delegated Regulation (EU) 2020/1818, Article 6		153
ESRS E1-5 Energy consumption from fossil sources disaggregated by sources (only high climate impact sectors) paragraph 38	Indicator number 5 Table #1 and Indicator number 5 Table #1 and Indicator n. 5 Table #2 of Annex 1					Not significant
ESRS E1-5 Energy consumption and mix paragraph 37	Indicator number 5 Table #1 of Annex 1				154
ESRS E1-5 Energy intensity associated with activities in high climate impact sectors paragraphs 40 to 43	Indicator number 6 Table #1 of Annex 1					Not significant
ESRS E1-6 Gross Scope 1, 2, 3 and Total GHG emissions paragraph 44	Indicators number 1 and 2 Table #1 of Annex 1	Article 449a; Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 1: Banking book – Climate change transition risk: Credit quality of exposures by sector, emissions and residual maturity	Delegated Regulation (EU) 2020/1818, Article 5(1), 6 and 8(1)		159-160

	Not significant

	Not significant


	Not significant





	Not significant





159-160

Disclosure Requirement and related datapoint	SFDR (1) reference	Pillar 3 (2) reference	Benchmark Regulation (3) reference	EU Climate Law (4) reference	Page number	Not significant
ESRS E1-6 Gross GHG emissions intensity paragraphs 53 to 55	Indicators number 3 Table #1 of Annex 1	Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 3: Banking book – Climate change transition risk: alignment metrics	Delegated Regulation (EU) 2020/1818, Article 8(1		160
ESRS E1-7 GHG removals and carbon credits paragraph 56				Regulation (EU) 2021/1119, Article 2(1)		Not significant
ESRS E1-9 Exposure of the benchmark portfolio to climate-related physical risks paragraph 66			Delegated Regulation (EU) 2020/1818, Annex II Delegated Regulation (EU) 2020/1816, Annex II		Not included in the report, gradually being introduced
ESRS E1-9 Disaggregation of monetary amounts by acute and chronic physical risk paragraph 66 (a) ESRS E1-9 Location of significant assets at material physical risk paragraph 66 (c).			Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 paragraphs 46 and 47; Template 5: Banking book - Climate change physical risk: Exposures subject to physical risk.		Not included in the report, gradually being introduced
ESRS E1-9 Breakdown of the carrying value of its real estate assets by energy-efficiency classes paragraph 67 (c).		Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 paragraph 34; Template 2: Banking book -Climate change transition risk: Loans collateralised by immovable property - Energy efficiency of the collateral			Not included in the report, gradually being introduced
ESRS E1-9 Degree of exposure of the portfolio to climate- related opportunities paragraph 69			Delegated Regulation (EU) 2020/1818, Annex II		Not included in the report, gradually being introduced
ESRS E2-4 Amount of each pollutant listed in Annex II of the E-PRTR Regulation (European Pollutant Release and Transfer Register) emitted to air, water and soil, paragraph 28	Indicator number 8 Table #1 of Annex 1 Indicator number 2 Table #2 of Annex 1 Indicator number 1 Table #2 of Annex 1 Indicator number 3 Table #2 of Annex 1					Not significant
ESRS E3-1 Water and marine resources paragraph 9	Indicator number 7 Table #2 of Annex 1					Not significant
ESRS E3-1 Dedicated policy paragraph 13	Indicator number 8 Table 2 of Annex 1					Not significant
ESRS E3-1 Sustainable oceans and seas paragraph 14	Indicator number 12 Table #2 of Annex 1					Not significant
ESRS E3-4 Total water recycled and reused paragraph 28 (c)	Indicator number 6.2 Table #2 of Annex 1					Not significant
ESRS E3-4 Total water consumption in m3 per net revenue on own operations paragraph 29	Indicator number 6.1 Table #2 of Annex 1					Not significant
ESRS 2- IRO 1 - E4 paragraph 16 (a) i	Indicator number 7 Table #1 of Annex 1				145
ESRS 2- IRO 1 - E4 paragraph 16 (b)	Indicator number 10 Table #2 of Annex 1				145
ESRS 2- IRO 1 - E4 paragraph 16 (c)	Indicator number 14 Table #2 of Annex 1				145
ESRS E4-2 Sustainable land / agriculture practices or policies paragraph 24 (b)	Indicator number 11 Table #2 of Annex 1					Not significant
ESRS E4-2 Sustainable oceans / seas practices or policies paragraph 24 (c)	Indicator number 12 Table #2 of Annex 1					Not significant

Disclosure Requirement and related datapoint	SFDR (1) reference	Benchmark Regulation (3) reference	Page number	Not significant
ESRS E4-2 Policies to address deforestation paragraph 24 (d)	Indicator number 15 Table #2 of Annex 1			Not significant
ESRS E5-5 Non-recycled waste paragraph 37 (d)	Indicator number 13 Table #2 of Annex 1			Not significant
ESRS E5-5 Hazardous waste and radioactive waste paragraph 39	Indicator number 9 Table #1 of Annex 1			Not significant
ESRS 2- SBM3 - S1 Risk of incidents of forced labour paragraph 14 (f)	Indicator number 13 Table #3 of Annex I		162
ESRS 2- SBM3 - S1 Risk of incidents of child labour paragraph 14 (g)	Indicator number 12 Table #3 of Annex I		162
ESRS S1-1 Human rights policy commitments paragraph 20	Indicator number 9 Table #3 and Indicator number 11 Table #1 of Annex I		164
ESRS S1-1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 21		Delegated Regulation (EU) 2020/1816, Annex II	165
ESRS S1-1 processes and measures for preventing trafficking in human beings paragraph 22	Indicator number 11 Table #3 of Annex I			Not significant
ESRS S1-1 workplace accident prevention policy or management system paragraph 23	Indicator number 1 Table #3 of Annex I		166
ESRS S1-3 grievance/complaints handling mechanisms paragraph 32 (c)	Indicator number 5 Table #3 of Annex I		169
ESRS S1-14 Number of fatalities and number and rate of workrelated accidents paragraph 88 (b) and (c)	Indicator number 2 Table #3 of Annex I	Delegated Regulation (EU) 2020/1816, Annex II		Not significant
ESRS S1-14 Number of days lost to injuries, accidents, fatalities or illness paragraph 88 (e)	Indicator number 3 Table #3 of Annex I			Not significant
ESRS S1-16 Unadjusted gender pay gap paragraph 97 (a)	Indicator number 12 Table #1 of Annex I	Delegated Regulation (EU) 2020/1816, Annex II	181
ESRS S1-16 Excessive CEO pay ratio paragraph 97 (b)	Indicator number 8 Table #3 of Annex I		181
ESRS S1-17 Incidents of discrimination paragraph 103 (a)	Indicator number 7 Table #3 of Annex I		181
ESRS S1-17 Non-respect of UNGPs on Business and Human Rights and OECD paragraph 104 (a)	Indicator number 10 Table #1 and Indicator n. 14 Table #3 of Annex I	Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818 Art 12 (1)	181
ESRS 2- SBM3 – S2 Significant risk of child labour or forced labour in the value chain paragraph 11 (b)	Indicators number 12 and n. 13 Table #3 of Annex I			Not significant
ESRS S2-1 Human rights policy commitments paragraph 17	Indicator number 9 Table #3 and Indicator n. 11 Table #1 of Annex 1			Not significant

Disclosure Requirement and related datapoint	SFDR (1) reference	Benchmark Regulation (3) reference	Page number	Not significant
ESRS S2-1 Policies related to value chain workers paragraph 18	Indicator number 11 and n. 4 Table #3 of Annex 1			Not significant
ESRS S2-1 Non-respect of UNGPs on Business and Human Rights principles and OECD guidelines paragraph 19	Indicator number 10 Table #1 of Annex 1	Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818, Art 12 (1)		Not significant
ESRS S2-1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 19		Delegated Regulation (EU) 2020/1816, Annex II		Not significant
ESRS S2-4 Human rights issues and incidents connected to its upstream and downstream value chain paragraph 36	Indicator number 14 Table #3 of Annex 1			Not significant
ESRS S3-1 Human rights policy commitments paragraph 16	Indicator number 9 Table #3 of Annex 1 and Indicator number 11 Table #1 of Annex 1		182-183
ESRS S3-1 non-respect of UNGPs on Business and Human Rights, ILO principles or and OECD guidelines paragraph 17	Indicator number 10 Table #1 Annex 1	Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818, Art 12 (1)		Not significant
ESRS S3-4 Human rights issues and incidents paragraph 36	Indicator number 14 Table #3 of Annex 1			Not significant
ESRS S4-1 Policies related to consumers and end-users paragraph 16	Indicator number 9 Table #3 and Indicator number 11 Table #1 of Annex 1		185-186
ESRS S4-1 Non-respect of UNGPs on Business and Human Rights and OECD guidelines paragraph 17	Indicator number 10 Table #1 of Annex 1	Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818, Art 12 (1)	186
ESRS S4-4 Human rights issues and incidents paragraph 35	Indicator number 14 Table #3 of Annex 1		189
ESRS G1-1 United Nations Convention against Corruption paragraph 10 (b)	Indicator number 15 Table #3 of Annex 1		192-194
ESRS G1-1 Protection of whistleblowers paragraph 10 (d)	Indicator number 6 Table #3 of Annex 1		193
ESRS G1-4 Fines for violation of anticorruption and anti-bribery laws paragraph 24 (a)	Indicator number 17 Table #3 of Annex 1	Delegated Regulation (EU) 2020/1816, Annex II)	194
ESRS G1-4 Standards of anti- corruption and anti- bribery paragraph 24 (b)	Indicator number 16 Table #3 of Annex 1		194

( 1 ) Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector (Sustainable Finance Disclosures Regulation) (OJ L 317, 9.12.2019, p. 1).

( 2 ) Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (Capital Requirements Regulation "CRR") (OJ L 176, 27.6.2013, p. 1). ( 3 ) Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and

Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1). ( 4 ) Regulation (EU) 2021/1119 of the European Parliament and of the Council of 30 June 2021 establishing the framework for achieving climate neutrality and amending Regulations (EC) No 401/2009 and (EU) 2018/1999 ('European Climate Law') (OJ L 243, 9.7.2021, p. 1).

( 5 ) Commission Delegated Regulation (EU) 2020/1816 of 17 July 2020 supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council as regards the explanation in the benchmark statement of how environmental, social and governance factors are reflected in each benchmark provided and published (OJ L 406, 3.12.2020, p. 1).

( 6 ) Commission Implementing Regulation (EU) 2022/2453 of 30 November 2022 amending the implementing technical standards laid down in Implementing Regulation (EU) 2021/637 as regards the disclosure of environmental, social and governance risks (OJ L 324,19.12.2022, p.1.). ( 7 ) Commission Delegated Regulation (EU) 2020/1818 of 17 July 2020 supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council as regards minimum standards for EU Climate Transition Benchmarks and EU Paris-aligned Benchmarks (OJ L 406, 3.12.2020, p. 17).

Statements

-

Deloitte d.o.o. ZagrebTower Radnička cesta 80 10 000 Zagreb Croatia TAX ID: 11686457780

Tel: +385 (0) 1 2351 900 Fax: +385 (0) 1 2351 999 www.deloitte.com/hr

INDEPENDENT LIMITED ASSURANCE REPORT

To the Shareholders of Span d.d.

We have conducted a limited assurance engagement on the Sustainability Statement included in the Annual Report of Span d.d. (the "Company") and its subsidiaries ("the Group") as at 31 December 2024 and for the period from 1 January 2024 to 31 December 2024 (the "Sustainability Statement").

Identification of Applicable Criteria

The Sustainability Statement was prepared by the Management Board of the Company in order to satisfy the requirements of article 32 and 36 of Accounting Act implementing 29(a) of the EU Directive 2013/34/EU, including:

Compliance with the European Sustainability Reporting Standards introduced by Commission Delegated Regulation (EU) of 31 July 2023 supplementing Directive 2013/34/EU of the European Parliament and of the Council ("ESRS"), including that the process carried out by the Company to identify the information reported in the Sustainability Statement (the "Process") is in accordance with the description set out in note ESRS 2 IRO-1; and
Compliance of the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement with Article 8 of EU Regulation 2020/852 (the "Taxonomy Regulation").

Inherent Limitations in Preparing the Sustainability Statement

The criteria, nature of the Sustainability Statement, and absence of long-standing established authoritative guidance, standard applications and reporting practices allow for different, but acceptable, measurement methodologies to be adopted which may result in variances between entities. The adopted measurement methodologies may also impact the comparability of sustainability matters reported by different organizations and from year to year within an organization as methodologies evolve.

In reporting forward looking information in accordance with ESRS, management of the Company is required to prepare the forward-looking information on the basis of disclosed assumptions about events that may occur in the future and possible future actions by the Group. Actual outcome is likely to be different since anticipated events frequently do not occur as expected.

In determining the disclosures in the Sustainability Statement, management of the Company interprets undefined legal and other terms. Undefined legal and other terms may be interpreted differently, including the legal conformity of their interpretation and, accordingly, are subject to uncertainties.

This version of the independent limited assurance report is translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the report takes precedence over this translation.

The company was registered at Zagreb Commercial Court: MBS 030022053; paid-in initial capital: EUR 5,930.00; Company Directors: Katarina Kadunc, Goran Končar and Helena Schmidt, Bank: Privredna banka Zagreb d.d., Radnička cesta 80, 10 000 Zagreb, bank account no. 2340009–1110098294; SWIFT Code: PBZGHR2X IBAN: HR3823400091110098294.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited ("DTTL"), its global network of member firms, and their related entities (collectively, the "Deloitte organization"). DTTL (also referred to as "Deloitte Global") and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/en/about to learn more.

Responsibility of the Management Board of the Company

Management of the Company is responsible for designing and implementing a process to identify the information reported in the Sustainability Statement in accordance with the ESRS and for disclosing this process in note ESRS 2 IRO-1 of the Sustainability Statement. This responsibility includes:

Understanding the context in which the Group's activities and business relationships take place and developing an understanding of its affected stakeholders;
The identification of the actual and potential impacts (both negative and positive) related to sustainability matters, as well as risks and opportunities that affect, or could reasonably be expected to affect, the Group's financial position, financial performance, cash flows, access to finance or cost of capital over the short, medium, or long-term;
The assessment of the materiality of the identified impacts, risks and opportunities related to sustainability matters by selecting and applying appropriate thresholds; and
Making assumptions that are reasonable in the circumstances.

Management of the Company is further responsible for the preparation of the Sustainability Statement, in accordance with article 32 and 36 of Accounting Act implementing 29(a) of the EU Directive 2013/34/EU, including:

Compliance with the ESRS;
Preparing the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement, in compliance with Article 8 of EU Regulation 2020/852 (the "Taxonomy Regulation");
Designing, implementing and maintaining such internal controls that management determines are necessary to enable the preparation of the Sustainability Statement that is free from material misstatement, whether due to fraud or error; and
The selection and application of appropriate sustainability reporting methods and making assumptions and estimates about individual sustainability disclosures that are reasonable in the circumstances.

Those charged with governance are responsible for overseeing the Group's sustainability reporting process.

Practitioner's Responsibility

We conducted our limited assurance engagement in accordance with International Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements other than Audits or Reviews of Historical Financial Information.

The procedures performed in a limited assurance engagement vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement. Consequently, the level of assurance obtained in a limited assurance engagement is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed.

Our objectives are to plan and perform the assurance engagement to obtain limited assurance about whether the Sustainability Statement is free from material misstatement, whether due to fraud or error, and to issue a limited assurance report that includes our conclusion. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence decisions of users taken on the basis of the Sustainability Statement as a whole.

As part of a limited assurance engagement in accordance with ISAE 3000 (Revised) we exercise professional judgment and maintain professional skepticism throughout the engagement.

Practitioner's Responsibility (continued)

Our responsibilities in respect of the Sustainability Statement, in relation to the Process, include:

Obtaining an understanding of the Process but not for the purpose of providing a conclusion on the effectiveness of the Process, including the outcome of the Process; and
Designing and performing procedures to evaluate whether the Process is consistent with the Group's description of its Process, as disclosed in note ESRS 2 IRO-1.

Our other responsibilities in respect of the Sustainability Statement include:

Obtaining an understanding of the entity's control environment, processes and information systems relevant to the preparation of the Sustainability Statement but not evaluating the design of particular control activities, obtaining evidence about their implementation or testing their operating effectiveness;
Identifying disclosures where material misstatements are likely to arise, whether due to fraud or error; and
Designing and performing procedures responsive to disclosures in the Sustainability Statement where material misstatements are likely to arise. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.

Our Independence and Quality Management

We complied with the applicable independence and other ethical requirements of the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants(the "Code"). The Code is founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behavior.

We applied International Standard on Quality Management (ISQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements, and accordingly maintain a comprehensive system of quality control including documented policies and procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

Summary of Work Performed

A limited assurance engagement involves performing procedures to obtain evidence about the Sustainability Statement.

The nature, timing and extent of procedures selected depend on professional judgement, including the identification of disclosures where material misstatements are likely to arise, whether due to fraud or error, in the Sustainability Statement.

In conducting our limited assurance engagement, with respect to the Process, we:

Obtained an understanding of the Process by:
- o performing inquiries to understand the sources of the information used by management (e.g., stakeholder engagement, business plans and strategy documents); and
- o reviewing the Group's internal documentation of its Process; and
Evaluated whether the evidence obtained from our procedures about the Process implemented by the Group was consistent with the description of the Process set out in note ESRS 2 IRO-1.

Summary of Work Performed (continued)

In conducting our limited assurance engagement, with respect to the Sustainability Statement, we:

Obtained an understanding of the Group's reporting processes relevant to the preparation of its Sustainability Statement by:
- o performing inquiries to understand the Group's control environment, processes and information systems relevant to the preparation of the sustainability statements;
Evaluated whether material information identified by the Process to identify the information reported in the Sustainability Statement is included in the Sustainability Statement;
Evaluated whether the structure and the presentation of the Sustainability Statement is in accordance with the ESRS;
Performed inquires of relevant personnel and analytical procedures on selected disclosures in the Sustainability Statement;
Performed substantive assurance procedures on a sample basis on selected disclosures in the Sustainability Statement;
Obtained evidence on the methods for developing material estimates and forward-looking information and on how these methods were applied; and
Obtained an understanding of the process to identify taxonomy-eligible and taxonomy-aligned economic activities and the corresponding disclosures in the Sustainability Statement.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our conclusion.

Limited Assurance Conclusion

Based on the procedures we have performed and the evidence we have obtained, nothing has come to our attention that causes us to believe that the Sustainability Statement is not prepared, in all material respects, in accordance with article 32 and 36 of Accounting Act implementing 29(a) of the EU Directive 2013/34/EU, including:

Compliance with the European Sustainability Reporting Standards (ESRS), including that the process carried out by the Company to identify the information reported in the Sustainability Statement is in accordance with the description set out in note ESRS 2 IRO-1; and
Compliance of the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement with Article 8 of EU Regulation 2020/852 (the "Taxonomy Regulation").

Other Matter

Our assurance engagement does not extend to information in respect of earlier periods.

Katarina Kadunc

Director and Certified auditor

Deloitte d.o.o.

30 April 2025 Radnička cesta 80, 10 000 Zagreb, Croatia

Statements on responsibility for compiling the report for the observed period

The financial statements of Span d.d. and Span Group for the period that ended on 31 December 2024 are shown to be fair and truthful in accordance with International Financial Reporting Standards which have been consistently applied in relation to the previous years. All materially significant transactions were accordingly recorded in the accounting records, which were the basis of the financial statements. They provide a true and complete overview of the assets and liabilities, the financial position and operations of Span d.d. and Span Group.

Nikola Dujmović President of the Management Board

Audited Financial Reports of Span Group and Span d.d.

SPAN d.d., Zagreb Annual report for the year ended 31 December 2024

This version of annual report is a translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the annual report takes precedence over this translation.

Content	Page
Annual Report of the Management Board	2
Responsibility of the Management Board for the Annual Report	7
Statement on the application of the Corporate Governance Code	8
Independent Auditor's Report
Financial statements
Statement of comprehensive Income	18
Statement of financial position	19
Statement on changes in shareholders' equity	20 – 21
Statement of cash flows	22
Notes to the financial statements	23 - 89

Annual Report of the Management Board

The Management Board of the company Span d.d. Zagreb ("The Company" or "Parent Company") presents the company's separate and consolidated financial statements for the year ended 31 December 2024. The consolidated financial statements include the financial data of the Company and its subsidiaries that make up the Span Group (the "Group").

The Management Board of the Company considers that the consolidated financial statements for the period from 1 January to 31 December 2024 have been prepared based on applicable standards and thus provide a comprehensive and truthful overview of assets and liabilities and the financial position and business operations of the Group and the Company. The Annual Report of the Management Board contains a truthful overview of the development, business results and financial position of the Group and the Company, with a description of the most significant risks to which the Group and the Company are exposed.

Principal activity:

The principal activity of the Group and the Company is to provide professional services of design, construction and maintenance of information systems to medium and large users. In 30 years of business, the Company has evolved from an IT system integrator in Croatia to a Group that today operates on the global world market.

In 1996, the Company became the first Croatian certified provider of Microsoft solutions, and since 2001 the Group and the Company have been certified as a Microsoft Gold Certified Partner and is the leading Microsoft partner in the Croatian market.

In addition to Microsoft technology, the Group and the Company base their solutions on the technology of other first-class manufacturers and also hold the appropriate accreditations and certificates:

AWS Select Consulting Partner
CheckPoint Partner Advanced
Cisco Premier Integrator
CyberArk Authorized Partner and Managed Services Provider
Dynatrace Master Partner
F5 Partner Authorized
Fortinet Select Partner
Google Cloud Partner
HP Synergy Partner
HPE Certified Aruba Gold Partner
HPE Certified Gold Partner
IBM Silver Business Partner and Managed Services Provider
Kemp Authorized Partner
Lenovo Authorized Reseller
Nutanix Enrolled Partner
Palo Alto Networks Solution Provider Innovator
Saviynt Authorized Reseller and Managed Services Provider
SentinelOne Silver Partner
Sophos Gold Partner
Symantec Partner
Veeam Cloud Service Provider Silver and Value-Added Reseller Silver
Veritas Registered Partner

Key events in 2024

On April 1, 2024, Span d.d. entered into a purchase agreement for 30% of the shares in its subsidiary, Bonsai d.o.o. By acquiring the remaining 30% of Bonsai's shares, the Company gained full (100%) ownership.

On May 14, 2024, a Merger Agreement was concluded for the merger of the subsidiaries Ekobit d.o.o. and Bonsai d.o.o. into Span d.d. On July 1, 2024, based on this Agreement, the merger was registered in the court register of the Commercial Court in Zagreb under decision numbers: Tt-24/25570-2 and Tt-24/25567-2.

Key events in 2024 (continued)

On 30 April 2024, the meetings of the Management Board and the Supervisory Board of the Company were held, at which the proposal for a Decision on the use of profit and payment of dividends in the amount of EUR 0.30 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who were registered as shareholders of the Company in the depository of the Central Clearing and Depository Company d.d. on 24 June 2024 (record date). The date from which the Company's shares were traded without the right to dividend payment is 21 June 2024 (ex date). In accordance with the proposal, the claim for the payment of the dividend was due on July 5, 2024 (payment date), and the dividend was paid out of the Company's profit achieved in 2023.

On July 4, 2024, Company Span d.d. concluded an agreement on the purchase and sale of 30% of the business shares of the subsidiary Trilix d.o.o. from the seller Mr. Mladen Amidžić. By concluding this contract, Span became the owner of 90% of Trilix's business shares, while the remaining 10% of business shares is Trilix's own share. On October 1, 2024, the Supervisory Board of the company held a constituent meeting following the expiration of the mandate of the President and Deputy President of the Supervisory Board on September 30, 2024. At the meeting, Mr. Ante Mandić was elected President of the Supervisory Board, and Mr. Aron Paulić was elected Deputy President of the Supervisory Board.

On October 8, 2024, the Company, pursuant to Article 474 of the Capital Market Act, released 3,858 of its own shares, in accordance with the conditions published in the Prospectus regarding the public offering and listing of shares on a regulated market, which relates to the allocation of Additional Shares that the Issuer will allocate to an individual employee in accordance with the ESOP program. Before the disposal, the Company owned 7,860 treasury shares, which constitute 0.4010% of the share capital, and after the disposal, it owns a total of 4,002 shares, which constitute 0.2042% of the share capital. On December 16, 2024, the limited liability company Span B.V. was established in the Netherlands, Amsterdam. The founder and sole member of the company is Span d.d.. As the Netherlands is home to the offices of Span's international partners operating in markets where Span is already present and plans to operate in the future, this country was the right choice for Span. Span B.V. will be more than just a sales representative office. The goal is to strengthen commercial and strategic ties with the most important organizations, primarily Microsoft and Google.

