CD Projekt

Board/Management Information • May 16, 2024

REPORT OF THE SUPERVISORY BOARD OF CD PROJEKT S.A.

ZA 2023 ROK

1

Disclaimer

This English language translation has been prepared solely for the convenience of English speaking readers. Despite all the efforts devoted to this translation, certain discrepancies, omissions or approximations may exist. In case of any differences between the Polish and the English versions, the Polish version shall prevail. CD PROJEKT, its representatives and employees decline all responsibility in this regard.

REPORT OF THE SUPERVISORY BOARD OF CD PROJEKT S.A. CONCERNING ASSESSMENT OF THE COMPANY FINANCIAL STATEMENT FOR 2023, MANAGEMENT BOARD RECOMMENDATION CONCERNING ALLOCATION OF NET PROFIT FOR 2023, MANAGEMENT BOARD REPORT ON CD PROJEKT GROUP AND CD PROJEKT S.A. ACTIVITIES IN 2023 AND CONSOLIDATED FINANCIAL STATEMENT OF THE CD PROJEKT GROUP FOR 2023, ALONG WITH THE SUPERVISORY BOARD REPORT ON THE ACTIVITIES OF THE SUPERVISORY BOARD IN 2023, TOGETHER WITH AN ASSESSMENT OF THE WORK OF THE SUPERVISORY BOARD, ASSESSMENT OF THE CONDITION OF THE COMPANY WHICH ACKNOWLEDGES THE ADEQUACY AND EFFECTIVENESS OF ITS INTERNAL CONTROL SYSTEMS, RISK MANAGEMENT, COMPLIANCE WITH THE APPLICABLE NORMS AND PRACTICES, INTERNAL AUDIT, AND DISCHARGE BY THE COMPANY OF ITS DISCLOSURE OBLIGATIONS WITH REGARD TO CORPORATE GOVERNANCE POLICIES

ASSESSMENT OF THE FINANCIAL STATEMENT OF CD PROJEKT S.A.

ASSESSMENT OF THE FINANCIAL STATEMENT OF CD PROJEKT S.A. FOR THE PERIOD BETWEEN 1 JANUARY 2023 AND 31 DECEMBER 2023

In the course of discharging its official duties, the Supervisory Board of CD PROJEKT S.A. with a registered seat in Warsaw ("the Company") adopted Resolution no. 1 of 9 of March 2022, selecting Grant Thornton Polska sp. z o.o. sp. k. with a registered office in Poznań as the audit firm contracted to perform an audit of the financial statement of the Company for the period between 1 January 2023 and 31 December 2023.

The audit concerned the Financial Statement covering the period between 1 January and 31 December 2023, prepared on 28 March 2024.

The Supervisory Board familiarized itself with the audit report prepared by an independent auditor concerning the Financial Statement of the Company for 2023, provided by the audit firm contracted to perform the audit. The Supervisory Board furthermore held a meeting during which a representative of the audit firm presented the audit report, including an assessment of the basis for its statement concerning the Company's ability to carry on with its activities, and replied to inquiries from Members of the Supervisory Board.

With regard to the aforementioned financial statement, on 28 March 2024 the auditor issued an opinion declaring that the financial statement of the Company for the period between 1 January and 31 December 2023, comprising numerical data and supplementary information:

• presents a truthful and clear description of the material and financial standing of the Company as of 31 December 2023, along with its financial results and cash flows for the financial year ending on that date, in line with the International Accounting Standards, International Financial Reporting Standards, interpretations associated therewith as published in the relevant European Commission regulations, as well as the adopted accounting practices,
• is based on properly maintained accounting records,
• is formally and materially consistent with the legal requirements applicable to the Company as well as its Articles.

The abovementioned opinion is consistent with the supplementary report provided to the Audit Committee on 28 March 2024.

The abovementioned outcome of the audit formed the basis for the Supervisory Board assessment of the Financial Statement of the Company for 2023.

Having reviewed the audit report submitted thereto, the Supervisory Board declares that the Financial Statement of the Company for 2023 is materially consistent with existing accounts and documents, as well as factually correct. Consequently, the Supervisory Board recommends that the General Meeting approve the said financial statement.

