Skip to main content

AI assistant

Sign in to chat with this filing

The assistant answers questions, extracts KPIs, and summarises risk factors directly from the filing text.

Sign up Log in

Span d.d. Annual Report 2024

Apr 30, 2025

Preview isn't available for this file type.

Download source file

Annual Report 2024

2 Contents

1 Introduction 5
1.1. Statement by Nikola Dujmović 6
1.2. About Span 8
1.3. Overview of operation 40
2 Key features of the period 55
2.1. Key events in 2024 56
2.2. Information for shareholders 78
2.3. Financial indicators for 2024 84
2.4. Risks 95
3 People and community 103
3.1. Human resource excellence 104
3.2. Development of leadership positions in Span 104
3.3. Successful integrations and promotion of organizational values 104
3.4. Successful cooperation and enhancing the relationship with the academic and IT community 105
3.5. Span for the education of tomorrow 106
3.6. Taking care of employees’ health and well-being 107
3.7. Span volunteers: the power of knowledge and community 108
3.8. Global partnerships for local development 109
4 Key indicators for employees and operations of Span Group 111
5 Processes and technology 117
5.1. ISO standards 118
5.2. Partnerships 120
5.3. Code of Business Conduct 121
6 Sustainability Report 123
6.1. General information (ESRS 2) 124
6.2. Environmental information (E1) 146
6.3. Social information (S1, S3, S4) 161
6.4. Governance information (G1) 192
7. Statements 207
Responsibility Statement of the Management Board on the Sustainability Report 208
Inependent Limited Assurance Report 209
Statements on responsibility for compiling the report for the observed period 214
8 Audited Financial Reports of Span Group and Span d.d. 217

Introduction

1.1. Statement by Nikola Dujmović President of the Management Board

The world is flat

Twenty years ago, a famous journalist Thomas Friedman predicted that this century will be marked by breaking down the historical and geographical barriers in his book “The World is Flat: A Brief History of the 21st Century”. Breaking down the barriers enables individuals, companies and countries to be globally competitive regardless of the disabilities they had in the past. Friedman warns companies who are reluctant that the power of change will win for sure, and all those reluctant will be left behind. Metaphorically, the world was becoming more and more flat, and digital technologies significantly contributed to this phenomenon. Language and geographical barriers were disappearing with the acceptance of cloud technologies and AI translators, and the influence was felt in almost all areas of human activities. Although the breaking down of barriers has slowed down, global instability threatens with the return of barriers. We believe that the power of specific changes remains unstoppable, and that the digital technologies and digital industry will continue to grow. This is proved by the results we achieved in 2024, which saw an increase of profitability and all key business indicators.

iso4217:EUR
2024-01-01 2024-12-31 2023-01-01 2023-12-31 ifrs-full:SeparateMember
2024-01-01 2024-12-31 2023-01-01 2023-12-31 ifrs-full:SeparateMember
2022-12-31
ifrs-full:IssuedCapitalMember
ifrs-full:CapitalReserveMember
ifrs-full:OtherReservesMember
ifrs-full:CapitalRedemptionReserveMember
ifrs-full:TreasurySharesMember
ifrs-full:RevaluationSurplusMember
ifrs-full:ReserveOfExchangeDifferencesOnTranslationMember
ifrs-full:RetainedEarningsMember
ifrs-full:EquityAttributableToOwnersOfParentMember
ifrs-full:NoncontrollingInterestsMember
2022-12-31
ifrs-full:IssuedCapitalMember
ifrs-full:CapitalReserveMember
ifrs-full:OtherReservesMember
ifrs-full:CapitalRedemptionReserveMember
ifrs-full:TreasurySharesMember
ifrs-full:RevaluationSurplusMember
ifrs-full:ReserveOfExchangeDifferencesOnTranslationMember
ifrs-full:RetainedEarningsMember
ifrs-full:EquityAttributableToOwnersOfParentMember
ifrs-full:NoncontrollingInterestsMember
2023-01-01 2023-12-31 2022-12-31 2022-12-31
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
ifrs-full:SeparateMember
2023-01-01 2023-12-31 2022-12-31 2022-12-31
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
2024-01-01 2024-12-31 2023-01-01 2023-12-31
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
2024-12-31 2024-12-31 2023-12-31 2023-12-31
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember
ifrs-full:IssuedCapitalMember ifrs-full:SeparateMember
ifrs-full:CapitalReserveMember ifrs-full:SeparateMember
ifrs-full:OtherReservesMember ifrs-full:SeparateMember
ifrs-full:CapitalRedemptionReserveMember ifrs-full:SeparateMember
ifrs-full:TreasurySharesMember ifrs-full:SeparateMember
ifrs-full:RevaluationSurplusMember ifrs-full:SeparateMember
ifrs-full:RetainedEarningsMember ifrs-full:SeparateMember # 1.2. About Span

This year, our goal was also to increase consistency and recognisability of the Span brand in the local and international market. That’s why we launched a project of change to our visual identity. It was important to us that the new visual identity clearly communicates Span’s key values – expertise and innovation, solicitude, honesty and transparency – in a more modern, refreshed way. This report was drawn up according to new standards, and I hope you will like it. New standards are introduced in the reporting process, as well, so this year we present the first annual report in accordance with the European Sustainability Reporting Standards (ESRS). The entire process of drawing up the non-financial part of the report helped us better understand our business processes and detect key areas for improvement. In 2025, our goal is not only to be in compliance with the regulations, but focus on the elaboration of an overall Sustainability Strategy in accordance with the newly identified material impacts, risks and opportunities.

We were established on 23 March 1993, as a limited liability company. Under the decision of the company’s Assembly, we became a joint stock company on 24 December 2019. As professional IT service providers, we design, implement and maintain high-availability systems with the aim of increasing the security, productivity and success of our users. Our main activities include the provision of services of software asset management and licensing, infrastructure services of design and maintenance of information systems, work in Cloud and cyber security, management of information technology and technical support service centers, as well as the development of software and business solutions. During the 30 years of operation, we have developed from an IT system integrator in Croatia, to a group that today operates on the international market. We are focused on our long-term relationships with customers and we cooperate with leading global and regional corporations. As a leading expert in Microsoft technologies and leading regional Microsoft partner, we are continuously working on improving the knowledge of our employees with the aim of providing higher quality solutions to our customers.

For six solution areas Status for EU/EFTA/Ukraine/Azerbaijan + BS and CIS
Certified Microsoft Cloud Services Provider
Google Cloud Partner
Dynatrace Master Partner
Certified Gold Partner
Select Consulting Partner
Infrastructure Services, Cloud & Cyber Security
Software and Business Solution Development
Software Asset Management and Licensing
Service Center Management and Technical Support

In the past years, we have recorded a continuing growth of revenues with 74% of our revenues being generated in the international market. As an IT service provider, we successfully monitor and respond to trends in the digital transformation of the operation, and with our work and company values, we try to be an example of the responsible and sustainable operation in Croatia. Today Span has more than 850 developers, IT solutions architects, consultants, IT support specialists, business analysts and researchers. We develop solutions for the fast evolving digital world, from consultation and implementation with regards to Cloud operation, to cyber security and support services.

  • 1993 Company established
  • 386 Successfully completed projects in 2024
  • 24/7 Availability of Span support
  • 238,000+ Resolved tickets in 2024
  • 99.95 % Incidents resolved in terms of SLA*
  • 35 Average age of employees
  • 74.06% Of employees with university or college degree
  • 495 Employees with professional certification
  • 65,400+ Proactively monitored devices

1.2.1. Span in numbers

* Service Level Agreement

Span Group 2023 Percentage Span Group 2024 Percentage
Croatia 34% Croatia 26%
Slovenia 15% Slovenia 15%
USA 11% Ukraine 15%
UK 9% Estonia 11%
Estonia 8% USA 10%
Other 23% Other 23%

1.2.2. History and development

We started our journey in 1993 as a license provider and system integrator. Focused on Microsoft technologies, we became the first certified provider of Microsoft solutions in 1996, only to become a Microsoft Certified Solution Provider Partner in 1999. A year later, a Hungarian system integrator, Synergon, joined our ownership structure. The 1996 to 2001 period saw a significant transformation in the operation. Having obtained the status of the first Microsoft Gold Partner in Croatia and the leading Microsoft Partner in the Croatian market in 2001, we started providing technical support to customers. At that time, we started offering consultancy services and designing business solutions for our customers. In the years that followed, we expanded to international markets. We opened affiliated companies in Great Britain, Slovenia, the United States, Azerbaijan, Germany, Ukraine, Switzerland, Moldova, Georgia, and at the end of 2024, we established a company in the Netherlands as well.

One of the goals that we set for ourselves in Span was listing our shares on the regulated market of the Zagreb Stock Exchange, which we achieved. We became a joint stock company in 2019, and our shares were listed on the Zagreb Stock Exchange in September 2021. By doing so, we started a new development phase of operation oriented to an accelerated organic growth in the existing markets and an opportunity to continue to expand in international markets. Only six months after the Initial Public Offering, our share was included in the CROBEX® and CROBEXtr® indices, whereas in March 2023, it joined the 10 most liquid shares, being listed in the CROBEX10® and CROBEX10tr® indices. In the same year, the largest provider of stock indices on the global level, MSCI, enlisted our share in the MSCI Frontier Market Small Cap Index, which gives it additional visibility with global investors. We continue to further focus on cloud and cyber security, and in addition to Microsoft as our main partner, we continue to operate with Google, Amazon and other renowned partners. In continuation of the business development plan, in September 2022 we opened Cyber Security Incubator ¹, with a view to providing education, training and consultancy services to the business community in Croatia and the region. In 2023, we acquired GT Tarkvara, the Estonian leading Microsoft partner, and thus confirmed the strategic direction to further growth and expansion to new markets. In 2024, we also merged affiliated companies Bonsai and Ekobit with Span, combining our offer of software and AI solutions development.

¹ In December 2024, Span Cyber Security Center d.o.o. changed its name to Cyber Security Incubator LLC, but it continues to operate under Span Cyber Security Center brand.

1993 Span is founded
1995 First Croatian Microsoft Certified Solution Provider
1996 Span launches Microsoft CTEC education center
1998 Organization of Microsoft Systems & Development Conference
1999 Microsoft Certified Solution Provider Partner
2000 Span partners with Hungarian system integrator Synergon
2001 First Croatian Microsoft Gold Partner
2006 ISO 9001
2007 Span management buy out
2009 Span IT, London, United Kingdom established
2009 Span d.o.o., Ljubljana, Slovenia established
2011 ISO/IEC 27001
2012 ISO/IEC 20000
2013 Microsoft Partner of the Year – Croatia
2013 Span USA, INC., Chicago, IL established
2014 European Business Award
2014 Infocumulus joins Span Group
2014 Start of Span Development Academy
2015 17 Microsoft competencies achieved, 16 Gold
2015 McDonald’s UK IT operator of the Year Award
2016 Microsoft Partner of the Year – Croatia
2018 Span LLC, Kyiv, Ukraine established
2019 Microsoft Partner of the Year – Croatia
2019 Span LLC, Tbilisi, Georgia established
2019 12 Microsoft Advanced Specializations achieved
2020 AWS and Google Cloud Services partner
2020 Span LLC, Ukraine awarded best Microsoft LSP partner in Ukraine
2020 Microsoft Partner of the Year – Croatia
2021 McDonald’s Global Technology Partner
2021 Microsoft Partner of the Year – Croatia
2021 9 Microsoft Advanced Specializations achieved
2021 Shares listed on Zagreb Stock Exchange
2021 Span-IT SRL, Chișinău, Moldova established
2021 ISO/IEC 14001
2021 ISO/IEC 50001
2022 Cyber Security Incubator established
2022 12 Microsoft Advanced Specializations achieved
2022 Acquisition of Ekobit
2022 Microsoft Partner of the Year – Ukraine
2022 GRIT Award for UN Sustainable Development Goal 8.
2023 Acquisition of GT Tarkvara
2023 12 Microsoft Advanced Specializations achieved
2023 6 Microsoft Solutions Provider designations
2023 Microsoft Partner of the Year - Croatia & Ukraine
2024 Merger of Bonsai and Ekobit
2024 Acquisition of business shares in Trilix
2024 Microsoft Partner of the Year for Croatia
2024 ISO/IEC 42001
2024 First Span Cyber Security Arena conference
2024 Span B.V. established in Amsterdam, Netherlands

1.2.3. Organizational structure of the Group

  • Span d.d. Koturaška cesta 47 Zagreb (Headquarters)
  • Span d.o.o., Ljubljana Slovenia (Domestic affiliated company)
  • Span USA Inc., Chicago IL, USA (International affiliated company)
  • Span IT Ltd, London UK (International affiliated company)
  • Span GmbH, München Germany (International affiliated company)
  • Span Azerbaijan LLC, Baku Azerbaijan (International affiliated company)
  • Span BV, Amsterdam Netherlands (International affiliated company)
  • Span-IT SRL, Chisinau Moldova (International affiliated company)
  • Span GT Tarkvara, Tallinn Estonia (International affiliated company)
  • Span LLC, Tbilisi Georgia (International affiliated company)
  • Span SWISS AG, Zurich Siwitzerland (in liquidation)
  • Span LLC, Kyiv Ukraine (International affiliated company)
  • Cyber Security Incubator LLC
  • Trilix d.o.o.

² As of December 31st, 2024, Span Group (“Group”) consists of Span d.d. (“Company”) and its affiliated companies.

Span is a joint stock company whose shares are listed on the regulated Zagreb Stock Exchange market and which applies the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (HANFA), which is available online on the sites of the Zagreb Stock Exchange (www.zse.hr/en) and HANFA (www.hanfa.hr/en).# A statement on the ap- plication of the Corporate Governance Code is a constituent part of the Annual Report of the Span Group. Span’s internal rules and management procedures, based on the fun- damental principles of corporate governance, particularly the principles of impartiality, transparency, equity, and accountability, en- sure more efficient operations and timely and objective communication of all key business activities and results the Company achieved to the public. At the same time, they enable equal treatment of all shareholders, thus strengthening the trust of all stakeholders, including employees, partners, customers and other interested parties.

1.2.4. Corporate governance

1.2.4.1. Statement on the application of the Corporate Governance Code

Pursuant to Article 272.p, and in relation to Article 250.a of the Companies Act (Official Gazette no. 111/1993, 34/1999, 121/1999, 52/2000, 118/2003, 107/2007, 146/2008, 137/2009, 111/2012,125/2011, 68/2013, 110/2015, 40/2019, 34/2022, 114/2022, 18/2023, 130/2023, 136/2024, hereinafter: Companies Act), and Article 25 of the Act on Accounting (Official Gazette no. 85/2024, 145/2024), the Management Board of Span d.d., Zagreb, Koturaška cesta 47, OIB:19680551758 (hereinafter: Span or Company) issues the following Statement on the application of the Corporate Governance Code.

I Span’s shares were listed on the regulated market of Zagreb Stock Exchange on 21 September 2021, and Span applies the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (HANFA), which is publicly available online on the sites of the Zagreb Stock Exchange (www.zse.hr/en) and HANFA (www.hanfa.hr/en).

II With this statement, Span confirms that it operates in accordance with good corporate governance practices and, for the most part, according to the recommendations of the Code, publishes all information whose publication is provided for by positive regulations. The reasoning behind deviations from certain recommendations and additional adjustments shall be submitted in the Annual Compliance Questionnaire for share issuers and the Questionnaire on Management Practices for share issuers, which Span will submit to HANFA for 2024 no later than 30 April of the current calendar year, and publish on the websites of the Company and Zagreb Stock Exchange, in accordance with the Rulebook on information related to corporate governance, which issuers are obliged to submit to the Croatian Financial Services Supervisory Agency, and with the form, deadlines and method of their submission (Official Gazette 59/2020, 12/2023).

III Internal control and risk management system in relation to the financial reporting process is carried out by controlling and internal audit units, with the supervision of the Audit Committee. In accordance with the Audit Act (Official Gazette 127/17, 27/2024, 85/2024, 145/2024), along with the tasks laid down in the Regulation (EU) no. 537/2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC, and all the relevant regulations, the Audit Committee monitors the financial reporting process and submits recommendations or proposals to ensure its integrity, and monitors the effectiveness of internal control and risk management systems, including effectiveness of procedures for approval and announcement of transactions between members of the Management Board and the Supervisory Board and the Company, monitors internal audit, without breaching its independence.

Providing senior management and the Supervisory Board with guarantees and information that will help achieve the organization’s goals, including evaluating the effectiveness of risk management actions are key objectives of internal audit. Controlling reports to the Management Board of the Company, and internal audit to the Supervisory Board’s Audit Committee and the Management Board. Internal audit report shall be drawn up at the end of each audit, and contains:
* list of performed audits
* assessment of the adequacy and effectiveness of internal control systems, as well as improvement recommendations
* illegalities and irregularities, if observed during audit, and recommendations and proposals of measures for their elimination
* action taken in relation to previously issued recommendations.

Reports shall be submitted to the Management Board and the Audit Committee.

In 2024, Span continued to maintain and continuously improve seven existing ISO certified management systems. Particular attention was paid to information security, IT services and business continuity management. In course of the year, we associated risk management methodology with the requirements of ISO 22301 – Business continuity management system (BCMS). In August 2024, we were the first in Croatia and among the first in Europe to certify our artificial intelligence management system according to ISO 42001 standard. With these eight implemented systems, Span ensures high level of reliability of its business processes and adequate degree of trust of all stakeholders.

IV On 31 December 2024, ten most significant shareholders in Span are:

No Name Number of shares Percentage (%)
1 DUJMOVIĆ NIKOLA (1/1) 603028 30.7667
2 RAIFFEISENBANK AUSTRIA D.D. / RAIFFEISEN VOLUNTARY PENSION FUND (1/1) 131111 6.6893
3 FIMA-VRIJEDNOSNICE D.O.O. / PONGRAC MARIJAN (1/1) 78266 3.9932
4 ERSTE & STEIERMARKISCHE BANK D.D. / PBZ CO OMF - CATEGORY A (1/1) 71128 3.6290
5 FIMA-VRIJEDNOSNICE D.O.O. / BANEK ZVONIMIR (1/1) 70739 3.6091
6 ERSTE & STEIERMARKISCHE BANK D.D. / PBZ CO OMF - CATEGORY B (1/1) 65200 3.3265
7 OTP BANKA D.D./ ERSTE PLAVI OMF CATEGORY A (1/1) 56056 2.8600
8 PRIVREDNA BANKA ZAGREB D.D. / RAIFFEISEN OMF CATEGORY A (1/1) 52097 2.6580
9 FIMA-VRIJEDNOSNICE D.O.O. / KOLAREK DARKO (1/1) 47725 2.4349
10 FIMA-VRIJEDNOSNICE D.O.O. / BOČKAL DAMIR (1/1) 46516 2,3733

Span does not have securities holders with special control rights, nor securities holders with limitation of voting rights to a specific percentage or number of votes, time limitations related to exercise of voting rights or cases in which, in cooperation with the company, financial rights from securities are separated from holding of those securities. Span does not have specific rules when it comes to appointing and revocation of members of the Management Board, or Supervisory Board, changes to Company Articles of Association, nor specific rules when it comes to powers of the members of the Management or Supervisory Board. Provisions of the Companies Act and Company Articles of Association, which is available on Span’s website (www.span.eu) are applied to all the relations mentioned above.

V Companies Act and Company Articles of Association define the manner of work of the General Assembly, its authorizations, rights of shareholders and manner of their realization, while invitation and decision proposals, as well as decisions made are publicly announced in accordance with the provisions of Companies Act, Capital Market Act and Rules of the Zagreb Stock Exchange. Each share carries one vote.

VI The Management Board consisted of 4 members until 16 December 2024, when it was appointed for a new five-year mandate with Nikola Dujmović as president, and Saša Kramar and Ana Vukšić as members. Members and the President of the Management Board are appointed for a maximum of 5 years. After expiry of the mandate, Members and the President of the Management Board can be reappointed, without restriction of the number of mandates. The Management Board manages Company business under its own responsibility, exhibiting all the due diligence of a conscientious businessman, in accordance with the Companies Act, Company Articles of Association and Rules of Procedure of the Management Board.

In 2024, the Supervisory Board consisted of 5 members. Powers of the Supervisory Board are defined by the provisions of the Companies Act, Company Articles of Association and Rules of Procedure of the Supervisory Board. Within the framework of their competence, the Supervisory Board makes decisions, evaluations, opinions, gives approval of decisions made by the Management Board which was provided for by Rules of Procedure, legislation or Articles of Association, gives orders to auditors and together with the Management Board determines decision proposals which are made by the General Assembly. The Management and the Supervisory Board generally work on meetings, but also make decisions without holding a meeting, by correspondence, in accordance with the provisions of rules of procedure, legislation and Articles of Association. According to the provisions of legislation, Corporate Governance Code and Rules of Procedure of the Supervisory Board, the Supervisory Board established two committees, the Audit Committee and the Nomination and Remuneration Committee. Description of tasks and competences of the Audit Committee and the Nomination and Remuneration Committee is available on Span’s website (www.span.eu).

VII On 18 December 2023, the Management Board of Span adopted the Policy on Diversity and Inclusion (hereinafter: Policy), and signed the Diversity Charter of the Croatian Business Council for Sustainable Development. The policy is based on diversity, inclusion and emphasizing the importance of fairness in ensuring equality of opportunity, and it includes principles of individual uniqueness, practical adaptation, individual responsibility of each individual, a positive approach to diversity, openness and transparency, zero tolerance for discrimination.# 22 23 Robust corporate governance model enabling the execution of governance responsibilities at all levels and ensures investor confidence

Nomination and Remuneration Committee

  • 4 year mandate
  • Each Committee has 3 members:
  • President (independent member of the Supervisory Board)
  • 2 external

Audit Committee

  • 4 year mandate
  • 5 members:
  • 4 appointed by General Assembly
  • 1 appointed by employees
  • 5 year mandate
  • 1-9 members appointed by Supervisory Board

Supervisory Board

General Assembly

Shareholders

Management Board

II To establish effective internal control and effective accountability system at all levels

Accountability

III To protect shareholders rights and treat all shareholders equally including minorities

Fairness

IV To avoid conflicts of interest of all relevant parties

Independence

Procedures

Transparency

I To ensure timely, accurate disclosure on all material matters (financial information, ownership and corporate governance information)

1.2.4.3.1. Management Board

The Management Board of the Company is responsible for the strategic management and long-term performance of the whole Span Group. It is obliged to act only on behalf of Span and its shareholders at all times, taking care of the interests of the employees and the wider community, with a view to increasing Span value. Members of the Management Board manage the affairs of the Company together, as well as independently as per individual areas of business as specified in more detail in the Rules of Procedure for the Management Board. Irrespective of the division of competences, all members of the Management Board are responsible for the overall management of the affairs of the Company. The Management Board manages its affairs in compliance with the applicable laws and by-laws, the Articles of the Association of the Company and the Rules of Procedure for the Management Board.

The Rules of Procedure for the Management Board (Rules of Procedure for the Manage- ment Board) regulates tasks, responsibility, organization, way of operation and deci- sion-making of the Company Management Board, as part of the corporate management process, especially:

a) Management Board tasks and respon- sibilities
b) organization and workflow and Manage- ment Board decision making
c) business areas which are independently managed by Management Board members
d) powers and limitations with regards to the Company's management of business affairs
e) preparing and calling for a Management Board meeting
f) working on meetings and the way in which decisions are made
g) minutes and conclusions, acts and archives
h) rules for preventing conflict of interest
i) cooperation and relationship towards Supervisory Board
j) other questions of note for Management Board work.

harassment or violence, equal opportuni- ties and inclusive leadership, described in more detail in the Policy. The foundation of the Policy lies in the legal framework prescribed by the Anti-Discrimination Act, and by adopting this Policy, the Management Board has committed to implementing the above-mentioned principles to create a pos- itive and inclusive organizational culture.

In Span, the Policy on Diversity and Inclusion is implemented through systematic training, raising awareness and organizing events that foster an open dialogue and positive changes in business environment. In 2024, Span organized lectures for its employees on gender equality in business world and protection of children against violence, while HR and Sustainability Department took part in external educational programs on diversity and corporate social responsibil- ity, and actively participated in panels by sharing their experiences and best practices when it comes to diversity and inclusion. Internal knowledge capacities were thus improved and increased, culture of inclusion was strengthened, and the foundation for future development of new programs and initiatives was built. The implementation of Policy and the results of the report period are published within Sustainability Report, which is an integral part of Annual Report for 2024.

3 The Questionnaire on Management Practices was also submitted to HANFA in the time period prescribed by relevant provisions of law

VIII Pursuant to Article 250.a (4), and Article 272.p (1) of the Companies Act, this Statement forms a specific section and is an integral part of Annual Report for 2024. Span d.d.

1.2.4.2. Corporate Governance Code – Compliance Questionnaire for 2023

Applying the best practices of corporate governance, we ensure unbiased, transpar- ent and responsible decision-making in our operations. In line with the requirements of the Corporate Governance Code, in 2024 we have published a Compliance Questionnaire for 2023 3 .

1.2.4.3. Corporate Governance Structure

The three fundamental bodies of the cor- porate governance in Span are as follows:
* Management Board
* Supervisory Board
* General Assembly

24 25

Nikola Dujmović

President of the Management Board

With 36 years of an extensive experience, Nikola is a co-founder and has been the company’s Director since its foundation. An engineer by trade, he sees the possibilities for improvement and growth in everything he does, with an exceptionally rare talent to recognize or anticipate upcoming global tech trends. Nikola's business philosophy is simple – trust in what you do and follow the social responsibility concept, provide support and try to give the community more than you have received from it. From the start, Nikola saw the importance of investing in people and their skills. That is why today Span’s employ- ees have a chance to expand their knowledge by working with state-of-the-art tech, us- ing that knowledge to efficiently solve their clients’ business challenges. Nikola is also responsible for Span’s expansion far beyond Croatian borders and he was the force behind Span’s partnership with Microsoft, making us the company’s leading partner in the region. Everything from design and development of strategically important projects, corporate security, quality and compliance with legal matters falls under Nikola’s direct jurisdiction. Thanks to his efforts and vision, Span is today one of the leading Croatian IT companies and one of the top Croatian exporters of software and services. He graduated from the Faculty of Electrical Engineering and Computing, University of Zagreb in 2002.

Division of work and competence of Company Management Board members is elaborated in more detail in the Appendix of the Rules of Procedure. Up until 16 December 2024, the Management Board of Span consisted of four members:
1. Nikola Dujmović – President
2. Marijan Pongrac – Member
3. Dragan Marković – Member
4. Saša Kramar – Member

At their meeting held on 12 November 2024, the Supervisory Board adopted the Decision on the appointment of the Management Board of the Company for a new five-year mandate. As of 16 December 2024, Management Board of the Company is composed of:
1. Nikola Dujmović – President
2. Saša Kramar – Member
3. Ana Vukšić – Member

The number of the members of the Man- agement Board is determined by a decision of the Supervisory Board. The Management Board is appointed for a term of office of not more than five years, with a possibility for reappointment, without restriction of the number of terms.

During 2024, 13 meetings of the Management Board took place, with the membership attend- ance of 98.08%. The Members of the Manage- ment Board Nikola Dujmović, Marijan Pongrac and Saša Kramar attended 13 meetings, and Dragan Marković attended 12 meetings. The Management Board evaluated its effec- tiveness and the individual members' effec- tiveness, and communicated its conclusions to the Supervisory Board.

Management Board member Start of the term End of the term
Nikola Dujmović 16.12.2024 16.12.2029
Saša Kramar 16.12.2024 16.12.2029
Ana Vukšić 16.12.2024 16.12.2029
Total number of members Number of women Proportion of women Number of men Proportion of men
Supervisory Board and Management Board 8 4 50% 4 50%
Supervisory Board 5 3 60% 2 40%
Management Board 3 1 33% 2 66%

Balanced representation achieved in the Supervisory Board, Article 272.p (2)(c) Yes

Objectives regarding the participation of women and men in the Management Board achieved, Article 272.p (2)(e) Yes

Information on the execution of the obligation concerning a balanced representation between women and men, pursuant to Article 272.p (2) of the Companies Act on 31 December 2024.

26 27

Ana Vukšić

Member of the Management Board & CFO

Ana is the newest member of the Span’s Management Board, and she is in charge of finance, accounting, controlling, ESG, logistics and office administration. She has more than 18 years of experience in finance, and the thorough knowledge of accounting, controlling, treasury, risks and taxation is her greatest strength. She started her ca - reer in 2006 in Iskon Internet d.d., and after that she was the Head of Controlling and Reporting in Proficio d.d. She joined Span in 2020 as Finance Director. She contributed greatly to the development of new policies and procedures with her experience and knowledge, and she was also a key team member in the preparation of Span’s listing on the Zagreb Stock Exchange. By managing the segments she is responsible for, Ana actively works on improving Span’s business and maintaining and developing relation- ships with various financial institutions, creditors and investors.

Saša Kramar

Member of the Management Board & CBO

As the Member of the Management Board for Marketing, Sales and Business Development, Saša is responsible for Span’s internation- al business development, managing a full portfolio of marketing and sales activities.## Together with his team, he is strengthening relationships with our current and future clients, suppliers and partners, and besides overseeing these activities in Croatia, he also supervises Slovenia, Ukraine, Moldavia and Azerbaijan, Estonia and Georgia, with a constant focus on expanding to new international markets.

During his first year in Span, we have already seen him restructure our Sales and Marketing departments with great success. His immense experience in organizing these corporate branches as well as managing business development and strategic growth help transform Span into a truly international company. During his 35-year-long productive career, Saša has worked on managing positions in technology and telecommunication companies. He started his career at the Apple Center NOVEL in 1990 and moved to Iskon Internet in 2016. In the same year, he became the member of the Management of Hrvatski Telekom and performed that function until January 2020, at the same time performing the function of the President of the Supervisory Board of Combis since 2016, and the Member of the Supervisory Board of Crnogorski Telekom since 2017. He studied at the Faculty of Electrical Engineering and Computing, University of Zagreb, only to continue to improve his knowledge in Croatia and abroad.

28

29

The Supervisory Board of Span consisted of five members in 2024:

  1. Ante Mandić, President of the Supervisory Board
  2. Aron Paulić, Vice President of the Supervisory Board
  3. Ivana Šoljan, Member of the Supervisory Board
  4. Mirjana Marinković, Member of the Supervisory Board
  5. Barbara Gradečak, Member – employees’ representative in the Supervisory Board.

Term of office of the Members of the Supervisory Board (under 1 to 4) lasted until 30 September 2024. At the General Assembly that took place on 18 June 2024, the following were re-elected as the Members of the Supervisory Board of Span d.d. for a new four-year mandate, until 30 September 2029:

  1. Ante Mandić
  2. Aron Paulić
  3. Ivana Šoljan
  4. Mirjana Marinković.

At the constituent session of the Supervisory Board held on 1 October 2024, Mr. Ante Mandić was appointed as the President of the Supervisory Board, and Mr. Aron Paulić was elected Vice President of the Supervisory Board. Mrs. Barbara Gradečak’s term of office as employees’ representative lasts for four years, from 29 December 2023, when she was elected, to 29 December 2027.

1.2.4.3.2. Supervisory Board

Ante Mandić President of the Supervisory Board

Ante is the President of the Supervisory Board. He graduated from the Technical Military Academy in Zagreb in 1978, acquiring the title Bachelor of Science in Nuclear Physics, i.e. an expert for nuclear weapons. He obtained a Master’s Degree in 1985 in the area of computer simulation. He continued his career in the army, and after initial activities directed to performing commanding duties, he returned to the Technical Military Academy as a lecturer, and then worked as a scientific researcher and military advisor abroad. He left the army in 1991 and then founded a company, IN2 for the development and implementation of software and provision of related services. By 2018, IN2 developed into a Group of 12 regional companies with more than 630 employees, and in the same year, it was sold to the Canadian group, Constellation Software. Today, Ante is the majority owner of Insig2 and NavBiz, investor and co-owner in a large number of Croatian companies, and occasionally volunteers as a mentor for small and medium-sized enterprises within Sentor, an association he founded. He is an active participant of the Croatian IT community, and through his career, he has performed the functions of the president of associations within the Croatian Employers’ Association and the Croatian Chamber of Economy. The President of the Republic of Croatia decorated him with the Order of Danica Hrvatska in 2014 for his contribution to the development of the Croatian economy. He was also declared the Manager of the Year in 1999 and 2021, and the Entrepreneur of the Year in 2014 and 2018.

30

31

Aron Paulić Vice President of the Supervisory Board

Aron is the Vice President of the Supervisory Board and President of the Nomination and Remuneration Committee. He is responsible for the recruitment of candidates and the supervision of the process of nomination for the Supervisory Board and the Management Board so as to ensure transparency and decency. Moreover, he considers proposals for the remuneration of the members of the Management Board and supervises the amounts and the structure of remuneration of the senior management and employees as a whole. He started his career as a developer and has worked on system development and the sale of advanced solutions. He has spent the biggest part of his career in managerial positions in the media industry. He has been an active creator of the Croatian information industry for 30 years, a publisher of IT magazines, books and digital publications, an author of numerous articles and interviews, and an organizer of fairs, conferences and seminars. He has collaborated with more than 800 associates in his career, many of whom form the backbone of the local IT industry today. He started his career in 1991 at AC NOVEL, where he worked on software development and sale positions. In 1993 he co-founded the media company BUG and has been its director since then. He graduated from the then Faculty of Electrical Engineering of the University of Zagreb in 1991, now the Faculty of Electrical Engineering and Computing.

Ivana Šoljan Member of the Supervisory Board

Ivana Šoljan graduated with a degree in theater directing and radio broadcasting and business communication, and she also has a Master’s degree in communication. She is one of the first female entrepreneurs in Croatia with experience in launching, funding and selling projects in the media, tourism and telecommunication industry. She also boasts great experience in management since she has held executive positions in a couple of managerial teams (IN2, Jupiter Adria, Hrvatski Telekom, Iskon, Europapress Holding, Z3 tv, etc.), as the Executive Director and Member of the Management Board, where she was mostly responsible for sales, marketing and business development. She also has great general management experience. Together with Ivica Mudrinić, she is the co-founder of Foundation Luka (Zaklada Luka), a charity that finances university tuition fees for talented female students lacking financial resources. Ivana is the Director and a Member of the Management Board in Backstage consulting d.o.o., Include d.o.o., and Nest 01 d.o.o., and the founder and Director of the Hub385 coworking area.

32

33

Mirjana Marinković Member of the Supervisory Board

Mirjana is the Director of Sapientia Nova d.o.o. Zagreb, and of a series of project companies where she develops entrepreneurial ideas. She graduated from the Faculty of Economics, the University of Zagreb, in 1998. She went on to acquire formal education at the postgraduate studies in Accounting, Finance and Auditing major. In 2008, Mirjana was awarded the annual award Prof. dr. sc Ferdo Spajić by the professional organization Croatian Association of Accountants and Financial Professionals (Hrvatska zajednica računovođa i financijskih djelatnika - HZRIFD) She is certified as a professional TQ trainer. Her 25-year professional career has been connected to investment funds and the companies Expandia Invest and CAIB Invest since its very beginning, along with the leasing industry in Croatia, for which she organizes and manages the regional education program called Leasing Academy. She took part in important restructuring projects in Croatia, including the position of the Finance Director/Procurator at Hypo Alpe Adria Bank in the period from 2011 to 2012, and the Group Consolidation Manager in the project for Agrokor Group restructuring. She is specialized primarily for launching businesses, risk management, consolidation, IFRS/IAS standards and entrepreneurial activity. Mirjana has been a member of the Supervisory Board of Span d.d. since 14 June 2023.

Barbara Gradečak Member of the Supervisory Board

Barbara acquired the Senior Economist for Internal and Foreign Trade title at the Faculty of Economics in Zagreb in 2006. She started her career in Amadeus M.A.J., and she has worked in Span since 2010. She is assigned with payroll, incoming invoice booking, calculation of VAT and preparation of final accounts for other members of Span Group. She was actively involved in key activities of Span's operation, such as going public on the Zagreb Stock Exchange and implementation of the ESOP (Employee Stock Ownership Plan), which confirmed her expertise and professionalism. At the end of 2023, she was elected the representative of employees in the Supervisory Board of Span, which is also a recognition of her dedication to the improvement of the Company's operation.

34

35

  • Independent members account for 80% of the members of the Supervisory Board.
  • The Supervisory Board held 5 (five) meetings where it adopted the Annual work plan for 2024, Business plan/budget for 2024, and it assessed the work of the Management and the Supervisory Board for 2023. The Supervisory Board adopted the Annual plan for internal audit and Plan of the selected auditor of Span Group for 2024, reviewed and determined the Annual Financial Statements compiled by the Management Board, and the decision on the distribution of profits, auditor’s report composed by the audit company Deloitte d.o.o. and Remuneration reports of the Management Board and the Supervisory Board.
  • Based on the recommendation of the Audit Committee, the Supervisory Board proposed to the Assembly to appoint Deloitte d.o.o. as the auditor of Span Group for 2024, as well as to appoint members of the Supervisory Board for a new four-year mandate.# The Supervisory Board adopted the Decision on the election of the President and the Members of the Management Board for a new five-year mandate. The cooperation between the Supervisory Board and the Management Board was assessed positively.

At the meetings, the attendance of members was recorded at 96%. All the members of the Supervisory Board were present at all meetings, except for Ivana Šoljan, who attended 4 out of 5 meetings.

The Supervisory Board decided by correspondence five times in 2024, when it decided on the approval of contracts with associated entities, gave prior consent for the Share Buy-Back Program, and approved the Questionnaire on Management Practices and Compliance Questionnaire for issuers.

The Supervisory Board carried out self-evaluation of the profiles and competences of the members of the Supervisory Board and members of its committees where all the circumstances referred to in Article 41 of the Code were evaluated. The self-evaluation was conducted by the Vice President of the Supervisory Board without engaging an external auditor. The Supervisory Board determined that its composition and profile, as well as the composition and profile of its committees, correspond to the needs and activities of the Company. There were no recommendations since it has been established that all the members of the Supervisory Board and its committees possess knowledge, abilities and professional experience required for decision-making in all the issues that were on the agenda at the meetings of the Supervisory Board and its committees, all the members of the Supervisory Board (except for the employees’ representative) are independent, and the level of women’s representation being at 60% was evaluated as above average. Administrative support when preparing meetings of the Supervisory Board is provided by the Secretary of the Company in an effective and timely manner.

The Supervisory Board of the Company was informed by the Management Board in a proper, timely and transparent manner about all crucial issues concerning the operation of the Company and companies dependent on it, which are important for the existence of the Company.

No other payments, apart from the fee for their work in the Supervisory Board, were made to the members of the Supervisory Board in 2024. The Supervisory Board of Span founded the Audit Committee and the Nomination and Remuneration Committee.

1.2.4.3.2.1. Audit Committee

The Audit Committee performed tasks in line with the Audit Act, the Regulation (EU) 537/2014, other positive regulations and the Rules of Procedure of the Audit Committee. The Rules of Procedure of the Audit Committee of Span are available at the Company websites: Rules of Procedure of the Audit Committee. In 2024, the Audit Committee acted in the following composition:
* Ante Mandić – President
* Nataša Zelenika – Member
* Tomislav Skorin – Member

Nataša Zelenika

Nataša graduated from the Faculty of Economics and Business in Zagreb. She started her career in 1999 as an auditor at EY Croatia, the position she left in 2008. Then, she occupied the position of the Finance and Accounting Manager at PBZ Croatia d.d., where she was in charge of the finance and accounting of the company and the fund. In 2010, she continued her path in the finance of Agrokor d.d. where she mostly worked on coordination and resolution of taxation issues on the level of the holding company, while cooperating closely with external consultants. Since 2017, she has been the owner and Director of a consultancy company, which provides consulting services in the area of finance and accounting, as well as functions of external accounting to various customers. She has been a member of the Audit Committee of Span since its establishment.

Tomislav Skorin

Tomislav graduated from the Faculty of Economics and Business in Zagreb in 2001. He started his career the same year as an auditor for Deloitte & Touche in Zagreb, and later he worked as an Audit Supervisor for Confida revizija, a company in Zagreb. Tomislav continued his career as a Senior Controller at Iskon Internet only to become the CFO and the member of the Management of Tvornica plinskih turbina d.o.o. in Karlovac, and finally the member of the Management of the Croatian Mint until November of 2023. Tomislav is an experienced CFO with a proven track record in the industry of production and audit and consultancy services. He is exceptionally committed to long-term prosperity and professional goals of the company, he believes in open communication and consistently achieves and overcomes the agreed goals, frequently in very demanding circumstances.

During 2024, the Audit Committee held 3 (three) meetings where the recorded attendance of its members was 100%. During the meetings, the Committee considered and adopted the Internal audit report for 2023 and the Annual work plan for 2024. The Audit Committee considered and gave recommendations to the Supervisory Board to adopt the annual financial statements and consolidated annual financial statements of Span Group, along with a report on the status of the Company and affiliates, with the reports of the authorized auditor, Deloitte d.o.o. for 2023. The Audit Committee gave recommendation to the Supervisory Board to adopt a submitted proposed Decision on appointing the auditor for 2024, appointing Deloitte d.o.o. as the auditor of the Group, and refer it to the General Assembly for decision-making, where the proposal was adopted. The Committee adopted the Annual plan for audit for 2024, as well. The Audit Committee evaluated the effectiveness of risk management and the internal control system, the status of the personal data protection system, procedures for approval and announcement of transactions between members of the Management Board or the Supervisory Board and the Company (or persons related to any party) and effectiveness of the procedure for reporting irregularities and its application. The Audit Committee regularly presented its conclusions and recommendations to the Supervisory Board.

1.2.4.3.2.2. Nomination and Remuneration Committee

The Nomination and Remuneration Committee performed tasks specified in the Decision of the Supervisory Board on establishment of the Nomination and Remuneration Committee and provisions of the Rules of Procedure of the Committee, which are available at the websites of the Company: Rules of Procedure of the Nomination and Remuneration Committee.

36

37

Croatian Banking Association and for other business entities, and gave lectures within ESG workshops of Privredna banka Zagreb. She published numerous papers and books. She has been a member of the Span’s Nomination and Remuneration Committee since its establishment.

Lucia Ana Tomić

Lucia boasts more than twenty years of experience working in the area of legal affairs and human resources. Working in a law office (banking and insurance sector), she specialized in the area of financial crime, prevention of money laundering and fraud and data protection. She is a Director for Compliance, Regulatory Affairs and Procurement at Wiener Insurance, Vienna Insurance Group d.d. She has been appointed a member of the Nomination and Remuneration Committee in Span. Lucia has acquired degrees at the Faculty of Law in Zagreb and the Faculty of Economics, where she continued her education and acquired an MBA degree in the area of management and international mergers and acquisitions. In 2023, she took part in various conferences as a speaker (Leader events, Money Motion, European Company Law Association…) and gave lectures in universities in the region as a visiting lecturer. She is a full-time lecturer on Social Criteria and Governance at the ESG Academy. She is the author of a series of scientific articles in the HR area concerning remuneration and assessment of eligibility of members of management boards. Her latest paper was published in 2023 under the title “Directors, information, remuneration and risk management // European company case law”, 2 (2023), 2; 149-161. doi: DOI: 10.5771/2752-177X-2023-2-149 (Horak, Hana; Tomić, Lucia). She is the Vice President of the ICC Commission on Corporate Social Responsibility and a licensed coach at the European Mentoring and Coach Council.

The Nomination and Remuneration Committee determined the proposed goals of the Company for 2024, and key performance indicators (KPI) in order to determine the annual bonus for the Management Board, which was referred to the Supervisory Board and adopted, and also determined fulfilment of goals in order to determine the amount of the annual bonus for the Management Board for the previous year. It supervised the amount and structure of remuneration for the senior management and employees as a whole and gave a positive assessment and recommendations to the Management Board concerning the latter's policies. It also assessed the composition, size, membership and quality of work of the Supervisory Board. It determined the proposal of the Remuneration Report of the Management Board and Supervisory Board for 2023. At an emergency meeting, the Committee gave its positive opinion for the proposal of members of the Management Board of the Company for a new five-year mandate, and recommended to the Supervisory Board to adopt the submitted proposal. The percentage of female members in the proposed and adopted composition of the Management Board was 33%, in line with the provisions of the Directive improving gender balance among directors of listed companies. The Nomination and Remuneration Committee notified the Supervisory Board on a regular basis on recommendations adopted at its meetings and submitted annual reports on their work to the Supervisory Board.# Internal audit

Internal audit that was nominated in Span within good corporate governance practice is performed in line with the internationally recognized audit standards concerning internal audit, the code of professional ethics of internal auditors and rules of action of the internal audit. The internal audit affairs are performed in line with the annual plan. In 2024, the Committee worked with the following composition:
* Aron Paulić – President
* Hana Horak – Member
* Lucia Ana Tomić – Member.

The Committee held 4 (four) meetings, which were attended by all the members.

Hana Horak

Prof. Hana Horak, PhD is a tenured Professor at the Faculty of Economics and Business, University of Zagreb, Department of Business Law, Jean Monnet Chair. She teaches Commercial Law, European Company Law, EU Internal Market Law, and International Commerce Law. She is also the Head of the university specialist program “Legal and Economic Framework of Business in the European Union”. Since 2011, she has been the Chair of the Program Committee of the International Conference on European Company Law and Corporate Governance. She is the Editor-in-Chief of the scientific magazine INTEREULAWEAST – Journal for International and European Law, Economics and Market Integrations. She has been a member of the European Law institute (ELI) for years, and actively participates in ELI SIG Business and Financial Law as a member of the project team on the project: "Corporate Sustainability, Finances, Accounting and Capital." Since 2020, she has been a member of the Advisory Board in the Croatian center of the European Law Institute (ELI Croatian Hub). In 2022, she was elected a member of the Supervisory Board of the Croatian Academy of Legal Sciences. She is the President of ICC Croatia Commission on Corporate Responsibility and Anti-corruption. Within an education by the ESG Academy of the Croatian Chamber of Commerce, she gave a series of lectures on the legal framework of corporate governance in the area of sustainability and implementation of ESG factors. Moreover, she provided education for the

The Annual Plan for internal audit is produced by the Company, and it must encompass:
* Areas of operation that are a priority given the risk assessment.
* List of planned audits.
* Order of internal audits.

The Annual Audit Plan is proposed by the person responsible for managing internal audit, and is adopted by the Audit Committee. Within the Annual Plan for internal audit for 2024, the following areas of work and scope of implementation, as well as documents analyzed and reviewed within the audit, were identified and audited: human resources, accounting and finance area, application control, audit of the information system in the area of information system security and risk management, and business continuity management.

Company’s share capital.

In accordance with the published agenda, the Assembly made the following decisions:
* Decision on the utilization of profits, by which the payment of dividend in the amount of EUR 0.30 (thirty cents) per share to the shareholders of the Company was determined, proportionally to the number of shares they hold.
* Discharge was given to Members of the Management Board and the Supervisory Board of the Company.
* Revised Remuneration Report of the Management Board and the Supervisory Board during the business year 2023 was approved.
* Decision on the election of the Members of the Supervisory Board was adopted, and the following were re-elected as the Members of the Supervisory Board of Span d.d. for a new four-year mandate, until 30 September 2029:
* Ante Mandić
* Aron Paulić
* Ivana Šoljan
* Mirjana Marinković
* Deloitte Limited Liability Company for audit services was appointed as the auditor of the operation of the Company and Span Group in the business year 2024.

All Decisions from the General Assembly meetings, as well as records thereof have been published in line with the legal regulations and are available at the websites of the Company.

1.2.4.3.3. General Assembly

The General Assembly decides on issues specified by the Company Act and the Articles of the Association of the Company. The Articles of the Association of the Company, available at the websites at the following link: the Articles of the Association of the Company, prescribe the manner of work of the General Assembly, its authorizations, rights of shareholders and manner of their realization. The General Assembly can adopt valid decisions if it is attended by shareholders, in person or through an attorney-in-fact, whose shares make more than a half of the share capital of the Company. The right to participate in the General Assembly is ensured to shareholders who have the share of the Company registered at their securities account in the computer system of the Central Depository and Clearing Company, and have reported their participation at the General Assembly in advance. An invitation to the General Assembly regulates the conditions for applying for participation at the General Assembly in more detail. The regular General Assembly of the Company was held on 18 June 2024. The Assembly was chaired by Gorana Grubišić, Attorney at Law. The Assembly was attended by the shareholders and their representatives who held a total of 1,278,391 votes, which makes 65,57% of the total number of Company shares with voting rights, or 65,22% of the share in the

1.3. Overview of operation

1.3.1. Description of the operation and main activities

Our business model is directed to providing a full service, with a possibility to adjust solutions to the business needs of an individual client. Our business activities are divided into four business segments:

1. Software Asset Management and Licensing

The first step in the business relationship with a customer is licensing. This business segment includes the sales of program licenses and assistance to customers concerning the selection of the most appropriate program licenses for their operation and taking care of the timely renewal of the licenses purchased. During this phase, the overall business operation of a customer is analyzed with the purpose of identifying the actual needs for adequate software and optimizing its operation. In this way, we strive to achieve savings for the customer and reduce IT risks they are exposed to as early as with the very contracting of the procurement of software, and we become the customer’s long-term consultant when the management of their software assets is involved. We have been the licenses supplier for some of the biggest software solutions manufacturers in the world for more than 30 years. Our software asset management service unites expertise and the most sophisticated technology so that we can simplify licensing, ensure compliance, automate governance and optimize software use expenses for our customers. To provide software asset management services, we use modern technological tools and standards. When it comes to sales of licenses, the most important supplier of the Group is Microsoft, and we have been a part of their partner network since the establishment. As a Microsoft Solutions Partner, we are the hub of expertise for Azure and M365 platforms, Cloud security solutions, business solutions, AI, and the solutions to increase productivity.

We are their leading partner with a permit to provide licensing services (LSP) and Cloud services (CSP) in the EU/EFTA region, Ukraine, Azerbaijan and the CIS region. With our Microsoft Solutions Provider status in 6 areas, we continuously prove our success in innovation and implementation of Microsoft solutions. Through more than 30 years of business, we have built strategic partnership for the delivery of transformative IT solutions. Also, our wide portfolio of partners is a result of the cooperation with leading software manufacturers to guarantee successful meeting of all user requirements.

  • Microsoft Dynamics
  • Microsoft Power Platform
  • Microsoft Azure services
  • Microsoft 365

2. Infrastructure Services, Cloud & Cyber Security

Infrastructure Services, Cloud & Cyber Security segment includes the design and development of information systems according to the business needs of a customer, as well as Cloud and cyber security services. To that end, we use advanced and innovative solutions and software tools of global leaders in the IT sector. Projects of development of information systems can be of different duration, from one-year to multi-year projects, and we design and develop them according to specific business needs and standards of the customer (tailor-made solutions). The idea is to develop an IT system adjusted to the customer, which will support their current operation and business growth to the optimum, so this process includes a detailed analysis of the existing business processes of the customer. When Cloud services are involved, we have ensured complete solutions to our customers, from the service for the assessment of the preparedness of the customer, preparation and enabling the transition of the customer to the Cloud platform, to the management of Cloud itself. By multicloud environment services (use of more than one Cloud platform of different suppliers in the same environment), we ensure the supervision of the Cloud environment, optimization of expenses and safety of the IT system.We are a certified provider of Cloud consulting services and implementation for Microsoft Azure, Amazon Web Services and Google Cloud Services, and these companies are our most significant suppliers in the segment of the infrastructure services and Cloud. This segment of the operation also includes taking care of the security of the IT systems 6 which we strive to make resilient to cyber threats or attacks. In the world of continuous threat evolution, increasing mobility and digitalization, you need around-the-clock vigilance, alertness and agility. Our Security Operations Center (SOC) is a full-service solution that protects your company from a wide range of cyber threats, 24 hours a day, 365 days a year. Our security analysts use advanced technologies, their extensive experience, and insight into the most recent threat intelligence knowledge to rapidly and effectively identify and prioritize all key events. Our professional certifications also prove our competences in this segment: Our goal is to convey knowledge and empower the business community to respond as efficiently as possible to the ever-present and increasingly sophisticated cyber threats, which are one of the greatest risks for the operation. We strive to achieve this through Cyber Security Incubator, which offers education, training and consultancy services intended for employees in the public and private sector, and the program is tailored to specific needs of the participants or a company, and includes active participation in real-life situations where professional hackers simulate real attacks on their business systems. 6 https://www.span.eu/en/solutions-services/security-services/ 200 days pass on average before a security breach is discovered 66% of organizations leave the door open to attackers through misconfigured cloud services 72% of the companies have quality cyber security experts attraction problems

3. Service Center Management and Technical Support

7 This segment of the operation involves services of complete supervision and management of the IT environment which we provide to customers depending on the contracted level of service. We ensure the complete availability of service, 24 hours a day, 7 days a week, and 365 days a year, independent on whether the systems were designed, developed and put into operation by us or the respective supplier. Even though contracting these services usually follows after we implement or integrate certain technological solutions for the customer in their own IT environment, we also provide them independently of the previous integration of technology in the customer’s environment, especially in cases when a customer has a need for specific know-how, 7 https://www.span.eu/en/solutions-services/24x7-support-services/ 8 Information Technology Infrastructure Library better availability of professional IT support or additional resources capable to perform high-risk large-scale operating actions. Our service is based on the best practice in the IT management (ITIL 8 ). Certification and standardization of business raise the Company’s reputation as a reliable and organized partner, and guarantee safe information and confidential information handling, together with clearly defined responsibilities and authorizations within organization. Implementation of ISO standards in business is an important factor for increasing competitiveness in the international market, and Span applies as many as eight of them.

4. Software and Business Solution Development

9 This business segment includes the development of our own IT solutions, or software platforms, software solutions, software products, and Microsoft business solutions. The development of software platforms implies the development of digital platforms of high performance, ready for global scaling that we base on the solutions of Cloud operation and micro service architecture. The development of software solutions concerns the development of specific software solutions according to the customer’s requirements in the area of different technologies. The development of software products implies the development of authoring software solutions. 9 https://www.span.eu/en/solutions-services/business-solutions-development/

Microsoft business solutions

We are reliable experts for Microsoft technologies with more than 30 years of experience in the design, development and management of information systems based on Microsoft technologies, and a wide range of competencies of our expert employees, based on decades of practical experience, ensure seamless, rapid integration of Microsoft business solutions to our customers.

1.3.2. Main markets

We divide the main markets in:
* Key International Clients
* Domestic markets (include markets in the Republic of Croatia and the Republic of Slovenia)
* Fast-growing markets (include markets in countries of East Europe and Central Asia).

1.3.3. Industry trends

In 2024, we witnessed first-hand and on more than one occasion how cyber security and resilience are interrelated and important for business. There are no time or geographical limits when it comes to technology, that’s what we learned after the CrowdStrike incident. All business disruptions have certain financial consequences, so strengthening IT systems and making the business more resilient will be an important issue in 2025. When it comes to IT systems resilience, we have to mention cyber security that used to be a purely technical topic, but developed into a strategic one with the increasing digitization of business. According to Eurobarometer’s survey, as many as 71% 10 of organizations identify cyber security as strategically important, but it is concerning that as many as 74% 11 of organizations that took part in the survey did not provide education related to the topic, nor did they carry out training sessions to raise awareness. 10 https://europa.eu/eurobarometer/surveys/detail/3176 11 https://europa.eu/eurobarometer/surveys/detail/3176 Also, lack of cyber security experts has been talked about for years, while at the same time geopolitical instability causes an increasing number of cyber threats, which consequently affects the global security. Cyber espionage, intellectual property theft and targeted attacks on critical infrastructure are increasing according to the global report of the World Economic Forum, and one of the three executive directors thinks these threats represent a major concern 12 . Artificial intelligence is no longer a topic of the future. Many believe a symbiotic relationship between humans and machines will be fostered in business. We’re not talking about symbiotic relationships we see in movies, yet about alignment of AI tools with our day-to-day needs and tasks so they can help us solve these tasks and improve our skills as well. At the same time, cyber criminals use that same technology to fabricate a large number of attacks and improve their chances of making profit. This is also supported by the prediction that 93% of organizations will be exposed to daily AI-assisted attacks already in 2026 13 . Artificial intelligence plays an important role in collecting, analysing and summarising big data, and data is extremely valuable for business. That’s why knowing where and how to store the data is also highly important, not just collecting and analysing it. Cloud will play a significant role in this process. It is expected that by 2030 an increasing number of organizations will use multi cloud, as in hybrid cloud environments they can 12 https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf 13 https://netacea.com/datasheets/flexible-api-integration/ use private and public clouds, and thereby improve their security and operational efficiency. By doing so, organizations will be able to integrate different cloud services providers and use the best of each. An increasing integration of artificial intelligence is expected as well, which will help in process automation and ensure system self-preservation 14 . Unsurprisingly, investments of organizations in cloud will amount to USD 2 trillion by 2030 15 . It is expected that artificial intelligence will contribute to investments in cloud with as many as 35% in the next two years 16 . Reason behind this is the implementation of AI-based solutions that are launched and used through cloud infrastructure to a large extent. That's precisely why the benefits of AI in organizations become easily accessible to employees without high implementation costs. This synergy of cloud and artificial intelligence fosters the implementation of AI in various industries regardless of their size. Since by the implementation of AI in organizations employees are able to use organizational data to complete tasks in day-to-day business, taking care of internal classification and data access management has never been more important. Simply integrate and launch an AI solution is not an option, as it is crucial to prepare the base first – i.e. the data available through AI tools. Cloud security teams already play an important role in this regard, since they manage identities in IT environment and introduce advanced authentication systems based on Zero Trust model. Aside from the importance of employee identity lifecycle management due to the introduction of AI solutions, organizations must protect the identity of their employees as well, as their identities are usually on the front line when it comes to cyber threats. Through identity and network access solutions (Microsoft Entra), in 2024 Microsoft recorded more than 600 million attacks on employee identity in their users’ organizations on daily basis. Employees will turn their organizations into AI organizations.With the arrival of AI, it has been said it will replace many jobs, but a research conducted by McKinsey showed employees are more ready to accept AI in their workplace than the leaders within their organizations think. The research showed employees are aware of the possibility of AI replacing part of their jobs, and 71% of them believe their employers will use AI in a safe and ethical manner 17 . Regulation adopted by the European Union (AI Act) contributes to a safe and ethical use of the artificial intelligence. Regulation entered into force on 1 August 2024, while the majority of new obligations laid down in the Regulation will start applying on 2 August 2026. Keeping in mind how fast the technologies are changing, improving and being implemented, what lies ahead of us in the years to come remains to be seen.

14 https://www.clouddefense.ai/future-of-cloud-computing/
15 https://www.goldmansachs.com/insights/articles/cloud-revenues-poised-to-reach-2-trillion-by-2030-amid-ai-rollout
16 https://research.g2.com/insights/cloud-trends-2025
17 https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/superagency-in-the-workplace-empowering-people-to-unlock-ais-full-potential-at-work

1.3.4. The levels of cyber security measures in the Cyber Security Regulation of the Government of the Republic of Croatia

The Regulation of the Government of the Republic of Croatia concerning Cyber Security (Official Gazette 135/2024, hereinafter: Regulation) defines in detail the thirteen cyber security risk-management measures. Final text of the Regulation was published in the Official Gazette on 22 November 2024. The Regulation is an expected continuation of the Cyber Security Act (Official Gazette 14/24, hereinafter: CSA) which transposed the NIS2 Directive („The Network and Information Systems Directive”) into national law. With regard to the CSA, the Regulation specifies and clarifies many provisions, including the cyber security measures. It complements the CSA in a linear way and consistently follows its structure. The cyber security risk-management measures can be categorized into technical, personnel-related, procedural, and administrative. As part of the categorization process for entities, which can be defined as key or important, the competent authority will assess each entity’s level of cyber security risks (low, medium, or high) and will accordingly determine the level of cyber security that must be met (basic, intermediate, advanced). This will also define which subsets of measures shall be mandatory for the entity, mandatory under certain conditions, and which shall be voluntary in terms of implementation. This should be clearly stated for each entity in the decision on categorization which is to be sent by the competent authority. Understanding this subject matter is crucial for initiating the process of achieving compliance with the CSA.