The mandates of the members of the Management Board of the Company, Dragan Marković and Marijan Pongrac, ended on December 16, 2024. For the next 5 years, starting from 16 December 2024, the members of the Management Board will be Saša Kramar and Ana Vukšić, and starting from 1 April 2024 Mihaela Trbojević. The President of the Management Board will be Nikola Dujmović.

Total consolidated revenues increased by 37,692 thousand euros, or 26% compared to 2023, and the Company achieved revenue growth of 10,134 thousand euros, or 10%. Total consolidated operating expenses increased by 34,146 thousand euros, or 25% compared to 2023, and the Company's expenses increased by 9,122 thousand euros. The Group's profit after tax increased by 2,152 thousand euros, to 3,398 thousand euros. The Company recorded an increase in profit after tax of 2,295 thousand euros, to 2,756 thousand euros.

2025 strategy

The Group's business strategy is growth based on new technologies, solutions and markets. As a professional IT service provider, Span designs, implements and maintains high-availability systems with the aim of increasing the security, productivity and success of our customers. We base our business systems and solutions on the platforms of the world's leading cloud technology providers – Microsoft, Amazon and Google. We ensure the scalability, reliability, and cybersecurity of the solutions we provide to our customers. Also, we implement artificial intelligence systems with the aim of increasing the productivity of our users. In order to adequately take care of the IT environment of our users, our strategy is also a strategy of learning, in-depth knowledge of technologies and the application of best practices with the aim of improving business. In this context, we also see a shift in the partner channel on the market, i.e. the way of evaluating success by our large principals (Microsoft, Google). Transactional sales success is no longer crucial. They are looking for expertise, experience and technological focus of partners – all three parameters that Span has and has been building for years. On our development path, we pay great attention to sustainable business. To better understand the key aspects of our business and its impact on the environment, society and economy, we have identified significant impacts, risks and opportunities that we will continue to focus on in the future. Our goal is to ensure sustainable growth and development and continue to create long-term value for Span.

Research and development activities

Development expenditure generally refers to own developed intangible assets with the cooperation of several companies in the Group. The total worth of the Group's intangible assets relating to development expenditure is EUR 1,754 thousand (EUR 1,742 thousand for the Company) (Note 18). During 2024 at the Group level, a total of 25 thousand euro was activated in the position of Software Development (Company 0 thousand euro) (Note 18).

Financial instruments

The Group and Company do not use financial instruments that affect the assessment of financial position and performance. The Company and Group are primarily exposed to the financial risks of changes in foreign currency exchange rates and interest rates, as further described in the Note 37 Financial instruments.

The Company and Group's Corporate Treasury function supports operations, co-ordinates access to domestic and international financial markets, monitors and manages the financial risks relating to the operations of the Company and Group.

Financial assets of the Group and Company mainly consist of receivables and cash assets in accounts, while financial liabilities predominantly refer to short-term and long-term borrowings from banks, short-term and longterm lease liabilities, and trade payables.

Information on the purchase of own shares

During November and December 2024, the Company acquired 4,800 of its own shares with the symbol SPAN-R-A on the regulated market of the Zagreb Stock Exchange. During 2024, the Company disposed of 11,671 of its own shares with the symbol SPAN-R-A.

As of December 31, 2024, the Company owned a total of 8,802 (2023: 15,673) of its own shares.

Company and Group branches

The company has no branches.

Group companies

SPAN d.o.o. Ljubljana was registered on August 18, 2009., offering a wide range of products, services and solutions on the Slovenian market.

Span IT Ltd. London, started operations during 2009 as a sales representation of the Company and significantly contributed to the growth of exports of services and solutions to the UK market.

SPAN USA, Inc., began operations on October 10, 2012, primarily as a sales rep and customer support center in the U.S.

Trilix d.o.o. maintained its position as an electronic goods processor. The consulting department provides consulting services in organization and risk management and in compliance of business processes with regulations and regulations in the field of information technologies.

During 2016, the Company opened a subsidiary Span Azerbaijan LLC in Azerbaijan through which it offers its services and knowledge in that market as well.

During 2018, the Company established two 100% owned subsidiaries Span LLC, Kiev, Ukraine and Span GmbH, Munich, Germany with the aim of expanding the markets in which it offers its services and knowledge.

During 2019, the Company opened a subsidiary SPAN SWISS AG, Switzerland. The management of Span Swiss AG made the decision to shut down the company on 13 November 2023.

During July 2021, the Company officially opened another member of the group - Span-IT s.r.l. based in Chisinau, Moldovan capital.

Group companies (continued)

On April 15, 2022, the Commercial Court in Zagreb issued a decision on the registration of the establishment of a company under the company name FINTECH DIGITAL SERVICES, a limited liability company for IT services.

Also, in 2022, the company Span Cyber Security Center, d.o.o. was founded for services and consulting that provides education and training in the field of security. On September 9, 2024, Span Cyber Security Center changed its name to Span Cyber Security Incubator.

At the beginning of 2023, the Company acquired the company GT Tarkvara, Tallinn, Estonia. It is a leading Estonian company for licensing and management of software assets.

On September 8, 2023, the limited liability company Span was founded in Georgia, Tbilisi.

On July 1, 2024, the merger was registered based on the merger agreement concluded between Span and Ekobit and BonsAI, as well as the decision of the general meetings of the merged companies approving the merger.

On December 16, 2024, the limited liability company Span B.V. was established in Amsterdam, the Netherlands.

On December 20, 2024, the Institution Span Cyber Security Center was established in Zagreb, Koturaška cesta 47.

Supervisory Board

1. Aron Paulić, member of the Supervisory Board since September 30, 2020, Deputy Chairman of the Supervisory Board since November 5, 2021, re-elected on September 30, 2024, and became Deputy Chairman of the Supervisory Board on October 1, 2024
1. Ante Mandić, member of the Supervisory Board since September 30, 2020, Chairman of the Supervisory Board since June 14, 2023, re-elected on September 30, 2024, and became Deputy Chairman of the Supervisory Board on October 1, 2024
1. Ivana Šoljan, member of the Supervisory Board from June 14, 2023 to September 30, 2024, and reelected on September 30, 2024
1. Mirjana Marinković, member of the Supervisory Board from June 14, 2023 to September 30 2024 and reelected on September 30, 2024
1. Barbara Gradečak, employee representative on the Supervisory Board of the Company since December 29, 2023

Audit Committee

1. Ante Mandić, President of the Audit Committee, appointed by the Decision of the Supervisory Board on 10 May 2021
1. Nataša Zelenika, Member of the Audit Committee, appointed by the Decision of the Supervisory Board on 10 May 2021
1. Tomislav Skorin, Member of the Audit Committee, appointed by the Decision of the Supervisory Board on 10 May 2021

Nomination and Remuneration Committee

1. Aron Paulić, President of the Committee
1. Hana Horak, Member of the Committee
3. Lucia Ana Tomić, Member of the Committee

-

Pursuant to Article 272.p, in relation to Article 250.a of the Companies Act (Official Gazette no. 111/1993, 34/1999, 121/1999, 52/2000, 118/2003, 107/2007, 146/2008, 137/2009, 111/2012,125/2011, 68/2013, 110/2015, 40/2019, 34/2022, 114/2022, 18/2023, 130/2023 hereinafter: "the Act") and Article 22 of the Accounting Act (Official Gazette no. 78/2015, 134/2015, 120/2016, 116/2018, 42/2020, 47/2020, 114/2022, 82/2023) the Management of the company Span d.d., Zagreb, Koturaška cesta 47, Company ID:19680551758 (hereinafter: "Span" or "Company") hereby issues the following

STATEMENT ON THE APPLICATION OF THE CORPORATE GOVERNANCE CODE

Span shares were listed on the regulated market of the Zagreb Stock Exchange on 21 September 2021, and Span applies the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (CFSSA), which is publicly available on the Zagreb stock exchange (www.zse.hr) and HANFA (www.hanfa.hr ) websites.

I. With this statement, Span confirms that it operates in accordance with good corporate governance practices and for the most part according to the recommendations of the Code and publishes all information whose publication is foreseen by positive regulations. Span shall present detailed explanations of departures from individual recommendations and additional adjustments in the Corporate governance practice questionnaire for issuers of shares and the Corporate governance practice questionnaire for issuers of bonds and, as defined in the Ordinance on the data concerning corporate governance the issuers are required to deliver to the Croatian Financial Services Supervision Agency and on the form, deadlines, and manner of their submission (OG 59/2020, 12/2023), submit them to the Croatian Financial Services Supervision Agency (CFSSA) not later than 30 June of the current year and publish them on the websites of the Company and the Zagreb Stock Exchange.
II. The internal control and risk management system in relation to the financial reporting process is carried out by the controlling department and internal audit services under the supervision of the Audit Committee.

In line with the Audit Act (OG 127/17, 27/2024), in addition to the tasks prescribed by Regulation (EU) on specific requirements regarding the statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC, No 537/14 and all relevant regulations, the Audit Committee shall monitor the financial reporting process and deliver recommendations and suggestions for securing the integrity thereof, as well as monitor the effectiveness of the Company's internal quality control and risk management systems, including the effectiveness of procedures for approving and disclosing transactions among Management and Supervisory Board members and the Company, as well as internal audit, without breaching its independence.

Internal Audit's key goals are providing senior management and the Supervisory Board with guarantees and information that will help the achieve organization's goals, including the evaluation of the effectiveness of risk management activities. Controlling reports to the Management Board of the Company, and Internal Audit to the Audit Committee of the Supervisory Board, and the Management Board.

Internal Audit prepares a report once the audit has been completed, and this report contains the following:

list of audits carried out
assessment of the adequacy and efficiency of internal controls and recommendations for improvements
unlawfulness and irregularities determined during the audit, and recommendations and proposed measures to address them
activities undertaken in relation to the previously issued recommendations.

Reports are delivered to the Management Board and the Audit Committee.

During 2024, Span continued to maintain and continuously improve the existing seven management systems certified according to ISO standards. Special attention was paid to information security management, IT services and business continuity. During the year, we linked the risk management methodology to the requirements of ISO 22301 - a business continuity management system (BCMS).

In August 2024, we were the first in Croatia and among the first in Europe to certify our artificial intelligence management system according to the ISO 42001 standard. With these eight implemented systems, Span ensures a high level of reliability of its business processes and an adequate level of trust from all stakeholders.

No.	Name/Name	Number of shares	Percentage (%)
1	DUJMOVIĆ NIKOLA (1/1)	603028	30,7667
2	RAIFFEISENBANK AUSTRIA D.D./ RAIFFEISEN DOBROVOLJNI MIROVINSKI FOND (1/1)	131111	6,6893
3	FIMA-VRIJEDNOSNICE D.O.O./ PONGRAC MARIJAN (1/1)	78266	3,9932
4	ERSTE & STEIERMARKISCHE BANK D.D./ PBZ CO OMF - KATEGORIJA A (1/1)	71128	3,6290
5	FIMA-VRIJEDNOSNICE D.O.O./ BANEK ZVONIMIR (1/1)	70739	3,6091
6	ERSTE & STEIERMARKISCHE BANK D.D./ PBZ CO OMF - KATEGORIJA B (1/1)	65200	3,3265
7	OTP BANKA D.D./ ERSTE PLAVI OMF KATEGORIJE A (1/1)	56056	2,8600
8	PRIVREDNA BANKA ZAGREB D.D./ RAIFFEISEN OMF KATEGORIJE A (1/1)	52097	2,6580
9	FIMA-VRIJEDNOSNICE D.O.O./ KOLAREK DARKO (1/1)	47725	2,4349
10	FIMA-VRIJEDNOSNICE D.O.O./ BOČKAL DAMIR (1/1)	46516	2,3733

III. The Ten most significant Span shareholders as at 31/12/2024 in Span are:

Span does not have holders of securities with special control rights, nor holders of securities with voting rights limits to a certain percentage or number of votes, time limits for exercising voting rights, or cases where, in cooperation with the company, financial rights from securities are separated from the holding of those securities. Span does not have specific rules on the appointment and revocation of the appointment of members of the Management Board, the Supervisory Board, amendments to the Statute or special rules on the powers of members of the Management Board or Supervisory Board. All of these relationships are subject to the provisions of the Companies Act and the Articles of Association of the Company, which is available on the Span website (www.span.eu) IV. The manner of operation of the General Assembly and its authorization, the manner of exercising shareholder rights and how their rights are exercised are determined by the Companies Act and the Articles of Association of the Company, and the invitation and proposals for decisions, as well as the adopted decisions, are publicly published in accordance with the provisions of the Companies Act, the provisions of the Capital Market Act and the Rules of the Zagreb Stock Exchange d.d. Each share is entitled to one vote.

IV. In 2024, the Management Board consisted of 4 members, until 16 December 2024, when the Management Board of the company was appointed for a new five-year term, consisting of Nikola Dujmović as President and Saša Kramar and Ana Vukšić as members. The term of office of the Management Board members and the President of the Management Board lasts a maximum of 5 years. After the expiration of the term, the Management Board members and the President of the Management Board may be reappointed without limitation on the number of terms. The Management Board manages the company's affairs at its own responsibility, with the diligence of a diligent and conscientious businessman, in accordance with the Companies Act, the Articles of Association and the Rules of Procedure of the Management Board. In 2024, the Supervisory Board operated with 5 members. The powers of the Supervisory Board are determined by the provisions of the Companies Act, the Articles of Association and the Rules of Procedure of the Supervisory Board. Within its authority, the Supervisory Board makes decisions, assessments, opinions, gives consent to decisions of the Management Board as provided for in the Rules of Procedure, law, or Articles of Association, instructs auditors, and together with the Management Board, determines proposals for decisions to be adopted by the General Assembly.

Deloitte d.o.o. ZagrebTower Radnička cesta 80 10 000 Zagreb Croatia TAX ID: 11686457780

Tel: +385 (0) 1 2351 900 Fax: +385 (0) 1 2351 999 www.deloitte.com/hr

INDEPENDENT AUDITOR'S REPORT

To the Shareholders of SPAN d.d.

Report on the Audit of the Financial Statements

Opinion

We have audited the separate financial statements of SPAN d.d (the Company) and consolidated financial statements of the SPAN d.d. and its subsidiaries (the Group) which comprise the separate and the consolidated statement of financial position as at 31 December 2024, the separate and the consolidated statement of comprehensive income, the separate and the consolidated statement of changes in equity and the separate and the consolidated statement of cash flows for the year then ended, and notes to the separate and the consolidated financial statements, including material accounting policy information.

In our opinion, the accompanying separate and consolidated financial statements present fairly, in all material respects, the financial position of the Company and the Group as at 31 December 2024, and its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards as adopted by the European Union (IFRS).

Basis for Opinion

We conducted our audit in accordance with the International Standards on Auditing (ISAs) and Regulation (EU) 537/2014 of the European Parliament and of the Council, dated 16 April 2014, on specific requirements regarding statutory audit of public-interest entities. Our responsibilities under those standards are further described in the Auditor's Responsibilities for the Audit of the Separate and the Consolidated Financial Statements section of our report. We are independent of the Company and the Group in accordance with the International Ethics Standards Board for Accountants' International Code of Ethics for Professional Accountants, including International Independence Standards (IESBA Code) and we have fulfilled our ethical responsibilities in accordance with the IESBA Code. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Key Audit Matter

Key audit matter is the matter that, in our professional judgment, is of most significance in our audit of the separate and the consolidated financial statements of the current period. This matter was addressed in the context of our audit of the separate and the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on this matter.

This version of the auditor`s report is translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the report takes precedence over this translation.

Report on the Audit of the Financial Statements (continued)

Key Audit Matters (continued)

Key audit matter	How did we address key audit matter during our audit
	For accounting policies. please see Significant accounting policies – note 3: Revenue recognition. Revenue from
	contracts with customers are disclosed in note 5 and amount to 180,183 thousand EUR (2023: 142,836 thousand
EUR) for the Group and 110,033 thousand EUR (2023.: 99,550 thousand EUR) for the Company.
Revenue recognition is a significant aspect of the	Our audit procedures included. among others:
Group's and Company's financial statements due to the	• Assessing the Group's and Company's revenue
complexity of the Group's and Company's revenue	recognition policies and their compliance with
streams. the different types of licenses and services	IFRS 15;
offered. and the various recognition criteria and	• Testing the design and implementation of
methods applied under International financial reporting standard 15: Contract with customers (IFRS	internal controls related to the revenue
15).	recognition in terms of the adequacy of their recording;
With reference to sale of different types of licenses. the	• Selecting a sample of transactions for each
Group and Company is primarily responsible for	revenue stream and performing substantive
delivering purchased Microsoft licenses to customers.	testing to determine the appropriateness of
it is exposed to potential risk of rejection of licenses by	revenue recognition. considering the relevant
the customer. and has the discretion to define prices	criteria under IFRS 15;
and benefits from licenses to the moment of transfer of	• Evaluating management's judgments and
control.	estimates used in determining the transaction
	prices. distinct delivery obligations. and the
The Group and Company sells hardware directly to	point in time or stage of completion for
customers in line with the contract on the sale of	performance obligations;
hardware and provision of services or individual	• Examining the information in the separate and
contracts on the sale of hardware. Revenue is	consolidated financial statements to assess
recognized at the point in time when the control over	whether the disclosures regarding revenue
the equipment has been transferred to the customers.	from customer contracts are appropriate.
and the sale of equipment is considered a distinct
delivery obligation.
Advisory services the Group and Company provides
may be divided in two main service groups: services
related to contracted projects with customers. and
advisory services which refer to customer support
based on contracted price lists.

The recognition of revenue involves significant
management judgment and estimation in determining
the appropriate point in time or the stage of
completion for performance obligations. as well as the
transaction price for each distinct performance
obligation. Due to these risks. this area was established
as a key audit matter.

Report on the Audit of the Financial Statements (continued)

Other Information

Management is responsible for the other information. The other information comprises the information included in the Annual Report, but does not include the separate and the consolidated financial statements and our auditor's report.

Our opinion on the separate and the consolidated financial statements does not cover the other information.

In connection with our audit of the separate and the consolidated financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the separate and the consolidated financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. With respect to the Management Report and the Corporate Governance Report, which are included in the Annual Report, we have also performed the other procedures prescribed by the Accounting Act. These procedures include examination of whether the Management Report include required disclosures as set out in the Articles 22 and 24 of the Accounting Act and whether the Corporate Governance Report includes the information specified in the Articles 22 and 25 of the Accounting Act.

Based on the procedures performed during our audit, to the extent we are able to assess it, we report that:

1) Information included in the other information is, in all material respects, consistent with the attached separate and consolidated financial statements.
2) Management Report has been prepared, in all material respects, in accordance with the Articles 22 and 24 of the Accounting Act, excluding the requirements on sustainability reporting. In respect of the Sustainability Report, which is included as part of the other information and constitutes a separate part of the Management Report, we performed a limited assurance engagement, the results of which were presented in a separate limited assurance report with an unmodified conclusion.
3) Corporate Governance Report has been prepared, in all material aspects, in accordance with the Articles 22 and 25 of the Accounting Act,

Based on the knowledge and understanding of the Company and the Group and its environment, which we gained during our audit of the separate and the consolidated financial statements, we have not identified material misstatements in the other information.

Responsibilities of Management and Those Charged with Governance for the Separate and the Consolidated Financial Statements

Management is responsible for the preparation and fair presentation of the separate and the consolidated financial statements in accordance with IFRSs and for such internal control as Management determines is necessary to enable the preparation of separate and consolidated financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the separate and the consolidated financial statements, Management is responsible for assessing the Company's and the Group's ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless Management either intends to liquidate the Company or the Group or to cease operations, or has no realistic alternative but to do so.

Those charged with governance are responsible for overseeing the Company's and the Group's financial reporting process.

Our objectives are to obtain reasonable assurance about whether the separate and the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs will always detect a material misstatement when it exists.

Report on the Audit of the Financial Statements (continued)

Auditor's Responsibilities for the Audit of the Separate and the Consolidated Financial Statements

Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these separate and consolidated financial statements.

As part of an audit in accordance with ISAs, we exercise professional judgment and maintain professional scepticism throughout the audit. We also:

Identify and assess the risks of material misstatement of the separate and the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Company's and the Group's internal controls.
Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by Management.
Conclude on the appropriateness of Management's use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Company's and the Group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor's report to the related disclosures in the separate and the consolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Company and the Group to cease to continue as a going concern.
Evaluate the overall presentation, structure and content of the separate and the consolidated financial statements, including the disclosures, and whether the separate and the consolidated financial statements represent the underlying transactions and events in a manner that achieves fair presentation.
Plan and perform the group audit to obtain sufficient appropriate audit evidence regarding the financial information of the entities or business units within the group as a basis for forming an opinion on the group financial statements. We are responsible for the direction, supervision and review of the audit work performed for purposes of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, actions taken to eliminate threats or safeguards applied.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the separate and the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

Report on Other Legal and Regulatory Requirements

Report based on the requirements of Delegated Regulation (EU) No. 2018/815 amending Directive No. 2004/109/EC of the European Parliament and of the Council as regards regulatory technical standards for the specification of the uniform electronic format for reporting (ESEF)

Auditor's reasonable assurance report on the compliance of separate and consolidated financial statements (financial statements), prepared based on the provision of Article 462 (5) of the Capital Market Act by applying the requirements of the Delegated Regulation (EU) 2018/815 specifying for the issuers a single electronic reporting format ("ESEF Regulation"). We conducted a reasonable assurance engagement on whether the financial statements of the Company the Group for the financial year ended 31 December 2024 prepared to be made public pursuant to Article 462 (5) of the Capital Market Act, contained in the electronic file 747800L0D5F39CX8NA43-2024-12-31-0-en have been prepared in all material aspects in accordance with the requirements of the ESEF Regulation.

Responsibilities of the Management and Those Charged with Governance

Management is responsible for the preparation and content of the financial statements in line with the ESEF Regulation.

In addition, Management is responsible for maintaining the internal controls system that reasonably ensures the preparation of financial statements without material differences with the reporting requirements from the ESEF Regulation, whether due to fraud or error.

Furthermore, Company Management is responsible for the following:

public reporting of financial statements presented in the Annual Report in valid XHTML format
selection and use of XBRL markups in line with the requirements of the ESEF Regulation.

Those charged with governance are responsible for supervising the preparation of financial statements in ESEF format as part of the financial reporting process.

Auditor's Responsibilities

It is our responsibility to carry out a reasonable assurance engagement and, based on the audit evidence obtained, give our conclusion on whether the financial statements have been prepared without material differences with the requirements from the ESEF Regulation. We conducted our reasonable assurance engagement in accordance with the International Standard on Assurance Engagements 3000 (Revised) – Assurance Engagements Other than Audits or Reviews of Historical Financial Information (ISAE 3000). This standard requires that we plan and perform the engagement to obtain reasonable assurance for providing a conclusion.

Quality management

We have conducted the engagement in compliance with independence and ethical requirements as provided by the Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants. The code is based on the principles of integrity, objectivity, professional competence and due diligence, confidentiality, and professional conduct. We comply with the International Standard on Quality Management 1, Quality Management for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements (ISQM 1) and accordingly maintain an overall management control system, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and statutory requirements.

Report on Other Legal and Regulatory Requirements (continued)

Procedures performed

As part of the selected procedures, we have conducted the following activities:

We have read the requirements of the ESEF Regulation;
We have gained an understanding of internal controls of the Company and the Group, relevant for the application of the ESEF Regulation requirements;
We have identified and assessed the risks of material differences with the ESEF Regulation due to fraud or error;
We have devised and designed procedures for responding to estimated risks and obtaining reasonable assurance in order to give our conclusion.

Our procedures focused on assessing whether:

Financial statements included in the separate and the consolidated report have been prepared in valid XHTML format;
Data included in the separate and the consolidated financial statements required by the ESEF Regulation have been marked up and meet all of the following requirements:
- o XBRL has been used for markups.
- o Core taxonomy elements stipulated in the ESEF Regulation with the closest accounting meaning were used unless an extension taxonomy element was created in line with the Annex IV of the ESEF Regulation;
- o Markups comply with the common rules on markups in line with the ESEF Regulation.

We believe the evidence we obtained to be sufficient and appropriate to provide a basis for our conclusion.