ASSESSMENT OF THE MANAGEMENT BOARD RECOMMENDATION CONCERNING ALLOCATION OF NET PROFIT

ASSESSMENT OF THE RECOMMENDATION OF THE MANAGEMENT BOARD OF CD PROJEKT S.A. CONCERNING ALLOCATION OF NET PROFIT FOR 2023

Having performed an assessment of the Financial Statement of the Company for 2023 and the Management Board's recommendation concerning allocation of net profit expressed in CD PROJEKT S.A. Management Board resolution no. 7/2024 of 28 March 2024 on the adoption and on submission of a recommendation to the Supervisory Board and the General Meeting of a motion regarding the allocation of the net profit, the Supervisory Board hereby endorses the Management Board recommendation and recommends to the General Meeting that the net profit for 2023, in the amount of 474 705 302.51 PLN discounted by 30 617 741.79 PLN, which represents:

• a. 1 937 508.98 PLN in negative retained earnings from preceding years, arising as a result of rectification of errors (related to provisions for employee leave in preceding years), and
• b. 28 680 232.81 PLN in negative net earnings of entities taken over by the Company, posted in preceding years (SPOKKO sp. z o.o. and CD PROJEKT RED STORE sp. z o.o.).

for a total of 444 087 560.72 PLN be allocated as follows:

• 99 910 510.00 PLN is to be divided among shareholders in the form of a dividend at 1.00 PLN per share;
• the remaining portion of the net earnings, i.e. 344 177 050.72 PLN is to be reassigned to the Company's reserve capital.

The Supervisory Board furthermore endorses the Management Board recommendation concerning the following:

• dividend record date: 21 June 2024,
• dividend payment date: 27 June 2024.

● ASSESSMENT OF THE CONSOLIDATED FINANCIAL STATEMENT AND THE MANAGEMENT BOARD REPORT

ASSESSMENT OF THE CONSOLIDATED FINANCIAL STATEMENT OF THE CD PROJEKT GROUP AND THE MANAGEMENT BOARD REPORT ON CD PROJEKT GROUP AND CD PROJEKT S.A. ACTIVITIES FOR THE PERIOD BETWEEN 1 JANUARY AND 31 DECEMBER 2023

In the course of discharging its official duties, the Supervisory Board adopted Resolution no. 1 of 9 March 2022, selecting Grant Thornton Polska sp. z o.o. sp. k. with a registered office in Poznań as the audit firm contracted to perform an audit of the Consolidated Financial Statement of the CD PROJEKT Group as well as the Management Board report on the activities of the CD PROJEKT Group and CD PROJEKT S.A. for the period between 1 January 2023 and 31 December 2023.

The audit concerned the consolidated financial statement covering the period between 1 January and 31 December 2023, prepared on 28 March 2024.

The Management Board submitted to the Supervisory Board an audit report prepared by an independent auditor concerning the consolidated financial statement for 2023, provided by the audit firm contracted to perform the audit. The Supervisory Board furthermore held a meeting during which a representative of the audit firm presented the audit report, including an assessment of the basis for its statement concerning the Company's ability to carry on with its activities, and replied to inquiries from Members of the Supervisory Board.

With regard to the aforementioned financial statement, on 28 March 2024 the auditor issued an opinion declaring that the consolidated financial statement of the CD PROJEKT Group, which comprises numerical data and supplementary information:

• presents a truthful and clear description of the material and financial standing of the CD PROJEKT Group as of 31 December 2023, along with its financial results and cash flows for the financial year ending on that date, in line with the International Accounting Standards, International Financial Reporting Standards, interpretations associated therewith as published in the relevant European Commission regulations, as well as the adopted accounting practices,
• is formally and materially consistent with the legal requirements applicable to the CD PROJEKT Group as well as the Articles of Association of CD PROJEKT S.A..

The abovementioned opinion is consistent with the supplementary report provided to the Audit Committee on 28 March 2024.

The abovementioned outcome of the audit formed the basis for the Supervisory Board assessment of the Consolidated Financial Statement of the CD PROJEKT Group for 2023.

Having reviewed the audit report submitted thereto, the Supervisory Board declares that the Consolidated Financial Statement of the CD PROJEKT Group for 2023 is materially consistent with existing accounts and documents, as well as factually correct. Consequently, the Supervisory Board recommends that the General Meeting approve the said financial statement.