50
51

1.3.5. DORA – not only financial entities are in focus

In addition to the Directive on measures for a high common level of cybersecurity across the European Union – NIS2, the Regulation on digital operational resilience for the financial sector (DORA) also presents an important part of the EU cybersecurity regulatory framework. DORA is a sector-specific regulation that applies to financial sector entities such as banks, stock exchanges, crypto exchanges, central depositories, payment and electronic money institutions, etc. It aims to strengthen the financial sector in facing challenges and risks that come with digital business. In other words, its goal is to strengthen the digital operational resilience of the financial sector. DORA therefore sets unique requirements for the security of network and information systems that support the business processes of financial entities. The official text of the Regulation was published at the end of 2022, and in January 2023 DORA entered into force. Despite the fact that DORA should impose obligations on financial entities only, it sets a precedent – it directly imposes obligations on entities outside the financial sector. Particularly, DORA is directly applicable to ICT service providers who provide their services to financial entities. From application development, implementation and maintenance of various systems, all the way to SOC and similar services. Guided by this fact, the legislator stipulated a whole series of obligations for the control and supervision of ICT service providers to financial entities, and direct supervisory powers of financial regulators over ICT service providers to financial entities are defined. As for financial entities themselves, they must establish a comprehensive digital operational resilience testing program and ensure that appropriate tests of all ICT systems and applications supporting key or important functions are conducted at least once a year. Digital operational resilience testing includes: vulnerability assessment and scanning, analysis of publicly available sources, assessment of network security, gap analysis, review of physical security, software solutions for scanning, source code review (if feasible), scenario-based testing, compatibility and performance testing, and integral testing (end-to-end testing) and penetration testing. If the competent authorities consider it necessary, the financial entity must also conduct advanced testing in the form of threat-led penetration testing, or in other words, Read Team testing. As reference sources for this type of penetration testing, DORA lists the so-called TIBER-EU as a framework for ethical hacking and the G7 document called Fundamental Elements for Threat-Led Penetration Testing. In the area of Governance and organization (Article 5), DORA requires actively keeping up to date with knowledge and skills of the members of the management body of the financial entity sufficient for them to understand and assess ICT risk and its impact. Moreover, in the Learning and evolving area (Article 13), financial entities are required to implement ICT security awareness programmes for all employees and senior management. The EU is currently in the phase of defining regulatory technical standards that will further specify the mandatory measures from DORA, it is therefore necessary to start actively thinking and planning the implementation of the measures requested by DORA. This particularly applies to ICT service providers whose users fall within the financial sector since the ICT service providers themselves will be under the supervision of regulators from the financial industry.

52
53

1.3.6. AI Act of the European Union

A substantial amount of information in the public space indicates that the new Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act or “AI Act”) will have a significant impact on every business with “AI” sign added to its solutions or any business using such solution. However, by carefully reading the mentioned Regulation it can be concluded that this is not quite the case and it is entirely reasonable to assume that most of the new compliance obligations will only apply to a few larger IT companies that offer complex (and thus often expensive) AI solutions in the EU. In addition, even though the Regulation entered into force on 1 August 2024, most of the new obligations will apply only from 2 August 2026. The AI Act will not apply to all AI solutions, but only to those that meet the criteria of the definitions and categories provided. Competent EU authorities and organizations for standardization will draft numerous implementing acts and guidelines precisely in relation to AI solutions in the field of application. By doing so, they will facilitate the understanding of certain obligations and significantly contribute to legal certainty. Until the competent authorities and organizations publish the aforementioned implementing acts and guidelines, businesses that want to work on the quality of AI solution management can do something in the meantime. Whether from the perspective of manufacturers or users, and regardless of whether the AI Act will apply to them or not, businesses have internationally recognized standards for the management of AI solutions and related risks at their disposal. These standards are ISO/IEC 42001 (AI management system) and ISO/IEC 23894 (AI – Guidance on risk management).

1.3.7. The Group Business Strategy for 2025

The Group's business strategy is growth based on new technologies, solutions and markets. As a provider of professional IT services, Span designs, implements and maintains high-availability systems with the aim of increasing the security, productivity and success of our users. We base business systems and solutions on the platforms of the world's leading cloud technology providers - Microsoft, Amazon and Google. We ensure scalability, reliability and cyber security of the solutions we provide to our users. We also implement artificial intelligence systems with the aim of increasing the productivity of our users. In order to adequately care for the IT environment of our users, our strategy is also a strategy of learning, in-depth knowledge of technologies and application of best practices with the aim of improving business. In this context, we are also seeing a shift in the partner channel on the market, i.e. the way in which our major principals (Microsoft, Google) evaluate success. Transactional sales success is no longer key. Expertise, experience and technological focus of partners are required - all three parameters that Span has and has been building for years. On our development path, we pay great attention to sustainable business. To better understand the key aspects of our business and its impact on the environment, society and the economy, we have identified significant impacts, risks and opportunities that we will continue to focus on in the future.# Our goal is to ensure sustainable growth and development and continue to create long- term value for Span.

2. Key features of the period

2.1. Key events in 2024

2.1.1. Corporate events

2.1.1.1. Establishments, mergers and acquisitions of business shares of companies

AI is no longer only talked about, artificial intelligence is making its grand entrance into the business — Nikola Dujmović, PRESIDENT OF THE MANAGEMENT BOARD OF SPAN

2.1.1.1.1. Acquisition of 100% of shares in the affiliated company Bonsai d.o.o.

Span d.d signed a contract on purchase of 30% of business shares of the affiliated company Bonsai d.o.o. (hereinafter: Bonsai). Value of the transaction amounted to EUR 750,000.00. By purchasing the remaining 30% of Bonsai's shares, Span acquired full ownership and the intention to merge with that company was announced. At the same time, the intention to merge with the affiliated company Ekobit d.o.o. (hereinafter: Ekobit), which has been fully owned by Span since the acquisition in 2022 was announced.

2.1.1.1.2. Merger of affiliated companies Bonsai d.o.o and Ekobit d.o.o with Span d.d.

In accordance with the above, on the basis of the merger agreements concluded on 14 May 2024 between Span, a joint stock company for the design of information systems, with the registered office in Zagreb, Koturaška cesta 47, registered in the commercial register of the Commercial Court in Zagreb under number (MBS): 080192242, OIB: 19680551758, and companies:

  • EKOBIT, a limited liability company for the development of software packages, trade and representation, with the registered office in Zagreb, Radnička cesta 80, registered in the commercial register of the Commercial Court in Zagreb under number (MBS): 080144042, OIB: 69609657776, and
  • BONSAI, a limited liability company for the design and implementation of intelligent information systems, with the registered office in Zagreb, Koturaška cesta 47, registered in the commercial register of the Commercial Court in Zagreb under number (MBS): 081100130, OIB: 81255473305,

as well as the decisions of the assemblies of the merged companies approving the merger, the merger was registered in the commercial register of the Commercial Court in Zagreb on 1 July 2024, under decision numbers: Tt-24/25570-2 and Tt-24/25567-2 that were published in the commercial register.

Given the fact that Span d.d. is the sole member of Bonsai d.o.o. and Ekobit d.o.o., the provisions of the Article 531 of the Companies Act on specific merger cases shall be applied, and approval of the General Assembly of Span d.d. as the acquiring company for the merger shall not be required.

By registering the merger in the commercial register the merged companies ceased to exist. The acquiring company Span d.d. became the full legal successor of the merged companies and thereby started engaging in all legal relations of the merged companies.

By integration of Bonsai and Ekobit into Span, Span’s offer of software and AI solutions development was united. The goal is to achieve a unique presence on the market, within the same company and unique Span brand. Alongside cloud and cyber security, artificial intelligence is becoming one of Span's key strategic course in the next period. AI solutions are implemented more intensively in organizations, and the availability of generative artificial intelligence further accelerated the process. In the business environment, it is increasingly being considered how solutions based on artificial intelligence can improve business and improve processes.

“AI is no longer only talked about, artificial intelligence is making its grand entrance into the business. With this merger, we will further enhance Span's AI offer within the key segments of our business, and I expect that development to generate significant profit for us in the years to come”, said Nikola Dujmović, President of the Management Board of Span.

2.1.1.1.3. Acquisition of a business share in the affiliated company Trilix d.o.o.

Company Span d.d signed a contract on purchase of 30% of business shares of the affiliated company Trilix d.o.o. (hereinafter: Trilix) from the seller, Mladen Amidžić. By signing this contract, Span became the owner of 90% of Trilix’s business shares, while the remaining 10% of the business shares is Trilix’s own share. Value of the transaction amounts to EUR 400,000.00, and the price is paid in 3 (three) annual instalments.

Trilix d.o.o. generates its revenue from services of its own software products and systems and from project activities it engages in with clients from various industries. When it comes to services, the largest part of the revenue comes from the trade and tourism sector, while the project activities relate to the industries of urban mobility and electrical systems used for powering vehicles.

Within this acquisition, Span obtains significant IP (intellectual property) of Trilix’s products and the opportunity to offer its clients services from Span’s broader portfolio. Considering the recognition of the Trilix brand and its long-term presence on the market, Trilix d.o.o. continued to function as an independent entity within the Span Group after the acquisition.

2.1.1.1.4. Establishing the company Span B.V. with the registered office in the Netherlands

On 16 December 2024, the company Span B.V., Keizersgracht 482, 1017 EG, Amsterdam, the Netherlands, was established and registered at the Chamber of Commerce of the Netherlands, with the ID: 95799907. The founder and sole member of the company is Span d.d. The company is registered for doing business on the regional market.

In the business year that was concluded on 31 December 2023, net consolidated profit of the Span Group amounted to EUR 1,246,634.97, and net profit of Span d.d. amounted to EUR 461,445.38.

2.1.1.2. Reduction of the business share of Span d.d. in the affiliated company Ekobit d.o.o. with purpose of alignment of share capital due to the introduction of the euro

On 13 April 2024, the Commercial Court in Zagreb published the registration of the share capital adjustment to EUR for Span’s affiliated company Ekobit d.o.o., Koturaška cesta 47, 10000 Zagreb, OIB: 69609657776 (hereinafter: company Ekobit or Ekobit). In order to adjust the share capital of Ekobit to EUR, and in accordance with the rules laid down in the Companies Act and the Law on the Introduction of the Euro as the Official Currency in the Republic of Croatia, the issuer's business share in the share capital of the company Ekobit was reduced. Until the adjustment of the share capital of the company Ekobit, the issuer had business shares in the company in the total amount of 82.13%, and after the adjustment, it has a business share in the amount of 82.12%.

2.1.1.3. Decision on the utilization of profit and payment of dividend

The meetings of the Management Board and the Supervisory Board of the Company took place on 30 April 2024, and it was then that the proposed Decision on the utilization of profit and payment of dividend in the amount of EUR 0.30 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who, on 24 June 2024, were registered as shareholders of the Company in the Central Depository and Clearing Company (record date). The claim for the dividend payment became due on 5 July 2024 (payment date). The date from which the share of the Company was traded without the right to the dividend payment was 21 June 2024 (ex date). The dividend was paid from the Company’s profit realized in 2023, and partly from retained profit from the previous years.

2.1.1.4. General Assembly of Span d.d.

Invitation to the General Assembly of Span d.d. was announced on 6 May 2024. Based on the provisions of the Capital Market Act and Rules of the Zagreb Stock Exchange, a regular meeting of the General Assembly of the Company was held on 18 June 2024. The full contents of the decisions is available on the following link: General Assembly of Span d.d.

2.1.1.5. Election of the President and Vice President of the Supervisory Board

The Supervisory Board of the Company held a constituting meeting on 1 October 2024, following the expiry of the mandate of the President and Vice President of the Supervisory Board on 30 September 2024. At the meeting, Ante Mandić was elected President of the Supervisory Board, and Aron Paulić was elected Vice President of the Supervisory Board.

2.1.1.6. ESOP – allocation of additional shares

In accordance with Article 474 of the Capital Market Act, on 8 October 2024, the Company released 3,858 own shares, in line with the terms and conditions announced in the Prospectus regarding the public offering and listing of shares on the regulated market, which refers to the allocation of Additional Shares that the Issuer will allocate to an individual Employee in accordance with the ESOP program. Prior to the said release, the Company owned 7,860 own shares, representing 0.4010% of the share capital, and after the release, it owns a total of 4,002 shares, representing 0.2042% of the share capital.

2.1.1.7. Appointment of the Management Board of Span d.d.

At their meeting held on 12 November 2024, the Supervisory Board of Span d.d. adopted the Decision on the appointment of the Management Board of the Company for a new five-year mandate. Since 16 December 2024, Management Board of the Company is composed of Nikola Dujmović as the President, and Saša Kramar and Ana Vukšić as Members.

2.1.1.8. Share Buy-Back Program

A meeting of the Management Board of the Company was held on 5 December 2024, at which, with the prior consent of the Supervisory Board, the new Share Buy-Back Program was adopted, in accordance with the Decision of the General Assembly of 13 June 2022.# 2.1.1.9. Acquisitions and disposals of own shares

On 31 December 2023, the share capital of the Company consisted of 1,960,000 shares with the nominal value of EUR 2.00, and the Company held 15,673 own shares. After the noted acquisitions and disposals, on 31 December 2024, the Company held 8,802 own shares, which was 0.4491% of the share capital of the Company. More about the Share Buy-Back Program can be found in point 2.2.4 of the Annual Report for the year 2024.

Acquisitions and disposals of shares over the year:

Date Corporate event Purpose Number of shares Number of shares after corporate event % of share capital before corporate event % of share capital after corporate event
25 March 2024 Disposal of own shares Share Buy-Back Program 5,208 10,465 0.7996 % 0.5339 %
24 June 2024 Disposal of own shares Share Buy-Back Program 2,355 8,110 0.5339 % 0.4138 %
17 September 2024 Disposal of own shares Share Buy-Back Program 250 7,860 0.4138 % 0.4010 %
08 October 2024 Disposal of own shares ESOP - allocation of additional shares 3,858 4,002 0.4010 % 0.2042 %
31 October 2024 Acquisition of own shares Share Buy-Back Program 870 4,872 0.2042 % 0.2486 %
04 November 2024 Acquisition of own shares Share Buy-Back Program 130 5,002 0.2486 % 0.2552 %
06 November 2024 Acquisition of own shares Share Buy-Back Program 1,022 6,024 0.2552 % 0.3073 %
12 November 2024 Acquisition of own shares Share Buy-Back Program 83 6,107 0.3073 % 0.3116 %
13 November 2024 Acquisition of own shares Share Buy-Back Program 525 6,632 0.3116 % 0.3384 %
14 November 2024 Acquisition of own shares Share Buy-Back Program 150 6,782 0.3384 % 0.3460 %
15 November 2024 Acquisition of own shares Share Buy-Back Program 200 6,982 0.3460 % 0.3562 %
19 November 2024 Acquisition of own shares Share Buy-Back Program 250 7,232 0.3562 % 0.3690 %
22 November 2024 Acquisition of own shares Share Buy-Back Program 268 7,500 0.3690 % 0.3827 %
26 November 2024 Acquisition of own shares Share Buy-Back Program 302 7,802 0.3827 % 0.3981 %
28 November 2024 Acquisition of own shares Share Buy-Back Program 400 8,202 0.3981 % 0.4185 %
29 November 2024 Acquisition of own shares Share Buy-Back Program 100 8,302 0.4185 % 0.4236 %
20 December 2024 Acquisition of own shares Share Buy-Back Program 500 8,802 0.4236 % 0.4491 %
As of 31 December 2024 8,802 0.4491 %

2.1.1.10. Sustainability report

Our 2023 Sustainability Report, entitled “Charting a course for a resilient future,” used the foundations of previous materiality assessments, an in-depth review of potential and actual adverse impacts on people and the environment that began in 2022. What’s new is that we’ve taken a step forward in understanding how our business intersects with the interests and perspectives of diverse stakeholder groups. We did this by conducting a total of ten thematically-defined in-depth interviews and focus groups that covered all of Span’s potential material topics, regulatory changes, and business trends. Conversations with key stakeholders and careful consid- eration of our own impacts resulted in an even better understanding of how Span’s business intersects with the interests and perspectives of diverse stakeholder groups. Our goal is also further development of our ESG business segment to ensure multiple and long-term values for all our stakeholders — Nikola Dujmović, PRESIDENT OF THE MANAGEMENT BOARD OF SPAN

2.1.2. Business events and achievements

2.1.2.1. Software Asset Management and Licensing

Span remains the leading Microsoft partner for the provision of licensing, technical support and consultancy services in 2024, continuously adapting its services to the dy- namic needs of customers. Through licensing and software asset management, we ensure optimization of expenses and efficient license management, helping our users maximize the value of their IT investments. During 2024, we continued to reinforce our teams and improve processes in order to ensure an even higher-quality support to customers in the transition to cloud solutions and optimization of the existing environments. An increasing number of users recognize the advantag- es of cloud, and our expertise makes their transition efficient and cost-effective. For all the above reasons, we received a special recognition being awarded Microsoft Partner of the Year 2024 in Croatia. Microsoft is still in the focus of digital trans- formation with an emphasis on AI solutions, including Copilot for M365, which has drawn a great deal of interest from the market. During 2024, Span continued with the implementa- tion and the adaptation of these solutions to customers’ needs, ensuring optimal use of AI solutions through custom strategies and technical support. Alongside Microsoft solutions, we further improved software asset management services, particularly in the area of cloud expenses management and optimization, enabling us to expand our offer and provide even more precise analyses and recommendations for users with complex IT environments. Given the continuous growth of the licensing complexity and the need for optimization of IT resources, Span remains a reliable long-term consultant to its users. We are continuing to develop our portfolio of services and license selling, keeping up with the technological trends and making sure our users get the best possible solution for their business needs.

2.1.2.2. Infrastructure Services, Cloud & Cyber Security

In the Infrastructure Services, Cloud & Cyber Security segment, we provide users with complete solutions, which include the design and development of information systems, taking care of security and cloud services. Solution Consulting Services (SCS) Depart- ment gathers experts who possess specific knowledge and skills in the areas of project management, architecture of solutions and solution engineering. Our focus is on provid- ing top-level services in shaping, planning, adopting and implementing projects related to Modern Workplace and Modern Desktop solutions, SAP Basis and on-premises tech- nology. There were no significant organiza- tional changes in 2024, but new services were introduced in order to better comply with the requirements of the market. Since the focus of this department is mainly on the Microsoft 365 collaborative platform, CHARTING A COURSE FOR A RESILIENT FUTURE Sustainability Report 2023 GLOBAL SUSTAINABILITY RISKS ARE OUR OPPORTUNITY we put a lot of time in the development of Tenant & Data Governance service. The service is designed to provide the user with clear guidelines for the alignment of the configuration to the business requirements and the latest security standards by means of detailed record of the state of the existing environment. With a clear action plan, users can choose areas they want to improve first, or meet the requirements for the introduction of new technologies whose aim is to enhance the security or increase the productivity. We were most successful in the analysis and the preparation of the environment for the activation of Microsoft 365 Copilot service. In 2024, we completed one such project for a client from Croatia, and two projects for international clients. We started working on a project of migration and integration of two IT environments into one for a large size international client from the food and beverage manufacturing sector, who last year bought a company and the total value of the transaction amounted to USD 1.8 billion. We have been chosen as a partner due to our broad experience, which we gained while working on similar projects. Different departments within Span worked together on the project, and the highest proportion of work, which includes the migration of Micro- soft 365 collaborative platform, computers, servers and applications, was assigned to the Solution Consulting Services Department. Even though the project started at the end of 2024, it is expected to continue during the course of 2025. In 2024, SAP Technical Department estab- lished a new service related to security moni- toring of the SAP system (Security Operations Center; SOC for SAP), in which we partially rely on a technical solution of our new partner, SecurityHub company from Switzerland. In 2024, this department primarily helped users in the projects of optimization of their SAP licenses, as well as upgrades, technical and security improvements of the SAP system, and the regular maintenance of the SAP system in the SAP Basis area. A need for an additional focus and special- ization of the Project Management office was noticed in 2024. With the integration of Ekobit and Bonsai, Project Management Department was additionally enhanced with experts from the AI and business analytics areas. We organized a number of internal training sessions and workshops in order to ensure a smooth integration of new mem- bers, as well as to continue investing in the expertise of our employees. The main goal of the Project Management Department is to improve project management and effi- ciency by means of process standardization, strategic alignment, and supporting project teams by providing training, consulting and continuous improvement of project manage- ment processes. We adopted new technologies and approaches that enhanced our processes and results. The use of artificial intelligence resulted in the reduction of administrative load and the increased project management efficiency, while Project Intake Request (PIR) application for project ideas application and evaluation ensured a more transparent internal projects launch and prioritization, in accordance with the organization’s resources and strategic goals. We standardized processes for differ- ent project types, particularly in the areas of cyber security, cloud, AI, and we improved onboarding processes for a faster integration of new members.The “Lessons Learned” in- itiative provided recommendations for better storage and implementation of the lessons learned, thereby further strengthening the foundations for future success. We carried out a number of successful pro- jects of integration of artificial intelligence (AI) in everyday project management activities, both within the organization and for our users. By integrating AI technologies, we improved analytics and reporting, and thus enabled a faster and more precise data analysis, as well as real-time decision making. Those moves significantly reduced the administrative load, and increased the overall team efficiency. As a Group, we worked on more than 600 projects in the last year, including projects in the areas of cyber security, cloud and AI. We improved processes and project manage- ment, which resulted in increased efficiency, risk reduction, and greater satisfaction of all the stakeholders involved. These moves laid strong foundations for further growth and development of our Project Manage- ment department, as well as higher-quality delivery of strategic projects at the level of organization.

The Cloud Services department deals with providing support to users when it comes to adopting, migration and production of solutions based on public, private and hybrid cloud, using IaaS and PaaS service models. Our highly specialized experts lead compa- nies through the whole process of adopting a cloud technology, including business value assessment, migration plan and timeline development, to the implementation of IT solution on the cloud platform, and contin- uous consultancy and support. A minor reorganization was carried out in 2024, and it involved the constitution of a Cloud Architecture team, who together with the existing Cloud Monitoring team formed a Cloud Architecture and Engineering depart- ment. Cloud Architecture team focuses on the development of cloud architecture, as well as the implementation of all the prerequisites for the installation of business applications and user systems on the cloud platform. In cooperation with the Cloud Monitoring team, this department provides a comprehensive support to users’ IT departments and devel- opers, enabling the integration of applications into the IT environment while following the best practices and standards. At mid-year, 64 65 we began working with an international en- ergy drinks producer exactly in that area, and we already achieved tangible success in the automation of their Azure platform management. Also, this department was the fastest growing in 2024, increasing the number of employees by six.

Cloud Security team also recorded a growth of project volume, particularly in terms of delivery of Microsoft 365 workshops in the area of security and security tools imple- mentation in cloud. We completed 11 such workshops total, five in the Threat Protection area, and six in the Data Security area. We also organized three workshops dedicated to Cloud Security within Cyber Securirity Incu- bator. The goal of these workshops was to educate and raise awareness of the attendees when it comes to key security challenges and cloud solutions, with a particular focus on Microsoft security solutions. At the end of the year, Cloud Security team listed identity management service in IT environment in their portfolio. That service includes identity lifecycle management, from onboarding a new employee in the organiza- tion, change of their role within organization, to the termination of their employment. The use of specialized tools such as Microsoft Entra ID and Saviynt ensures that, by means of automated processes, the user always has access only to necessary resources. The benefits for the organization include greater data security, reduced administrative load of the IT department, and facilitated alignment to security policies.

We continued to invest in development of services in the area of private and hybrid cloud. Our Private & Hybrid Cloud team got a dedicated hardware demo environment for Azure Stack HCI, a Microsoft solution for launching native cloud services on the us- er-owned infrastructure. This environment is dedicated to those who want to use modern cloud technologies, and also be totally in control of their infrastructure and data. We had three projects related to Azure Stack HCI solution last year, and a growing interest is observed in other users as well. Banks being the biggest leaders in adopting cloud technologies in Croatia and in the re- gion is a continuing trend when it comes to large-scale users, and we made contacts and completed or started projects with six banks in total in 2024. These projects fall within the areas of support in the adoption of cloud technologies and creation of basic prerequi- sites for hosting the IT service, migration of existing IT services to cloud, or consultancy services related to the adaptation of cloud environment in specific scenarios, such as PCI-DSS compliance.

Cyber Security

Cyber Security department is mainly oriented towards providing comprehensive securi- ty solutions in order to improve the digital resilience of our users. That includes cyber security management, cyber incidents re- sponse, vulnerability assessment, design and implementation of complex technological systems for cyber defense, regulatory and legal compliance, and user training. There were no significant organizational changes in 2024, given the fact that the main focus was on getting ready to face the await - ing challenges in 2024. We put a lot of effort in improving efficiency and effectiveness of our SOC through advanced automation (SOAR) and full compliance of the operational model with the MITRE ATT&CK framework based on the “threat-informed defense” principle, thereby shifting incident detection and re- sponse from detecting warning messages to detecting malicious behaviour and incidents at a very early stage. We also established advanced capacities for “detection engineer- ing” in our SOC (Security Operations Center), which continuously helps us identify threats faster and more precisely.

When it comes to events that marked 2024, we must mention NIS2 Directive and DORA Regulation that were adopted at the Eu - ropean Union level and resulted in Cyber Security Act. It was important to prepare Span, and the offer for our users as well, in order to comply with the new act in time. We recorded an increase in the number of incidents and security events of 57%, while the most critical, “Priority 1” incidents were 2.5 times higher compared to 2023. Our of- fensive security team (Red Team) was active as well, doubling the number of completed penetration tests compared to the previous year, and was 100% successful while doing so. These results show there is a strong need for continuous improvement of the security situation of organizations on the market, as well as the need for continuous investment in security in order to protect the business. That is why we introduced a new service – strategic consultant for cyber security (CISO- as-a-service), to improve security protocols, defense mechanisms, and to increase overall resilience to cyber attacks of our users. With this service, we currently cover a large number of organizations from different areas – from manufacturing, financial services, to HoReCa and food industry.

In 2024 we implemented ISO 27001 stand- ard in our affiliated company in Slovenia for the first time, and we also supported the implementation of ISO/IEC 42001 (Artificial Intelligence Management System) standard in Span. Moreover, great focus was placed on exercises simulating phishing attacks on native Microsoft platforms, pen tests, training sessions carried out within ENISA program, and training sessions within Cyber Security Incubator. Looking at the year in numbers, our SOC received and resolved 91 000 tickets in 2024, 202 of which were highest priority incidents. In accordance with global trends, most of the incidents (21%) relate to phishing attacks (T1566) 20 , identity theft attempts, and initial system compromise (T1586) 21 . Our team rep- resented us in Huntress CTF competition, and ended in 49th place out of 3 471 teams. Also, our team won 102nd place out of 943 participants in HTB Business CTF competition. In June we hosted a large-scale exercise that simulated the coordinated cyber secu- rity attack on European critical infrastruc- ture, organized by European Network and Information Security Agency (ENISA) Cyber Europe 2024. The exercise was coordinated by CARNET’s National CERT at national level, and a total of 78 cyber experts participated, 40 of which participated in person in Cyber Security Incubator. In December we took part in the largest and most well-known NATO exercise in the area of cyber defense – Cyber Coalition 24, which gathered more than a thousand participants from more than 30 countries. NATO’s allies and partners participate in this exercise, and its goal is strengthening the resilience and defense against cyber threats.

20 Phishing, Technique T1566 - Enterprise | MITRE ATT&CK ®
21 Compromise Accounts, Technique T1586 - Enterprise | MITRE ATT&CK ®

66 67

2.1.2.3. Software and Business Solution Development

The department which in 2023 covered the development of solutions for users and the development of software products and busi- ness platforms, in 2024 focuses on the de- velopment of AI and data solutions as well. That was primarily the result of integration of Bonsai and Ekobit into Span, carried out in 2024. An increased need for data engineers, data analysts and machine learning experts is observed on the market, and it was pre- cisely with this integration into Span that we gathered an excellent team of experts with broad experience in projects covering this area.# In a new lineup and in AI team, they con- tinued working on the development and the implementation of solutions based on machine learning (ML), using the architec- tures of large language models (LLMs), such as those implemented in Microsoft Copilot and ChatGPT. The activities include the use of available language models with a view to integrating advanced AI functionalities into existing business systems. By means of advanced tools and meth- odologies, Data Solutions team provides a comprehensive support in the processing, analysis and visualization of our users’ data. On the basis of this data, user can better understand the business through an insight into key metrics and indicators, and make decisions based on evidence, not intuition. Although the main hype was around AI and data technologies in the recent years, we shouldn’t forget DevSecOps – the basis for everything we do at Span. The main task of the DevSecOps team is to make sure the security is integrated in each phase of the development and the implementation of software and other solutions. They also co- operate closely with development, operational and security teams that test and improve whatever it is necessary to comply with all the security and quality standards during the entire lifecycle of software development. For secure coding we mainly use .NET/C# and Angular for development, although we easily adapt to React as a frontend technology. On the subject of software development, we cooperate closely with our users during the entire process to better understand their unique challenges and to develop the most helpful or useful solution for their business. Product Development team plays an impor- tant role in this process as well, as they turn the users’ ideas into excellent solutions by means of a structured process of research, design, prototyping and testing. Working to- gether reduces risks, accelerates entering the market and yields products that strengthen the competitive advantage and business success of our clients. And in the future we strive exactly to that – to further develop- ment of teams in our department in order to continue providing innovative and excellent solutions to our current and future users. The Enterprise Business Solutions depart- ment develops solutions on the Microsoft Business Applications platform with the focus on Microsoft Dynamics 365 and Microsoft Power Platform solutions. During 2024, Microsoft continued to strongly invest in and develop the Business Applica- tions Platform, constantly improving it with new functionalities, thus enabling the EBS department to deliver even more higher-qual- ity solutions. Focus has been on the use of artificial intelligence in specific business processes, and the improvement of the digital contact centre in which AI functionalities were added to the omnichannel approach in order to save even more resources through automation of the communication with users. Major benefit our users gain with the im- plementation of Business Applications solution is the digitization of their business processes, particularly in the area of sales, customer support, marketing, finance and manufacturing. This is supported by the projects we worked on in 2024 for national and foreign users, which were based on the implementation of CRM systems, business processes automa- tion, and the delivery of BI solutions – and we’re very proud of that since it was only last year that our Data team was formed. We take pride in a series of completed pro- jects that year after year become more de- manding and more interesting. We expanded our collaboration with a global fast food chain through new Power Platform solutions, and with an international pharmaceutical com- pany through implementation of CRM system in additional, more complex markets. We upgraded existing systems for an international investment company, and we developed a platform for data unification, loyalty program and guest relations management for one of the leading Croatian hotel chains. Also, we successfully implemented CRM for a leading Croatian energy company, and we carry out numerous CRM and Data projects in energy, insurance, manufacturing, food and publishing industry sectors for Croatian and regional clients. Our employees, who continuously improve their knowledge, are the ones responsible for the delivery of these excellent solutions to our users. That’s why we are happy our Mi- crosoft Business Application Solution status was renewed in 2024, thereby confirming our expertise in the delivery of solutions built on Dynamics 365 and Power Platform technology. Furthermore, with the integration of Bonsai into Span we were joined by our colleagues specialized in business processes automation, which added novelty to our department, as well. Thereby the competency of our team was expanded to RPA (Robotic Process Au- tomation) technology, implementing soft- ware robots who automate structured and repetitive processes .

68

69

2.1.2.4. Service Center Management and Technical Support

Service Center Management and Technical Support business segment offers support, supervision and consultancy 24 hours a day. During 2024 we recorded an increase in the workload, mainly in the areas of Cloud and Identity technologies. When it comes to pro- cesses, we focused on the optimization of business processes and the introduction of AI technologies into the business. Through these technologies we expanded our exper- tise, and while maintaining business-critical services on a high level, we successfully inte- grated and maintained highly variable Cloud platforms that serve as information services and enhance users’ business. In order to be ready for business challenges, the growth and development of internal expertise was our main focus when it comes to our people. The recruitment processes we carried out were aimed at strengthening the Service Desk and engineers specialized in SQL databases and Cloud technologies (AWS, GCS and Azure). The number of tickets we resolved in 2024 increased by 6.6% compared to prior year, and users rated their satisfaction with our services with a high 4.92 out of 5 rating.

2.1.2.5. International operation

Slovenia

Span Slovenia has been on the market for more than 15 years, and has been growing significantly in the last four years. We have more than 28 employees who, based on their knowledge and experience, provide services and solutions to customers in var- ious business segments, among which the greatest interest is in the areas of cloud and cybersecurity. Cyber security services were our focus in 2024. We wanted to further strengthen our position as a local cyber security service pro- vider, so for the first time in Span Slovenia we introduced services such as CISM (Certificate in Information Security Management) and SOC (Security Operations Center). By doing so, we achieved our primary goal, but also improved our service portfolio. One of our greatest achievements was the collaboration with a world-renowned brand whose solutions can be found in more than 80 countries around the world. We introduced Azure Landing Zone concept for that client, which led to the improvement of their se- curity, compliance with the standards, and operational effectiveness through platform automation and DevOps. We are proud of our achievements and key objectives we accom- plished. Our commitment to excellence and innovations is still the driver of our growth and success in the constantly evolving IT environment.

Ukraine

Span has been operating in Ukraine for six years, and has 37 employees. In 2024, the Company focused primarily on public and financial sector. Over the year, there has been an increasing demand for Microsoft licences as a result of increased use of Microsoft 365 Copilot by users and an increased interest in security solutions. Licences demand recorded a significant growth compared to 2023, and nearly reached its 2021 level. Security became a burning issue due to the use of Microsoft Defender package (MDE, MDI, MDA, MDO) and Sentinel, Intune and Entra ID solutions. We carried out a successful migration from Google Workspace to M365 solution, and developed hybrid infrastructure solutions. Users are also becoming more interested in business process automation and data man- agement tools, particularly Power BI, Power Automate, Power Apps and Azure. The implementation of Microsoft Entra ID solution for a well-known investment holding company, development of Modern Workplace infrastructure for a national digital agency, introduction of MDM platform for a national authority, and M365 platform security ser- vices testing for a number of government entities were among key projects. Moreover, the Company carried out a suc- cessful migration to M365 platform for a number of enterprises, introduced Yarooms platform in leading automotive and banking companies, as well as Ribbon SBC platform in a large-scale financial institution, and partic- ipated in international projects of global food processors and biotechnology companies. We are leaders in the implementation of Yaroom and Ribbon in Ukraine, for which we are extremely proud. Also, we must mention the golden partnership with Dell and Span Ukraine, new Cisco Internetwork Expert cer- tificate and AWS, Cisco, Kemp, Ribbon and Fortinet certifications as our main achieve- ments in 2024.

Azerbaijan

In 2024, Span Azerbaijan proudly celebrated eight years of operation on the local market, marked by a steady growth owing to the com- mitment of four of our experts. We still hold a prominent position in financial services (FSI) and telecommunications sector (Telco). As we align our portfolio with the growing needs of our us- ers, we are focusing more on Azerbaijan’s public sector at the same time, with the purpose of participating in scalable G2G (Government to Government), G2C(Government to Citizen) i G2B (Government to Business) projects.# 2.1.2.5. Business operations

Azerbaijan

Azerbaijan’s market is distinguished by the great potential due to ever increasing number of digital transformation initiatives and increasingly more demanding security requirements. Information security has become a priority in all areas of society, which is confirmed by the establishment of two new local Security Operations Centers (SOCs) in the last year. We successfully renewed our Microsoft Enterprise Agreement (EA) with the second largest holding company in Azerbaijan. This further strengthened our partnership with the customer and opened the door to new opportunities, such as a strategic security project in cooperation with one of the two leading telecommunications service providers in the country. Despite constant challenges, such as software piracy, we concluded a couple of important licensing agreements with large-scale users, which also serves as the confirmation of our efforts to tackle this problem. In addition, coordinated marketing activities improved the visibility and competitive position of our brand, thus further enhancing the reputation of Span Azerbaijan as an important member of Azerbaijan’s ICT community. Span Azerbaijan will continue fostering innovation, conducting important projects and supporting digital transformation of the local market with its proven international competencies in the future.

Moldova

Span’s affiliated company in Moldova has been operating for three years. During this time, we have been attempting to leave our mark and position ourselves on the local market. The majority of our clients in 2024 came from the public and financial sectors, and in most cases our clients were large companies. We have been focusing on the small and medium-sized enterprises as well, especially when it comes to licensing services. New trends on our market include cyber security, infrastructure services, cloud services, SOC, and managed services. Furthermore, an increased demand for penetration testing and a full information security audit was noted. When it comes to cloud, clients are becoming more interested in Microsoft Teams adoption, migration of Microsoft Dynamics 365 CRM platform from a local server to cloud, and the migration of enterprises of all sizes to cloud. The most important projects we worked on in 2024 were related to banking sector. In 2024, we became the main and only provider of Microsoft Enterprise Agreement and Azure for one of the largest banks in Moldova. Moreover, we delivered a first services agreement, including the audit of Microsoft Exchange infrastructure and Microsoft Data Protection Manager system, and troubleshooting for Exchange Servers system and IT infrastructure. We are content with our achievements and collaborations in the last three years. Our clients recognize the expertise we are proud of, and think of us not only as a solutions provider, but as a long-term partner as well.

Estonia

With more than 25 years of experience, GT Tarkvara is the leading software and service provider for the largest commercial clients, as well as clients from the public and education sector in Estonia. After becoming a part of Span Group in 2023, our capabilities and reach significantly improved and we were offered new business opportunities on Estonian and Baltic markets. When it comes to trends on our market, we notice an increasing interest of organizations for solutions based on artificial intelligence, although the majority of them are only beginning to realize their potential and use. Also, a notable trend is higher demand for comprehensive cyber security solutions, with substantial investments being made in security testing, threat protection, and security operations solutions. Our 2024 business highlights confirm that we’re not just talking about trends, but a real need. We conducted several security assessments for our key customers, including security testing, threat protection, and security operations, in order to strengthen defences against cyber threats. Also, we executed numerous Microsoft Copilot workshops which helped customers to use new AI digital tools better, making their work easier and more productive. One of our biggest projects in 2024 was the migration of more than 25,000 workplaces to the Microsoft Cloud for our customer, and enabling the access to advanced digital tools, streamlining workflows, and improving overall productivity, ensuring that public sector services remain resilient and forward-thinking.

Georgia

In 2024, Span concluded its first full financial year in Georgia, making it a crucial step in expanding its presence on the local market. Our team still consists of a one committed local representative, and one remote sales manager, who mainly focus on the banking sector as the steady leading driver of technological progress in the country. There has been a growing demand for innovative solutions and products on the Georgian market, particularly in the are of information security. Span Georgia actively addresses these needs using its international experience in offering user-tailored solutions. One of our greatest achievements of 2024 was winning the Microsoft Enterprise Agreement (EA) tender for the largest bank in Georgia That pivotal moment, the biggest deal with Microsoft in that country so far, significantly increased Span’s recognizability on the Georgian market. It also opened doors to new opportunities for collaboration with the bank, and further strengthened our position in the banking sector. While Span continues to build its reputation in Georgia, we keep being committed to carrying out important projects, meeting the ever increasing demand on the market, and strengthening our role of the reliable partner for digital transformation of the country.

2.1.2.6. Business awards, recognitions and achievements

2.1.2.6.1. Microsoft Partner of the Year 2024 for Croatia

We were awarded Microsoft Partner of the Year 2024 for Croatia. This recognition by Microsoft honors the best partners for demonstrating excellence in their work and delivering solutions based on Microsoft technologies. “The greatest strength of the people of Span is a great desire for knowledge, continuous skills development and following trends. I am happy we received the Microsoft Partner of the Year Award 2024 as well, which reflects our commitment to creating superior solutions for our users that are based on Microsoft technologies, with an emphasis on AI and security standards”, said Mihaela Trbojević 22 , Product Marketing Director of Span. Microsoft’s Partner of the Year is granted to companies that have successfully conceived, developed and implemented solutions using Microsoft technologies in the previous year, focusing on Microsoft Cloud solutions and innovations in the field of artificial intelligence. The award is bestowed in several categories, and winners are selected among more than 4700 nominated companies from more than 100 countries worldwide. We have been awarded for providing superb services and solutions in Croatia. “Congratulations to the winners and finalists of the 2024 Microsoft Partner of the Year Awards!”, said Nicole Dezen, Chief Partner Officer and Corporate Vice President at Microsoft. “Numerous AI and Copilot 22 As of April 1st, 2025, Mihaela Trbojević became a Member of the Management Board for Product and Service Management announcements this year have fueled our partners' innovations, enabling revolutionary services and solutions for customers. I am inspired by the capabilities and creativity of our partner ecosystem, and this year's winners best demonstrate what can be achieved with artificial intelligence and the Microsoft Cloud.”

2.1.2.6.2. Successful re-certification of ISO 14001 and 50001 standards

In April, we conducted a certification audit for our IT service management system according to ISO 20000 standard for the fifth time. By doing this we once again demonstrated our commitment to a methodological and structured approach to our key business processes. At the beginning of June, we successfully conducted re-certification audits for our environmental and energy management systems according to ISO 14001 and ISO 50001 standards. This way, Span continues to implement socially responsible practices.

I am happy we received the Microsoft Partner of the Year Award 2024 as well, which reflects our commitment to creating superior solutions for our users — Mihaela Trbojević, PRODUCT MARKETING DIRECTOR OF SPAN

2.1.2.6.3. Hewlett Packard Enterprise Gold Partner and Aruba Gold Partner Status

We are proud to have been recognized for many years as Hewlett Packard Enterprise Gold Partner. This 2024 recognition is a new evidence of our dedication and excellence in the area of hybrid cloud with tested quality products and services of the IT infrastructure. We are also holders of Aruba Gold Partner Status, and we also take pride in the fact that we were awarded HPE Aruba Networking Champion of the Year 2023 at the HPE Intelligent Data conference. Our expertise in the HPE hybrid cloud portfolio and completion of the training program and certification for HPE hybrid solutions are a confirmation of the high level of knowledge of our team, and this recognition further confirms our commitment to providing superior solutions and support to our users. Our focus remains on providing quality service to users when implementing demanding and complex HPE solutions so that they could respond faster to unpredictable business requirements.

2.1.2.6.4. ISO/IEC 42001 AIMS Certificate

At the beginning of September, we were certified for the ISO/IEC 42001 standard. It is a standard that defines the requirements for artificial intelligence (AI) management systems. Precisely, the standard is based on best practices that ensure the ethical, safe, and effective use of AI technologies.# 2.1.2.6.5. Fourth Employer Partner Status and first Above and Beyond Certificate

In the past two years, Span employed almost 300 new experts and now has more than 850 employees. We continuously invest in improving the knowledge and skills of Span’s employees. We further improve business aspects and introduce new practices with a view to creating a positive and motivating atmosphere. Another proof that we're on the right track is the fourth Employer Partner Certification carried out by Selectio, leading Croatian consulting company. This certification highlighted high quality of human resources management and implemented practices. Our HR processes were evaluated in seven categories and achieved a 92% score, which is as many as 7% higher than the average score of other certified organizations. We are especially proud of 100% score achieved in the area of Inclusion and Inspiration, a confirmation of our commitment to attracting, employing, preserving and improving our employees.

“Although we are aware of the effort put into implementing the best HR practices, it’s great to see the numbers extracted from the conducted analysis. As we strive to become market leaders, but also to follow and set new trends, investing time and resources in employee training is crucial”, explained Ana Visković, HR Development Manager of Span, and pointed out another fact she’s very proud of: “Undesirable employee turnover rate in Span amounted to 3.8%, and the average rate of the participating companies for the same amounted to 7%”. Thanks to this extraordinary result in the Employee Partner Certification, we were given the opportunity to participate in the new Above and Beyond Certification. This recognition is granted by Selectio to employers who showed continuous excellency in all the aspects of HR management. Our expertise was endorsed in the categories of Impact, Satisfaction and Future, clearly indicating a positive impact of HR activity on business success, high employee satisfaction and our commitment to sustainable business. With this recognition, Span has been officially included in the list of Top 10% Employer Partners.

2.1.2.6.6. Workplace Inclusion Champion

In order to better understand the concepts of diversity, inclusion and belonging, last year we took part in a semi-annual Workplace Inclusion Champion training program organized by the Croatian Business Council for Sustainable Development. Span has been a member of the Croatian Business Council for Sustainable Development since 2023. By means of the said program, we gained knowledge and mastered different tools that are crucial for implementing, promoting and supporting the basic principles of inclusion, equality and diversity in our organization. In order to achieve better synergy in the future, especially when these areas of work largely intertwine, including the HR and ESG departments was of great importance. We are planning to use the gained knowledge to spread awareness of all the important topics in the area of sustainability among the Span employees.

2.1.2.6.7. Span Cyber Security Arena: all about the newest trends and upcoming risks

For the first time, we organized the Span Cyber Security Arena conference at The Westin Zagreb Hotel, gathering over 500 attendees. On this occasion, Croatian and international experts shared their knowledge and experiences with the aim of strengthening cyber resilience. A panel discussion and 15 lectures covered topics related to the technological aspects of cyber security, the role of artificial intelligence in cyber security, compliance with the latest regulatory requirements and financing of cyber security from EU funds. “Cyber security is no longer just a technical challenge, it concerns everyone today and is necessary for the stability and growth of the economy and society. In an age where attacks are becoming more and more sophisticated, it is important that we treat cyber security as a public good. Only by investing in prevention and intensive cooperation can we ensure system resilience and protect data that is an integral part of our business and everyday life. That is why we launched the Span Cyber Security Arena”, emphasized Nikola Dujmović, President of the Management Board of Span at the opening of the conference, where it was also pointed out that cyber security is not only intended for large organizations, but also small and medium-sized companies, which are increasingly becoming the target of cyber attacks.

Two keynote lectures by world experts in the field of IT and law at the very beginning were the highlights of the conference. Paula Januszkiewicz is a worldwide recognised cyber security expert who talked about the increasing challenges we are facing today in relation to highly coordinated, state-sponsored attacks in which artificial intelligence plays one of the biggest roles. Besides Januszkiewicz, Austrian lawyer and activist Max Schrems gave a lecture. His legal proceeding against Facebook in 2013 laid the foundation for today’s data privacy regulation between the EU and the US. Schrems emphasised protecting people’s rights in an era of increasingly intensive monitoring and exploitation of data. The rest of the conference program was divided into so-called tech part and regulatory part, with numerous renowned experts who also provided significant input. The first Span Cyber Security Arena is an introduction to an even larger conference that will be held in Opatija in 2025 and will last for three days, from 19 to 21 May.

2.2. Information for shareholders

2.2.1. Share Capital

The Company’s share capital amounts to EUR 3,920,000.00 and is split into 1,960,000 common shares with a nominal value of EUR 2.00, under the symbol SPAN-R-A and ISIN symbol HRSPANRA0007. The Company has one type of common shares that do not confer the right to a fixed return. The Company has no losses in 2024 and no carried-forward losses from previous years.

2.2.3. Share movements and trading volume

In 2024, the trading of the share started on 2 January 2024 with its price being EUR 49.20. The last day of trading on the Zagreb Stock Exchange was on 30 December 2024, when the price of the share amounted to EUR 44.20, which was a decrease of 10.16%. Compared to the price of the share in the Initial Public Offering (HRK 175 / EUR 23.23), the price of the share had increased by 90.30%. The trading volume of the share in the observed period amounted to EUR 11,128,422.50.

2.2.2. Ownership structure and 10 largest shareholders

On 31 December 2024, the largest individual share of 30.77% in the ownership structure was held by Nikola Dujmović, President of the Management Board. The following table shows information on the number of shares held by the Members of the Management Board and the Supervisory Board on 31 December 2024.

Name and surname Position Number of shares %
Nikola Dujmović President of the Management Board 603028 30.77
Saša Kramar Member of the Management Board 10249 0.52
Ana Vukšić Member of the Management Board 283 0.01
Aron Paulić Member of the Supervisory Board 300 0.02
Barbara Gradečak Member of the Supervisory Board 133 0.01
23.09.2021
30.12.2024
23.23 €
44.20 €
90.30%
Nikola Dujmović 30.77%
Marijan Pongrac 3.99%
Zvonimir Banek 3.61%
Raiffeisen Voluntary Pension Fund 6.69%
PBZ CO OMF - Category A 3.63%
PBZ CO OMF - Category B 3.33%
Erste Plavi OMF Category A 2.86%
Darko Kolarek 2.43%
Raiffeisen OMF Category A 2.66%
Damir Bočkal 2.37%
Others 37.66%

2.2.4. Share Buy-Back Program

Until 5 December 2024, the Company had a Share Buy-Back Program in place, which had been adopted on the meeting of the Management and the Supervisory Board of the Company that was held on 2 December 2022. A meeting of the Management Board of Span d.d. was held on 5 December 2024, at which, with the prior consent of the Supervisory Board, the new Share Buy-Back Program ("Program") was adopted, in accordance with the Decision of the General Assembly of 13 June 2022. With the adoption of the new Program, a Share Buy-Back Program adopted at the meeting of the Company’s Management Board held on 2 December 2022 ceases to be valid.

The new Program is implemented with the purpose of the disposal of shares within the ESOP Program of the Company, remuneration of the members of the Management Board, the employees of the Company and affiliated companies, potential acquisition of companies, and for any other purposes that are provided for as such and allowed under the applicable legislation of the Republic of Croatia, in line with the decision of the General Assembly of the Company of 13 June 2022. The Company plans to repurchase treasury shares on the regulated market of the Zagreb Stock Exchange, up to the maximum of 150,000 (one hundred and fifty thousand) shares with the amount of funds allocated with the Program in the amount of EUR 11,250,000.00 (eleven million two hundred and fifty thousand). The Company is not obliged at any point to purchase its own shares, acting as a purchaser depending on the market conditions. The Program started on 5 December 2024, and will end by 12 June 2027, at the latest.It depends on the market conditions and strategic decisions of the Company, and may be suspended, discontinued, or modified in any way during the Program period. This Program does not regulate the purchase of own shares through organized tender offers at the Zagreb Stock Exchange. The price at which the shares can be purchased cannot be 10% (ten percent) higher, and respectively 10% (ten percent) lower than the average market price for a Share achieved during the previous trading day.

2.2.5. Acquisitions and disposals of own shares

In accordance with the above-mentioned Share Buy-Back Programs, the Company acquired and disposed its own shares during the year. On 31 December 2023, the Company held 15,673 own shares, which represents 0.7996% of the share capital of the Company. After the above-mentioned acquisitions and disposals during the year, on 31 December 2024, the Company held 8,802 own shares, which represents 0.4491% of the share capital of the Company.

2.2.6.Dividend Payment Policy

At the meeting of the Management Board of the Company that took place on 25 February 2022, a Dividend Payment Policy of the Company was adopted, which will be implemented in line with the development plans of the Company, the capital market situation, net profit growth, revenue levels, and other relevant factors. When adopting the proposed decision on the payment and the amount of dividend, the Company will pay regard to ensuring successful regular operations, continuing growth on the markets where it already operates, as well as the growth on new markets. In the event the described conditions are met, the Company will pay the shareholders 20 to 50 percent of the consolidated profit in the form of dividend. The proposals of the Management Board and the Supervisory Board of the Company for the payment of dividend will reflect the stated position, but the final decision on the dividend payment, its amount and the method of its disbursement will be determined by a decision of the General Assembly of the Company. According to the above-mentioned, a session of the Management Board and the Supervisory Board of the Company took place on 30 April 2024, and it was then that the proposed Decision on the utilization of profit and payment of dividend in the amount of EUR 0.30 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who, on 24 June 2024, were registered as shareholders of the Company in the Central Depository and Clearing Company (record date). The claim for the dividend payment became due on 5 July 2024 (payment date). The date from which the share of the Company was traded without the right to the dividend payment was 21 June 2024 (ex date). The dividend was paid from the Company’s profit realized in 2023, and partly from retained profit from the previous years.

Acquisitions and disposals of shares over the year:

Date Corporate event Purpose Number of shares Number of shares after corporate event % of share capital before corporate event % of share capital after corporate event
25 March 2024 Disposal of own shares Share Buy-Back Program 5,208 10,465 0.7996 % 0.5339 %
24 June 2024 Disposal of own shares Share Buy-Back Program 2,355 8,110 0.5339 % 0.4138 %
17 September 2024 Disposal of own shares Share Buy-Back Program 250 7,860 0.4138 % 0.4010 %
08 October 2024 Disposal of own shares ESOP - allocation of additional shares 3,858 4,002 0.4010 % 0.2042 %
31 October 2024 Acquisition of own shares Share Buy-Back Program 870 4,872 0.2042 % 0.2486 %
04 November 2024 Acquisition of own shares Share Buy-Back Program 130 5,002 0.2486 % 0.2552 %
06 November 2024 Acquisition of own shares Share Buy-Back Program 1,022 6,024 0.2552 % 0.3073 %
12 November 2024 Acquisition of own shares Share Buy-Back Program 83 6,107 0.3073 % 0.3116 %
13 November 2024 Acquisition of own shares Share Buy-Back Program 525 6,632 0.3116 % 0.3384 %
14 November 2024 Acquisition of own shares Share Buy-Back Program 150 6,782 0.3384 % 0.3460 %
15 November 2024 Acquisition of own shares Share Buy-Back Program 200 6,982 0.3460 % 0.3562 %
19 November 2024 Acquisition of own shares Share Buy-Back Program 250 7,232 0.3562 % 0.3690 %
22 November 2024 Acquisition of own shares Share Buy-Back Program 268 7,500 0.3690 % 0.3827 %
26 November 2024 Acquisition of own shares Share Buy-Back Program 302 7,802 0.3827 % 0.3981 %
28 November 2024 Acquisition of own shares Share Buy-Back Program 400 8,202 0.3981 % 0.4185 %
29 November 2024 Acquisition of own shares Share Buy-Back Program 100 8,302 0.4185 % 0.4236 %
20 December 2024 Acquisition of own shares Share Buy-Back Program 500 8,802 0.4236 % 0.4491 %
As of 31 December 2024 8,802 0.4491 %

2.2.7. Contracts with affiliated persons

During 2024, Span signed two contracts with Bug d.o.o., a company whose Director is the Vice President of the Supervisory Board, Mr. Aron Paulić. One contract concerned the realization of an annual media and sponsorship package in the amount of EUR 30,000.00 for the period from 1 January to 31 December 2024. The second contract was a renewal of the Contract on the provision of subscription services and delivery of Microsoft services via CSP program, which Span offers to Bug d.o.o., and the annual value of the contract was EUR 1,657.50. The same contract was concluded with Prava formula d.o.o., whose founder and director is the affiliated person of the Member of the Management Board, Mr. Dragan Marković. The annual value of the contract was EUR 1,708.00. All the above contracts and affairs had been approved by the Supervisory Board.

In the business year that was concluded on 31 December 2023, net consolidated profit of the Span Group amounted to EUR 1,246,634.97, and net profit of Span d.d. amounted to EUR 461,445.38.

2.3. Financial indicators for 2024

2.3.1. Key features of the period – 2024

  • 180.2 mil. EUR Operating revenue +26% YoY
  • 10.0 mil. EUR EBITDA before one-off items +40% YoY
  • 9.2 mil. EUR EBITDA after one-off items +63% YoY

  • 3.4 mil. EUR Net Profit after one-off items +173% YoY

  • 110.0 mil. EUR +11% YoY

  • 5.1 mil. EUR +34% YoY
  • 4.4 mil. EUR +30% YoY
  • 2.8 mil. EUR +497% YoY

2.3.1.1. Operating Revenue, EBITDA and Net Profit of Span Group

2.3.1.2. Operating Revenue, EBITDA and Net Profit of Span d.d.

Operating revenue
EBITDA before one-off items
EBITDA after one-off items
Net Profit after one-off items

Revenues

The total consolidated revenues increased by EUR 37,691 thousand, or 26%, compared to 2023. Operating revenues grew by EUR 37,347 thousand in the same observed period. The highest absolute growth was recorded by the Software Asset Management and Licensing segment, which in most part resulted from Span Ukraine (Microsoft has discontinued the use of products and services free of charge for most of its users), and partly from GT Tarkvara acquired in the second quarter of 2023. The highest relative growth (31%) in 2024 was recorded by the Software and Business Solution Development segment. Total revenue growth from IT services with high added value amounts to EUR 7,342 thousand. In the same period, Span d.d. recorded a growth of its revenues by EUR 10,134 thousand, or 10%. The growth results from operating revenues, which were higher by EUR 10,483 thousand. Revenue growth is the result of growth in all business segments, particularly the IT services segment with high added value.

Operating expenses

The total consolidated operating expenses saw an increase by EUR 34,147 thousand, or 25% compared to 2023. The largest generator of the growth of expenses was the cost of goods and services sold, following the revenue growth. The personnel expenses increased by EUR 4,254 thousand, or 13% compared to 2023. The average number of employees in the Group in 2024 was 859, compared to the prior year when the average number of employees in the Group was 834. Total expenses of Span d.d. increased by EUR 9,122 thousand compared to the same period last year. Cost of goods and services sold increased by EUR 2,492 thousand, while personnel expenses increased by EUR 5,494 thousand, which is mostly due to the merger of the companies Ekobit and Bonsai. The average number of employees in the Company in the observed period was 698, an increase compared to the prior year when the average number of employees in the Company was 626, which is mostly due to the merger of the companies Ekobit and Bonsai. After the merger, the employees continue to work in the segments of services with high added value.

EBITDA

EBITDA of the Group before one-off items increased by EUR 2,840 thousand, or 40% and amounts to EUR 9,951 thousand. One-off items of EBITDA of the Group were EUR 757 thousand and related to:
1) costs of tax and surtax on capital gains arising from the Share Allocation Plan awarding employees of Ekobit, defined in the purchase and sale agreement;
2) reserved expenses for the ESOP for the allocation of shares to employees;
3) severance pay to a former member of the Management Board
4) additional expenses arising from the acquisition of GT Tarkvara.

According to the requirements announced in the Prospectus, Span is committed to award every employee who keeps in their ownership one or more ESOP packages in a period of three years with 25% shares in relation to the number of shares the respective employee holds within the ESOP package.5% of the total number of shares has been awarded after the expiry of the first year from the date of the public announcement, and 10% of shares has been awarded upon the expiry of the second and third years each. The last allocation of shares from the ESOP program was in 2024. EBITDA after one-off items in 2024 recorded an increase of 63% compared to the same period of the prior year. Span d.d. recorded an increase of EBITDA before one-off items of EUR 1,294 thousand, or 34%, amounting to EUR 5,053 thousand.