Conclusion

We believe that, based on the procedures performed and evidence obtained, the financial statements of the Company and the Group presented in the ESEF format, contained in the aforementioned electronic file, and based on the provision of Article 462 (5) of the Capital Market Act, have been prepared to be published for public, in all material aspects in accordance with the requirements of articles 3, 4 and 6 of the ESEF Regulation for the year ended 31 December 2024.

In addition to this conclusion, as well as the audit opinion contained in this Independent Auditor's Report for the accompanying financial statements and Annual Report for the year ended 31 December 2024, we do not express any opinion on the information contained in these documents or other information contained in the above mentioned file.

Report on Other Legal and Regulatory Requirements (continued)

Other reporting obligations as required by Regulation (EU) No. 537/2014 of the European Parliament and the Council and the Audit Act

We were appointed as the statutory auditor of the Company and the Group by the shareholders on General Shareholders' Meeting held on 18 June 2025 to perform audit of accompanying separate and consolidated financial statements. Our total uninterrupted engagement has lasted 7 years and covers the period from 1 January 2018 to 31 December 2024.

We confirm that:

our audit opinion on the accompanying separate and consolidated financial statements is consistent with the additional report issued to the Audit Committee of the Company on 29 April 2025 in accordance with the Article 11 of Regulation (EU) No. 537/2014 of the European Parliament and the Council;
no prohibited non-audit services referred to in the Article 5(1) of Regulation (EU) No. 537/2014 of the European Parliament and the Council were provided.

There are no services, in addition to the statutory audit, which we provided to the Company and its controlled undertakings, and which have not been disclosed in the Annual Report.

The engagement partner on the audit resulting in this independent auditor's report is Katarina Kadunc.

Katarina Kadunc

Director and certified auditor

Deloitte d.o.o.

30 April 2025 Radnička cesta 80, 10 000 Zagreb, Croatia

Statement of comprehensive income

for the year ended 31 December 2024

			Group	Company
		2024 '000 EUR	2023 '000 EUR	2024 '000 EUR	2023 '000 EUR
	Note
Revenue from contracts with
customers	5	180,183	142,836	110,033	99,550
Other operating income	6	1,840	1,496	534	883
Costs of licenses and hardware sold	7	(119,696)	(90,695)	(63,217)	(60,512)
Raw material and supplies	8	(591)	(607)	(500)	(506)
Services costs	9	(11,207)	(11,037)	(10,042)	(10,406)
Staff costs	10	(36,451)	(32,197)	(28,970)	(23,476)
Depreciation and amortisation cost	11	(3,748)	(3,559)	(2,782)	(2,303)
Impairment losses (including reversal of impairment losses) from financial assets and contract assets	24	(298)	(1,012)	(29)	(22)
		(4,587)	(3,136)	(3,459)	(2,172)
Other expenses	12 13	(1,676)	(834)	(601)	(820)
Financial expenses Financial income – interest income	14	362	101	113	32
Financial income – other	14	662	394	2,036	417
Share of profit of associates	22	(1)	(4)	-	-
Profit before tax		4,792	1,746	3,116	665
Corporate income tax	15	(1,394)	(499)	(360)	(204)
Profit for current year		3,398	1,247	2,756	461
Attributable to:
Owners of the Company		3,398	1,144	-	-
Non-controlling interests		-	103	-	-
		3,398	1,247	2,756	461
Items that are not subsequently reclassified to profit or loss:
Revaluation of land and buildings	19	1,675	-	1,675	-
Tax on profit from revaluation of land and buildings	15	(301)	-	(301)	-
Items that can be subsequently
reclassified to profit or loss: Exchange rate differences on the translation of foreign operations		17	(336)	-	-

Total comprehensive income		4,789	911	4,130	461
Attributable to:
Owners of the Company		4,789	809	4,130	461
Non-controlling interest		-	102	-	-
Earnings profit per share (euros)
Basic (euros and cents)	16	1.74	0.59	1.41	0.24
Diluted (euros and cents)	16	1.74	0.59	1.41	0.24

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

			Group	Company
		31/12/2024 '000 EUR	31/12/2023 '000 EUR	31/12/2024 '000 EUR	31/12/2023 '000 EUR
	Note
Assets Non-current assets
Goodwill	17	8,905	8,905	3,902	2,321
Other intangible assets	18	6,072	7,149	3,979	2,793
Property, plant and equipment	19	7,021	5,607	6,822	5,261
Right-of-use assets	20	2,722	1,792	2,547	1,309
Investments in subsidiaries	21.1	-	-	12,441	16,808
Other investments accounted for using the equity method	22	260	262	266	266
Other non-current assets		83	213	67	112
Deferred tax assets	26	1,158	1,724	933	1,145
Total non-current assets		26,221	25,652	30,957	30,015
Current assets
Inventories	23	280	275	278	261
Investments in financial assets	21	540	436	112	74
Trade and other receivables	24	29,768	31,519	20,693	17,802
Cash and bank balances Total current assets	33	24,368 54,956	14,379 46,609	8,994 30,077	4,832 22,969
Total assets		81,177	72,261	61,034	52,984
Equity and liabilities
Equity and reserves
Share capital	29	3,920	3,920	3,920	3,920
Capital reserves	30	8,802	9,919	9,006	9,919
Profit reserves		1,458	1,377	1,369	1,259
Reserves for own shares		53	624	-	571
Own shares Revaluation reserves - Property	31	(53) 3,130	(624) 1,877	- 3,130	(571) 1,877
Translational reserve of foreign
operations		(220)	(238)	-	-
Retained earnings		16,763	13,248	12,415	10,107
Equity attributable to owners of the Company		33,853	30,103	29,840	27,082
Non-controlling interests	32	-	320	-	-
Total equity		33,853	30,423	29,840	27,082
Non-current liabilities
Trade and other payables	28	-	150	-	-
Borrowings	25	-	33	-	33
Deferred tax liability	26	835	581	835	412
Lease liabilities Contractual liabilities	27 35	1,473 106	947 1,798	1,436 106	752 1,798
Total non-current liabilities		2,414	3,509	2,377	2,995
Current liabilities
Trade and other payables	28	33,116	28,930	17,263	13,971
Lease liabilities	27	1,303	938	1,159	665
Borrowings	25	5,522	2,073	5,522	2,073
Contractual liabilities	35	2,255	1,899	2,255	1,899
Deferred income	34	2,714	4,489	2,618	4,299
Total current liabilities		44,910	38,329	28,817	22,907
Total Liabilities		47,323	41,838	31,194	25,902
Total equity and liabilities		81,177	72,261	61,034	52,984

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

	Group
	Share capital	Capital reserves	Profit reserves	Reserves for own shares	Own shares	Revaluation reserves - Property	Translational reserve of foreign operations	Retained earnings	Owners of the parent	Non controlling interests	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Balance as of 1 January 2023	2,601	10,912	1,349	157	(157)	1,997	98	14,432	31,389	217	31,606
Profit from the year (note 16) Changes in revaluation reserves (note 31)	- -	- -	- -	- -	- -	- (120)	- -	1,144 120	1,144 -	103 -	1,247 -
Other comprehensive income for the year less income tax	-	-	-	-	-	-	(336)	-	(336)	-	(336)
Total comprehensive income	-	-	-	-	-	(120)	(336)	1,264	808	103	911
Other non-ownership changes in equity	1,319	(1,319)	-	-	-	-	-	-	-	-	-
Changes in development cost reserves	-	-	28	-	-	-	-	(28)	-	-	-
Repurchase of own shares/stocks Allotment of own shares in	-	-	-	703	(703)	-	-	(703)	(703)	-	(703)
accordance with IFRS 2 (note	-	326	-	(236)	236	-	-	236	562	-	562
30) Dividend paid	-	-	-	-	-	-	-	(2,584)	(2,584)	-	(2,584)
Other allotments and payments to members/shareholders	-	-	-	-	-	-	-	631	631	-	631
Balance as of 31 December 2023	3,920	9,919	1,377	624	(624)	1,877	(237)	13,248	30,103	320	30,423
Profit for the year (note 16)	-	-	-	-	-	-	-	3,398	3,398	-	3,398
Changes in revaluation reserves (note 31)	-	-	-	-	-	1,253	-	121	1,374	-	1,374
Other comprehensive income for the year less income tax	-	-	-	-	-	-	17	-	17	-	17
Total comprehensive income	-	-	-	-	-	1,253	17	3,519	4,789	-	4,789
Changes in reserves and development costs	-	-	81	-	-	-	-	(81)	-	-	-
Change of controlling interests	-	(928)	-	-	-	-	-	93	(835)	(320)	(1,155)
Repurchase of own shares/stocks	-	-	-	233	(233)	-	-	(233)	(233)	-	(233)
Allotment of own shares in line with IFRS 2 (note 30)	-	(189)	-	(804)	804	-	-	804	615	-	615
Dividend paid	-	-	-	-	-	-	-	(586)	(586)	-	(586)
Balance as of 31 December 2024	3,920	8,802	1,458	53	(53)	3,130	(220)	16,763	33,853	-	33,853

Statement of changes in shareholder's equity

'000

capital Capital reserves Profit

reserves

Reserves for own

Balance as of 01 January 2023 2,601 10,912 1,169 104 (104) 1,997 12,668 29,347

Profit for the year (note 16) - - - - - - 461 461 Changes to revaluation reserves (note 31) - - - - - (120) 120 - Total comprehensive income - - - - - (120) 581 461 Other non-ownership changes in equity 1,319 (1,319) - - - - - -

costs - - ⁹⁰ - - - (90) - Repurchase of own shares/stocks - - - 703 (703) - (703) (703)

(note 30) - ³²⁶ - (236) 236 - ²³⁵ ⁵⁶¹ Dividend paid - - - - - - (2,584) (2,584)

Balance as of 31 December 2023 3,920 9,919 1,259 571 (571) 1,877 10,107 27,082 Profit for the year (note 16) - - - - - - 2,756 2,756 Changes to revaluation reserves (note 31) - - - - - 1,253 121 1,374 Total comprehensive income - - - - - 1,253 2,877 4,130

costs - - 110 - - - (110) - Repurchase of own shares/stocks - - - 233 (233) - (233) (233)

(note 30) - (189) - (804) 804 - ⁸⁰⁴⁶¹⁵ Dividend paid - - - - - - (586) (586) Merger of companies (note 36) - (724) - - - - (444) (1,168) Balance as of 31 December 2024 3,920 9,006 1,369 - - 3,130 12,415 29,840

SPAN d.d. and its subsidiaries 21

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

Company

EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR

shares Own shares Revaluation reserves -

Property

Retained

earnings Total

for the year ended 31 December 2024

Changes in reserves and development

Allotment of own shares in line with IFRS 2

Changes in reserves and development

Allotment of own shares in line with IFRS 2

Statement of changes in shareholder's equity

for the year ended 31 December 2024

Statement of changes in shareholder's equity

Share capital

'000

Capital reserves

EUR '000 EUR '000

Profit reserves

EUR

Reserves for own shares

'000

Own shares

SPAN d.d. and its subsidiaries 20

Group

326 - (236) 236 - - 236 562 - 562
- - - - 631 631 - 631

Translational reserve of foreign operations

Retained earnings

Owners of the parent

Noncontrolling interests

EUR '000 EUR '000 EUR '000 EUR

Total

Revaluation reserves - Property

²⁰²³ 2,601 10,912 1,349 157 (157) 1,997 98 14,432 31,389 217 31,606 Profit from the year (note 16) - - - - - - - 1,144 1,144 103 1,247

reserves (note 31) - - - - - (120) - 120 - - -

for the year less income tax - - - - - - (336) - (336) - (336)

income - - - - - (120) (336) 1,264 ⁸⁰⁸ ¹⁰³ ⁹¹¹

in equity 1,319 (1,319) - - - - - - - - -

reserves - - ²⁸ - - - - (28) - - -

shares/stocks - - - 703 (703) - - (703) (703) - (703)

Dividend paid - - - - - - - (2,584) (2,584) - (2,584)

²⁰²³3,920 9,919 1,377 624 (624) 1,877 (237) 13,248 30,103 320 30,423 Profit for the year (note 16) - - - - - - - 3,398 3,398 - 3,398

reserves (note 31) - - - - - 1,253 - ¹²¹ 1,374 - 1,374

for the year less income tax - - - - - - ¹⁷ - ¹⁷ - ¹⁷

income - - - - - 1,253 ¹⁷ 3,519 4,789 - 4,789

development costs - - 81 - - - - (81) - - -

interests - (928) - - - - - ⁹³ (835) (320) (1,155)

shares/stocks - - - 233 (233) - - (233) (233) - (233)

line with IFRS 2 (note 30) - (189) - (804) 804 - - 804 615 - ⁶¹⁵ Dividend paid - - - - - - - (586) (586) - (586)

²⁰²⁴ 3,920 8,802 1,458 53 (53) 3,130 (220) 16,763 33,853 - 33,853

EUR '000 EUR '000 EUR '000 EUR '000

for the year ended 31 December 2024

Balance as of 1 January

Changes in revaluation

Total comprehensive

Repurchase of own

Other allotments and payments to members/shareholders

Changes in revaluation

Total comprehensive

Change of controlling

Repurchase of own

Changes in reserves and

Allotment of own shares in

Balance as of 31 December

30)

Other comprehensive income

Other non-ownership changes

Changes in development cost

Allotment of own shares in accordance with IFRS 2 (note

Balance as of 31 December

Other comprehensive income

					Company
	Share capital	Capital reserves	Profit reserves	Reserves for own shares	Own shares	Revaluation reserves - Property	Retained earnings	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Balance as of 01 January 2023	2,601	10,912	1,169	104	(104)	1,997	12,668	29,347
Profit for the year (note 16) Changes to revaluation reserves (note 31)	- -	- -	- -	- -	- -	- (120)	461 120	461 -
Total comprehensive income Other non-ownership changes in equity	- 1,319	- (1,319)	- -	- -	- -	(120) -	581 -	461 -
Changes in reserves and development costs Repurchase of own shares/stocks	- -	- -	90 -	- 703	- (703)	- -	(90) (703)	- (703)
Allotment of own shares in line with IFRS 2 (note 30) Dividend paid	- -	326 -	- -	(236) -	236 -	- -	235 (2,584)	561 (2,584)
Balance as of 31 December 2023	3,920	9,919	1,259	571	(571)	1,877	10,107	27,082
Profit for the year (note 16) Changes to revaluation reserves (note 31)	- -	- -	- -	- -	- -	- 1,253	2,756 121	2,756 1,374
Total comprehensive income	-	-	-	-	-	1,253	2,877	4,130
Changes in reserves and development costs	-	-	110	-	-	-	(110)	-
Repurchase of own shares/stocks Allotment of own shares in line with IFRS 2 (note 30)	- -	- (189)	- -	233 (804)	(233) 804	- -	(233) 804	(233) 615
Dividend paid	-	-	-	-	-	-	(586)	(586)
Merger of companies (note 36)	-	(724)	-	-	-	-	(444)	(1,168)
Balance as of 31 December 2024	3,920	9,006	1,369	-	-	3,130	12,415	29,840

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

Statement of cash flows

for the year ended 31 December 2024

		Group		Company
	Note	2024. '000 EUR	2023. '000 EUR	2024. '000 EUR	2023. '000 EUR
Profit of the year before tax Adjustments:		4,792	1,746	3,116	665
Financial income – interest income Financial expenses	14 13	(362) 350	(101) 151	(1,763) 348	(32) 119
Depreciation of property plant and equipment	11	999	1,049	881	804
Depreciation of right-of-use assets Amortisation of intangible assets	11 11	1,338 1,410	1,300 1,210	1,128 773	976 523
Gains and losses from impairment of financial assets less reversals	24, 13	301	1,018	58	143
Gains and losses from sales and value adjustments of non-current tangible and intangible assets		(32)	(24)	(33)	(23)
Net carrying value of disposed property plant and equipment	19	27	12	8	2
Operating cash flows before movements in working capital		8,823	6,361	4,516	3,177
Decrease/(increase) in inventories		(4)	366	(15)	226
Decrease/(increase) of trade and other receivables		2,254	(12,374)	(888)	(3,183)
Increase/(Decrease) of trade and other payables		3,185	12,925	2,364	4,854
Increases/(Decreases) in contractual liabilities		(301)	(809)	(301)	(810)
Increases/(decreases) in deferred income		(1,402)	(97)	(1,905)	(369)
Cash from operations		12,555	6,372	3,771	3,895
Corporate income tax paid		(623)	(614)	(265)	(115)
Net cash from operating activities		11,932	5,758	3,506	3,780
Investing activities Interest receipts		362	101	113	32
Dividend income Purchase of property, plant and equipment Purchase of intangible assets Acquisition of a subsidiary	19	- (762)	- (760)	1,650 (704)	- (545)
	18	(348) (2,228)	(1,603) (7,740)	(432) (2,462)	(1,881) (7,992)
Investment in shares of the companies with participating interest	22	-	(109)	-	(109)
Other cash expenditure from investment activities		33	-	33	-
Net cash (used in)/from investing activities		(2,943)	(10,111)	(1,802)	(10,495)
Financial activities
Dividends paid Interest paid	20, 25	(586) (334)	(2,584) (145)	(586) (331)	(2,584) (160)
Transaction costs associated with loans and borrowings		-	(3)	-	-
Repayment of loans and borrowings	25	(7,600)	(1,466)	(10,157)	(1,386)
Cash receipts from loans and loans Repayment of lease liabilities	25	10,999 (1,480)	2,631 (1,748)	13,449 (1,189)	2,550 (1,085)
Net cash (used in)/from financing activities		998	(3,315)	1,186	(2,665)
Net increase/(decrease) in cash and cash equivalents		9,989	(7,668)	2,890	(9,380)
Cash acquired through the acquisition/merger of a subsidiary	36	-	3,233	1,272	-
Cash and cash equivalents at the beginning of the year		14,379	18,814	4,832	14,212
Cash and cash equivalents at the end of the year	33	24,368	14,379	8,994	4,832

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

1. General

SPAN d.d. (hereinafter: "The Company") is a joint stock company established and registered in the Republic of Croatia. The ultimate controlling parties of the company are Nikola Dujmović and other shareholders shown in the register of Zagreb Stock Exchange.

The amounts in these financial statements are expressed in euros and rounded to the nearest thousand. Foreign parts of the business are involved in accordance with the policies described in note 3. Due to technical limitations related to textual marking of notes in the group's and company's financial statements in accordance with the Single Electronic Format (European single electronic format); ESEF) the content of certain XBRL tags related to tabularly displayed disclosures may not be shown identically to the accompanying financial statements.

The principal activities of the Company and its subsidiaries (the Group) and the nature of the Group's activities are described below.

a. SPAN d.d.

Span d.d., Zagreb. company registration number: 080192242, Company ID: 19680551758. was established under the laws and regulations of the Republic of Croatia as a limited liability company, on 23 March 1993. On 13 December 2019, the General Assembly of the company adopted the Decision on the transforming the company into a joint stock company.

Headquarters: Zagreb. Koturaška cesta 47

Management Board: Nikola Dujmović, President of the Management Board and the following members of the Management Board: Ana Vukšić i Saša Kramar and Mihaela Trbojević.

The Company's core activities are the following: computing and related activities; business and other management consulting services.

b. Trilix d.o.o.

Company Trilix d.o.o., Zagreb. company registration number: 080621127, Company ID: 23149457295. was established according to the laws and regulations of the Republic of Croatia as a limited liability company, on 8 August 2007.

Headquarters: Zagreb, Ulica grada Vukovara 269F

Management Board: Mladen Amidžić, President of the Management Board and Nikola Dujmović, Member of the Management Board

The company's core activities are the following: IT security consultancy; business and other management consulting services; and computing and related activities.

c. SPAN d.o.o., Ljubljana

Span d.o.o., Ljubljana. company registration number: 359638900, was established under the laws and regulations of the Republic of Slovenia as a limited liability company, on 18 August 2009.

Headquarters: Ljubljana, Verovškova ulica 55A, Republic of Slovenia

Directors of the company: Miha Koren, director and Saša Kramar, director

The subject of the Company's business is the design of information systems and the provision of services from the IT solutions segment on the Slovenian market.

1. General (continued)

d. SPAN IT Ltd., London

SPAN IT Ltd., London, company registration number: 06810505, was established under the laws and regulations of the United Kingdom as a limited liability company, on 5 February 2009.

Company headquarters: 1 Giltspur Street, Farringdon, London, United Kingdom, EC1A 9DD

Directors of the company: Saša Kramar, director and Marijan Mlađan, director

The subject of the Company's business is the provision of services in the field of IT solutions on the UK market.

e. SPAN USA, Inc.

SPAN USA, Inc., company registration number: 68-0682850, was incorporated under the laws and regulations of the United States of America as a limited liability company, On 10 October 2012.

Headquarters: Chicago, 1415 W. 22nd Street, Tower Floor, Oakbrook, IL 60523, United States

Directors of the company: Marijan Mlađan, President of the Management Board, Mario Štula, Vice President of the Management Board.

The company's business is to provide IT services and customer support in the United States.

f. Span Azerbaijan LLC, Baku

Span Azerbaijan LLC, company registration number: 1701936521, was established under the laws and regulations of Azerbaijan as a limited liability company, on 15 April 2016.

Headquarters: Baku, House 96E, Nizami, Sabail district, Baku city, AZ1010, Azerbaijan

Director of the company: Eldar Jahangirov, director

The subject of the Company's business is consulting and services in information technologies.

g. Span LLC, Kiev

Span LLC, company registration number: 42424948, was established under the laws and regulations of Ukraine, as a limited liability company, on 30 August 2018.

Headquarters: Kiev, Ukraine

Director of the company: Oleg Avilov Mikolaevich, director

The subject of the Company's business is consulting and services in information technologies.

h. SPAN GmbH, Munich

SPAN GmbH, company registration number: 242618, was established under the laws and regulations of Germany, as a limited liability company, on 31 July 2018.

Company headquarters: Munich, Germany

Directors of the company: Nikola Dujmović, director and Saša Kramar, director

The subject of the Company's business is consulting and services in information technologies.

i. SPAN Swiss AG in liquidation from 29 November 2023

SPAN Swiss AG in liquidation, company registration number: CHE-229.766.934, was established under the laws and regulations of Switzerland, as a limited liability company, on 18 February 2019.

Company headquarters: Zug. Switzerland

Liquidator of Company: Markus Brulhart

The subject of the Company's business is consulting and services in information technologies

j. Span-IT s.r.l., Chisinau

Span-IT s.r.l., company registration number: 1021600030638. was established under the laws and regulations of Moldova. as a limited liability company, on 19 July 2021. Headquarters: Chisinau, Moldova

Directors of the company: Nikola Dujmović, director, Saša Kramar, director and Serghei Smigaliov, director

The subject of the Company's business is consulting in the field of information technologies.

1. General (continued)

k. Inkubator Centar kibernetičke sigurnost d.o.o.

Company Inkubator kibernetičke sigurnosti d.o.o., Zagreb, company registration number: 081452193, Company ID: 88052917618, was established according to the laws and regulations of the Republic of Croatia as a limited liability company, on 21 July 2022.

Headquarters: Zagreb. Koturaška cesta 47

Directors of the company: Mihaela Trbojević, President of the Management Board, Nikola Dujmović, Member of

the Management Board and Saša Kramar, Member of the Management Board

The subject of the Company's business are computer and related activities.

l. GT Tarkvara OU. Tallinn

Gt Tarkvara OU Company was founded on 4 March 2008

Company headquarters: Tallinn. Parnu mnt 141, Estonia

Directors of the company: Ahti Leppik, Taivo Remmelgas, Saša Kramar

The subject of the Company's business is the sale of computers, computer equipment and software.

m. Span LLC.Tbilisi

Span LLC, Tbilisi, Georgia was founded in September 2023.

Headquarters: Tbilisi, Georgia

Directors of the company: Tahir Alyev

The subject of the Company's business is consulting and services in information technologies.

n. Span B.V., Amsterdam, Netherlands

The company Span B.V., MB: 95799907, was founded on December 16, 2024. The company's business is software licensing, providing security and cloud services, etc. The company's registered office: Keizersgracht 482, 1017 EG, Amsterdam, Netherlands The company's director: Davor Majetić

o. Ustanova Span Centar kibernetičke sigurnosti

On December 20, 2024, the Commercial Court in Zagreb issued a decision on the registration of the establishment of an institution under number 081625374, with the aim of providing various training and professional development programs in the field of cybersecurity and related areas through formal and informal forms of adult education.