Similarly, with regard to its assessment of the Management Board report on CD PROJEKT Group and CD PROJEKT S.A. activities between 1 January and 31 December 2023 (including the CD PROJEKT Group Sustainability Report for 2023), the Supervisory Board has availed itself of the documentation provided by the abovementioned audit firm, along with an independent limited assurance attestation report concerning selected indicators from the aforementioned sustainability report, submitted by Deloitte Assurance Polska sp. z o.o. sp. k. (formerly Deloitte Assurance sp. z o.o.) with regard to the CD PROJEKT Group Sustainability Report for 2023.

The Supervisory Board concurs with the auditor's opinion, issued on 28 March 2024, that the Management Board Report on CD PROJEKT Group activities for the period between 1 January and 31 December 2023 (including the CD PROJEKT Group Sustainability Report for 2023) is consistent with the applicable legal regulations as well as with information contained in the consolidated financial statement attached thereto. This is supplemented by a statement to the effect that, given the knowledge concerning the CD PROJEKT Group and its environment gained in the course of auditing the financial statement thereof, no significant discrepancies have been identified in the report on the Group's activities. Consequently, the Supervisory Board recommends that the General Meeting approve the Management Board report on CD PROJEKT Group activities for the period between 1 January and 31 December 2023, as well as the CD PROJEKT Group Sustainability Report for 2023.

REPORT ON SUPERVISORY BOARD ACTIVITIES IN 2023

SUPERVISORY BOARD REPORT ON THE ACTIVITIES OF THE SUPERVISORY BOARD IN 2023, TOGETHER WITH AN ASSESSMENT OF THE WORK OF THE SUPERVISORY BOARD AND ASSESSMENT OF THE CONDITION OF THE COMPANY WHICH ACKNOWLEDGES THE ADEQUACY AND EFFECTIVENESS OF ITS INTERNAL CONTROL SYSTEMS, RISK MANAGEMENT, COMPLIANCE WITH THE APPLICABLE NORMS AND PRACTICES, INTERNAL AUDIT, AND DISCHARGE BY THE COMPANY OF ITS DISCLOSURE OBLIGATIONS WITH REGARD TO CORPORATE GOVERNANCE POLICIES

I. INTRODUCTION

In the course of discharging its obligations stemming from the Code of Commercial Companies ("CCC"), Best Practices for WSE Listed Companies, 2021 edition, as annexed to Resolution no. 13/1834/2021 of the Supervisory Board of the Warsaw Stock Exchange of 29 March 2021, ("BP2021"), the Company Articles and the Company Supervisory Board Regulations, the Supervisory Board of the Company hereby submits to the Ordinary General Meeting the Supervisory Board Report for the period between 1 January and 31 December 2023 (principle 2.11 of BP2021), including:

• information regarding the composition of the Supervisory Board and its committees, including the independence of members of the Supervisory Board, along with information regarding the composition of the Supervisory Board in the context of diversity (principle 2.11.1 of BP2021),
• summary of the activities of the Supervisory Board and its committees (principle 2.11.2 of BP2021),
• consolidated assessment of the condition of the Company, along with its internal control, risk management, compliance and internal audit systems (principle 2.11.3 of BP2021; Art. 382 §3¹ of CCC),
• assessment of the discharge, by the Management Board, of duties specified in Art. 380¹ of CCC; assessment of the means by which the Management Board prepares or submits to the Supervisory Board information, documentation, reports and clarification sought in accordance with Art. 382 § 4 of CCC; information on the total remuneration payable by the Company in association with audits commissioned by the Supervisory Board during the given financial year, as specified in Art. 382¹ of the CCC (Art. 382 § 3¹ of CCC),
• assessment of expenditures incurred by the Company and its Group in the context of supporting culture, sports, charities, media, NGOs and trade unions (principle 2.11.5 of BP2021),
• assessment of the observance, by the Company, of corporate governance policies and discharge of disclosure obligations related thereto, as specified in the Stock Exchange Regulations and regulations concerning current and periodic disclosures required from issuers of securities (principle 2.11.4 of BP2021).