Span Group

In thousands of EUR

2023 2024 ∆%
Total revenue 144,332 182,023 26%
Operating revenue 142,836 180,183 26%
Other revenue 1,496 1,840 23%
Total costs 138,683 172,830 25%
Costs of goods and services sold 94,695 124,395 31%
Personnel expenses 32,197 36,451 13%
Other business expenses 11,791 11,984 2%
EBITDA before one-off items 7,111 9,951 40%
EBITDA one-off items 1,463 757 -48%
EBITDA after one-off items 5,648 9,194 63%
Depreciation and amortization 3,559 3,748 5%
EBIT 2,089 5,446 161%
Net financial result (343) (653) -90%
Profit/loss before taxation before one-off items 3,209 5,550 73%
Profit/loss before taxation after one-off items 1,746 4,792 175%
Corporate tax 499 1,394 179%
Profit/loss after taxation before one-off items 2,710 4,155 53%
Profit/loss after taxation after one-off items 1,247 3,398 173%

Span d.d.

In thousands of EUR

2023 2024 ∆%
Total revenue 100,433 110,567 10%
Operating revenue 99,550 110,033 11%
Other revenue 883 534 -40%
Total costs 97,094 106,216 9%
Costs of goods and services sold 65,618 68,109 4%
Personnel expenses 23,476 28,970 23%
Other business expenses 8,001 9,137 14%
EBITDA before one-off items 3,759 5,053 34%
EBITDA one-off items 420 702 67%
EBITDA after one-off items 3,339 4,351 30%
Depreciation and amortization 2,303 2,782 21%
EBIT 1,036 1,569 51%
Net financial result (371) 1,547 517%
Profit/loss before taxation before one-off items 1,085 3,818 252%
Profit/loss before taxation after one-off items 665 3,116 368%
Corporate tax 204 360 77%
Profit/loss after taxation before one-off items 882 3,458 292%
Profit/loss after taxation after one-off items 461 2,756 497%

Profit and Loss Account – shortened

In the observed period, Span d.d. recorded an increase of EBITDA after one-off items of EUR 1,012 thousand, to EUR 4,351 thousand, which was a 30% increase. The increase of amortization and depreciation in the Company is the result of the merger of the company Ekobit. The Group’s net financial result is mostly the result of foreign exchange losses in Span Ukraine.

Net profit

Profit after taxation before one-off items of the Group increased by EUR 1,445 thousand, to EUR 4,155 thousand. In the observed period, profit after taxation after one-off items of the Group increased by EUR 2,151 thousand, to EUR 3,398 thousand. One-off items are lower by EUR 706 thousand compared to the same period last year. The cost of profit tax reflected the release of the deferred tax assets for both tax reliefs obtained based on the Investment Promotion Act. Due to the reorganization changes as a result of the merger, Ekobit had an obligation to return the used tax support for the 2021 – 2023 period. In addition, the payment of dividends of GT Tarkvara according to the tax laws of Estonia created a tax liability. Span d.d. recorded a growth of profit after taxation before one-off items by EUR 2,576 thousand, to EUR 3,458 thousand. Span d.d. recorded a growth of profit after taxation after one-off items by EUR 2,295 thousand, to EUR 2,756 thousand. A dividend was paid to Span d.d. from affiliated companies in the total amount of EUR 1,650 thousand. The Management Board of Span d.d. continuously considers all risks related to the Russian – Ukrainian war and is of opinion that those risks do not threaten the financial results of the Group.

Revenues by segments

The Span Group generates revenues in the following segments:
1. Software Asset Management and Licensing
2. Infrastructure Services, Cloud & Cyber Security
3. Service Center Management and Technical Support
4. Software and Business Solutions Development

Data on revenues by segments of operation of the Group and Span d.d. for 2023 and 2024 is presented below.

  1. Software Asset Management and Licensing recorded a growth of revenues by 30%. The Group recorded higher revenues compared to 2023, mostly as a result of revenue growth in Span Ukraine and GT Tarkvara. The share of revenues in the total operating revenues was 72%.
  2. Infrastructure Services, Cloud & Cyber Security increased by 16% in the observed period, compared to the same period of the prior year. The growth reflects an expected realization of investment in this segment.
  3. Service Center Management and Technical Support contributed to a continuous growth of revenues through the supervision and management of the IT surroundings services, with the increase of revenues of this segment amounting to 8% compared to the same period last year.
  4. Software and Business Solutions Development recorded a 31% increase in the observed period. The growth of this segment came from the development of specific business solutions for individual key customers, such as CRM, automation and robotization of their business processes. After the merger, the software and AI solutions development services provided by Ekobit and Bonsai continue to be provided within this portfolio.

Span Group

2023 2024 ∆%
Total operating revenue 142,836 180,183 26%
Software Asset Management and Licensing 99,147 129,152 30%
Infrastructure Services, Cloud & Cyber Security /* 13,892 16,135 16%
Service Center Management and Technical Support * 17,836 19,193 8%
Software and Business Solutions Development ** 11,961 15,704 31%

Span d.d.

2023 2024 ∆%
Total operating revenue 99,550 110,033 11%
Software Asset Management and Licensing 64,268 66,576 4%
Infrastructure Services, Cloud & Cyber Security /* 12,507 14,058 12%
Service Center Management and Technical Support * 16,828 18,730 11%
Software and Business Solutions Development ** 5,947 10,669 79%
  • the Security Operations Center has become an integral part of the Cyber Security segment therefore we adjusted the revenue in 2023 to make it comparable to the current period
    ** by consolidating the software development and AI solutions offer, we started to track a part of the projects from 2024 within the segment Software and Business Solutions Development, which is why we adjusted the revenue in 2023

Revenues by segments

Span Group 2023
Software Asset Management & Licensing 69.4%
Infrastructure services, Cloud & Cyber Security 9.7%
Service Center Management & Technical Support 12.5%
Software & Business Solution Development 8.4%

Span Group 2024
Software Asset Management & Licensing 64.6%
Infrastructure services, Cloud & Cyber Security 12.6%
Service Center Management & Technical Support 16.9%
Software & Business Solution Development 5.9%

Span d.d. 2023
Software Asset Management & Licensing 71.7%
Infrastructure services, Cloud & Cyber Security 8.9%
Service Center Management & Technical Support 10.7%
Software & Business Solution Development 8.7%

Span d.d. 2024
Software Asset Management & Licensing 60.6%
Infrastructure services, Cloud & Cyber Security 12.8%
Service Center Management & Technical Support 17%
Software & Business Solution Development 9.7%

Revenues by geographic markets

Revenues by geography show the geographic market where goods, or services are invoiced. The share of revenues the Group makes in foreign markets accounts for 74% of the total revenues. The significant growth of revenues was recorded by the Ukrainian market (EUR 18,661 thousand). Growth additionally expanded in the Slovenian market. The Estonian market also recorded growth, but primarily due to the fact that in 2023 we were showing revenues from the Q2. In the observed period, 41% of the Span d.d.’s revenues refers to the Croatian market. The UK market achieved the highest growth in 2024.

Span Group 2023
Croatia 45%
Slovenia 17%
USA 15%
UK 13%
Sweden 2%
Other 8%

Span Group 2024
Croatia 41%
Slovenia 18%
UK 16%
USA 16%
Sweden 1%
Other 8%

Span d.d. 2023
Croatia 34%
Slovenia 15%
USA 11%
UK 9%
Estonia 8%
Other 23%

Span d.d. 2024
Croatia 26%
Slovenia 15%
Ukraine 15%
Estonia 11%
USA 10%
Other 23%

Assets

The total value of the assets of the Group was higher by EUR 8,916 thousand. The increase of the total assets is primarily the result of the increase of cash made in the operating activities.

Investment in assets

Investments of Span Group in tangible assets mostly related to expenditure for the procurement and replacement of worn-out computers and other equipment required for the work of employees and the procurement of servers. Right-of-use assets related to business premises and leased vehicles. Investment in intangible assets in preparation related to internally generated intangible assets that resulted from the continuation of the development of software available for further sale/use.

Deferred tax assets

Deferred tax assets represent income tax return amounts which are recoverable based on future taxable profit deductions. Deferred tax assets are recognized up to the amount of taxable earnings which are likely to be achieved. When determining future taxable

Span Group
In thousands of EUR

31.12.2023 31.12.2024
ASSETS 72,261 81,177
Fixed assets 23,927 25,063
Deferred tax assets 1,724 1,158
Current assets 28,314 25,997
Cash and cash equivalents 14,379 24,368
Prepaid expenses and accrued income 3,916 4,590
LIABILITIES 72,261 81,177
Equity and reserves 30,423 33,853
Long-term liabilities 3,509 2,414
Current liabilities 32,014 39,334
Accrued expenses and deferred revenue 6,315 5,575

Span d.d.

31.12.2023 31.12.2024
52,984 61,034
28,870 30,024
1,145 933
14,456 17,091
4,832 8,994
3,681 3,992
52,984 61,034
27,082 29,840
2,995 2,377
18,093 25,461
4,813 3,356
Span Group In thousands of EUR 2023 2024
Computer equipment and other equipment 958 739
Tangible assets in preparation 4 23
Right-of-use assets 961 2,302
Other intangible assets 3,218 39
Intangible assets in preparation 1,188 312
Investment in assets total 6,329 3,415

2.3.4. Balance Sheet

The Group judges and creates an estimate based on taxable profit from the previous years and the expected future revenues which are considered to be reasonable in existing circumstances. The Group made an assessment of the usability of tax relief for the estimate of the amount of deferred tax assets, based on support received from the Ministry of Economy, Entrepreneurship and Crafts. The aforementioned financial support allows Span d.d. to be exempt from paying corporate income tax from 2015 to 2025, for 50% of the amount of the tax base, up to the maximum threshold in the amount of the total investment according to the Investment Promotion Act (ZOPI). In December 2021, Span d.d. applied for the use of a new round of supports named Investment in expansion of the research and development capacity and capacity for the delivery of IT solutions project. We got a positive decision on 25 February 2023 based on which the Company accomplished additional 50% relief of the tax rate. Thus, Span d.d. ensured that by 2025, i.e. by the utilization of the maximum threshold of the investment, it has a current corporate income tax rate of 0%. Due to the reorganization changes as a result of the merger, Ekobit had an obligation to return the used tax support for the 2021 – 2023 period. The remainder of the unused deferred tax assets was reduced accordingly.

Equity and reserves

The total equity and reserves of the Group increased by EUR 3,431 thousand. The increase results from the profit of the current period, and the revaluation of the business facility owned by the Company.

Long-term and short-term liabilities.

Total long-term liabilities decreased by EUR 1,095 thousand. Long-term liabilities decreased due to the transfer to short-term ones, related to the acquisition of GT Tarkvara. Short-term liabilities increased primarily as a result of the increase in liabilities to banks and suppliers. The current liquidity ratio points to the ability of the Group to settle its short-term liabilities.

2.3.5. Cash flow

The Group recorded positive cash flows from operating activities. Negative cash flow from investment activities was a result of the payment of the second instalment for the acquisition of GT Tarkvara and acquisition of the remainder of the Bonsai’s and Trilix’s business shares. The positive cash flow from financial activities mostly resulted from the withdrawal of short-term loan frameworks in order to bridge liquidity.

Span d.d. 31.12.2023 31.12.2024
22,969 30,077
22,907 28,817
62 1,260

Current Assets, Current Liabilities and Working Capital

Span Group In thousands of EUR 31.12.2023 31.12.2024
Current assets 46,609 54,956
Current liabilities 38,329 44,910
Working capital 8,280 10,046
Current liquidity ratio 1.22 1.22
Span d.d. 31.12.2023 31.12.2024
2,107 5,522
4,832 8,994
(2,725) (3,472)
27,082 29,840
- -

Net debt

Span Group In thousands of EUR 31.12.2023 31.12.2024
Short-term and long-term loans 2,107 5,522
Cash and cash equivalents 14,379 24,368
Net debt (12,273) (18,846)
Total equity 30,423 33,853
Net debt and total equity ratio - -
Span d.d. 2023 2024
4,324 3,320
-10,495 -530
-3,209 1,372
-9,380 4,162
Span Group In thousands of EUR 2023 2024
Net cash from operating activities 6,009 11,772
Net cash used in investment activities -6,881 -2,943
Net cash used in financial activities -3,564 1,159
Net increase / decrease in cash and cash equivalents -4,436 9,988

2.4. Risks

Span has established and maintained a risk management system on the level of the Company in order to connect strategic goals and risks with the operative risks and in this way manage the operations in the best possible way. By late 2022, the Company started the implementation of the risk management system according to ISO 31000 standard. The standard contains recommendations and good practice in the area of risk management and there is no official ISO certificate for it. The Risk Management Policy 26 was defined, applying to all temporary, occasional and permanent employees of Span, depending on defined roles and responsibilities. The policy specified competences, responsibilities and principles. The risk assessment frequency and reference to the Risk Appetite document were defined. It is specified that Span will accomplish its business goals offering products and services while taking taking into account:

  • Maintenance and respect of high ethical standards of operation and sustainability (ESG).
  • Preservation of long-term financial profitability and business sustainability of Span.
  • Protection of interests of customers and ensuring decent treatment by providing high quality services.
  • Ensuring operations in full compliance with the legislation and regulatory requirements.
  • Maintaining the internal control system in order to preserve and maintain continuity and security of operation.

Furthermore, a document with the context of the influence of the main shareholders was created, as well as Risk Appetite 27, and the Risk Management Methodology, elaborated based on the previous Information Security Management System methodology. A further progress in risk management was achieved in 2024. Through activities of identification, training and education, and the systemic application of controls, the Company created an environment that encourages proactivity in facing risks. The goal was to create a transparent risk management system suitable for risk processing in every domain of the operation of Span. Based on the probability of occurrence and the potential reach of negative impacts of the operations, the financial condition and results of the operation of the Group, the following risks were identified:

26 Created on 30 November 2022, and the actual version is from 6 November 2023.
27 The Management Board of the Company adopted the Risk Appetite Statement on 23 March 2023, which defined the appetites of operative, reputational and financial risks, as well as compliance risk in accordance with strategic guidelines.

  • Risk of the susceptibility of the profitability of the Group, its operating results and working capital to significant fluctuations
  • Foreign currency risk
  • Accounts receivable risk
  • Liquidity risk
  • Interest rate risk
  • Risk of over-indebtedness
  • Risks related to the protection of personal data and intellectual property
  • Risk of the change of regulation and regulatory risk
  • Risk of exposure to cyber attacks
  • Risk of the loss of key employees and of the lack of skilled labor
  • Risk of business environment and political risk
  • Supplier risk
  • Reputational risk
  • Risk related to retaining the current and finding new customers and risk of concentration of key customers
  • Competition risk
  • Maintenance of the continuity of operation risk

Legal risks

Financial risks

Span Group specific risks

The risks were distributed by categories depending on their nature, and they can be mutually connected. There is a possibility of the occurrence of additional risks that could influence the operations, financial condition and results of the operations of the Group, if they were realized, but they are currently not known or they are not considered key risks at the moment.

2.4.1. Financial risks

Risk of the susceptibility of the profitability of the Group, its operating results and working capital to significant fluctuations

The operating results of the Group can be influenced by the fact that the operations on which the Group makes a significant part of its revenues are not contracted for the long term and thus there is no certainty that the Company will make revenues of these jobs in the long run. Customers are not obliged by volume commitment. Revenues of the Group based on license subscription are relatively stable in the short term (excluding the effects of potential foreign currency fluctuations), but in the long run, they can vary due to the pace of the IT industry and market in which the Group operates. However, low margins in relation to license subscription reduce the effects of the concerned revenues on the profitability of the Group. With a strong focus on long-term growth and investments oriented to strengthening the capacities for growth of the Group, the Group expects the profitability and the working capital to vary on quarterly and annual level.

Foreign currency risk

Span Group operates on an international level and is exposed to the foreign currency risk that arises from changes in the exchange rate of foreign currencies. The most significant risk is the one related to the change in the exchange rate of the US dollar (USD). The risk is mostly present in relation to the conversion costs USD - EUR and Ukrainian Hryvnia (UAH) – USD. Exchange rate changes between the aforementioned currencies may have an impact on the operation results and future cash flows of Group companies. The company has concluded an agreement on derivative financial instruments for protection against exchange rate risk. More detailed description can be found in the audit report under note 37. Financial instruments.

Accounts receivable risk (credit risk)

Accounts receivable risk (credit risk) is a risk of a customer’s failure to pay, i.e. default by the customer concerning the contracted liabilities, which impacts possible financial loss of the Company or the Group.## 2.4. Risk Management

To reduce the accounts receivable risk, the Group adopted a policy of operation only with creditworthy customers, obtaining collaterals securing the collection and securing the claims. The exposure of the Group, credit worthiness of the customers, and orderliness in meeting the contracted obligations of customers towards the Group is continuously monitored. More detailed description can be found in the audit report under note 37. Financial instruments.

Liquidity risk

Liquidity means the maintenance of sufficient quantities of cash and working capital and ensuring adequate financial instruments in form of credit lines. The liquidity risk itself relates to a case where the Group cannot meet its due financial liabilities on time due to the lack of its own cash, shortage of available assets on the cash market or impossibility of crediting by financial institutions. The Management Board has responsibility for the liquidity risk management, and it has set up an appropriate framework for the liquidity risk management by which it is guided in the management of the short-term, medium term, and long-term requirements of the Group for funding and liquidity. The Group manages the liquidity risk in a manner that it maintains adequate reserves and credit lines, constantly oversees the projected and actual cash inflows and outflows and adjusts maturity of the financial assets and financial liabilities. More detailed description can be found in the audit report under note 37. Financial instruments.

Interest rate risk

The Group is exposed to interest rate risk because the Company and its affiliated companies are debited at fixed and variable interest rates. The Group manages the stated risk by maintaining an appropriate borrowing ratio with the fixed and changing interest rate. More detailed description can be found in the audit report under note 37. Financial instruments.

Risk of over-indebtedness

The risk of over-indebtedness is expressed in the too high level of debt that adversely affects the financial stability. The Group monitors its status of over-indebtedness and manages the risk of over-indebtedness through the indicators of the level of indebtedness.

2.4.2. Legal risks

Risks related to the protection of personal data and intellectual property

Within their operations, the members of the Group process the personal data of participants (e.g. employees, clients, business partners and third persons, such as job candidates). Obligations concerning processing personal data differ depending on whether the members of the Group process them in the role of the controller or in the role of the processor. GDPR and the Croatian Act on the Implementation of the GDPR, i.e. national and other regulations on data protection according to the territorial application for different members of the Group, provide for regulations in accordance with which the members of the Group act in relation to personal data, and competent bodies, primarily Croatian Personal Data Protection Agency (AZOP) in Croatia, monitor the compliance with the said regulations. Risks arising from this area are primarily related to potential incidents that could result in personal data leak, and improper handling of personal data.

Span mitigates the above focusing on technical and organizational data protection measures, such as ISO certification, regulations governing data processing, implementation of security solutions, use of verified applications owned by reputable companies, presentation of material related to personal data protection to employees, etc.

The Group encounters different forms of intellectual property of its partners and customers through its operation. There is a risk posed by possible violations of the intellectual property rights specific for the operation of the Group, such as the use of the source code and IT products contrary to the terms and conditions from the license and the use of open source solutions contrary to restrictions set by the clients of the Group. An additional risk is reflected in unauthorized and/or improper use of intellectual property of partners and clients, in particular the use of different types of trade marks during marketing and similar activities. Span makes sure to prevent mentioned risk by coordinating teams in consultation with the legal team, and informing interested internal stakeholders about specific provisions of certain contracts.

A risk is also posed by potential and successful cyber attacks directed at personal data. The very perception that a threat or violation of personal data has occurred, whether the danger is real or not, can significantly disturb the business reputation and make future operation of the Group difficult.

Risk of change of regulations and regulatory risk

Given that the Group does business in the international markets, it is subject to the risk of change of tax regulations in a manner that would adversely affect profitability of the operations of the Group. This risk is also reflected through possible changes of tax rates as well as the subject of taxation. The presence of the Group in different jurisdictions implies different global and regional economic, political, legal, regulatory and operational risks, which instils additional complexity in the operation due to diversity of the rules applied, including regulations governing the access to and use of the Internet, data privacy and IT security, along with labor law and other issues in each jurisdiction where the Group operates. There is a risk that the Group will not be able to detect and/or prevent a breach of regulations, i.e. that the standards of control and risk management applied by the Group will not be implemented efficiently in all affiliated companies.

2.4.3. Risks related to the operation of the Company

Risk of exposure to cyber attacks

The Group, as well as the customers of the Group, are exposed to risks of cyber attacks and security threats. In its operations with customers, the Group is obliged to maintain systemic security, provide security patches and improvements, antivirus measures of protection against a malicious code, and ensure credibility of its own employees who cooperate with the customers of the Group. IT security breaches can lead to setbacks in the provision of services and/or functioning of the system controlled by the Group and to potential endangering of reliable information.

Every year, the Group increases investments in order to better protect itself against risks of exposure to cyber attacks and security threats. One of the key services the Group provides to its clients are IT solutions related to cyber attacks and threats, which means that the Group has the required expertise to take the required precautions. Since cyber risks can critically impact the operation, the Group regularly carries out simulations, exercises and testing of crisis management plans, crisis communication, recovery and continuation of business in case of cyber attacks. We also evaluated the ability of the management team to make informed and timely decisions during crisis. We raise awareness of our management team and educate them about risks and the impact of ransomware or other cyber attacks. In addition, we implement extensive security training measures and training of our IT and security experts.

Risk of the loss of key employees and of the lack of skilled labor

Successful operation of the Group largely depends on its ability to retain and motivate the existing employees, but also the ability to identify and attract new professional employees required for a successful operation to key positions. A demand for IT experts has increased, and the labor market features a constant lack and increased turnover of IT experts on all levels of expertise. Therefore, there is a risk that the Group will not be able to respond adequately to the demanding pace of the labor market and timely engage the required additional employees or retain the existing ones, which could lead to distortion of competitive position of the Group or increased costs related to increased employment competition, which could consequently negatively affect the Group's operation.

To maintain the quality of IT experts it employs, the Group organizes training for advancement and obtaining professional certificates required for the performance of specific IT services, demanded by technology partners on the one hand, and customers on the other. The Company recognizes the importance of continuous investment in knowledge and development of employees as the key element in preserving the competitive advantage. Compared to 2023, in 2024 additional 46 employees were certified, increasing the number of active certificates by 252. Thus it was achieved that as many as 67.53% of employees on technical positions hold active professional certificates.

Global trends, such as increased employee turnover, can be seen in the operation of Span Group as well. In 2024, turnover rate amounted to 13.90% at Span d.d level, while it was a bit higher at the level of Span Group and amounted to 14.44% Despite these challenges, the Group managed to retain a stable total number of employees thanks to strategic employment of employees whose profiles best suit key business objectives, and development of priority competencies. Span Group is committed to further developing its human resources and providing a basis for sustainable development and successful operation in demanding IT sector.

Risk of business environment and political risk

The risk of the business environment is determined by political, economic and social conditions in a country, and includes political, macroeconomic and economic risks. The political risk of a country includes all the risks related to a possibility for political instability, and in its extreme, includes the integrity and survival of the state.Risks of this nature are not present significantly relating to the Group, apart from the Ukrainian market, where Russian aggression and war are still taking place. The decline in revenues in Ukraine in 2022 was fully compensated in other markets and at the end of 2024, revenues in Ukraine accounted for 15% of the Group's revenues.

Supplier risk
Results of the Group largely depend on a possibility of sale of Microsoft program licenses and use of Microsoft solutions of operation in Cloud, which the services the Group renders to their customers are based on to a significant extent. Therefore, global acceptance of Microsoft programs and solutions in relation to operation in Cloud is a significant factor in the business model of the Group. Even though Microsoft IT solutions are widely prevalent, there is no guarantee that they will keep the current market position in the future so the risk of adjustment to 100 101 fast changes in technology on the competitive market is applicable to Microsoft itself as well. The authorization of the Group for sales of Microsoft products to customers and the business requirements of the cooperation are related to the status of the provider of services of licensing that is based on a contract that is not exclusive and should be renewed on an annual basis for each geographic area where the Group sells Microsoft products. Successful cooperation of the Group with Microsoft also depends on a successful adjustment to business requirements of cooperation specified by Microsoft, which include various incentives in form of rebates, investments, marketing assets and other payments. The incentives Microsoft offers to its Microsoft LSP (Licensing Solution Provider) partners, including the Group, depend on whether a partner meets certain indicators of success such as the revenue growth in certain areas of products or services, finding new customers, acquiring certain Microsoft competencies and specializations, etc. Business requirements for cooperation are subject to annual changes, so if the Group is not able to adapt to those changes on time, this can result in a significant reduction of the received incentives and adversely affect the profit margins of the Group. The Group, a multiyear Microsoft partner with more than 30 years of successful cooperation, enjoys business trust, but there is no guarantee that the cooperation will continue equally successfully in the future. Finally, concerning Microsoft as a supplier, along with other IT companies whose products are used by the Group, one cannot rule out that the mentioned companies will offer their products and services directly at certain markets or to certain customers. Such a change of the business model of companies that can be considered suppliers of the Group could adversely impact the operation of the Group.

Reputational risk
Reputational risk is the risk of losing reputation and trust of users, suppliers, employees and other interest groups of the Group. It is manifested as a consequence of either operational, financial, or other previously mentioned risk. Occurrence and active lack of management of one of the mentioned risks can significantly affect the operation of the Group and its long-term financial position. Through implementation of the risk management system in accordance with ISO 31000 standard and internal coordination of all the Group's activities according to interest groups, the Group actively manages all the risks that could lead to the manifestation of this one.

Risk related to retaining the current and finding new customers and risk of concentration of key customers
The operation of the Group depends on its ability to keep and expand the cooperation with the current customers through cross-selling and up-selling, and successfully attracting new customers. Growth of revenues of the Company depends on the growth of sales to the current customers through an increase of the number and types of services rendered, which makes the retaining of the existing customer base especially important. A significant category of users of the Group, as per their share in the revenues, is made up of customers of the Microsoft licenses that are by rule renewed annually. However, customers are not obliged to renew their subscription after the expiry of the contracted duration of a license, therefore we cannot be certain that after the expiry, those same customers will renew the subscription for a license. In addition, we are exposed to the risk of the concentration of key users. The risk is reflected in the concentration of revenue in relation to customers that belong to one business group given that a possibility cannot be ruled out that they can cease to use the services of the Group for any reason, or to continue to use them to a lower extent.

Competition risk
Markets in which the Group operates are highly competitive and are characterized by fast changes in technology and frequent introduction of new products and services. Future profitability of the Group significantly depends on the successful improvement of its solutions and implementation of new services, and on efficient interoperability between an increasing number of operative systems, applications and software solutions. There is no guarantee that the future effort of the Group to be harmonized with the current requirements of the market will be successful. Any belatedness in adopting new technologies, which would result in the lack of competition, would reflect adversely on the business results of the Group. Moreover, it is possible that competitor companies will meet the requirements for changes in the IT technologies in the future more efficiently, and in that way jeopardize the profitability of the operation of the Group. Even though the Company is among the leading companies in its industry, there is a risk that some of the current competitors could make a high financial investment and launch an attempt to take over users or employees of the Group. Given the trends of consolidation in markets where the Group competes, some of the global competitors are also likely to try to access the market.

Maintenance of the continuity of operation risk
The total operation of the Group depends on the possibility for proper functioning of its own IT infrastructure and ability of the Group to protect it in case of unpredictable events (continuity of operation). Smooth functioning of its own IT systems is a prerequisite for regular operation and the foundation of trust the customers have in the Group’s services. Besides, technology used by the IT infrastructure is susceptible to difficulties in functioning caused by the human factor, delays in the supply of electricity, systemic errors, telecommunication problems, natural disasters, and similar events that can cause significant obstructions in regular operation of the Group and cause violations of the assumed contractual obligations, if the Group cannot eliminate them within a reasonable time span. The Group uses the IT infrastructure of renowned global technological companies such as Microsoft Corporation, Cisco Systems, Amazon Web Services, Google and others and has backups of all important data, which is not stored at one location. Furthermore, the Group also uses the IT infrastructure of third persons that it does not control, such as services of operation in Public Cloud, i.e. the operation of the Group is largely dependent on proper functioning of the infrastructure concerned and the connection with customers of the Group. IT infrastructure risks that can significantly impact the continuity of operation and the achievement of business objectives are identified in the business impact analysis. Also, based on the Business Continuity Plan, Disaster Recovery Plans are created for all the higher importance risks. Each of the plans was successfully tested, and Span demonstrated its compliance with ISO 22301 standard – Business continuity management system.

102 People and community 3 104 105

3.1. Human resource excellence

In 2024, Span worked intensively on strengthening and development of its human resources, recognizing the importance of employees as an essential resource for long-term success and sustainability of organization. Our commitment to quality human resources management was proven by the fourth Employer Partner certification in a row, whereby we were included in the list of Top 10% Employer Partners according to Selectio methodology. Our expertise was endorsed in the categories of Impact, Satisfaction and Future, clearly indicating a positive impact of HR activity on business success and our commitment to sustainable business.

3.2. Development of leadership positions in Span

In order to improve management processes and increase the efficiency of organization, in 2024 we launched a comprehensive project of development of leadership positions, including the analysis of job descriptions and design of leadership competencies. Furthermore, the implementation of a digital performance monitoring framework through SAP module Performance & Goals will enable better monitoring of individual contributions of employees, and ensure alignment with long-term plans of the organization. These activities present a direct response to identified risks, such as loss of key employees, opposition to changes and reduced productivity, thus ensuring stability and resilience of organization.

3.3. Successful integrations and promotion of organizational values

Merger of affiliated companies Bonsai and Ekobit with Span in 2024 was carried out while ensuring continuity of operation and transparent communication with all of the stakeholders. Data transfer, digitization through the internal SAP system and reorganization of the business structure were carried out while preserving the operational continuity in full.During the entire process, particular attention was paid to commu-nication with employees, investors and business partners, ensuring transparency and trust. In 2024, we worked intensively on bringing GT Tarkvara closer to its par-ent company through strengthening HR support and process standardization. The above-mentioned processes further re-inforced our organizational structure and demonstrated the ability to successfully manage changes, reducing the risks such as inconsistent organizational values and employee resistance.

3.4. Successful cooperation and enhancing the relationship with the academic and IT community

Span continued with activities concerning development of future experts through coop-eration with the academic community again this year. Through participation in expert conferences, events and workshops, as well as through conducting professional practices such as Span IT Gym, we are building a re-lationship between education and industry. Youth employment and development of their skills has been a particular focus, thereby responding to circumstances related to lack of skilled labor and improvement of diversity.

3.5. Span for the education of tomorrow

Span has been actively supporting STEM ed-ucation for years, recognizing the importance of investing in the youngest generations and fostering scientific development. Span has been supporting the “STEMwave – School of the future” project that provides the latest knowledge from the industry within school programs of artificial intelligence, robotics, video game development and citizen of the future. Also, Span’s cooperation with the charity association RTL pomaže djeci has now developed into a tradition. So, in 2024, we implemented three projects together. First project involved The Lipovljani Technical Culture Club, a non-profit organization dedi-cated to educating children and young people in robotics, computer science, photography, and aeromechanics. In our second project, we secured funding for Children’s Creative Center DOKKICA. In particular, we secured funding for an innovative learning system called Play Attention that helps children build skills important for personal success and success in school. In our last project of 2024 we secured funding for the new STEM laboratory “Dandelion’s research center in nature” for Sisak Novi nursery school. This innovative space allows children to foster love for science through research and play-ing games.

3.6. Taking care of employees’ health and well-being

LifeSpan program concerning the health and well-being of employees consisted of a number of initiatives this year. Activities such as Fit Happens, participating in B2Run races and lectures concerning the protection of children against violence further contrib-uted to achieving balance between work and private life of employees, helping prevent stress and burnout at work. Our commitment to these initiatives was prov-en by the recertification of Health-Friendly Company status, ensuring long-term moti-vation and engagement of employees and reducing the risks related to mental health and efficiency.

3.7. Span volunteers: the power of knowledge and community

In the past several years, Span has been implementing two types of corporate vol-unteering – volunteering based on skills and volunteering actions. Using expertise, know-how and technology at our disposal, we improve the work of associations and contribute to the devel-opment of the civil society in Croatia. In 2024, we collaborated with Krijesnica, an association that has been helping those affected by malignant diseases for almost 25 years. Our experts have extensive knowl-edge in the fields of automation, licensing, and Microsoft education – all areas in which we could help the association have even more time for their users. The entire project team involved in corporate volun-teering worked on this project alongside their standard jobs. In addition, we carried out a volunteering action in collaboration with Volunteers’ Center Zagreb and the Park Home for the Elderly, where we arranged the joint areas of the home.

3.8. Global partnerships for local development

Span has been a member of UN Global Compact and Croatian Business Council for Sustainable Development since 2023. The inclusion of Span in the initiatives and organ-izations that actively promote and encourage the business sector towards accomplishing the goals of the sustainable development and achieving corporate sustainability is es-sential because it gives us an opportunity to contribute as a company to raising the awareness about sustainable development. This year’s Sustainable Development Con-ference organized by the Croatian Business Council for Sustainable Development was named “Initiating Circularity for Sustainabil-ity”. At the conference, HR business partners Paulina Degiuli and Melita Ferjanić presented their work “Reboarding – Support for wom-en returning to work after maternity and paternity leave.” In addition, cooperation with Croatian Busi-ness Council for Sustainable Development continued through organizing training for all the directors and managers of Span, and it was attended by the Management Board of Span as well. The requirements of the Corporate Sustainability Reporting Direc-tive, with particular focus on the provisions regarding Reporting Standards (ESRS) were presented at the workshop.

Key indicators for employees and operations of Span Group

Indicator 2020 2021 2022 2023 2024
1) Overview of number of employees over years
Span d.d. 417 469 574 608 644
Span Group 522 752 802 852 865
Business Segment Share of employees
Software Asset Management and Licensing 7%
Service Center Management and Technical support 29%
Software and Business Solution Development 25%
Managerial and Corporate Functions 14%
Infrastructure Services, Cloud & Cyber Security 25%
Country Share of employees
Croatia 90.5%
Slovenia 3.3%
Ukraine 4.3%
Other 1.9%
Age Structure (2024) Share of employees
18 – 29 years 30.7%
30 – 39 years 40.4%
40 – 49 years 23%
50+ years 5.9%
Gender Structure (2024) Span d.d. Span Group
Male 71% 69%
Female 29% 31%
Indicator 2021 2022 2023 2024
Number of certified employees 341 397 449 495
Number of passed certifications 2349 2796 3048 397
Employee Turnover Year Percentage
Employee turnover 2018 13.04%
2019 15.84%
2020 11.90%
2021 14.89%
2022 10.47%
2023 8.15%
2024 14.44%
Indicator Span Group Span d.d.
5) Average age of Span Group employees 35 years
6) Average work experience 5,2 years
7) Gender structure of Span Group employees
Male 74% 70%
Female 26% 30%
8) Share of women in managerial positions 28.87% 32.14%
Degree of Education Number of employees Percentage
High school 221 25.94%
Bachelor’s degree 221 25.94%
Master’s degree 408 47.89%
Doctoral degree 2 0.23%

Processes and technology

5.1. ISO standards

We started 2024 with seven certified man-agement systems compliant with the ISO standards:

  • ISO 9001 – Quality management system (QMS)
  • ISO/IEC 27001 – Information security man-agement system (ISMS)
  • ISO/IEC 20000 – Service management system (SMS)
  • ISO 14001 – Environmental management system (EMS)
  • ISO 50001 – Energy management system (EnMS)
  • ISO 37001 – Anti-bribery management system (ABMS)
  • ISO 22301 – Business continuity management system (BCMS)

In January 2024, we successfully completed a control audit for our anti-bribery management system according to ISO 37001. At the be-ginning of March, we successfully performed external control audits for ISO 9001 (Quality management system) and ISO/IEC 27001 (In-formation security management system). In March, we additionally successfully carried out a control audit for our business conti-nuity system according to ISO 22301, which is a very important progress in supporting our key business processes. In September, we were the first in Croatia to be certified for the artificial intelligence management system according to ISO/IEC 42001 standard.

We continue to maintain the existing man-agement systems and implement new ones. We finished the year with eight certificates:

  • ISO 9001 (Quality management): Maintaining the strong system of quality management since 2006, we continue to support and im-prove our dedication to providing exceptional products/services, ensuring satisfaction of customers and continuous improvement.
  • ISO 27001 (Information security man-agement): Since 2011, our practice of information security management has developed, com-plying with the latest standards so that we can secure integrity, reliability and availability of data. This experience will help us adjust to the NIS2 Directive in the following years, and we are developing competencies for assisting our customers in the adjustment.
  • ISO 20000 (Service management system): With the certificate obtained in 2012, our ser-vice management practice has consistently met the international standards, ensuring the effective delivery of services.
  • ISO 14001 (Environmental management) and ISO 50001 (Energy management): Obtained in 2021, these certifications emphasize our commitment to environmentally sustainable practice and energy effectiveness, contrib-uting to a greener future.
  • ISO 37001 (Anti-bribery management): Imple-mented in 2022, this certification strengthens our dedication to operations in an ethical and transparent manner, preventing bribery and corruption. In line with ISO 14001 and ISO 50001, this system significantly helps us comply with the ESG initiative, one of a few strong regulatory guidelines in the next few years.
  • ISO 22301 (Business continuity management): We successfully implemented and certified this system in early 2023.# Span d.d. 10-K Filing (Partial)

5.2. Partnerships

In 2024, Span renewed all six Solutions Partner for Microsoft Cloud platform statuses, thus further confirming its expertise and credibility as Microsoft partner. Holding these statuses and possessing advanced specializations means Span regularly goes through validation and certification processes, guaranteeing a high level of expertise and reliability in the delivery of complete solutions to its users. Span continuously develops its competencies within Microsoft ecosystem, integrating its solutions and services with Microsoft platform, with a special focus on artificial intelligence and cyber security. This approach provides Span’s users with innovative solutions that can adequately respond to modern-day challenges in business.

In 2024, Microsoft recognized Span as Partner of the Year for Croatia, awarding the Company for extraordinary results in the implementation of Microsoft technologies. What particularly stood out was the successful implementation of Microsoft 365 and Microsoft Azure solutions, as well as Microsoft 365 Copilot scenario, which significantly improved the productivity and security standards of users.

In addition, Span concluded a partnership agreement with Radiflow, a renowned company in the area of OT security, which further strengthened cooperation in the matter of cyber security and providing innovative solutions for the protection of critical infrastructure and industrial control systems.

This year, Span is also recognized as Hewlett Packard Enterprise (HPE) Gold Partner, which is another recognition of our extreme dedication and excellence in the area of hybrid cloud, with tested quality products and services of the IT infrastructure. Span was also recognized as Aruba Gold Partner, and received a prestigious HPE Aruba Networking Champion of the Year recognition on HPE Intelligent Data conference in March 2024, thereby further confirming own expertise in the area of network solutions.

These recognitions and partnerships are a reflection of Span’s continuous dedication to providing premium technologies and solutions that help organizations tackle challenges around modern business environment, with a particular focus on innovations, security, and optimization of business processes.

5.3. Code of Business Conduct

Span is one of the leading Croatian IT companies. We have devoted more than 30 years to software development, and service and system integration. Our work is guided by the principles and standards mentioned in the Code of Business Conduct, which we adhere to in all our interactions with customers, partners, employees and the wider public. We have achieved our position on the market based on solid professional and ethical foundations, and are resolved to make all future business decisions in accordance with all legal requirements and moral principles. We, therefore, expect all our employees and partners to commit to honest business practices and behaviour in accordance with our core values. We are growing according to all business parameters year after year – Span Group is currently employing over 850 people and is constantly increasing that number. 495 of our employees have been awarded one or more professional certificates. Thus, the Code of Business Conduct is an expression of Span values that reflects the principles and policies that govern our business, and provides concrete guidelines for employee and partner behaviour. We believe that strong corporate governance requires transparency and trust of all stakeholders. Therefore, our governance principles, in addition to compliance with rules and regulations, emphasize the need for socially responsible business conduct and the application of our core values in relationships with partners, employees, and customers. Our Code applies to Span and all its affiliated companies (Span Group), all our employees and business partners, including users, suppliers, consultants, external associates, shareholders and other business partners appropriately associated with Span in accordance with local legal requirements and regulations.

6. Sustainability Report

6.1. General information (ESRS 2)

BP-1 - General basis for preparation of sustainability reports

Sustainability Report of Span d.d. (Company/Span) and its subsidiaries (together: Group/Span Group) for 2024 has been prepared in accordance with the Act on Accounting (Official Gazette no. 85/24, 145/24), and European Sustainability Reporting Standards (ESRS) under Corporate Sustainability Reporting Directive (CSRD). Also, the Group has included information from Article 8 of the Regulation (EU) 2020/852 (Taxonomy Regulation) in this report. Information required by the Taxonomy Regulation can be found in the topical part of the report related to the environment (page 146).

Sustainability report is drawn up on a consolidated basis. The scope of consolidation is the same as for the financial statements. Number of subsidiary undertakings included in the consolidation can be found in Note 21.1 of the Company's annual financial report.

Report has been prepared at the level of Span Group for the financial year concluded on 31 December 2024. Information provided relates exclusively to Span and, where applicable, its value chain and business relations. No subsidiary undertakings were exempted from consolidated sustainability reporting pursuant to Article 29a of Directive 2013/34/EU.

Sustainability report includes information on the material impacts, risks and opportunities connected with the undertaking through its direct and indirect business relationships in the upstream and/or downstream value chain, which is the result of double materiality assessment (DMA) in 2024.

While preparing this report, expectations of our stakeholders were taken into account, as well as passive involvement of our stakeholders in terms of publicly available information (sectoral analysis – publication of existing sustainability reports of our business partners) in order to take into account impacts from upstream and downstream value chains through passive inclusion, making sure we address issues of utmost importance to them. No relevant information was exempted for reasons related to confidential and sensitive information, as well as information about intellectual property, knowledge and experience or innovation performance.

BP-2 - Disclosures in relation to specific circumstances

Span Group decided to make use of the transitional provision under Chapter 10.2 ESRS 1. To calculate Scope 3 GHG emissions related to our suppliers and users, we used indirect sources such as average industrial emission factors; they are therefore subject to high uncertainty of measurement (> 50%). Data was collected for categories 3-1: Purchased goods and services, 3-2: Capital goods, 3-3: Fuel and energy-related Activities, 3-4: Upstream transportation and distribution, 3-5: Waste generated in operations, 3-6: Business traveling, 3-7: Employee commuting, 3-9: Downstream transportation and distribution.

To calculate emissions, generic emission factors from relevant emission factors databases were used, such as: Croatian emission factors database, ADEME, Exiobase, DEFRA, etc. For more details, see topical chapter: Environmental information, greenhouse gas emissions (E1-6).

We are dedicated to continuous improvement of accuracy, and in the future we hope to obtain emission factors for goods purchased from suppliers, make agreements with all the transport companies to submit the quantity of fuel used for the transport of goods and capital goods, obtain specific emission factors for waste categories from waste disposal companies, and increase turnout in the survey concerning employees’ means of arrival to work.

Our business continuity management system ensures resilience to disruptions, preserving key business processes and trust of the customers.

ISO 42001 (Artificial intelligence management): We were the first in Croatia to be certified for the ISO/IEC 42001 standard, an international standard that defines the requirements for an artificial intelligence management system. The standard is based on best practices that ensure the ethical, safe and effective use of AI technologies. Through certification, Span confirmed owning the processes and resources enabling the management of the entire life cycle of AI solutions – from development to implementation and monitoring.

Implementation of ISO 31000 recommendations: During 2022, 2023 and 2024, Span d.d. implemented ISO 31000 Recommendations, improving risk management practice. This integration ensures a proactive approach to recognition, assessment and mitigation of risks in all business functions.

By adopting these systems, we have enabled:

  • Risk and opportunity management.
  • Improving the quality of our products/services.
  • Better organization of internal processes.
  • Adequate protection of information in accordance with their sensitivity.
  • Managing the environmental impact and energy efficiency.
  • Compliance with best global practice.
  • Independent proof of the strategic focus on the structure of our processes.

As we are always strongly committed to excellence, the proactive maintenance of our management systems reflects our orientation to continuous improvement, ensuring the highest standards of quality, security, responsibility to the environment and total operational resilience.

ISO 9001 ISO 27001 ISO 20000 ISO 14001 ISO 50001 ISO 31000 ISO 37001 ISO 22301 ISO 42001
Quality Information security IT services management Environment Energy Risk Compliance Business Continuity Artificial intelligence
2005 2010 2015 2020 2021 2025
120 121

Given that this is the first reporting period conducted under ESRS, all the previous information related to sustainability is not directly comparable with the current report, nor was it revised. This non-comparability derives from differences in methodologies used in previous reports, compared to standardized approach under ESRS.

List of data in cross-cutting and topical standards that derive from other EU legislation are shown in the table on page 198 (Appendix B from ESRS guidelines).

List of the Disclosure Requirements complied with in preparing the sustainability statement, following the outcome of the materiality assessment, including the page numbers and/or paragraphs where the related disclosures are located in the sustainability statement are shown in the table:

List of the Disclosure Requirements complied with in the Sustainability report of Span Group
ESRS 2 – General information 124
BP-1 - General basis for preparation of the sustainability statement 124
BP-2 - Disclosures in relation to specific circumstances 124
GOV-1 - The role of the administrative, management and supervisory bodies 128
GOV-2 – Information provided to and sustainability matters addressed by the undertaking’s administrative, management and supervisory bodies 131
GOV-3 – Integration of sustainability- related performance in incentive schemes 131
GOV–4 – Statement on due diligence 132
GOV–5 – Risk management and internal controls over sustainability reporting 132
SBM-1 - Strategy, business model and value chain 132
SBM-2 - Interests and views of stakeholders 135
SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model 137
IRO-1 – Description of the process to identify and assess material impacts, risks and opportunities 141
ESRS 2 IRO –1 E1– Description of the process to identify and assess material impacts, risks and opportunities related to climate change 143
ESRS 2 IRO –1 E2, E3, E4, E5 – Description of the processes to identify and assess material impacts, risks and opportunities related to pollution, water and marine resources, biodiversity and ecosystems, resource use and circular economy 145
ESRS 2 IRO –1 G1– Description of the processes to identify and assess material impacts, risks and opportunities related to business conduct 145
IRO-2 – Disclosure requirements in ESRS covered by the undertaking’s sustainability statement 145
MDR-P – Policies adopted to manage material sustainability matters Included in disclosures related to policies in the thematic standards
MDR-A – Actions and resources in relation to material sustainability matters Included in disclosures related to policies in the thematic standards
MDR-M – Metrics in relation to material sustainability matters Included in disclosures related to policies in the thematic standards
MDR-T - Tracking effectiveness of policies and actions through targets Included in disclosures related to policies in the thematic standards

Environmental information

ESRS E1 – Climate change
EU Taxonomy Disclosures 146
E1-1 Transition plan for climate change mitigation 152
ESRS 2 SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model 152
E1-2 - Policies related to climate change mitigation and adaptation 152
E1-3 – Actions and resources in relation to climate change policies 153
E1-4 - Targets related to climate change mitigation and adaptation 153
E1-5 – Energy consumption and mix 153
E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions 154

Social information

ESRS S1 – Own workforce
ESRS 2 SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model 161
S1-1 – Policies related to own workforce 163
S1-2 – Processes for engaging with own workers and workers’ representatives about impacts 167
S1-3 – Processes to remediate negative impacts and channels for own workers to raise concerns 168
S1-4 – Taking action on material impacts on own workforce, and approaches to mitigating material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions 170
S1-5 – Targets related to managing material impacts, advancing positive impacts, as well as to risks and opportunities 180
S1-6 – Characteristics of the Undertaking’s Employees 180
S1-9 – Diversity metrics 181
S1-16 – Remuneration metrics (pay gap and total remuneration) 181
S1-17 - Incidents, complaints and severe human rights impacts 181

ESRS S3 – Community - Entity-specific disclosures
ESRS 2 SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model 182
S3-1 – Policies related to affected communities 182
S3-2 – Processes for engaging with affected communities about impacts 183
S3-3 – Processes to remediate negative impacts and channels for affected communities to raise concerns 182
S3-4 – Taking action on material impacts, and approaches to mitigating material risks and pursuing material opportunities related to affected communities, and effectiveness of those actions and approaches 182
S3-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities 182

List of the Disclosure Requirements complied with in the Sustainability Report of Span Group

ESRS S4 – Consumers and end-users
ESRS 2 SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model 184
S4-1- Policies related to consumers and end-users 185
S4-2 – Processes for engaging with consumers and end-users about impacts 186
S4-3 – Processes to remediate negative impacts and channels for consumers and end-users to raise concerns 187
S4-4 – Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions 188
S4-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities 191

Governance information

ESRS G1 - Business conduct
G1-1 Business conduct policies and corporate culture 192
G1-2 Management of relationships with suppliers 194
G1-3 Prevention and detection of corruption and bribery 194
G1-4 Confirmed incidents of corruption or bribery 194
G1-6 Payment practices 194

G1 – Company-specific disclosures

Development of security solutions for cyber attacks

Appendix B

List of datapoints in cross-cutting and topical standards that derive from other EU legislation
198 128 129
GOV-1 - The role of the administrative, management and supervisory bodies
Composition and diversity of the administrative, management and supervisory bodies Number
The number of executive members (Management Board) 3
The number of non-executive members (Supervisory Board and subcommittees) 11
Members of the undertaking’s administrative, management and supervisory authorities Percentage (%)
The Board's gender diversity Female 50
33.33% F
66.67% M
Male 50
Other* 0

More information about the corporate governance structure can be found on page 22.

Experience relevant to the sectors, products and geographic locations of the organization is issued in the Rules of Procedure for the Management Board, which is publicly available on Span’s website.

Roles and responsibilities of the managing bodies

Role of the Management Board

Responsibilities of Span’s Management Board are issued in the Articles of Association and elaborated in the Rules of Procedure for the Management Board in compliance with the provisions of the Conflict of Interest Management Policy. The Management Board operates on the principles of transparency, efficiency, setting clear boundaries between authorisations and responsibility, implementing supervisory mechanisms, all while taking care of sustainability and improving business. Also, the Management Board manages business independently, without any dependency on other bodies. Management Board members must not conduct tasks which influence Span’s business for their own or somebody else’s gain, must not be members of the management board or supervisory board of the companies which conduct such activities, nor possess more than 5% share in such companies. Moreover, no transaction between members of the Management Board and Span (or persons associated with any party) can be concluded without prior consent of the Supervisory Board. Joint arrangements of the Management Board are defined in the Rules of Procedure for the Management Board. These arrangements are of utmost importance for Span’s business. Business management complying with all the relevant regulations and previously stated principles is thus ensured. A duty of business management while respecting prohibition of the conflict of interest is imposed on the members of the Management Board.

The Management Board is also responsible for the implementation of Policy of Assessment of Span’s Influence on the Environment and Community and Management of Associated Risks. When making business decisions, the Management Board takes into account impact on the environment and community, and considers, evaluates and manages impact on the environment and society. Likewise, it is responsible for monitoring impacts, risks and opportunities for the entire Span Group. The Management Board is involved in the DMA process, and it approved significant impacts, risks and opportunities recognized at the end of 2024. In the course of 2025, the Management Board will determine the strategy for monitoring and managing impacts, risks and opportunities for the entire Span Group that is not delegated to a specific position or committee at the Management Board level. The Management Board manages business independently, without any dependency on other bodies.

| Independent members of the Management Board | Percentage (%) | 90.90 |
|---|---|---|# GOV-2 – Information provided to and sustainability matters addressed by the organization’s administrative, management and supervisory bodies

The Supervisory Board supervises business management and gives approval in specific cases. The Audit Committee and the Nomination and Remuneration Committee perform their duties as prescribed in the rules of procedure of those committees. When it comes to sustainability, no member of the Management Board is a certified expert in this area, but member of the Management Board in charge of finances is responsible for the implementation of sustainability related activities. She regularly participates in weekly meetings in which she is briefed on current issues in this area. In order to comply with the new regulation and reporting method, all members of the Management Board took part in an internal training organized by the Croatian Business Council for Sustainable Development, where the requirements of the Corporate Sus- tainability Reporting Directive were presented in detail and obligations of the organization and processes to be established were described. With a view to ensure compliance with the latest requirements and practices in the area of sustainability, members of the Management Board continue their education.

Role of the Supervisory Board

Responsibilities of the Supervisory Board are defined in the Articles of Association of Span, the Rules of Procedure of the Supervisory Board, and the Policy of managing conflict of interest. Within the framework of its competence, the Supervisory Board makes decisions, evaluations, opinions, gives approval of de- cisions made by the Management Board of Span which was provided for by the relevant rules. Gives orders to auditors and together with the Management Board determines decision proposals which are made by the Span’s General Assembly. Members of the Supervisory Board act with great care, taking into account Span’s interests, as well as interests of its shareholders, employees, creditors and other stakeholders. Supervi- sory Board is obligated to review the Annual Financial Report, Annual Business Report, Auditor Report on conducted supervision of Span’s and Span Group’s business, as well as a proposed decision on the disposal of profits and payment of dividends submitted by the Management Board. The Supervisory Board also gives prior consent to the policy of managing conflict of interest. Members of the Supervisory Board are prohibited from exercising activities in competition with Span. The Supervisory Board is responsible for supervising the implementation of Policy of Assessment of Span’s Influence on the Environment and Community and Manage - ment of Associated Risks. It is authorized to organize meetings with external stakeholders when considered necessary for better un- derstanding of matters important to Span. Span’s Supervisory Board also has one em- ployees’ representative among its members.

Role of the Audit Committee

The Audit Committee is responsible for monitoring the financial reporting process and submitting recommendations and pro- posals to ensure its integrity. It monitors the effectiveness of internal control and *Gender as specified by the employees themselves 130 131 risk management systems, including effe- ctiveness of procedures for approval and announcement of transactions between members of the Management Board and the Supervisory Board and Span, and it monitors internal audit. The Audit Committee moni- tors the statutory audit of annual financial statements and consolidated annual state- ments without breaching its independence. It examines and monitors independence of individual auditors or audit firms performing the audit. It discusses plans and the annual internal audit report, as well as significant plans related to this area. The Audit Com- mittee is responsible for the selection of an audit firm, and proposes its appointment. Moreover, it reports to the Supervisory Board about the outcome of the statutory audit in accordance with additional report that the authorized auditor is obliged to submit to the Audit Committee, it explains how the statutory audit contributed to the in- tegrity of financial reporting, and the Audit Committee’s role in that process. The Audit Committee performs all duties in accordance with the applicable regulations, and all its responsibilities are defined in the Rules of Procedure of the Audit Committee. The Audit Committee assesses the quality of internal control and risk management system at least once a year, with a view to appropriately identify and make public- ly available the main risks that Span is exposed to, and to appropriately manage those risks.

Role of the Nomination and Remuneration Committee

The Nomination and Remuneration Com- mittee is responsible for supervising the process of nomination of the members of the Supervisory Board and Management Board, so as to ensure transparency and decency. Its responsibilities are defined in the Rules of Procedure of the Nomination and Remu- neration Committee. Also, the Nomination and Remuneration Committee establishes the independence of independent members of the Supervisory Board, at least once a year assesses the composition, size, membership and quality of work of the Supervisory Board and Man- agement Board, and gives recommenda- tions to the Supervisory Board. It prepares the succession plan for re-appointment or change of members of the Supervisory Board and Management Board, adopts the plan and monitors the progress in achieving target percentage of female members of the Management Board and Supervisory Board. It considers the Management Board’s pol- icy on recruitment of senior management, gives recommendations to the Supervisory Board in relation to the remuneration poli- cy for members of the Management Board and Supervisory Board. Once a year, it gives recommendations to the Supervisory Board in relation to remuneration the members of the Management Board should receive based on Span’s business performance as- sessment and their personal performance, as well as contribution to the achievement of Span’s results. It supervises the amount and structure of remuneration for the senior management and employees as a whole, it gives recommendations to the Management Board concerning the latter’s policies, and it supervises the draw up of obligatory annual remuneration report for the approval of the Supervisory Board.

When we establish targets, administrative, management and supervisory bodies, as well as senior management will monitor the established targets related to materi- al impacts, risks and opportunities. They will monitor progress in achieving those targets through notifications and reports of the department responsible for sus- tainable development and the compliance officer, which shall be given at the monthly meetings of the senior management and submitted to the Management Board at least once a year.

Span adopted the Policy of Assessment of Company’s Influence on the Environment and Community and Management of Asso - ciated Risks, whose implementation is the responsibility of the Management Board, and whose enforcement is supervised by the Supervisory Board. The ESG Depart - ment and the Compliance Officer shall report to the Management Board about the results and efficiency at least once a year. In addition, part of the Management Board was involved in a task force that actively participated in the development of Span’s double materiality. Their involvement en- abled a comprehensive consideration of key impacts, risks and opportunities, as well as future appropriate addressing of those impacts, risks and opportunities in organization’s further actions. Also, ad- ministrative, management and supervisory bodies approved the material impacts, risks and opportunities defined for this reporting period. When it comes to results and effectiveness of policies, actions, metrics and targets adopted to address them, the Management Board will establish a mechanism for their monitoring in 2025. The Management Board established the ESG Department that deals with development and coordination of the implementation of Span Group ESG Strategy, planning, leading and supervising ESG initiatives and projects, organizing and managing teams involved in ESG activities, drawing up and supervising ESG reports for internal and external stakeholders, as well as monitoring and analysing new statutory and regulatory requirements in the ESG area and ensuring compliance. ESG Department also works with different departments in order to integrate ESG standards into business processes and strategy, organizes training, workshops and campaigns for employees in order to raise awareness about ESG matters, and communicates with external stakeholders, including partners, users, auditors and regulatory authorities. ESG Department prepares guidelines and develops internal policies related to ESG. Person responsible for the management of the ESG Depart- ment reports to the Management Board member about the status of the activity on weekly meetings. Given the depth of the process, admin- istrative, management and supervisory bodies this year dealt with all the identified material impacts, risks and opportunities, and a detailed list can be found in the table “An overview of material impacts, risks and opportunities (IRO)” (see SBM- 3). In the following periods, the Group will include identified material impacts, risks and opportunities during strategy monitor- ing, and in the risk management process.

GOV-3 – Integration of sustainability-related performance in incentive schemes and ESRS E1- ESRS 2

Span has a remuneration policy related to sustainability factors in place, but no spe- cific targets related to material impacts, risks and opportunities were indicated for 2024. Also, climate change considerations are currently not included in remuneration of the members of administrative bodies.Same responses apply to the Remuneration Report of the members of the Management Board and Supervisory Board as they apply to the Remuneration Policy.

GOV–4 – Statement on due diligence

Pursuant to the requirements of the ESRS, Span Group initiated the implementation of the due diligence process related to ESG matters. In 2024, through double materiality assessment, we used OECD guidelines as a framework for assessing and managing risks and impacts within our value chain. Given the high level of uncertainty related to the available information, especially from our suppliers and partners, we relied on external sources and relevant analyses in order to ensure necessary due diligence in the process. In the next two years, we plan on implementing a formalized due diligence process in accordance with the international standards and guidelines in order to enhance monitoring and managing ESG risks and opportunities on our value chain.