Institution headquarters: Koturaška cesta 47, Zagreb

Interim director: Marinko Žagar

2. Adoption of new and amended international financial reporting standards ("IFRS") and interpretations

a) First application of new amendments to the existing standards effective for the current reporting period

In the current year. the Company and the Group have implemented a number of amendments to international accounting standards published by the International Accounting Standards Board ("IASB") and adopted in the European Union ("EU"). which are mandatory for the reporting period beginning on or after 1 January 2024.

Standard	Name
Amendments to IAS 1	Classification of liabilities as short-term or long-term, and long-term liabilities with covenants
Amendments to IAS 7 and IFRS 7	Supplier financing agreements
Amendments to IAS 16	Lease liabilities upon sale and leaseback

Their adoption did not have any significant impact on the disclosures or amounts reported in these financial statements.

b) Standards and amendments to existing standards issued by IASB and adopted in the European Union but not yet effective

At the date of approval of these financial statements. the Company has not applied the following new and revised international accounting standards issued and adopted by the EU. but are not yet in force:

Standard	Name	Effective Date
Amendments to MRS 21	The lack of exchangeability	1 January 2025

2. Adoption of new and amended standards (continued)

c) New standards and amendments to existing standards issued by IASB but not yet adopted by European Union

Currently. the standards adopted by the EU do not differ significantly from the regulations adopted by the International Accounting Standards Board. except for the following new standards and amendments to existing standards. which have not yet been adopted by the EU on the date of issue of these financial statements:

Standard	Name	Adoption status in the EU
Amendments to IFRS 9 and IFRS 7	Changes in the Classification and Measurement of Financial Instruments (IAS effective date: 1 January 2026)	They have not yet been adopted in the EU.
Amendments to IFRS 1, IFRS 7, IFRS 9, IFRS 10 and IAS 7	Annual Improvements to IFRS Accounting Standards – Edition 11 (IAS effective date: 1 January 2026)	They have not yet been adopted in the EU.
IFRS 18	Presentation and Disclosures in Financial Statements (IAS effective date: 1 January 2027)	They have not yet been adopted in the EU.
IFRS 19	Non-Publicly Responsible Subsidiaries: Disclosures (IAS effective date: 1 January 2027)	They have not yet been adopted in the EU.
IFRS 14	Time demarcations (Effective date set by the IASB: 1 January 2016)	The European Commission has decided to postpone the process of adopting this transitional standard until the publication of its final version
Amendments to IFRS 10 and IAS 28	The sale or entry of assets between the investor and its associated entity or joint venture and further amendments	Download procedure postponed until completion of the research project on the topic of application of the share method

The Company and the Group do not expect that the adoption of the above Standards will have a significant impact on the financial statements of the Company and the Group in future periods.

3. Significant accounting policies

Accounting principle

The financial statements have been prepared in accordance with International Financial Reporting Standards adopted by the European Union (IFRS) and therefore the Group and the Company's financial statements are in accordance with Article 4 of the Regulation (EU) on international accounting standards.

The financial statements are prepared on the principle of historical cost, with the exception of the revaluation of certain property, which are presented in revalued amounts. as explained in the accounting policies that follow. The historical cost is based mainly on the fair value of the consideration given in exchange for goods or services.

The following is an overview of significant information on the accounting policies adopted for the preparation of these financial statements. These accounting policies are consistently applied for all periods included in these statements.

Going Concern

The Management Board has, at the time of approving the financial statements, a reasonable expectation that the Group and Company has adequate resources to continue in operational existence for the foreseeable future. Thus they continue to adopt the going concern basis of accounting in preparing the financial statements

Basis for consolidation

The consolidated financial statements incorporate the financial statements of the Company and entities controlled by the Company made up to 31 December 2024.

Consolidation of a subsidiary begins when the Company obtains control over the subsidiary and ceases when the Company loses control of the subsidiary. Specifically, the results of subsidiaries acquired or disposed of during the year are included in profit or loss from the date the Company gains control until the date when the Company ceases to control the subsidiary. Where appropriate, adjustments were made in the subsidiaries' financial statements to align their accounting policies with those of the Company. The consolidation eliminates in full intra-Group assets and liabilities, equity, income, expenses and cash flows relating to transactions between entities of the Group.

Non-controlling interests in subsidiaries are accounted for separately from the Group's ownership interest. Those interests of non-controlling shareholders that are present entitle their holders to a proportionate share of net assets upon liquidation may initially be measured at fair value or at the non-controlling interests' proportionate share of the fair value of the acquiree's identifiable net assets. Valuation method is selected separately for each acquisition. Remaining non-controlling interests are initially measured at fair value. After acquisition, the carrying value of noncontrolling interests is the amount of shares at initial recognition increased by the share of non-controlling interest in subsequent changes to the equity.

Profit or loss and each component of other comprehensive income are attributed to the owners of the Company and to the non-controlling interests. Total comprehensive income shall be attributed to the owners of the Company and non-controlling interests even if this results in the non-controlling interests having a deficit balance.

Investments in subsidiaries

Subsidiaries are companies in which the Group has the power to influence their operating and financial policies. In the Span Group, these are all companies in which Span has over 50% ownership interest. Investments in subsidiaries are valued at acquisition cost less value adjustments, if any. Investments in subsidiaries are tested annually for potential impairment. The ratio is made between the current carrying value and the fair value calculated based on the free cash flow model. If the fair value is lower than the carrying value, the Company adjusts the carrying value to a lower, fair value. The cost of value adjustment of investments in subsidiaries is recognized in the income statement for the year.

Investments in associates

Investments in associates are investments in companies in which the Group has significant influence over their operating and financial policies. In the Span Group, these are companies in which Span has 20% - 49% ownership interest. Investments in associates are measured at cost and are subsequently adjusted using the equity method. The equity method means that the value is adjusted for the profit or loss of the associate in each reporting period in proportion to the ownership interest less any dividends received by Span from the associate. The proportionate profit or loss attributable to Span Group is recognized in the income statement. In separate financial statements of the Company, Investments in associates are recognized at cost.

3. Significant accounting policies (continued)

Business combinations

Acquisitions of businesses are accounted for using the acquisition method. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group, liabilities incurred by the Group to the former owners of the acquiree and the equity interest issued by the Group in exchange for control of the acquiree. Acquisition-related costs are recognized in profit or loss as incurred.

At the date of acquisition, the assets acquired, and the identifiable liabilities assumed are recognized at their fair value on the date of acquisition.

Goodwill is measured as the excess of the sum of the consideration transferred, the amount of any non-controlling interests in the acquiree, and the fair value of the acquirer's previously held equity interest in the acquiree (if any) over the net of the acquisition-date amounts of the identifiable assets acquired and the liabilities assumed. If the reassessment finds that the share of the Group in the fair value of the identifiable amount of the acquiree's net assets exceeds the sum of the consideration transferred, the amount of non-controlling interest, if any, and the fair value of the acquirer's previously held equity interest in the acquiree, the surplus shall be recognized immediately in profit or loss as a gain from a bargain purchase.

The consideration the Group transfers in a business combination includes a contingent consideration arrangement. The Group shall recognize the acquisition-date fair value of contingent consideration as part of the consideration transferred in exchange for the acquiree. Changes in fair value of the contingent consideration that qualify as measurement period adjustments are adjusted retrospectively, with corresponding adjustments against goodwill. Measurement period adjustments are adjustments that arise from additional information obtained during the 'measurement period' (which cannot exceed one year from the acquisition date) about facts and circumstances that existed at the acquisition date.

Goodwill

Goodwill is not amortized, but is tested for impairment at least once a year. For the purpose of impairment testing, goodwill is allocated to each of the Group's cash-generating units (or groups of cash-generating units) expected to benefit from the synergies of the combination. A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. If the recoverable amount of the cash-generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit prorata on the basis of the carrying amount of each asset in the unit. Such impairment loss for goodwill will not be reversed in subsequent periods.

The policy used by the Group for calculating goodwill resulting from acquisition of associates is described in note 17.

Revenue Recognition

Revenue is measured based on the consideration to which the Group and Company expect to be entitled according to the customer contract, excluding amounts collected on behalf of third parties. The Group and Company recognize revenue when they transfer control of a licence, product or service to a customer.

The Group and the Company shall report revenue from the following main sources:

§ sale of licences;
§ sale of hardware and
§ sale of service

3. Significant accounting policies (continued)

Revenue recognition (continued)

Sale of licenses

With reference to the sale of different types of licences, revenue is primarily realised from the sale of Microsoft licences. The Group and Company are primarily responsible for delivering specific characteristics of licences to customers, they are exposed to the potential risk of rejection of licences by the customer and have the discretion to define prices and benefits from licences to the moment of transfer of control.

Licences are prepared for activation for a specific customer and are granted at a particular point in time. The Group and Company determine that the license agreement does not require, and the customer does not reasonably expect, that the Group and Company shall undertake activities that significantly affect the software. Since the licensor shall not undertake activities that significantly affect the intellectual property for which the users have rights and benefits, be they positive or negative activities that do not affect the licensor; and that the activities that might affect the intellectual property do not constitute additional performance actions in the contract, the licences thus represent the right-of-use and the Group, therefore, recognizes revenue at a particular point in time. Revenue is recognized when control of the licence has been transferred, that is at the point the licences become available to the customer and the customer has gained the control over a licence. The value of transactions from these contracts have been defined in framework contracts with customers (usually on an annual basis), determined based on price lists, and charged within 30 days. Based on the framework contract, the customers use order requests for purchasing licences to commit to the purchase during the life of the contract.

The Group and Company use a practical exception for disclosing the transaction price allocated to outstanding performance obligations since they have the right to the consideration paid by the customer in the amount equivalent to the value of the performance obligation by the reporting date, thus the Group and Company recognizes revenue in the amount that they invoice. The Group and Company do not expect variable consideration from such contracts.

In case the contract at the same time includes the delivery of licences and provision of advisory services as part of the solutions requested by the customer, advisory services, as well as licences, are considered individual distinct delivery obligations. Transaction price is distinct in contracts per type of licence and advisory service, thus is determined based on an individual sales price of a licence or service.

Sale of hardware

The Group and Company sell hardware directly to customers in line with the contract on the sale of hardware and provision of services or individual contracts on the sale of hardware. Revenue is recognized at the point in time when the control over the equipment has been transferred to the customers, and the sale of equipment is considered a distinct delivery obligation. Transferring control to the customer entails physical ownership and use of hardware by the customer, transfer of all rights to use and risks of use of hardware to the customer, as well as the Group and Company's right to collect. The process of sale of hardware in most cases meets the condition to transfer control after the goods have been delivered to the customer's specific location. Transaction prices stipulated in these contracts are usually fixed and are collected after the delivery of the hardware and installation services provided.

Sales of services

Advisory services the Group provides may be divided in two main service groups: services related to contracted projects with customers, and advisory services which refer to customer support based on contracted price lists. Advisory services related to contracted projects (e.g. installation and/or development of different software products for specialised business operations) are recognized as a performance obligation satisfied over time. Revenue is recognized in the financial statements based on the stage of completion of the contract. The management and competent bodies have assessed that the stage of completion determined as the proportion of the expected project duration, i.e. time that has elapsed at the end of the reporting period is an appropriate measure of progress towards complete satisfaction of these performance obligations under IFRS 15. Since the projects are related to the time cost of each developer, the time spent on the project reflects the work performed, i.e. delivered. If the services are charged in an amount higher than required considering their stage of completion, the difference is recognized as deferred income.

Support advisory services include hourly based standard services recognized at a certain time of delivery of services based on contracted price lists.

A support advisory service is a distinct service as it is both regularly supplied by the Group and Company to other customers on a stand-alone basis and is available for customers from other providers in the market. Discounts are not considered as they are only given in rare circumstances and are not material.

3. Significant accounting policies (continued)

Leases

Group and Company as a lessor

The Group and Company assess whether a contract is or contains a lease at the beginning of the contract. The Group and Company recognize a right-of-use asset and a corresponding lease liability with respect to all lease arrangements in which they are the lessee, except for short-term leases (defined as leases with a lease term of 12 months or less) and leases of low value assets (such as tablets and personal computers, small items of office furniture and telephones). For these leases, the Group and Company recognize the lease payments as an operating expense on a straight-line basis over the term of the lease unless another systematic basis is more representative of the time pattern in which economic benefits from the leased assets are consumed.

The lease liability is initially measured at the present value of the lease payments that have not been settled at the beginning of the lease term, discounted at the rate implicit in the lease. If this rate cannot be readily determined, the Group and Company use their incremental borrowing rate.

The lease liability is presented as a separate line in the statement of financial position.

The lease liability is subsequently measured by increasing the carrying amount to reflect interest on the lease liability (using the effective interest method) and by reducing the carrying amount to reflect the lease payments made.

The right-of-use assets include the initial measurement of the relevant lease liability, lease payments made at or before the commencement date of the lease, less any lease incentive received for concluding the operating lease and all initial direct costs. These are subsequently measured at cost less accumulated depreciation and accumulated impairment losses.

The right-of-use assets are presented as a separate line in the statement of financial position.

The Group and Company apply IAS 36 to determine whether a right-of-use asset is impaired and account for any identified impairment loss as described in the 'Property and Equipment' policy.

Group and Company as a lessee

Leases in which the Group is the lessor are classified as financial or operating leases.

When the Group is an intermediate lessor, it accounts for the head lease and the sub-lease as two separate contracts. The sub-lease is classified as a finance or operating lease by reference to the right-of-use asset arising from the head lease.

Rental income from operating leases is recognized on a straight-line basis over the term of the relevant lease. Initial direct costs incurred in negotiating and arranging an operating lease are added to the carrying amount of the leased asset and recognized on a straight-line basis over the lease term.

3. Significant accounting policies (continued)

Foreign currencies

In the financial statements, assets and liabilities of the Group's foreign operations have been calculated using the exchange rates prevailing at the end of the reporting period. Income and expense items are translated at the average exchange rates for the period, unless exchange rates fluctuate significantly during that period, in which case the exchange rates at the date of transactions are used. Potential foreign exchange differences are recognized in other comprehensive income and accumulated in a foreign exchange translation reserve (and added to non-controlling interests, if any).

Goodwill and fair value adjustments arising on the acquisition of a foreign entity are treated as assets and liabilities of the foreign entity and translated at the closing rate. Such foreign exchange differences are recognized in other comprehensible income

Government grants

Government grants that are receivable as compensation for expenses or losses already incurred or for the purpose of giving immediate financial support to the Group and Company with no future related costs are recognized in profit or loss in the period in which they become receivable.

Tax credits for investment

Tax reliefs for investment are considered to be reliefs arising from state incentive measures that allow the Company and the Group to reduce the tax liability of corporate tax or other specified taxes in future periods. and are related to the acquisition of certain assets and / or the performance of a particular activity and / or the fulfilment of certain specific conditions prescribed by the relevant regulations for investment incentives by the relevant authorities. Tax credits for investments are recognized as deferred tax assets and tax revenue when the necessary conditions are met for this in the amount of relief estimated to be available to the Company and the Group during the period of the incentive measure. Deferred tax assets recognized as a result of the tax relief for investments are abolished during the period of the incentive measure. i.e. until the expiry of the relief (if specified), in accordance with the availability of tax liabilities in subsequent years.

3. Significant accounting policies (continued)

Retirement and termination benefits

Payments made to a defined contribution retirement benefit plan are recognized as expenses once the employees have their right to contributions. Payments made to state-managed retirement benefit plans are accounted for as payments to defined contribution plans where the Group and Company's obligations under the plans are equivalent to those arising in a defined contribution retirement benefit plan.

Short-term and other long-term employee benefits

A liability is recognized for benefits accruing to employees in respect of salaries, annual leave and sick leave in the period the related service is rendered at the undiscounted amount of the benefits expected to be paid in exchange for that service.

Liabilities recognized in respect of short-term employee benefits are measured at the undiscounted amount of the benefits expected to be paid in exchange for the related service.

Employees that purchased 20 or more shares in the first round of the public offering of shares in 2021 entered the Company's ESOP program. Twenty shares make a single ESOP package, used for calculating the total number of additional shares the employee is entitled to within the ESOP program. Within the three-year period in which the employees maintain one or more ESOP packages (vesting period), the Company will allocate additional 25% shares (additional 5% shares after the first year expires, and 10% after the second and third year expire).

Fair value of allocated shares is recognized as an expense in the vesting period, and once it expires, the relevant liability is recognized at the share's market price.

Furthermore, the Company usually rewards its employees for their exceptional performance for the year by making bonus payments in the form of Company shares (own shares). The fair value of the shares is established once the vesting period expires, at the share's market price.

In line with the Remuneration Policy, the Management Board members' annual bonus constitutes a variable portion of their remuneration and amounts to a maximum of 40% of their annual salary which is equal to 12 monthly gross salaries, as defined in the contract on their rights and obligations concluded between individual members of the Management Board and the Company. The Company may decide to make annual bonus payments in the form of Company shares, in which case the Company transfers own shares to the member of the Management Board.

Taxation

Current tax

The tax currently payable is based on the taxable profit for the year. Taxable profit differs from the net profit reported in profit or loss because it excludes items of income or expense that are taxable or deductible in other years and it further excludes items that are not taxable or deductible at all. The Group and Company's liability for current tax is calculated using tax rates that have been enacted or substantively enacted by the end of the reporting period.

Provisions are recognized for matters with uncertain tax charge, when an outflow of funds to the tax authority is highly probable. Provisions are measured by using the best estimate of likely tax values. The estimate is based on the judgement of tax experts within the Company in line with prior experience in such activities and, in certain cases, based on tax advice of independent experts.

Deferred tax

Deferred tax is recognized as the difference between the carrying amount of assets and liabilities in the financial statements and the corresponding tax basis used in the computation of taxable profit and is accounted for using the balance sheet liability method.

The carrying amount of deferred tax assets is reviewed at each reporting date and reduced to the extent that it is no longer probable that sufficient taxable profit will be available to allow all or a part of the asset to be recovered.

Deferred tax is measured at the tax rates that are expected to apply in the period in which the liability is settled or the asset realised, based on tax rates and tax laws that have been enacted or substantively enacted by the end of the reporting period.

3. Significant accounting policies (continued)

Property, plant and equipment

Buildings and land used in the supply of goods or services, or for administrative purposes, are stated in the statement of financial position at their revalued amounts, being the fair value at the date of revaluation, less any subsequent accumulated depreciation and subsequent accumulated impairment losses.

Any revaluation increase arising on the revaluation of buildings is credited to the property's revaluation reserve, except to the extent that it reverses a revaluation decrease for the same asset previously recognized as an expense, in which case the increase is credited to profit or loss to the extent of the decrease previously expensed. A decrease in carrying amount arising on the revaluation of buildings is charged as an expense to the extent that it exceeds the balance, if any, held in the property's revaluation reserve relating to a previous revaluation of that asset.

Depreciation on revalued buildings is recognized in profit or loss. When selling or retiring items of non-current assets recorded at the revalued amount, every surplus recognized in the revaluation reserve is directly transferred to retained earnings.

Fixed tangible assets under construction and land are not depreciated. Equipment is reported at a cost less accumulated depreciation and impairment losses.

Depreciation is recognized so as to write off the cost or valuation of assets, other than owned land and non-current tangible assets under construction, over their useful lives, by using the straight-line method, on the following bases:

Buildings	5% p.a.
IT equipment	15-50% p.a.
Office equipment	15-25% p.a.

Estimated useful life, residual value, and depreciation method are reviewed at the end of each reporting period, with impacts of potential changes in estimated accounted for prospectively.

Buildings and equipment are no longer accounted for or recognized after they have been sold or when future economic benefits associated with their use are no longer expected. The gain or loss arising on the disposal or retirement of an asset is determined as the difference between the sales proceeds and the carrying amount of the asset and is recognized in profit or loss.

Intangible assets acquired separately

Intangible assets with finite useful lives that are acquired separately are carried at cost less accumulated amortisation and accumulated impairment losses. Amortisation is recognized on a straight-line basis over their estimated useful lives which are disclosed in note 18. Estimated useful life and depreciation method are reviewed at the end of each reporting period, with impacts of potential changes in estimated accounted for prospectively.

Depreciation is recognized so as to write off the cost or valuation of assets less their residual values over their useful lives, using the straight-line method, on the following bases:

Software and other rights 25% p.a.

Separately acquired intangible assets include software and other rights and intangible assets under constructions.

3. Significant accounting policies (continued)

Internally developed intangible assets

The amount initially recognized for internally generated intangible assets is the sum of expenditures incurred as of the date when the assets met the recognition criteria. If internally developed intangible assets cannot be recognized, expenditures from development are recognized in profit and loss for the period in which they incurred. After initial recognition, internally developed intangible assets are reported at cost less accumulated amortisation and accumulated impairment losses, on the same basis as intangible assets that are acquired separately. Internally generated intangible assets consist of software development and intangible assets under construction.

Intangible assets acquired in a business combination

Subsequent to initial recognition, intangible assets acquired in a business combination are reported at cost less accumulated amortisation and accumulated impairment losses, on the same basis as intangible assets that are acquired separately.

Derecognition of intangible assets

Intangible assets are derecognized on disposal or when future economic benefits associated with the use of the asset are no longer expected. The gain or loss arising on the derecognition of an intangible asset item is determined as the difference between the net sales proceeds and the carrying amount of the item and is recognized in profit or loss for the period of derecognition.

Impairment of buildings and equipment and intangible assets other than goodwill

At each reporting date, the Group and the Company review the carrying amounts of their property and equipment, and intangible assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated to determine the extent of any impairment loss. For assets not generating cash flows independent from other assets, the Group and the Company estimate the recoverable amount of the cash-generating unit to which the asset belongs. When a reasonable and consistent basis of allocation can be identified, corporate assets are also allocated to individual cash-generating units, or otherwise they are allocated to the smallest group of cash-generating units for which a reasonable and consistent allocation basis can be identified.

Intangible assets with an indefinite useful life are subject to impairment tests on an annual basis and if there is an indication of potential impairment at the end of the reporting period.

Impairment losses are recognized immediately in profit or loss, unless the relevant assets have been recognized in their revalued amount, in which case the impairment loss first affects revaluation increase. If the impairment loss exceeds the related revalued amount surplus, impairment losses are recognized in profit and loss.

In the event of a later cancellation of impairment loss. the carrying amount of the asset (the cash-generating unit) increases to its revised estimated recoverable amount.

Inventories

Inventories are carried at the lower of the cost and net realisable value. Cost comprises direct materials and, where appropriate, direct labour costs and surplus incurred in bringing the inventories to their present location and condition. Cost is calculated by using the weighted average method.

3. Significant accounting policies (continued)

Financial instruments

Financial assets and financial liabilities are initially measured at fair value, other than the trade receivable with no significant financial component initially measured at transaction cost. Transaction costs that are directly attributable to the acquisition or issue of financial assets and financial liabilities (other than financial assets and financial liabilities at fair value through profit or loss) are added to or deducted from the fair value of the financial assets or financial liabilities, as appropriate, on initial recognition. Transaction costs directly attributable to the acquisition of financial assets or financial liabilities at fair value through profit or loss are recognized immediately in profit or loss.

Financial assets

The regular purchase and sales of financial assets are recognized or derecognized at the trading date. Regular purchases or sales are purchases or sales of financial assets that require delivery of assets within the time frame established by the regulation or convention in the marketplace.

All recognized financial assets are measured subsequently at amortised cost.

Interest income is charged to profit or loss and is included in the item "Financial income - interest income" (note 14).

Gains and losses from exchange rate changes in foreign currencies

The carrying amount of financial assets that are denominated in a foreign currency is determined in that foreign currency and translated at the spot rate at the end of each reporting period.

Impairment of financial assets

The Group and the Company always recognize lifetime expected credit losses (ECL) for trade receivables, and contract assets. The expected credit losses on those financial assets are estimated using a provision matrix by reference to past credit loss experience, adjusted for factors that are specific to the debtors, general economic conditions, and an assessment of both the current as well as the forecast direction of conditions as at the reporting date, including, where appropriate, the time value of money.