II. COMPOSITION OF THE SUPERVISORY BOARD IN 2023

In the 2023 financial year (i.e. between 1 January 2023 and 31 December 2023) the following persons held membership of the Supervisory Board:

• 1. Marcin Iwiński Chairperson of the Supervisory Board,
• 2. Katarzyna Szwarc Deputy Chairperson of the Supervisory Board lacking actual and significant ties to any shareholder controlling at least 5% of the total number of votes in the Company,
• 3. Maciej Nielubowicz Secretary of the Supervisory Board,
• 4. Jan Łukasz Wejchert Member of the Supervisory Board lacking actual and significant ties to any shareholder controlling at least 5% of the total number of votes in the Company, meeting independence criteria expressed in the act of 11 May 2017 on licensed auditors, audit firms and public supervision (JL 2023, item 1015, as amended) ("Act on Licensed Auditors"),
• 5. Michał Bień Member of the Supervisory Board lacking actual and significant ties to any shareholder controlling at least 5% of the total number of votes in the Company, meeting independence criteria expressed in the Act on Licensed Auditors.

During 2023 the composition of the Supervisory Board included one woman.

III. SCOPE OF ACTIVITIES OF THE SUPERVISORY BOARD DURING THE REPORTING PERIOD, INCLUDING DISCHARGE OF DUTIES OF THE AUDIT COMMITTEE

In the course of discharging its legal and statutory obligations in 2023 the Supervisory Board conducted active oversight of all matters related to Company activities.

In particular, the Supervisory Board performed analyses of the Management Board's plans concerning the strategy of the Company and the CD PROJEKT Group, and provided ongoing assessment of the Company's operating and financial status.

In 2023 the Supervisory Board of CD PROJEKT S.A. properly discharged all duties incumbent upon the supervisory board of a public company under the relevant legislation, the Company Articles of Association and the Supervisory Board Regulations.

The Supervisory Board held five meetings in 2023. Additionally, the Supervisory Board conducted its affairs by adopting resolutions outside of meetings.

In line with its prerogatives, in 2023 the Supervisory Board furthermore observed a significant portion of the Best Practices for WSE Listed Companies insofar as such practices apply to supervisory board of public companies.

Pursuant to the Act on Licensed Auditors, an Audit Committee operated within the framework of the Supervisory Board between 1 January and 31 December 2023, with the following composition:

1. Michał Bień – Chairperson of the Audit Committee

• a) meeting independence criteria specified in Art. 129 section 3 of the Act on Licensed Auditors,
• b) meeting the criteria specified in Art. 129 section 5 of the Act on Licensed Auditors, i.e. possessing knowledge and expertise in the Company's primary area of activity, gained during his tenure as Member of the Supervisory Board of the Company.

2. Maciej Nielubowicz – Member of the Audit Committee

• a) meeting the criteria specified in Art. 129 section 1 of the Act on Licensed Auditors, i.e. possessing knowledge and expertise in the area of accounting or auditing financial statements, gained in the course of his higher education and employment at other entities,
• b) meeting the criteria specified in Art. 129 section 5 of the Act on Licensed Auditors, i.e. possessing knowledge and expertise in the Company's primary area of activity, gained during his tenure as Member of the Supervisory Board of the Company.

3. Jan Łukasz Wejchert – Member of the Audit Committee

• a) meeting independence criteria specified in Art. 129 section 3 of the Act on Licensed Auditors,
• b) meeting the criteria specified in Art. 129 section 1 of the Act on Licensed Auditors, i.e. possessing knowledge and expertise in the area of accounting or auditing financial statements, gained in the course of his higher education and employment at other entities,
• c) meeting the criteria specified in Art. 129 section 5 of the Act on Licensed Auditors, i.e. possessing knowledge and expertise in the Company's primary area of activity, gained during his tenure as Member of the Supervisory Board of the Company.

The Audit Committee held five meetings during the reporting period. Additionally, the Audit Committee performed its work outside of meetings.

In the course of discharging its duties, the Audit Committee, among others, monitored the financial reporting and financial audit activities, i.a. by analyzing the Company's periodic financial statements prior to their publication and organizing periodic meetings with auditors.

In the Supervisory Board's opinion, the current composition of the Supervisory Board enables fulfillment of all tasks incumbent upon the control organ of a public company.

In 2023 the supervisory activities of the Supervisory Board of CD PROJEKT S.A. were exercised on an ongoing basis and with due diligence. The Supervisory Board carefully monitored all significant matters related to the Company's activities. As requested by the Supervisory Board, the Management Board provided up-to-date reports regarding the legal condition of the Company and activities undertaken in all of the Company's activity areas.