GOV–5 – Risk management and internal controls over sustainability reporting

Span and Span Group apply relevant internal control processes to collect data and report about sustainability. The primary internal control processes relate to the 4 Eyes Principle, where one person is responsible for collecting/entering the data, while the other is responsible for reviewing of that data. Additional control processes are implemented through approval system extending across several levels within the Group, the Management Board included. Moreover, we hire external experts in order to ensure the quality of assessment of specific input where necessary. Main risks identified when reporting about sustainability were completeness and accuracy of input data when drawing up the report, as well as the risk of lack of adequacy of assessments used. We believe that identified risks were minimized with the implementation of internal control processes. These processes are regularly reported to the Management Board member during weekly meetings dedicated to the topic of sustainability.

supply disruptions, and monitoring global trends and challenges. We use technology and data as the basis for delivering advanced solutions and services that allow for digital transformation of our users. Span Group currently does not have identified sustainability-related goals in terms of significant groups of products and services, customer categories, geographical areas and relationships with stakeholders. We are

SBM-1 - Strategy, business model and value chain

For the description of key elements of our strategy that relate to or impact sustainability considerations, as well as the description of key elements of our business model and value chain, see Overview of operation on page 40.

Headcount of employees by geographical areas:

Country Headcount
Croatia 776
Ukraine 32
Slovenia 28
Estonia 8
Azerbaijan 4
USA 2
Moldova 1
Georgia 1

Highly skilled and diverse workforce is the basis of our business, where we continuously invest in training, development and engagement of our employees. Financial resources ensure our stability and allow for further growth through reinvestments and smart capital control. Collaboration with shareholders, banks and business partners is crucial for our financial success. We maintain transparent and open relationships with financial partners in order to ensure stability and growth of our business. We also work with students, community and other stakeholders in order to ensure access to talents, as well as to provide support to our users and community that is necessary for our development and growth. Natural resources also play an important role in our business. Although we do not use water directly in our operations, we took water into account in our value chain. IT sector uses energy to supply power to data centers, maintain network infrastructure and support the development of software solutions, enabling high-quality services for our users. In order to ensure value chain continuity and resistance, Span is approaching risk management proactively, including identifying and mitigating potential looking to establish goals that will be in line with our long-term plans and sustainability-related obligations. Pilot projects related to cloud, precisely to emission reduction are being developed at this moment. More about this can be found in the topical part “Environmental information E1-4”.

An overview of key activities in Span’s value chain is shown in the diagram, as well as geographic areas in which Span operates:

Upstream

  • Processing of raw materials, production and supply of components, parts, and products
  • Direct inputs
  • Tier 1
  • Tier 2 & 3
  • Packaging and distributors
  • Utilities
  • Storage
  • Financial capital
  • Financial services
  • Leasing
  • Assemblers of finished electronics
  • Disposal of other waste
  • Direct clients
  • Circular economy activities
  • Water discharge
  • Investments
  • Intellectual capital
  • R&D, patents
  • Human capital
  • Legal services
  • System integration
  • Contractors
  • Logistics and distribution

Own operations

  • Preparation, migrations, and innovations, management, monitoring, and solution adoption
  • Cloud business
  • Cyber security, Security Operations Center, Cloud security, Cyber Security Center, NIS 2, DORA IT security
  • Development of business, Microsoft, and Span solutions
  • Business solutions and development
  • Licensing and software asset management
  • Software asset management and licensing
  • Value-added services (e.g., customer support and training)
  • Partnerships
  • Original equipment manufacturers
  • Clients and end users
  • Disposal of electronic waste
  • Waste management
  • Reverse logistics/ recycling
  • Production of components, parts, and products
  • Delivery of components, parts, and products
  • Manufactured capital
  • Companies in the Group in Croatia
  • Companies in the Group outside Croatia
  • Dodatne aktivnosti podrške (npr. HR, računovodstvo, financije, nabava)

Downstream

  • Dependence on resources
  • Leased/owned facilities
  • Natural resources:
    • water for use
    • various sources of electricity for operation
  • Human resources:
    • own workforce
    • workers in the value chain

Companies in the Group

  1. Span Cyber Security Incubator
  2. Trilix
  3. Fintech Digital Services

Companies in the Group outside Croatia

  1. Span d.o.o. Ljubljana
  2. Span USA Chicago
  3. Span Azerbaijan Baku
  4. Span LLC Kyiv
  5. Span IT Chișinău
  6. Span GT Tarkvara
  7. Span LLC Tbilisi

SBM-2 - Interests and views of stakeholders

| Key stakeholder | Method of engagement | Purpose and outcome of engagement # Significance of the impact, severity of the consequences and likelihood of the occurrence of an impact, as well as Span’s performance in impact management were evaluated for each topic. External stakeholders are involved through passive engagement activities, such as value chain mapping, benchmark analysis (peer companies, sector-specific material topics of GRI standards for reporting and agency rating), i.e. collecting material ESG information about stakeholders through reports and websites, as stated in EFRAG Material- ity Assessment Implementation Guidance. External stakeholders, i.e. Span’s largest suppliers and users are thus involved in the value chain, and are as such identified as key stakeholders. External stakeholders were also involved through interviews and focus groups. Our internal “owners” of individual departments and topics recognized their key stakeholders, which we then contacted directly, interviewed those who responded, and conducted focus groups with them and external consultants. All the data obtained through such engagement is reviewed by the Management Board, which applies that data when considering new services and solutions. The Management Board is reported to regularly during dedicated sustainability-related meetings.

ESRS S1 - ESRS 2 SBM-2 – employees

Services management, technical support and Security Operations Center (SOC) are among the key pillars of our business, and so is their availability 24/7, 365 days a year. This high work intensity is applicable regardless of whether the systems were designed, developed and put into service by our organization or other suppliers. Together with technical support, we provide a comprehensive user protection from a wide range of cyber threats within SOC. This business model, although indispensable for quality and timely service, can significantly impact working conditions of employees, including potential stress, challenging working hours, and difficulties in maintaining work-life balance. Although employees are not directly involved in framing Span’s strategy, their views and feedback significantly impact the process of adaptation of business practices. A key source of such information is the regular work climate analysis in which employees rate the level of their satisfaction through 12 aspects, satisfaction with the management included. This assessment includes their opinion on how efficient the Management Board is in managing business policy, organization and communication within Span. Also, we examine employee satisfaction with working conditions, working hours, salary and work-life balance. Based on the results of the analysis and employee feedback, we introduce specific actions in order to improve working conditions. (More information about the actions can be found in the topical part “Information on social factors – S1”). In addition, employees are able to anonymously express their needs and interests through digital channel “Virtual Inbox”, available on Viva Engage internal network. In order to further reinforce the engagement of employees in decision making, employees’ representative was appointed a member of the Supervisory Board of Span for a four-year mandate at the end of last year. This way, Span incorporates own workforce perspectives into strategic processes and management.

ESRS S3- ESRS 2 SBM-2 – community

Span’s positive impact on educational institutions and non-profit organizations stems from our expertise in providing infrastructure services, cloud solutions, cyber security, technical support, software and business solution development. Lectures and workshops that our employees teach in faculties, and know-how that they share are related to our business through specific technology topics and practices. In the collaboration with non-profit organizations segment, we develop applications using Microsoft Power Platform, thereby contributing to making their business more efficient by implementing our business solutions (read more on page 108). Although a direct adaptation of strategy is not the main goal for now, in the long term, activities with educational institutions and non-profit organizations can contribute to the adaptation of business models. Connecting with future experts and raising awareness about the importance of cyber security, we get recognized among students, which can lead to their employment and further development in the organization. These initiatives also foster innovations, and increase visibility and reputation in technological community. We actively collaborate with community representatives in order to understand their needs and integrate them into our business processes.

ESRS S4- ESRS 2 SBM-2 – users

Span puts consumers and end users (hereinafter: users) in the centre of its strategy and business model, ensuring their interests, views and rights are acknowledged through an integrated approach targeted at transparency, security and innovations. Regular interaction with users, including questionnaires, workshops and feedback from customer support allow for the acknowledgement of specific needs and opportunities to improve the services. This approach enables Span to adapt its solutions to specific demands of users, such as custom-made IT solutions and cyber security solutions. Span undertakes to protect the privacy and confidential data of users (that it has access to with a view to fulfil a contractual obligation), which is crucial for the IT industry. Implementation of cyber security standards and compliance with applicable legal requirements (e.g. GDPR) makes users trust Span’s services. Therefore, our strategy and business model play a key role in mitigating material impacts on users. Implementing more stringent measures when it comes to data protection and GDPR compliance helps reduce the risk of invasion of privacy and misuse of personal data. Furthermore, through its services, Span provides a safe and efficient approach to digital solutions to its end users, thereby contributing to the improvement of their digital rights and freedoms. Span’s business model and strategy are adapted in order to ensure compliance with applicable regulations and standards, and to protect the identified impact of data privacy, as well as users’ rights. For example, privacy policy available on our website provides clear guidelines for collection, processing and storage of users’ personal data. Also, we regularly educate our employees about the importance of privacy protection and data security, and we conduct internal audits in order to ensure compliance with our policies and procedures.

SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model

In the course of DMA, we identified and assessed a total of 41 impacts, and 30 risks and opportunities. As the result of double materiality assessment, we identified a total of 18 material impacts, risks and opportunities (IRO) – 11 material impacts, and 7 material risks and opportunities. Given the fact that Span Group does desk job only, no specific impacts on economy, society and environment by specific location were identified. Therefore, we don’t have impacts defined for a specific subsidiary undertaking, but solely for the Group. More information about material impacts, risks and opportunities (IRO) can be found in topical parts of non-financial statement (Environmental information, Social information and Governance information). These parts provide a comprehensive overview of how material impacts, risks and opportunities relate to our business, and how we plan on managing them.

Location in the value chain Time horizon Sustainability matters and related IROs I/R/O Upstream Own operations Downstream Short-term Medium-term Long-term
E1 – Climate change mitigation – Scope 1&2&3 Impact on global warming with Scope 1&2 GHG emissions caused by the energy consumption for the purpose of company vehicles and desk jobs (electricity, air conditioning, etc.). Also, Scope 3 GHG emissions from the value chain (upstream and downstream). Negative impact X X X X X X
E1 – Energy – Energy consumption In the IT industry, a large amount of electricity is used for cooling, heating, ventilation, air conditioning, lighting and equipment operation (computers, servers, etc.). Span uses non-renewable sources for primary energy consumption. Negative impact X X X X X X
E1 – Climate change mitigation – sector-specific (cloud solutions) Transition to cloud solutions reduces the use of individual servers, thus reducing total energy consumption and GHG emissions. Span’s transition to such solutions optimizes the majority of business processes, from development and testing to creation and scaling, which can also help organization increase its agility, reduce costs and improve time to market on global level. Positive impact X X X X X X
S1 – Equal treatment for all – Diversity Lack of equal treatment and opportunities for all (covering age, gender, culture), including equal pay – equal work, can negatively impact employee satisfaction and their performance. Span systematized its salaries, but unequal pay may still exist in specific circumstances. Negative impact X X X X X X
S1 – Working conditions – Work-life balance Inadequate management of working days and days off can negatively impact employees and their mental health. This impact can be seen in employees doing shift work and night shifts, and Span operates in that way. Negative impact X X X X X X
S1 – Other work-related right – Privacy Potential negative impact on employees through violation of data privacy. Negative impact X X X X X X
S3 – Company-specific Span partners with educational institutions and thus makes a positive impact on local and wider community. Also, Span offers education opportunities and a possibility to increase digital competences of children in schools.

X X S4 – Information-related impacts for consumers and/or end-users – Privacy

Non-compliance with GDPR can lead to the invasion of privacy of consumers and end-users, exposing their personal data to unauthorized access and misuse. It can result in identity theft, financial losses and a sense of insecurity among consumers and end-users.

Negative impact

X X

Overview of material impacts, risks and opportunities (IRO)

Location in the value chain Time horizon Sustainability matters and related IROs I/R/O Short- term Medium- term Long- term
Upstream Own operations G1 – Management of relationships with suppliers including payment practices Positive impact on suppliers through better relationships that enhance cooperation, e.g. expansion of the product/service range of suppliers, open communication on improving the quality of suppliers’ services and consistency in standards. Positive impact can be seen in all the locations where Span operates. Positive impact X X
Upstream Own operations G1 – Supplier selection If the organization does not take into account social and environmental criteria in its supplier selection, it might be interpreted as supporting unsustainable and unethical practices. It can negatively impact the environment and society, and threaten the long-term sustainability of business. Negative impact X X
Upstream Own operations G1 – Corruption and bribery – Prevention and detection including training Lack of efficient measures to prevent and detect corruption and bribery can result in unethical conduct within the organization. It can threaten the working culture and create an unfair working environment for employees. Negative impact X X
Own operations E1 – Climate change adaptation Given the importance of telecommunication networks for our core business, network infrastructure problems caused by the climate change (during severe weather conditions, such as flooding, fire) may result in disruption of service, leading to loss of revenue and/or unintended capital expenditures for the repair of damaged or jeopardized equipment. Risk X X
Own operations S1 – Working conditions – Secure employment Loss of key staff holding strategic positions may disrupt business operations, prevent strategic initiatives and weaken the organizational abilities, leading to the decline of productivity, moral and innovations within the organization. Risk X X
Own operations S1 – Equal treatment and opportunities for all – Diversity Promoting equal opportunities to advance diversity and inclusion of women, which may lead to higher employee retention rate and their increased satisfaction. Opportunity X X
Own operations S1 – Equal treatment and opportunities for all – Training and skills development Opportunities for career development (e.g. career development plan and upskilling opportunities) may cause moral development and lead to employee satisfaction, turnover reduction and the reduction of costs for the organization related to training of newly employed staff. Opportunity X X
140
141 Location in the value chain Time horizon Sustainability matters and related IROs I/R/O Short- term Medium- term
Own operations S1 – Equal treatment and opportunities for all – Training and skills development Through internal recruitment, employees feel a sense of belonging to the organization, and they are also proved there are further opportunities for skills development, leading to increased employee satisfaction, turnover reduction and the reduction of costs for the organization related to recruitment and training of newly employed staff. Opportunity X X
Own operations S1 – Company-specific Acquisitions, environment in which we operate (IT industry) is a rapidly changing one, and that’s why the topic of change management is very important. It goes hand in hand with employee resistance due to changes in the business model. Risk X X
Own operations G1 – Company-specific Increased demand for cyber security solutions and services paves the way for the offer of innovative solutions and a potential opportunity for returns on investments. Opportunity X X

We assessed financial effects in respect of the assumed effects on operations, i.e. in what way that risk can financially affect us in case of complete suspension of the possibility to provide services. This is a qualitative analysis and the actual financial effects were estimated. We focused on potential costs of three-day process stoppage and how those risks could directly affect operations. This includes potential days of inability to work, loss of key users, decline in trust, loss of reputation and degradation of service.

In 2024, there were no actual financial effects deriving from risks and opportunities identified through double materiality assessment. Expected financial effects of material risks and opportunities on financial position, financial performance and cash flows over the short-, medium- and long-term were not systematically assessed so far.

As part of the double materiality assessment, resilience of the business model of Span Group in the course of this reporting period was taken into account, with a view to identifying, understanding and managing material impacts, risks and opportunities, i.e. the Group considered whether it is able to respond to them, and in what ways. As part of the Business Continuity Plan, Span analysed physical climate risks, including risk of fire and flooding. These risks can seriously jeopardize network infrastructure and business continuity, especially if they occur in central locations in Zagreb. More information about this can be found in chapter IRO-1 – Climate change.

In the future, the Group plans on conducting a quantitative analysis, with a view to disclosing detailed information on impacts, risks and opportunities in future periods. Also, with respect to the results of qualitative analysis of the resilience and already identified material impacts, risks and opportunities, a sustainability strategy will be put in place, and goals will be set, in order to mitigate negative impacts and risks, and embrace opportunities, i.e. further develop positive impacts.

No analysis of the resilience was conducted for identified material impacts and risks related to other sustainability factors. Since this is the first reporting year, we are currently not able to compare changes in material impacts, risks and opportunities to a previous period. In future reports, we plan on tracking and analysing these changes in order to ensure continuous improvement and business adaptation.

IRO-1 – Description of the process to identify and assess material impacts, risks and opportunities

In Span, we developed a comprehensive methodology of double materiality assessment based on regulatory requirements of the CSRD and ESRS. This methodology allows us to identify and prioritize key sustainability topics over four phases: understanding, identification, assessment and consolidation. and financial effect for risks and opportunities.

Assessment process is supported by the rating mechanisms (1 to 5) that ensure objectivity and consistency. In this phase, results were verified through consultations with internal experts.

  1. In the consolidation phase, we consolidated and analysed assessment results in accordance with set thresholds of materiality (3.5 of 5). Topics that require managing and reporting were defined based on that, in accordance with ESRS.

Impact materiality:

The first dimension of double materiality is the impact materiality (“inside-out” perspective). According to EFRAG standards, a topic is material from the following perspective: “when it pertains to the organization’s material actual or potential, positive or negative impacts on people or the environment”. It is defined as “impacts in relation to environmental, social and governance factors”. For this part of the analysis, impacts in relation to environmental, social and governance factors were identified in discussions with key internal stakeholders, through research and active and passive involvement of external stakeholders from the value chain, as well as through benchmark analysis. The analysis aims to identify cause/effect relationships between Span’s practices and its value chain, as well as its impact on society or the environment.

Firstly, topics were contextualised in order to explain why they are relevant to Span and its value chain. Next, impacts of each topic on society or the environment were described. Finally, impacts were classified as prescribed in ESRS 1. (para. 43).

In the identification process, it was taken into account whether an impact:
• is actual or potential;
• is negative or positive on people or the environment;
• occurs over the short-, medium- or long-

  1. In the understanding phase, we defined the scope of the reporting, mapped the value chain, and identified relevant sustainability topics through benchmark analysis and a review of previous materiality assessments. This analysis includes taking into account external sources, such as sectoral reports and suppliers’ data, involvement of stakeholders through focus groups, as well as internal insights of Span’s key departments.

  2. In the identification phase, we recognized potential and actual impacts, risks and opportunities (IRO) within own operations and the entire value chain. Internal and external stakeholders were involved in order to ensure the integrity of analysis, and contextual factors, such as IT industry specifics were further taken into account.

  3. In the assessment phase, we assessed the identified impacts, risks and opportunities based on clearly defined criteria: severity, scale, scope and likelihood for impacts,

142
143
term, covering all affected stakeholders (own operations and upstream and downstream value chain) related to availability of those resources can impact the business.Connection of impacts and dependencies with the risks and opportunities is further considered through benchmark analysis and sectoral data, thus ensuring the comparison with competitors and industry standards. In addition, consultations with stakeholders (internal and external) provide additional insights into potential opportunities arising from sustainability, such as implementation of new technologies or entry into markets with increased sustainability requirements. The analysis aims to establish how risks and opportunities (e.g. legal, reputational, operational, financial, as proposed in ESRS 1 AR 13.) related to topics identified in the short list can impact Span’s activities over short-, medium- and long-term. Structure of the analysis comprises of topic definitions and topic contextualisations that provide details in relation to scope (i.e. own operations, upstream, downstream) for each topic, as well as potential details about the company in relation to topic relevance. It describes how a topic can be either risk or opportunity for Span, as well as operational, financial, reputational and legal risks for Span relating to particular topic, on the basis of research. Financial assessment of risks or opportunities is drawn up through the assessment of scale, likelihood and impact on long-term performance of topic on Span, and it sums up main sustainability related risks and opportunities. Since ESRS does not specify range of scores, we decided to define thresholds of materiality: 3.0 for materiality of actual impacts (1 to 5 on severity scale); 3.5 for materiality of potential impacts (1 to 5 on a scale with likelihood dimension); 3.5 for financial materiality (on a 1 to 5 scale). Impacts, risks and opportunities below these thresholds of materiality are not considered significant enough to be defined as material (ESRS 1, para. 31). Different thresholds of materiality for the impact assessment are the result of assessment methodology in order to ensure that actual impacts have greater significance with respect to potential impacts. Scale of the assessment comprises financial effect of risks or opportunities on key business metrics (e.g. revenue, costs, operational activities). As a starting point for determining the threshold of significant financial impact, the materiality threshold for financial statements was taken, which was then adjusted for short-term and long-term periods, as well as the estimated financial impact that the Group could suffer due to the negative impact of risks, but also the positive impact of opportunities. Assessment combines quantitative analyses (e.g. assessments of financial effect) with qualitative insights (e.g. feedback from stakeholders and internal experts). That process allows for clear understanding of priorities among identified risks and opportunities. Administrative, management and supervisory bodies are notified about the views and interests of the stakeholders concerning sustainability through reports and during meetings of the Management Board. Sustainability related controls have not yet been implemented in the integrated framework of internal control, and this activity is planned for 2025. Decision-making process is done by way of a structured framework in which roles and responsibilities of key participants are clearly defined. ESG co-ordinator and task force for sustainability are in charge of the analysis and gathering material for materiality assessment, which is then presented to the Management Board and senior management. At the moment, Span Group does not have a completely integrated process to identify, assess and manage sustainability impacts and risks within overall risk management system. However, we are aware of the importance of systematic integration of ESG risks into a wider context of risk management in order to ensure compliance with regulatory requirements and long-term business resilience. We plan on developing and implementing a framework in order to enable a complete integration of ESG risks into risk management processes of the organization.

IRO-1 – Climate change

At the level of Span Group, an analysis of activities and plans was conducted in order to identify actual and potential impacts on climate change by way of calculating GHG Scope 1, 2 and 3 emissions in own operations and in the entire value chain for 2024. Those results will be used as starting point for future comparison of emissions. This process includes an analysis of emissions that are directly related to our operations (Scope 1), emissions from the consumption of purchased electricity (Scope 2), and emissions that occur in the value chain (Scope 3). More detailed information can be found in the topical part “Environmental information – E6”. Also, drivers of other impacts related to climate change were identified, such as energy consumption. This analysis will enable further development of our strategy to reduce emissions and improve energy efficiency. When identifying and assessing material impacts, risks and opportunities related to climate change, we identified the following material impacts: Span’s assessment process focuses on identifying key risk factors related to business, entire value chain (including own operations, suppliers and users) and geographical areas. Looking at inherent impacts, and on the basis of Span’s sector (IT industry), we assumed that the impacts deriving from Span’s business are negative. Along with negative impacts, we identified several positive impacts. Negative impacts are prioritized under severity (scale, scope, irremediable character) and likelihood criteria. Identification comprises short-, medium- or long-term impacts on people or the environment, including own operations and the entire value chain. Positive impacts are also prioritized, but the emphasis is placed on their relative scale, scope and long-term benefit.

Financial materiality

The second dimension of double materiality is the financial materiality (“outside-in” perspective). According to EFRAG standards, a topic is material from the following perspective: “if it triggers material financial effects on the organization”. Span approaches the assessment of risks and opportunities with financial effects through an integrated model that connects business impacts and value chain dependencies with potential risks and opportunities. Through value chain mapping, Span identifies key business aspects that may have financial effects, including direct (e.g. increase of energy costs) and indirect ones (e.g. reputational risks related to suppliers and users). Analysis of dependencies includes an assessment of the dependency of business model on key resources (human, technological or natural), and how potential disruptions

a) Climate change mitigation (GHG emissions – Scope 1, 2 and 3)

We assess GHG emissions that are directly related to our operations (Scope 1 and 2), and they largely derive from the energy consumption for the purpose of company vehicles, air conditioning and heating, and electricity for offices. Moreover, we analyse Scope 3 emissions in the supply chain (upstream and downstream) and focus on transport, product use and other activities related to value chain. We analyse the impact of our largest supplier as well.

b) Energy consumption

We analyse the total energy consumption and focus on the consumption of electricity in the IT industry for the purpose of equipment operation, cooling, heating, ventilation and air conditioning.

c) Sector-specific impacts (cloud solutions)

Transition to cloud solutions reduces the use of individual servers, thus reducing total energy consumption and GHG emissions. Also, redesign of system architecture includes replacing platform resources, such as virtual servers, with more efficient resources that are automatically scaled depending on their load, or using newer types of resources that perform better with fewer emissions. In addition, a risk for the business model was identified and recognized in sub-topic:

d) Climate change adaptation

This risk concerns inability of exercising core business activities due to network infrastructure problems caused by the climate change consequences, such as acute hazards related to climate (e.g. flooding and fire). First assessment of physical climate risks for critical infrastructure we manage, and for buildings that we own and operate was conducted in 2022. The assessment was conducted within the certification process for ISO 22301 (Business continuity management), a standard we were certified for in April 2023. Our assets and business activities may be exposed and susceptible to hazards related to physical risks, and that's why we carry out regular assessments as part of the Business Continuity Plan in order to identify high risk areas and develop strategies for their mitigation. We did not identify major hazards in the short-term in daily operational activities, except for fires, flooding and earthquake. These physical risks can seriously jeopardize business continuity or even cause disruption of services, especially if they occur in central locations in Zagreb. IT director and CISO were consulted, with IT director being in charge of the risk. Business Continuity Plan was indicated as an initial control process, and risk treatment plan was created. Activity proposed was reconfiguration of network resources in such a way as to support functioning of only one location in Zagreb. Performance measure of the plan was a successfully carried out exercise of relocating Service Desk from location in Savska, and SOC to a location in Koturaška. We continue to monitor and analyse business impacts and resulting risks. Testing of existing recovery procedures has proved to be successful.# In case of changes of architecture and functionalities, if necessary, we will repeat the testing, but for now we focus on potential new risks and recovery procedures as a result of their analysis. Overall formal assessment to analyse the exposure of all assets and business activities to climate-related hazards, taking into consideration the likelihood, magnitude and duration of the hazards was not conducted, nor were the geospatial coordinates specific for our locations and supply chains taken into account. However, we are aware of the importance of climate-related risks, and in the future we plan on developing more systematic approach to identifying and assessing potential climate-related impacts on our business that will cover all locations. We identified key transition events, such as regulatory changes (government measures), market pressure for reducing emissions and technological innovations. At this moment, we did not identify transition risks as material.

IRO-1 Pollution, IRO-1 Water and marine resources, IRO- 1 Resource use and circular economy, IRO-1 Biodiversity and ecosystems

Tangible and intangible assets, locations and business activities of Span were included in double materiality assessment in order to assess actual and potential impacts, risks and opportunities related to pollution, water and marine resources, biodiversity, circular economy and ecosystems. In own operations, and taking into account results of the DMA conducted, previously indicated actual and potential impacts, risks and opportunities were identified as non-material. They were also assessed in the value chain, by way of research and interviews with external stakeholders and experts. Taking into account the first year of analysis and the transitional provision 10.2., which allows for three-year period to establish a process for obtaining information from the value chain, we did not make particular effort to involve stakeholders for this purpose, but we used previously obtained information and existing processes and channels of communication with local communities and wider public.

IRO1 – Business conduct

In the process of identifying material impacts, risks and opportunities related to business conduct, we focused on Span’s existing good practices. We analysed our business conduct by way of comparison with other organizations and interviews with internal experts, taking into account relationships with users by all means. As a result of this assessment, the topics of anti-corruption and supplier relationship management, including payment practices, were highlighted. Opportunity for developing security solutions to combat cyber attacks was also recognized.

IRO-2 – Disclosure requirements in ESRS covered by the organization’s sustainability statement

We identified information to be disclosed related to our material impacts, risks and opportunities. To that end, we used principles and criteria from ESRS 1 section 3.2 “Material matters and materiality of information”. This process was developed in order to ensure that disclosed information faithfully reflects organization’s impact on sustainability and its exposure to risks and opportunities that may have material impact on business model, strategy and financial results. The process of identification was initiated by a comprehensive double materiality assessment to analyse sustainability matters from two perspectives: (1) impact of company’s business on the environment, society and governance, and (2) financial and strategic effects of sustainability-related risks and opportunities on the company. Feedback from various sources was gathered in the process, including consultations with stakeholders, regulatory requirements, industry standards and internal business data. Span’s Management Board reviewed and approved the identified material topics. Through this approach, we ensure that disclosed information provides a comprehensive and transparent insight into our most important sustainability-related impacts, risks and opportunities. We also enable our stakeholders to make informed decisions, and we are committed to reinforcing transparency in sustainability reporting.

6.2. Environmental information (E1)

Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation)

Regulation (EU) 2020/852 (Taxonomy Regulation) is a classification scheme of environmentally sustainable economic activities and a vital tool for achieving the strategic goals of the European Green Deal. In its 2024 report, Span Group discloses the proportions of environmentally sustainable economic activities aligned with the taxonomy related to the first two taxonomy objectives: (1) climate change mitigation and (2) climate change adaptation; taxonomy-eligible activities related to all six taxonomy objectives; and taxonomy-non-eligible activities in its group turnover, capital expenditure (CapEx), and operational expenditure (OpEx).

In calculating the key indicators, we used the following interpretations:

  • Taxonomy-eligible economic activities are those described in the delegated acts supplementing the Taxonomy Regulation, regardless of whether they meet any or all of the technical screening criteria established in the delegated acts.
  • Taxonomy-aligned economic activities meet the criterion of significant contribution to one or more environmental objectives; do not cause significant harm to any of the environmental objectives; are conducted in compliance with minimum safeguards; and comply with the technical screening criteria in the delegated acts supplementing the taxonomy.
  • Taxonomy-uneligible economic activity is any economic activity not described in the delegated acts supplementing the Taxonomy Regulation.

Key performance indicators for reporting under Taxonomy Regulation (taxonomy KPIs) include turnover taxonomy KPI, CapEx taxonomy KPI and OpEx taxonomy KPI, and they are calculated separately for eligibility and alignment.

Eligibility analysis

The proportion of taxonomy-eligible economic activities in our turnover is calculated as the share of turnover derived from products and services related to taxonomy-eligible economic activities (numerator) divided by total turnover (denominator) for the reporting year 2024. The numerator of the turnover taxonomy KPI is defined as the revenue generated from products and services related to the taxonomy-eligible economic activity from the section Computer programming, consultancy, and related activities.

The CapEx KPI for eligibility is defined as the ratio of taxonomy-eligible capital expenditures (numerator) and total capital expenditures for the reporting year. Capital expenditures include the acquisition/commissioning of new fixed assets, revaluation of property, capitalized internal software development, and capitalized long-term leases. In this segment, we compared the activities with taxonomy-eligible economic activities. We identified the internal development of software solutions, ownership of vehicles, and ownership and use of property, as described in the sections Computer programming, consultancy, and related activities, Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings.

The OpEx KPI for eligibility is defined as the ratio of total taxonomy-eligible operating expenditures (numerator) and total operating expenditures (denominator) in the reporting year. According to the taxonomy definition, total operating expenditures consist of direct non-capitalized costs related to research and development, building renovation measures, short-term leases, maintenance and repairs, and all other direct expenses related to the day-to-day servicing of property, plant, and equipment. In our case, this includes costs for the maintenance of the Group’s business premises, maintenance and car rentals related to sections Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings.

Analysing Span’s business activities in accordance with the requirements of Taxonomy Regulation, we identified that our only taxonomy-eligible turnover falls under the section Computer programming, consultancy, and related activities, pertaining to IT services. The total turnover generated from taxonomy-eligible IT services in 2024 amounted to EUR 51,031 thousand (28%), and the capital expenditures related to internal development costs associated with these services amounted to EUR 544 thousand (15%).

Considering that the Taxonomy Regulation is not limited to activities related to our core business, we recognized taxonomy-eligible activities in our capital expenditures and operating expenses under the sections Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings. Capital expenditures related to the Transport by motorcycles, passenger cars and light commercial vehicles activity include car purchases in 2024, amounting to EUR 464 thousand (13%), while the operating expenses amounted to the total of EUR 611 thousand (52%), including car maintenance and rental costs. In the reporting period, the taxonomy activity Acquisition and ownership of buildings, specifically the right-of-use assets accounted for 53% of total capital expenditures (EUR 1,947 thousand) and 19% of operating expenses (EUR 227 thousand) for the maintenance and rental of right-of-use properties.

Alignment analysis

We subjected the identified eligible activities to a taxonomy alignment assessment. We followed the prescribed evaluation steps for taxonomy-eligible activities from sections Computer programming, consultancy and related activities, and Acquisition and ownership of buildings.Given that according to the EU taxonomy both groups of activities can contribute to the taxonomy objective of climate change adaptation, we determined to what extent they contribute to this objective. For economic activities related to Transport by motorcycles, passenger cars and light commercial vehicles, we examined whether they significantly contribute to climate change mitigation. Next, we verified whether these activities met the technical screening criteria for doing no significant harm to other taxonomy objectives and checked their alignment. Finally, we ensured that we met the minimum safeguards in their implementation, in alignment with the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights, including the principles and rights set out in the eight core conventions defined in the ILO Declaration on Fundamental Principles and Rights at Work and the International Bill of Human Rights. A prerequisite for determining that an economic activity contributes to the goal of climate change adaptation for recognized taxonomy-eligible IT services and property is conducting a process of analysis and assessment of physical climate risks. The first evaluation of physical climate risks for the critical infrastructure we manage and for buildings we own and operate was carried out in 2022 as part of the ISO 22301 Business Continuity Management certification process (for which we received the certification in April 2023). The carried out assessment included a limited number of physical climate risks. The assessment was not carried out using location-based climate projections and impact assessments, considering the latest scientific advancements in sensitivity and risk analysis and related methodologies in line with the latest reports from the Intergovernmental Panel on Climate Change. Until we conduct a comprehensive physical climate risk assessment that includes climate projections based on various climate scenarios for all our locations, we cannot assert that our activities are aligned with this technical screening criterion. In 2024, we invested EUR 29 thousand in new vehicles that meet the criteria for emissions from light vehicles and road vehicle tires. These are new cars, manufactured in the European Union, which comply with the recyclability criteria and will be given back by Span to the leasing company at the end of the lease period. Span’s Code of Business Conduct outlines the values and ethical principles we rely on in our operations. At Span, we respect the fundamental human rights defined in the United Nations Universal Declaration of Human Rights and internationally recognized principles and guidelines. As an employer, Span is committed to working in accordance with the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work. In 2024, we conducted an assessment of our potential and actual adverse impacts on the environment and society, including human rights, and did not encounter any cases of human rights violations. We will continue to strengthen our responsible policies and practices regarding human rights protection by examining the impacts of our activities across our entire value chain. Taxonomy-aligned economic activities constitute 1% of our capital expenditures and 1% of our operating expenditures.

Turnover

Substantial Contribution Criteria DNSH criteria ('Does Not Significantly Harm')
Economic activities Absolute turnover Proportion of turnover Climate Change Mitigation Climate Change Adaptation Water and marine resources Circular Economy Pollution Biodiversity and ecosystems Climate Change Mitigation Climate Change Adaptation Water and marine resources Circular Economy
(EUR) % Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No Yes/No Yes/No Yes/No Yes/No
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (Taxonomy-aligned)
Turnover of environmentally sustainable activities (Taxonomy-aligned) (A.1) 0.00 0.00% 0.00% 0.00% 0.00% 0.00% 0.00% 0.00%
A.2. Taxonomy-Eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)
8.2. Computer programming, consultancy and related activities 51,031,284.30 28.32% E 30.60%
Turnover of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2) 51,031,284.30 28.32% 0.00% 28.32% 0.00% 0.00% 0.00% 0.00% 30.60%
Total (A.1+A.2) 51,031,284.30 28.32% 0.00% 28.32% 0.00% 0.00% 0.00% 0.00% 30.60%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of Taxonomy-non-eligible activities 129,151,670.17 71.86%
Total turnover (A+B) 180,182,954.47 100%

Capital expenditure

Substantial Contribution Criteria DNSH criteria ('Does Not Significantly Harm')
Economic activities Absolute capital expenditure Proportion of capital expenditure Climate Change Mitigation Climate Change Adaptation Water and marine resources Circular Economy Pollution Biodiversity and ecosystems Climate Change Mitigation Climate Change Adaptation Water and marine resources Circular Economy Pollution Biodiversity and ecosystems
(EUR) % Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No Yes/No Yes/No Yes/No Yes/No Yes/No Yes/No
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (Taxonomy-aligned)
6.5. Transport by motorbikes, passenger cars and light commercial vehicles 29,109.00 0.79% Yes Yes Yes Yes Yes 1.00%
Capital expenditure of environmentally sustainable activities (Taxonomy-aligned) (A.1) 29,109.00 0.79% 0.79% 0.00% 1.00% 0.00% 0.00% 0.00%
A.2. Taxonomy-Eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)
6.5. Transport by motorbikes, passenger cars and light commercial vehicles 463,884.00 12.52% E 6.60%
7.7. Acquisition and ownership of buildings 1,946,811.49 52.55% E 9.78%
8.2. Computer programming, consultancy and related activities 544,040.30 14.68% E 7.31%
Capital expenditure of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2) 2,954,735.79 79.75% 65.07% 14.68% 0.00% 0.00% 0.00% 0.00% 23.68%
Total (A.1+A.2) 2,983,844.79 80.54% 65.85% 14.68% 0.00% 0.00% 0.00% 0.00% 24.68%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Capital expenditure of Taxonomy-non-eligible activities (B.) 750,150.90 20.25%
Total capital expenditure (A+B) 3,704,886.69 100%

Operating expenditure

Substantial Contribution Criteria DNSH criteria ('Does Not Significantly Harm')
Economic activities Absolute operating expenditure Proportion of operating expenditure Climate Change Mitigation Climate Change Adaptation Water and marine resources Circular Economy Pollution Biodiversity and ecosystems Climate Change Mitigation Climate Change Adaptation Water and marine resources Circular Economy Pollution Biodiversity and ecosystems
(EUR) % Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No/E Yes/No Yes/No Yes/No Yes/No Yes/No Yes/No Yes/No/E
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (Taxonomy-aligned)
6.5. Transport by motorbikes, passenger cars and light commercial vehicles 7,937.75 0.68% Yes Yes Yes Yes Yes 0.27%
Operating expenditure of environmentally sustainable activities (Taxonomy-aligned) (A.1) 7,937.75 0.68% 0.00% 0.00% 0.27% 0.00% 0.00% 0.00%
A.2. Taxonomy-Eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)
6.5. Transport by motorbikes, passenger cars and light commercial vehicles 611,189.93 51.98% E 57.03%
7.7. Acquisition and ownership of buildings 226,840.86 19.29% E 17.68%
Operating expenditure of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2) 838,030.79 71.27% 71.27% 0.00% 0.00% 0.00% 0.00% 0.00% 74.71%
Total (A.1+A.2) 845,968.54 71.94% 71.27% 0.00% 0.00% 0.00% 0.00% 0.00% 74.98%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Operating expenditure of Taxonomy-non- eligible activities (B.) 337,858.81 28.73%
Total operating expenditure (A+B) 1,175,889.60 100%

E1-1 - Transition plan for climate change mitigation

Currently, there is no transition plan for climate change mitigation at the level of Span Group, but we plan on adopting one until 2028.

SBM-3 E1

At Company level, material physical risks related to climate change were identified, risk of fire and flooding in particular. These risks can impact business operations, infrastructure and supply chains, and cause potential breakdowns in our business, material damage and increased operating expenses. The Company continuously monitors these risks and analyses potential mitigation actions, including business continuity plans within Business continuity management system (BCMS), and infrastructure adaptations in order to reduce the impact of extreme weather conditions. More about physical risks resilience and our BCMS can be found in chapter ESRS 1 – ESRS 2 – IRO-1. However, the carried out assessment included a limited number of physical climate risks, and was not carried out using location-based climate scenarios and impact assessments, considering the latest scientific advancements in sensitivity and risk analysis and related methodologies in line with the latest reports from the Intergovernmental Panel on Climate Change.Until we conduct a comprehensive physical climate risk assessment that includes climate projections based on various climate scenarios for all our locations, we cannot assert that our activities are aligned with this technical screening criterion. Currently, there are no identified material transitional risks at Span Group level. Analysis of value chain resilience was conducted through a sectoral analysis of 15 of Span’s key users and suppliers and their vulnerability in terms of transition to low-carbon economy. Except for publicly available information (sustainability reports), Span does not possess detailed information from the suppliers, which is a challenging factor in the assessment of total vulnerability. Span Group did not establish critical assumptions and analyses related to transition to a lower-carbon and resilient economy until now. However, we are aware of the potential impacts and we are considering integrating other climate-related risks and opportunities into our long-term strategy. In the following period, a channel for obtaining more accurate information from the suppliers will be set in place, and financial analysis was qualitative. We plan on conducting quantitative analysis in the next two years. We did not identify the need to adapt the strategy and business model in order to secure ongoing access to finance.

E1-2 - Policies related to climate change mitigation and adaptation

At Span, we do not have a policy that involves climate-related impacts in place at the moment. There are plans to review the Environment and energy efficiency policy in order to adapt the policy to material impacts, risks and opportunities. In the IT industry, a large amount of energy is used for cooling, heating, ventilation, air conditioning, lighting and equipment operation. Our policy will include actions to reduce energy consumption and increase energy efficiency. Also, cloud solutions optimization reduces the use of individual servers, thus reducing total energy consumption and GHG emissions. This positive impact will be identified and included in our policy.

E1-3 i E1-4 - Actions and resources in relation to climate change policies and Targets related to climate change mitigation and adaptation

In 2024, the only climate-related action was the system architecture redesign to reduce emissions. However, Span currently does not have formal action plans and goals in place to address each climate-related material impact, risk or opportunity. Formal process for establishing goals and plans is being developed at the moment.

System architecture redesign to reduce emissions:

In 2024, we redesigned system architecture of the Span Resolution application. It is a business-critical IT Service Management application fully developed for Microsoft Azure cloud. Application is currently hosted in the West Europe Azure region. Reasons for redesign were cost savings, fulfilling the business continuity requirements, and reducing adverse impact on the environment. The project was initiated in mid-2023, and it was completed in June 2024. Redesign included replacing platform resources, such as virtual servers, with more efficient resources that are automatically scaled depending on their load, or using newer types of resources that perform better with lower costs. As a result of the project, we lowered monthly costs for more than 30%, increased the application’s level of resilience to data center faults, and reduced GHG emissions. Significant GHG emissions savings are achieved by the sole fact that we use Azure cloud as a platform for hosting this application. According to the Microsoft reports used to calculate GHG emissions, in the whole of 2024, we indirectly emitted 2.7 metric tonnes of CO2 (mtCO2e) for the infrastructure supporting the Span Resolution application. 1.64 mtCO2e was emitted in the first half of 2024, and 1.06 mtCO2e was emitted in the second-half. To compare, using the “on-premises” data center we would emit greenhouse gas that is equal to 17.43 mtCO2e in the atmosphere. If we maintain the same amount of infrastructure capacities for Span Resolution, in 2025 we expect to further reduce GHG emissions compared to 2024. Last year we also began building Span infrastructure in Sweden Central Azure region. That region currently consists of some of the most efficient Microsoft data centers in the world, with power usage effectiveness (PUE) of 1.172, and water usage effectiveness (WUE) of 0.16 L/kWh. This data center is unique because 100% of the electricity used is recovered in renewable energy network, and all the water used for air humidifying during winter months comes from rainwater collected around data centers. In addition, diesel generators use Preem Evolution Diesel Plus fuel, produced from a minimum of 50% renewable materials and having at least 45% lower CO2 emissions compared to regular fuel. For these reasons we decided to migrate a proportion of existing internal applications, and build all of our future projects and applications in that region. In 2024, we used 32,770 hours of processing power, disc space and data transfer, a measure for calculation of GHG emissions used by Microsoft. In 2025, we plan on doubling that number through building new and migrating existing applications from other regions and on-premises data center to further reduce emissions.

E1-5 – Energy consumption and mix

Information on energy consumption of Span Group for 2024 includes Scope 2 electricity and thermal energy, and natural gas and fuel for vehicles indicated in Scope 1 (whereby conversion factors for fuels are used).

Energy consumption and mix 2024 (1) Fuel consumption from coal and coal products (MWh) (2) Fuel consumption from crude oil and petroleum products (MWh) (3) Fuel consumption from natural gas (MWh) (4) Fuel consumption from other fossil sources (MWh) (5) Consumption of purchased or acquired electricity, heat, steam, or cooling from fossil sources (MWh) (6) Total energy consumption from fossil sources (MWh) calculated as the sum of rows 1-5) The share of energy from fossil sources in total energy consumption (%) (7) Total energy consumption from nuclear sources (MWh) The share of energy from nuclear sources in total energy consumption (%) (8) Fuel consumption for renewable sources including biomass (also comprising industrial and municipal waste of biologic origin), biofuels, biogas, hydrogen from renewable sources (MWh) (9) Consumption of purchased or acquired electricity, heat, steam, and cooling from renewable sources (MWh) (10) Consumption of self-generated non-fuel renewable energy (MWh) (11) Total energy consumption from renewable sources (MWh) calculated as the sum of rows 8-10 The share of energy from renewable sources in total energy consumption (%) Total energy consumption (MWh) calculated as the sum of rows 6 and 11
E1 Climate change 154 155 Energy consumption and mix 2024 (1) Fuel consumption from coal and coal products (MWh) 0 67.60 123.04 0 987.95 1,782.59 87.12 0 0 0 263.36 0 263.36 12.87 2,045.95

Scope 1

Our Scope 1 emissions include direct emissions from sources that are owned or under operative control by Span Group. These emissions derive from mobile sources (company vehicles owned or leased) that account for the biggest proportion of Scope 1, emissions from stationary sources (fuel consumption for heating), and direct fugitive emissions from refrigerating appliances. There are no direct process emissions in Span Group. Scope 1 accounts for 14.20% of total emissions. Locations in Varaždin, Rijeka, Zagreb (Trilix), Azerbaijan and Estonia used natural gas for heating, while a small amount of diesel for the regular check of back-up power generator is used on the location in Koturaška. Span Group uses passenger cars (owned or leased), and diesel fuel and motor gasoline were used to propel them. For the purpose of calculation, odometer data was collected for gas, diesel and hybrid (electricity and motor gasoline) vehicles. To determine fuel consumption, data on the average consumption of petrol (7.5L / 100km) and diesel (5.9L / 100km) was used according to the Ordinance on the System for Monitoring, Measurement and Verification of Energy Savings (Official Gazette 98/2021). For six hybrid plug-in vehicles, on the basis of detailed WLTP (Worldwide Harmonised Light Vehicle Test Procedure) data on emissions of CO2 in g / km, an average petrol consumption of 2.25L / 100km was estimated. After determining the average fuel consumption in litres, fuel consumption in terms of energy units was calculated by using the density and lower heating values. Corresponding conversion values were taken from the reference (CDP Technical Note: Conversion of fuel data to MWh, 2024). In 2024, fugitive emissions of hydrofluorocarbons (HFCs) occurred due to the leakage of refrigerants in refrigerating systems on the locations in Zagreb (Savska), Osijek, Ljubljana (Slovenija) and Baku (Azerbaijan). Due to high level of reliability of available data, level of uncertainty of calculation is low, whereby the most precise were fuel and natural gas calculations. However, level of uncertainty was somewhat higher for fugitive emissions of refrigerating gases, given the potential variations in losses of substances from the system.

Scope 2

Scope 2 emissions include indirect emissions from the consumption of purchased electricity, heat and cooling, and account for 12.53% of total emissions of Span Group. Electricity consumption data was collected at the level of Span Group (establishments in Moldova, USA and Georgia do not use office space, so there was no electricity consumption), and locations in Zagreb (Koturaška and Savska) account for the largest proportion. For Span Group establishments in Croatia and their locations, we used emission factor for electricity from the Croatian emission factors database for 2022, the last year available.# E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions

To calculate greenhouse gas (GHG) emissions and their CO₂ equivalents, Span Group applies the GHG Protocol (Greenhouse Gas Protocol). In 2024, Span included Scope 3 emissions in its calculation for the first time, and for that reason will use this calculation as the base value for managing GHG emissions, and for setting emission reduction targets in the future. The calculation included emissions of CO₂, N₂O and CH₄ in Scope 1 and 2 categories, while fluorinated gas emissions, such as emissions of PFCs, SF₆ and NF₃ were not identified in Span Group’s business and were therefore not included in the calculation. Global Warming Potential for refrigerants used in the establishments of Span Group was taken from the Sixth Intergovernmental Panel on Climate Change (IPCC) report. When calculating emissions, relevant emission factors were applied taking into account national, international and industry recognized databases. Information on GHG emissions from the previous year was not included due to changes in the calculation methodology and the application of GHG Protocol. In addition, there were changes in the reporting methodology, transitioning from Global Reporting Initiative (GRI) standards to ESRS. These changes resulted in different methods of obtaining and presenting data, thereby making it impossible to directly compare the new and last year’s information.

For the market-based approach, emission factor for HEP Opskrba was used for establishments in Koturaška (Zagreb), Rijeka and Osijek, subsidiary undertaking Trilix (Zagreb), and Varaždin, while green certificates for total electricity consumption were purchased for the establishment in Savska (Zagreb) in 2024, so the emission factor for electricity was 0 g/kWh in that location. When calculating emissions from electricity consumption in subsidiary undertakings outside Croatia, for location- and market-based approach emission factors from the publicly available database were used (for Ukraine and Azerbaijan, emission factors for the remaining mixture were not available, and emission factors used were the same as in the location-based approach). To determine indirect GHG emissions from the consumption of heat generated in district heating systems in Zagreb and Osijek, factors from Croatian GHG emission factors database were used, taking into account the average for all heat plants in Croatia for location-based approach. Data for local heat plants was used for market-based approach. For Slovenia, factors from the study “Ogljični odtis SPAN d.o.o. Ljubljana za leto 2022 ” were taken into account. Given the high level of reliability of these sources, level of uncertainty of calculation is low as well, ensuring a relatively precise assessment of the impact of energy consumption on total emissions of Span Group.

Scope 2

  • Scope 1: 14.20%
  • Scope 2: 12.53%
  • Scope 3: 73.27%

Scope 3

Scope 3 emissions encompass indirect emissions that occur upstream or downstream in the value chain of Span Group, outside of own operations. Upstream emissions are emissions from purchased goods and services, including purchased materials, low value-adding services, and emissions from capital goods – such as investing in IT equipment and furniture. Also, fuel and energy-related activities are covered as well (not covered in Scope 1 and 2), and they include gas, electricity and heat consumption, as well as emissions from upstream transportation and distribution of goods. Furthermore, Scope 3 includes emissions from waste generated in operations, business traveling and day-to-day employee commuting. In the business traveling category, emissions are calculated on the basis of travel orders and travel agency data, while estimates based on modal split were used for day-to-day employee commuting, whereby some employees use public transport, bus or passenger car. Since Span Group does not produce nor sell physical products, no emissions were identified in the following downstream categories: processing of sold products, use of sold products, end-of-life treatment of sold products, downstream leased assets and franchises.

Scope 3 emissions account for 73.27% of total emissions. Span Group invested EUR 206 thousand in investment funds on 31 December 2024 (31 December 2023: EUR 100 thousand), accounting for less than 1% of total net value of the fund’s assets, and does not estimate emissions from said investment. The Company does not invest in securities. Scope 3 emission estimates are associated with high levels of uncertainty, mainly due to limited availability of primary data obtained from suppliers and users, and using estimates and conversion factors for specific activities. Depending on the category of emissions, the level of uncertainty varies between 50 and 100%, whereby more uncertain estimates are mainly related to upstream and downstream transportation, purchased goods and services and capital goods due to the use of consumption-based method. Emission factors used were from Croatian, French and UK databases, as well as Exiobase emission factors database. Employee commuting contributed to Scope 3 emissions the most (32.61%), followed by capital goods (14.14%), business traveling (9.24%) and purchased goods and services (9.80%).

Data for calculating indirect emissions from purchased goods and services (Category 3-1)

Purchased goods and services concern emissions related to purchased goods, materials, raw materials and services used by the Company for its production or business. Data on water, paper and the consumption of other office supplies was collected, as well as data on external services cost. Data on water and paper consumption was collected in natural units of measurement (m³ and kg), while data on other office supplies and external services was collected in monetary units (EUR). External services cost was aggregated in two groups, namely services with high equipment cost whose production involves the use of fuel or energy, or they cause high emissions, and services with low equipment cost (so-called intellectual services), with relatively low emissions. Apart from that, data was collected concerning the cost of cloud services and Microsoft licences.

Data for calculating indirect emissions from capital goods (Category 3-2)

Capital goods are products that have a lifespan longer than 12 months. In the organization’s accounting system, capital goods are treated as fixed assets. Data was collected concerning the mass of purchased furniture and vehicles, and the number of purchased pieces of IT equipment, pieces of furniture, white goods, mobile phones and televisions in 2024 for Span Group.

Data for calculating indirect emissions from fuel and energy-related activities (Category 3-3)

Category concerning fuel and energy-related activities includes emissions related to fuel and energy production that the Group consumed in the reporting period, which are not included in Scope 1 or Scope 2. Data on the consumption of fuel from stationary and mobile energy sources (Scope 1) and data on the consumption of electricity and heat (Scope 2) is used to calculate emissions from this category, but emission factors concerning fuel and energy-related activities are applied.

Data for calculating indirect emissions from upstream transportation and distribution (Category 3-4)

Category concerning upstream transportation and distribution of goods includes transporting company emissions due to transportation and distribution of goods (including materials and capital goods) purchased in the reporting year, between our locations and supplier’s location, when transportation costs are covered by Span Group (by lorries and airplanes).

Data for calculating indirect emissions from waste generated in operations (Category 3-5)

Category concerning waste generated in operations includes emissions from disposal and recovery of solid waste (hazardous and non-hazardous) generated in operations of Span Group in the reporting year. Data was collected on mixed municipal waste, waste paper, plastic, organic waste, textile and electric and electronic waste in 2024. Information regarding method of disposal and recovery was submitted for different types of waste. In addition, data on wastewater volume was used, and it equals to water consumed in the observed year.

Data for calculating indirect emissions from business traveling (Category 3-6)

Category concerning business traveling includes emissions from employee transportation during business traveling in the course of the reporting year, in vehicles not owned or controlled by the Group. Data on business traveling of Span Group employees in 2024 was submitted. Business traveling by means of company vehicles are considered within Scope 1, while business traveling by other means of transportation is considered in this category. Diesel fuel, motor gasoline and liquefied petroleum gas consumed in private vehicles is considered, as well as passenger-kilometres travelled by trains and airplanes for the purpose of business traveling. For business traveling by airplane, data on CO₂ emissions shown on flight tickets was collected and used.

Data for calculating indirect emissions from employee commuting (Category 3-7)

Category concerning employee commuting includes emissions resulting from transportation of employees from their homes to their workplaces in the course of the reporting year, in vehicles not owned or controlled by the Group. Data required to calculate emissions from employee commuting was collected through a survey. Survey was completed by 64.2% of employees in Span Group establishments in Croatia, and 87.5% of employees in Span Group establishments outside Croatia. An average of 215 commutes in 2024 was assumed for the purpose of calculation.Employees estimated diesel fuel and motor gasoline consumption for private vehicles, and passenger-kilometres for commuting by tram, bus or train. Data for calculating indirect emissions from downstream transportation and distribution (Category 3-9) Category concerning upstream transpor- tation and distribution of goods includes transporting company emissions due to transportation and distribution of goods purchased in the reporting year, between Span’s locations and supplier’s location, when transportation costs are not covered by Span Group. Emissions resulted from the combustion of diesel fuel in lorries and vans, and jet fuel in airplanes for the purpose of goods transportation. Uncertainty of emissions calculation: Uncertainty of GHG emissions calculation is an essential parameter implying the qual- ity of collected data and emission factors used. In the calculation of uncertainty for Scope 1 and Scope 2 categories, Tier 1 ap- proach from IPCC Good Practice Guidance was used. Estimated uncertainty of emis- sions calculation from each emission source represents a combination of uncertainty of input data on activities and corresponding emission factors. For Scope 3 categories a qualitative expert evaluation of uncertainty was provided, whereby the lowest level of uncertainty was marked “A” (uncertainty: 0-15%), then “B” (uncertainty: 15-50%) and “C” (uncertainty: 50-100%), and the highest level of uncertainty was marked “D” (uncertainty: more than 100%). Results of the evaluation of uncertainty of GHG emissions calculation by category is shown in the table:

Label Category Qualitative assessment of uncertainty
O1-1 Stationary energy sources A (0-15%)
O1-2 Mobile energy sources A (0-15%)
O1-4 Fugitive sources C (50-100%)
O2-1 Electricity consumption A (0-15%)
O2-2 Consumption of thermal and cooling energy A (0-15%)
O3-1 Purchased goods and services C (50-100%)
O3-2 Capital goods C (50-100%)
O3-3 Fuel and energy-related Activities (not included in Scope1 or Scope 2) B (15-50%)
O3-4 Upstream transportation and distribution B (15-50%)
O3-5 Waste generated in operations C (50-100%)
O3-6 Business traveling B (15-50%)
O3-7 Employee commuting C (50-100%)
O3-9 Downstream transportation and distribution B (15-50%)

Uncertainties of carbon footprint calculation for Span Group (location-based approach), 2024

Base year 2024
Scope 1 GHG emissions
Gross Scope 1 GHG emissions (tCO 2 eq) 214.40
Percentage of Scope 1 GHG emissions from regulated emission trading schemes (%) 0
Scope 2 GHG emissions
Gross location-based Scope 2 GHG emissions (tCO 2 eq) 224.29
Gross market-based Scope 2 GHG emissions (tCO 2 eq) 189.24
Significant Scope 3 GHG emissions
Total Gross indirect (Scope 3) GHG emissions (tCO 2 eq) 1,106.27
1. Purchased goods and services 136.16
Optional sub-category: Cloud computing and data centre services 11.74
2. Capital goods 213.51
3 Fuel and energy-related activities (not included in Scope1 or Scope 2) 78.86
4 Upstream transportation and distribution 0.44
5 Waste generated in operations 13.67
6 Business traveling 139.53
7 Employee commuting 492.32
8 Upstream leased assets 0

A detailed presentation of emissions for Span Group in 2024 for Scope 1, 2 and 3 is shown in the table.
9 Downstream transportation 20.04
10 Processing of sold products 0
11 Use of sold products 0
12 End-of-life treatment of sold products 0
13 Downstream leased assets 0
14 Franchises 0
15 Investments 0
Total GHG emissions
Total GHG emissions (location-based) (tCO 2 eq) 1,544.96
Total GHG emissions (market-based) (tCO 2 eq) 1,509.91

tCO 2
Scope 1 GHG emissions - the consolidated accounting group 214.40
Scope 1 GHG emissions - investees such as associates, joint ventures, or unconsolidated subsidiaries that are not fully consolidated in the financial statements of the consolidated accounting group, as well as contractual arrangements that are joint arrangements not structured through an entity (i.e., jointly controlled operations and assets), for which it has operational control 0
Scope 2 GHG emissions - the consolidated accounting group 224.29
Scope 2 GHG emissions - investees such as associates, joint ventures, or unconsolidated subsidiaries that are not fully consolidated in the financial statements of the consolidated accounting group, as well as contractual arrangements that are joint arrangements not structured through an entity (i.e., jointly controlled operations and assets), for which it has operational control 0

GHG intensity per net revenue 2024
Total GHG emissions (location-based) per net revenue (tCO 2 eq) 0.0000086
Total GHG emissions (market-based) per net revenue (tCO 2 eq) 0.0000084
Amount
Net revenue used to calculate GHG intensity 183,047,536
Net revenue (other) 0
Total net revenue (in financial statements) 183,047,536

6.3. Information on social factors (S1, S3, S4)

S1 - Own workforce

S1 Own workforce

Our strategy and business model greatly affect actual and potential material im- pacts on our workforce. As an organization operating in the IT sector, with a particu- lar focus on technical support and cyber security, key aspect of our business is the continuous 24/7 availability of service, 365 days a year. This includes shift work that can lead to employee fatigue and increased employee turnover. On the other hand, our employee feedback from regular an- nual work climate analyses plays a crucial role in the adaptation of our strategy and business model. Thus, for example, the results of the work climate analyses had an effect on increasing number of days of annual leave and increasing salaries in technical support. We therefore aim to reduce potentially adverse impacts of an intensive business model and ensure a more content and productive workforce. Given the general shortage of specialists in the IT sector, and especially because areas such as cybersecurity and artificial intelligence are relatively new in the job market, we are facing challenges in finding qualified workforce. By adapting working conditions, namely introducing flexible working hours, increased number of days of annual leave and more competitive salaries, we can attract and attain skilled employees, and increase their motivation and productivity. Although women are under-represented in the IT industry, investing in coaching programs, empowering women talents and attracting young female experts can improve our competitiveness and enhance our work- ing culture. In order to improve balance, at the level of the Company we actively par- ticipate in projects such as Work in Tech, a project providing education programs and opportunities to gain practical experience to young women without prior IT education or experience. At the end of the program, we offer job opportunities to participants, thereby fostering their integration in the IT sector and contributing to higher gender diversity within our industry. Being focused on the career development of employees allows us to develop talents within our organization and reduce dependency on external labour market. Except for full-time employees, people employed on the basis of student con- tracts, fixed-term employment contracts, service contracts and copyright contracts are also included in Span’s own workforce. We currently don’t focus on impacts related to organization’s value chain, but we plan on dedicating our time to these matters in the next three years, in accordance with 10.2. – transitional provision that allows for three-year period to establish a process for obtaining information from the value chain. In Span, majority of material impacts is widespread, but some of them are systemic depending on the business segment. There- fore, impact related to work-life balance will be intensified in the business segment of providing continuous 24/7 availability of service, 365 days a year (technical support and SOC), where employees do shift work. In addition, ongoing geopolitical situation in our affiliated company Span LLC in Ukraine leads to further serious challenges. Material risks and opportunities arising from impacts and dependencies on own workforce are the following: loss of key staff, diversity and inclusive employment with equal oppor- tunities, training and education for employees, internal recruitment, employee resistance to measure implementation. At Span, there are no operations with high risk of incidents of forced labour or compulsory labour in terms of type of operation (such as manufacturing plant), and in terms of countries or geo- graphic areas with operations considered at risk. There are no operations with high risk of incidents of child labour in terms of type of operation (such as manufacturing plant), and in terms of countries or geographic areas with operations considered at risk. There are specific groups within the work- force that are exposed to potentially greater risk of adverse impacts:

  1. Women in IT industry
    We operate in the IT sector, where women are usually under-represented workforce. This issue is further emphasized by the limited number of skilled female candidates on the labour market, which makes it difficult to achieve gender equality within organization. Increased awareness of these issues made us implement programs and initiatives to foster employment and development of female experts in IT.