(i) Significant increase in credit risk

When assessing whether the credit risk for the financial instrument significantly increased since the initial recognition, the Group and the Company compare the risk of default on the reporting date to the risk of default of the financial instrument on the date of initial recognition. During the assessment, the Group and the Company consider both quantitative and qualitative information which are reasonable and available, including the historical experience and forward-looking information, which can be accessed without unnecessary costs or engagements. Forward-looking information considered includes the prospects of the industries in which the Group and Company's debtors operate, obtained from economic expert reports, financial analysts, governmental bodies, relevant thinktanks and other similar organisations, as well as consideration of various external sources of actual and forecast economic information that relate to the Group and the Company's core operations. In particular, the following information is considered when assessing whether credit risk has increased significantly since initial recognition:

an actual or expected significant deterioration in the financial instrument's external (if available) or internal credit rating
a significant deterioration in external market indicators of credit risk for a particular financial instrument, e.g. a significant increase in the credit spread, the credit default swap prices for the debtor, or the length of time or the extent to which the fair value of a financial asset has been less than its amortised cost
existing or forecast adverse changes in business, financial or economic conditions that are expected to cause a significant decrease in the debtor's ability to meet its debt obligations
actual or expected significant deterioration in the operating results of the debtor
significant increases in credit risk for other financial instruments of the same debtor; and
existing or forecast adverse changes in business, financial or economic conditions that are expected to cause a significant decrease in the debtor's ability to meet its debt obligations.

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

Irrespective of the outcome of the above assessment, the Group and the Company presume that the credit risk on a financial asset has increased significantly since initial recognition when contractual payments are more than 30 days past due, unless the Group and Company have a reasonable and supportable information that demonstrates otherwise.

Despite this, the Group and the Company assume that the credit risk for the financial instrument has not significantly increased since the initial recognition if we determine that the financial instrument has a low credit risk at the reporting date. We believe that the financial instrument has a low credit risk if:

(1) the financial instrument has a low risk of default;
(2) the debtor has a strong capacity to meet its contractual cash flow obligations in the near term; and
(3) adverse changes in economic and business conditions in the long term may, but do not necessarily have to, decrease the lessee's ability to meet their contractual cash flow obligations.

The Group and the Company consider a financial asset to have low credit risk when the asset has external credit rating of 'investment grade' in accordance with the globally understood definition or if an external rating is not available, the asset has an internal rating of 'performing'. 'Performing' means that the counterparty has a strong financial position and there are no past due amounts. For financial guarantee contracts, the date on which the Group and the Company become a party to irrevocable commitment is considered the date of initial recognition for the purposes of estimating the impairment of a financial instrument. When judging if the credit risk significantly increased since initial recognition of the financial guarantee contract, the Group and the Company examine the changes in the risk of a debtor's default. The Company regularly monitors the efficiency of criteria used to determine whether there has been a significant increase in credit risk and reviews them so that the criteria may identify a significant increase in credit risk before any default occurs.

(ii) Definition of non-performance

The Group and Company consider the following as constituting an event of default for internal credit risk management purposes as historical experience indicates that financial assets that meet either of the following criteria are generally not recoverable:

when there is a breach of financial covenants by the debtor; or
information developed internally or obtained from external sources indicates that the debtor is unlikely to pay its creditors, including the Group, in full (without taking into account any collateral held by the Group and Company)

Irrespective of the above analysis, the Group and Company consider that default has occurred when a financial asset is more than 90 days past due unless the Group and the Company have reasonable and supportable information to demonstrate that a more lagging default criterion is more appropriate.

(iii) Credit-impaired financial assets

Financial assets are credit-impaired when one or more events with an adverse effect on estimated future cash flows and financial assets occurred. Evidence that a financial asset is credit-impaired includes observable data about the following events:

(a) significant financial difficulties of the borrower or counterparty; or
(b) a breach of contract, such as a default or past-due event (see item II. above);
(c) the lenders for economic or contractual reasons relating to the borrower's financial difficulty granted the borrower a concession that would not otherwise be considered;
(d) it is becoming probable that the borrower will enter bankruptcy or other financial reorganisation; or
(e) the disappearance of an active market for the financial assets concerned due to financial difficulties.

(iv) Write-off policy

The Group and the Company write off a trade receivable when there is information indicating that the debtor is in severe financial difficulty and there is no realistic prospect of recovery, e.g. when the debtor has been placed under liquidation or has entered into bankruptcy proceedings, or in the case of trade receivables, when the amounts are over two years past due, whichever occurs sooner. Financial assets written off may still be subject to enforcement activities under the Group and the Company's recovery procedures, taking into account legal advice where appropriate. Any recoveries of receivables previously written-off are recognized in profit or loss.

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

(v) Measurement and recognition of expected credit losses

Measurement of expected credit losses is the function of Probability of Default (PD), Loss Given Default (LGD), i.e. size of loss in case of default, and Exposure at Default (EAD). Probability of Default and Loss Given Default is based on historical data adjusted for forward-looking information. As for the exposure at default, for financial assets, this is represented by the assets' gross carrying amount at the reporting date; for financial guarantee contracts, the exposure includes the amount drawn down as at the reporting date, together with any additional amounts expected to be drawn down in the future by default date determined based on historical trend, the understanding of the specific future financing needs of the debtors, and other relevant forward-looking information. For financial assets, the expected credit loss is estimated as the difference between all contractual cash flows that are due to the Group and Company in accordance with the contract and all the cash flows that the Group and Company expect to receive, discounted at the original effective interest rate. For lease receivables, cash flows used to determine expected credit losses correspond to the cash flows used for measuring lease receivables in line with IFRS 16.

For a financial guarantee contract, as the Group and the Company are required to make payments only in the event of a default by the debtor in accordance with the terms of the instrument that is guaranteed, the expected loss allowance is the expected payments to reimburse the holder for a credit loss that it incurs less any amounts that the Group and the Company expect to receive from the holder, the debtor or any other party.

If the Group and Company have measured the loss allowance for a financial instrument at an amount equal to lifetime ECL in the previous reporting period, but determine at the current reporting date that the conditions for lifetime ECL are no longer met, the Group and Company measure the loss allowance at an amount equal to 12 month ECL at the current reporting date, except for assets for which the simplified approach was used.

Termination of recognition of financial assets

The Group and the Company derecognize a financial asset only when the contractual rights to the cash flows from the asset expire, or when it transfers the financial asset and substantially all the risks and rewards of ownership of the asset to another entity. On derecognition of a financial asset measured at amortised cost, the difference between the asset's carrying amount and the sum of the consideration received is recognized in profit and loss.

Financial liabilities and equity

Instruments of ownership

Repurchase of the Company's own equity instruments is recognized and deducted directly in equity. No gain or loss is recognized in profit or loss on the purchase, sale, issue, or cancellation of the Company's own equity instruments.

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

Financial liabilities

All financial liabilities are measured subsequently at amortised cost using the effective interest method at the end of each reporting period.

Financial liabilities subsequently measured at amortised cost

Financial liabilities that are not (i) contingent consideration of an acquirer in a business combination, (ii) held-fortrading, or (iii) designated as at FVTPL, are measured subsequently at amortised cost using the effective interest method.

Termination of recognition of financial liabilities

Where there has been an exchange between the Group and the Company and existing creditor with substantially different terms, this transaction is accounted for as an extinguishment of the original financial liability and the recognition of a new financial liability. Similarly, the Group and the Company account for a substantial change in the terms of an existing liability or a portion thereof as an extinguishment of the original financial liability and recognition of a new financial liability. The terms are considered substantially different if the discounted current value of cash flows, in line with the new terms, including consideration paid, net of fees received and impaired by using the effective interest rate, is at least 10% different from the discounted current value of remaining cash flows of the original financial liability. If the change is not substantial, the difference between: (1) the carrying value before the change; and (2) the current value of cash flows after the change is recognized in profit and loss as a gain or loss from the change in other gains and losses.

Own shares

Own shares are held with the CDCC (Central Depositary and Clearing Company). Own shares are recognized at cost and deducted from equity.

Rewarding employees in the form of shares

The Company has an employee reward scheme in the form of granting company shares. Annual bonuses are determined at the end of the year, and based on the defined amount, a provision for expected payout is created. For the amount of the provision, the company recognizes an increase in equity alongside the expense.

4. Critical accounting judgments and key sources of estimation uncertainty

In applying the Group and the Company's accounting policies, which are described in Note 3, the Management Board is required to make judgements (other than those involving estimations) that have a significant impact on the amounts recognized and to make estimates and assumptions about the carrying amounts of assets and liabilities that are not readily apparent from other sources. The estimates and associated assumptions are based on historical experience and other factors that are relevant. Actual results may differ from these estimates. The estimates and underlying assumptions are reviewed on an ongoing basis. Revisions to accounting estimates are recognized in the period in which the estimate is revised if the revision affects only that period, or in the period of the revision and future periods if the revision affects both current and future periods.

Assessing whether the Group and the Company are principal or agent in the sale of licenses

IFRS provides guidance for determining whether an entity is the principal or an agent. The Group and the Company act as a principal in a transaction if they obtain control of the specified goods or services before they are transferred to the customer. On the contrary, the Group and Company are an agent if they do not control the specified goods or services before they are transferred to the customer.

Determining that the Group and the Company are a principal is based on the assessment of whether the Group and Company obtain control of the goods and services based on the facts and circumstances stipulated in the contracts with customers.

In this assessment, the Group and the Company have used the judgement based on the main indicators of their business model, business practice, processes, rights and responsibilities that Group and the Company have and can be summarized as follows:

Identifying a selling opportunity with a customer;
direct contacts with customers to determine their need and demands as well consultation for determining adequate license program;
sharing opportunity details with license providers;
- revealing customers identity is the standard rule with vendors in the industry,
- industry standard is that licenses cannot be sold to customers without sharing data with the license vendors;
discretion with respect to accept or reject orders from customers;
responsibility related to the sales strategy;
responsibility for ensuring that delivered goods and services are in accordance with the customer demands/infrastructure;
responsibility for ensuring the validity of goods and services;
directing license vendors over which licensing program and product to place and to which customer to place it to;
full discretion over establishing a final price for goods and services;
before license activation, full discretion to change the scope, program, withdraw from the deal as well as to change the supplier and choose another supplier on the market ("non-exclusive rights");
existing commercial agreement with customer by which the Group and the Company are primarily responsible for fulfilling the promise to provide goods and services;
customer cannot prove their right to use goods and services without formal order confirmation to the Group and the Company, invoice from the Group and Company and payment confirmation;
discretion to re-direct the use of goods and services in the case if customer breach the contract

Determining whether an entity is a principal or an agent in an arrangement require review of indicators relating to principle/agent status. As stated above, the Group and the Company continuously review the relationships and contractual arrangements with customers. This includes identifying the specified good and/or services being provided to the customers and the nature of the Group and Company's promise in the assessment of the agent or principal status.

Assessing whether the Group and the Company recognize revenue as point in time or over time

The Group and the Company determine that the license agreement does not require, and the customer does not reasonably expect, that the Group and the Company shall undertake activities that significantly affect the software. Since the licensor shall not undertake activities that significantly affect the intellectual property for which the users have rights and benefits, be they positive or negative activities that do not affect the licensor; and that the activities that might affect the intellectual property do not constitute additional performance actions in the contract, the licences thus represent the right-of-use and the Group, therefore, recognizes revenue at a particular point in time.

4. Critical accounting judgments and key sources of estimation uncertainty (continued)

Impairment of trade receivables

Trade receivables are reviewed at each reporting date and their value is impaired based on the assessment of probability that the reported amount will be recovered. Each customer is considered individually based on the expected date of collection of the receivable and the estimated probability to collect amounts due. The management believes that the trade receivables have been recognized in line with their recoverable amount as at the reporting date.

Goodwill Impairment

A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. If the recoverable amount of the cash-generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro-rata based on the carrying amount of each asset in the unit. Any gain or loss on remeasurement at fair value is included directly in profit or loss. Such impairment loss for goodwill will not be reversed in subsequent periods.

The Group and the Company use the smallest cash-generating unit for their goodwill impairment tests. The Group and the Company defined every individual subsidiary as the smallest cash-generating unit, having in mind the diversity of sources of income and business models of individual subsidiaries. For goodwill impairment tests, they used the income method based on discounted cash flows.

The discounted cash flow method comprised the assessment of future cash flows for a 5-year period, discounting the relevant cash flows, applying a discount rate reflecting the cash flow risk and time value of money, assessing the residual value and terminal value.

The Group and the Company test goodwill annually for impairment, or more frequently if there are indications that goodwill might be impaired.

Sensitivity analysis

The Group and the Company have conducted a sensitivity analysis for changes in key assumptions used for determining the recoverable amount of each group of cash-generating units to which goodwill has been allocated. The recoverable amount of this cash-generating unit is determined based on a value in use calculation which uses cash flow projections based on financial budgets approved by the Management Board covering a five-year period. The impairment test established that there were no indications of goodwill impairment. The sensitivity analysis considered the change in terminal growth of the Group and Company ranging from -0,5% to 1,5%, and the WACC range from11% to 13%. Sensitivity analysis within the impairment test did not determine an impairment.

Revaluation of property, useful life of plant and equipment

The Group and the Company recognize property at fair value based on periodic assessments conducted by an independent appraiser, net of depreciation. The Group and the Company regularly monitors the fair value of property and engages an independent appraiser in the event of substantial departures. Regardless of the movements in the fair value of property, the Company conducts an assessment every 3-5 years.

The Group and the Company review the estimated useful life of plant and equipment, and intangible assets at the end of each annual reporting period.

4. Critical accounting judgments and key sources of estimation uncertainty (continued)

Leases – Estimate the incremental borrowing rate

The Group and the Company are not able to easily determine the lease interest rate, thus they use an incremental borrowing rate for calculating lease liabilities. Incremental borrowing rate is the rate the Group and the Company would pay if they, in a similar period and with similar collateral, borrowed funds necessary for purchasing property of similar value as right-of-use assets in a similar economic surrounding. Calculating the incremental borrowing rate requires assessing when such rates are not available or need to be adjusted to reflect the lease terms. The Group and the Company use different inputs to calculate the incremental borrowing rate. The interest rate calculated by the Group and Company for contracts represents the lessee's credit risk, lease period, safety, and economic surrounding. It is determined based on comparable transactions. The data the Company uses for determining the incremental borrowing rate are renewed at least once a year or in case of a significant change in the Group and the Company's credit rating.

Corporate income tax

The Company is liable for income tax under the laws and regulations of the Republic of Croatia. Tax returns are subject to examination by the tax authorities, which have the right to subsequently review business books of the taxpayer. There are different possible interpretations of tax laws and therefore, the amounts in the consolidated financial statements may be amended subsequently, based on the decision of tax authorities.

The Company receives investment support in line with the Investment Promotion Act. Support is predominantly used as a tax concession for decreasing the 2015 corporate income tax liability. Based on its current right to a tax concession, the Company recognizes deferred tax assets. Since the investment period has not yet ended and the final amount of support granted remains unknown, the Company determined the amount of potential tax concessions that it plans to use in future periods and, accordingly, the amount of deferred tax assets. During this assessment, the Company used the precautionary principle, and the estimated amount of the support was lower than the maximum amount of the support the Company shall realise once the investment period ends in December 2024.

Impact of the war in Ukraine

The war in Ukraine has an impact on the Company's and Group's business in 2024, but Span LLC Ukraine continues to operate smoothly.

Climate change impact

Climate change did not affect the operations of the Company and the Group in 2024 or its financial performance.

The Company and the Group see the contribution to the fight against climate change in the development of energyefficient products and services, as well as in reducing greenhouse gas emissions through the procurement of green energy, along with changing their own habits.

5. Revenue from contracts with customers

	Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Sales of software licenses	123,479	90,750	61,789	57,646
Sales of goods and services – foreign	39,492	32,284	36,936	29,820
Sales of goods and services – domestic	11,539	11,405	6,521	5,462
Sales of hardware	5,673	8,397	4,787	6,622
Total	180,183	142,836	110,033	99,550

	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
External revenue by timing of revenue
Goods transferred at a point in time	129,152	99,147	66,576	64,268
Services transmitted at a point in time	31,377	25,315	27,427	22,530
Services transferred over time	19,654	18,374	16,030	12,756
Total	180,183	142,836	110,033	99,550

6. Other operating income

	Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Government grants	44	53	44	53
Other operating income	1,796	1,443	490	830
Total	1,840	1,496	534	883

Other operating income consists primarily of income from Microsoft incentives for marketing activities and market development and changes in the provision for credit losses on trade receivables (Note 24).

6.1. Operating segments

Products and services resulting in revenue for reportable segments

The reporting segments of the Group and the Company in accordance with IFRS 8 identified as separate entities include Software asset management and licensing, Infrastructure services, Cloud and Cyber Security, Service management and technical support, and Software development and business solutions. The Security Operations Center has become an integral part of the Cyber Security segment, and we have adjusted the segment report in 2023 to be comparable with the current period. By unifying the Software Development and AI Solutions offering, we will start tracking some projects within the Software Development and Business Solutions segment from 2024, so we have adjusted the segment report in 2023. Reclassification differences are not material. Segment costs include only direct costs, i.e., there is no allocation of fixed costs to segments.

	Group
	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Eliminations	Consolidated
	2024. '000 EUR	2024. '000 EUR	2024. '000 EUR	2024. '000 EUR	2024. '000 EUR	2024. '000 EUR	2024. '000 EUR
Revenues External sales	148,049	17,443	19,641	17,816	1,981	(22,907)	182,023
Total revenues	148,049	17,443	19,641	17,816	1,981	(22,907)	182,023
Result Segment profit	5,348	3,766	10,326	3,874	(17,815)	(53)	5,446
Financial income	-	-	-	-	2,695	(1,671)	1,024
Other gains and losses	-	-	-	-	(1)	-	(1)
Financial expenses	588	-	-	-	1,101	(13)	1,676
Profit before tax	4,761	3,766	10,326	3,874	(16,225)	(1,710)	4,792
Corporate income tax	-	-	-	-	1,394	-	1,394
Profit for the year	4,761	3,766	10,326	3,874	(17,618)	(1,710)	3,398
	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Eliminations	Consolidated
	2023. '000 EUR	2023. '000 EUR	2023. '000 EUR	2023. '000 EUR	2023. '000 EUR	2023. '000 EUR	2023. '000 EUR
Revenues External sales	115,512	14,442	18,643	15,920	1,552	(21,567)	144,332
Total revenues	115,512	14,442	18,643	15,920	1,552	(21,567)	144,332
Result
Segment profit	3,697	2,725	9,553	1,326	(14,957)	(255)	2,089
Financial income Other	-	-	-	-	656	(161)	495
gains and losses	-	-	-	-	(4)	-	(4)
Financial expenses	-	-	-	-	844	(10)	834
Profit before tax Corporate	3,697	2,725	9,553	1,326	(15,149)	(406)	1,746
income tax	-	-	-	-	499	-	499
Profit for the year	3,697	2, 725	9,553	1,326	(15,648)	(406)	1,247

6.1. Operating segments (continued)

Products and services resulting in revenue for reportable segments (continued)

	Company
	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Consolidated
	2024.	2024.	2024.	2024.	2024.	2024.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Revenues
External sales	66,576	14,058	18,730	10,669	534	110,567
Total	66,576	14,058	18,730	10,669	534	110,567
Result
Segment profit	2,396	2,661	9,971	2,830	(16,289)	1,569
Financial income	-	-	-	-	2,148	2,148
Financial expenses	-	-	-	-	601	601
Profit before tax	2,396	2,661	9,971	2,830	(14,742)	3,116
Corporate income tax	-	-	-	-	360	360
Profit for the year	2,396	2,661	9,971	2,830	(15,102)	2,756

	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Consolidated
	2023.	2023.	2023.	2023.	2023.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Revenues
External sales	64,268	12,507	16,828	5,947	883	100,433
Total	64,268	12,507	16,828	5,947	883	100,433
Result
Segment profit	2,925	2,435	8,670	(2)	(12,993)	1,036
Financial income	-	-	-	-	449	449
Financial expenses	-	-	-	-	820	820
Profit before tax	2,925	2,435	8,670	(2)	(13,363)	665
Corporate income tax	-	-	-	-	204	204
Profit for the year	2,925	2,435	8,670	(2)	(13,567)	461

6.1. Operating segments (continued)

Products and services from which reporting segments generate revenue (continued)

		Fixed Assets
	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Software Asset
Management and Licensing	487	585	38	32
Infrastructure services.
Cloud and Cyber Security	807	1,029	489	660
Service management and technical support	385	378	354	359
Software and business solutions development	800	1,219	701	116
Other	23,742	22,441	29,375	28,848
Total segment assets	26,221	25,652	30,957	30,015
Total consolidated assets	26,221	25,652	30,957	30,015

Amortization and depreciation

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Software Asset
Management and Licensing Infrastructure	144	109	35	28
services. Cloud and Cyber Security Service	330	373	249	229
management and technical support Software and	295	396	281	395
business solutions development	270	349	164	168
Other	2,709	2,332	2,053	1,483
	3,748	3,559	2,782	2,303

6.1. Operating segments (continued)

Products and services from which reporting segments generate revenue (continued)

	Additions to fixed assets
	Group		Company
	31/12/2024 '000 EUR	31/12/2023 '000 EUR	31/12/2024 '000 EUR	31/12/2023 '000 EUR
Software Asset Management and Licensing	200	222	64	44
Infrastructure services. Cloud and Cyber Security	509	583	464	363
Service management and technical support	535	940	524	624
Software and business solutions development	369	763	915	265
Other	3,599	4,205	6,386	2,383
	5,213	6,713	8,354	3,679

The accounting policies of the reportable segments are the same as the Group and Company's accounting policies described in note 3. Segment profit represents the profit earned by each segment before central administration costs including directors' salaries, other general costs, financial expenses and income, and taxes.

Territorial analysis of operations

Territory, in this context, means the location in which the goods and services have been invoiced.

Details on the revenues of the Group and the Company from external customers and information on segment assets (non-current assets without financial instruments, deferred tax assets and other financial assets) for each territory are provided below:

Group		Group Fixed Assets

			'000 EUR
			24,696
			428
26,929	8,216	266	286
23,946	18,714	77	143
8,483	5,614	73	98
182,023	144,332	26,221	25,651
	31/12/2024 '000 EUR 94,861 27,804	Revenue from external customers 31/12/2023 '000 EUR 88,740 23,048	31/12/2024 '000 EUR 25,409 396

Information about key customers

Revenues from the sale of services include revenues of EUR 11,530 thousand (2023: EUR 9,261 thousand) which arose from sales to the Group and Company's largest customer. No single customer exceeds more than 10% of the Group's total revenue.

7. Costs of licenses and hardware sold

		Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Costs of licenses and hardware sold	119,696	90,695	63,217	60,512
Total	119,696	90,695	63,217	60,512

8. Raw material and supplies

	Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Energy	391	411	343	356
Office supplies	102	96	81	80
Cost of small inventory and spare parts	94	97	76	70
Other costs	4	3	-	-
Total	591	607	500	506

9. Services costs

	Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Costs related to providing of services	4,699	4,000	4,893	5,106
Intellectual services	1,771	2,031	1,019	1,248
Costs of licenses and rights of use	1,494	1,312	1,445	1,239
Maintenance	656	560	602	513
Promotion costs	548	468	446	341
Leases	519	833	424	679
Utility services	512	454	457	386
Representation costs	449	688	343	583
Telecommunications costs	235	215	162	133
Transport costs	161	156	154	120
Costs of other services	163	320	97	58
Total	11,207	11,037	10,042	10,406

Service costs contain the cost of fees charged by the independent auditor for the statutory audit of the annual financial statements or annual consolidated financial statements, which for the Group amounts to 115 thousand euros (2023: 73 thousand euros), and for the Company 72 thousand euros (2023: 47 thousand euros).

10. Staff costs

	Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Net salaries	22,582	20,449	16,939	14,242
Contribution and taxes from salaries	9,377	8,605	8,162	6,862
Contributions and payroll taxes	3,196	2,758	2,781	2,251
Contribution and taxes on salaries	1,296	385	1,088	121
Total	36,451	32,197	28,970	23,476

The average number of employees in 2024 in the Group was 852 and in the Company 752 (2023: Group 834, Company 626).

11. Depreciation and amortisation cost

	Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Depreciation of Property, plant and equipment	999	1,049	881	804
Amortisation of intangible assets	1,410	1,210	773	523
Amortisation of right-of-use assets	1,338	1,300	1,128	976
Total	3,748	3,559	2,782	2,303

12. Other expenses

	Group			Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Membership and similar fees	133	107	117	85
Booking costs. net	-	30	-	-
Insurance costs	426	370	319	298
Bank and payment operation charges	135	104	74	63
Professional training costs	334	378	270	309
Donation and sponsorship costs	175	181	134	120
Other personnel expenses	1,229	1,037	1,131	932
Additional cost of acquiring GT Tarkvara	424	-	424	-
Taxes that do not depend on the operating result	435	269	-	-
Other expenses	1,296	660	990	365
Total	4,587	3,136	3,459	2,172

Other personnel expenses refer to transportation and hot meal compensation for employees. Other expenses are mostly made up of business travel costs.