In discharging its supervisory duties, the Supervisory Board relied on written documentation submitted by the Management Board as well as current information and explanations provided by Board Members during Supervisory Board meetings. As a rule, Supervisory Board meetings were attended by the Management Board except in matters related to assessment of the Management Board's performance and other personal matters involving members of the Management Board.

The Supervisory Board also discharged its duties using remote communication tools, enabling better control and dayto-day supervision of the Company's matters.

IV. SUMMARY ASSESSMENT OF THE COMPANY'S CONDITION, INCLUDING ITS INTERNAL CONTROL SYSTEM, RISK MANAGEMENT, COMPLIANCE AND INTERNAL AUDIT MECHANISMS

Based on analysis of the financial statement of the Company for the year 2023, the consolidated financial statement of the CD PROJEKT Group for 2023, and the Management Board report on internal control, risk management, compliance and internal audit systems at CD PROJEKT S.A. in 2023, along with the CD PROJEKT Group Sustainability Report for 2023, in addition to information received directly from the Management Board, the Supervisory Board concludes that the Company's condition is stable.

In assessing the condition of the Company in 2022, the Supervisory Board analyzed key risks faced by the Company and did not identify any circumstances which would jeopardize continuation of the Company's activities.

In line with the foregoing, the Supervisory Board hereby expresses a positive assessment of the company's condition, including the adequacy and effectiveness of its internal control systems, risk management, compliance with applicable norms and regulations, and internal audit mechanisms.

In assessing the condition of the Company in 2023, the Supervisory Board analyzed key risks faced by the Company and did not identify any circumstances which would jeopardize continuation of the Company's activities.

Internal control and risk management systems at the Company are fully controlled by the Management Board, which, in the course of publishing its periodic reports, conducts periodic assessment of risk factors relevant to the Company during each financial year.

1. INTERNAL CONTROL SYSTEM

1.1. Internal procedures

A comprehensive control system is in place at the Company, particularly with regard to preparation of financial statements and consolidated financial statements, with the aim to ensure that the Company meets its stated goals related to operational effectiveness and efficiency, reliability of financial statement, and legal compliance.

The Management Board takes part in daily business activities at the Company and remains in contact with persons charged with managing the Company's subsidiaries. Control activities are rooted in internal regulations (including policies, procedures and manuals) which specify the duties and responsibilities of each member of the team, thereby mitigating the risk of errors in each activity area of the Company.

Security, accessibility, confidentiality and integrity of information processed by the Company's IT system is the responsibility of the IT & Security Department, and particularly of the Cybersecurity Team which is a subunit thereof. The applicable standards are set forth in the CD PROJEKT Group Information Security Policy and related by-laws.

A structural division of responsibilities is in place at the Company, ensuring hierarchical assignment of duties, minimizing the risk of significant business decisions being undertaken by a single individual. Recruitment procedures are structured in such a way as to ensure selection of optimal candidates for each open position. The Company employs competent individuals and provides them with career development opportunities and incentives to remain part of the organization.

Secure processing of personal data in the Company's IT systems is the responsibility of the Privacy & Compliance Team, which is a subunit of the Legal Department, along with an external Data Protection Officer. In this scope, the Company observes a range of internal regulations related to privacy protection, particularly as expressed in the CD PROJEKT Group Personal Data Protection Policy, the CD PROJEKT S.A. Privacy Policy and the CD PROJEKT S.A. Data Protection Officer Regulations.

Internal control duties significantly involve Finance, Accounting and HR Departments, the latter of which develops human talent management strategies and implements initiatives aimed at achieving a desirable level of retention. Information concerning new regulations and processes is disseminated internally with help from the Internal Communication Department, which works to ensure that such information remains accessible and understandable for all team members.

An internal document acceptance system is in place at the Company, assisting in the performance of business tasks.

1.2. Financial and accounting control

Regarding financials, the internal control system mandates monthly assessment of results against the background of earlier projections within each activity segment of the CD PROJEKT Group.

As part of its reporting and review scheme, the Management Board of the Company performs monthly analyses of results and how they compare to earlier estimates. These analyses are conducted in collaboration with managers of each segment. The meetings also provide an opportunity to discuss important developments affecting each segment and the likelihood of meeting projections in future months.