  2. Young employees and beginners
    In the context of lack of skilled workforce in the IT industry, we employ young experts who often begin their careers in technical support. These positions may bear higher risks to work-life balance due to the nature of job position that involves shift work, sporadic exposure to stressful situations and continuing learning and adaptation requirements.

  3. Employees of the subsidiary underta- king Span LLC, Ukraine
    Taking into account the ongoing geopolitical situation, employees in our subsidiary under - taking in Ukraine are faced with additional, material risks.War makes these employees carry a psychological and emotional weight, which impacts their mental health. Every day, these employees are faced with threats of violence and instability, exposing them to a lot of stress and anxiety, and also having negative impacts on their safety. As a result of war, there is a risk of reduced motivation and engagement, which may further aggravate impacts on workforce. Material risks and opportunities related to impacts and dependencies on specific groups within our workforce include issues concerning diversity, inclusive employment and equal opportunities, with a particular focus on achieving gender equality. Work-life balance is also extremely challenging, especially for employees working in shifts and during night time, such as technical support and SOC employees. Those working conditions may increase the risk of stress, burnout and other negative impacts on mental health of employees. It is also important to point out the issue related to loss of key staff due to the lack of elaborated succession plan for key roles in the organization. Various impacts, such as stress, insufficient education, sense of uncertainty in terms of future advancement or work-life balance can encourage people with key roles to leave, which as a result can seriously impact the business and financial stability of the company.

S1-1 – Policies related to own workforce

Policies at the level of the Company cover the entire workforce. For the most part, there are no policies at the level of Group. This is due to the existing focus on business priorities and allocation of resources to areas with more immediate impact on growth and development of the Group. Taking into account the growth and business expansion, we recognize the need to formalize policies at the level of Span Group in order to ensure consistency and compliance of all business units with our values and strategic goals.

Policies related to own workforce

| Policy name | General objectives | Material impacts, risks, opportunities | Scope | Accountable level | Monitoring/ Interests of workforce


Company Logo

War makes these employees carry a psychological and emotional weight, which impacts their mental health. Every day, these employees are faced with threats of violence and instability, exposing them to a lot of stress and anxiety, and also having negative impacts on their safety. As a result of war, there is a risk of reduced motivation and engagement, which may further aggravate impacts on workforce. Material risks and opportunities related to impacts and dependencies on specific groups within our workforce include issues con- cerning diversity, inclusive employment and equal opportunities, with a particular focus on achieving gender equality. Work-life bal- ance is also extremely challenging, especially for employees working in shifts and during night time, such as technical support and SOC employees. Those working conditions may increase the risk of stress, burnout and other negative impacts on mental health of employees. It is also important to point out the issue related to loss of key staff due to the lack of elaborated succession plan for key roles in the organization. Various impacts, such as stress, insufficient education, sense of uncertainty in terms of future advancement or work-life balance can encourage people with key roles to leave, which as a result can seriously impact the business and financial stability of the company.

S1-1 – Policies related to own workforce

Policies at the level of the Company cover the entire workforce. For the most part, there are no policies at the level of Group. This is due to the existing focus on business priorities and allocation of resources to ar- eas with more immediate impact on growth and development of the Group. Taking into account the growth and business expansion, we recognize the need to formalize policies at the level of Span Group in order to ensure consistency and compliance of all business units with our values and strategic goals.

164
165

| Policy name | General objectives | Material impacts, risks, opportunities | Scope | Accountable level | Monitoring/ Interests of workforce # Span d.d. - UN GLOBAL COMPACT PRINCIPLES

HUMAN RIGHTS

Principle 1: Businesses should support and respect the protection of internationally proclaimed human rights.

Span d.d. promotes its corporate values and culture through aligned policies and procedures in terms of human rights, equal opportunities and safe and healthy working conditions. These policies and procedures, including Code of Business Conduct, Rules of Procedure, Diversity and Inclusion Policy, and Rulebook on procedures and measures for the protection of employee dignity are made available to all employees through intranet. In addition, Code of Business Conduct was made public on Span’s website in order to ensure its transparency and availability to all the stakeholders.

Principle 2: Businesses should make sure that they are not complicit in human rights abuses.

LABOUR

Principle 3: Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining.

Span d.d. is a signatory of the Diversity Charter – an initiative launched in 16 EU countries, which in Croatia was developed under project of the Croatian Business Council for Sustainable Development. In addition, Span adopted its own Diversity and Inclusion Policy used to clearly express its commitment to equal opportunities and respecting diversity in all business aspects. Principles explicitly stated in Code of Business Conduct of the Group are freedom of association, prohibition of forced labour and abolition of child labour. In order to protect workers from discrimination, harassment and sexual harassment, Span d.d. adopted a dedicated Rulebook on procedures and measures for the protection of employee dignity, and appointed Commissioners for the protection of employee dignity to further ensure systematic and effective protection of employee rights.

Principle 4: Businesses should uphold the elimination of all forms of forced and compulsory labour.

Principle 5: Businesses should uphold the effective abolition of child labour.

Principle 6: Businesses should uphold the elimination of discrimination in respect of employment and occupation.

Basis of the Diversity and Inclusion Policy lies in the legal framework defined by the Anti-discrimination Act (Official Gazette 85/08, 112/12). This Act, based on the principles of protection and promotion of equality, acknowledges seventeen basic types of discrimination grounds, including race, ethnic affiliation, colour, gender, language, religion, political or other belief, national or social origin, property, trade union membership, education, social status, marital or family status, age, health condition, disability, genetic heritage, native identity, expression or sexual orientation. We don’t have ongoing specific policy commitments related to inclusion or positive action for people from groups at particular risk of vulnerability in our own workforce. Zero tolerance for discrimination is deeply rooted in Span’s culture. This rigorous approach to discrimination is reflected during the entire employee life cycle, especially in crucial phases, such as selection and recruitment, talent management, leadership, professional development, rewarding and advancement, as well as adaptation to different stages of life, including parenthood, family care, and even termination of employment contract. In case our employees experience or notice discrimination, violence or harassment, they have the right to contact the Commissioners for the protection of employee dignity and raise a complaint. Protection measures, as well as the procedures for the protection of employee dignity are laid down in the Rulebook on procedures and measures for the protection of employee dignity. Span does not have insights into codes of conduct of all suppliers, however, it obliges them to respect Span Code of Business Conduct in its contractual arrangements. Provisions of available supplier codes of conduct include the protection of labour rights, however, available codes do not correspond completely to requirements of the International Labour Organization (ILO) standard. Span is establishing supplier check mechanism that will also include compliance check in terms of the said standard.

S1-2 – Processes for engaging with own workforce and workers' representatives about impacts

The Company has several key processes in place in order to ensure open and transparent engagement with own workforce. One of them is the annual Ask the Management event, providing employees with the opportunity to pose questions directly to the Management Board and receive responses. During this event, employees can ask questions anonymously in advance or directly during the event. Answers to the questions are given live, and the entire event is broadcast via the Microsoft Teams platform to be accessible to all employees. Participants have the opportunity to ask additional questions and actively participate. In addition, assessment of satisfaction with work climate is carried out regularly, where employees can express their opinions and views. Suggestions for improvement and specific action plans for upgrading the work environment are made on the basis of obtained feedback. The assessment covers various aspects of the work environment, including:

  • basic working conditions
  • work organization
  • reward system
  • team and organizational climate
  • dimensions of personal job experience, such as health and work-life balance

The assessment results are used to identify problems and as an opportunity for improvement. Based on this feedback, proposals and action plans are created to enhance the work environment and increase employee satisfaction. The work climate survey is conducted annually at Span, and every two years at the Span Group level. Through said processes, employees have the opportunity to communicate directly with the Management Board, express their opinions and point to the challenges they face with. Their questions and comments are often related to key aspects of the work environment, and consequently to identified potential and actual impacts. Topics included are work-life balance, just working conditions, professional development and equality.

Role of the employees’ representative in the Supervisory Board

Employees’ representative in the Supervisory Board represents employees’ voice at the highest level of management of the Company. Her role is to pass on questions and concerns of employees to the Supervisory Board and notify employees of decisions and responses of the Management Board.

Engaging with own workforce at different levels

Engaging with own workforce takes place at the level of entire organization, and within business units and sectors, as well. HR Business Partners ensure activity coordination at the level of business units, and integration of information and action plans within organization’s broader framework. If needed, there is the possibility of consulting with the employee representative. So far, we have not had such requests from employees. Overall, engaging with own workforce is performed directly, and also through employees’ representative of the organization. HR experts are primarily engaged, as well as experts from other departments, such as corporate communications and digital production, as appropriate. Financial resources are used to hire external consultants that conduct work climate surveys and other analyses.

Communication of results and engagement with employees

Employees are notified about the results of surveys and actions plans through official communication channels, such as Span TV, Span Chronicles newsletter and Viva Engage, internal social media platform. In addition, there is a possibility of direct communication through superiors and HR department. Regular 1:1 and Performance Evaluation meetings foster the two-way communication further. In addition to this, direct communication through superiors and HR department is possible.

S1-3 – Processes to remediate negative impacts and channels for own workers to raise concerns

The Company established a number of measures to protect employee dignity and ensure availability of efficient channels that employees may use to raise concerns or report irregularities. These are the defined procedures for reporting and remediating discrimination, harassment and sexual harassment, and for the protection of persons that use reporting mechanisms.

Rulebook on procedures and measures for the protection of employee dignity

In order to protect the employees from discrimination and harassment on the part of colleagues, superiors and other people that employees have regular contact with, Rulebook on procedures and measures for the protection of employee dignity (“Dignity Rulebook”) was adopted. On the basis of the Dignity Rulebook, two people of opposite sex authorized to receive and handle complaints in relation to the protection of employee dignity were appointed. The Dignity Rulebook is made easily available to all employees through Company’s Intranet, ensuring the transparency and availability of relevant information.

Reviewing complaints

In accordance with the Dignity Rulebook, within 8 days of notification, Commissioners are obliged to initiate a review of the complaint related to the protection of dignity, and notify complainants and the Company of the process. When reviewing complaints, Commissioners may hear the opinions of complainant, person against whom the complaint was submitted and witnesses, or obtain written observations, examine the documentation or labour assets, and take other evidence that according to the circumstances of the case they consider purposeful in order to determine relevant facts.# S1-4 – Taking action on material impacts on own workforce, and approaches to mitigating material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions

Although we received no complaints in this area so far, we regularly analyse existing mechanism in order to ensure our employees know how and where to report possible irregularities, and that they trust the system. For example, we conducted a survey on the perception of diversity and inclusion, where we analysed the level of trust in protection mechanisms. In case we received complaints, we would file them in our internal database, and their handling would be performed by keeping track of the steps clearly defined in the Dignity Rulebook. Although there were no complaints from employees so far, we are aware of the fact that violation of human rights, discrimination and inequality may negatively impact the work environment, including challenges women returning to work after maternity leave are faced with, and ensuring fair working conditions for all employees. In order to have a mechanism for identifying and addressing these potential negative impacts in place, we established a system which includes commissioners and clearly defined procedures for enabling employees to report irregularities and ensuring timely and effective action of protecting their rights.

Channel for raising concerns

To ensure unbiased and objective handling of complaints, Commissioners for the protection of employee dignity appointed were external legal experts. In addition, other channels for raising concerns are available to employees:

  • Anonymous virtual inbox within the internal Viva Engage network enables employees to ask questions, raise concerns and making suggestions with full anonymity
  • Employees can also directly communicate with HR department in relation to reporting or problem resolving.

The Company has a grievance/complaints handling mechanism in place specifically related to employee matters. Each employee who believes that their dignity was violated, i.e. that they were discriminated, harassed or sexually harassed has the right to raise a complaint to the Commissioners in relation to the protection of dignity. The complaint shall be submitted in writing, stating the circumstances in which the harassment occurred, and it must be signed by the complainant. The complaint may be submitted by mail as a registered letter, or to the Commissioners’ e-mail address: [email protected], taking into account the information published on Span’s website, expressly indicating that the letter is intended for the Commissioners for the protection of employee dignity.

Within 8 days of notification Commissioners are obliged to initiate a review of the complaint related to the protection of dignity, and notify complainants and employer of the process. When reviewing complaints, Commissioners may hear the opinions of the complainant, person against whom the complaint was submitted and witnesses, or obtain written observations, examine the documentation or labour assets, and take other evidence that according to the circumstances of the case they consider purposeful in order to determine relevant facts.

In the process of reviewing complaints, Commissioners take action together. In exceptional cases, if one Commissioner is prevented from participating, and actions that need to be taken in the process of reviewing complaints are of immediate necessity, they can be taken independently by the other Commissioner. After the process, the Commissioners will prepare and submit their decision to employer in writing, in which they will:

  1. determine that complainant’s dignity was violated or
  2. reject the complaint as unfounded.

Employee perception of the protection system

At the end of 2023, a survey on the perception of diversity and inclusion within organization was conducted. Based on the survey conducted, the Company makes decisions to take appropriate actions.

Safeguarding the confidentiality and preventing retaliation

Span Group implemented a number of measures in order to ensure confidentiality and protection of employees who report irregularities:

  • Confidentiality of data: All the data obtained during the process of the protection of dignity is considered a business secret and must not be disclosed to third parties, unless absolutely necessary, e.g. in legal proceedings.
  • Protection against retaliation: Code of Business Conduct commands the prohibition of any retaliation on employees who report irregularities in good faith. Any retaliation, such as threats or demotion is subject to disciplinary action.
  • Protection of whistleblowers: Whistleblower protection procedure defines the protection of whistleblowers, ensures the confidentiality of investigations and, where appropriate, allows for temporary relocation of whistleblowers for their protection.

Handling questions and notifying employees

Questions asked through anonymous virtual inbox are processed by the HR and Internal Communications department experts. After analysing and taking necessary actions, responses and information on the outcomes are communicated via Viva Engage platform. Span is continuously working on raising awareness and promoting trust in existing systems of the protection of employee dignity, as well as on providing training on employee rights and available protection and reporting mechanisms.

List of key actions taken in order to prevent or mitigate negative impacts on own workforce in 2024 and those planned for the future, as well as their expected outcomes and contribution to objectives:

  1. Improvement of work climate and dialogue with employees:
    • Actions taken:
  2. Work climate survey conducted at the level of the Company in order to identify the needs, challenges and potential issues of employees, and ensure timely response. Through different aspects and dimensions of work climate, we aim to cover and address the majority of negative impacts on own workforce.
    • Future actions:
      • Continue with regular work climate surveys once a year.
    • Connection with material impacts:
      • Equal treatment and opportunities for all – Diversity; Working conditions – work-life balance.
    • Expected outcomes:
      • Maintaining or improving results of the work climate survey compared to previous year through 12 aspects that cover employee satisfaction, engagement, transparency and cooperation.
    • Contribution to objectives:

  3. Active inclusion of employees in the dialogue and timely addressing of identified challenges helps build trust and ensures continuous improvement in terms of satisfaction and working conditions.

  4. Development of leadership competencies and responsibilities:
    Project of development of management positions within the organization was launched, including the analysis of job descriptions and defining key responsibilities.

    • Actions taken:
      • Workshops to get the management acquainted with the catalogue of leadership competencies were organized, and a new 360 assessment of the management was conducted.
      • End of Span Management Academy program, in which 15 new team leaders and managers developed their leadership competencies.
    • Future actions:
      • Work continuously with the management in order to ensure the implementation.
      • Continue with regular periodic 360 assessments.
    • Connection with material negative impacts:
      • Equal treatment and opportunities for all – equality.
      • Other work-related right – privacy.
    • Expected outcomes:
      • Empowered management capable of responsible team leading, making strategic decisions and providing support to employees.
    • Contribution to objectives:
      • Clearly defining leadership competencies and developing leadership skills helps aligning the goals of organization with employee needs.

  5. Digitalisation of employee performance management:
    Start of the implementation process for SAP module Performance & Goals for the improvement and digitalisation of the performance monitoring system.

    • Actions taken:
      • Defining the process, implementation in SAP test environment and testing.
    • Future actions:
      • Implementation to production and putting into service for employees will take place during 2025.
    • Connection with material negative impacts:
      • Other work-related right – privacy.
    • Expected outcomes:
      • Transparent monitoring of performance and goals of employees, increasing the objectivity of evaluation.
    • Contribution to objectives:
      • Provides employees with clear guidance for achieving goals and ensures fair evaluation of their work.

  6. Digitalisation of employee training management:
    Start of the implementation process for SAP Learning module for the improvement and digitalisation of the training management system. The goal of this module is to centralize and facilitate access to training, making resources for the development of skills and knowledge easily accessible to employees, thus addressing the potential negative impact of insufficient employee training.

    • Actions taken:
      • Defining the process, implementation in SAP test environment and testing.
    • Future actions:
      • Implementation to production and putting into service for employees will take place during 2025.
    • Connection with material negative impacts:
      • Other work-related right – privacy.
      • Equal treatment and opportunities for all – equality.
    • Expected outcomes:
      • Centralization and digitalisation of the training system, which aims at ensuring the availability of resources for the development of skills and knowledge of all employees.
    • Contribution to objectives:
      • It facilitates the access to training programs to employees, improves continuous learning and development, and reduces negative impact related to lack of education.

  7. Initiatives for employee health and well-being:
    Investing in programs such as Fit Happens, B2Run races, and MultiSport activities, aiming at promoting physical activity and healthy lifestyle.## 6. Supporting diversity and inclusion:

Actions taken:

  • Participation of employees in programs such as “Workplace Inclusion Champion” and UNICEF training on integrating child rights in business.

Connection with material negative impacts:

  • Equal treatment and opportunities for all – equality
  • Working conditions – work-life balance.

Expected outcomes:

  • Increased awareness of the importance of equality, diversity and inclusion within organization.

Contribution to objectives:

  • These actions help create an inclusive work environments, thus increasing the sense of belonging among employees.

7. Youth employment and education:

Actions taken:

  • Organization of internships and employment of young talents – Span IT Gym.

Connection with material negative impacts:

  • Equal treatment and opportunities for all – equality.

Expected outcome:

  • Increased number of young employees and their professional development.

Contribution to objective:

  • Securing access to talents for the future growth of organization.

8. Improving data security:

Actions taken:

  • Two workshops on the topic of data security conducted, including using technologies such as Passwordless authentication, with 50 employees who participated.

Future actions:

  • Conduct the same or similar workshops by the end of 2025 on the topic of improving data security.

Connection with material negative impacts:

  • Other work-related right – privacy.

Expected outcomes:

  • Increased awareness of the importance of data protection and reduced risk of security incidents.

Contribution to objectives:

  • Through workshops and training, employees become more aware of their responsibilities related to data security, thus reducing the operational risks.

9. Integration of affiliated companies Bon- sai and Ekobit:

Actions taken:

  • During the merger process, special attention was paid to the communication with employees, by means of transparent informing about changes and adaptation to new conditions.

Connection with material negative impacts:

  • Equal treatment and opportunities for all – equality
  • Working conditions – work-life balance.

Expected outcomes:

  • Successful transition of employees to new conditions, preserving the business continuity and adapting to new roles.

Contribution to objectives:

  • Transparent communication during the merger process ensure employee trust and minimizes negative impacts of changes.

10. Acknowledgement of excellence of HR practices:

Actions taken:

  • Fourth Employee Partner Certification in a row, along with the additional “Above and Beyond” certificates in the categories of Impact, Satisfaction and Future.

Connection with material negative impacts:

  • Equal treatment and opportunities for all – equality.
  • Working conditions – work-life balance.

11. Increasing salaries and fair working conditions

Actions taken:

  • Ensuring competitive salaries and fair working conditions in order to increase the satisfaction of employees and retain key talents within the Group.

Connection with material negative impacts:

  • Equal treatment and opportunities for all – equality.

Outcome:

  • Increased employee satisfaction and talent retention.

Contribution to objective:

  • Securing competitive position on the labour market.

The scope of key measures:

Actions taken covered different groups of employees:

  • All employees of the Company in actions oriented towards well-being, education and work climate.
  • Leadership positions through specific programs of the development of leadership competencies and responsibilities.
  • Employees of Span Group who were part of the merger process.

Most actions are currently being taken at the level of the Republic of Croatia and were implemented and completed during 2024. The implementation of the SAP module Performance & Goals is the exception, whose final phase is planned for mid-2025, and the implementation of SAP Learning module, with planned completion in the first half of 2025.

Some actions, such as regular training, monitoring of the results and continuous support to employees are integrated within continuing organizational processes, and will be carried out in the future as well: climate survey, working with the management, 360 assessment, initiatives for employee well-being, workshops related to data security.

All the relevant information on remedies and processes were already elaborated in detail in chapter S1-1. Some of the actions stated affect achieving positive impacts on own workforce, such as:

1. Improvement of work climate and dialogue with employees:

Positive impacts:

  • Increased overall satisfaction of employees through open and transparent communication.
  • Improvement of the results of work climate survey compared to last year through 12 aspects.

2. Development of leadership competencies and responsibilities:

Positive impacts:

  • Improvement of leadership skills that contribute to better team leading.
  • Greater clarity in expectations from managers and employees, thus reducing misunderstandings and frustrations.

3. Span Management Academy (development program for future leaders):

Positive impacts:

  • Development of future leaders through targeted training and practical exercises.
  • Empowering employees with potential for team leading.
  • Improvement of internal mobility and preparing employees for strategic positions within organization.

4. Digitalisation of employee performance management system (SAP module Performance & Goals):

Positive impacts:

  • Increased transparency and fairness in the evaluation of employee performance.
  • Clearly defined individual objectives that empower employees to achieve their potential.
  • Better alignment of personal goals with strategies of the organization, fostering productivity and engagement.

5. Support for young employees through professional practices and employment:

Positive impacts:

  • Ensuring fresh perspectives and new talents for future development of the organization.
  • Fostering the professional growth of young employees through coaching and expert training.
  • Building a reputation of the Company as a desirable employer among young experts.

6. Initiatives for employee health and well-being (B2Run, Fit Happens, MultiSport):

Positive impacts:

  • Promoting physical and mental health of employees.
  • Encouraging employees to have an active and healthy lifestyle by participating in sports activities and trainings.
  • Team building through participating in initiatives such as B2Run race or Fit Happens program together.

Group uses the following mechanisms to track the effectiveness of actions:

  1. Work climate survey: Analysis of employee satisfaction through 12 aspects.
  2. Tracking the engagement: Tracking the numbering of employees participating in initiatives such as B2Run, Fit Happens and MultiSport.
  3. Quantitative metrics: Number of participants in programs such as Span Management Academy or professional practices for young people.
  4. Qualitative feedback: Feedback from employees or managers on the benefits of initiatives implemented.
  5. Program evaluation: Results of trainings such as Span Management Academy.
  6. Health metrics: Results related to health promotion, such as reduced number of days of sick leave or increased engagement in health initiatives.

Material impact management primarily draws upon human resources, including human resources (HR) experts and leadership positions within the Group. Depending on specific actions and action plans required for effective impact management, appropriate financial resources are provided and planned, if necessary.

Through regular work climate surveys and performance interviews with employees and managers, HR department obtains regular feedback by means of a virtual inbox. On the basis of the information obtained, HR department considers the overall picture and suggests actions or activities to target actual or potential negative impacts on own workforce. HR department and management work together to revise and complete the proposal that is then validated by the Management Board or Business Unit Director (if related to only one business unit). Next comes the implementation and further tracking.

Material impact management primarily draws upon human resources, including human resources experts and leadership positions within the organization. Depending on specific actions and action plans required for effective impact management, appropriate financial resources are provided and planned, if necessary.

There are no ongoing specific measures for the mitigation of negative impacts on own workforce arising from the transition to a greener, climate-neutral economy, such as training, reskilling or employment guarantees, given the fact such challenges have not been identified in our business up until this moment. Additionally, there have been no cases of workforce reductions or mass layoffs.Consequently, measures such as job counselling, coaching, intra-company placements and early retirement plans were not necessary or applied. Measures for the mitigation of material risks for the Group arising from impacts and dependencies on own workforce: 1. Loss of key staff (poorly defined succession plan):
• Leadership competences for the identification of potential successors were developed.
• A potential and impact assessment tool (9 Box Grid) was implemented.
• Standards for potential and impact were defined, a basis for the future succession plan development, planned for the following years. 2. Employee resistance to measure implementation (M&A processes):
• Great attention was paid to change management, especially during the merger process and the integration of organizational cultures.
• Focusing on the inclusion of employees in changes and providing support in order to reduce the resistance. As part of these activities, sector gatherings and joint trainings were organized, enabling employees to get to know one another better and encouraging cooperation. These initiatives further contributed to the reduction of resistance and facilitated the adaptation to new working conditions. 3. Employee health and well-being:
• Regular satisfaction monitoring through work climate analyses.
• Implementing initiatives such as providing support for employees doing shift work and night shifts, and activities and initiatives focused on health and well-being. Measures for pursuing material opportunities for the organization arising from impacts and dependencies on own workforce: 1. Diversity and inclusive employment:
• Introduction of organizational standards that highlight tolerance and respect through managerial responsibilities.
• Developed leadership competences for human resources management, including diversity and inclusion.
• Span is a signatory of the Diversity Charter, and it adopted the Diversity Policy. We plan on further developing this topic. 2. Employee training and education:
• Continuous training for building expertise, including topics such as project management, security awareness, communication and managerial skills.
• Training programs for future cyber security experts, in order to improve security capacities of the organization.
176
177
3. Internal recruitment:
• Promotion of internal development and interdepartmental mobility possibilities before employing external candidates.
• Providing career development opportunities within organization. 4. Change management:
• Investing in the integration of different organizational cultures during acquisition processes, in order to ensure a successful implementation of changes. The Company has established and maintained a risk management system in order to connect strategic goals and risks with the operative risks and in this way manage the operations in the best possible way. By late 2022, the Company started the implementation of the risk management system according to ISO 31000 standard. The standard contains recommendations and good practice in the area of risk management and there is no official ISO certificate for it. The Risk Management Policy was defined (“Risk Policy”), applying to all temporary, occasional and permanent employees of Span, depending on defined roles and responsibilities. The Risk Policy specified competences, responsibilities and principles. The risk assessment frequency and reference to the Risk Appetite document were defined. It is specified that Span will accomplish its goals offering products and services while taking into account maintenance and respect of high ethical standards of operation and sustainability, which shows the integration of material risks related to own workforce into existing risk management processes. Risks application of controls and treatment plan for significant risks are presented to the Management Board twice a year. Corrections are made and tasks are assigned to individuals within teams at the meetings of the Management Board. Aim of the system which is set up in such a way is to train the Company in terms of management of existing and identified risks, regulating their importance and effect. We approach the assessment of effectiveness of such management system by considering the reduction of residual risks in relation to the initial ones due to applied controls, and we define treatment plans for unacceptable levels of key risks. This systematic approach enables the Company to identify, manage and mitigate risks related to workforce, while supporting strategic goals and sustainable development at the same time. Implementation of the action plan does not require significant operating expenditures and/or capital expenditures at the moment, since the action plan has not yet been defined.
178
179

Action Expected outcomes Contribution to objectives Extent Affected groups Geography Period of completion Qualitative/quantitative information
1. Developed leadership competences for the identification of potential successors • Clear identification of potential successors for key roles.
• Reducing the risk of losing key staff.		 Timely identification of employees with high level of business sustainability and reducing individual dependence potential. Key roles in Span d.d. Management and potential successors. Span d.d., with plans to extend to affiliated companies. Completed in 2024. • Defined responsibilities for all management levels.
• Developed leadership competences.
• Conducted training.
• 360 survey assessment for management.
2. Implemented a potential and performance assessment tool (9 Box Grid) • Structural and objective employee assessment.
• Talent identification.		 Objective analysis of employees, transparency of assessment, reinforcement of trust and succession planning. Assessment of all employees. Management and employees. Span d.d., with plans to extend to Group. Completed in 2024, with regular audit once or twice a year. • 100% of employees concerned.
3. Defined standards for potential and performance • Clearly defined assessment criteria.
• Basis of the succession plan development.		 Reduces subjectivity, ensures consistency and fairness in human resources management. All departments and levels of employment. Management and employees. Span d.d., with possibility to extend to Group. Completed in 2024. • Clearly defined criteria for potential and performance.
• Set standardized approach at the organizational level.
4. Great attention paid to change management (M&A processes) • Successful integration of organizational cultures.
• Reduction of employee resistance.		 Community building, reducing uncertainty and facilitating the adaptation to new working conditions. Departments involved in integrations. Employees affected by the M&A processes, managers and HR team. All locations in which Span does or plans to do acquisitions. Completed in 2024, with the continuation of actions in 2025. • Organized activities (social gatherings, training).
• Reduction of employee resistance.
• Successful integration of cultures.
5. Regular satisfaction monitoring through work climate analyses • Timely challenge identification.
• Improvement of working conditions.		 Informed decisions, continuous employee satisfaction, reduction of turnover and burnout. All employees of Span d.d. All employees. Span d.d Completed in 2024, carried out annually. • Survey completion rate.
• Qualitative and quantitative analysis of results.
• Number of initiatives for employee welfare.
6. Support for employees doing shift work and night shifts • Health and welfare improvement.
• Stress reduction and satisfaction increase.		 Improvement of productivity and long-term business stability. Technical support, SOC, shift workers. Employees working in demanding working conditions. Span d.d Implementation of actions started in 2024; it is being carried out continuously. • Survey completion rate.
• Analysis of satisfaction and key trends.
7. Introduction of organizational standards for tolerance and respect • Increase of diversity and inclusion.
• Reducing discrimination.		 Promoting inclusive organizational culture, attracting diverse talents and fostering innovation. Entire organization. All employees, especially underrepresented groups. Span d.d., with plans to extend to international level. Implementation started in 2024; it is developing continuously. • Defined leadership responsibilities and competences, with a focus on diversity and inclusion.
8. Continuous training for building expertise • Improvement of expert and technical knowledge.
• Reinforcing innovation and competitiveness.
• Training of cyber experts.		 Reinforcing key competences, reducing the need for outside experts, resilience to cyber threats. All departments and levels. All employees. Span d.d., with plans to extend to international level. Continuously. • Amount of training, certified employees, certificates obtained.
• Training and instructor satisfaction.
9. Promotion of internal development and mobility possibilities • Increase of employee engagement.
• Reducing costs of external recruitment.		 Provides career development opportunities within organization, reduces turnover and ensures business support. All departments. Employees interested in career development. Span d.d., with plans to extend to Group. Continuously. • Amount of internal transitions.
• Turnover rate.

180
181

S1-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities

At the moment, the Group does not have defined targets in place related to specific sustainability matters, since there is still an on-going process of identification of such matters.

S1-6 – Characteristics of the Span Group employees

In 2024, there were 124 departures from the Span Group, and our employee turnover rate was 14.44%. Calculated as the ratio of the number of departures to the average number of employees in 2024.The average number of employees is calculated as the arithmetic mean of the number of employees at the beginning and at the end of the reporting year. Employee turnover increase is partly a reflection of global trends in the IT industry. Root causes include adaptation to post-pandemic conditions, inflation, need for optimization of expenses and dynamic changes imposed by the global market circumstances. Despite the increased employee turnover, total number of employees was stable, owing it to being focused on employing profiles that best suit our strategic goals and the development of key competencies. All data related to the number and distribution of employees were taken from internal databases. Estimates to arrive at the presented information were not included.

S1-9 – Diversity metrics

Senior management consists of the members of the Management Board, Senior Directors and Directors.

Gender diversity at top management level

Gender Distribution in number at top management level Percentage (relative to the total at top management level)
Male 23 82.1%
Female 5 17.9%
Other* 0 0

*Gender as specified by the employees themselves

The Company predominantly has highly specialized technical and engineering positions (e.g., software engineers, system architects), which are highly competitive in the labor market. Most employees in these positions are men.

Excessive CEO pay ratio

Excessive CEO pay ratio is 5.20. The total compensation ratio for the reporting period is 5.20, which means that the total annual compensation of the highest-paid employee, including base salary, bonuses, allowances, benefits in kind, and other forms of remuneration, is 5.20 times greater than the medial compensation of other employees within the organization. This ratio indicates a moderate difference between the compensation of the highest-paid employee and the medial compensation of employees in the organization. The ratio of 5.20 reflects the practice of rewarding key management with competitive compensation packages, aiming to attract and retain highly qualified leaders while maintaining balance and fairness in the distribution of compensation among a broader range of employees. The total compensation ratio also demonstrates the organization's responsibility in structuring the compensation system, taking into account industry standards and best practices. This ratio is in line with the organization's policy based on transparency and fairness, ensuring competitiveness in relation to the labor market.

S1-17 – Incidents, complaints and severe human rights impacts

There were no reported cases of discrimination or harassment so far, and there were also no complaints or fines. In addition, there were no severe human rights incidents connected to the workforce, or cases of non-respect of the UN Guiding Principles or ILO Declaration, and there were also no fines.

Gender

Category Number of employees
Male 589
Female 263
Other* 0
Not reported 0
Total Employees 852

*Gender as specified by the employees themselves

Cross-referencing of the information mentioned above to the most representative number in the financial statements

Reference 10. Staff Costs

Country

Country Number of employees
Croatia 776

Croatia

Span

Metric Value
Number of employees (head count) 776
Number of permanent employees (head count) 773
Number of temporary employees (head count) 3
Number of non-guaranteed hours employees (head count) 0

2024. Span

Gender Number of employees (head count) Number of permanent employees (head count) Number of temporary employees (head count) Number of non-guaranteed hours employees (head count) Total
Male 534 532 2 0 776
Female 242 241 1 0
Other* 0 0 0 0
Not disclosed

*Gender as specified by the employees themselves

S1-16 - Remuneration metrics (pay gap and total remuneration)

The gender pay gap in Group is 14.25%. As part of the analysis of the employee structure and their average earnings, a gender pay gap of approximately 14% was recorded. The difference is primarily the result of the specific distribution of genders by function, the level of seniority in highly specialized technical positions, and the market value of certain positions.

182

183

S3 – Community – Company specific

SBM-3 – Community – Company specific

In the process of DMA, Span Group did not identify any negative impact, risk or opportunity on affected communities with particular characteristics, nor did it identify risks that could lead to adverse effects. Communities in the business locations of the Group are not exposed to material impacts because the Group operates primarily in the digital environment, without physical production activity. Throughout our value chain, we collaborate with non-profit organizations, providing them with technical support and developing solutions for the improvement of their business. Therefore, we identified a Company-specific positive impact. Our engagement in the educational sector naturally derives from strategic orientation and business model. As an organization specializing in infrastructure services, cloud solutions, cyber security, technical support and software development, we aspire to pass our knowledge and experience on future experts. Our employees regularly take part in lectures, workshops and coaching programs, sharing their expertise in key technological areas, including infrastructure, service management, cloud technology, cyber security and software development, thereby enhancing the digital competences of the community. Apart from that, Span supports non-profit organizations with application development in order to facilitate their business, using technologies such as Microsoft Power Platform. In addition, we ensure support during licences activation, creating user accounts, data migration and user training regarding the basic use of Office 365 services, enabling them to be more efficient in managing day-to-day operations. Thereby we contribute to the improved efficiency of those organizations, and we support the local community in their work. More information about this can be found in the chapter: 3.7 Span volunteers: the power of knowledge and skills, and on the Company’s website. These activities positively impact the educational communities and civil society in the regions in which the Company operates. Although a direct adaptation of strategy is not the main goal for now, in the long term, activities with educational institutions and non-profit organizations can contribute to the adaptation of business models.

S3-1, S3-4, S3-5 – Policies, Measures, and Targets related to Affected Communities

The Group did not adopt specific policies, actions nor targets related to affected communities, given the fact we did not identify material negative impacts or risks related to the community, but a positive company-specific impact. However, we are aware of the importance of continuous monitoring of our sustainable activities, and we plan on conducting further analyses that will help us identify possible needs for the development of targeted policies, actions and targets in the future.

Respect for the human rights of communities, and indigenous peoples specifically

Span Code of Business Conduct reflects core values of the Group, and includes guidance for fair and responsible operation. Compliance with internationally recognized principles is highlighted in the Code, including the United Nations Universal Declaration of Human Rights and the ILO Declaration on Fundamental Principles and Rights at Work. Although no specific provisions related to affected communities are stated directly in the Code, our partners and employees are obliged to adhere to the principles of honest business practices and Span’s core values, including indirectly advancing positive impacts on communities.

Measures to provide and/or enable remedy for human rights impacts

At the moment, there are no explicitly prescribed measures or mechanisms to ensure the protection of human rights of affected communities or enable remedy.

S3-2 – Processes for engaging with affected communities about impacts

Engaging with communities is done based on needs and characteristics of each community. Projects and initiatives are arranged in accordance with identified needs of each community. Although no cooperation mechanisms are formalised, the Group is open to adaptation of its activities in order to achieve a positive impact on communities.

Key activities and collaborations

In the course of last year, we contributed to enhancing the digital competences of young people and connecting the educational sector with IT industry through a number of activities and collaborations:

  • Participating in career events: We actively participated in job fairs, such as FER Job Fair, Career Day at Algebra University, Career Day at Faculty of Transport and Traffic Sciences and TVZ Career Day, where we presented career opportunities in our organization.
  • Engaging with high-school students: We visited high schools for the first time to present career opportunities and the IT industry to graduates, and through Span IT Gym internal program we provided professional practices and coaching to young people interested in pursuing a career in IT. Upon completion of professional practices, we even employed a few of the students.
  • Gaming community: By participating in Good Game Zagreb 2024, a charity gaming tournament, we continued our cooperation with the gaming community, further reinforcing our connection with young people interested in technology and IT industry.

These activities are not only single events, but a part of long-term strategy of investing into future IT experts and reinforcing the digital competences of the society.# H1

S4 – Consumers and end-users

SBM-3 – Consumers and end-users

The only identified material impact on users derives from the close link betweens Span’s strategy and business model and personal information management. Given the fact we provide IT services and solutions that include data processing and protection, personal in- formation included, one of our crucial respon- sibilities is to ensure GDPR compliance. The compliance will prevent invasion of privacy of natural persons (subjects) and exposing their personal information to unauthorized access and misuse. Data security breaches (e.g. unauthorized access, unauthorized dis- closure) may cause identity theft, financial loss or sense of insecurity among end-users. This risk directly impacts the adaptation of our strategy and business model. Span continuously invests in the improvement of data protection policies, implementation of advanced protection mechanisms and employee training. Our business activities include establishing a compliance monitoring system, and proactive measures to ensure responsible data management, thus further reducing the possibility of adverse impacts.

Span identified the development of security solutions for tackling cyber attacks as a ma- terial opportunity directed at its users. We impact the protection of personal information. More information about this can be found in the chapter 1.3.1: Description of the operation and main activities, and in the topical part Governance information – company-specific: Development of security solutions for tackling cyber attacks.

Our identified material impact does not relate to a specific user group. All users on whom the Group has, or will have, a significant impact — either through its own operations or the value chain — are included in the scope of the DMA. Span Group does not have products inherently harmful to people, products that increase risks for chronic disease, products that particularly impact the children or financially vulnerable individuals. When assessing the materiality of impacts on users, we did not identify specific user groups with particular characteristics that may be at greater risk of harm compared to other users. Our products and services do not target specific vulnerable user groups, and data management processes are equally rigorous for all users, regardless of their age, location or other specifics. Users of our digital services may be subject to personal information privacy and protection risks, i.e. they depend on accurate and accessible information in order to prevent potentially harmful use. The impact is widespread in the context of digital services that we provide, particularly in relation to user privacy, and it concerns individual cases.

S4-1- Policies related to consumers and end-users

Although the Group does not have a separate policy aimed at direct user privacy protection, the Company includes the rights related to user privacy and personal data protection in publicly available policies, such as: Privacy Policy, Code of Business Conduct and User Personal Data Processing Rules. These policies ensure GDPR compliance and define means by which we collect, process, protect and manage personal data of users. Also, Span adopted internal policies and procedures related to handling of requests or incidents, and the User Personal Data Processing Rules, which not only further elaborate on the processing of their personal data, but on the employee obligations in case they work on the processing of personal data for Span, as well.

Although formalised polices have not yet been adopt- ed, our approach is based on the following principles:

  • Talent development and connecting with the industry: We aim to continuously improve our cooperation with educational institutions in order to ensure access to knowledge and resources necessary for a career in IT to students and pupils.
  • Practical training and coaching: By way of lectures, workshops and professional prac- tices, we help young people to gain practical knowledge to help facilitate their entry into the labour market.
  • Promoting cyber security: Through train- ings and workshops, we raise awareness of security threats and the importance of data protection.

Our activities in the educational sector and supporting young people in development of their digital competences have a long-term positive impact on community and industry. Cooperation with educational institutions, coaching and professional practices enable students and pupils to gain practical knowl- edge necessary for success in the digital world. In addition, such activities also help educational institutions to adapt the syllabus to the actual needs of the industry. In the long run, such partnerships contribute to the development of the IT sector and increase employability of young talents, while ensur- ing a high level of technical expertise in the community at the same time.

Cooperation with the academic community:

We organized lectures, workshops and panel discussions at the Faculty of Engineering in Rijeka, the University of Applied Sciences in Zagreb, the Faculty of Organization and Informatics in Varaždin, and other institu- tions. In these lectures, we share practical IT knowledge and promote the importance of cyber security and technological innovations.

Supporting talent development:

As a RiTeh Web Team gold sponsor, we supported in- itiatives such as Ri-Hack hackaton and Ri- Comp conference, providing students with the opportunity to acquire practical skills in software solution development.

Specialized Trainings: Coding, Computer Forensics, AD Tier Model, Ethical Hacking, Cloud Security, Windows Internals, EDR Internals & Evasion, Database Security, Computer Forensics, Secure Your Cloud: Hands-On workshop, Cyber Secu- rity Analyst Academy, Advanced Memory Forensics, Active Directory Security, Cyber Threat Intelligence and Cyber Security for IT Professionals.

Mentioned public specialized trainings were attended by 219 participants from 120 legal entities, and in addition to that, 24 private trainings were held, most of them being trainings for the leading staff, with a particular focus on risk and crisis manage- ment, and security incident responses.

You can read more about Span's development of security solutions for cyber attacks in the topical chapter Governance information, G1 – Company-specific, on page 195.

General objectives of the policy:

  • Ensure protection of privacy and security of user personal data.
  • Align business activities with GDPR require- ments and the requirements of other rele- vant laws.
  • Encourage users to trust our services through transparent data management.

We are aware of the fact that GDPR incom- pliance may result in the invasion of user privacy, exposing their data to unauthorized access, financial losses and loss of trust of users. Therefore, the implementation of policy is monitored by responsible persons who conduct periodic audits, risk assess- ments, and monitor the compliance with standards and regulatory requirements in force. Policy applies to all business activi- ties that include collecting, processing and storing user personal data. It encompasses all the value chain levels and geographic regions in which Span operates. There are no exemptions in the policy, it applies to all users and stakeholders equally.

Executive Director for Information Systems and Se- curity has the highest level of responsibility for the implementation of policy, managing a team of experts for data protection. Data Protection Officer (DPO) is also appointed, ensuring GDPR compliance and supervising

The interests of users are taken into ac- count through:

  • Transparency: Clear communication about the modes of collecting, processing and pro- tecting data in the Privacy Policy is available on our website.
  • Rights of users: We enable users to exercise rights such as access, rectification, erasure and restriction of processing of their data.
  • Feedback: We offer the opportunity of di- rect communication concerning enquiries or complaints to our users, according to the procedure of handling of requests.

Privacy policy is made publicly available to all users on our website. We thus ensure transparency and user awareness in terms of way we protect their data. It is not particu- larly aimed at specific groups of users, and it is applied universally to all persons whose personal data is processed in the context of Span’s business activities.

Cyber Security Incubator: The mission of our Cyber Security Incubator (CSI) is to provide cyber training experience and empower the cyber competencies of all employees, both within Span and our clients' employees, helping them develop the knowledge and skills needed for secure operations in a digital environment. In the last year, CSI focused on intensively educating the market on key aspects of cyber security, raising awareness of threats and empowering organizations through expert training. We developed and conducted more than 35 different trainings, and some of them were held several times due to increased inter- est. Trainings held can be divided into three groups: trainings for raising awareness of the cyber security, trainings for the management, and technical specialized trainings. Trainings for raising awareness of risks and means of protection are intended for all employees, management trainings are intended for dif- ferent levels of leading staff in organizations, while technical trainings are intended for IT and cyber security specialists. All trainings are composed of theory and practice, with scenarios defined in advance. 23 trainings for raising awareness were held, including trainings such as: Cyber Security Essentials, Security Practices for Phishing Attacks, which were attended by more than 1 100 partici- pants. Specialized trainings held were Secure# S4 – Stakeholder Engagement

S4-2 – Processes for engaging with consumers and end-users about impacts

In the Span Group, different channels of communication and engagement with users already exist in the context of our Customer support service, appointing responsible persons for the performance of contracts, Data Protection Officer, as well as the Compliance Officer. Depending on the type of relationship, these departments communicate with users in order to provide information, respond to enquiries and process their requests. Also, we regularly evaluate user satisfaction by means of surveys in the IT services management system, and after the project completion as well. The process of handling user complaints is clearly defined in our Complaint Management Procedure. Results of the user satisfaction analysis are discussed at monthly meetings of the management, and yearly at the Management Report. Also, there is a basic process for engaging with users, which includes direct communication via telephone, e-mail, and online channels (website and social media platforms). In case situations that may impact the workforce occur (e.g., if user data is likely to impact employee security or business processes), we conduct internal consultations with relevant teams, including the Legal Department, Data Protection Officer, and IT departments, in order to ensure timely addressing of all potential impacts. In addition, our employees responsible for tracking user satisfaction and the Data Protection Officer regularly monitor end-user feedback in order to ensure that each potential impact on our workforce is timely identified and addressed. Basic interactions with users occur in the process of license selling, management of IT services of users, and project activities at the level of IT infrastructure of users, and in all those aspects, we monitor the security of data privacy. Data and product security is a key aspect of Span Group’s operation, and the cooperation with users and relevant stakeholders takes place in accordance with ISO 27001, which ensures comprehensive measures of data protection and safe product development. In this context, cooperation with users and other stakeholders takes place by means of exchanging information on security requirements, compliance, and risks, and adapting security policies to the latest regulatory and market requirements. The Director of the relevant business unit is responsible for assessing the relevance of the information and for integrating the information into security measures, in cooperation with security and compliance teams. Effectiveness of the engagement is evaluated by analyzing complaints and through user satisfaction surveys. We have been monitoring user satisfaction since 2014, using defined survey processes while managing services and projects, and through complaints received. The Management Board and management are informed about these parameters at regular monthly meetings, and they can act and make strategic decisions accordingly.

S4-3 – Processes to remediate negative impacts and channels for consumers and end-users to raise concerns

We defined the Complaint Management Procedure, which describes the process of handling user complaints. This procedure ensures that all complaints are carefully considered and handled in accordance with our internal policies and relevant legislation. Each complaint must be registered and processed, by means of communicating the reason for dissatisfaction to the user representative and attempting to correct the mistake or misunderstanding. Within our anti-bribery management system, we established a Violation or suspected violation reporting procedure, which enables employees, partners, users, and other relevant stakeholders to anonymously raise concerns in relation to any occurrence or conduct they consider irregular. Depending on the type of irregularity, users can submit their complaint to the Compliance Officer, Data Protection Officer, and Span’s Legal Department (whose e-mail addresses are available on the website). The Reporting Committee, which consists of the Compliance Officer and the directors of the Legal Affairs, Human Resources, and Quality Department of Span, is responsible for receiving and further processing of all anonymously reported cases. We thereby guarantee transparency and responsibility in the implementation of policy. The policy is in compliance with the General Data Protection Regulation and other relevant regulatory requirements. In addition, it is based on the best industry practices and information security standards, including ISO 27001. We have not yet been able to assess the effectiveness of the legal remedy introduced, and we did not assess the user awareness of these processes. More about this can be found in topical chapter: Governance information, G1-1. Span respects the rights of users to legal protection, and it established mechanisms that users may utilize to report their concerns or irregularities observed, in order to ensure and facilitate the right to a remedy. In case an employee is exposed to any type of discrimination, harassment, or sexual harassment, Span also appointed Commissioners for the protection of employee dignity. Those Commissioners are authorized to receive and handle complaints related to the protection of employee dignity in accordance with the Rulebook on procedures and measures for the protection of employee dignity, which is available to all employees on Span’s intranet. Employees may address all complaints, notifications, questions, requests, and other findings that fall under the scope of responsibility of the Commissioners for the protection of employee dignity: via e-mail on: [email protected] or in writing to the address of the Commissioners “Od- vjetničko društvo Jelavić & partneri j.t.d.”: Palmotićeva 70, 10000 Zagreb.

S4-4 – Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions

Span implements technical and organizational measures in order to ensure the highest possible degree of data protection. Measures applied vary from technical protection measures, such as access limitation to certain spaces, supervising access to spaces, use of firewalls, and technical solutions that prevent data leakage, to organizational measures, such as implementation of ISO 27001 and ISO 22301, adopting rules on data protection, procedures related to handling cases of requests or incidents, training and raising awareness of employees in terms of data protection. Span enabled the subjects to submit requests in relation to the protection and exercise of their rights by way of information available on Span’s website or by contacting the Data Protection Officer via e-mail. Additional measures were not identified as necessary at the moment. At Span Group, we don’t have ongoing targets in the context of GDPR compliance. However, we monitor the effectiveness of our policies and measures related to the protection of privacy and data security using monitoring and reporting processes. These processes include monitoring of GDPR compliance by way of legal and security teams. Although we do not monitor specific targets related to GDPR, we monitor relevant metrics that help us evaluate the effectiveness of our measures and policies. Progress is assessed on the basis of internal and external evaluations, with a particular focus on achieving high standards of data protection.Qualitative metrics include user feedback and the results of satisfaction sur- veys, whereas quantitative metrics include number of user complaints, time needed to handle complaints and the percentage of successfully handled complaints. In addition to that, we measure progress using quanti- tative metrics such as number of success- fully conducted audits and the percentage of employees that received training on the topic of data protection. Reference period for monitoring progress covers a calendar year, and the results are analysed at monthly meetings of the management and at the yearly Management Report. Based on those metrics and the results of regular reports, we are able to evaluate the effectiveness of the implementation of our policies in relation to the GDPR compliance, despite the fact we do not have specific targets when it comes to this topic.

The process by which we determine actions needed and appropriate in response to a particular actual or potential negative impact on users is based on the risk analysis and the evaluation of existing policies and pro- cedures. Teams from the Legal Department and Customer support and data protection service take part in this process, and they evaluate potential negative impacts of our services and products on users, including the violation of data privacy. If an actual or potential negative impact is noticed, internal analyses are conducted and they may include questionnaires or surveys for users, as well as consultations with external experts, if applicable, in order to determine appropri- ate measures. Based on those analyses, we develop specific measures to mitigate neg- ative impacts or to prevent the recurrence of incidents.

Based on our approach, particular material negative impacts on users largely depend on the compliance of products and services with the regulations, quality of customer support and rights of users to privacy protection. If specific negative impacts occur, we ap- ply measures that include improvement of product design, improvement of customer support, and the implementation of measures to increase the security and the GDPR com- pliance. We also take action when it comes to monitoring user feedback and adapting our practices to their needs. We consider taking a broader measure at sectoral level, when necessary, such as cooperating with regulatory authorities or launching initiatives to raise awareness of data security and rights among users, in accordance with the regu- lations. We may also be in touch with other relevant parties, such as consumer protection organisations, in order to join forces and align our approaches.

We have taken the steps to enable remedy in case of material negative impacts on users. We ensured users have access to clear infor - mation on their rights to remedy through our privacy policies and complaints procedure. In addition, all our users have access to the channel for anonymous reporting, by means of which they may report any suspicions in relation to negative impacts of our services. We ensured our complaints procedures are effective, clearly defined and easily accessible to all users. Complaints are handled within a reasonable period of time, and updated reports about the status of their cases are sent to users. In case of serious complaints or disputes, we ensure the possibility of out- of-court procedure for resolving disputes in cooperation with relevant authorities. By doing so, we guarantee the availability and effectiveness of remedy for our users. We haven’t had the opportunity to evaluate the results of securing remedy for those affect- ed, and so far there have been no serious incidents and cases related to human rights of our users.

At Span Group, human capital and expertise in the form of interdisciplinary teams that include experts in the area of legal affairs, protection of data privacy, customer sup- port, product development and marketing are assigned the management tasks related to our material impacts on users. We use advanced technologies for data protection, such as encryption, firewalls and systems for the detection and prevention of threats as measures for the mitigation of impacts. These teams cooperate closely in order to ensure that all our products, services and processes are in compliance with the rele- vant legislation, data protection standards and best practices in the area of customer support.

We implemented the risk management sys- tem according to the recommendations of the ISO 31000, which enables us a systematic risk assessment based on their likelihood, 190 191 potential impact and source. We integrate additional controls and assess the residual risk, and we plan and conduct risk treatment plans where necessary. Material risks are pre- sented to the Management and Supervisory Board once a year, or where appropriate. The Legal Department, in cooperation with the Data Protection Officer ensures that provi- sions regulating the processing of personal data according to the GDPR are included in all the contracts with users. We also sign separate Data Processing Agreements, whose content is in compliance with the GDPR in all legal relationships as applicable.

Expected outcomes for each of the measures we implement include improvement of user satisfaction, increased compliance with the relevant legislation (especially GDPR), re- duced number of user complaints, and the optimization of our business processes. Each measure contributes to the achievement of the objectives by reducing the risks related to data privacy, increasing the transparency when it comes to communication with users, and improving our ability to respond promptly to user needs. All the measures described are applied to all the relevant sectors within the Company, including internal IT, human resources, legal affairs and customer support. Measures are aimed at all our users, including end-users of our products and services, and stakehold- ers such as business partners that come in contact with our services and products. Ge- ographically speaking, measures are applied in all the markets in which we operate. Span is in the process of defining a period for the completion of each key measure. Previously, measures related to the GDPR, involvement and improvement of customer support have already yielded positive devel- opments, proven by the reduced number of complaints compared to last year. In addition to that, the results of user surveys show an increase of user satisfaction in relation to data privacy and right of access to infor- mation, with a 15% improvement in the last six months.

S4-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities

At the moment, we do not have targets re- lated to specific sustainability factors, such as protection of data privacy or GDPR com- pliance. Reasons for not establishing our targets include the nature of dynamics in the area of data protection, where priorities tend to rapidly change in accordance with the applicable regulatory requirements and specific needs of our users. However, the Group is open to further assessment and adaptation of its policies and resources in accordance with future needs or changes in assessing the materiality of impacts on communities.

1.4. Governance information (G1)

G1-1 – Corporate culture and business conduct policies

Span Group is committed to maintaining high standards of business conduct and fostering a positive corporate culture. In this context, we developed policies that guide our opera- tions in the key aspects of business conduct, including management of relationships with suppliers and prevention and detection of corruption and bribery.

Code of Business Conduct: Code of Business Conduct defines the standards of conduct we expect from all employees, as well as business partners and shareholders. The Code covers topics such as decency, integrity, respect and responsibility.

Anti-corruption and anti-bribery policy: The Company has rigorous policies in place for the prevention and detection of corruption and bribery. These policies include procedures for reporting suspicious activity, measures for the protection of whistleblowers, policy of managing conflict of interest, and gift giving and receiving rules.

Data protection policy: Data protection policy of the Company ensures a unified approach when it comes to the processing of personal data in accordance with the relevant laws.

Our corporate culture is based on the princi- ples of cooperation, professionalism, ethical conduct, responsibility and transparency. We actively foster open communication, we promote employee improvement and ensure the availability of mechanisms for reporting unethical conduct. Internal code of conduct and business policies are regularly updated and adjusted to the regulatory requirements and best industry practices.

Identified material impacts, risks and opportunities related to governance:

  1. Impact of the management of relationships with suppliers, including payment practices: The Company maintains positive relationships with suppliers through open communication and cooperation, including the expansion of product/service range of suppliers, improving the quality of services and regular payment for services. Also, if the organization does not take into account social and environmental criteria in its supplier selection, it might be interpreted as supporting unsustainable and unethical practices, which can nega- tively impact the environment and society and threaten the long-term sustainability of business.
  2. Impact of corruption and bribery: Lack of efficient measures to prevent and detect corruption and bribery can result in unethical conduct within the Group, it can threaten the working culture and create an unfair working environment for employees.
    3.# G1-1 Management of relationships with suppliers

Opportunity related to the increased de- mand for cyber security solutions: Span Group identified this opportunity because the demand paves the way for the offer of innovative solutions and a potential oppor- tunity for returns on investments.