13. Financial expenses

			Company
2024.	2023.	2024.	2023.
'000 EUR	'000 EUR	'000 EUR	'000 EUR
			418
244	58	253	49
			70
-	-	21	38
-	-	-	245
1,676	834	601	820
	1,326 106	Group 684 92	232 95

The Group's negative foreign exchange rate differences mostly refer to Span Ukraine and the unfavorable exchange rate of the Ukrainian hryvnia in the reporting period.

14. Financial income

	Group		Company
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Interest income:
Financial instruments measured at amortised cost
Bank deposits	362	101	113	32
Foreign exchange gains	656	394	386	293
Other financial income	6	-	-	124
Dividend income	-	-	1,650	-
Total	1,024	495	2,149	449

Dividend income refers to dividends received from GT Tarkvara, Estonia and Span d.o.o., Slovenia.

15. Corporate income tax

The standard corporate income tax rate applicable to reported profits is 18% (2023: 18%) for companies operating in the Republic of Croatia.

Taxation in other jurisdictions is calculated in line with the rates effective in the relevant jurisdictions.

Corporate income tax

	Group			Company
	2024.	2023.	2024.	2023.
	'000	'000	'000	'000
	EUR	EUR	EUR	EUR
Current tax	(900)	(303)	(145)	(34)
Deferred tax	(495)	(196)	(215)	(170)
Total	(1,394)	(499)	(360)	(204)

	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Accounting profit before tax	4,792	1,746	3,116	665
Income tax	1,173	258	561	120
Effect of non-deductible expenses	240	192	213	157
Effect of tax-exempt revenue	(707)	(290)	(583)	(243)
Effect of movement of deferred tax liabilities	495	196	215	170
Effect of different tax rates of subsidiaries operating in other jurisdictions and unrecognized deferred tax assets on transferred tax losses	194	142	(46)	-
Tax expense	1,394	499	360	204
Effective tax rate	29%	29%	12%	31%
Average weighted nominal tax rate	19%	19%	18%	18%
Overview of the movement of Tax losses carried forward:
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
2020 tax loss	9	150	-	-
2021 tax loss	28	28	-	-
2022 tax loss	61	117	-	-
2023 tax loss	219	219	-	-
2024 tax loss	14	-	-	-
Total	331	514	-	-

In accordance with the tax legislation, the Tax Administration may, at any time, inspect the books and records of the Company within three years from the end of the year in which the tax liability is reported and may impose additional tax liabilities and penalties.

The Company acquired the status of a beneficiary of incentive measures in accordance with the regulation on investment incentives in 2015 and 2022. By merging with the company Bonsai, the Company took over and continued to use the incentive measure that was approved for the company Bonsai in 2022. The Company uses the incentives for exemption from paying corporate income tax.

16. Earnings per share

	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Earnings
Net profit attributable to the owners of the parent company's capital The average weighted number of	3,398	1,144	2,756	461
ordinary shares for the purposes of calculating basic and diluted	1,950,258	1,943,079	1,950,258	1,943,079
earnings per share Earnings from continuing operations for the purpose of calculating diluted earnings per share	1.74	0.59	1.41	0.24

The basic earnings per share are calculated in such a way that the profit/loss attributed to the owners of the parent company's capital is divided by the weighted average number of ordinary shares issued during the year, which does not include the average number of ordinary shares purchased by the Group and the Company that they hold as their own shares.

17. Goodwill

Goodwill in the Group's balance sheet arose upon the acquisition of subsidiaries InfoCumulus d.o.o., Delion d.o.o., Recro-net d.o.o., Ekobit d.o.o. and GT Tarkvara, while in the Company's balance sheet it arose upon the merger of subsidiaries InfoCumulus d.o.o., Recro-net d.o.o. and Ekobit d.o.o.

The Company and the Group annually conduct goodwill impairment testing. The method used to test the value is explained in more detail in note 3 under Accounting Policies. In 2024, it was found that the carrying amount of goodwill did not exceed its fair value and, thus, goodwill was not impaired.

17. Goodwill (continued)

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Goodwill Recro.net	1,431	1,431	1,431	1,431
Goodwill InfoCumulus	890	890	890	890
Goodwill Delion	263	263	-	-
Goodwill Ekobit	1,582	1,582	1,582	-
Goodwill GT Tarkvara	4,739	4,739	-	-
Total	8,905	8,905	3,902	2,321
Acquisition Cost	Group	Company
As of 1 January 2023	4,166	2,321
Increase	4,739	-
As of 31 December 2023	8,905	2,321
Increase	-	1,582
As of 31 December 2024	8,905	3,902
Accumulated impairment losses
As of 31 December 2023	-	-
As of 31 December 2024	-	-
Carrying value
As of 31 December 2023	8,905	2,321
As of 31 December 2024	8,905	3,902

18. Other intangible assets

			Group
	Software development	Software and other rights	Intangible assets under constructions	Other intangible assets	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Acquisition Cost
As of 1 January 2023	4,271	1,362	36	1,620	7,289
Additions from internal development	4	409	718	-	1,131
Additions	-	-	470	2	471
Business combination Estonia	-	-	-	2,803	2,803
Disposals	(702)	-	-	-	(702)
Transfer	401	128	(529)	-	-
As of 31 December 2023	3,973	1,899	694	4,425	10,992
As of 1 January 2024	3,973	1,899	694	4,425	10,992
Additions from internal development	25	11	268	-	304
Additions	-	-	44	-	44
Disposals	-	(1)	-	-	(1)
Transfer	519	355	(886)	-	(12)
As of 31 December 2024	4,517	2,264	120	4,425	11,327
Amortisation As of 1 January 2023	2,317	938	-	81	3,336
Exchange rate differences	(1)	-	-	-	(1)

Exchange rate differences	(1)	-	-	-	(1)
Amortisation during the year	586	181	-	444	1,210
Disposals	(702)	-	-	-	(702)
As of 31 December 2023	2,200	1,118	-	525	3,844
Exchange rate differences	1	-	-	1	2
Amortisation during the year	562	291	-	557	1,410
Disposals	-	(1)	-	-	(1)
As of 31 December 2024	2,763	1,409	-	1,083	5,255
Carrying value
As at 31 December 2024	1,754	855	120	3,342	6,072
As at 31 December 2023	1,773	781	694	3,900	7,149

As at 1 January 2023. 1,954 424 36 1,539 3,953

18. Other intangible assets (continued)

			Company
	Software development	Software and other rights	Intangible assets under constructions	Other intangible assets	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Acquisition Cost
As of 1 January 2023	2,534	846	-	-	3,380
Additions from internal development	-	406	1,005	-	1,412
Increase	-	-	470	-	470
Write-off	(702)	-	-	-	(702)
Transfer	457	128	(585)	-	-
As of 31 December 2023	2,289	1,380	-890	-	4,559
Additions from internal development	-	3	385	-	388
Increase	-	-	44	-	44
Bonsai Merger	25	36	86	-	147
Ekobit Merger Transfer	1,327 523	43 355	(407) (879)	1,620 -	2,583 -
As of 31 December 2024	4,164	1,818	120	1,620	7,722
Amortisation
As of 1 January 2023	1,432	513	-	-	1,946
Amortisation during the year	366	156	-	-	523
Write-off	(702)	-	-	-	(702)
As of 31 December 2023	1,096	670	-	-	1,766
Amortisation during the year	445	275	-	54	773
Bonsai Merger	27	36	-	-	63
Ekobit Merger	854	43		243	1,140
As of 31 December 2024	2,422	1,024	-	297	3,743
Carrying value
As at 31 December 2024	1,742	794	120	1,323	3,979
As at 31 December 2023	1,192	711	890	-	2,793
As at 1 January 2023.	1,102	333	-	-	1,434

Investment in intangible assets under construction refers to internally generated intangible assets resulting from the continuation of software development available for resale/use. Other intangible assets mostly relate to assets from the allocation of the purchase price for the acquisition of Ekobit d.o.o.

19. Property, plant and equipment

	Group			Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Carrying value
Buildings	3,150	2,365	3,150	2,365
Land	2,360	1,732	2,360	1,732
Computer equipment	1,030	736	1,015	672
Other equipment	478	770	298	492
Assets under construction	3	4	-	1
Total	7,021	5,607	6,822	5,261

19. Property, plant and equipment (continued)

	Group
	Buildings	Land	Computer equipment	Other equipment	Assets under constructi on	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Cost or valuation
As of 1 January 2023	4,093	1,732	3,110	1,745	-	10,680
Increase	-	-	345	411	4	760
Exchange rate differences	-	-		(23)	-	(23)
Disposals			(132)	(116)		(248)
Business combination Estonia	-	-	30	173	-	203
As of 31 December 2023	4,093	1,732	3,353	2,190	4	11,372
Reclassification	-	-	328	(328)	-	-
As of 1 January 2024	4,093	1,732	3,680	1,862	4	11,372
Increase	-	-	730	10	23	762
Exchange rate differences	-	-	-	18	-	18
Disposals	-	-	(195)	(91)	(25)	(311)
Transfer			3	(3)	-	-
Revaluation increase	1048	628	-	-	-	1,675
As of 31 December 2024	5,141	2,360	4,218	1,796	3	13,517
Accumulated depreciation and impairment
As of 1 January 2023	1,465	-	2,295	1,102	-	4,862
Depreciation during the year	263	-	431	354	-	1,049
Exchange rate differences	-	-	-	(23)	-	(23)
Disposal	-	-	(131)	(105)	-	(236)
Business combination Estonia	-	-	21	92	-	113
As of 31 December 2023	1,728	-	2,617	1,420	-	5,765
Reclassification	-	-	186	(186)	-	-
As of 1 January 2024	1,728	-	2,803	1,234	-	5,765
Depreciation during the year	263	-	579	157	-	999
Exchange rate	-	-	-	16	-	16
differences Disposal	-	-	(195)	(90)	-	(284)
As of 31 December 2024	1,991	-	3,188	1,317	-	6,496
Carrying value
As at 31 December 2024	3,150	2.360	1.030	478	3	7,021
As at 31 December 2023	2,365	1.732	736	770	4	5,607
As at 1 January 2023	2,628	1.732	815	643	-	5,818
Including:
At a cost		-	- 1,030	478	-	1,508
According to the 2024 valuation	3,150	2,360		- -	-	5,509

19. Property, plant and equipment (continued)

	Company
	Buildings		Land	equipment	Computer	Other equipment	Assets under construction	Total
	'000 EUR	'000 EUR			'000 EUR	'000 EUR	'000 EUR	'000 EUR
Cost or valuation
As of 1 January 2023	4,093		1,732	2,670		1,108	-	9,604
Increase	-		-		305	240	1	545
Disposals	-		-	(53)		(95)	-	(148)
As of 31 December 2023	4,093		1,732	2,922		1,253	1-	10,000
Reclassification	-		-		327	(327)	-	-
As of 1 January 2024	4,093		1,732	3,249		925	1	10,000
Increase	-		-		717	(13)	-	704
Disposals	-		-	(190)		(11)	(1)	(201)
Bonsai Merger	-		-		125	59	-	184
Ekobit Merger	-		-		216	26	-	242
Revaluation increase	1,048		628		-	-	-	1,675
As of 31 December 2024	5,141		2,360	4,118		986	-	12,604
Accumulated depreciation and impairment
As of 1 January 2023	1,465		-	1,943		673	-	4,081
Depreciation during the year	263		-		359	181	-	804
Disposal	-		-	(53)		(93)	-	(146)
As at 31 December 2023	1,728		-	2,250		761	-	4,739
Reclassification	-		-	186		(186)	-	-
As of 1 January 2024	1,728		-	2,436		575	-	4,739
Depreciation during the year	263		-	543		75	-	881
Disposal Bonsai Merger	- -		- -	(183)	93	(10) 28	- -	(193) 121
Ekobit Merger	-		-		214	20	-	234
As of 31 December 2024	1,991		-	3,102		688	-	5,782
Carrying value
As at 31 December 2024		3,150		2,360	1,015	298	-	6,822
As at 31 December 2023		2,365		1,732	672	492	1	5,261
As at 1 January 2023		2,628		1,732	727	435	-	5,522
Including:

At a cost		-		-	1,015	298	-	1,313
According to the 2024 valuation		3,150	2,360		-	-	-	5,509

Investments in tangible assets of Span Group are largely related to expenses for the acquisition and replacement of worn-out computer and other equipment necessary for the work of employees.

19. Property, plant and equipment (continued)

Measuring the fair value of buildings owned by the Group and the Company

The Group and the Company's buildings are stated at their revalued amounts, being the fair value at the date of revaluation, less any subsequent accumulated depreciation and subsequent accumulated impairment losses.

The fair value measurements have been classified as level 3, in accordance with inputs used in the valuation.

The assessment of the value of buildings and land was made in February 2025. While assessing the value of buildings and freehold land, the independent appraiser disclosed in their report to have used the comparison approach method, having determined for it to be the most adequate method considering the location, land registry, and cadastral status of the property owned by the Company. Inter alia, the comparison approach method considers and assesses the quality of the building and its position at a similar location for a comparable building type. The valuation of buildings and land was not made in 2024 and 2023, and accordingly there was no revaluation.

Details of the Group and Company's buildings and information about the fair value hierarchy as at the end of the reporting period are as follows:

	Level 2	Level 3	Fair value as at 31/12/2024
	'000 EUR	'000 EUR	'000 EUR
Land Buildings	- -	2,360 3,150	2,360 3,150
	Level 2	Level 3	Fair value as at 31/12/2023
	'000 EUR	'000 EUR	'000 EUR
Land Buildings	- -	1,732 2,365	1,732 2,365

Assets pledged as a security

A portion of the loans received have been secured by the Company's pledged assets (registered office building) of net carrying value of 3,150 thousand euros (2023: 2,365 thousand euros).

In the event that the lands and buildings of the Group and the Company, are valued at historical cost, their book amounts would be as follows:

	31/12/2024	31/12/2023
	'000 EUR	'000 EUR
Land	765	765
Buildings	927	1,044
	1,692	1,809

19.1. Transactions with related parties

Related parties are companies in which the Company has ownership of business shares. i.e. companies that are part of the Group, and associated ownership and associated companies. All related party transactions are based on normal business and market conditions. The balances sheets of receivables and liabilities between the Company and its related parties at the date of the statement of financial position are as follows:

	Loans and receivables		Liabilities
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Span d.o.o., Slovenia	602	285	194	56
Trilix d.o.o., Croatia	1	4	10	4
Span USA Inc., SAD	-	97	(43)	-
Span LLC, Ukraine	14	2	5	17
Span Swiss AG, in liquidation, Switzerland	59	38	-	-
Span Azerbaijan LLC, Azerbajdžan	-	14	6	12
Bonsai d.o.o., Croatia	-	5	-	73
Span IT Ltd., UK	-	-	4	1
Ekobit d.o.o., Croatia	-	-	-	57
Institution Span Cybersecurity Center, Zagreb	9	13	-	1
Span LLC, Georgia	88	1	-	-
Total	774	460	176	221

Transactions reported in the statement of comprehensive income for 2024 and 2023 were as follows:

	Revenue		Expenses
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Span d.o.o. Slovenia	19,302	16,456	918	717
Span USA Inc. SAD	342	812	263	-
Trilix d.o.o. Croatia	20	16	57	34
Bonsai d.o.o. Croatia	22	55	899	1,957
Span LLC, Ukraine	1	2	71	50
Span Azerbaijan LLC, Azerbajdžan	29	43	83	50
Span IT Ltd., UK	-	-	21	17
Ekobit d.o.o., Croatia	20	-	307	820
Institution Span Cybersecurity Center, Zagreb	52	23	68	1
Fintech digital services d.o.o. Croatia	1	1	-	-
Span LLC, Georgia	-	1	-	-
GT Tarkvara OU, Estonia	-	-	10	-
Total	19,790	17,409	2,697	3,647

19.2. Remuneration of key management personnel

Remuneration of directors, i.e. key management of the Group and the Company is provided below. Key management personnel include 4 members (2023: 5).

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Short-term employee benefits	1,183	2,390	1,183	2,390

20. Right-of-use assets

In its first application of IFRS 16, the Group and Company used the following practical exemptions as allowed by the standard: exemptions from recognizing lease contracts that as at their commencement date have a lease period of 12 months or short-term leases of low value assets.

The Group and the Company have business premises and company vehicles in operating lease. Lease contracts are usually concluded for a period from 3 to 5 years.

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Right-of-use assets - Vehicles Right-of-use assets - Business premises	869	704	861	658
	1,854	1,089	1,686	651
	2,722	1,792	2,547	1,309

20. Right-of-use assets (continued)

		Group
Right-of-use assets	Business premises	Vehicles	Total
	'000 EUR	'000 EUR	'000 EUR
Acquisition Cost
As of 1 January 2023	2,791	1,598	4,390
Increase	541	420	961
Decrease	(310)	(641)	(950)
As of 31 December 2023	3,023	1,378	4,401
As of 1 January 2024	3,023	1,378	4,401
Increase	1,947	464	2,411
Decrease	(138)	(302)	(440)
Exchange rate differences	(2)	-	(2)
As of 31 December 2024	4,830	1,540	6,370
Accumulated Depreciation
As of 1 January 2023	1,233	947	2,181
Depreciation for the year	999	301	1,300
Decrease	(298)	(574)	(872)
As of 31 December 2023	1,934	674	2,609
As of 1 January 2024	1,934	674	2,609
Depreciation for the year	1,042	296	1,338
Decrease	-	(299)	(299)
Exchange rate differences	(1)	-	(1)
As of 31 December 2024	2,976	671	3,647
Carrying amount
As of 31 December 2024	1,854	869	2,722
As of 31 December 2023	1,089	704	1,792

20. Right-of-use assets (continued)

	Company
Right-of-use assets	Business	Vehicle	Total
	premises
	'000 EUR	'000 EUR	'000 EUR
Acquisition Cost
As of 1 January 2023	1,898	1,336	3,234
Increase	400	410	810
Decrease	(240)	(465)	(705)
As of 31 December 2023	2,058	1,281	3,339
As of 1 January 2024	2,058	1,281	3,339
Increase	1,759	464	2,223
Decrease	-	(280)	(280)
Bonsai Merger	109	54	163
Ekobit Merger	26	-	26
As of 31 December 2024	3,952	1,519	5,471
Accumulated Depreciation
As of 1 January 2023	932	792	1,725
Depreciation during the year	715	262	976
Decrease	(240)	(431)	(671)
As of 31 December 2023	1,407	623	2,030
As of 1 January 2024	1,407	623	2,030
Depreciation during the year	844	284	1,128
Decrease	-	(278)	(278)
Bonsai Merger	4	30	33
Ekobit Merger	11	-	11
As of 31 December 2024	2,266	658	2,924
Carrying value
As of 31 December 2024	1,686	861	2,547
As of 31 December 2023	651	658	1,309

	Group		Company
Amounts recognized in profit and loss	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Depreciation costs for right-of-use assets	1,338	1,300	1,128	976
Business premises	1,042	999	844	715
Vehicles	296	301	284	262
Interest expense on lease liabilities	106	91	95	69
Business premises	62	51	51	33
Vehicle	44	40	44	36
Expenses related to short-term leases	519	833	424	679

20. Right-of-use assets (continued)

	Group
	Within five years	Total
	'000 EUR	'000 EUR
Options to extend expected to be exercised	3,464	3,464
	3,464	3,464

	Company
	Within five years	Total
	'000 EUR	'000 EUR
Options to extend expected to be exercised	2,831	2,831
	2,831	2,831

21. Investments in financial assets

	Short-term
	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Financial assets measured at amortised cost
Bank deposits	325	336	-	-
Given advances	10	-	88	-
Finance lease receivables	-	-	24	74
	335	336	112	74
Financial assets measured at fair value
Investment in securities	206	100	-	-
	206	100	-	-
Total	540	436	112	74

	Long-term
	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Financial assets measured at amortised cost
Bank deposits	-	26	-	-
Receivables for tender guarantees	48	54	45	33
Receivables for lease guarantees	5	6	-	-
Depositary receipts and convertible notes	30	127	22	22
Finance lease receivables	-	-	-	57
Total	83	213	67	112

The current value of receivables for deposits and guarantees are considered a reasonable assessment of their fair value.

Impairment of financial assets

There has been no change in the estimation techniques or significant assumptions made during the current reporting period in assessing the loss allowance for these financial assets.

21.1. Investments in subsidiaries

Subsidiaries are all companies over which the Company has control over financial and business policies. which includes more than half of the voting rights. During 2024, the companies Bonsai d.o.o. and Ekobit d.o.o. were merged with the Company, and an agreement was concluded on the sale of 30% of the business shares of the affiliated company Trilix d.o.o. By concluding this agreement, Span became the owner of 90% of the business shares of Trilix, while the remaining 10% of the business shares constitute Trilix's own share. In addition, companies in Moldova and Georgia were recapitalized. The company Span B.V., Netherlands and the Span Cybersecurity Center Institution, Zagreb were established. The company Span Cybersecurity Center d.o.o. changed its name to Cybersecurity Incubator d.o.o. The company Span B.V. in Amsterdam, Netherlands was established in December 2024, and the share capital was paid in January 2025.

		31/12/2024	31/12/2023
	Ownership and voting rights	'000 EUR	'000 EUR
Ekobit d.o.o., Zagreb	100%	-	4,955
Span d.o.o., Slovenia	100%	395	395
Span CKS d.o.o., Zagreb	100%	350	350
Span LLC, Ukraine	100%	310	310
Trilix d.o.o., Zagreb	100%	543	143
Span Swiss AG, Switzerland	100%	-	-
Span-IT s.r.l., Moldova	100%	176	116
Span GmbH, Germany	100%	-	-
Bonsai d.o.o., Zagreb	100%	-	46
Span USA Inc., SAD	100%	15	15
GT Tarkvara, Estonia	100%	10,427	10,427
Span LLC, Georgia	100%	124	50
Institution Span Cybersecurity Center, Zagreb	100%	100	-
Span B.V. in Amsterdam, Netherlands	100%	-	-
Total		12,441	16,808

	31/12/2024	31/12/2023
(in thousands of eur)
Balance at the beginning of the year	16,808	6,251
Acquisitions/establishments	634	10,628
Mergers	(5,001)	-
Value adjustments	-	(71)
Balance at the end of the year	12,441	16,808

22. Investments in associates

		Place of	Ownership share in %
Associate name Main activity		establishment and business	31/12/2024	31/12/2023
Fintech Digital Services d.o.o.	Computer and related activities	Zagreb, Republic of Croatia	35	35
		Group
Associate name	Place of foundation and business	Investment value	Establishment of an associated company	Share in the result for 2024	Investment value
		31/12/2023 '000 EUR	'000 EUR	'000 EUR	31/12/2024 '000 EUR
Fintech Digital Services d.o.o.	Zagreb, Republic of Croatia	262	-	(1)	260
Total		262	-	(1)	260
		Company
Associate name	Place of foundation and business	Investment value	Establishment of an associated company
Fintech Digital Services d.o.o.	Zagreb, Republic of Croatia	266	266
		266	266

23. Inventories

Merchandise inventories predominantly refer mainly to hardware purchases for familiar customers and exceptionally this year to licenses for 2025, and for which the invoice was received on 31/12/2024. These licenses were sold on 1/1/2025.

The purchase value of licenses and hardware, which is expressed as an expense for the Group in the current year. amounts to EUR 119,696 thousand (2023: EUR 90,695 thousand), and for the Company it is EUR 63,217 thousand (2023: EUR 60,512 thousand).

At the end of each business year, the Group and Company examine the net realizable value of inventories and adjust the value of inventories older than 1 year.

The cost or the expense of inventories recognized as expenditures amount, for both the Group and the Company amounts to EUR 12 thousand (2023: EUR 2 thousand) and refers to the value adjustment of inventories up to net realisable value. Value adjustment of inventories has been reversed for inventories sold in the amount of EUR 5 thousand (2023: EUR 4 thousand).7

The inventories value of EUR 280 thousand (2023: EUR 275 thousand) for the Group and EUR 278 thousand (2023: EUR 261 thousand) for the Company is expected to be realized very quickly, within 12 months the latest.