Approval of expenditures incurred by the Company is based on formalized approval procedures, and utilizes an electronic document flow and authorization system. The approval process also involves the Legal Department and – in selected cases – the Tax Department and the Procurement Department. Financial control is carried out by representatives of the Finance Department (including the Financial Control Team). All payments remitted by the Company are based on properly filed accounting documents. Maintenance of the Company's accounts, along with verification and filing of accounting documents, is the responsibility of the Accounting Department. A document may only be filed if:

• it meets all the applicable accuracy and justifiability criteria,
• it has been approved by the person appointed for this purpose in the Company's internal electronic document flow system.

On a day-to-day basis, payments are handled by the Treasury Department, which is a subunit of the Finance Department, in collaboration with the Accounting Department. Employee remuneration is handled by the Employment & Payroll Department in collaboration with the Compensation & Benefits Department. Any deviations from this rule must be authorized by a Member of the Management Board.

1.3. Financial and non-financial reporting

Supervising the preparation of financial statements is the responsibility of the CFO and the Chief Accountant.

Financial statements of the Company and consolidated financial statements of the CD PROJEKT Group are prepared in accordance with International Financial Reporting Standards (IFRS), the Accounting Act of 29 September 1994 (JL 2023, item 120, as amended; "Accounting Act") and the CD PROJEKT S.A. Accounting Policy.

To ensure alignment between the CD PROJEKT S.A. Accounting Policy and other applicable regulations – IFRS in particular – the Policy is subject to periodic updates, the responsibility for which rests with the Management Board of the Company.

Throughout 2023 the Company's accounts were managed by its internal Accounting Department. In addition, the Department provided paid accounting services to one of the CD PROJEKT Group's subsidiaries – SPOKKO sp. z o.o., with a registered seat in Warsaw – up until that company's merger with the Company, which took place on 31 August 2023.

The separate financial statement of the Company and the consolidated financial statement of the CD PROJEKT Group are subject to reviews and audits performed by an independent licensed auditor, in line with the applicable regulations, including the Act on Licensed Auditors and the Company's internal Policy for selecting and rotating the audit firm authorized to perform audits of financial statements and provide permissible services other than audits at the CD PROJEKT Group.

Preparation of the Management Board Report and the Sustainability Report is the responsibility of the Investor Relations Department, under the supervision of the CFO. The process of preparing sustainability reports entails, among others:

▪ a survey of sustainability issues which are regarded as material for the CD PROJEKT Group,

• acceptance of individual disclosures by the ESG Management Group, in accordance with its competences,
• external limited-assurance attestation (in 2023 this attestation was provided by an entity unrelated to the Company's auditor).

In addition, a stock-taking instruction is in force at the Company, specifying the means of preparing, conducting, evaluating and settling assets and liabilities, along with any off-balance sheet conditional liabilities and sureties. This instruction is consistent with the provisions of the Accounting Act.

2. RISK MANAGEMENT

A formalized Risk Management Procedure is in force at the Company, along with strategic risk management procedures based thereupon. The risk management process at the Company permits assessment of each risk, determining ways to handle risk factors, and monitoring existing risks.

The goal of the aforementioned procedure is to retain an acceptable level of risk for each identified threat, and thereby mitigate the consequences of potential events which may negatively impact the activities and financial stability of the Company.

In the Management Board Report on the activities of the CD PROJEKT Group in 2023 the Company identified and described risk factors relevant to business, legal, team-related, financial and environmental areas.

The risk management process involves:

• Risk Owners, i.e. holders of directorial positions who possess the required competences to manage risks in their assigned areas of responsibility,
• Risk Custodians, i.e. persons appointed by Risk Owners to monitor specific risks on an ongoing basis.

Risk Owners determine the materiality of their assigned risks by plotting their impact and likelihood of occurrence on a Risk Value Matrix. Further handling of each risk may involve its acceptance, reduction, transfer or avoidance.

In 2023 the Company updated its Risk Management Policy, among others by rolling out a new risk monitoring system based on the concept of Key Risk Indicators (KRI). KRIs are used to quantify the status of each threat or opportunity in relation to the given risk. By setting specific thresholds for reacting to threats (or opportunities) the Company can initiate timely remedial actions.