Our Anti-bribery management system (ABMS) in accordance with ISO 37001 was certified in 2022. Within this system, we created a Violation or suspected violation reporting procedure, defining the ways in which one can report a violation or sus - pected violation of internal code of con- duct (valid for internal and external users). Internal code of conduct is defined in our Code of Business Conduct, which refers to other procedures we defined within ABMS, and our Anti-corruption policy is available on our website. Reports of suspicions or violations of internal rules of conduct can be submitted in several ways, depending on the situation and the preferences of the person submitting the report. The report can be verbally addressed to the superior. If such a method is not possible for any reason, the report can be sent by email to [email protected] or anonymously via the online form available on our website, within the Procedure for Reporting Sus- picion or Violation.

Received reports are reviewed by a committee consisting of the compliance officer and the directors of the legal affairs, human resources, and quality departments. In cases where employees or third parties, such as clients, wish to submit a report outside of the mentioned channels, they can do so via any of our official contact details, either by phone call to SPAN LINE +385 1 6690 240 or by sending a letter to Span d.d., attn: Compliance Officer, Koturaška cesta 47, 10 000 Zagreb, with a clear note 'DO NOT OPEN'.

When it comes to reports related to violations of employees' dignity, reports are directly addressed to the dignity protection officer at the email address dostojanstvo. [email protected]

Except for the Code, Policy and Reporting procedure mentioned, we also developed:
1. Gift giving and receiving procedure
2. Whistleblower protection procedure (de- scribed in detail in the topical part S1-1).

During onboarding, all employees are obliged to watch a presentation about our Code of Business Conduct and pass a short test on our Learning Management System (LMS). This is our standard onboarding process, which is the responsibility of our Human Resources Department. During our regular Management Academies, where we prepare potential employees for managing positions, we also conduct a training program for com- bating corruption and bribery, given by the representative of the Management Board for countering bribery. The percentage of high-risk functions covered by the training program is 6.46%. We have defined high-risk functions covered by the training program as members of the Management Board and all employees in the finance, accounting, controlling, sales, and legal departments at Span d.d.

Finally, we cooperate closely with Microsoft, whose Partner Code of Conduct is very similar to ours, and members of the Management Board and the Sales Department have already watched the training on that code a couple of times, and they passed an extensive test after the training. Investigating committee is represented by the independent representative of the Man- agement Board and the Director of Legal Affairs, and we consider them separate from the chain of management.

Once a year, the Management Report is drawn up, consisting of the outcomes of internal and external mon- itoring related to ABMS, and it is presented to the Management and Supervisory Board. All our policies and procedures related to anti-corruption are based on the fundamental principles of the United Nations Convention against Corruption, and they respect those principles.

G1-2 Management of relationships with suppliers

Span is guided by the principles of equitable operations, ensuring all suppliers have trans - parent terms of cooperation. We respect the scheduled payment dates, we foster open communication and encourage suppliers to continuously improve their services and products. Payments are made twice a week in order to minimise the risk of late payment in general (including payments to micro-, small- and medium-sized enterprises). Pay- ments are prepared in our accounting system, and timely entry of data into the system is ensured by internal controls. We have been assessing suppliers within our Quality Management System since 2006, based on the quality of delivery and feedback.

In the last few years, we identified the need for raising the level of assessment within other management systems, including the sustainability requirements and the recom- mendations of the Cyber Security Act (NIS2 Directive transposed into Croatian legislation). In order to ensure a systematic and com- prehensive approach, we launched a pilot project of supplier assessment in 2024. In the following period, we plan on sending a questionnaire to our key suppliers and defin - ing criteria of choice.

Although Span Group still has not applied a formal framework for the assessment of social and environmental criteria in its supplier selection, environ- mental aspects are already being taken into account for certain categories of services. For example, when choosing the provider of cloud services, Span Group assesses their practices in relation to sustainability, includ- ing GHG emissions, energy consumption and governance of water resources.

G1-3 Prevention and detection of corruption and bribery

By way of contractual clauses, Span obliges primarily its suppliers, but the users as well, to respect all the relevant regulations in the area of anti-corruption and money laundering, and the Span Code of Business Conduct. A breach of said contractual clauses, as well as an infringement results in the termination of the contract and a right to compensation. The Anti-corruption policy and the Code of Business Conduct are available on Span’s website in six languages for our external stakeholders, and there is also basic informa- tion about our commitment for a successful functioning of all our management systems, our anti-bribery management system includ- ed. More on anti-corruption is described in G1-1. Also, the results are presented to the Man- agement and Supervisory Board once a year, and they relate to all eight ISO systems im- plemented in Span, with a particular focus on ISO 37001, since the obligation of such reporting is a mandatory requirement of the standard concerned.

Span has not been convicted, nor have there been fines imposed on Span for violation of anti-corruption and anti- bribery laws. In addition, there have been no actions tak- en to address breaches in procedures and standards of anti-corruption and anti-bribery, since there have been no breaches.

G1-6 Payment practices

The average time of payment of Span d.d. is 15 days. Standard payment terms in the Company are defined as follows: for large enterprises: 60 days, and for micro, small- and medium-sized enterprises: 30 days. In order to reduce the risk of late payment, payments are made twice a week. Despite that, 2.5% of all payments were late, whereby we continuously work on improving the process and increasing the number of timely payments. Currently, there are no legal proceedings outstanding for late payments.

G1 – Company specific: Development of security solutions for tackling cyber attacks

Span Group acknowledges the importance of cyber security as a key element in the protection of its own, as well as its users data and business operations. In accordance with our business strategy, we continuously invest in the development of advanced se- curity solutions that keep up with the new types of cyber attacks. Span possesses the ISO/IEC 27001 Certificate since 2011, which proves our continuous investment in security measures and data protection. Information security is particularly important since we have access to the confidential information of users (for the purpose of execution of the contractual obligations).

Policies and processed implemented in ac- cordance with ISO 27001 include:
* Management of incidents related to cyber security for existing operations, including pro- active monitoring and responding to incidents.
* Compliance with the legal requirements relat- ed to the protection of sensitive information, personal data and information systems.
* Risk and emergency management ensuring timely response to security incidents.

During 2022, a new version of ISO/IEC 27001 was published, introducing new and chal- lenging the existing security measures. In accordance with the certification scheme, Span will be in compliance with the new version of standard during 2025.

We were the first in Croatia to be certified for the ISO/IEC 42001 standard, an international standard that defines the requirements for an artificial intelligence management system. The standard is based on best practices that ensure the ethical, safe and effective use of AI technologies.

When it comes to Span’s cyber security lev- el, we continuously work on improvements caused by new forms of attacks as well as technologies. . In 2024, as in the previous years, we worked on different areas, particularly:
* Introducing the phishing-resistant multi-factor authentication, based on the FIDO2 standard.
* Continuing internal training related to cyber security, with additional voluntary training related to personal online security of our employees.
* Modernization of our internal processes en- abled us to shut down all the servers in satellite/remote offices. The overall security in the Span environment was thus increased because the surface for potential cyber at- tacks was reduced. Apart from that, the maintenance cost and electricity consumption will therefore be reduced.
* Refactoring and security testing of applica- tions for internal use.# Appendix B: List of datapoints in cross-cutting and topical standards that derive from other EU legislation

Disclosure Requirement and related datapoint SFDR (1) reference Pillar 3 (2) reference Benchmark Regulation (3) reference EU Climate Law (4) reference Page number
ESRS 2 GOV-1 Board's gender diversity paragraph 21 (d) Indicator number 13 of Table #1 of Annex 1 Commission Delegated Regulation (EU) 2020/1816 (5), Annex II 128
ESRS 2 GOV-1 Percentage of board members who are independent paragraph 21 (e) Delegated Regulation (EU) 2020/1816, Annex II 128
ESRS 2 GOV-4 Statement on due diligence paragraph 30 Indicator number 10 Table #3 of Annex 1 132
ESRS 2 SBM-1 Involvement in activities related to fossil fuel activities paragraph 40 (d) i Indicators number 4 Table #1 of Annex 1 Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 (6) Table 1: Qualitative information on Environmental risk and Table 2: Qualitative information on Social risk
ESRS 2 SBM-1 Involvement in activities related to chemical production paragraph 40 (d) ii Indicator number 9 Table #2 of Annex 1 Delegated Regulation (EU) 2020/1816, Annex II Not significant
ESRS 2 SBM-1 Involvement in activities related to controversial weapons paragraph 40 (d) iii Indicator number 14 Table #1 of Annex 1 Delegated Regulation (EU) 2020/1818 (7), Article 12(1) Delegated Regulation (EU) 2020/1816, Annex II Not significant
ESRS 2 SBM-1 Involvement in activities related to cultivation and production of tobacco paragraph 40 (d) iv Delegated Regulation (EU) 2020/1818, Article 12(1) Delegated Regulation (EU) 2020/1816, Annex II Not significant
ESRS E1-1 Transition plan to reach climate neutrality by 2050 paragraph 14 Regulation (EU) 2021/1119, Article 2(1) 152
ESRS E1-1 Undertakings excluded from Paris- aligned Benchmarks paragraph 16 (g) točka 16. podtočka (g) Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 1: Banking book-Climate Change transition risk: Credit quality of exposures by sector, emissions and residual maturity
ESRS E1-4 GHG emission reduction targets paragraph 34 Indicator number 4 Table #2 of Annex 1 Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 3: Banking book – Climate change transition risk: alignment metrics
ESRS E1-5 Energy consumption from fossil sources disaggregated by sources (only high climate impact sectors) paragraph 38 Indicator number 5 Table #1 and Indicator number 5 Table #1 and Indicator n. 5 Table #2 of Annex 1 Not significant
ESRS E1-5 Energy consumption and mix paragraph 37 Indicator number 5 Table #1 of Annex 1 154
ESRS E1-5 Energy intensity associated with activities in high climate impact sectors paragraphs 40 to 43 Indicator number 6 Table #1 of Annex 1 Not significant
ESRS E1-6 Gross Scope 1, 2, 3 and Total GHG emissions paragraph 44 Indicators number 1 and 2 Table #1 of Annex 1 Article 449a; Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 1: Banking book – Climate change transition risk: Credit quality of exposures by sector, emissions and residual maturity
ESRS E1-6 Gross GHG emissions intensity paragraphs 53 to 55 Indicators number 3 Table #1 of Annex 1 Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 Template 3: Banking book – Climate change transition risk: alignment metrics
ESRS E1-7 GHG removals and carbon credits paragraph 56 Regulation (EU) 2021/1119, Article 2(1) Not significant
ESRS E1-9 Exposure of the benchmark portfolio to climate-related physical risks paragraph 66 Delegated Regulation (EU) 2020/1818, Annex II Delegated Regulation (EU) 2020/1816, Annex II Not included in the report, gradually being introduced
ESRS E1-9 Disaggregation of monetary amounts by acute and chronic physical risk paragraph 66 (a)
ESRS E1-9 Location of significant assets at material physical risk paragraph 66 (c) Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 paragraphs 46 and 47; Template 5: Banking book - Climate change physical risk: Exposures subject to physical risk. Not included in the report, gradually being introduced
ESRS E1-9 Breakdown of the carrying value of its real estate assets by energy-efficiency classes paragraph 67 (c) Article 449a Regulation (EU) No 575/2013; Commission Implementing Regulation (EU) 2022/2453 paragraph 34; Template 2: Banking book -Climate change transition risk: Loans collateralised by immovable property - Energy efficiency of the collateral Not included in the report, gradually being introduced
ESRS E1-9 Degree of exposure of the portfolio to climate- related opportunities paragraph 69 Delegated Regulation (EU) 2020/1818, Annex II Not included in the report, gradually being introduced
ESRS E2-4 Amount of each pollutant listed in Annex II of the E-PRTR Regulation (European Pollutant Release and Transfer Register) emitted to air, water and soil, paragraph 28 Indicator number 8 Table #1 of Annex 1 Indicator number 2 Table #2 of Annex 1 Indicator number 1 Table #2 of Annex 1 Indicator number 3 Table #2 of Annex 1
ESRS E3-1 Water and marine resources paragraph 9 Indicator number 7 Table #2 of Annex 1 Not significant
ESRS E3-1 Dedicated policy paragraph 13 Indicator number 8 Table 2 of Annex 1 Not significant
ESRS E3-1 Sustainable oceans and seas paragraph 14 Indicator number 12 Table #2 of Annex 1 Not significant
ESRS E3-4 Total water recycled and reused paragraph 28 (c) Indicator number 6.2 Table #2 of Annex 1 Not significant
ESRS E3-4 Total water consumption in m3 per net revenue on own operations paragraph 29 Indicator number 6.1 Table #2 of Annex 1 Not significant
ESRS 2- IRO 1 - E4 paragraph 16 (a) i Indicator number 7 Table #1 of Annex 1 145
ESRS 2- IRO 1 - E4 paragraph 16 (b) Indicator number 10 Table #2 of Annex 1 145
ESRS 2- IRO 1 - E4 paragraph 16 (c) Indicator number 14 Table #2 of Annex 1 145
ESRS E4-2 Sustainable land / agriculture practices or policies paragraph 24 (b) Indicator number 11 Table #2 of Annex 1 Not significant
ESRS E4-2 Sustainable oceans / seas practices or policies paragraph 24 (c) Indicator number 12 Table #2 of Annex 1 Not significant
ESRS E4-2 Policies to address deforestation paragraph 24 (d) Indicator number 15 Table #2 of Annex 1 Not significant
ESRS E5-5 Non-recycled waste paragraph 37 (d) Indicator number 13 Table #2 of Annex 1 Not significant
ESRS E5-5 Hazardous waste and radioactive waste paragraph 39 Indicator number 9 Table #1 of Annex 1 Not significant
ESRS 2- SBM3 - S1 Risk of incidents of forced labour paragraph 14 (f) Indicator number 13 Table #3 of Annex I 162
ESRS 2- SBM3 - S1 Risk of incidents of child labour paragraph 14 (g) Indicator number 12 Table #3 of Annex I 162
ESRS S1-1 Human rights policy commitments paragraph 20 Indicator number 9 Table #3 and Indicator number 11 Table #1 of Annex I 164
ESRS S1-1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 21 Delegated Regulation (EU) 2020/1816, Annex II 165
ESRS S1-1 processes and measures for preventing trafficking in human beings paragraph 22 Indicator number 11 Table #3 of Annex I Not significant
ESRS S1-1 workplace accident prevention policy or management system paragraph 23 Indicator number 1 Table #3 of Annex I 166
ESRS S1-3 grievance/complaints handling mechanisms paragraph 32 (c) Indicator number 5 Table #3 of Annex I 169
ESRS S1-14 Number of fatalities and number and rate of workrelated accidents paragraph 88 (b) and (c) Indicator number 2 Table #3 of Annex I Delegated Regulation (EU) 2020/1816, Annex II Not significant
ESRS S1-14 Number of days lost to injuries, accidents, fatalities or illness paragraph 88 (e) Indicator number 3 Table #3 of Annex I Not significant
ESRS S1-16 Unadjusted gender pay gap paragraph 97 (a) Indicator number 12 Table #1 of Annex I Delegated Regulation (EU) 2020/1816, Annex II 181
ESRS S1-16 Excessive CEO pay ratio paragraph 97 (b) Indicator number 8 Table #3 of Annex I 181
ESRS S1-17 Incidents of discrimination paragraph 103 (a) Indicator number 7 Table #3

Disclosure Requirement and related datapoint

Disclosure Requirement and related datapoint SFDR (1) reference Pillar 3 (2) reference Benchmark Regulation (3) reference EU Climate Law (4) reference Page number
ESRS S1-17 Non-respect of UNGPs on Business and Human Rights and OECD paragraph 104 (a) Indicator number 10 Table #1 and Indicator n. 14 Table #3 of Annex I Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818 Art 12 (1) 181
ESRS 2- SBM3 – S2 Significant risk of child labour or forced labour in the value chain paragraph 11 (b) Indicators number 12 and n. 13 Table #3 of Annex I Not significant
ESRS S2-1 Human rights policy commitments paragraph 17 Indicator number 9 Table #3 and Indicator n. 11 Table #1 of Annex 1 Not significant
ESRS S2-1 Policies related to value chain workers paragraph 18 Indicator number 11 and n. 4 Table #3 of Annex 1 Not significant
ESRS S2-1 Non-respect of UNGPs on Business and Human Rights principles and OECD guidelines paragraph 19 Indicator number 10 Table #1 of Annex 1 Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818, Art 12 (1) Not significant
ESRS S2-1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 19 Delegated Regulation (EU) 2020/1816, Annex II Not significant
ESRS S2-4 Human rights issues and incidents connected to its upstream and downstream value chain paragraph 36 Indicator number 14 Table #3 of Annex 1 Not significant
ESRS S3-1 Human rights policy commitments paragraph 16 Indicator number 9 Table #3 of Annex 1 and Indicator number 11 Table #1 of Annex 1 182-183
ESRS S3-1 non-respect of UNGPs on Business and Human Rights, ILO principles or and OECD guidelines paragraph 17 Indicator number 10 Table #1 Annex 1 Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818, Art 12 (1) Not significant
ESRS S3-4 Human rights issues and incidents paragraph 36 Indicator number 14 Table #3 of Annex 1 Not significant
ESRS S4-1 Policies related to consumers and end-users paragraph 16 Indicator number 9 Table #3 and Indicator number 11 Table #1 of Annex 1 185-186
ESRS S4-1 Non-respect of UNGPs on Business and Human Rights and OECD guidelines paragraph 17 Indicator number 10 Table #1 of Annex 1 Delegated Regulation (EU) 2020/1816, Annex II Delegated Regulation (EU) 2020/1818, Art 12 (1) 186
ESRS S4-4 Human rights issues and incidents paragraph 35 Indicator number 14 Table #3 of Annex 1 189
ESRS G1-1 United Nations Convention against Corruption paragraph 10 (b) Indicator number 15 Table #3 of Annex 1 192-194
ESRS G1-1 Protection of whistleblowers paragraph 10 (d) Indicator number 6 Table #3 of Annex 1 193
ESRS G1-4 Fines for violation of anti-corruption and anti-bribery laws paragraph 24 (a) Indicator number 17 Table #3 of Annex 1 Delegated Regulation (EU) 2020/1816, Annex II) 194
ESRS G1-4 Standards of anti- corruption and anti- bribery paragraph 24 (b) Indicator number 16 Table #3 of Annex 1 194

( 1 ) Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector (Sustainable Finance Disclosures Regulation) (OJ L 317, 9.12.2019, p. 1).
( 2 ) Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (Capital Requirements Regulation “CRR”) (OJ L 176, 27.6.2013, p. 1).
( 3 ) Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instru- ments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1).
( 4 ) Regulation (EU) 2021/1119 of the European Parliament and of the Council of 30 June 2021 establishing the framework for achieving climate neutrality and amending Regulations (EC) No 401/2009 and (EU) 2018/1999 (‘European Climate Law’) (OJ L 243, 9.7.2021, p. 1).
( 5 ) Commission Delegated Regulation (EU) 2020/1816 of 17 July 2020 supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council as regards the explanation in the benchmark statement of how environmental, social and governance factors are reflected in each benchmark provided and published (OJ L 406, 3.12.2020, p. 1).
( 6 ) Commission Implementing Regulation (EU) 2022/2453 of 30 November 2022 amending the implementing technical standards laid down in Implementing Regulation (EU) 2021/637 as regards the disclosure of environmental, social and governance risks (OJ L 324,19.12.2022, p.1.).
( 7 ) Commission Delegated Regulation (EU) 2020/1818 of 17 July 2020 supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council as regards minimum standards for EU Climate Transition Benchmarks and EU Paris-aligned Benchmarks (OJ L 406, 3.12.2020, p. 17).

Statements

7

208

209

Independent Limited Assurance Report

According to the provisions of Articles 32 and 36 of the Accounting Act (NN 135/24), the Management Board is responsible for the preparation of the consolidated Sus- tainability Report in accordance with the European Sustainability Reporting Standards (ESRS) and for:

  • preparation of disclosures in the section EU taxonomy of the consolidated Sustainabili- ty Report in accordance with the reporting requirements of Article 8 of EU Regulation 2020/852 (EU Taxonomy Regulation);
  • design, implementation, and maintenance of internal control systems that the Manage- ment Board deems necessary to enable the preparation of the consolidated Sustainability Report, free from material misstatements due to fraud or error, and
  • selection and application of appropriate sus- tainability reporting methods, as well as making reasonable judgments and estimates regarding individual sustainability disclosures, considering the circumstances.

The Management Board is also responsible for the design and implementation of the process for identifying information disclosed in the consolidated Sustainability Report in accordance with the ESRS, and for disclosing this process in the section ESRS 2; IRO-1 in the consolidated Sustainability Report. This responsibility includes:

  • understanding the context in which the Group's activities and business relationships take place and understanding the affected stakeholders;
  • identification of actual and potential im- pacts (both negative and positive) related to sustainability issues, as well as risks and opportunities that affect, or could reasonably be expected to affect the Group's financial position, financial performance, cash flows, access to financing or cost of capital in the short, medium, or long term;
  • assessment of the significance of the identi- fied impacts, risks, and opportunities relat- ed to sustainability issues by selecting and applying appropriate materiality thresholds, and
  • making assumptions that are reasonable under the circumstances.

The consolidated Sustainability Report from pages 122 to 205 was approved by the Man- agement Board on 30 April 2025.

Nikola Dujmović
President of the Management Board

Ana Vukšić
Member of the Management Board & CFO

Saša Kramar
Member of the Management Board & CBO

Mihaela Trbojević
Member of the Management Board & CPO

Deloitte d.o.o.
ZagrebTower
Radnička cesta 80
10 000 Zagreb
Croatia

TAX ID: 11686457780
Tel: +385 (0) 1 2351 900
Fax: +385 (0) 1 2351 999
www.deloitte.com/hr

The company was registered at Zagreb Commercial Court: MBS 030022053; paid-in initial capital: EUR 5,930.00; Company Directors: Katarina Kadunc, Goran Končar and Helena Schmidt, Bank: Privredna banka Zagreb d.d., Radnička cesta 50, 10 000 Zagreb, bank account no. 2340009–1110098294; SWIFT Code: PBZGHR2X IBAN: HR3823400091110098294.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their re lated entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member fir ms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related en tity is liable only for its own acts and omissions, and not those of e ach other. DTTL does not provide services to clients. Please see www.deloitte.com/en/about to learn more.

© 202 5. For information, contact Deloitte Croatia.

INDEPENDENT LIMITED ASSURANCE REPORT

To the Shareholders of Span d.d.

We have conducted a limited assurance engagement on the Sustainability Statement included in the Annual Report of Span d.d. (the “Company”) and its subsidiaries (“the Group”) as at 31 December 2024 and for the period from 1 January 2024 to 31 December 2024 (the “Sustainability Statement”).# Iden%fica%on of Applicable Criteria

The Sustainability Statement was prepared by the Management Board of the Company in order to saLsfy the requirements of arLcle 32 and 36 of AccounLng Act implemenLng 29(a) of the EU DirecLve 2013/34/EU, including:

  • Compliance with the European Sustainability Reporting Standards introduced by Commission Delegated Regulation (EU) of 31 July 2023 supplementing Directive 2013/34/EU of the European Parliament and of the Council (“ESRS”), including that the process carried out by the Company to identify the information reported in the Sustainability Statement (the “Process”) is in accordance with the description set out in note ESRS 2 IRO-1; and
  • Compliance of the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement with Article 8 of EU Regulation 2020/852 (the “Taxonomy Regulation”).

Inherent Limita%ons in Preparing the Sustainability Statement

The criteria, nature of the Sustainability Statement, and absence of long-standing established authoritaLve guidance, standard applicaLons and reporLng pracLces allow for different, but acceptable, measurement methodologies to be adopted which may result in variances between enLLes. The adopted measurement methodologies may also impact the comparability of sustainability ma^ers reported by different organizaLons and from year to year within an organizaLon as methodologies evolve.

In reporLng forward looking informaLon in accordance with ESRS, management of the Company is required to prepare the forward-looking informaLon on the basis of disclosed assumpLons about events that may occur in the future and possible future acLons by the Group. Actual outcome is likely to be different since anLcipated events frequently do not occur as expected.

In determining the disclosures in the Sustainability Statement, management of the Company interprets undefined legal and other terms. Undefined legal and other terms may be interpreted differently, including the legal conformity of their interpretaLon and, accordingly, are subject to uncertainLes.

This version of the independent limited assurance report is transla4on from the original, which was prepared in the Croa4an language. All possible care has been taken to ensure that the transla4on is an accurate representa4on of the original. However, in all ma>ers of interpreta4on of informa4on, views or opinions, the original language version of the report takes precedence over this transla4on.

210

211

INDEPENDENT LIMITED ASSURANCE REPORT (con4nued)

Responsibility of the Management Board of the Company

Management of the Company is responsible for designing and implemenLng a process to idenLfy the informaLon reported in the Sustainability Statement in accordance with the ESRS and for disclosing this process in note ESRS 2 IRO-1 of the Sustainability Statement. This responsibility includes:

  • Understanding the context in which the Group’s acLviLes and business relaLonships take place and developing an understanding of its affected stakeholders;
  • The idenLficaLon of the actual and potenLal impacts (both negaLve and posiLve) related to sustainability ma^ers, as well as risks and opportuniLes that affect, or could reasonably be expected to affect, the Group’s financial posiLon, financial performance, cash flows, access to finance or cost of capital over the short, medium, or long-term;
  • The assessment of the materiality of the idenLfied impacts, risks and opportuniLes related to sustainability ma^ers by selecLng and applying appropriate thresholds; and
  • Making assumpLons that are reasonable in the circumstances.

Management of the Company is further responsible for the preparaLon of the Sustainability Statement, in accordance with arLcle 32 and 36 of AccounLng Act implemenLng 29(a) of the EU DirecLve 2013/34/EU, including:

  • Compliance with the ESRS;
  • Preparing the disclosures in subsecLon Disclosures pursuant to ArLcle 8 of RegulaLon (EU) 2020/852 (Taxonomy RegulaLon) within the environmental secLon of the Sustainability Statement, in compliance with ArLcle 8 of EU RegulaLon 2020/852 (the “Taxonomy RegulaLon”);
  • Designing, implemenLng and maintaining such internal controls that management determines are necessary to enable the preparaLon of the Sustainability Statement that is free from material misstatement, whether due to fraud or error; and
  • The selecLon and applicaLon of appropriate sustainability reporLng methods and making assumpLons and esLmates about individual sustainability disclosures that are reasonable in the circumstances.

Those charged with governance are responsible for overseeing the Group’s sustainability reporLng process.

Prac%%oner’s Responsibility

We conducted our limited assurance engagement in accordance with InternaLonal Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements other than Audits or Reviews of Historical Financial InformaLon. The procedures performed in a limited assurance engagement vary in nature and Lming from, and are less in extent than for, a reasonable assurance engagement. Consequently, the level of assurance obtained in a limited assurance engagement is substanLally lower than the assurance that would have been obtained had a reasonable assurance engagement been performed.

Our objecLves are to plan and perform the assurance engagement to obtain limited assurance about whether the Sustainability Statement is free from material misstatement, whether due to fraud or error, and to issue a limited assurance report that includes our conclusion. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence decisions of users taken on the basis of the Sustainability Statement as a whole.

As part of a limited assurance engagement in accordance with ISAE 3000 (Revised) we exercise professional judgment and maintain professional skepLcism throughout the engagement.

INDEPENDENT LIMITED ASSURANCE REPORT (con4nued)

Prac%%oner’s Responsibility (con%nued)

Our responsibiliLes in respect of the Sustainability Statement, in relaLon to the Process, include:

  • Obtaining an understanding of the Process but not for the purpose of providing a conclusion on the effecLveness of the Process, including the outcome of the Process; and
  • Designing and performing procedures to evaluate whether the Process is consistent with the Group’s descripLon of its Process, as disclosed in note ESRS 2 IRO-1.

Our other responsibiliLes in respect of the Sustainability Statement include:

  • Obtaining an understanding of the enLty’s control environment, processes and informaLon systems relevant to the preparaLon of the Sustainability Statement but not evaluaLng the design of parLcular control acLviLes, obtaining evidence about their implementaLon or tesLng their operaLng effecLveness;
  • IdenLfying disclosures where material misstatements are likely to arise, whether due to fraud or error; and
  • Designing and performing procedures responsive to disclosures in the Sustainability Statement where material misstatements are likely to arise.

The risk of not detecLng a material misstatement resulLng from fraud is higher than for one resulLng from error, as fraud may involve collusion, forgery, intenLonal omissions, misrepresentaLons, or the override of internal control.

Our Independence and Quality Management

We complied with the applicable independence and other ethical requirements of the InternaLonal Code of Ethics for Professional Accountants (including InternaLonal Independence Standards) issued by the InternaLonal Ethics Standards Board for Accountants (the “Code”). The Code is founded on fundamental principles of integrity, objecLve, professional competence and due care, confidenLality and professional behavior.

We applied InternaLonal Standard on Quality Management (ISQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements, and accordingly maintain a comprehensive system of quality control including documented policies and procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

Summary of Work Performed

A limited assurance engagement involves performing procedures to obtain evidence about the Sustainability Statement. The nature, Lming and extent of procedures selected depend on professional judgement, including the idenLficaLon of disclosures where material misstatements are likely to arise, whether due to fraud or error, in the Sustainability Statement.

In conducLng our limited assurance engagement, with respect to the Process, we:

  • Obtained an understanding of the Process by:
    • performing inquiries to understand the sources of the informaLon used by management (e.g., stakeholder engagement, business plans and strategy documents); and
    • reviewing the Group’s internal documentaLon of its Process; and
  • Evaluated whether the evidence obtained from our procedures about the Process implemented by the Group was consistent with the descripLon of the Process set out in note ESRS 2 IRO-1.# INDEPENDENT LIMITED ASSURANCE REPORT (continued)

Summary of Work Performed (continued)

In conducting our limited assurance engagement, with respect to the Sustainability Statement, we:

  • Obtained an understanding of the Group’s reporting processes relevant to the preparation of its Sustainability Statement by:
    • performing inquiries to understand the Group’s control environment, processes and information systems relevant to the preparation of the sustainability statements;
  • Evaluated whether material information identified by the Process to identify the information reported in the Sustainability Statement is included in the Sustainability Statement;
  • Evaluated whether the structure and the presentation of the Sustainability Statement is in accordance with the ESRS;
  • Performed inquiries of relevant personnel and analytical procedures on selected disclosures in the Sustainability Statement;
  • Performed substantive assurance procedures on a sample basis on selected disclosures in the Sustainability Statement;
  • Obtained evidence on the methods for developing material estimates and forward-looking information and on how these methods were applied; and
  • Obtained an understanding of the process to identify taxonomy-eligible and taxonomy-aligned economic activities and the corresponding disclosures in the Sustainability Statement.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our conclusion.

Limited Assurance Conclusion

Based on the procedures we have performed and the evidence we have obtained, nothing has come to our attention that causes us to believe that the Sustainability Statement is not prepared, in all material respects, in accordance with article 32 and 36 of Accounting Act implementing 29(a) of the EU Directive 2013/34/EU, including:

• Compliance with the European Sustainability Reporting Standards (ESRS), including that the process carried out by the Company to identify the information reported in the Sustainability Statement is in accordance with the description set out in note ESRS 2 IRO-1; and

• Compliance of the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement with Article 8 of EU Regulation 2020/852 (the “Taxonomy Regulation”).

INDEPENDENT LIMITED ASSURANCE REPORT (continued)

Other Matter

Our assurance engagement does not extend to information in respect of earlier periods.

Katarina Kadunc
Director and Certified auditor
Deloitte d.o.o.
30 April 2025
Radnička cesta 80, 10 000 Zagreb, Croatia

Statements on responsibility for compiling the report for the observed period

The financial statements of Span d.d. and Span Group for the period that ended on 31 December 2024 are shown to be fair and truthful in accordance with International Financial Reporting Standards which have been consistently applied in relation to the previous years. All materially significant transactions were accordingly recorded in the accounting records, which were the basis of the financial statements. They provide a true and complete overview of the assets and liabilities, the financial position and operations of Span d.d. and Span Group.

Nikola Dujmović
President of the Management Board

Audited Financial Reports of Span Group and Span d.d.

8 SPAN d.d., Zagreb Annual report for the year ended 31 December 2024

This version of annual report is a translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the annual report takes precedence over this translation.

Contents

SPAN d.d. and its subsidiaries | 1

Content Page
Annual Report of the Management Board 2
Responsibility of the Management Board for the Annual Report 7
Statement on the application of the Corporate Governance Code 8
Independent Auditor's Report
Financial statements
Statement of comprehensive Income 18
Statement of financial position 19
Statement on changes in shareholders’ equity 20 – 21
Statement of cash flows 22
Notes to the financial statements 23 - 89

Annual Management Report

SPAN d.d. and its subsidiaries | 2

Annual Report of the Management Board

The Management Board of the company Span d.d. Zagreb ("The Company" or "Parent Company") presents the company's separate and consolidated financial statements for the year ended 31 December 2024. The consolidated financial statements include the financial data of the Company and its subsidiaries that make up the Span Group (the "Group").

The Management Board of the Company considers that the consolidated financial statements for the period from 1 January to 31 December 2024 have been prepared based on applicable standards and thus provide a comprehensive and truthful overview of assets and liabilities and the financial position and business operations of the Group and the Company.

The Annual Report of the Management Board contains a truthful overview of the development, business results and financial position of the Group and the Company, with a description of the most significant risks to which the Group and the Company are exposed.

Principal activity: The principal activity of the Group and the Company is to provide professional services of design, construction and maintenance of information systems to medium and large users. In 30 years of business, the Company has evolved from an IT system integrator in Croatia to a Group that today operates on the global world market.

In 1996, the Company became the first Croatian certified provider of Microsoft solutions, and since 2001 the Group and the Company have been certified as a Microsoft Gold Certified Partner and is the leading Microsoft partner in the Croatian market.

In addition to Microsoft technology, the Group and the Company base their solutions on the technology of other first-class manufacturers and also hold the appropriate accreditations and certificates:

  • AWS Select Consulting Partner
  • CheckPoint Partner Advanced
  • Cisco Premier Integrator
  • CyberArk Authorized Partner and Managed Services Provider
  • Dynatrace Master Partner
  • F5 Partner Authorized
  • Fortinet Select Partner
  • Google Cloud Partner
  • HP Synergy Partner
  • HPE Certified Aruba Gold Partner
  • HPE Certified Gold Partner
  • IBM Silver Business Partner and Managed Services Provider
  • Kemp Authorized Partner
  • Lenovo Authorized Reseller
  • Nutanix Enrolled Partner
  • Palo Alto Networks Solution Provider Innovator
  • Saviynt Authorized Reseller and Managed Services Provider
  • SentinelOne Silver Partner
  • Sophos Gold Partner
  • Symantec Partner
  • Veeam Cloud Service Provider Silver and Value-Added Reseller Silver
  • Veritas Registered Partner

Key events in 2024

On April 1, 2024, Span d.d. entered into a purchase agreement for 30% of the shares in its subsidiary, Bonsai d.o.o. By acquiring the remaining 30% of Bonsai's shares, the Company gained full (100%) ownership.

On May 14, 2024, a Merger Agreement was concluded for the merger of the subsidiaries Ekobit d.o.o. and Bonsai d.o.o. into Span d.d.

On July 1, 2024, based on this Agreement, the merger was registered in the court register of the Commercial Court in Zagreb under decision numbers: Tt-24/25570-2 and Tt-24/25567-2.

Annual Management Report

SPAN d.d. and its subsidiaries | 3

Key events in 2024 (continued)

On 30 April 2024, the meetings of the Management Board and the Supervisory Board of the Company were held, at which the proposal for a Decision on the use of profit and payment of dividends in the amount of EUR 0.30 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who were registered as shareholders of the Company in the depository of the Central Clearing and Depository Company d.d. on 24 June 2024 (record date). The date from which the Company's shares were traded without the right to dividend payment is 21 June 2024 (ex date). In accordance with the proposal, the claim for the payment of the dividend was due on July 5, 2024 (payment date), and the dividend was paid out of the Company's profit achieved in 2023.

On July 4, 2024, Company Span d.d. concluded an agreement on the purchase and sale of 30% of the business shares of the subsidiary Trilix d.o.o. from the seller Mr. Mladen Amidžić. By concluding this contract, Span became the owner of 90% of Trilix's business shares, while the remaining 10% of business shares is Trilix's own share.

On October 1, 2024, the Supervisory Board of the company held a constituent meeting following the expiration of the mandate of the President and Deputy President of the Supervisory Board on September 30, 2024. At the meeting, Mr. Ante Mandić was elected President of the Supervisory Board, and Mr. Aron Paulić was elected Deputy President of the Supervisory Board.

On October 8, 2024, the Company, pursuant to Article 474 of the Capital Market Act, released 3,858 of its own shares, in accordance with the conditions published in the Prospectus regarding the public offering and listing of shares on a regulated market, which relates to the allocation of Additional Shares that the Issuer will allocate to an individual employee in accordance with the ESOP program. Before the disposal, the Company owned 7,860 treasury shares, which constitute 0.4010% of the share capital, and after the disposal, it owns a total of 4,002 shares, which constitute 0.2042% of the share capital.

On December 16, 2024, the limited liability company Span B.V. was established in the Netherlands, Amsterdam. The founder and sole member of the company is Span d.d..# Annual Management Report

SPAN d.d. and its subsidiaries

As the Netherlands is home to the offices of Span's international partners operating in markets where Span is already present and plans to operate in the future, this country was the right choice for Span. Span B.V. will be more than just a sales representative office. The goal is to strengthen commercial and strategic ties with the most important organizations, primarily Microsoft and Google. The mandates of the members of the Management Board of the Company, Dragan Marković and Marijan Pongrac, ended on December 16, 2024. For the next 5 years, starting from 16 December 2024, the members of the Management Board will be Saša Kramar and Ana Vukšić, and starting from 1 April 2024 Mihaela Trbojević. The President of the Management Board will be Nikola Dujmović. Total consolidated revenues increased by 37,692 thousand euros, or 26% compared to 2023, and the Company achieved revenue growth of 10,134 thousand euros, or 10%. Total consolidated operating expenses increased by 34,146 thousand euros, or 25% compared to 2023, and the Company's expenses increased by 9,122 thousand euros. The Group's profit after tax increased by 2,152 thousand euros, to 3,398 thousand euros. The Company recorded an increase in profit after tax of 2,295 thousand euros, to 2,756 thousand euros.

2025 strategy

The Group's business strategy is growth based on new technologies, solutions and markets. As a professional IT service provider, Span designs, implements and maintains high-availability systems with the aim of increasing the security, productivity and success of our customers. We base our business systems and solutions on the platforms of the world's leading cloud technology providers – Microsoft, Amazon and Google. We ensure the scalability, reliability, and cybersecurity of the solutions we provide to our customers. Also, we implement artificial intelligence systems with the aim of increasing the productivity of our users. In order to adequately take care of the IT environment of our users, our strategy is also a strategy of learning, in-depth knowledge of technologies and the application of best practices with the aim of improving business. In this context, we also see a shift in the partner channel on the market, i.e. the way of evaluating success by our large principals (Microsoft, Google). Transactional sales success is no longer crucial. They are looking for expertise, experience and technological focus of partners – all three parameters that Span has and has been building for years. On our development path, we pay great attention to sustainable business. To better understand the key aspects of our business and its impact on the environment, society and economy, we have identified significant impacts, risks and opportunities that we will continue to focus on in the future. Our goal is to ensure sustainable growth and development and continue to create long-term value for Span.

Research and development activities

Development expenditure generally refers to own developed intangible assets with the cooperation of several companies in the Group. The total worth of the Group's intangible assets relating to development expenditure is EUR 1,754 thousand (EUR 1,742 thousand for the Company) (Note 18). During 2024 at the Group level, a total of 25 thousand euro was activated in the position of Software Development (Company 0 thousand euro) (Note 18).

Financial instruments

The Group and Company do not use financial instruments that affect the assessment of financial position and performance. The Company and Group are primarily exposed to the financial risks of changes in foreign currency exchange rates and interest rates, as further described in the Note 37 Financial instruments. The Company and Group’s Corporate Treasury function supports operations, co-ordinates access to domestic and international financial markets, monitors and manages the financial risks relating to the operations of the Company and Group. Financial assets of the Group and Company mainly consist of receivables and cash assets in accounts, while financial liabilities predominantly refer to short-term and long-term borrowings from banks, short-term and long- term lease liabilities, and trade payables.

Information on the purchase of own shares

During November and December 2024, the Company acquired 4,800 of its own shares with the symbol SPAN-R- A on the regulated market of the Zagreb Stock Exchange. During 2024, the Company disposed of 11,671 of its own shares with the symbol SPAN-R-A. As of December 31, 2024, the Company owned a total of 8,802 (2023: 15,673) of its own shares.

Company and Group branches

The company has no branches.

Group companies

  • SPAN d.o.o. Ljubljana was registered on August 18, 2009., offering a wide range of products, services and solutions on the Slovenian market.
  • Span IT Ltd. London, started operations during 2009 as a sales representation of the Company and significantly contributed to the growth of exports of services and solutions to the UK market.
  • SPAN USA, Inc., began operations on October 10, 2012, primarily as a sales rep and customer support center in the U.S.
  • Trilix d.o.o. maintained its position as an electronic goods processor. The consulting department provides consulting services in organization and risk management and in compliance of business processes with regulations and regulations in the field of information technologies.
  • During 2016, the Company opened a subsidiary Span Azerbaijan LLC in Azerbaijan through which it offers its services and knowledge in that market as well.
  • During 2018, the Company established two 100% owned subsidiaries Span LLC, Kiev, Ukraine and Span GmbH, Munich, Germany with the aim of expanding the markets in which it offers its services and knowledge.
  • During 2019, the Company opened a subsidiary SPAN SWISS AG, Switzerland. The management of Span Swiss AG made the decision to shut down the company on 13 November 2023.
  • During July 2021, the Company officially opened another member of the group - Span-IT s.r.l. based in Chisinau, Moldovan capital.

Annual Management Report

SPAN d.d. and its subsidiaries

Group companies (continued)

  • On April 15, 2022, the Commercial Court in Zagreb issued a decision on the registration of the establishment of a company under the company name FINTECH DIGITAL SERVICES, a limited liability company for IT services.
  • Also, in 2022, the company Span Cyber Security Center, d.o.o. was founded for services and consulting that provides education and training in the field of security. On September 9, 2024, Span Cyber Security Center changed its name to Span Cyber Security Incubator.
  • At the beginning of 2023, the Company acquired the company GT Tarkvara, Tallinn, Estonia. It is a leading Estonian company for licensing and management of software assets.
  • On September 8, 2023, the limited liability company Span was founded in Georgia, Tbilisi.
  • On July 1, 2024, the merger was registered based on the merger agreement concluded between Span and Ekobit and BonsAI, as well as the decision of the general meetings of the merged companies approving the merger.
  • On December 16, 2024, the limited liability company Span B.V. was established in Amsterdam, the Netherlands.
  • On December 20, 2024, the Institution Span Cyber Security Center was established in Zagreb, Koturaška cesta 47.

Supervisory Board

  1. Aron Paulić, member of the Supervisory Board since September 30, 2020, Deputy Chairman of the Supervisory Board since November 5, 2021, re-elected on September 30, 2024, and became Deputy Chairman of the Supervisory Board on October 1, 2024
  2. Ante Mandić, member of the Supervisory Board since September 30, 2020, Chairman of the Supervisory Board since June 14, 2023, re-elected on September 30, 2024, and became Deputy Chairman of the Supervisory Board on October 1, 2024
  3. Ivana Šoljan, member of the Supervisory Board from June 14, 2023 to September 30, 2024, and re- elected on September 30, 2024
  4. Mirjana Marinković, member of the Supervisory Board from June 14, 2023 to September 30 2024 and re- elected on September 30, 2024
  5. Barbara Gradečak, employee representative on the Supervisory Board of the Company since December 29, 2023

Audit Committee

  1. Ante Mandić, President of the Audit Committee, appointed by the Decision of the Supervisory Board on 10 May 2021
  2. Nataša Zelenika, Member of the Audit Committee, appointed by the Decision of the Supervisory Board on 10 May 2021
  3. Tomislav Skorin, Member of the Audit Committee, appointed by the Decision of the Supervisory Board on 10 May 2021

Nomination and Remuneration Committee

  1. Aron Paulić, President of the Committee
  2. Hana Horak, Member of the Committee
  3. Lucia Ana Tomić, Member of the Committee

Annual Management Report

SPAN d.d. and its subsidiaries

Management

Members of the Management Board of the Company from 16 December 2023 to the date of signing these financial statements were:

  1. Nikola Dujmović, president of the Management Board
  2. Ana Vukšić, member of the Management Board
  3. Saša Kramar, member of the Management Board
  4. Mihaela Trbojević, member of the Management Board

In Zagreb, on 30 April 2025, signed by the Management Board:

Nikola Dujmović Ana Vukšić Saša Kramar Mihaela Trbojević
President of the Management Board Member of the Management Board Member of the Management Board Member of the Management Board

Responsibility for the financial statements

SPAN d.d. and its subsidiaries

The Management Board is obliged to ensure that the financial statements for each financial year are prepared in accordance with the International Financial Reporting Standards adopted by the European Union (IFRS) to give a truthful and objective review of the financial position and the results of the business operations of SPAN d.d. ("The Company") and its subsidiaries (collectively the "Group") for each period presented.After making enquiries, the Management Board reasonably expects the Group and the Company to have adequate resources to continue their operations for the foreseeable future. For this reason, the Management Board continues to adopt the going concern basis in preparing the financial statements of the Group and the Company. In the preparation of financial statements, the Management Board is responsible:
§ to select and then consistently apply appropriate accounting policies;
§ that judgments and assessments be reasonable and cautious;
§ to apply relevant accounting standards; and
§ that the financial statements are prepared on the going concern basis.
The Management Board is responsible for keeping proper accounting records, which will at any time reflect with reasonable accuracy the financial position of the Group and the Company, as well as its compliance with the Croatian Accounting Act. The Management Board is also responsible for safeguarding the assets of the Group and the Company, and therefore for taking reasonable measures to prevent and detect embezzlement and other illegalities. The Management Board shall also be responsible for the Management Report in accordance with Articles 21 and 24, of The Accounting Act.

Signed by members of the Management Board:

For SPAN d.d.:

SPAN d.d.
Koturaška cesta 47
Zagreb
Republic of Croatia
30 April 2025

President of the Management Board
Member of the Management Board
Member of the Management Board
Member of the Management Board

Nikola Dujmović
Ana Vukšić
Saša Kramar
Mihaela Trbojević

Statement on the application of the Corporate Governance Code

SPAN d.d. and its subsidiaries

Pursuant to Article 272.p, in relation to Article 250.a of the Companies Act (Official Gazette no. 111/1993, 34/1999, 121/1999, 52/2000, 118/2003, 107/2007, 146/2008, 137/2009, 111/2012,125/2011, 68/2013, 110/2015, 40/2019, 34/2022, 114/2022, 18/2023, 130/2023 hereinafter: “the Act”) and Article 22 of the Accounting Act (Official Gazette no. 78/2015, 134/2015, 120/2016, 116/2018, 42/2020, 47/2020, 114/2022, 82/2023) the Management of the company Span d.d., Zagreb, Koturaška cesta 47, Company ID:19680551758 (hereinafter: “Span” or “Company”) hereby issues the following STATEMENT ON THE APPLICATION OF THE CORPORATE GOVERNANCE CODE

Span shares were listed on the regulated market of the Zagreb Stock Exchange on 21 September 2021, and Span applies the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (CFSSA), which is publicly available on the Zagreb stock exchange (www.zse.hr) and HANFA (www.hanfa.hr ) websites.

I.

With this statement, Span confirms that it operates in accordance with good corporate governance practices and for the most part according to the recommendations of the Code and publishes all information whose publication is foreseen by positive regulations. Span shall present detailed explanations of departures from individual recommendations and additional adjustments in the Corporate governance practice questionnaire for issuers of shares and the Corporate governance practice questionnaire for issuers of bonds and, as defined in the Ordinance on the data concerning corporate governance the issuers are required to deliver to the Croatian Financial Services Supervision Agency and on the form, deadlines, and manner of their submission (OG 59/2020, 12/2023), submit them to the Croatian Financial Services Supervision Agency (CFSSA) not later than 30 June of the current year and publish them on the websites of the Company and the Zagreb Stock Exchange.

II.

The internal control and risk management system in relation to the financial reporting process is carried out by the controlling department and internal audit services under the supervision of the Audit Committee. In line with the Audit Act (OG 127/17, 27/2024), in addition to the tasks prescribed by Regulation (EU) on specific requirements regarding the statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC, No 537/14 and all relevant regulations, the Audit Committee shall monitor the financial reporting process and deliver recommendations and suggestions for securing the integrity thereof, as well as monitor the effectiveness of the Company’s internal quality control and risk management systems, including the effectiveness of procedures for approving and disclosing transactions among Management and Supervisory Board members and the Company, as well as internal audit, without breaching its independence. Internal Audit’s key goals are providing senior management and the Supervisory Board with guarantees and information that will help the achieve organization’s goals, including the evaluation of the effectiveness of risk management activities. Controlling reports to the Management Board of the Company, and Internal Audit to the Audit Committee of the Supervisory Board, and the Management Board. Internal Audit prepares a report once the audit has been completed, and this report contains the following:
* list of audits carried out
* assessment of the adequacy and efficiency of internal controls and recommendations for improvements
* unlawfulness and irregularities determined during the audit, and recommendations and proposed measures to address them
* activities undertaken in relation to the previously issued recommendations.

Reports are delivered to the Management Board and the Audit Committee.

During 2024, Span continued to maintain and continuously improve the existing seven management systems certified according to ISO standards. Special attention was paid to information security management, IT services and business continuity. During the year, we linked the risk management methodology to the requirements of ISO 22301 - a business continuity management system (BCMS). In August 2024, we were the first in Croatia and among the first in Europe to certify our artificial intelligence management system according to the ISO 42001 standard. With these eight implemented systems, Span ensures a high level of reliability of its business processes and an adequate level of trust from all stakeholders.

III.

The Ten most significant Span shareholders as at 31/12/2024 in Span are:

No. Name/Name Number of shares Percentage (%)
1 DUJMOVIĆ NIKOLA (1/1) 603028 30,7667
2 RAIFFEISENBANK AUSTRIA D.D./ RAIFFEISEN DOBROVOLJNI MIROVINSKI FOND (1/1) 131111 6,6893
3 FIMA-VRIJEDNOSNICE D.O.O./ PONGRAC MARIJAN (1/1) 78266 3,9932
4 ERSTE & STEIERMARKISCHE BANK D.D./ PBZ CO OMF - KATEGORIJA A (1/1) 71128 3,6290
5 FIMA-VRIJEDNOSNICE D.O.O./ BANEK ZVONIMIR (1/1) 70739 3,6091
6 ERSTE & STEIERMARKISCHE BANK D.D./ PBZ CO OMF - KATEGORIJA B (1/1) 65200 3,3265
7 OTP BANKA D.D./ ERSTE PLAVI OMF KATEGORIJE A (1/1) 56056 2,8600
8 PRIVREDNA BANKA ZAGREB D.D./ RAIFFEISEN OMF KATEGORIJE A (1/1) 52097 2,6580
9 FIMA-VRIJEDNOSNICE D.O.O./ KOLAREK DARKO (1/1) 47725 2,4349
10 FIMA-VRIJEDNOSNICE D.O.O./ BOČKAL DAMIR (1/1) 46516 2,3733

Span does not have holders of securities with special control rights, nor holders of securities with voting rights limits to a certain percentage or number of votes, time limits for exercising voting rights, or cases where, in cooperation with the company, financial rights from securities are separated from the holding of those securities. Span does not have specific rules on the appointment and revocation of the appointment of members of the Management Board, the Supervisory Board, amendments to the Statute or special rules on the powers of members of the Management Board or Supervisory Board. All of these relationships are subject to the provisions of the Companies Act and the Articles of Association of the Company, which is available on the Span website (www.span.eu)

IV.

The manner of operation of the General Assembly and its authorization, the manner of exercising shareholder rights and how their rights are exercised are determined by the Companies Act and the Articles of Association of the Company, and the invitation and proposals for decisions, as well as the adopted decisions, are publicly published in accordance with the provisions of the Companies Act, the provisions of the Capital Market Act and the Rules of the Zagreb Stock Exchange d.d. Each share is entitled to one vote.

IV.

In 2024, the Management Board consisted of 4 members, until 16 December 2024, when the Management Board of the company was appointed for a new five-year term, consisting of Nikola Dujmović as President and Saša Kramar and Ana Vukšić as members. The term of office of the Management Board members and the President of the Management Board lasts a maximum of 5 years. After the expiration of the term, the Management Board members and the President of the Management Board may be reappointed without limitation on the number of terms. The Management Board manages the company's affairs at its own responsibility, with the diligence of a diligent and conscientious businessman, in accordance with the Companies Act, the Articles of Association and the Rules of Procedure of the Management Board. In 2024, the Supervisory Board operated with 5 members. The powers of the Supervisory Board are determined by the provisions of the Companies Act, the Articles of Association and the Rules of Procedure of the Supervisory Board. Within its authority, the Supervisory Board makes decisions, assessments, opinions, gives consent to decisions of the Management Board as provided for in the Rules of Procedure, law, or Articles of Association, instructs auditors, and together with the Management Board, determines proposals for decisions to be adopted by the General Assembly.# Management Board and Supervisory Board

The Management Board and Supervisory Board operate in formal meetings as well as decision-making without formal meetings by correspondence in accordance with Rules of Procedure, law, and Articles of Association. In accordance with the law, Corporate Governance Code, and the Rules of Procedure, the Supervisory Board formed two committees: the Audit Committee and the Nomination and Remuneration Committee. Description of the jobs and competences of the Audit Committee and the Nomination and Remuneration Committee is available on Span’s website (www.span.eu).

V. On 18 December 2023, the Management Board of Span adopted the Diversity and Inclusion Policy (hereinafter: the Policy) and acceded to the Diversity Charter of the Croatian Business Council for Sustainable Development. Span's Policy is based on diversity, inclusiveness, and highlighting the importance of fairness in ensuring equality of opportunity, and includes the principles of uniqueness of each individual, practical adaptation, independent responsibility of each individual, a positive approach to diversity, openness and transparency, zero tolerance of discrimination and harassment or violence, equality of opportunity, and inclusive leadership, which are detailed in the policy text. The basis of the Policy lies in the legal framework prescribed by the Anti-Discrimination Act, and with the adoption of this Policy, the Management Board has committed to implementing all the above-mentioned principles to create a positive and inclusive organizational culture. Due to the adoption of the Policy, the manner in which the Policy is implemented and the results in the reporting period will be published as part of the Annual Report for 2024.

VI. In accordance with the provisions of Article 250a paragraph 4 and Art. 272.p. st.1, this Statement represents a separate section and integral part of the annual report on the financial position and business performance of the Company for the year 2024.

For SPAN d.d.:

SPAN d.d.
Koturaška cesta 47
Zagreb
Republic of Croatia
30 April 2025

President of the Management Board: Nikola Dujmović
Member of the Management Board: Ana Vukšić
Member of the Management Board: Saša Kramar
Member of the Management Board: Mihaela Trbojević

The company was registered at Zagreb Commercial Court: MBS 030022053; paid-in initial capital: EUR 5,930.00; Company Directors: Katarina Kadunc, Goran Končar and Helena Schmidt, Bank: Privredna banka Zagreb d.d., Radnička cesta 80, 10 000 Zagreb, bank account no. 2340009–1110098294; SWIFT Code: PBZGHR2X IBAN: HR3823400091110098294.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/en/about to learn more.

© 2025. For information, contact Deloitte Croatia.

Deloitte d.o.o.
ZagrebTower
Radnička cesta 80
10 000 Zagreb
Croatia
TAX ID: 11686457780
Tel: +385 (0) 1 2351 900
Fax: +385 (0) 1 2351 999
www.deloitte.com/hr

INDEPENDENT AUDITOR’S REPORT

To the Management and Supervisory Board of SPAN d.d.

Report on the Audit of the Financial Statements

Opinion

We have audited the separate financial statements of SPAN d.d (the Company) and consolidated financial statements of the SPAN d.d. and its subsidiaries (the Group) which comprise the separate and the consolidated statement of financial position as at 31 December 2024, the separate and the consolidated statement of comprehensive income, the separate and the consolidated statement of changes in equity, and the separate and the consolidated statement of cash flows for the year then ended, and notes to the separate and the consolidated financial statements, including material accounting policy information.

In our opinion, the accompanying separate and consolidated financial statements present fairly, in all material respects, the financial position of the Company and the Group as at 31 December 2024, and its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards as adopted by the European Union (IFRS).

Basis for Opinion

We conducted our audit in accordance with the International Standards on Auditing (ISAs) and Regulation (EU) 537/2014 of the European Parliament and of the Council, dated 16 April 2014, on specific requirements regarding statutory audit of public-interest entities. Our responsibilities under those standards are further described in the Auditor’s Responsibilities for the Audit of the Separate and the Consolidated Financial Statements section of our report.

We are independent of the Company and the Group in accordance with the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants, including International Independence Standards (IESBA Code) and we have fulfilled our ethical responsibilities in accordance with the IESBA Code. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Key Audit Matter

Key audit matter is the matter that, in our professional judgment, is of most significance in our audit of the separate and the consolidated financial statements of the current period. This matter was addressed in the context of our audit of the separate and the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on this matter.

This version of the auditor's report is a translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the report takes precedence over this translation.

INDEPENDENT AUDITOR’S REPORT (continued)

Report on the Audit of the Financial Statements (continued)

Key Audit Matters (continued)

Key audit matter How did we address key audit matter during our audit
For accounting policies, please see Significant accounting policies – note 3: Revenue recognition. Revenue from contracts with customers are disclosed in note 5 and amount to 180,183 thousand EUR (2023: 142,836 thousand EUR) for the Group and 110,033 thousand EUR (2023: 99,550 thousand EUR) for the Company. Revenue recognition is a significant aspect of the Group's and Company’s financial statements due to the complexity of the Group's and Company’s revenue streams, the different types of licenses and services offered, and the various recognition criteria and methods applied under International Financial Reporting Standard 15: Contract with Customers (IFRS 15). With reference to the sale of different types of licenses, the Group and Company is primarily responsible for delivering purchased Microsoft licenses to customers. It is exposed to potential risk of rejection of licenses by the customer and has the discretion to define prices and benefits from licenses to the moment of transfer of control. The Group and Company sells hardware directly to customers in line with the contract on the sale of hardware and provision of services or individual contracts on the sale of hardware. Revenue is recognized at the point in time when the control over the equipment has been transferred to the customers, and the sale of equipment is considered a distinct delivery obligation. Advisory services the Group and Company provides may be divided into two main service groups: services related to contracted projects with customers, and advisory services which refer to customer support based on contracted price lists. The recognition of revenue involves significant management judgment and estimation in determining the appropriate point in time or the stage of completion for performance obligations, as well as the transaction price for each distinct performance obligation. Due to these risks, this area was established as a key audit matter. Our audit procedures included, among others: • Assessing the Group's and Company’s revenue recognition policies and their compliance with IFRS 15; • Testing the design and implementation of internal controls related to the revenue recognition in terms of the adequacy of their recording; • Selecting a sample of transactions for each revenue stream and performing substantive testing to determine the appropriateness of revenue recognition, considering the relevant criteria under IFRS 15; • Evaluating management's judgments and estimates used in determining the transaction prices, distinct delivery obligations, and the point in time or stage of completion for performance obligations; • Examining the information in the separate and consolidated financial statements to assess whether the disclosures regarding revenue from customer contracts are appropriate.