Group		Company
31/12/2024	31/12/2023	31/12/2024	31/12/2023
'000 EUR	'000 EUR	'000 EUR	'000 EUR
		7	17
271	244	271	244
280	275	278	261
	9	31

24. Trade and other receivables

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Domestic trade receivables	19,250	21,570	9,342	7,821
Foreign trade receivables	6,645	6,133	6,314	5,526
Impairment of trade receivables	(1,585)	(1,069)	(40)	(33)
Prepaid expenses	1,197	1,333	901	1,534
VAT receivables	45	199	37	107
Related parties' receivables	-	-	628	422
Accrued income	3,393	2,584	3,091	2,147
Income tax receivables	164	354	131	84
Other receivables	659	415	289	194
Total	29,768	31,519	20,693	17,802

The average credit period for the sale of goods for the Group is 54 days and for the Company 48 days (2023: Group 54 days, Company 43 days). Interest is not calculated for outstanding trade receivables.

The Group and Company always measure impairment of trade receivables in the amount equivalent to lifetime ECL. The expected credit losses on trade receivables are estimated using a provision matrix by reference to past default experience of the debtor and an analysis of the debtor's current financial position, adjusted for factors that are specific to the debtors, general economic conditions of the industry in which the debtors operate and an assessment of both the current as well as the forecast direction of conditions as at the reporting date.

The impairment of trade receivables is mostly related to the value adjustment of receivables in Span d.o.o., Slovenia for Studio Moderna.

Changes in expected credit losses on trade receivables

	Group		Company
	31/12/2024 31/12/2023		31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Opening balance	1,069	399	33	314
Movement of loss allowance	21	65	1	22
Amount recovered during the year	-	(388)	-	(303)
Individual value adjustments	495	992	6	-
Closing balance	1,585	1,069	40	33

The Group and Company write off a trade receivable when there is information indicating that the debtor is in severe financial difficulty and there is no realistic prospect of recovery, e.g. when the debtor has been placed under liquidation or has entered bankruptcy proceedings, or in the case of trade receivables, when the amounts are over two years past due, whichever occurs sooner. In addition to the written off trade receivable for Studio Moderna, no written-off trade receivables are subject to enforcement activities.

As the Group and Company's historical credit loss experience does not show significantly different loss patterns for different customer segments, the provision for loss allowance based on past due status is not further

Notes to financial statements

For the year ended 31 December 2024

Estimated total gross carrying amount at

24. Trade and other receivables (continued)

SPAN d.d. and its subsidiaries 67

Customer Receivables - Overdue

Expected credit losses 0.02% 0.51% 10.59% 3.8% 4.71% 17.86%

Expected credit losses 0.03% 0.98% 3.07% 7.72% 6.83% 45.72%

Customer Receivables - Overdue

Expected credit losses 0.03% 0.11% 1.63% 3.47% 6.17% 50.00%

Expected credit losses 0.05% 0.16% 3.33% 6.81% 8.31% 49.95%

31/12/2024 Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total

default 22,524 2,314 ⁴¹⁴ ⁷⁷ ⁶⁰ ⁸¹ 25,471 Lifetime ECL 5 12 44 3 3 14 81

31/12/2023 Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total

default 23,371 2,720 ⁴⁴¹ ⁷⁵ ¹⁶ ²⁶ 26,647 Lifetime ECL 7 26 14 6 1 12 65

31/12/2024 Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total

Estimated total gross carrying amount at default 14,105 1,796 242 74 34 15 16,266 Lifetime ECL 4 2 4 3 2 8 23

31/12/2023 Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total

Estimated total gross carrying amount at default 11,985 1,499 176 58 11 6 13,736 Lifetime ECL 6 2 6 4 1 3 22

Group

'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR

Company

'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR

24. Trade and other receivables (continued)

31/12/2024	Group
	Customer Receivables - Overdue
	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Expected credit losses	0.02%	0.51%	10.59%	3.8%	4.71%	17.86%
Estimated total gross carrying amount at default	22,524	2,314	414	77	60	81	25,471
Lifetime ECL	5	12	44	3	3	14	81

	Customer Receivables - Overdue
31/12/2023	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
Expected credit losses	'000 EUR 0.03%	'000 EUR 0.98%	'000 EUR 3.07%	'000 EUR 7.72%	'000 EUR 6.83%	'000 EUR 45.72%	'000 EUR
Estimated total gross carrying amount at default	23,371	2,720	441	75	16	26	26,647
Lifetime ECL	7	26	14	6	1	12	65

	Company
		Customer Receivables - Overdue
31/12/2024	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Expected credit losses	0.03%	0.11%	1.63%	3.47%	6.17%	50.00%
Estimated total gross carrying amount at default	14,105	1,796	242	74	34	15	16,266
Lifetime ECL	4	2	4	3	2	8	23

Customer Receivables - Overdue
31/12/2023	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Expected credit losses	0.05%	0.16%	3.33%	6.81%	8.31%	49.95%
Estimated total gross carrying amount at default	11,985	1,499	176	58	11	6	13,736
Lifetime ECL	6	2	6	4	1	3	22

For the year ended 31 December 2024

25. Borrowings

		Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
Borrowings at amortised cost	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Long-term
OTP bank d.d.	-	33	-	33
	-	33	-	33
Borrowings at amortised cost
Short-term
Zagrebačka banka d.d.	1,007	-	1,007	-
OTP bank d.d.	2,038	1,404	2,038	1,404
Privredna banka Zagreb bank d.d.	2,310	-	2,310	-
Raiffeisenbank Austria d.d.	167	670	167	670
	5,522	2,073	5,522	2,073
Total	5,522	2,107	5,522	2,107
	2024.	2023.	2024.	2023.
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Balances as at 1 January	2,107	937	2,107	937
New loans	10,999	2,630	12,999	2,550
Loan repayments	(7,600)	(1,466)	(9,600)	(1,386)
Accrued Interest	242	55	242	47
Interest repayment	(226)	(49)	(226)	(42)
Total	5,522	2,107	5,522	2,107

Loans to subsidiaries
Short-term	Company
(in thousands of euros)	31/12/2024	31/12/2023
Balance as of January 1	38	-
New loans	554	38
Loan repayments	(450)	-
Foreign exchange differences	3	-
Interest expense	3	-
Interest repayments	(2)	-
Total	146	38

Borrowings at amortised cost

Loans to subsidiaries

Short-term Company

Balance as of January 1

(in thousands of euros) 31/12/2024 31/12/2023

New loans 554 38 Loan repayments (450) - Foreign exchange differences 3 - Interest expense 3 - Interest repayments (2) - Total 146 38

25. Borrowings

Long-term

Short-term

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 68

Group Company 31/12/2024 31/12/2023 31/12/2024 31/12/2023

- 33 - 33

5,522 2,073 5,522 2,073

1. 1. 1. '000 EUR '000 EUR '000 EUR '000 EUR

-

Borrowings at amortised cost '000 EUR '000 EUR '000 EUR '000 EUR

OTP bank d.d. - 33 - 33

Zagrebačka banka d.d. 1,007 - 1,007 - OTP bank d.d. 2,038 1,404 2,038 1,404 Privredna banka Zagreb bank d.d. 2,310 - 2,310 - Raiffeisenbank Austria d.d. 167 670 167 670

Total 5,522 2,107 5,522 2,107

Balances as at 1 January 2,107 937 2,107 937 New loans 10,999 2,630 12,999 2,550 Loan repayments (7,600) (1,466) (9,600) (1,386) Accrued Interest 242 55 242 47 Interest repayment (226) (49) (226) (42) Total 5,522 2,107 5,522 2,107

25. Borrowings (continued)

Analysis of foreign currency borrowings:

Other main features of the Group and the Company's borrowings are as follows:

(i) The company does not use overdrafts.
(ii) The Company has six bank loans:

(a) A loan of EUR 1,007 thousand, which was agreed in October 2024 with Zagrebačka banka d.d. for a period of 6 months (2023: EUR 0 thousand) from a multi-purpose facility of EUR 7,000 thousand, which is active at the reporting date. The facility is negotiated and renewed annually, and its maturity date is June 2025. The reference interest rate applied to the drawn down loan is 3-month EURIBOR increased by an interest margin of 1.10% per annum, variable. The loan is secured by a promissory note issued by the Company.

(b) A loan of EUR 33 thousand (2023: EUR 434 thousand), which was agreed in June 2019 with OTP banka d.d. for financing suppliers and other liabilities. The loan is secured by debentures and bills of exchange issued by Group companies and by the Company's pledged assets (headquarters building). The loan bears an interest rate of 1.80% per annum, variable.

(c) A loan of EUR 2,005 thousand, which was agreed in August 2023 with OTP banka d.d. for a period of 6 months (2023: EUR 1,003 thousand) from a multi-purpose facility of EUR 7,000 thousand, which is active at the reporting date. The facility is negotiated and renewed annually, and its maturity date is September 2025. The reference interest rate applied to the drawn down loan is 1-month EURIBOR increased by an interest margin of 1.00% per annum, variable. The loan is secured by the Company's pledged assets (headquarters building) and debentures and bills of exchange issued by Group companies.

(d) Revolving loan of EUR 2,007 thousand, which was agreed in April 2024 with Privredna banka Zagreb d.d. for a term of 12 months (2023: EUR 0 thousand) from a multipurpose facility of EUR 6,000 thousand, which is active at the reporting date. The facility is agreed and renewed annually, and its maturity date is September 2025. The reference interest rate for the 1-month EURIBOR increased by an interest margin of 1.17% per annum, variable, is applied to the drawn loan. The loan is secured by a promissory note issued by the Company.

(e) Revolving loan of EUR 303 thousand, which was agreed in February 2024 with Privredna banka Zagreb d.d. for a term of 12 months (2023: EUR 0 thousand) from a multipurpose facility of EUR 6,000 thousand, which is active at the reporting date. The facility is contracted and renewed annually, and its maturity date is September 2025. The reference interest rate for the 1-month EURIBOR plus an interest margin of 1.17% per annum, variable, is applied to the drawn down loan. The loan is secured by a promissory note issued by the Company.

(f) A loan of EUR 167 thousand, which was contracted in February 2024 with Raiffeisenbank Austria d.d. for a period of 12 months (2023: EUR 670 thousand) from a multi-purpose facility of EUR 4,000 thousand, which is active at the reporting date. The facility is contracted and renewed annually, and its maturity date is July 2025. The reference interest rate for the 3-month EURIBOR plus an interest margin of 1.20% per annum, variable, is applied to the drawn down loan. The loan is secured by a promissory note issued by the Company.

Analysis of borrowings by currency	Group		Company
	2024.	2023.	2024.	2023.
(in thousands of euros)
Bank loans	5,522	2,107	5,522	2,107
	5,522	2,107	5,522	2,107

For the year ended 31 December 2024

26. Deferred tax

The following is an overview of deferred tax liabilities and assets reported by the Group and the Company and their movement during the reporting period.

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Deferred tax liability	(835)	(581)	(835)	(412)
Deferred tax assets	1,158	1,724	933	1,145
	323	1,143	98	733

	Group				Company
Deferred tax assets	Tax incentive s	Tax losses	Other	Total	Tax incentive s	Other		Total
(in thousands of euros)
As at 1 January 2023	1,423	225	13	1,661	1,328		13	1,341
Increase/(decrease) of deferred tax assets	49	23	(8)	63	(188)		(8)	(196)
As at 31 December 2023	1,472	248	4	1,724	1,140		4	1,145
Increase/(decrease) of deferred tax assets	(545)	(23)	2	(566)	(213)		2	(211)
As at 31 December 2024	927	225	6	1,158	927		6	933

Group Company

Deferred tax liability	Revaluation of the building and land	Acquisiti -on of Ekobit	Total	Revaluation of the building and land	Acquisiti -on of Ekobit	Total
(in thousands of euros)
As at 1 January 2023	438	209	647	438	-	438
Increase/(decrease) of deferred tax assets	(26)	(40)	(67)	(26)	-	(26)
As at 31 December 2023	412	169	581	412	-	412
Increase/(decrease) of deferred tax assets	275	(21)	254	275	148	423
As at 31 December 2024	687	148	835	687	148	835

Deferred tax liability refers to the revaluation of land and buildings owned by the Group and the Company, the impact of which was recognized in other comprehensive income. Deferred tax assets represent the corporate tax amounts that are recoverable based on future deductions of taxable profit and recognized in the statement of financial position. Deferred tax assets are recognized up to the amount of the tax revenues which are likely to be realised. When determining future taxable profit and amount of tax revenues that are likely to be realised in the future, the Group and Company make judgements and estimates based on taxable profit from prior years and expectations of future revenues that are considered reasonable in the current circumstances. The Group and the Company recognized deferred tax assets mainly based on approved incentive measures that the Company expects to use for exemption from paying income tax.

For the year ended 31 December 2024

27. Lease liabilities

Notes to financial statements

26. Deferred tax

Deferred

income tax.

Deferred tax assets

(in thousands of euros)

Deferred tax liability

(in thousands of euros)

Increase/(decrease) of

Increase/(decrease) of deferred

For the year ended 31 December 2024

movement during the reporting period.

SPAN d.d. and its subsidiaries 70

Acquisiti -on of Ekobit

The following is an overview of deferred tax liabilities and assets reported by the Group and the Company and their

tax liability (835) (581) (835) (412)

tax assets 1,158 1,724 ⁹³³ 1,145

Tax

Tax incentive

Revaluation of the building and land

Group Company 31/12/2024 31/12/2023 31/12/2024 31/12/2023 '000 EUR '000 EUR '000 EUR '000 EUR

323 1,143 98 733

losses Other Total

As at 1 January 2023 1,423 225 13 1,661 1,328 13 1,341

tax assets ⁴⁹ ²³ (8) ⁶³ (188) (8) (196) As at 31 December 2023 1,472 248 4 1,724 1,140 4 1,145

tax assets (545) (23) ² (566) (213) ² (211) As at 31 December 2024 927 225 6 1,158 927 6 933

As at 1 January 2023 438 209 647 438 - 438

deferred tax assets (26) (40) (67) (26) - (26) As at 31 December 2023 412 169 581 412 - 412

deferred tax assets 275 (21) 254 275 148 423 As at 31 December 2024 687 148 835 687 148 835

Group Company

Revaluation of the building and land

Total

Tax incentive

Other Total

Acquisiti -on of Ekobit

Total

The Group and the Company are not exposed to substantial liquidity risk in terms of their lease liabilities.

		Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Lease liabilities – long-term	1,473	947	1,436	752
Lease liabilities - short-term	1,303	938	1,159	665
Total	2,777	1,884	2,595	1,417

Lease liabilities refer to the lease of business premises and company vehicles recognized in line with the provisions of IFRS 16 Leases.

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Maturity overview:
1st year	1,342	989	1,184	713
2nd year	1,130	551	1,103	401
3rd year	264	242	264	204
4th year	146	158	146	154
5th year	59	42	59	42
More than 5 years	-	-	-	-
	2,941	1,982	2,756	1,514
Less: unearned interest	(165)	(98)	(161)	(97)
	2,777	1,884	2,595	1,417
Analysed as:
Non-current	1,473	947	1,436	752
Current	1,303	938	1,159	665
	2,777	1,884	2,595	1,417

28. Trade and other payables

Trade payables and liabilities accounted for mainly comprise outstanding amounts for purchasing trade goods and current costs. The average credit period for the purchase of goods for the Group is 55 days and for the Company 52 days (2023: Group 53 days, Company 45 days). For most suppliers interest on trade payables is not calculated for the first 180 days from the invoicing date. Afterwards, interest is calculated for open balances by using different interest rates. The Group and the Company have financial risk management policies in place to ensure that all payables are paid within the agreed credit terms.

The Management Board believes that the carrying amount of trade payables approximates their fair value.

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Domestic suppliers	8,592	6,949	6,479	5,346
Foreign suppliers	13,477	12,692	5,700	4,755
Replated party payables	-	-	176	294
VAT payable	1,948	2,345	602	463
Amounts due to employees	2,049	1,781	1,677	1,275
Accrued expense	2,863	1,826	740	515
Taxes and contributions on employee salaries	1,165	1,017	1,063	802
Advances received	606	465	292	209
Income tax liabilities	343	-	-	-
Other liabilities	2,073	2,005	534	312
Total	33,116	29,080	17,263	13,971

The Group's liabilities to foreign suppliers in 2024 mostly relate to liabilities to Microsoft Ireland Operations Ltd. Dublin, Ireland for resale licenses.

29. Share Capital

The share capital comprises of 1,960,000 shares with a nominal value of EUR 2 per share.

The Group's total capital and reserves increased by EUR 3,430 thousand. On 2.7.2024, the Company paid a dividend of EUR 586 thousand to the account of the Central Depository and Clearing Company (CDCC), which was paid to shareholders on 5.7.2024.

As of 31 December 2024, the Company held 8,802 (2023: 15,673) of its own shares.

The Company has one type of shares that do not carry the right to a fixed yield.

The Company has no losses in 2024 and no losses carried forward from previous years.

For the year ended 31 December 2024

30. Capital Reserves

Notes to financial statements

28. Trade and other payables

paid within the agreed credit terms.

Taxes and contributions on employee

Ireland for resale licenses.

shareholders on 5.7.2024.

29. Share Capital

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 72

Domestic suppliers 8,592 6,949 6,479 5,346 Foreign suppliers 13,477 12,692 5,700 4,755 Replated party payables - - 176 294 VAT payable 1,948 2,345 602 463 Amounts due to employees 2,049 1,781 1,677 1,275 Accrued expense 2,863 1,826 740 515

salaries 1,165 1,017 1,063 802 Advances received 606 465 292 209 Income tax liabilities 343 - - - Other liabilities 2,073 2,005 534 312 Total 33,116 29,080 17,263 13,971

The Group's liabilities to foreign suppliers in 2024 mostly relate to liabilities to Microsoft Ireland Operations Ltd. Dublin,

The share capital comprises of 1,960,000 shares with a nominal value of EUR 2 per share.

As of 31 December 2024, the Company held 8,802 (2023: 15,673) of its own shares.

The Company has no losses in 2024 and no losses carried forward from previous years.

The Company has one type of shares that do not carry the right to a fixed yield.

Group Company 31/12/2024 31/12/2023 31/12/2024 31/12/2023 '000 EUR '000 EUR '000 EUR '000 EUR

The Management Board believes that the carrying amount of trade payables approximates their fair value.

Capital reserves as of 31 December 2024 amount to EUR 8,802 thousand. The decrease in the amount of EUR 1,117 thousand occurred during the allocation of shares during the year as the difference in the share price on the date of redemption and on the date of allocation and as an effect of the merger of the company Bonsai d.o.o. and Trilix d.o.o.

31. Revaluation reserves

Property revaluation reserves

The reserve from the revaluation of property was formed in 2019 from the revaluation of land and buildings based on the assessment of an independent appraiser and was increased in 2024 based on a new estimate by an independent appraiser and to 31 December 2023., is amounted to 1,877 thousand euros, and as of 31 December 2024, it is amounted to 3,130 thousand euros.

Revaluation reserves may be realised once the asset is derecognized or gradually by using assets in the amount defined as the difference between depreciation based on the revalued carrying amount of assets and depreciation based on the original purchase cost. Realised revaluation reserve is transferred to retained earnings.

When selling revalued land or revalued buildings, a portion of the properties revaluation reserve referring to the assets sold is transferred directly to retained earnings. Other comprehensive income items included in the properties revaluation reserve are not subsequently transferred to profit or loss.

The Group and the Company decided to realise the revaluation reserve by gradually using assets and in 2024 they realised revaluation reserves in the amount of EUR 121 thousand.

For the year ended 31 December 2024

32. Non-controlling interests

On 1 April 2024, Span d.d. entered into an agreement to purchase 30% of the business shares of the subsidiary Bonsai d.o.o. By purchasing the remaining 30% of the shares of Bonsai, the Company acquired 100% ownership (Note 36). On 4 July 2024, Span d.d. entered into an agreement to purchase 30% of the business shares of the subsidiary Trilix d.o.o. By entering into this agreement, Span became the owner of 90% of the business shares of Trilix, while the remaining 10% of the business shares constitute Trilix's own share.

Below is an overview of summary information on all subsidiaries of the Company, in which the Company has material non-controlling interests. The summarised financial information below represents amounts before intra-Group eliminations

Non-controlling interest	Group
	2024.	2023.
	'000 EUR	'000 EUR
Opening balance	320	217
Decrease in non-controlling shares due to share aquistion	(320)	-
Shares in profits of the current year	-	102
Closing balance	-	320

Non-controlling interest

	2024.	2023.
	'000 EUR	'000 EUR
Non-controlling interest - Trilix d.o.o.
Balance as at 1 January	217	124
Attributed net profit and adjustment	-	93
Reduction of non-controlling interests based on share	(217)	-
Balance as at 31 December	-	217
Non-controlling interest - Bonsai d.o.o.
Balance as at 1 January	102	93
Attributed net profit and adjustment	-	9
Reduction of non-controlling interests based on share	(102)	-
Balance as at 31 December	-	102
Total	-	320

Notes to financial statements

Trilix d.o.o.

For the year ended 31 December 2024

32. Non-controlling interests (continued)

Total comprehensive profit attributable to the owners of the

Total comprehensive profit attributable to owners of non-controlling

SPAN d.d. and its subsidiaries 75

Current assets 1,589 1,277 Fixed Assets 79 104 Current liabilities (910) (647) Non-current liabilities (9) (36)

Equity attributable to owners of the Company 100% 60% Non-controlling interests 0% 40%

Revenues 2,570 2,608 Expenses (2,317) (2,370) Profit for the year 252 238 Profit attributable to the owners of the Company 252 143 Profits attributable to non-controlling interests - 95 Profit for the year 252 238

Company 252 143

holdings - 95 Total comprehensive profit of the current year 252 238

31/12/2024 31/12/2023 '000 EUR '000 EUR

32. Non-controlling interests (continued)

	31/12/2024 '000 EUR	31/12/2023 '000 EUR
Trilix d.o.o.
Current assets	1,589	1,277
Fixed Assets	79	104
Current liabilities	(910)	(647)
Non-current liabilities	(9)	(36)
Equity attributable to owners of the Company	100%	60%
Non-controlling interests	0%	40%
	31/12/2024	31/12/2023
	'000 EUR	'000 EUR
Revenues	2,570	2,608
Expenses	(2,317)	(2,370)
Profit for the year	252	238
Profit attributable to the owners of the Company	252	143
Profits attributable to non-controlling interests	-	95
Profit for the year	252	238
Total comprehensive profit attributable to the owners of the
Company	252	143
Total comprehensive profit attributable to owners of non-controlling holdings	-	95
Total comprehensive profit of the current year	252	238

For the year ended 31 December 2024

32. Owners of non-controlling holdings (continued)

	31/12/2024 '000 EUR	31/12/2023 '000 EUR
Bonsai d.o.o.
Current assets	-	848
Fixed Assets	-	277
Current liabilities	-	(689)
Non-current liabilities	-	(19)
Equity attributable to owners of the Company	100%	70%
Non-controlling interests	0%	30%
	31/12/2024	31/12/2023
	'000 EUR	'000 EUR
Revenues	1,096	2,530
Expenses	(1,322)	(2,498)
Profit for the year	(225)	31
Profit attributable to the owners of the Company	(225)	22
Profits attributable to non-controlling interests	-	9
Profit for the year	(225)	31
Total comprehensive profit attributable to the owners of the Company	(225)	22
Total comprehensive profit attributable to owners of non-controlling holdings	-	9
Total comprehensive profit of the current year	(225)	31

Notes to financial statements

34. Deferred income

35. Contractual liabilities

For the year ended 31 December 2024

33. Notes to the cash flow statement

equivalents at the end of the reporting period.

recognized by reference to the stage of completion of the contract.

d.o.o. and the purchase of business shares in the company GT Tarkvara, Estonia.

SPAN d.d. and its subsidiaries 77

The carrying amount of these assets is approximately equal to their fair value. Below is an overview of cash and cash

Cash in bank 24,362 14,372 8,993 4,830 Cash at hand 7 7 1 2 Total 24,368 14,379 8,994 4,832

Deferred income 2,714 4,489 2,618 4,299 Total 2,714 4,489 2,618 4,299

Deferred income refers to accruals and deferrals, i.e. income recognized in future periods in which the service is realised. Deferred income predominantly refers to advisory services regarding contracted projects with customers,

Contractual liabilities predominantly refer to the liabilities for the purchase of business shares in the company Trilix

Contractual liabilities – non-current 106 1,798 106 1,798 Contractual liabilities - current 2,255 1,899 2,255 1,899 Total 2,362 3,697 2,362 3,697

Group Company 31/12/2024 31/12/2023 31/12/2024 31/12/2023 '000 EUR '000 EUR '000 EUR '000 EUR

For the year ended 31 December 2024

33. Notes to the cash flow statement

The carrying amount of these assets is approximately equal to their fair value. Below is an overview of cash and cash equivalents at the end of the reporting period.