3. COMPLIANCE – ensuring compliance with applicable norms and practices

Management of compliance with the applicable norms and practices is based on legal regulations, market standards, BP2021, and recommended compliance standards in the area of counteracting corruption and whistleblower protection for companies traded on the regulated markets of the Warsaw Stock Exchange.

In this scope, activities undertaken by the Company aim to foster a culture of compliance and minimize the risk of noncompliance. Compliance management is based on the Deming cycle (Plan, Do, Check, Act), which permits monitoring and progressive optimization.

In 2023 the Company updated its Compliance Policy, among others by appointing a Chief Compliance Officer (CCO). The CCO, assisted by the Privacy & Compliance Team (which is a subunit of the Legal Department) monitors regulatory and compliance-related risks, along with the Company's emerging needs in this regard. An important role in this process is entrusted to compliance teams operating within the framework of individual departments, such as the Tax Department, the Eco Team (for environmental and climate-related issues), and the IT & Security Department.

The compliance management process also entails participation of departments and teams charged with monitoring and deploying compliance-related solutions, whether mandated by the law or based on voluntarily accepted standards.

In 2023 the Company also updated its Rules of the Game: Business and Ethics Standards at the CD PROJEKT Group, and clarified the CD PROJEKT Group's approach to human rights protection, including matters of diversity and inclusion, health and personal well-being, workplace comfort and open internal communications.

The Anti-Corruption Policy in force at the CD PROJEKT Group aims to establish ground rules for recognizing, counteracting and mitigating the risk of corruption and related irregularities in the daily operations of Group member companies. These policies apply to the Group's business dealings as well as to its interaction with public authorities. The CD PROJEKT Group embraces a "zero tolerance" approach towards all symptoms of corruption. The Anti-Corruption Policy contains regulations applicable to giving and receiving gifts, third-party relations (in business and administrative matters) as well as precautions which should be taken in circumstances where a conflict of interest may arise – including seeking additional employment, becoming involved in the activities of entities which compete or collaborate with CD PROJEKT, and making personnel-related decisions.

The aforementioned standards express the Company's and its team members' pledge to abide by ethics norms, legal acts and values which guide the CD PROJEKT Group in its daily work.

Changes in the Company's regulatory environment are monitored on an ongoing basis by the Privacy & Compliance team, which analyzes draft laws and newly introduced regulations, announcements and guidelines issued by public authorities, and reports commissioned from external law firms.

The Company introduces internal regulations, including policies and procedures, as required given the scale of its activities and its specific organizational structure. Internal regulations are posted in an intranet repository available to all team members, and are subject to periodic reviews and updates. Developing internal regulations is the responsibility of the department to which the given regulation pertains. The Privacy & Compliance team issues opinions and assists in the development of new regulations to ensure that they remain consistent with the applicable laws and with other regulations in force at the Company.

NEW REGULATIONS	UPDATED REGULATIONS
Speak Up! Policy for preventing irregularities at CD ▪ PROJEKT S.A.	Compliance Policy at CD PROJEKT Group ▪
FAIR PLAY – Code of conduct for suppliers of CD ▪ PROJEKT SA	Procedure for reporting irregularities at CD ▪ PROJEKT S.A.
EMAS Eco-Management System ▪	Procedure for reporting improper behaviors in ▪ relations with employees at CD PROJEKT S.A.
CD PROJEKT RED Diversity & Inclusion Strategy ▪	Procedure for preventing non-observance of ▪ Mandatory Disclosure Rules (MDR) at CD PROJEKT S.A.
Emergency Management Procedures ▪ at CD PROJEKT S.A.	CD PROJEKT S.A. Risk Management Policy ▪

The following internal regulations were introduced or updated in 2023:

Several internal regulations at the Company concern whistleblowing. One of them is the Procedure for reporting irregularities at CD PROJEKT S.A., which governs reports of infringement, or suspected future infringement, of laws, ethical norms or internal regulations.

In 2023 seven reports were filed under this procedure, concerning suspected breaches of information security, suspected irregularities in the procurement process and suspected irregularities in the Company's organizational structure. In all cases, following investigation, no actual infringement of procedures was declared; however, preventative measures were introduced nonetheless.

In the scope of its whistleblowing procedures the Company monitors the potential for irregularities and improper conduct. When such irregularities arise, action is undertaken to mitigate their potential consequences.

4. INTERNAL AUDIT

Internal audit has not been entrusted to a dedicated organizational unit at the Company; however, the Company aims to ensure that internal audit tasks are handled by its existing units, as appropriate.