INDEPENDENT AUDITOR’S REPORT (continued)

Report on the Audit of the Financial Statements (continued)

Other Information

Management is responsible for the other information. The other information comprises the information included in the Annual Report, but does not include the separate and the consolidated financial statements and our auditor’s report. Our opinion on the separate and the consolidated financial statements does not cover the other information.# INDEPENDENT AUDITOR'S REPORT

Report on the Audit of the Financial Statements

Auditor's Responsibilities for the Audit of the Separate and the Consolidated Financial Statements

In connection with our audit of the separate and the consolidated financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the separate and the consolidated financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. With respect to the Management Report and the Corporate Governance Report, which are included in the Annual Report, we have also performed the other procedures prescribed by the Accounting Act. These procedures include examination of whether the Management Report include required disclosures as set out in the Articles 22 and 24 of the Accounting Act and whether the Corporate Governance Report includes the information specified in the Articles 22 and 25 of the Accounting Act. Based on the procedures performed during our audit, to the extent we are able to assess it, we report that:
1) Information included in the other information is, in all material respects, consistent with the attached separate and consolidated financial statements.
2) Management Report has been prepared, in all material respects, in accordance with the Articles 22 and 24 of the Accounting Act, excluding the requirements on sustainability reporting. In respect of the Sustainability Report, which is included as part of the other information and constitutes a separate part of the Management Report, we performed a limited assurance engagement, the results of which were presented in a separate limited assurance report with an unmodified conclusion.
3) Corporate Governance Report has been prepared, in all material aspects, in accordance with the Articles 22 and 25 of the Accounting Act.

Based on the knowledge and understanding of the Company and the Group and its environment, which we gained during our audit of the separate and the consolidated financial statements, we have not identified material misstatements in the other information.

Responsibilities of Management and Those Charged with Governance for the Separate and the Consolidated Financial Statements

Management is responsible for the preparation and fair presentation of the separate and the consolidated financial statements in accordance with IFRSs and for such internal control as Management determines is necessary to enable the preparation of separate and consolidated financial statements that are free from material misstatement, whether due to fraud or error. In preparing the separate and the consolidated financial statements, Management is responsible for assessing the Company’s and the Group’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless Management either intends to liquidate the Company or the Group or to cease operations, or has no realistic alternative but to do so. Those charged with governance are responsible for overseeing the Company’s and the Group’s financial reporting process. Our objectives are to obtain reasonable assurance about whether the separate and the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs will always detect a material misstatement when it exists.

Auditor’s Responsibilities for the Audit of the Separate and the Consolidated Financial Statements

Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these separate and consolidated financial statements. As part of an audit in accordance with ISAs, we exercise professional judgment and maintain professional scepticism throughout the audit. We also:
• Identify and assess the risks of material misstatement of the separate and the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
• Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Company’s and the Group's internal controls.
• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by Management.
• Conclude on the appropriateness of Management’s use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Company’s and the Group’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor’s report to the related disclosures in the separate and the consolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report. However, future events or conditions may cause the Company and the Group to cease to continue as a going concern.
• Evaluate the overall presentation, structure and content of the separate and the consolidated financial statements, including the disclosures, and whether the separate and the consolidated financial statements represent the underlying transactions and events in a manner that achieves fair presentation.
• Plan and perform the group audit to obtain sufficient appropriate audit evidence regarding the financial information of the entities or business units within the group as a basis for forming an opinion on the group financial statements. We are responsible for the direction, supervision and review of the audit work performed for purposes of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit. We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, actions taken to eliminate threats or safeguards applied. From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the separate and the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor’s report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

INDEPENDENT AUDITOR'S REPORT (continued)

Report on Other Legal and Regulatory Requirements

Report based on the requirements of Delegated Regulation (EU) No. 2018/815 amending Directive No. 2004/109/EC of the European Parliament and of the Council as regards regulatory technical standards for the specification of the uniform electronic format for reporting (ESEF)

Auditor’s reasonable assurance report on the compliance of separate and consolidated financial statements (financial statements), prepared based on the provision of Article 462 (5) of the Capital Market Act by applying the requirements of the Delegated Regulation (EU) 2018/815 specifying for the issuers a single electronic reporting format (“ESEF Regulation”).

We conducted a reasonable assurance engagement on whether the financial statements of the Company the Group for the financial year ended 31 December 2024 prepared to be made public pursuant to Article 462 (5) of the Capital Market Act, contained in the electronic file 747800L0D5F39CX8NA43-2024-12-31-hr, have been prepared in all material aspects in accordance with the requirements of the ESEF Regulation.

Responsibilities of the Management and Those Charged with Governance

Management is responsible for the preparation and content of the financial statements in line with the ESEF Regulation. In addition, Management is responsible for maintaining the internal controls system that reasonably ensures the preparation of financial statements without material differences with the reporting requirements from the ESEF Regulation, whether due to fraud or error. Furthermore, Company Management is responsible for the following:
• Public reporting of financial statements presented in the Annual Report in valid XHTML format
• Selection and use of XBRL markups in line with the requirements of the ESEF Regulation.

Those charged with governance are responsible for supervising the preparation of financial statements in ESEF format as part of the financial reporting process.# Auditor’s Responsibilities
It is our responsibility to carry out a reasonable assurance engagement and, based on the audit evidence obtained, give our conclusion on whether the financial statements have been prepared without material differences with the requirements from the ESEF Regulation. We conducted our reasonable assurance engagement in accordance with the International Standard on Assurance Engagements 3000 (Revised) – Assurance Engagements Other than Audits or Reviews of Historical Financial Information (ISAE 3000). This standard requires that we plan and perform the engagement to obtain reasonable assurance for providing a conclusion.

Quality management

We have conducted the engagement in compliance with independence and ethical requirements as provided by the Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants. The code is based on the principles of integrity, objectivity, professional competence and due diligence, confidentiality, and professional conduct. We comply with the International Standard on Quality Management 1, Quality Management for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements (ISQM 1) and accordingly maintain an overall management control system, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and statutory requirements.

INDEPENDENT AUDITOR’S REPORT (continued)

Report on Other Legal and Regulatory Requirements (continued)

Report based on the requirements of Delegated Regulation (EU) No. 2018/815 amending Directive No. 2004/109/EC of the European Parliament and of the Council as regards regulatory technical standards for the specification of the uniform electronic format for reporting (ESEF) (continued)

Procedures performed

As part of the selected procedures, we have conducted the following activities:
* We have read the requirements of the ESEF Regulation;
* We have gained an understanding of internal controls of the Company and the Group, relevant for the application of the ESEF Regulation requirements;
* We have identified and assessed the risks of material differences with the ESEF Regulation due to fraud or error;
* We have devised and designed procedures for responding to estimated risks and obtaining reasonable assurance in order to give our conclusion.

Our procedures focused on assessing whether:
* Financial statements included in the separate and the consolidated report have been prepared in valid XHTML format;
* Data included in the separate and the consolidated financial statements required by the ESEF Regulation have been marked up and meet all of the following requirements:
* XBRL has been used for markups.
* Core taxonomy elements stipulated in the ESEF Regulation with the closest accounting meaning were used unless an extension taxonomy element was created in line with the Annex IV of the ESEF Regulation;
* Markups comply with the common rules on markups in line with the ESEF Regulation.

We believe the evidence we obtained to be sufficient and appropriate to provide a basis for our conclusion.

Conclusion

We believe that, based on the procedures performed and evidence obtained, the financial statements of the Company and the Group presented in the ESEF format, contained in the aforementioned electronic file, and based on the provision of Article 462 (5) of the Capital Market Act, have been prepared to be published for public, in all material aspects in accordance with the requirements of articles 3, 4 and 6 of the ESEF Regulation for the year ended 31 December 2024. In addition to this conclusion, as well as the audit opinion contained in this Independent Auditor's Report for the accompanying financial statements and Annual Report for the year ended 31 December 2024, we do not express any opinion on the information contained in these documents or other information contained in the above mentioned file.

INDEPENDENT AUDITOR’S REPORT (continued)

Report on Other Legal and Regulatory Requirements (continued)

Other reporting obligations as required by Regulation (EU) No. 537/2014 of the European Parliament and the Council and the Audit Act

We were appointed as the statutory auditor of the Company and the Group by the shareholders on General Shareholders’ Meeting held on 18 June 2025 to perform audit of accompanying separate and consolidated financial statements. Our total uninterrupted engagement has lasted 7 years and covers the period from 1 January 2018 to 31 December 2024. We confirm that:
* our audit opinion on the accompanying separate and consolidated financial statements is consistent with the additional report issued to the Audit Committee of the Company on 29 April 2025 in accordance with the Article 11 of Regulation (EU) No. 537/2014 of the European Parliament and of the Council;
* no prohibited non-audit services referred to in the Article 5(1) of Regulation (EU) No. 537/2014 of the European Parliament and of the Council were provided.

There are no services, in addition to the statutory audit, which we provided to the Company and its controlled undertakings, and which have not been disclosed in the Annual Report.

The engagement partner on the audit resulting in this independent auditor’s report is Katarina Kadunc.

Katarina Kadunc
Director and certified auditor
Deloitte d.o.o.
30 April 2025
Radnička cesta 80, 10 000 Zagreb, Croatia

Statement of comprehensive income for the year ended 31 December 2024

SPAN d.d. and its subsidiaries Group
18 Company
2024 2023
'000 EUR '000 EUR
Note
Revenue from contracts with customers 5
Other operating income 6
Costs of licenses and hardware sold 7
Raw material and supplies 8
Services costs 9
Staff costs 10
Depreciation and amortisation cost 11
Impairment losses (including reversal of impairment losses) from financial assets and contract assets 24
Other expenses 12
Financial expenses 13
Financial income – interest income 14
Financial income – other 14
Share of profit of associates 22
Profit before tax
Corporate income tax 15
Profit for current year
Attributable to:
Owners of the Company
Non-controlling interests
Items that are not subsequently reclassified to profit or loss:
Revaluation of land and buildings 19
Tax on profit from revaluation of land and buildings 15
Items that can be subsequently reclassified to profit or loss:
Exchange rate differences on the translation of foreign operations 17
Total comprehensive income
Attributable to:
Owners of the Company
Non-controlling interest
Earnings profit per share (euros)
Basic (euros and cents) 16
Diluted (euros and cents) 16

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

Statement of financial position for the year ended 31 December 2024

SPAN d.d. and its subsidiaries Group
19 Company
31/12/2024 31/12/2023
Assets Note
Non-current assets
Goodwill 17
Other intangible assets 18
Property, plant and equipment 19
Right-of-use assets 20
Investments in subsidiaries 21.1
Other investments accounted for using the equity method 22
Other non-current assets
Deferred tax assets 26
Total non-current assets
Current assets
Inventories 23
Investments in financial assets 21
Trade and other receivables 24
Cash and bank balances 33
Total current assets
Total assets
Equity and liabilities
Equity and reserves
Share capital 29
Capital reserves 30
Profit reserves
Reserves for own shares
Own shares
Revaluation reserves - Property 31
Translational reserve of foreign operations
Retained earnings
Equity attributable to owners of the Company
Non-controlling interests 32
Total equity
Non-current liabilities
Trade and other payables 28
Borrowings 25
Deferred tax liability 26
Lease liabilities 27
Contractual liabilities 35
Total non-current liabilities
Current liabilities
Trade and other payables 28
Lease liabilities 27
Borrowings 25
Contractual liabilities 35
Deferred income 34
Total current liabilities
Total Liabilities
Total equity and liabilities

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

Statement of changes in shareholder's equity for the year ended 31 December 2024

SPAN d.d.# Statement of changes in shareholder's equity for the year ended 31 December 2024

SPAN d.d. and its subsidiaries

Company

Share capital Capital reserves Profit reserves Reserves for own shares Own shares Revaluation reserves - Property Retained earnings Total
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Balance as of 01 January 2023 2,601 10,912 1,169 104 (104) 1,997 12,668
Profit for the year (note 16) - - - - - - 461
Changes to revaluation reserves (note 31) - - - - - (120) 120
Total comprehensive income - - - - - (120) 581
Other non-ownership changes in equity 1,319 (1,319) - - - - -
Changes in reserves and development costs - - 90 - - - (90)
Repurchase of own shares/stocks - - - 703 (703) - (703)
Allotment of own shares in line with IFRS 2 (note 30) - 326 - (236) 236 - 235
Dividend paid - - - - - - (2,584)
Balance as of 31 December 2023 3,920 9,919 1,259 571 (571) 1,877 10,107
Profit for the year (note 16) - - - - - - 2,756
Changes to revaluation reserves (note 31) - - - - - 1,253 121
Total comprehensive income - - - - - 1,253 2,877
Changes in reserves and development costs - - 110 - - - (110)
Repurchase of own shares/stocks - - - 233 (233) - (233)
Allotment of own shares in line with IFRS 2 (note 30) - (189) - (804) 804 - 804
Dividend paid - - - - - - (586)
Merger of companies (note 36) - (724) - - - - (444)
Balance as of 31 December 2024 3,920 9,006 1,369 - - 3,130 12,415

The corresponding notes on pages 23 to 89 are an integral part of these financial statements.

Statement of changes in shareholder's equity for the year ended 31 December 2024

SPAN d.d. and its subsidiaries

Company

Share capital Capital reserves Profit reserves Reserves for own shares Own shares Revaluation reserves - Property Translational reserve of foreign operations Retained earnings Owners of the parent Non-controlling interests Total
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Balance as of 1 January 2023 2,601 10,912 1,349 157 (157) 1,997 98 14,432 31,389 217
Profit from the year (note 16) - - - - - - - 1,144 1,144 103
Changes in revaluation reserves (note 31) - - - - - (120) - 120 - -
Other comprehensive income for the year less income tax - - - - - - (336) - (336) -
Total comprehensive income - - - - - (120) (336) 1,264 808 103
Other non-ownership changes in equity 1,319 (1,319) - - - - - - - -
Changes in development cost reserves - - 28 - - - - (28) - -
Repurchase of own shares/stocks - - - 703 (703) - - (703) (703) -
Allotment of own shares in accordance with IFRS 2 (note 30) - 326 - (236) 236 - - 236 562 -
Dividend paid - - - - - - - (2,584) (2,584) -
Other allotments and payments to members/shareholders - - - - - - - 631 631 -
Balance as of 31 December 2023 3,920 9,919 1,377 624 (624) 1,877 (237) 13,248 30,103 320
Profit for the year (note 16) - - - - - - - 3,398 3,398 -
Changes in revaluation reserves (note 31) - - - - - 1,253 - 121 1,374 -
Other comprehensive income for the year less income tax - - - - - - 17 - 17 -
Total comprehensive income - - - - - 1,253 17 3,519 4,789 -
Changes in reserves and development costs - - 81 - - - - (81) - -
Change of controlling interests - (928) - - - - - 93 (835) (320)
Repurchase of own shares/stocks - - - 233 (233) - - (233) (233) -
Allotment of own shares in line with IFRS 2 (note 30) - (189) - (804) 804 - - 804 615 -
Dividend paid - - - - - - - (586) (586) -
Balance as of 31 December 2024 3,920 8,802 1,458 53 (53) 3,130 (220) 16,763 33,853 -

Statement of cash flows for the year ended 31 December 2024

SPAN d.d. and its subsidiaries

Group Company

Note 2024. '000 EUR 2023. '000 EUR 2024. '000 EUR 2023. '000 EUR
Profit of the year before tax 4,792 1,746 3,116 665
Adjustments:
Financial income – interest income 14 (362) (101) (1,763)
Financial expenses 13 350 151 348
Depreciation of property plant and equipment 11 999 1,049 881
Depreciation of right-of-use assets 11 1,338 1,300 1,128
Amortisation of intangible assets 11 1,410 1,210 773
Gains and losses from impairment of financial assets less reversals 24, 13 301 1,018 58
Gains and losses from sales and value adjustments of non-current tangible and intangible assets (32) (24) (33)
Net carrying value of disposed property plant and equipment 19 27 12 8
Operating cash flows before movements in working capital 8,823 6,361 4,516 3,177
Decrease/(increase) in inventories (4) 366 (15)
Decrease/(increase) of trade and other receivables 2,254 (12,374) (888)
Increase/(Decrease) of trade and other payables 3,185 12,925 2,364
Increases/(Decreases) in contractual liabilities (301) (809) (301)
Increases/(decreases) in deferred income (1,402) (97) (1,905)
Cash from operations 12,555 6,372 3,771
Corporate income tax paid (623) (614) (265)
Net cash from operating activities 11,932 5,758 3,506
Investing activities
Interest receipts 362 101 113
Dividend income - - 1,650
Purchase of property, plant and equipment 19 (762) (760) (704)
Purchase of intangible assets 18 (348) (1,603) (432)
Acquisition of a subsidiary (2,228) (7,740) (2,462)
Investment in shares of the companies with participating interest 22 - (109) -
Other cash expenditure from investment activities 33 - 33 -
Net cash (used in)/from investing activities (2,943) (10,111) (1,802)
Financial activities
Dividends paid (586) (2,584) (586)
Interest paid 20, 25 (334) (145) (331)
Transaction costs associated with loans and borrowings - (3) -
Repayment of loans and borrowings 25 (7,600) (1,466) (10,157)
Cash receipts from loans and loans 25 10,999 2,631 13,449
Repayment of lease liabilities (1,480) (1,748) (1,189)
Net cash (used in)/from financing activities 998 (3,315) 1,186
Net increase/(decrease) in cash and cash equivalents 9,989 (7,668) 2,890
Cash acquired through the acquisition/merger of a subsidiary 36 - 3,233 1,272
Cash and cash equivalents at the beginning of the year 14,379 18,814 4,832
Cash and cash equivalents at the end of the year 33 24,368 14,379 8,994
## For the year ended 31 December 2024
### SPAN d.d. and its subsidiaries 23

1. General

SPAN d.d. (hereinafter: "The Company") is a joint stock company established and registered in the Republic of Croatia. The ultimate controlling parties of the company are Nikola Dujmović and other shareholders shown in the register of Zagreb Stock Exchange. The amounts in these financial statements are expressed in euros and rounded to the nearest thousand. Foreign parts of the business are involved in accordance with the policies described in note 3. Due to technical limitations related to textual marking of notes in the group's and company's financial statements in accordance with the Single Electronic Format (European single electronic format; ESEF) the content of certain XBRL tags related to tabularly displayed disclosures may not be shown identically to the accompanying financial statements. The principal activities of the Company and its subsidiaries (the Group) and the nature of the Group's activities are described below.

a. SPAN d.d.
Span d.d., Zagreb. company registration number: 080192242, Company ID: 19680551758. was established under the laws and regulations of the Republic of Croatia as a limited liability company, on 23 March 1993. On 13 December 2019, the General Assembly of the company adopted the Decision on the transforming the company into a joint stock company. Headquarters: Zagreb. Koturaška cesta 47 Management Board: Nikola Dujmović, President of the Management Board and the following members of the Management Board: Ana Vukšić i Saša Kramar and Mihaela Trbojević. The Company’s core activities are the following: computing and related activities; business and other management consulting services.

b. Trilix d.o.o.
Company Trilix d.o.o., Zagreb. company registration number: 080621127, Company ID: 23149457295. was established according to the laws and regulations of the Republic of Croatia as a limited liability company, on 8 August 2007. Headquarters: Zagreb, Ulica grada Vukovara 269F Management Board: Mladen Amidžić, President of the Management Board and Nikola Dujmović, Member of the Management Board The company’s core activities are the following: IT security consultancy; business and other management consulting services; and computing and related activities.

c. SPAN d.o.o., Ljubljana
Span d.o.o., Ljubljana. company registration number: 359638900, was established under the laws and regulations of the Republic of Slovenia as a limited liability company, on 18 August 2009. Headquarters: Ljubljana, Verovškova ulica 55A, Republic of Slovenia Directors of the company: Miha Koren, director and Saša Kramar, director The subject of the Company's business is the design of information systems and the provision of services from the IT solutions segment on the Slovenian market.

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 24

1. General (continued)

d. SPAN IT Ltd., London
SPAN IT Ltd., London, company registration number: 06810505, was established under the laws and regulations of the United Kingdom as a limited liability company, on 5 February 2009. Company headquarters: 1 Giltspur Street, Farringdon, London, United Kingdom, EC1A 9DD Directors of the company: Saša Kramar, director and Marijan Mlađan, director The subject of the Company's business is the provision of services in the field of IT solutions on the UK market.

e. SPAN USA, Inc.
SPAN USA, Inc., company registration number: 68-0682850, was incorporated under the laws and regulations of the United States of America as a limited liability company, On 10 October 2012. Headquarters: Chicago, 1415 W. 22nd Street, Tower Floor, Oakbrook, IL 60523, United States Directors of the company: Marijan Mlađan, President of the Management Board, Mario Štula, Vice President of the Management Board. The company's business is to provide IT services and customer support in the United States.

f. Span Azerbaijan LLC, Baku
Span Azerbaijan LLC, company registration number: 1701936521, was established under the laws and regulations of Azerbaijan as a limited liability company, on 15 April 2016. Headquarters: Baku, House 96E, Nizami, Sabail district, Baku city, AZ1010, Azerbaijan Director of the company: Eldar Jahangirov, director The subject of the Company's business is consulting and services in information technologies.

g. Span LLC, Kiev
Span LLC, company registration number: 42424948, was established under the laws and regulations of Ukraine, as a limited liability company, on 30 August 2018. Headquarters: Kiev, Ukraine Director of the company: Oleg Avilov Mikolaevich, director The subject of the Company's business is consulting and services in information technologies.

h. SPAN GmbH, Munich
SPAN GmbH, company registration number: 242618, was established under the laws and regulations of Germany, as a limited liability company, on 31 July 2018. Company headquarters: Munich, Germany Directors of the company: Nikola Dujmović, director and Saša Kramar, director The subject of the Company's business is consulting and services in information technologies.

i. SPAN Swiss AG in liquidation from 29 November 2023
SPAN Swiss AG in liquidation, company registration number: CHE-229.766.934, was established under the laws and regulations of Switzerland, as a limited liability company, on 18 February 2019. Company headquarters: Zug. Switzerland Liquidator of Company: Markus Brulhart The subject of the Company's business is consulting and services in information technologies

j. Span-IT s.r.l., Chisinau
Span-IT s.r.l., company registration number: 1021600030638. was established under the laws and regulations of Moldova. as a limited liability company, on 19 July 2021. Headquarters: Chisinau, Moldova Directors of the company: Nikola Dujmović, director, Saša Kramar, director and Serghei Smigaliov, director The subject of the Company's business is consulting in the field of information technologies.

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 25

1. General (continued)

k. Inkubator Centar kibernetičke sigurnost d.o.o.
Company Inkubator kibernetičke sigurnosti d.o.o., Zagreb, company registration number: 081452193, Company ID: 88052917618, was established according to the laws and regulations of the Republic of Croatia as a limited liability company, on 21 July 2022. Headquarters: Zagreb. Koturaška cesta 47 Directors of the company: Mihaela Trbojević, President of the Management Board, Nikola Dujmović, Member of the Management Board and Saša Kramar, Member of the Management Board The subject of the Company's business are computer and related activities.

l. GT Tarkvara OU. Tallinn
Gt Tarkvara OU Company was founded on 4 March 2008 Company headquarters: Tallinn. Parnu mnt 141, Estonia Directors of the company: Ahti Leppik, Taivo Remmelgas, Saša Kramar The subject of the Company's business is the sale of computers, computer equipment and software.

m. Span LLC.Tbilisi
Span LLC, Tbilisi, Georgia was founded in September 2023. Headquarters: Tbilisi, Georgia Directors of the company: Tahir Alyev The subject of the Company's business is consulting and services in information technologies.

n. Span B.V., Amsterdam, Netherlands
The company Span B.V., MB: 95799907, was founded on December 16, 2024. The company's business is software licensing, providing security and cloud services, etc. The company's registered office: Keizersgracht 482, 1017 EG, Amsterdam, Netherlands The company's director: Davor Majetić

o. Ustanova Span Centar kibernetičke sigurnosti
On December 20, 2024, the Commercial Court in Zagreb issued a decision on the registration of the establishment of an institution under number 081625374, with the aim of providing various training and professional development programs in the field of cybersecurity and related areas through formal and informal forms of adult education. Institution headquarters: Koturaška cesta 47, Zagreb Interim director: Marinko Žaga r

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 26

2. Adoption of new and amended international financial reporting standards ("IFRS") and interpretations

a) First application of new amendments to the existing standards effective for the current reporting period
In the current year. the Company and the Group have implemented a number of amendments to international accounting standards published by the International Accounting Standards Board ("IASB") and adopted in the European Union ("EU"). which are mandatory for the reporting period beginning on or after 1 January 2024.

Standard Name
Amendments to IAS 1 Classification of liabilities as short-term or long-term, and long-term liabilities with covenants
Amendments to IAS 7 and IFRS 7 Supplier financing agreements
Amendments to IAS 16 Lease liabilities upon sale and leaseback

Their adoption did not have any significant impact on the disclosures or amounts reported in these financial statements.

b) Standards and amendments to existing standards issued by IASB and adopted in the European Union but not yet effective
At the date of approval of these financial statements. the Company has not applied the following new and revised international accounting standards issued and adopted by the EU. but are not yet in force:

Standard Name Effective Date
Amendments to MRS 21 The lack of exchangeability 1 January 2025

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 27

2. Adoption of new and amended standards (continued)

c) New standards and amendments to existing standards issued by IASB but not yet adopted by European Union
Currently. the standards adopted by the EU do not differ significantly from the regulations adopted by the International Accounting Standards Board.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

28

3. Significant accounting policies

Accounting principle

The financial statements have been prepared in accordance with International Financial Reporting Standards adopted by the European Union (IFRS) and therefore the Group and the Company's financial statements are in accordance with Article 4 of the Regulation (EU) on international accounting standards. The financial statements are prepared on the principle of historical cost, with the exception of the revaluation of certain property, which are presented in revalued amounts, as explained in the accounting policies that follow. The historical cost is based mainly on the fair value of the consideration given in exchange for goods or services. The following is an overview of significant information on the accounting policies adopted for the preparation of these financial statements. These accounting policies are consistently applied for all periods included in these statements.

Going Concern

The Management Board has, at the time of approving the financial statements, a reasonable expectation that the Group and Company has adequate resources to continue in operational existence for the foreseeable future. Thus they continue to adopt the going concern basis of accounting in preparing the financial statements.

Basis for consolidation

The consolidated financial statements incorporate the financial statements of the Company and entities controlled by the Company made up to 31 December 2024. Consolidation of a subsidiary begins when the Company obtains control over the subsidiary and ceases when the Company loses control of the subsidiary. Specifically, the results of subsidiaries acquired or disposed of during the year are included in profit or loss from the date the Company gains control until the date when the Company ceases to control the subsidiary. Where appropriate, adjustments were made in the subsidiaries’ financial statements to align their accounting policies with those of the Company.

The consolidation eliminates in full intra-Group assets and liabilities, equity, income, expenses and cash flows relating to transactions between entities of the Group. Non-controlling interests in subsidiaries are accounted for separately from the Group’s ownership interest. Those interests of non-controlling shareholders that are present entitle their holders to a proportionate share of net assets upon liquidation may initially be measured at fair value or at the non-controlling interests’ proportionate share of the fair value of the acquiree’s identifiable net assets. Valuation method is selected separately for each acquisition. Remaining non-controlling interests are initially measured at fair value. After acquisition, the carrying value of non-controlling interests is the amount of shares at initial recognition increased by the share of non-controlling interest in subsequent changes to the equity. Profit or loss and each component of other comprehensive income are attributed to the owners of the Company and to the non-controlling interests. Total comprehensive income shall be attributed to the owners of the Company and non-controlling interests even if this results in the non-controlling interests having a deficit balance.

Investments in subsidiaries

Subsidiaries are companies in which the Group has the power to influence their operating and financial policies. In the Span Group, these are all companies in which Span has over 50% ownership interest. Investments in subsidiaries are valued at acquisition cost less value adjustments, if any. Investments in subsidiaries are tested annually for potential impairment. The ratio is made between the current carrying value and the fair value calculated based on the free cash flow model. If the fair value is lower than the carrying value, the Company adjusts the carrying value to a lower, fair value. The cost of value adjustment of investments in subsidiaries is recognized in the income statement for the year.

Investments in associates

Investments in associates are investments in companies in which the Group has significant influence over their operating and financial policies. In the Span Group, these are companies in which Span has 20% - 49% ownership interest. Investments in associates are measured at cost and are subsequently adjusted using the equity method. The equity method means that the value is adjusted for the profit or loss of the associate in each reporting period in proportion to the ownership interest less any dividends received by Span from the associate. The proportionate profit or loss attributable to Span Group is recognized in the income statement. In separate financial statements of the Company, Investments in associates are recognized at cost.

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

29

3. Significant accounting policies (continued)

Business combinations

Acquisitions of businesses are accounted for using the acquisition method. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group, liabilities incurred by the Group to the former owners of the acquiree and the equity interest issued by the Group in exchange for control of the acquiree. Acquisition-related costs are recognized in profit or loss as incurred. At the date of acquisition, the assets acquired, and the identifiable liabilities assumed are recognized at their fair value on the date of acquisition.

Goodwill is measured as the excess of the sum of the consideration transferred, the amount of any non-controlling interests in the acquiree, and the fair value of the acquirer’s previously held equity interest in the acquiree (if any) over the net of the acquisition-date amounts of the identifiable assets acquired and the liabilities assumed. If the reassessment finds that the share of the Group in the fair value of the identifiable amount of the acquiree’s net assets exceeds the sum of the consideration transferred, the amount of non-controlling interest, if any, and the fair value of the acquirer’s previously held equity interest in the acquiree, the surplus shall be recognized immediately in profit or loss as a gain from a bargain purchase.

The consideration the Group transfers in a business combination includes a contingent consideration arrangement. The Group shall recognize the acquisition-date fair value of contingent consideration as part of the consideration transferred in exchange for the acquiree. Changes in fair value of the contingent consideration that qualify as measurement period adjustments are adjusted retrospectively, with corresponding adjustments against goodwill. Measurement period adjustments are adjustments that arise from additional information obtained during the ‘measurement period’ (which cannot exceed one year from the acquisition date) about facts and circumstances that existed at the acquisition date.

Goodwill

Goodwill is not amortized, but is tested for impairment at least once a year. For the purpose of impairment testing, goodwill is allocated to each of the Group’s cash-generating units (or groups of cash-generating units) expected to benefit from the synergies of the combination. A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. If the recoverable amount of the cash-generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro- rata on the basis of the carrying amount of each asset in the unit. Such impairment loss for goodwill will not be reversed in subsequent periods. The policy used by the Group for calculating goodwill resulting from acquisition of associates is described in note 17.

Revenue Recognition

Revenue is measured based on the consideration to which the Group and Company expect to be entitled according to the customer contract, excluding amounts collected on behalf of third parties. The Group and Company recognize revenue when they transfer control of a licence, product or service to a customer.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

3. Significant accounting policies (continued)

Revenue recognition (continued)

Sale of licenses

With reference to the sale of different types of licences, revenue is primarily realised from the sale of Microsoft licences. The Group and Company are primarily responsible for delivering specific characteristics of licences to customers, they are exposed to the potential risk of rejection of licences by the customer and have the discretion to define prices and benefits from licences to the moment of transfer of control. Licences are prepared for activation for a specific customer and are granted at a particular point in time. The Group and Company determine that the license agreement does not require, and the customer does not reasonably expect, that the Group and Company shall undertake activities that significantly affect the software. Since the licensor shall not undertake activities that significantly affect the intellectual property for which the users have rights and benefits, be they positive or negative activities that do not affect the licensor; and that the activities that might affect the intellectual property do not constitute additional performance actions in the contract, the licences thus represent the right-of-use and the Group, therefore, recognizes revenue at a particular point in time. Revenue is recognized when control of the licence has been transferred, that is at the point the licences become available to the customer and the customer has gained the control over a licence. The value of transactions from these contracts have been defined in framework contracts with customers (usually on an annual basis), determined based on price lists, and charged within 30 days. Based on the framework contract, the customers use order requests for purchasing licences to commit to the purchase during the life of the contract. The Group and Company use a practical exception for disclosing the transaction price allocated to outstanding performance obligations since they have the right to the consideration paid by the customer in the amount equivalent to the value of the performance obligation by the reporting date, thus the Group and Company recognizes revenue in the amount that they invoice. The Group and Company do not expect variable consideration from such contracts. In case the contract at the same time includes the delivery of licences and provision of advisory services as part of the solutions requested by the customer, advisory services, as well as licences, are considered individual distinct delivery obligations. Transaction price is distinct in contracts per type of licence and advisory service, thus is determined based on an individual sales price of a licence or service.

Sale of hardware

The Group and Company sell hardware directly to customers in line with the contract on the sale of hardware and provision of services or individual contracts on the sale of hardware. Revenue is recognized at the point in time when the control over the equipment has been transferred to the customers, and the sale of equipment is considered a distinct delivery obligation. Transferring control to the customer entails physical ownership and use of hardware by the customer, transfer of all rights to use and risks of use of hardware to the customer, as well as the Group and Company’s right to collect. The process of sale of hardware in most cases meets the condition to transfer control after the goods have been delivered to the customer’s specific location. Transaction prices stipulated in these contracts are usually fixed and are collected after the delivery of the hardware and installation services provided.

Sales of services

Advisory services the Group provides may be divided in two main service groups: services related to contracted projects with customers, and advisory services which refer to customer support based on contracted price lists. Advisory services related to contracted projects (e.g. installation and/or development of different software products for specialised business operations) are recognized as a performance obligation satisfied over time. Revenue is recognized in the financial statements based on the stage of completion of the contract. The management and competent bodies have assessed that the stage of completion determined as the proportion of the expected project duration, i.e. time that has elapsed at the end of the reporting period is an appropriate measure of progress towards complete satisfaction of these performance obligations under IFRS 15. Since the projects are related to the time cost of each developer, the time spent on the project reflects the work performed, i.e. delivered. If the services are charged in an amount higher than required considering their stage of completion, the difference is recognized as deferred income. Support advisory services include hourly based standard services recognized at a certain time of delivery of services based on contracted price lists. A support advisory service is a distinct service as it is both regularly supplied by the Group and Company to other customers on a stand-alone basis and is available for customers from other providers in the market. Discounts are not considered as they are only given in rare circumstances and are not material.

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

3. Significant accounting policies (continued)

Leases

Group and Company as a lessor

The Group and Company assess whether a contract is or contains a lease at the beginning of the contract. The Group and Company recognize a right-of-use asset and a corresponding lease liability with respect to all lease arrangements in which they are the lessee, except for short-term leases (defined as leases with a lease term of 12 months or less) and leases of low value assets (such as tablets and personal computers, small items of office furniture and telephones). For these leases, the Group and Company recognize the lease payments as an operating expense on a straight-line basis over the term of the lease unless another systematic basis is more representative of the time pattern in which economic benefits from the leased assets are consumed. The lease liability is initially measured at the present value of the lease payments that have not been settled at the beginning of the lease term, discounted at the rate implicit in the lease. If this rate cannot be readily determined, the Group and Company use their incremental borrowing rate. The lease liability is presented as a separate line in the statement of financial position. The lease liability is subsequently measured by increasing the carrying amount to reflect interest on the lease liability (using the effective interest method) and by reducing the carrying amount to reflect the lease payments made. The right-of-use assets include the initial measurement of the relevant lease liability, lease payments made at or before the commencement date of the lease, less any lease incentive received for concluding the operating lease and all initial direct costs. These are subsequently measured at cost less accumulated depreciation and accumulated impairment losses. The right-of-use assets are presented as a separate line in the statement of financial position. The Group and Company apply IAS 36 to determine whether a right-of-use asset is impaired and account for any identified impairment loss as described in the ‘Property and Equipment’ policy.

Group and Company as a lessee

Leases in which the Group is the lessor are classified as financial or operating leases. When the Group is an intermediate lessor, it accounts for the head lease and the sub-lease as two separate contracts. The sub-lease is classified as a finance or operating lease by reference to the right-of-use asset arising from the head lease. Rental income from operating leases is recognized on a straight-line basis over the term of the relevant lease. Initial direct costs incurred in negotiating and arranging an operating lease are added to the carrying amount of the leased asset and recognized on a straight-line basis over the lease term.

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

3. Significant accounting policies (continued)

Foreign currencies

In the financial statements, assets and liabilities of the Group’s foreign operations have been calculated using the exchange rates prevailing at the end of the reporting period. Income and expense items are translated at the average exchange rates for the period, unless exchange rates fluctuate significantly during that period, in which case the exchange rates at the date of transactions are used. Potential foreign exchange differences are recognized in other comprehensive income and accumulated in a foreign exchange translation reserve (and added to non-controlling interests, if any). Goodwill and fair value adjustments arising on the acquisition of a foreign entity are treated as assets and liabilities of the foreign entity and translated at the closing rate. Such foreign exchange differences are recognized in other comprehensive income.

Government grants

Government grants that are receivable as compensation for expenses or losses already incurred or for the purpose of giving immediate financial support to the Group and Company with no future related costs are recognized in profit or loss in the period in which they become receivable.

Tax credits for investment

Tax reliefs for investment are considered to be reliefs arising from state incentive measures that allow the Company and the Group to reduce the tax liability of corporate tax or other specified taxes in future periods.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

33

3. Significant accounting policies (continued)

Retirement and termination benefits

Payments made to a defined contribution retirement benefit plan are recognized as expenses once the employees have their right to contributions. Payments made to state-managed retirement benefit plans are accounted for as payments to defined contribution plans where the Group and Company’s obligations under the plans are equivalent to those arising in a defined contribution retirement benefit plan.

Short-term and other long-term employee benefits

A liability is recognized for benefits accruing to employees in respect of salaries, annual leave and sick leave in the period the related service is rendered at the undiscounted amount of the benefits expected to be paid in exchange for that service. Liabilities recognized in respect of short-term employee benefits are measured at the undiscounted amount of the benefits expected to be paid in exchange for the related service.

Employees that purchased 20 or more shares in the first round of the public offering of shares in 2021 entered the Company’s ESOP program. Twenty shares make a single ESOP package, used for calculating the total number of additional shares the employee is entitled to within the ESOP program. Within the three-year period in which the employees maintain one or more ESOP packages (vesting period), the Company will allocate additional 25% shares (additional 5% shares after the first year expires, and 10% after the second and third year expire). Fair value of allocated shares is recognized as an expense in the vesting period, and once it expires, the relevant liability is recognized at the share’s market price. Furthermore, the Company usually rewards its employees for their exceptional performance for the year by making bonus payments in the form of Company shares (own shares). The fair value of the shares is established once the vesting period expires, at the share’s market price.

In line with the Remuneration Policy, the Management Board members’ annual bonus constitutes a variable portion of their remuneration and amounts to a maximum of 40% of their annual salary which is equal to 12 monthly gross salaries, as defined in the contract on their rights and obligations concluded between individual members of the Management Board and the Company. The Company may decide to make annual bonus payments in the form of Company shares, in which case the Company transfers own shares to the member of the Management Board.

Taxation

Current tax

The tax currently payable is based on the taxable profit for the year. Taxable profit differs from the net profit reported in profit or loss because it excludes items of income or expense that are taxable or deductible in other years and it further excludes items that are not taxable or deductible at all. The Group and Company’s liability for current tax is calculated using tax rates that have been enacted or substantively enacted by the end of the reporting period. Provisions are recognized for matters with uncertain tax charge, when an outflow of funds to the tax authority is highly probable. Provisions are measured by using the best estimate of likely tax values. The estimate is based on the judgement of tax experts within the Company in line with prior experience in such activities and, in certain cases, based on tax advice of independent experts.

Deferred tax

Deferred tax is recognized as the difference between the carrying amount of assets and liabilities in the financial statements and the corresponding tax basis used in the computation of taxable profit and is accounted for using the balance sheet liability method. The carrying amount of deferred tax assets is reviewed at each reporting date and reduced to the extent that it is no longer probable that sufficient taxable profit will be available to allow all or a part of the asset to be recovered. Deferred tax is measured at the tax rates that are expected to apply in the period in which the liability is settled or the asset realised, based on tax rates and tax laws that have been enacted or substantively enacted by the end of the reporting period.

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

34

3. Significant accounting policies (continued)

Property, plant and equipment

Buildings and land used in the supply of goods or services, or for administrative purposes, are stated in the statement of financial position at their revalued amounts, being the fair value at the date of revaluation, less any subsequent accumulated depreciation and subsequent accumulated impairment losses. Any revaluation increase arising on the revaluation of buildings is credited to the property’s revaluation reserve, except to the extent that it reverses a revaluation decrease for the same asset previously recognized as an expense, in which case the increase is credited to profit or loss to the extent of the decrease previously expensed. A decrease in carrying amount arising on the revaluation of buildings is charged as an expense to the extent that it exceeds the balance, if any, held in the property’s revaluation reserve relating to a previous revaluation of that asset. Depreciation on revalued buildings is recognized in profit or loss. When selling or retiring items of non-current assets recorded at the revalued amount, every surplus recognized in the revaluation reserve is directly transferred to retained earnings.

Fixed tangible assets under construction and land are not depreciated. Equipment is reported at a cost less accumulated depreciation and impairment losses. Depreciation is recognized so as to write off the cost or valuation of assets, other than owned land and non-current tangible assets under construction, over their useful lives, by using the straight-line method, on the following bases:

Buildings 5% p.a.
IT equipment 15-50% p.a.
Office equipment 15-25% p.a.

Estimated useful life, residual value, and depreciation method are reviewed at the end of each reporting period, with impacts of potential changes in estimated accounted for prospectively. Buildings and equipment are no longer accounted for or recognized after they have been sold or when future economic benefits associated with their use are no longer expected. The gain or loss arising on the disposal or retirement of an asset is determined as the difference between the sales proceeds and the carrying amount of the asset and is recognized in profit or loss.

Intangible assets acquired separately

Intangible assets with finite useful lives that are acquired separately are carried at cost less accumulated amortisation and accumulated impairment losses. Amortisation is recognized on a straight-line basis over their estimated useful lives which are disclosed in note 18. Estimated useful life and depreciation method are reviewed at the end of each reporting period, with impacts of potential changes in estimated accounted for prospectively. Depreciation is recognized so as to write off the cost or valuation of assets less their residual values over their useful lives, using the straight-line method, on the following bases:

Software and other rights 25% p.a.

Separately acquired intangible assets include software and other rights and intangible assets under constructions.

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

35

3. Significant accounting policies (continued)

Internally developed intangible assets

The amount initially recognized for internally generated intangible assets is the sum of expenditures incurred as of the date when the assets met the recognition criteria. If internally developed intangible assets cannot be recognized, expenditures from development are recognized in profit and loss for the period in which they incurred. After initial recognition, internally developed intangible assets are reported at cost less accumulated amortisation and accumulated impairment losses, on the same basis as intangible assets that are acquired separately. Internally generated intangible assets consist of software development and intangible assets under construction.

Intangible assets acquired in a business combination

Subsequent to initial recognition, intangible assets acquired in a business combination are reported at cost less accumulated amortisation and accumulated impairment losses, on the same basis as intangible assets that are acquired separately.

Derecognition of intangible assets

Intangible assets are derecognized on disposal or when future economic benefits associated with the use of the asset are no longer expected. The gain or loss arising on the derecognition of an intangible asset item is determined as the difference between the net sales proceeds and the carrying amount of the item and is recognized in profit or loss for the period of derecognition.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 36

3. Significant accounting policies (continued)

Impairment of buildings and equipment and intangible assets other than goodwill

At each reporting date, the Group and the Company review the carrying amounts of their property and equipment, and intangible assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated to determine the extent of any impairment loss. For assets not generating cash flows independent from other assets, the Group and the Company estimate the recoverable amount of the cash-generating unit to which the asset belongs. When a reasonable and consistent basis of allocation can be identified, corporate assets are also allocated to individual cash-generating units, or otherwise they are allocated to the smallest group of cash-generating units for which a reasonable and consistent allocation basis can be identified. Intangible assets with an indefinite useful life are subject to impairment tests on an annual basis and if there is an indication of potential impairment at the end of the reporting period. Impairment losses are recognized immediately in profit or loss, unless the relevant assets have been recognized in their revalued amount, in which case the impairment loss first affects revaluation increase. If the impairment loss exceeds the related revalued amount surplus, impairment losses are recognized in profit and loss. In the event of a later cancellation of impairment loss. the carrying amount of the asset (the cash-generating unit) increases to its revised estimated recoverable amount.

Inventories

Inventories are carried at the lower of the cost and net realisable value. Cost comprises direct materials and, where appropriate, direct labour costs and surplus incurred in bringing the inventories to their present location and condition. Cost is calculated by using the weighted average method.

Financial instruments

Financial assets and financial liabilities are initially measured at fair value, other than the trade receivable with no significant financial component initially measured at transaction cost. Transaction costs that are directly attributable to the acquisition or issue of financial assets and financial liabilities (other than financial assets and financial liabilities at fair value through profit or loss) are added to or deducted from the fair value of the financial assets or financial liabilities, as appropriate, on initial recognition. Transaction costs directly attributable to the acquisition of financial assets or financial liabilities at fair value through profit or loss are recognized immediately in profit or loss.

Financial assets

The regular purchase and sales of financial assets are recognized or derecognized at the trading date. Regular purchases or sales are purchases or sales of financial assets that require delivery of assets within the time frame established by the regulation or convention in the marketplace. All recognized financial assets are measured subsequently at amortised cost. Interest income is charged to profit or loss and is included in the item "Financial income - interest income" (note 14).

Gains and losses from exchange rate changes in foreign currencies

The carrying amount of financial assets that are denominated in a foreign currency is determined in that foreign currency and translated at the spot rate at the end of each reporting period.

Impairment of financial assets

The Group and the Company always recognize lifetime expected credit losses (ECL) for trade receivables, and contract assets. The expected credit losses on those financial assets are estimated using a provision matrix by reference to past credit loss experience, adjusted for factors that are specific to the debtors, general economic conditions, and an assessment of both the current as well as the forecast direction of conditions as at the reporting date, including, where appropriate, the time value of money.

(i) Significant increase in credit risk
When assessing whether the credit risk for the financial instrument significantly increased since the initial recognition, the Group and the Company compare the risk of default on the reporting date to the risk of default of the financial instrument on the date of initial recognition. During the assessment, the Group and the Company consider both quantitative and qualitative information which are reasonable and available, including the historical experience and forward-looking information, which can be accessed without unnecessary costs or engagements. Forward-looking information considered includes the prospects of the industries in which the Group and Company’s debtors operate, obtained from economic expert reports, financial analysts, governmental bodies, relevant think- tanks and other similar organisations, as well as consideration of various external sources of actual and forecast economic information that relate to the Group and the Company’s core operations. In particular, the following information is considered when assessing whether credit risk has increased significantly since initial recognition:
* an actual or expected significant deterioration in the financial instrument’s external (if available) or internal credit rating
* a significant deterioration in external market indicators of credit risk for a particular financial instrument, e.g. a significant increase in the credit spread, the credit default swap prices for the debtor, or the length of time or the extent to which the fair value of a financial asset has been less than its amortised cost
* existing or forecast adverse changes in business, financial or economic conditions that are expected to cause a significant decrease in the debtor’s ability to meet its debt obligations
* actual or expected significant deterioration in the operating results of the debtor
* significant increases in credit risk for other financial instruments of the same debtor; and
* existing or forecast adverse changes in business, financial or economic conditions that are expected to cause a significant decrease in the debtor’s ability to meet its debt obligations.

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 37

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

Irrespective of the outcome of the above assessment, the Group and the Company presume that the credit risk on a financial asset has increased significantly since initial recognition when contractual payments are more than 30 days past due, unless the Group and Company have a reasonable and supportable information that demonstrates otherwise. Despite this, the Group and the Company assume that the credit risk for the financial instrument has not significantly increased since the initial recognition if we determine that the financial instrument has a low credit risk at the reporting date. We believe that the financial instrument has a low credit risk if: (1) the financial instrument has a low risk of default; (2) the debtor has a strong capacity to meet its contractual cash flow obligations in the near term; and (3) adverse changes in economic and business conditions in the long term may, but do not necessarily have to, decrease the lessee’s ability to meet their contractual cash flow obligations. The Group and the Company consider a financial asset to have low credit risk when the asset has external credit rating of ‘investment grade’ in accordance with the globally understood definition or if an external rating is not available, the asset has an internal rating of ‘performing’. ‘Performing’ means that the counterparty has a strong financial position and there are no past due amounts. For financial guarantee contracts, the date on which the Group and the Company become a party to irrevocable commitment is considered the date of initial recognition for the purposes of estimating the impairment of a financial instrument. When judging if the credit risk significantly increased since initial recognition of the financial guarantee contract, the Group and the Company examine the changes in the risk of a debtor’s default. The Company regularly monitors the efficiency of criteria used to determine whether there has been a significant increase in credit risk and reviews them so that the criteria may identify a significant increase in credit risk before any default occurs.

(ii) Definition of non-performance
The Group and Company consider the following as constituting an event of default for internal credit risk management purposes as historical experience indicates that financial assets that meet either of the following criteria are generally not recoverable:
* when there is a breach of financial covenants by the debtor; or
* information developed internally or obtained from external sources indicates that the debtor is unlikely to pay its creditors, including the Group, in full (without taking into account any collateral held by the Group and Company)

Irrespective of the above analysis, the Group and Company consider that default has occurred when a financial asset is more than 90 days past due unless the Group and the Company have reasonable and supportable information to demonstrate that a more lagging default criterion is more appropriate.

(iii) Credit-impaired financial assets
Financial assets are credit-impaired when one or more events with an adverse effect on estimated future cash flows and financial assets occurred. Evidence that a financial asset is credit-impaired includes observable data about the following events:
(a) significant financial difficulties of the borrower or counterparty; or
(b) a breach of contract, such as a default or past-due event (see item II.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 38

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

(v) Measurement and recognition of expected credit losses
Measurement of expected credit losses is the function of Probability of Default (PD), Loss Given Default (LGD), i.e. size of loss in case of default, and Exposure at Default (EAD). Probability of Default and Loss Given Default is based on historical data adjusted for forward-looking information. As for the exposure at default, for financial assets, this is represented by the assets’ gross carrying amount at the reporting date; for financial guarantee contracts, the exposure includes the amount drawn down as at the reporting date, together with any additional amounts expected to be drawn down in the future by default date determined based on historical trend, the understanding of the specific future financing needs of the debtors, and other relevant forward-looking information. For financial assets, the expected credit loss is estimated as the difference between all contractual cash flows that are due to the Group and Company in accordance with the contract and all the cash flows that the Group and Company expect to receive, discounted at the original effective interest rate. For lease receivables, cash flows used to determine expected credit losses correspond to the cash flows used for measuring lease receivables in line with IFRS 16. For a financial guarantee contract, as the Group and the Company are required to make payments only in the event of a default by the debtor in accordance with the terms of the instrument that is guaranteed, the expected loss allowance is the expected payments to reimburse the holder for a credit loss that it incurs less any amounts that the Group and the Company expect to receive from the holder, the debtor or any other party. If the Group and Company have measured the loss allowance for a financial instrument at an amount equal to lifetime ECL in the previous reporting period, but determine at the current reporting date that the conditions for lifetime ECL are no longer met, the Group and Company measure the loss allowance at an amount equal to 12- month ECL at the current reporting date, except for assets for which the simplified approach was used.

Termination of recognition of financial assets
The Group and the Company derecognize a financial asset only when the contractual rights to the cash flows from the asset expire, or when it transfers the financial asset and substantially all the risks and rewards of ownership of the asset to another entity. On derecognition of a financial asset measured at amortised cost, the difference between the asset’s carrying amount and the sum of the consideration received is recognized in profit and loss.

Financial liabilities and equity
Instruments of ownership
Repurchase of the Company's own equity instruments is recognized and deducted directly in equity. No gain or loss is recognized in profit or loss on the purchase, sale, issue, or cancellation of the Company’s own equity instruments.

SPAN d.d. and its subsidiaries 39

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

Financial liabilities
All financial liabilities are measured subsequently at amortised cost using the effective interest method at the end of each reporting period.

Financial liabilities subsequently measured at amortised cost
Financial liabilities that are not (i) contingent consideration of an acquirer in a business combination, (ii) held-for- trading, or (iii) designated as at FVTPL, are measured subsequently at amortised cost using the effective interest method.

Termination of recognition of financial liabilities
Where there has been an exchange between the Group and the Company and existing creditor with substantially different terms, this transaction is accounted for as an extinguishment of the original financial liability and the recognition of a new financial liability. Similarly, the Group and the Company account for a substantial change in the terms of an existing liability or a portion thereof as an extinguishment of the original financial liability and recognition of a new financial liability. The terms are considered substantially different if the discounted current value of cash flows, in line with the new terms, including consideration paid, net of fees received and impaired by using the effective interest rate, is at least 10% different from the discounted current value of remaining cash flows of the original financial liability. If the change is not substantial, the difference between: (1) the carrying value before the change; and (2) the current value of cash flows after the change is recognized in profit and loss as a gain or loss from the change in other gains and losses.

Own shares
Own shares are held with the CDCC (Central Depositary and Clearing Company). Own shares are recognized at cost and deducted from equity.

Rewarding employees in the form of shares
The Company has an employee reward scheme in the form of granting company shares. Annual bonuses are determined at the end of the year, and based on the defined amount, a provision for expected payout is created. For the amount of the provision, the company recognizes an increase in equity alongside the expense.

SPAN d.d. and its subsidiaries 40

4. Critical accounting judgments and key sources of estimation uncertainty

In applying the Group and the Company’s accounting policies, which are described in Note 3, the Management Board is required to make judgements (other than those involving estimations) that have a significant impact on the amounts recognized and to make estimates and assumptions about the carrying amounts of assets and liabilities that are not readily apparent from other sources. The estimates and associated assumptions are based on historical experience and other factors that are relevant. Actual results may differ from these estimates. The estimates and underlying assumptions are reviewed on an ongoing basis. Revisions to accounting estimates are recognized in the period in which the estimate is revised if the revision affects only that period, or in the period of the revision and future periods if the revision affects both current and future periods.

Assessing whether the Group and the Company are principal or agent in the sale of licenses

IFRS provides guidance for determining whether an entity is the principal or an agent. The Group and the Company act as a principal in a transaction if they obtain control of the specified goods or services before they are transferred to the customer. On the contrary, the Group and Company are an agent if they do not control the specified goods or services before they are transferred to the customer. Determining that the Group and the Company are a principal is based on the assessment of whether the Group and Company obtain control of the goods and services based on the facts and circumstances stipulated in the contracts with customers. In this assessment, the Group and the Company have used the judgement based on the main indicators of their business model, business practice, processes, rights and responsibilities that Group and the Company have and can be summarized as follows:
* Identifying a selling opportunity with a customer;
* direct contacts with customers to determine their need and demands as well consultation for determining adequate license program;
* sharing opportunity details with license providers;
* revealing customers identity is the standard rule with vendors in the industry,
* industry standard is that licenses cannot be sold to customers without sharing data with the license vendors;
* discretion with respect to accept or reject orders from customers;
* responsibility related to the sales strategy;
* responsibility for ensuring that delivered goods and services are in accordance with the customer demands/infrastructure;
* responsibility for ensuring the validity of goods and services;
* directing license vendors over which licensing program and product to place and to which customer to place it to;
* full discretion over establishing a final price for goods and services;
* before license activation, full discretion to change the scope, program, withdraw from the deal as well as to change the supplier and choose another supplier on the market (“non-exclusive rights”);
* existing commercial agreement with customer by which the Group and the Company are primarily responsible for fulfilling the promise to provide goods and services;
* customer cannot prove their right to use goods and services without formal order confirmation to the Group and the# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

41

4. Critical accounting judgments and key sources of estimation uncertainty (continued)

Impairment of trade receivables

Trade receivables are reviewed at each reporting date and their value is impaired based on the assessment of probability that the reported amount will be recovered. Each customer is considered individually based on the expected date of collection of the receivable and the estimated probability to collect amounts due. The management believes that the trade receivables have been recognized in line with their recoverable amount as at the reporting date.

Goodwill Impairment

A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. If the recoverable amount of the cash-generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro-rata based on the carrying amount of each asset in the unit. Any gain or loss on remeasurement at fair value is included directly in profit or loss. Such impairment loss for goodwill will not be reversed in subsequent periods.

The Group and the Company use the smallest cash-generating unit for their goodwill impairment tests. The Group and the Company defined every individual subsidiary as the smallest cash-generating unit, having in mind the diversity of sources of income and business models of individual subsidiaries. For goodwill impairment tests, they used the income method based on discounted cash flows. The discounted cash flow method comprised the assessment of future cash flows for a 5-year period, discounting the relevant cash flows, applying a discount rate reflecting the cash flow risk and time value of money, assessing the residual value and terminal value. The Group and the Company test goodwill annually for impairment, or more frequently if there are indications that goodwill might be impaired.

Sensitivity analysis

The Group and the Company have conducted a sensitivity analysis for changes in key assumptions used for determining the recoverable amount of each group of cash-generating units to which goodwill has been allocated. The recoverable amount of this cash-generating unit is determined based on a value in use calculation which uses cash flow projections based on financial budgets approved by the Management Board covering a five-year period. The impairment test established that there were no indications of goodwill impairment. The sensitivity analysis considered the change in terminal growth of the Group and Company ranging from -0,5% to 1,5%, and the WACC range from11% to 13%. Sensitivity analysis within the impairment test did not determine an impairment.

Revaluation of property, useful life of plant and equipment

The Group and the Company recognize property at fair value based on periodic assessments conducted by an independent appraiser, net of depreciation. The Group and the Company regularly monitors the fair value of property and engages an independent appraiser in the event of substantial departures. Regardless of the movements in the fair value of property, the Company conducts an assessment every 3-5 years. The Group and the Company review the estimated useful life of plant and equipment, and intangible assets at the end of each annual reporting period.

42

4. Critical accounting judgments and key sources of estimation uncertainty (continued)

Leases – Estimate the incremental borrowing rate

The Group and the Company are not able to easily determine the lease interest rate, thus they use an incremental borrowing rate for calculating lease liabilities. Incremental borrowing rate is the rate the Group and the Company would pay if they, in a similar period and with similar collateral, borrowed funds necessary for purchasing property of similar value as right-of-use assets in a similar economic surrounding. Calculating the incremental borrowing rate requires assessing when such rates are not available or need to be adjusted to reflect the lease terms. The Group and the Company use different inputs to calculate the incremental borrowing rate. The interest rate calculated by the Group and Company for contracts represents the lessee’s credit risk, lease period, safety, and economic surrounding. It is determined based on comparable transactions. The data the Company uses for determining the incremental borrowing rate are renewed at least once a year or in case of a significant change in the Group and the Company’s credit rating.

Corporate income tax

The Company is liable for income tax under the laws and regulations of the Republic of Croatia. Tax returns are subject to examination by the tax authorities, which have the right to subsequently review business books of the taxpayer. There are different possible interpretations of tax laws and therefore, the amounts in the consolidated financial statements may be amended subsequently, based on the decision of tax authorities.

The Company receives investment support in line with the Investment Promotion Act. Support is predominantly used as a tax concession for decreasing the 2015 corporate income tax liability. Based on its current right to a tax concession, the Company recognizes deferred tax assets. Since the investment period has not yet ended and the final amount of support granted remains unknown, the Company determined the amount of potential tax concessions that it plans to use in future periods and, accordingly, the amount of deferred tax assets. During this assessment, the Company used the precautionary principle, and the estimated amount of the support was lower than the maximum amount of the support the Company shall realise once the investment period ends in December 2024.