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Cash in bank	24,362	14,372	8,993	4,830
Cash at hand	7	7	1	2
Total	24,368	14,379	8,994	4,832

34. Deferred income

		Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Deferred income	2,714	4,489	2,618	4,299
Total	2,714	4,489	2,618	4,299

35. Contractual liabilities

Contractual liabilities predominantly refer to the liabilities for the purchase of business shares in the company Trilix d.o.o. and the purchase of business shares in the company GT Tarkvara, Estonia.

	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Contractual liabilities – non-current	106	1,798	106	1,798
Contractual liabilities - current	2,255	1,899	2,255	1,899
Total	2,362	3,697	2,362	3,697

36. Merger of subsidiaries

In 2024, the company merged the companies Ekobit d.o.o. and Bonsai d.o.o.

Bonsai d.o.o.

	Carrying value
(in thousands of euros)
2024.
Property, plant and equipment	63
Other intangible assets	84
Right-of-use assets	130
Deferred tax assets	41
Trade and other receivables	635
Cash in bank and petty cash	77
Lease liabilities	(131)
Trade and other payables	(649)
Deferred income	(89)
Net assets identified	160
	Total
(in thousands of euros)
Consideration paid in cash	796
Impact of the merger on the Company's capital	637
Fair value of net assets identified	160

The carrying amount stated in this note refers to the carrying amounts from the consolidation perspective (predecessor accounting method)

Ekobit d.o.o.

	Carrying value
(in thousands of euros)
2024.
Property, plant and equipment	8
Other intangible assets	1,443
Right-of-use assets	15
Investments in financial assets	110
Trade and other receivables	627
Cash in bank and petty cash	1,195
Lease liabilities	(15)
Trade and other payables	(335)
Deferred tax liability	(159)
Deferred income	(47)
Net assets identified	2,841

	Total
(in thousands of euros)
Consideration paid in cash	4,955
Impact of the merger on the Company's capital	532
Fair value of net assets identified	2,841
Goodwill	1,582

The carrying amount stated in this note refers to the carrying amounts from the consolidation perspective (predecessor accounting method)

Notes to financial statements

36. Merger of subsidiaries

(in thousands of euros)

accounting method)

(in thousands of euros)

accounting method)

Impact of the merger on the

Ekobit d.o.o.

2024.

Impact of the merger on the

Bonsai d.o.o.

2024.

For the year ended 31 December 2024

In 2024, the company merged the companies Ekobit d.o.o. and Bonsai d.o.o.

Property, plant and equipment 63 Other intangible assets 84 Right-of-use assets 130 Deferred tax assets 41 Trade and other receivables 635 Cash in bank and petty cash 77 Lease liabilities (131) Trade and other payables (649) Deferred income (89) Net assets identified 160

Consideration paid in cash 796

Company's capital⁶³⁷ Fair value of net assets identified 160

Property, plant and equipment 8 Other intangible assets 1,443 Right-of-use assets 15 Investments in financial assets 110 Trade and other receivables 627 Cash in bank and petty cash 1,195 Lease liabilities (15) Trade and other payables (335) Deferred tax liability (159) Deferred income (47) Net assets identified 2,841

Consideration paid in cash 4,955

Company's capital⁵³² Fair value of net assets identified 2,841 Goodwill 1,582

Carrying value

Total

The carrying amount stated in this note refers to the carrying amounts from the consolidation perspective (predecessor

Carrying value

Total

SPAN d.d. and its subsidiaries 78

The carrying amount stated in this note refers to the carrying amounts from the consolidation perspective (predecessor

For the year ended 31 December 2024

37. Financial instruments

(a) Groups and categories of financial instruments and their fair value

Levels of fair value indicators 1 to 3 shall be based on the degree of fair value measurability:

Level 1 fair value measurements are those derived from quoted prices (unadjusted) in active markets for identical assets or liabilities;
Level 2 fair value measurements are those derived from inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly (i.e. as prices) or indirectly (i.e. derived from prices); and
Level 3 fair value measurements are those derived from valuation techniques that include inputs for the asset or liability that are not based on observable market data (unobservable inputs).

During 2024, the property fair value measurements were classified as level 3 measurements

(b) Financial risk management objectives

The Group and the Company's finance function supports operations, co-ordinates access to domestic and international financial markets, monitors and manages the financial risks relating to the operations of the Group and the Company. These include market risk (including currency risk, interest rate risk, and price risk), then credit risk and liquidity risk.

The Group and the Company seek to minimise the effects of these risks by using financial instruments to hedge against the relevant exposures. The Company concluded a framework contract on derivative financial instruments for hedging against the interest and currency risk, as well as other risks that incur or may incur due to changes in prices, values etc.

(c) Market risk

The Group and the Company are primarily exposed to the financial risk of currency exchange rate changes in their business (see below). During 2023 and 2024, the Company contracted foreign exchange forward transactions to manage the exchange rate risk of USD and GBP currencies.

37. Financial instruments (continued)

(c) (i) Currency risk management

The Group and Company undertake transactions denominated in foreign currencies; consequently, exposures to exchange rate fluctuations arise. The Company concluded a contract on derivative financial instruments for hedging against the currency risk. The table below details the carrying amounts of the Group and Company's foreign currency denominated monetary assets and liabilities at the reporting date.

Group		31 December 2024
	EUR	USD	GBP	CAD	AUD	NOK	SEK	CZK
(in thousands of euros) Cash in bank and petty cash	49	1,637	249	-	-	-	-	178
Financial assets	-	88	-	-	-	-	-	-
Trade and other receivables	38	1,961	559	74	53	-	-	-
Borrowings	-	(107)	-	-	-	-	-	-
Trade and other payables	(42)	(5,963)	(12)	-	-	(23)	(6)	-
Net balance sheet exposure	45	(2,384)	797	74	53	(23)	(6)	178

	EUR	USD	GBP	CAD	AUD	NOK	SEK	CZK
(in thousands of euros)
Cash in bank and petty cash	48	2,585	104	-	-	-	-	2,455
Trade and other receivables	17	2,804	1,167	71	51	-	-	-
Long-term receivables from customers	-	105	-	-	-	-	-	-
Trade and other payables	-	(2,933)	(50)	-	-	(23)	(6)	-
Net balance sheet exposure	65	2,560	1,221	71	51	(23)	(6)	2,455

31 December 2023

For the year ended 31 December 2024

37. Financial instruments (continued)

(c) (i) Currency risk management (continued)

Company
	31 December 2024
	USD	GBP	CAD	AUD
(in thousands of euros)
Cash in bank and petty cash	491	249	-	-
Financial assets	88	-	-	-
Trade and other receivables	1,655	559	74	53
Trade and other payables	(154)	(12)	-	-
Net balance sheet exposure	2,080	797	74	53

		31 December 2023
	USD	GBP	CAD	AUD
(in thousands of euros)
Cash in bank and petty cash	1,164	104	-	-
Trade and other receivables	2,766	1,167	71	51
Trade and other payables	(237)	(50)	-	-
Net balance sheet exposure	3,694	1,221	71	51

37. Financial instruments (continued)

(c) (i) Currency risk management (continued)

Currency risk sensitivity analysis

The Group and the Company are primarily exposed to USD risk as a result of the sale of services to customers mainly from the USA and the GBP currency due to sales to customers from the UK. The following table analyses the Group and the Company's vulnerability to an increase and decrease in the euro exchange rate of 1% against relevant foreign currencies. The 1% sensitivity rate is the rate used in internal reports to key managers on currency risk and represents management's assessment of realistically possible currency exchange rate fluctuations. Sensitivity analysis includes only open cash items in foreign currency, and it is converted items adjusted for a change of 1% in year-end currency exchange rates. Sensitivity analysis includes certain receivables (trade and other receivables) and liabilities ((loan liabilities to financial institutions, trade payables, and other contractual liabilities) that are denominated in foreign currency. A positive number indicates an increase in profits and other principal if the value of the euro rises by 1% against the currency in question. In the event of a 1% drop in the value of the euro against the currency concerned, the impact on profit or principal would be the same but opposite, i.e. the amounts in the table would be negative.

The following exchange rates were applied

	2024	2023
EUR 1	1.0000	1.0000
USD 1	1.0444	1.1050
GBP 1	0.8295	0.8691
CAD 1	1.5035	1.4642
AUD 1	1.6756	1.6263
CHF 1	0.9435	0.9260
NOK 1	11.8455	11.2405
SEK 1	11.4865	11.0960
CZK 1	25.2260	24.7240

	Group		Company
	Appreciation	Depreciation	Appreciation	Depreciation
31 December 2024
USD (1% Change)	(24)	24	21	(21)
GBP (1% change)	8	(8)	8	(8)
CAD (1% change)	1	(1)	1	(1)
AUD (1% change)	1	(1)	1	(1)
CZK (1% change)	2	(2)	-	-
31 December 2023
EUR (1% change)	1	(1)	-	-
USD (1% Change)	26	(26)	37	(37)
GBP (1% change)	12	(12)	12	(12)
CAD (1% change)	1	(1)	1	(1)
AUD (1% change)	1	(1)	1	(1)
CZK (1% change)	25	(25)	-	-

Profit or loss

37. Financial instruments (continued)

(c) (ii) Interest rate risk management

The Group and the Company are exposed to interest rate risk because they borrow funds at fixed and floating interest rates. The Group and the Company manage the risk by maintaining an appropriate ratio of borrowing with fixed and floating interest. The Group and the Company's exposure to interest rates on financial assets and financial liabilities is described in more detail in the section of this note relating to liquidity risk management.

Interest rate risk sensitivity analysis

The following sensitivity analyses are based on exposure to interest rates on non-derivative instruments at the end of the reporting period. For liabilities related to the floating interest rate, the analysis was made on the assumption that the amount of liabilities stated at the date of the statement of financial position was valid throughout the year. A 1 % increase or decrease is used when reporting interest rate risk internally to key management personnel and represents management's assessment of the reasonably possible change in interest rates.

In the event that interest rates were 1% higher/lower while other variables were constant:

• the Company's profit of the current year ending 31 December 2024 would decrease/increase by EUR 45 thousand (2023: it would decrease/increase by EUR 17 thousand), which is mainly linked to the Company's exposure to variable interest rate borrowing.

Company
Interest rate risk
IN '000 EUR	2024	2023
Variable interest rate instruments
Loans and borrowings	5,466	2,100
Total	5,466	2,100
Interest rate increase by 1%	45	17

• The Group's profit of the current year ending 31 December 2024 would decrease/increase by EUR 45 thousand (2023: decrease/increase by EUR 17 thousand), which can mainly be linked to the Group's exposure to variable interest rate borrowings.

Group
Interest rate risk
IN '000 EUR	2024	2023

Variable interest rate instruments
Loans and borrowings	5,466	2,100
Total	5,466	2,100

Interest rate increase by 1%	45	17

37. Financial instruments (continued)

(d) Credit risk management

	Group	Company
	31/12/2024	31/12/2023
(in thousands of euros)
Customer 1	4,545	4,545
Customer 2	2,165	2,165
Customer 3	1,378	801
Customer 4	1,233	425
Customer 5	801	386
Customer 6	644	304
Customer 7	547	296
Customer 8	425	280
Customer 9	386	277
Customer 10	350	273
Total	12,475	9,752
Total receivables	25,267	15,656
Share in total receivables (%)	49.37%	62.29%

	Group	Company
	31/12/2024	31/12/2023
(in thousands of euros)
Customer 1	4,772	4,772
Customer 2	3,544	1,714
Customer 3	1,975	1,000
Customer 4	1,714	327
Customer 5	1,000	282
Customer 6	657	239
Customer 7	653	207
Customer 8	632	195
Customer 9	340	178
Customer 10	327	177
Total	15,615	9,091
Total receivables	27,252	13,348
Share in total receivables (%)	57.30%	68.11%

The Group and Company have adopted a policy of only dealing with creditworthy counterparties and obtaining sufficient collateral, where appropriate, as a means of mitigating the risk of financial loss from defaults. The Group and Company's exposure and the credit ratings of its counterparties are continuously monitored, and the aggregate value of transactions concluded is spread amongst approved counterparties.

Before accepting any new customer, a dedicated team responsible for the determination of credit limits uses an external credit scoring system to assess the potential customer's credit quality and defines credit limits by customer.

In addition, monitoring procedures have been put in place to ensure that the actions necessary to recover overdue debts are taken. The expected credit losses for trade receivables are estimated using a provisioning matrix based on experience with uncollected receivables and an analysis of the debtor's current financial position, aligned with the factors inherent in the debtor, the general economic conditions in their industry. and an assessment of the current and anticipated direction of movement of conditions. Apart from receivables for Studio Moderna, no writtenoff trade receivables are subject to forced collection. Furthermore, the Group and Company review the recoverable amount of each trade debt and debt investment on an individual basis at the end of the reporting period to ensure that adequate loss allowance is made for irrecoverable amounts. In this regard, the directors of the Company consider that the Group and Company's credit risk is significantly reduced. Trade receivables refer to many customers from different economic sectors and regions.

37. Financial instruments (continued)

(d) Credit risk management (continued)

Out of the total balance of trade receivables at the end of the year, 4,545 thousand euros (2023: 4,772 thousand euros) refers to the receivable from Buyer 1, the largest buyer of the Group and the Company. Apart from this, the Group and Company do not have significant credit risk exposure to any single counterparty or any group of counterparties having similar characteristics. The Company and Group consider counterparties having similar characteristics related parties.

As at 31 December 2024, the estimated loss allowance for the Group was EUR 1,585 thousand (2023: EUR 1,040 thousand) and for the Company EUR 40 thousand (2023: EUR 33 thousand) (note 24).

(d) (i) Collection insurance instruments and other credit improvements

Where appropriate, the Company and Group hold collateral to cover their credit risks associated with their financial assets and continuously monitor customers.

d)(ii) Overview of the Group's and The Company's exposures to credit risk

Credit risk refers to the risk that a counterparty will default on its contractual obligations resulting in financial loss to the Group and Company. As at 31 December 2024, , the Group and Company's maximum exposure to credit risk, without taking into account any collateral held or other credit enhancements, which will cause a financial loss to the Group and Company due to failure to discharge an obligation by the counterparties and financial guarantees provided by the Group arises from the carrying amount of the respective recognized financial assets as stated in the statement of financial position. For trade receivables, the Group and Company have applied the simplified approach in IFRS 9 to measure the loss allowance at lifetime ECL. The Group and Company determine the expected credit losses on these items by using a provision matrix, estimated based on historical credit loss experience based on the past due status of the debtors, adjusted as appropriate to reflect current conditions and estimates of future economic conditions. Thus, the credit risk profile of the relevant assets has been presented based on the past due status in relation to the Group's provision matrix.

For the year ended 31 December 2024

37. Financial instruments (continued)

d)(ii) Overview of the Group and the Company's exposures to credit risk (continued)

Group
31/12/2024	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
					'000 EUR	'000 EUR	'000 EUR
Trade and other receivables	24	N/a		Expected credit losses throughout the lifetime (simplified approach)	31,353	1,585	29,768
31/12/2023	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
					'000 EUR	'000 EUR	'000 EUR
Trade and other receivables	24	N/a		Expected credit losses throughout the lifetime (simplified approach)	32,559	1,069	31,490
Company

31/12/2024	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
					'000 EUR	'000 EUR	'000 EUR
Trade and other receivables	24	N/a		Expected credit losses throughout the lifetime (simplified approach)	20,733	40	20,693
31/12/2023	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
					'000 EUR	'000 EUR	'000 EUR

37. Financial instruments (continued)

(e) Liquidity risk management

Responsibility for liquidity risk management rests with the management, which has established an appropriate liquidity risk management framework for managing short, medium and long-term funding and liquidity. The Group and Company manage liquidity risk by maintaining adequate reserves and credit lines, continuously comparing the planned and realized cash flow by monitoring the maturity of claims and liabilities. Details on unused credit products available to the Group and Company to additionally decrease liquidity risk are provided below.

		Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Bank loans with different maturities until 2025, secured by collection instruments, which can be prolonged by mutual agreement:
– amount used	5,466	1,667	5,466	1,667
– amount unused	21,465	19,633	19,684	18,733
	26,931	21,300	25,150	20,400

The Group and the Company expect to meet their other obligations from operating cash flows and proceeds of maturing financial assets.

(e)(i) Liquidity and interest rate risk tabular analysis

The remaining period until the contract maturity of non-derivative financial liabilities of the Group and Company was analysed in the following tables. The tables have been drawn up based on the undiscounted cash outflows for financial liabilities in line with the earliest date when the Group and Company may demand payment. The tables detail cash flows from principal and interest. Based on expectations at the end of the reporting period, the Group and Company consider that it is more likely than not that no amount will be payable under the arrangement. However, this estimate is subject to change depending on the probability of the counterparty claiming under the guarantee which is a function of the likelihood that the financial receivables held by the counterparty which are guaranteed suffer credit losses. The contractual maturity is based on the earliest date on which the Group and Company may be required to pay.

	Group
	Average weighted effective interest rate	0-12 months	1-5 years	After 5 years	Total	Carrying value
31/12/2024	%	'000 EUR	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Liabilities to suppliers and other liabilities		33,116	-	-	33,116	33,116
Liabilities per lease (nominal amount)	3.52%	1,303	1,473	-	2,777	2,777
Loans (nominal amount)	4.02%	5,522	-	-	5,522	5,522
Interest on liabilities per lease		93	72	-	165	-
Interest on loans 31/12/2023		40	-	-	40	-
Liabilities to suppliers and other liabilities		28,930	150	-	29,080	29,080
Liabilities per lease (nominal amount)	4.64%	938	947	-	1,884	1,884
Loans (nominal amount)	4.31%	2,073	33	-	2,107	2,107
Interest on liabilities per lease		49	49	-	98	-
Interest on loans		19	-	-	19	-
	Company
	Average weighted effective interest rate	0-12 months	1-5 years	After 5 years	Total	Carrying value
31/12/2024	%	'000 EUR	'000 EUR	'000 EUR	000 EUR	'000 EUR
Liabilities to suppliers and other liabilities		17,263	-	-	17,263	17,263
Liabilities per lease (nominal amount)	3.14%	1,159	1,436	-	2,595	2,595
Loans (nominal amount)	4.02%	5,522	-	-	5,522	5,522
Interest on liabilities per lease		89	71	-	161	-
Interest on loans		40	-	-	40	-
31/12/2023
Liabilities to suppliers and other liabilities		13,971	-	-	13,971	13,971
Liabilities per lease (nominal amount)	4.64%	665	752	-	1,417	1,417
Loans (nominal amount)	4.31%	2,073	33	-	2,107	2,107
Interest on liabilities per lease		49	48	-	97	-
Interest on loans		19	-	-	19	-

37. Financial instruments (continued)

(e) Liquidity risk management (continued)

(e) (ii) Funding instruments

The Group and the Company use a combination of cash inflows from financial assets and available bank liquidity management instruments.

The table below contains an overview of cash inflows from assets:

	Group
	0-12 months	1-5 years	After 5 years	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
31 December 2024
Long-term trade receivables	1	-	-	1
Investments in financial assets	540	83	-	623
Trade and other receivables	29,768	-	-	29,768
31 December 2023
Long-term trade receivables	1	-	-	1
Investments in financial assets	436	213	-	648
Trade and other receivables	31,519	-	-	31,519

	Company
	0-12 months	1-5 years	After 5 years	Total
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
31 December 2024
Long-term trade receivables	-	1	-	1
Investments in financial assets	112	66	-	178
Trade and other receivables	20,693	-	-	20,693
31 December 2023
Long-term trade receivables	-	1	-	1
Investments in financial assets	74	111	-	185
Trade and other receivables	17,802	-	-	17,802

(f) Capital management risk

The Group and Company manage their capital to ensure they will be able to continue as a going concern while maximizing the return to stakeholders through the optimisation of the debt and equity balance.

The capital structure of the Group and Company consists of net debt (borrowings after deducting cash and bank balances) and equity of the Group and Company (comprising issued capital, reserves, retained earnings and noncontrolling interests).

The Group and the Company have contractually defined obligations with certain banks for certain key business indicators, such as the coverage of total net debt and the ratio of capital in the company's liabilities. The Group and the Company did not violate the contractually defined obligations for key indicators in 2023 and 2024.

Gearing ratio:

Capital Management Risk	Group		Company
	31/12/2024	31/12/2023	31/12/2024	31/12/2023
	'000 EUR	'000 EUR	'000 EUR	'000 EUR
Debt	(8,299)	(3,991)	(8,118)	(3,524)
Cash and bank balances	24,368	14,379	8,994	4,832
Net debt	16,069	10,388	876	1,309
Equity	33,853	30,423	29,840	27,082
Net debt-to-equity ratio	-	-	-	-

Debt covers non-current and current borrowings and lease liabilities. Equity includes the total equity and reserves all of which the Group and Company manage as equity

AI Terminal

Span d.d.

2101_10-k_2025-04-30_43357e9a-e5ad-4d81-ab6d-7b0c630c4ec6.pdf

Contents

4 Key indicators for employees and operations of Span Group 111

1.1. Statement by Nikola Dujmović

The world is flat

1.2. About Span

1.2.1. Span in numbers

1.2.2. History and development

2020

2021

2024

1.2.2. History and development

1.2.3. Organizational structure of the Group2

International affiliated companies

1.2.4. Corporate governance

1.2.4.1. Statement on the application of the Corporate Governance Code

1.2.4.3.1. Management Board

1.2.4.2. Corporate Governance Code – Compliance Questionnaire for 2023

1.2.4.3. Corporate Governance Structure

1.2.4.3.2.1. Audit Committee

Nataša Zelenika

Tomislav Skorin

1.2.4.3.2.2. Nomination and Remuneration Committee

Lucia Ana Tomić

Internal audit

Hana Horak

-

1.2.4.3.3. General Assembly

1.3. Overview of operation

The development of software platforms

Microsoft business solutions

1.3.2. Main markets

1.3.3. Industry trends

1.3.4. The levels of cyber security measures in the Cyber Security Regulation of the Government of the Republic of Croatia

1.3.5. DORA – not only financial entities are in focus

1.3.6. AI Act of the European Union

1.3.7. The Group Business Strategy for 2025

2.1. Key events in 2024

2.1.1. Corporate events

2.1.1.1. Establishments, mergers and acquisitions of business shares of companies

AI is no longer only talked about, artificial intelligence is making its grand entrance into the business

2.1.1.1.1. Acquisition of 100% of shares in the affiliated company Bonsai d.o.o.

2.1.1.1.2. Merger of affiliated companies Bonsai d.o.o and Ekobit d.o.o with Span d.d.

2.1.1.1.3. Acquisition of a business share in the affiliated company Trilix d.o.o.

2.1.1.1.4. Establishing the company Span B.V. with the registered office in the Netherlands

2.1.1.2. Reduction of the business share of Span d.d. in the affiliated company Ekobit d.o.o. with purpose of alignment of share capital due to the introduction of the euro

2.1.1.3. Decision on the utilization of profit and payment of dividend

2.1.1.4. General Assembly of Span d.d.

2.1.1.5. Election of the President and Vice President of the Supervisory Board

2.1.1.6. ESOP – allocation of additional shares

2.1.1.7. Appointment of the Management Board of Span d.d.

2.1.1.8. Share Buy-Back Program

2.1.1.9. Acquisitions and disposals of own shares

Acquisitions and disposals of shares over the year:

2.1.1.10. Sustainability report

2.1.2. Business events and achievements

2.1.2.1. Software Asset Management and Licensing

2.1.2.2. Infrastructure Services, Cloud & Cyber Security

2.1.2.3. Software and Business Solution Development

2.1.2.4. Service Center Management and Technical Support

2.1.2.5. International operation

Slovenia

Ukraine

Azerbaijan

Estonia

Georgia

2.1.2.6. Business awards, recognitions and achievements

2.1.2.6.2. Successful re-certification of ISO 14001 and 50001 standards

2.1.2.6.3. Hewlett Packard Enterprise Gold Partner and Aruba Gold Partner Status

2.1.2.6.4. ISO/IEC 42001 AIMS Certificate

2.1.2.6.5. Fourth Employer Partner Status and first Above and Beyond Certificate

2.1.2.6.6. Workplace Inclusion Champion

2.1.2.6.7. Span Cyber Security Arena: all about the newest trends and upcoming risks

2.2. Information for shareholders

2.2.3. Share movements and trading volume

2.2.2. Ownership structure and 10 largest shareholders

Management Board

2.2.4. Share Buy-Back Program