5. SUMMARY

The Supervisory Board regards the above described internal control and key risk management procedures as consistent. The Supervisory Board furthermore believes that throughout 2023 the Company's internal control system and key risk management system operated in a satisfactory manner, significantly mitigating key risk factors faced by the Company in the course of its business activities.

V. ASSESSMENT OF THE DISCHARGE, BY THE MANAGEMENT BOARD, OF DUTIES SPECIFIED IN ART. 380¹ OF CCC; ASSESSMENT OF THE MEANS BY WHICH THE MANAGEMENT BOARD PREPARES OR SUBMITS TO THE SUPERVISORY BOARD INFORMATION, DOCUMENTATION, REPORTS AND CLARIFICATION SOUGHT IN ACCORDANCE WITH ART. 382 § 4 OF CCC; DISCLOSURE OF TOTAL REMUNERATION PAYABLE BY THE COMPANY IN ASSOCIATION WITH AUDITS COMMISSIONED BY THE SUPERVISORY BOARD DURING THE GIVEN FINANCIAL YEAR, AS SPECIFIED IN ART. 382¹ OF CCC.

According to § 14 section 2 of the Company Articles, the Management Board is obligated to notify the Supervisory Board of the Company of the Company's condition, including with regard to its assets, along with any notable developments related to the Company's affairs, transactions or other events or circumstances which have, or may have, a significant impact on the Company's material status, including its profitability or liquidity, as well as of changes in information previously provided to the Supervisory Board, if such changes have, or may have, a significant impact on the Company's condition.

With regard to subsidiaries, the aforementioned obligation of the Management Board is limited to information in possession thereof, which may be regarded as significant in the context of the Company's material status. Such notifications may be provided in any form listed in the Management Board Regulations and Supervisory Board Regulations as an appropriate means of communication between the Management Board and the Supervisory Board, including in electronic form, as well as orally, during Supervisory Board meetings. The disclosure obligations specified in Art. 380¹ § 1 and 2 of the Commercial Companies Code are excluded from the scope of § 14 section 2 of the Company Articles.

Throughout 2023 the Management Board provided the Supervisory Board with ongoing disclosures specified in § 14 section 2 of the Company Articles, as well as with all requested information, documentation, reports and clarifications related to the Company and particularly to its activities or assets, including in the context of subsidiaries and affiliates.

The Supervisory Board did not commission any audits under Art. 382¹ of CCC.

VI. ASSESSMENT OF EXPENDITURES INCURRED BY THE COMPANY AND ITS GROUP IN THE CONTEXT OF SUPPORTING CULTURE, SPORTS, CHARITIES, MEDIA, NGOS AND TRADE UNIONS

The Company does not have a separate policy regulating sponsorships and charitable activities.

CD PROJEKT S.A. works to have a positive effect on its social environment, integrate employees around a shared set of values and assist others with the resources and skills at its disposal. The Company engages in social projects, national charity drives and global activities which aim to assist the needy – this is done through material donations, financial support or knowledge sharing. The Company also implements projects addressed at the youth, helping participants gain skills and experience in the gaming industry.

In 2023 a total of 464 948 PLN was donated to charity by the Company and its Group (including 464 000 PLN in donations by the Company and 948 PLN in donations by GOG sp. z o.o.) Beneficiaries included Fundacja Edukacyjna "Perspektywy" and Fundacja Rozwój-Integracja-Sport.

The Supervisory Board of the Company regards the Company's actions in this regard as commensurate with its resources and justifiable given the Company's social involvement.

VII. ASSESSMENT OF THE OBSERVANCE, BY THE COMPANY, OF CORPORATE GOVERNANCE POLICIES AND DISCHARGE OF DISCLOSURE OBLIGATIONS RELATED THERETO, AS SPECIFIED IN THE STOCK EXCHANGE REGULATIONS AND REGULATIONS CONCERNING CURRENT AND PERIODIC DISCLOSURES REQUIRED FROM ISSUERS OF SECURITIES

Throughout 2023 the Company carried out its activities in compliance with regulations applicable to public companies, including its declared Corporate Governance Principles. In the Supervisory Board's opinion in 2023 the Company discharged its disclosure obligations related to corporate governance policies in an appropriate manner.