Impact of the war in Ukraine

The war in Ukraine has an impact on the Company's and Group's business in 2024, but Span LLC Ukraine continues to operate smoothly.

Climate change impact

Climate change did not affect the operations of the Company and the Group in 2024 or its financial performance. The Company and the Group see the contribution to the fight against climate change in the development of energy- efficient products and services, as well as in reducing greenhouse gas emissions through the procurement of green energy, along with changing their own habits.

43

5. Revenue from contracts with customers

Group Company
2024. 2023. 2024. 2023.
'000 EUR '000 EUR
Sales of software licenses 123,479 90,750 61,789 57,646
Sales of goods and services – foreign 39,492 32,284 36,936 29,820
Sales of goods and services – domestic 11,539 11,405 6,521 5,462
Sales of hardware 5,673 8,397 4,787 6,622
Total 180,183 142,836 110,033 99,550
Group Company
2024. 2023. 2024. 2023.
'000 EUR '000 EUR
External revenue by timing of
revenue
Goods transferred at a point in time 129,152 99,147 66,576 64,268
Services transmitted at a point in time 31,377 25,315 27,427 22,530
Services transferred over time 19,654 18,374 16,030 12,756
Total 180,183 142,836 110,033 99,550

6. Other operating income

Group Company
2024. 2023. 2024. 2023.
'000 EUR '000 EUR
Government grants 44 53 44 53
Other operating income 1,796 1,443 490 830
Total 1,840 1,496 534 883

Other operating income consists primarily of income from Microsoft incentives for marketing activities and market development and changes in the provision for credit losses on trade receivables (Note 24).

44

6.1. Operating segments

Products and services resulting in revenue for reportable segments The reporting segments of the Group and the Company in accordance with IFRS 8 identified as separate entities include Software asset management and licensing, Infrastructure services, Cloud and Cyber Security, Service management and technical support, and Software development and business solutions. The Security Operations Center has become an integral part of the Cyber Security segment, and we have adjusted the segment report in 2023 to be comparable with the current period.## 6.1. Operating segments (continued)

By unifying the Software Development and AI Solutions offering, we will start tracking some projects within the Software Development and Business Solutions segment from 2024, so we have adjusted the segment report in 2023. Reclassification differences are not material. Segment costs include only direct costs, i.e., there is no allocation of fixed costs to segments.

Products and services resulting in revenue for reportable segments

Software Asset Management and Licensing Infrastructure services, Cloud and Cyber Security Service management and technical support Software and business solutions development Other Eliminations Consolidated
2024. ‘000 EUR ‘000 EUR ‘000 EUR '000 EUR '000 EUR ‘000 EUR ‘000 EUR
Revenues External sales 148,049 17,443 19,641 17,816 1,981 (22,907) 182,023
Total revenues 148,049 17,443 19,641 17,816 1,981 (22,907) 182,023
Result Segment profit 5,348 3,766 10,326 3,874 (17,815) (53) 5,446
Financial income - - - - 2,695 (1,671) 1,024
Other gains and losses - - - - (1) - (1)
Financial expenses 588 - - - 1,101 (13) 1,676
Profit before tax 4,761 3,766 10,326 3,874 (16,225) (1,710) 4,792
Corporate income tax - - - - 1,394 - 1,394
Profit for the year 4,761 3,766 10,326 3,874 (17,618) (1,710) 3,398
Software Asset Management and Licensing Infrastructure services, Cloud and Cyber Security Service management and technical support Software and business solutions development Other Eliminations Consolidated
2023. ‘000 EUR ‘000 EUR ‘000 EUR '000 EUR '000 EUR ‘000 EUR ‘000 EUR
Revenues External sales 115,512 14,442 18,643 15,920 1,552 (21,567) 144,332
Total revenues 115,512 14,442 18,643 15,920 1,552 (21,567) 144,332
Result Segment profit 3,697 2,725 9,553 1,326 (14,957) (255) 2,089
Financial income - - - - 656 (161) 495
Other gains and losses - - - - (4) - (4)
Financial expenses - - - - 844 (10) 834
Profit before tax 3,697 2,725 9,553 1,326 (15,149) (406) 1,746
Corporate income tax - - - - 499 - 499
Profit for the year 3,697 2, 725 9,553 1,326 (15,648) (406) 1,247

Products and services from which reporting segments generate revenue

Software Asset Management and Licensing Infrastructure services, Cloud and Cyber Security Service management and technical support Other Consolidated
2024. ‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR
Revenues External sales 66,576 14,058 18,730 10,669 534
Total revenues 66,576 14,058 18,730 10,669 534
Result Segment profit 2,396 2,661 9,971 2,830 (16,289)
Financial income - - - 2,148 2,148
Financial expenses - - - 601 601
Profit before tax 2,396 2,661 9,971 2,830 (14,742)
Corporate income tax - - - 360 360
Profit for the year 2,396 2,661 9,971 2,830 (15,102)
Software Asset Management and Licensing Infrastructure services, Cloud and Cyber Security Service management and technical support Other Consolidated
2023. ‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR
Revenues External sales 64,268 12,507 16,828 5,947 883
Total revenues 64,268 12,507 16,828 5,947 883
Result Segment profit 2,925 2,435 8,670 (2) (12,993)
Financial income - - - 449 449
Financial expenses - - - 820 820
Profit before tax 2,925 2,435 8,670 (2) (13,363)
Corporate income tax - - - 204 204
Profit for the year 2,925 2,435 8,670 (2) (13,567)

Products and services from which reporting segments generate revenue

Group
31/12/2024		 Group
31/12/2023		 Company
31/12/2024		 Company
31/12/2023
‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR
Software Asset Management and Licensing 487 585 38 32
Infrastructure services. Cloud and Cyber Security 807 1,029 489 660
Service management and technical support 385 378 354 359
Software and business solutions development 800 1,219 701 116
Other 23,742 22,441 29,375 28,848
Total segment assets 26,221 25,652 30,957 30,015
Total consolidated assets 26,221 25,652 30,957 30,015

Amortization and depreciation

Group
31/12/2024		 Group
31/12/2023		 Company
31/12/2024		 Company
31/12/2023
‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR
Software Asset Management and Licensing 144 109 35 28
Infrastructure services. Cloud and Cyber Security 330 373 249 229
Service management and technical support 295 396 281 395
Software and business solutions development 270 349 164 168
Other 2,709 2,332 2,053 1,483
3,748 3,559 2,782 2,30

Additions to fixed assets

Group
31/12/2024		 Group
31/12/2023		 Company
31/12/2024		 Company
31/12/2023
‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR
Software Asset Management 200 222 64 44
and Licensing
Infrastructure services. Cloud 509 583 464 363
and Cyber Security
Service management and technical support 535 940 524 624
Software and business solutions development 369 763 915 265
Other 3,599 4,205 6,386 2,383
5,213 6,713 8,354 3,679

The accounting policies of the reportable segments are the same as the Group and Company’s accounting policies described in note 3. Segment profit represents the profit earned by each segment before central administration costs including directors’ salaries, other general costs, financial expenses and income, and taxes.

Territorial analysis of operations

Territory, in this context, means the location in which the goods and services have been invoiced. Details on the revenues of the Group and the Company from external customers and information on segment assets (non-current assets without financial instruments, deferred tax assets and other financial assets) for each territory are provided below:

Group
Revenue from external customers
31/12/2024		 Group
Revenue from external customers
31/12/2023		 Group
Fixed Assets
31/12/2024		 Group
Fixed Assets
31/12/2023
‘000 EUR ‘000 EUR ‘000 EUR ‘000 EUR
Croatia 94,861 88,740 25,409 24,696
Slovenia 27,804 23,048 396 428
Estonia 26,929 8,216 266 286
Ukraine 23,946 18,714 77 143
Other 8,483 5,614 73 98
182,023 144,332 26,221 25,651

Information about key customers

Revenues from the sale of services include revenues of EUR 11,530 thousand (2023: EUR 9,261 thousand) which arose from sales to the Group and Company’s largest customer. No single customer exceeds more than 10% of the Group's total revenue.

7. Costs of licenses and hardware sold

Group
2024.		 Group
2023.		 Company
2024.		 Company
2023.
'000 EUR '000 EUR '000 EUR '000 EUR
Costs of licenses and hardware sold 119,696 90,695 63,217 60,512
Total 119,696 90,695 63,217 60,512

8. Raw material and supplies

Group
2024.		 Group
2023.		 Company
2024.		 Company
2023.
'000 EUR '000 EUR '000 EUR '000 EUR
Energy 391 411 343 356
Office supplies 102 96 81 80
Cost of small inventory and spare parts 94 97 76 70
Other costs 4 3 - -
Total 591 607 500 506

9. Services costs

Group
2024.		 Group
2023.		 Company
2024.		 Company
2023.
'000 EUR '000 EUR '000 EUR '000 EUR
Costs related to providing of services 4,699 4,000 4,893 5,106
Intellectual services 1,771 2,031 1,019 1,248
Costs of licenses and rights of use 1,494 1,312 1,445 1,239
Maintenance 656 560 602 513
Promotion costs 548 468 446 341
Leases 519 833 424 679
Utility services 512 454 457 386
Representation costs 449 688 343 583
Telecommunications costs 235 215 162 133
Transport costs 161 156 154 120
Costs of other services 163 320 97 58
Total 11,207 11,037 10,042 10,406

Service costs contain the cost of fees charged by the independent auditor for the statutory audit of the annual financial statements or annual consolidated financial statements, which for the Group amounts to 115 thousand euros (2023: 73 thousand euros), and for the Company 72 thousand euros (2023: 47 thousand euros).

10. Staff costs

Group
2024.		 Group
2023.		 Company
2024.		 Company
2023.
'000 EUR '000 EUR '000 EUR '000 EUR
Net salaries 22,582 20,449 16,939 14,242
Contribution and taxes from salaries 9,377 8,605 8,162 6,862
Contributions and payroll taxes 3,196 2,758 2,781 2,251
Contribution and taxes on salaries 1,296 385 1,088 121
Total 36,451 32,197 28,970 23,476

The average number of employees in 2024 in the Group was 852 and in the Company 752 (2023: Group 834, Company 626).

11. Depreciation and amortisation cost

Group
2024.		 Group
2023.		 Company
2024.		 Company
2023.
'000 EUR '000 EUR '000 EUR '000 EUR
Depreciation of Property, plant and equipment 999 1,049 881 804
Amortisation of intangible assets 1,410 1,210 773 523
Amortisation of right-of-use assets 1,338 1,300 1,128 976
Total 3,748 3,559 2,782 2,303

12. Other expenses

Group
2024.		 Group
2023.		 Company
2024.		 Company
2023.
'000 EUR '000 EUR '000 EUR '000 EUR
Membership and similar fees 133 107 117 85
Booking costs. net - 30 - -
Insurance costs 426 370 319 298
Bank and payment operation charges 135 104 74 63
Professional training costs 334 378 270 309
Donation and sponsorship costs 175 181 134 120
Other personnel expenses 1,229 1,037 1,131 932
Additional cost of acquiring GT Tarkvara 424 - 424 -
Taxes that do not depend on the operating result 435 269 - -
Other expenses 1,296 660 990 365
Total 4,587 3,136 3,459 2,172

Other personnel expenses refer to transportation and hot meal compensation for employees. Other expenses are mostly made up of business travel costs.

13. Financial expenses

Group
2024.		 Group
2023.		 Company
2024.		 Company
2023.
'000 EUR '000 EUR '000 EUR '000 EUR
For the year ended 31 December 2024 SPAN d.d. and its subsidiaries

14. Financial income

'000 EUR '000 EUR '000 EUR '000 EUR
Group Group Company Company
2024 2023 2024 2023
Interest income:
Financial instruments measured at amortised cost
Bank deposits 362 101 113 32
Foreign exchange gains 656 394 386 293
Other financial income 6 - - 124
Dividend income - - 1,650 -
Total 1,024 495 2,149 449

Dividend income refers to dividends received from GT Tarkvara, Estonia and Span d.o.o., Slovenia.

15. Corporate income tax

The standard corporate income tax rate applicable to reported profits is 18% (2023: 18%) for companies operating in the Republic of Croatia. Taxation in other jurisdictions is calculated in line with the rates effective in the relevant jurisdictions.

Corporate income tax Group 2024 Group 2023 Company 2024 Company 2023
'000 EUR '000 EUR '000 EUR '000 EUR
Current tax (900) (303) (145) (34)
Deferred tax (495) (196) (215) (170)
Total (1,394) (499) (360) (204)
2024 2023 2024 2023
'000 EUR '000 EUR '000 EUR '000 EUR
Accounting profit before tax 4,792 1,746 3,116 665
Income tax 1,173 258 561 120
Effect of non-deductible expenses 240 192 213 157
Effect of tax-exempt revenue (707) (290) (583) (243)
Effect of movement of deferred tax liabilities 495 196 215 170
Effect of different tax rates of subsidiaries operating in other jurisdictions and unrecognized deferred tax assets on transferred tax losses 194 142 (46) -
Tax expense 1,394 499 360 204
Effective tax rate 29% 29% 12% 31%
Average weighted nominal tax rate 19% 19% 18% 18%

Overview of the movement of Tax losses carried forward:

2024 2023 2024 2023
'000 EUR '000 EUR '000 EUR '000 EUR
2020 tax loss 9 150 - -
2021 tax loss 28 28 - -
2022 tax loss 61 117 - -
2023 tax loss 219 219 - -
2024 tax loss 14 - - -
Total 331 514 - -

In accordance with the tax legislation, the Tax Administration may, at any time, inspect the books and records of the Company within three years from the end of the year in which the tax liability is reported and may impose additional tax liabilities and penalties.
The Company acquired the status of a beneficiary of incentive measures in accordance with the regulation on investment incentives in 2015 and 2022. By merging with the company Bonsai, the Company took over and continued to use the incentive measure that was approved for the company Bonsai in 2022. The Company uses the incentives for exemption from paying corporate income tax.

16. Earnings per share

31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Earnings
Net profit attributable to the owners of the parent company's capital 3,398 1,144 2,756 461
The average weighted number of ordinary shares for the purposes of calculating basic and diluted earnings per share 1,950,258 1,943,079 1,950,258 1,943,079
Earnings from continuing operations for the purpose of calculating diluted earnings per share 1.74 0.59 1.41 0.24

The basic earnings per share are calculated in such a way that the profit/loss attributed to the owners of the parent company's capital is divided by the weighted average number of ordinary shares issued during the year, which does not include the average number of ordinary shares purchased by the Group and the Company that they hold as their own shares.

17. Goodwill

Goodwill in the Group's balance sheet arose upon the acquisition of subsidiaries InfoCumulus d.o.o., Delion d.o.o., Recro-net d.o.o., Ekobit d.o.o. and GT Tarkvara, while in the Company's balance sheet it arose upon the merger of subsidiaries InfoCumulus d.o.o., Recro-net d.o.o. and Ekobit d.o.o.
The Company and the Group annually conduct goodwill impairment testing. The method used to test the value is explained in more detail in note 3 under Accounting Policies. In 2024, it was found that the carrying amount of goodwill did not exceed its fair value and, thus, goodwill was not impaired.

Goodwill Group 31/12/2024 Group 31/12/2023 Company 31/12/2024 Company 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Goodwill Recro.net 1,431 1,431 1,431 1,431
Goodwill InfoCumulus 890 890 890 890
Goodwill Delion 263 263 - -
Goodwill Ekobit 1,582 1,582 1,582 -
Goodwill GT Tarkvara 4,739 4,739 - -
Total 8,905 8,905 3,902 2,321

Acquisition Cost

Group Company
As of 1 January 2023 4,166 2,321
Increase 4,739 -
As of 31 December 2023 8,905 2,321
Increase - 1,582
As of 31 December 2024 8,905 3,902

Accumulated impairment losses

Group Company
As of 31 December 2023 - -
As of 31 December 2024 - -

Carrying value

Group Company
As of 31 December 2023 8,905 2,321
As of 31 December 2024 8,905 3,902

18. Other intangible assets

Software '000 EUR Software development '000 EUR Intangible rights '000 EUR Other intangible assets '000 EUR Total '000 EUR
Acquisition Cost
As of 1 January 2023 4,271 1,362 36 1,620 7,289
Additions from internal development 4 409 718 - 1,131
Additions - - 470 2 471
Business combination Estonia - - - 2,803 2,803
Disposals (702) - - - (702)
Transfer 401 128 (529) - -
As of 31 December 2023 3,973 1,899 694 4,425 10,992
As of 1 January 2024 3,973 1,899 694 4,425 10,992
Additions from internal development 25 11 268 - 304
Additions - - 44 - 44
Disposals - (1) - - (1)
Transfer 519 355 (886) - (12)
As of 31 December 2024 4,517 2,264 120 4,425 11,327
Amortisation
As of 1 January 2023 2,317 938 - 81 3,336
Exchange rate differences (1) - - - (1)
Amortisation during the year 586 181 - 444 1,210
Disposals (702) - - - (702)
As of 31 December 2023 2,200 1,118 - 525 3,844
Exchange rate differences 1 - - 1 2
Amortisation during the year 562 291 - 557 1,410
Disposals - (1) - - (1)
As of 31 December 2024 2,763 1,409 - 1,083 5,255
Carrying value
As at 31 December 2024 1,754 855 120 3,342 6,072
As at 31 December 2023 1,773 781 694 3,900 7,149
As at 1 January 2023 1,954 424 36 1,539 3,953

Investment in intangible assets under construction refers to internally generated intangible assets resulting from the continuation of software development available for resale/use.
Other intangible assets mostly relate to assets from the allocation of the purchase price for the acquisition of Ekobit d.o.o.

18. Other intangible assets (continued)

Software '000 EUR Software development '000 EUR Intangible assets under construction '000 EUR Other intangible rights '000 EUR Total '000 EUR
Acquisition Cost
As of 1 January 2023 2,534 846 - - 3,380
Additions from internal development - 406 1,005 - 1,412
Increase - - 470 - 470
Write-off (702) - - - (702)
Transfer 457 128 (585) - -
As of 31 December 2023 2,289 1,380 -890 - 4,559
Additions from internal development - 3 385 - 388
Increase - - 44 - 44
Bonsai Merger 25 36 86 - 147
Ekobit Merger 1,327 43 (407) 1,620 2,583
Transfer 523 355 (879) - -
As of 31 December 2024 4,164 1,818 120 1,620 7,722
Amortisation
As of 1 January 2023 1,432 513 - - 1,946
Amortisation during the year 366 156 - - 523
Write-off (702) - - - (702)
As of 31 December 2023 1,096 670 - - 1,766
Amortisation during the year 445 275 - 54 773
Bonsai Merger 27 36 - - 63
Ekobit Merger 854 43 243 - 1,140
As of 31 December 2024 2,422 1,024 - 297 3,743
Carrying value
As at 31 December 2024 1,742 794 120 1,323 3,979
As at 31 December 2023 1,192 711 890 - 2,793
As at 1 January 2023 1,102 333 - - 1,434

19. Property, plant and equipment

Group 31/12/2024 Group 31/12/2023 Company 31/12/2024 Company 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Carrying value
Buildings 3,150 2,365 3,150 2,365
Land 2,360 1,732 2,360 1,732
Computer equipment 1,030 736 1,015 672
Other equipment 478 770 298 492
Assets under construction 3 4 - 1
Total 7,021 5,607 6,822 5,261

19. Property, plant and equipment (continued)

Buildings '000 EUR Land '000 EUR Computer equipment '000 EUR Other equipment '000 EUR Assets under construction '000 EUR Total '000 EUR
Cost or valuation
As of 1 January 2023 4,093 1,732 3,110 1,745 - 10,680
Increase - - 345 411 4 760
Exchange rate differences - - (23) - - (23)
Disposals (132) (116) (248) - - (500)
Business combination Estonia - - 30 173 - 203
As of 31 December 2023 4,093 1,732 3,353 2,190 4 11,372
Reclassification - - 328 (328) - -
As of 1 January 2024 4,093 1,732 3,680 1,862 4 11,372
Increase - - 730 10 23 762
Exchange rate differences - - - 18 - 18
Disposals - - (195) (91) (25) (311)
Transfer 3 (3) - - - -
Revaluation increase 1048 628 - - - 1,675
As of 31 December 2024 5,141 2,360 4,218 1,796 3 13,517
Accumulated depreciation and impairment
As of 1 January 2023 1,465 - 2,295 1,102 - 4,862
Depreciation during the year 263 - 431 354 - 1,049
Exchange rate differences - - - (23) - (23)
Disposal - - (131) (105) - (236)
Business combination Estonia - - 21 92 - 113
As of 31 December 2023 1,728 - 2,617 1,420 - 5,765
Reclassification - - 186 (186) - -
As of 1 January 2024 1,728 - 2,803 1,234 - 5,765
Depreciation during the year 263 - 579 157 - 999
Exchange rate differences - - - 16 - 16
Disposal - - (195) (90) - (284)
As of 31 December 2024 1,991 - 3,188 1,317 - 6,496
Carrying value
As at 31 December 2024 3,150 2.360 1.030 478 3 7,021
As at 31 December 2023

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

56

19. Property, plant and equipment (continued)

Buildings '000 EUR Land '000 EUR Computer equipment '000 EUR Other equipment '000 EUR Assets under construction '000 EUR Total '000 EUR
Cost or valuation
As of 1 January 2023 4,093 1,732 2,670 1,108 - 9,604
Increase - - 305 240 1 545
Disposals - - (53) (95) - (148)
As of 31 December 2023 4,093 1,732 2,922 1,253 1- 10,000
Reclassification - - 327 (327) - -
As of 1 January 2024 4,093 1,732 3,249 925 1 10,000
Increase - - 717 (13) - 704
Disposals - - (190) (11) (1) (201)
Bonsai Merger - - 125 59 - 184
Ekobit Merger - - 216 26 - 242
Revaluation increase 1,048 628 - - - 1,675
As of 31 December 2024 5,141 2,360 4,118 986 - 12,604
Accumulated depreciation and impairment
As of 1 January 2023 1,465 - 1,943 673 - 4,081
Depreciation during the year 263 - 359 181 - 804
Disposal - - (53) (93) - (146)
As at 31 December 2023 1,728 - 2,249 761 - 4,739
Reclassification - - 186 (186) - -
As of 1 January 2024 1,728 - 2,436 575 - 4,739
Depreciation during the year 263 - 543 75 - 881
Disposal - - (183) (10) - (193)
Bonsai Merger - - 93 28 - 121
Ekobit Merger - - 214 20 - 234
As of 31 December 2024 1,991 - 3,102 688 - 5,782
Carrying value
As at 31 December 2024 3,150 2,360 1,015 298 - 6,822
As at 31 December 2023 2,365 1,732 672 492 1 5,261
As at 1 January 2023 2,628 1,732 727 435 - 5,522
Including: At a cost - - 1,015 298 - 1,313
According to the 2024 valuation 3,150 2,360 - - - 5,509

Investments in tangible assets of Span Group are largely related to expenses for the acquisition and replacement of worn-out computer and other equipment necessary for the work of employees.

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

57

19. Property, plant and equipment (continued)

Measuring the fair value of buildings owned by the Group and the Company

The Group and the Company’s buildings are stated at their revalued amounts, being the fair value at the date of revaluation, less any subsequent accumulated depreciation and subsequent accumulated impairment losses. The fair value measurements have been classified as level 3, in accordance with inputs used in the valuation. The assessment of the value of buildings and land was made in February 2025. While assessing the value of buildings and freehold land, the independent appraiser disclosed in their report to have used the comparison approach method, having determined for it to be the most adequate method considering the location, land registry, and cadastral status of the property owned by the Company. Inter alia, the comparison approach method considers and assesses the quality of the building and its position at a similar location for a comparable building type. The valuation of buildings and land was not made in 2024 and 2023, and accordingly there was no revaluation.

Details of the Group and Company’s buildings and information about the fair value hierarchy as at the end of the reporting period are as follows:

Level 2 '000 EUR Level 3 '000 EUR Fair value as at 31/12/2024 '000 EUR
Land - 2,360 2,360
Buildings - 3,150 3,150
Level 2 '000 EUR Level 3 '000 EUR Fair value as at 31/12/2023 '000 EUR
Land - 1,732 1,732
Buildings - 2,365 2,365

Assets pledged as a security

A portion of the loans received have been secured by the Company’s pledged assets (registered office building) of net carrying value of 3,150 thousand euros (2023: 2,365 thousand euros).

In the event that the lands and buildings of the Group and the Company, are valued at historical cost, their book amounts would be as follows:

31/12/2024 '000 EUR 31/12/2023 '000 EUR
Land 765 765
Buildings 927 1,044
1,692 1,809

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

58

19.1. Transactions with related parties

Related parties are companies in which the Company has ownership of business shares, i.e. companies that are part of the Group, and associated ownership and associated companies. All related party transactions are based on normal business and market conditions.

The balances sheets of receivables and liabilities between the Company and its related parties at the date of the statement of financial position are as follows:

Loans and receivables 31/12/2024 '000 EUR Loans and receivables 31/12/2023 '000 EUR Liabilities 31/12/2024 '000 EUR Liabilities 31/12/2023 '000 EUR
Span d.o.o., Slovenia 602 285 194 56
Trilix d.o.o., Croatia 1 4 10 4
Span USA Inc., SAD - 97 (43) -
Span LLC, Ukraine 14 2 5 17
Span Swiss AG, in liquidation, Switzerland 59 38 - -
Span Azerbaijan LLC, Azerbajdžan - 14 6 12
Bonsai d.o.o., Croatia - 5 - 73
Span IT Ltd., UK - - 4 1
Ekobit d.o.o., Croatia - - - 57
Institution Span Cybersecurity Center, Zagreb 9 13 - 1
Span LLC, Georgia 88 1 - -
Total 774 460 176 221

Transactions reported in the statement of comprehensive income for 2024 and 2023 were as follows:

Revenue 31/12/2024 '000 EUR Revenue 31/12/2023 '000 EUR Expenses 31/12/2024 '000 EUR Expenses 31/12/2023 '000 EUR
Span d.o.o. Slovenia 19,302 16,456 918 717
Span USA Inc. SAD 342 812 263 -
Trilix d.o.o. Croatia 20 16 57 34
Bonsai d.o.o. Croatia 22 55 899 1,957
Span LLC, Ukraine 1 2 71 50
Span Azerbaijan LLC, Azerbajdžan 29 43 83 50
Span IT Ltd., UK - - 21 17
Ekobit d.o.o., Croatia 20 - 307 820
Institution Span Cybersecurity Center, Zagreb 52 23 68 6
Fintech digital services d.o.o. Croatia 1 1 - -
Span LLC, Georgia - 1 - -
GT Tarkvara OU, Estonia - - 10 -
Total 19,790 17,409 2,697 3,647

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

59

19.2. Remuneration of key management personnel

Remuneration of directors, i.e. key management of the Group and the Company is provided below. Key management personnel include 4 members (2023: 5).

Group 31/12/2024 '000 EUR Group 31/12/2023 '000 EUR Company 31/12/2024 '000 EUR Company 31/12/2023 '000 EUR
Short-term employee benefits 1,183 2,390 1,183 2,390

20. Right-of-use assets

In its first application of IFRS 16, the Group and Company used the following practical exemptions as allowed by the standard: exemptions from recognizing lease contracts that as at their commencement date have a lease period of 12 months or short-term leases of low value assets. The Group and the Company have business premises and company vehicles in operating lease. Lease contracts are usually concluded for a period from 3 to 5 years.

Group 31/12/2024 '000 EUR Group 31/12/2023 '000 EUR Company 31/12/2024 '000 EUR Company 31/12/2023 '000 EUR
Right-of-use assets - Vehicles 869 704 861 658
Right-of-use assets - Business premises 1,854 1,089 1,686 651
2,722 1,792 2,547 1,309

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

60

20. Right-of-use assets (continued)

Group

Right-of-use assets - Business premises '000 EUR Right-of-use assets - Vehicles '000 EUR Total '000 EUR
Acquisition Cost
As of 1 January 2023 2,791 1,598 4,390
Increase 541 420 961
Decrease (310) (641) (950)
As of 31 December 2023 3,023 1,378 4,401
As of 1 January 2024 3,023 1,378 4,401
Increase 1,947 464 2,411
Decrease (138) (302) (440)
Exchange rate differences (2) - (2)
As of 31 December 2024 4,830 1,540 6,370
Accumulated Depreciation
As of 1 January 2023 1,233 947 2,181
Depreciation for the year 999 301 1,300
Decrease (298) (574) (872)
As of 31 December 2023 1,934 674 2,609
As of 1 January 2024 1,934 674 2,609
Depreciation for the year 1,042 296 1,338
Decrease - (299) (299)
Exchange rate differences (1) - (1)
As of 31 December 2024 2,976 671 3,647
Carrying amount
As of 31 December 2024 1,854 869 2,722
As of 31 December 2023 1,089 704 1,792

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

61

20. Right-of-use assets (continued)

Company

Right-of-use assets - Business premises '000 EUR Right-of-use assets - Vehicle '000 EUR Total '000 EUR
Acquisition Cost
As of 1 January 2023 1,898 1,336 3,234
Increase 400 410 810
Decrease (240) (465) (705)
As of 31 December 2023 2,058 1,281 3,339
As of 1 January 2024 2,058 1,281 3,339
Increase 1,759 464 2,223
Decrease - (280) (280)
Bonsai Merger 109 54 163
Ekobit Merger 26 - 26
As of 31 December 2024 3,952 1,519 5,471
Accumulated Depreciation
As of 1 January 2023 932 792 1,725
Depreciation during the year 715 262 976
Decrease (240) (431) (671)
As of 31 December 2023 1,407 623 2,030
As of 1 January 2024 1,407 623 2,030
Depreciation during the year 844 284 1,128
Decrease - (278) (278)
Bonsai Merger 4 30 33
Ekobit Merger 11 - 11
As of 31 December 2024 2,266 658 2,924
Carrying value
As of 31 December 2024 1,686 861 2,547
As of 31 December 2023 651 658 1,309

Group

Amounts recognized in profit or loss 31/12/2024 '000 EUR 31/12/2023 '000 EUR 31/12/2024 '000 EUR 31/12/2023 '000 EUR
Depreciation costs for right-of-use assets 1,338 1,300 1,128 976
Business premises 1,042 999 844 715
Vehicles 296 301 284 262
Interest expense on lease liabilities 106 91 95 69
Business premises 62 51 51 33
Vehicle 44 40 44 36
Expenses related to short-term leases 519 833 424 67

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

62

20. Right-of-use assets (continued)

Group

Within five years '000 EUR Total '000 EUR
Options to extend expected to be exercised 3,464 3,464

Company

Within five years '000 EUR Total '000 EUR
Options to extend expected to be exercised 2,831 2,831

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

63

21.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

21.1. Investments in subsidiaries

Subsidiaries are all companies over which the Company has control over financial and business policies, which includes more than half of the voting rights.

During 2024, the companies Bonsai d.o.o. and Ekobit d.o.o. were merged with the Company, and an agreement was concluded on the sale of 30% of the business shares of the affiliated company Trilix d.o.o. By concluding this agreement, Span became the owner of 90% of the business shares of Trilix, while the remaining 10% of the business shares constitute Trilix's own share. In addition, companies in Moldova and Georgia were recapitalized. The company Span B.V., Netherlands and the Span Cybersecurity Center Institution, Zagreb were established. The company Span Cybersecurity Center d.o.o. changed its name to Cybersecurity Incubator d.o.o. The company Span B.V. in Amsterdam, Netherlands was established in December 2024, and the share capital was paid in January 2025.

31/12/2024 31/12/2023 Ownership '000 EUR '000 EUR and voting rights
Ekobit d.o.o., Zagreb 100% - 4,955 -
Span d.o.o., Slovenia 100% 395 395
Span CKS d.o.o., Zagreb 100% 350 350
Span LLC, Ukraine 100% 310 310
Trilix d.o.o., Zagreb 100% 543 143
Span Swiss AG, Switzerland 100% - -
Span-IT s.r.l., Moldova 100% 176 116
Span GmbH, Germany 100% - -
Bonsai d.o.o., Zagreb 100% - 46
Span USA Inc., SAD 100% 15 15
GT Tarkvara, Estonia 100% 10,427 10,427
Span LLC, Georgia 100% 124 50
Institution Span Cybersecurity Center, Zagreb 100% 100 -
Span B.V. in Amsterdam, Netherlands 100% - -
Total 12,441 16,808
31/12/2024 31/12/2023
(in thousands of eur)
Balance at the beginning of the year 16,808 6,251
Acquisitions/establishments 634 10,628
Mergers (5,001) -
Value adjustments - (71)
Balance at the end of the year 12,441 16,808

22. Investments in associates

Associate name Main activity Place of establishment Ownership share in %
Fintech Digital Services d.o.o. Computer and related activities Zagreb, Republic of Croatia 35
Associate name Place of foundation and business Group of an associated company Establishment for 2024 Investment value 31/12/2024 Share in the result Investment value 31/12/2023
EUR '000 EUR '000 EUR '000
Fintech Digital Services d.o.o. Zagreb, Republic of Croatia 262 - (1) 260
Total 262 - (1) 260
Company Associate name Place of foundation and business Investment value
EUR '000 EUR '000
Fintech Digital Services d.o.o. Zagreb, Republic of Croatia 266
Total 266

23. Inventories

Merchandise inventories predominantly refer mainly to hardware purchases for familiar customers and exceptionally this year to licenses for 2025, and for which the invoice was received on 31/12/2024. These licenses were sold on 1/1/2025. The purchase value of licenses and hardware, which is expressed as an expense for the Group in the current year, amounts to EUR 119,696 thousand (2023: EUR 90,695 thousand), and for the Company it is EUR 63,217 thousand (2023: EUR 60,512 thousand). At the end of each business year, the Group and Company examine the net realizable value of inventories and adjust the value of inventories older than 1 year. The cost or the expense of inventories recognized as expenditures amount, for both the Group and the Company amounts to EUR 12 thousand (2023: EUR 2 thousand) and refers to the value adjustment of inventories up to net realisable value. Value adjustment of inventories has been reversed for inventories sold in the amount of EUR 5 thousand (2023: EUR 4 thousand). The inventories value of EUR 280 thousand (2023: EUR 275 thousand) for the Group and EUR 278 thousand (2023: EUR 261 thousand) for the Company is expected to be realized very quickly, within 12 months the latest.

31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Trade goods 9 31 7 17
Licenses 271 244 271 244
Total 280 275 278 261

24. Trade and other receivables

31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Domestic trade receivables 19,250 21,570 9,342 7,821
Foreign trade receivables 6,645 6,133 6,314 5,526
Impairment of trade receivables (1,585) (1,069) (40) (33)
Prepaid expenses 1,197 1,333 901 1,534
VAT receivables 45 199 37 107
Related parties’ receivables - - 628 422
Accrued income 3,393 2,584 3,091 2,147
Income tax receivables 164 354 131 84
Other receivables 659 415 289 194
Total 29,768 31,519 20,693 17,802

The average credit period for the sale of goods for the Group is 54 days and for the Company 48 days (2023: Group 54 days, Company 43 days). Interest is not calculated for outstanding trade receivables. The Group and Company always measure impairment of trade receivables in the amount equivalent to lifetime ECL. The expected credit losses on trade receivables are estimated using a provision matrix by reference to past default experience of the debtor and an analysis of the debtor’s current financial position, adjusted for factors that are specific to the debtors, general economic conditions of the industry in which the debtors operate and an assessment of both the current as well as the forecast direction of conditions as at the reporting date. The impairment of trade receivables is mostly related to the value adjustment of receivables in Span d.o.o., Slovenia for Studio Moderna.

Changes in expected credit losses on trade receivables

31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Opening balance 1,069 399 33 314
Movement of loss allowance 21 65 1 22
Amount recovered during the year - (388) - (303)
Individual value adjustments 495 992 6 -
Closing balance 1,585 1,069 40 33

The Group and Company write off a trade receivable when there is information indicating that the debtor is in severe financial difficulty and there is no realistic prospect of recovery, e.g. when the debtor has been placed under liquidation or has entered bankruptcy proceedings, or in the case of trade receivables, when the amounts are over two years past due, whichever occurs sooner. In addition to the written off trade receivable for Studio Moderna, no written-off trade receivables are subject to enforcement activities. As the Group and Company’s historical credit loss experience does not show significantly different loss patterns for different customer segments, the provision for loss allowance based on past due status is not further

Customer Receivables - Overdue (Group)

31/12/2024
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total
Expected credit losses 0.02% 0.51% 10.59% 3.8% 4.71% 17.86%
Estimated total gross carrying amount at default 22,524 2,314 414 77 60 81 25,471
Lifetime ECL 5 12 44 3 3 14 81

Customer Receivables - Overdue (Group)

31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total
Expected credit losses 0.03% 0.98% 3.07% 7.72% 6.83% 45.72%
Estimated total gross carrying amount at default 23,371 2,720 441 75 16 26 26,647
Lifetime ECL 7 26 14 6 1 12 65

Customer Receivables - Overdue (Company)

31/12/2024
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total
Expected credit losses 0.03% 0.11% 1.63% 3.47% 6.17% 50.00%
Estimated total gross carrying amount at default 14,105 1,796 242 74 34 15 16,266
Lifetime ECL 4 2 4 3 2 8 23

Customer Receivables - Overdue (Company)

31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Overdue < 90 91 - 180 181 - 270 271 - 360 > 360 Total
Expected credit losses 0.05% 0.16% 3.33% 6.81% 8.31% 49.95%
Estimated total gross carrying amount at default 11,985 1,499 176 58 11 6 13,736
Lifetime ECL 6 2 6 4 1 3 22
### For the year ended 31 December 2024
#### SPAN d.d. and its subsidiaries 68
## 25. Borrowings
31/12/2024 31/12/2023 31/12/2024 31/12/2023
:----------------------------------- :------------ :------------ :------------ :------------
'000 EUR '000 EUR '000 EUR '000 EUR
Borrowings at amortised cost
Long-term
OTP bank d.d. - 33 - 33
Borrowings at amortised cost
Short-term
Zagrebačka banka d.d. 1,007 - 1,007 -
OTP bank d.d. 2,038 1,404 2,038 1,404
Privredna banka Zagreb bank d.d. 2,310 - 2,310 -
Raiffeisenbank Austria d.d. 167 670 167 670
5,522 2,073 5,522 2,073
Total 5,522 2,107 5,522 2,107
2024. 2023. 2024. 2023.
'000 EUR '000 EUR '000 EUR '000 EUR
Balances as at 1 January 2,107 937 2,107
New loans 10,999 2,630 12,999
Loan repayments (7,600) (1,466) (9,600)
Accrued Interest 242 55 242
Interest repayment (226) (49) (226)
Total 5,522 2,107 5,522

Loans to subsidiaries

Short-term

Company (in thousands of euros) 31/12/2024 31/12/2023
Balance as of January 1 38 -
New loans 554 38
Loan repayments (450) -
Foreign exchange differences 3 -
Interest expense 3 -
Interest repayments (2) -
Total 146 38

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 69

25. Borrowings (continued)

Analysis of foreign currency borrowings: Other main features of the Group and the Company's borrowings are as follows:
(i) The company does not use overdrafts.
(ii) The Company has six bank loans:
(a) A loan of EUR 1,007 thousand, which was agreed in October 2024 with Zagrebačka banka d.d. for a period of 6 months (2023: EUR 0 thousand) from a multi-purpose facility of EUR 7,000 thousand, which is active at the reporting date. The facility is negotiated and renewed annually, and its maturity date is June 2025. The reference interest rate applied to the drawn down loan is 3-month EURIBOR increased by an interest margin of 1.10% per annum, variable. The loan is secured by a promissory note issued by the Company.
(b) A loan of EUR 33 thousand (2023: EUR 434 thousand), which was agreed in June 2019 with OTP banka d.d. for financing suppliers and other liabilities. The loan is secured by debentures and bills of exchange issued by Group companies and by the Company's pledged assets (headquarters building). The loan bears an interest rate of 1.80% per annum, variable.
(c) A loan of EUR 2,005 thousand, which was agreed in August 2023 with OTP banka d.d. for a period of 6 months (2023: EUR 1,003 thousand) from a multi-purpose facility of EUR 7,000 thousand, which is active at the reporting date. The facility is negotiated and renewed annually, and its maturity date is September 2025. The reference interest rate applied to the drawn down loan is 1-month EURIBOR increased by an interest margin of 1.00% per annum, variable. The loan is secured by the Company's pledged assets (headquarters building) and debentures and bills of exchange issued by Group companies.
(d) Revolving loan of EUR 2,007 thousand, which was agreed in April 2024 with Privredna banka Zagreb d.d. for a term of 12 months (2023: EUR 0 thousand) from a multipurpose facility of EUR 6,000 thousand, which is active at the reporting date. The facility is agreed and renewed annually, and its maturity date is September 2025. The reference interest rate for the 1-month EURIBOR increased by an interest margin of 1.17% per annum, variable, is applied to the drawn loan. The loan is secured by a promissory note issued by the Company.
(e) Revolving loan of EUR 303 thousand, which was agreed in February 2024 with Privredna banka Zagreb d.d. for a term of 12 months (2023: EUR 0 thousand) from a multipurpose facility of EUR 6,000 thousand, which is active at the reporting date. The facility is contracted and renewed annually, and its maturity date is September 2025. The reference interest rate for the 1-month EURIBOR plus an interest margin of 1.17% per annum, variable, is applied to the drawn down loan. The loan is secured by a promissory note issued by the Company.
(f) A loan of EUR 167 thousand, which was contracted in February 2024 with Raiffeisenbank Austria d.d. for a period of 12 months (2023: EUR 670 thousand) from a multi-purpose facility of EUR 4,000 thousand, which is active at the reporting date. The facility is contracted and renewed annually, and its maturity date is July 2025. The reference interest rate for the 3-month EURIBOR plus an interest margin of 1.20% per annum, variable, is applied to the drawn down loan. The loan is secured by a promissory note issued by the Company.

Analysis of borrowings by currency

Group Company
2024. 2023. 2024. 2023.
(in thousands of euros)
Bank loans 5,522 2,107 5,522 2,107
5,522 2,107 5,522 2,107

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 70

26. Deferred tax

The following is an overview of deferred tax liabilities and assets reported by the Group and the Company and their movement during the reporting period.

Group Company
31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Deferred tax liability (835) (581) (835) (412)
Deferred tax assets 1,158 1,724 933 1,145
323 1,143 98 733
Group Tax incentive s Other Tax losses Total Company Tax incentive s Other Tax losses Total
(in thousands of euros)
As at 1 January 2023 1,423 225 13 1,661 1,328 13 1,341
Increase/(decrease) of deferred tax assets 49 23 (8) 63 (188) (8) (196)
As at 31 December 2023 1,472 248 4 1,724 1,140 4 1,145
Increase/(decrease) of deferred tax assets (545) (23) 2 (566) (213) 2 (211)
As at 31 December 2024 927 225 6 1,158 927 6 933 933

Deferred tax liability refers to the revaluation of land and buildings owned by the Group and the Company, the impact of which was recognized in other comprehensive income.
Deferred tax assets represent the corporate tax amounts that are recoverable based on future deductions of taxable profit and recognized in the statement of financial position.
Deferred tax assets are recognized up to the amount of the tax revenues which are likely to be realised. When determining future taxable profit and amount of tax revenues that are likely to be realised in the future, the Group and Company make judgements and estimates based on taxable profit from prior years and expectations of future revenues that are considered reasonable in the current circumstances.
The Group and the Company recognized deferred tax assets mainly based on approved incentive measures that the Company expects to use for exemption from paying income tax.

Group Revaluation of building and land Acquisition of Ekobit building and land Total Company Revaluation of building and land Acquisition of Ekobit building and land Total
(in thousands of euros)
As at 1 January 2023 438 209 647 438 - 438
Increase/(decrease) of deferred tax assets (26) (40) (67) (26) - (26)
As at 31 December 2023 412 169 581 412 - 412
Increase/(decrease) of deferred tax assets 275 (21) 254 275 148 423
As at 31 December 2024 687 148 835 687 148 835

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 70

26. Deferred tax

The following is an overview of deferred tax liabilities and assets reported by the Group and the Company and their movement during the reporting period.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 71

27. Lease liabilities

The Group and the Company are not exposed to substantial liquidity risk in terms of their lease liabilities.

Group Company Group Company
31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Lease liabilities – long-term 1,473 947 1,436
Lease liabilities - short-term 1,303 938 1,159
Total 2,777 1,884 2,595

Lease liabilities refer to the lease of business premises and company vehicles recognized in line with the provisions of IFRS 16 Leases.

Group Company Group Company
31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Maturity overview:
1st year 1,342 989 1,184
2nd year 1,130 551 1,103
3rd year 264 242 264
4th year 146 158 146
5th year 59 42 59
More than 5 years - - -
2,941 1,982 2,756
Less: unearned interest (165) (98) (161)
2,777 1,884 2,595
Analysed as:
Non-current 1,473 947 1,436
Current 1,303 938 1,159
2,777 1,884 2,595

SPAN d.d. and its subsidiaries 72

28. Trade and other payables

Trade payables and liabilities accounted for mainly comprise outstanding amounts for purchasing trade goods and current costs. The average credit period for the purchase of goods for the Group is 55 days and for the Company 52 days (2023: Group 53 days, Company 45 days). For most suppliers interest on trade payables is not calculated for the first 180 days from the invoicing date. Afterwards, interest is calculated for open balances by using different interest rates. The Group and the Company have financial risk management policies in place to ensure that all payables are paid within the agreed credit terms. The Management Board believes that the carrying amount of trade payables approximates their fair value.

Group Company Group Company
31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Domestic suppliers 8,592 6,949 6,479
Foreign suppliers 13,477 12,692 5,700
Related party payables - - 176
VAT payable 1,948 2,345 602
Amounts due to employees 2,049 1,781 1,677
Accrued expense 2,863 1,826 740
Taxes and contributions on employee salaries 1,165 1,017 1,063
Advances received 606 465 292
Income tax liabilities 343 - -
Other liabilities 2,073 2,005 534
Total 33,116 29,080 17,263

The Group's liabilities to foreign suppliers in 2024 mostly relate to liabilities to Microsoft Ireland Operations Ltd. Dublin, Ireland for resale licenses.

29. Share Capital

The share capital comprises of 1,960,000 shares with a nominal value of EUR 2 per share. The Group's total capital and reserves increased by EUR 3,430 thousand. On 2.7.2024, the Company paid a dividend of EUR 586 thousand to the account of the Central Depository and Clearing Company (CDCC), which was paid to shareholders on 5.7.2024. As of 31 December 2024, the Company held 8,802 (2023: 15,673) of its own shares. The Company has one type of shares that do not carry the right to a fixed yield. The Company has no losses in 2024 and no losses carried forward from previous years.

SPAN d.d. and its subsidiaries 73

28. Trade and other payables

Trade payables and liabilities accounted for mainly comprise outstanding amounts for purchasing trade goods and current costs. The average credit period for the purchase of goods for the Group is 55 days and for the Company 52 days (2023: Group 53 days, Company 45 days). For most suppliers interest on trade payables is not calculated for the first 180 days from the invoicing date. Afterwards, interest is calculated for open balances by using different interest rates. The Group and the Company have financial risk management policies in place to ensure that all payables are paid within the agreed credit terms. The Management Board believes that the carrying amount of trade payables approximates their fair value.

Group Company Group Company
31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Domestic suppliers 8,592 6,949 6,479
Foreign suppliers 13,477 12,692 5,700
Related party payables - - 176
VAT payable 1,948 2,345 602
Amounts due to employees 2,049 1,781 1,677
Accrued expense 2,863 1,826 740
Taxes and contributions on employee salaries 1,165 1,017 1,063
Advances received 606 465 292
Income tax liabilities 343 - -
Other liabilities 2,073 2,005 534
Total 33,116 29,080 17,263

The Group's liabilities to foreign suppliers in 2024 mostly relate to liabilities to Microsoft Ireland Operations Ltd. Dublin, Ireland for resale licenses.

29. Share Capital

The share capital comprises of 1,960,000 shares with a nominal value of EUR 2 per share. The Group's total capital and reserves increased by EUR 3,430 thousand. On 2.7.2024, the Company paid a dividend of EUR 586 thousand to the account of the Central Depository and Clearing Company (CDCC), which was paid to shareholders on 5.7.2024. As of 31 December 2024, the Company held 8,802 (2023: 15,673) of its own shares. The Company has one type of shares that do not carry the right to a fixed yield. The Company has no losses in 2024 and no losses carried forward from previous years.

SPAN d.d. and its subsidiaries 74

30. Capital Reserves

Capital reserves as of 31 December 2024 amount to EUR 8,802 thousand. The decrease in the amount of EUR 1,117 thousand occurred during the allocation of shares during the year as the difference in the share price on the date of redemption and on the date of allocation and as an effect of the merger of the company Bonsai d.o.o. and Trilix d.o.o.

31. Revaluation reserves

Property revaluation reserves

The reserve from the revaluation of property was formed in 2019 from the revaluation of land and buildings based on the assessment of an independent appraiser and was increased in 2024 based on a new estimate by an independent appraiser and to 31 December 2023., is amounted to 1,877 thousand euros, and as of 31 December 2024, it is amounted to 3,130 thousand euros. Revaluation reserves may be realised once the asset is derecognized or gradually by using assets in the amount defined as the difference between depreciation based on the revalued carrying amount of assets and depreciation based on the original purchase cost. Realised revaluation reserve is transferred to retained earnings. When selling revalued land or revalued buildings, a portion of the properties revaluation reserve referring to the assets sold is transferred directly to retained earnings. Other comprehensive income items included in the properties revaluation reserve are not subsequently transferred to profit or loss. The Group and the Company decided to realise the revaluation reserve by gradually using assets and in 2024 they realised revaluation reserves in the amount of EUR 121 thousand.

SPAN d.d. and its subsidiaries 74

32. Non-controlling interests

On 1 April 2024, Span d.d. entered into an agreement to purchase 30% of the business shares of the subsidiary Bonsai d.o.o. By purchasing the remaining 30% of the shares of Bonsai, the Company acquired 100% ownership (Note 36). On 4 July 2024, Span d.d. entered into an agreement to purchase 30% of the business shares of the subsidiary Trilix d.o.o. By entering into this agreement, Span became the owner of 90% of the business shares of Trilix, while the remaining 10% of the business shares constitute Trilix's own share. Below is an overview of summary information on all subsidiaries of the Company, in which the Company has material non-controlling interests. The summarised financial information below represents amounts before intra-Group eliminations

Non-controlling interest

Group
2024.

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 75

32. Non-controlling interests (continued)

31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR
Trilix d.o.o.
Current assets 1,589 1,277
Fixed Assets 79 104
Current liabilities (910) (647)
Non-current liabilities (9) (36)
Equity attributable to owners of the Company 100% 60%
Non-controlling interests 0% 40%
31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR
Revenues 2,570 2,608
Expenses (2,317) (2,370)
Profit for the year 252 238
Profit attributable to the owners of the Company 252 143
Profits attributable to non-controlling interests - 95
Profit for the year 252 238
Total comprehensive profit attributable to the owners of the Company 252 143
Total comprehensive profit attributable to owners of non-controlling holdings - 95
Total comprehensive profit of the current year 252 238

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 76

32. Owners of non-controlling holdings (continued)

31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR
Bonsai d.o.o.
Current assets - 848
Fixed Assets - 277
Current liabilities - (689)
Non-current liabilities - (19)
Equity attributable to owners of the Company 100% 70%
Non-controlling interests 0% 30%
31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR
Revenues 1,096 2,530
Expenses (1,322) (2,498)
Profit for the year (225) 31
Profit attributable to the owners of the Company (225) 22
Profits attributable to non-controlling interests - 9
Profit for the year (225) 31
Total comprehensive profit attributable to the owners of the Company (225) 22
Total comprehensive profit attributable to owners of non-controlling holdings - 9
Total comprehensive profit of the current year (225) 31

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 77

33. Notes to the cash flow statement

The carrying amount of these assets is approximately equal to their fair value. Below is an overview of cash and cash equivalents at the end of the reporting period.

31/12/2024 31/12/2023 31/12/2024 31/12/2023
Group Group Company Company
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Cash in bank 24,362 14,372 8,993 4,830
Cash at hand 7 7 1 2
Total 24,368 14,379 8,994 4,832

34. Deferred income

31/12/2024 31/12/2023 31/12/2024 31/12/2023
Group Group Company Company
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Deferred income 2,714 4,489 2,618 4,299
Total 2,714 4,489 2,618 4,299

Deferred income refers to accruals and deferrals, i.e. income recognized in future periods in which the service is realised. Deferred income predominantly refers to advisory services regarding contracted projects with customers, recognized by reference to the stage of completion of the contract.

35. Contractual liabilities

Contractual liabilities predominantly refer to the liabilities for the purchase of business shares in the company Trilix d.o.o. and the purchase of business shares in the company GT Tarkvara, Estonia.

31/12/2024 31/12/2023 31/12/2024 31/12/2023
Group Group Company Company
'000 EUR '000 EUR '000 EUR '000 EUR '000 EUR
Contractual liabilities – non-current 106 1,798 106 1,798
Contractual liabilities - current 2,255 1,899 2,255 1,899
Total 2,362 3,697 2,362 3,697

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 78

36. Merger of subsidiaries

In 2024, the company merged the companies Ekobit d.o.o. and Bonsai d.o.o.

Bonsai d.o.o.

Carrying value (in thousands of euros)
2024.

  • Property, plant and equipment: 63
  • Other intangible assets: 84
  • Right-of-use assets: 130
  • Deferred tax assets: 41
  • Trade and other receivables: 635
  • Cash in bank and petty cash: 77
  • Lease liabilities: (131)
  • Trade and other payables: (649)
  • Deferred income: (89)
  • Net assets identified: 160

Total (in thousands of euros)

  • Consideration paid in cash: 796
  • Impact of the merger on the Company's capital: 637
  • Fair value of net assets identified: 160

The carrying amount stated in this note refers to the carrying amounts from the consolidation perspective (predecessor accounting method)

Ekobit d.o.o.

Carrying value (in thousands of euros)
2024.

  • Property, plant and equipment: 8
  • Other intangible assets: 1,443
  • Right-of-use assets: 15
  • Investments in financial assets: 110
  • Trade and other receivables: 627
  • Cash in bank and petty cash: 1,195
  • Lease liabilities: (15)
  • Trade and other payables: (335)
  • Deferred tax liability: (159)
  • Deferred income: (47)
  • Net assets identified: 2,841

Total (in thousands of euros)

  • Consideration paid in cash: 4,955
  • Impact of the merger on the Company's capital: 532
  • Fair value of net assets identified: 2,841
  • Goodwill: 1,582

The carrying amount stated in this note refers to the carrying amounts from the consolidation perspective (predecessor accounting method)

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 79

37. Financial instruments

(a) Groups and categories of financial instruments and their fair value

Levels of fair value indicators 1 to 3 shall be based on the degree of fair value measurability:
* Level 1 fair value measurements are those derived from quoted prices (unadjusted) in active markets for identical assets or liabilities;
* Level 2 fair value measurements are those derived from inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly (i.e. as prices) or indirectly (i.e.# Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

80

37. Financial instruments (continued)

(b) Financial risk management objectives
The Group and the Company’s finance function supports operations, co-ordinates access to domestic and international financial markets, monitors and manages the financial risks relating to the operations of the Group and the Company. These include market risk (including currency risk, interest rate risk, and price risk), then credit risk and liquidity risk. The Group and the Company seek to minimise the effects of these risks by using financial instruments to hedge against the relevant exposures. The Company concluded a framework contract on derivative financial instruments for hedging against the interest and currency risk, as well as other risks that incur or may incur due to changes in prices, values etc.

(c) Market risk
The Group and the Company are primarily exposed to the financial risk of currency exchange rate changes in their business (see below). During 2023 and 2024, the Company contracted foreign exchange forward transactions to manage the exchange rate risk of USD and GBP currencies.

37. Financial instruments (continued)

(c) (i) Currency risk management
The Group and Company undertake transactions denominated in foreign currencies; consequently, exposures to exchange rate fluctuations arise. The Company concluded a contract on derivative financial instruments for hedging against the currency risk. The table below details the carrying amounts of the Group and Company’s foreign currency denominated monetary assets and liabilities at the reporting date.

EUR (in thousands of euros) USD GBP CAD AUD NOK SEK CZK
Group
31 December 2024
Cash in bank and petty cash 49 1,637 249 - - - - 178
Financial assets - 88 - - - - - -
Trade and other receivables 38 1,961 559 74 53 - - -
Borrowings - (107) - - - - - -
Trade and other payables (42) (5,963) (12) - - (23) (6) -
Net balance sheet exposure 45 (2,384) 797 74 53 (23) (6) 178
31 December 2023
Cash in bank and petty cash 48 2,585 104 - - - - 2,455
Trade and other receivables 17 2,804 1,167 71 51 - - -
Long-term receivables from customers - 105 - - - - - -
Trade and other payables - (2,933) (50) - - (23) (6) -
Net balance sheet exposure 65 2,560 1,221 71 51 (23) (6) 2,455

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

81

37. Financial instruments (continued)

(c) (i) Currency risk management (continued)

USD (in thousands of euros) GBP CAD AUD
Company
31 December 2024
Cash in bank and petty cash 491 249 - -
Financial assets 88 - - -
Trade and other receivables 1,655 559 74 53
Trade and other payables (154) (12) - -
Net balance sheet exposure 2,080 797 74 53
31 December 2023
Cash in bank and petty cash 1,164 104 - -
Trade and other receivables 2,766 1,167 71 51
Trade and other payables (237) (50) - -
Net balance sheet exposure 3,694 1,221 71 51

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

82

37. Financial instruments (continued)

(c) (i) Currency risk management (continued)

Currency risk sensitivity analysis
The Group and the Company are primarily exposed to USD risk as a result of the sale of services to customers mainly from the USA and the GBP currency due to sales to customers from the UK. The following table analyses the Group and the Company's vulnerability to an increase and decrease in the euro exchange rate of 1% against relevant foreign currencies. The 1% sensitivity rate is the rate used in internal reports to key managers on currency risk and represents management's assessment of realistically possible currency exchange rate fluctuations. Sensitivity analysis includes only open cash items in foreign currency, and it is converted items adjusted for a change of 1% in year-end currency exchange rates. Sensitivity analysis includes certain receivables (trade and other receivables) and liabilities ((loan liabilities to financial institutions, trade payables, and other contractual liabilities) that are denominated in foreign currency. A positive number indicates an increase in profits and other principal if the value of the euro rises by 1% against the currency in question. In the event of a 1% drop in the value of the euro against the currency concerned, the impact on profit or principal would be the same but opposite, i.e. the amounts in the table would be negative.

The following exchange rates were applied:

2024 2023
EUR 1 1.0000 1.0000
USD 1 1.0444 1.1050
GBP 1 0.8295 0.8691
CAD 1 1.5035 1.4642
AUD 1 1.6756 1.6263
CHF 1 0.9435 0.9260
NOK 1 11.8455 11.2405
SEK 1 11.4865 11.0960
CZK 1 25.2260 24.7240
Profit or loss Group Company
Appreciation Depreciation Appreciation Depreciation
31 December 2024
USD (1% Change) (24) 24 21 (21)
GBP (1% change) 8 (8) 8 (8)
CAD (1% change) 1 (1) 1 (1)
AUD (1% change) 1 (1) 1 (1)
CZK (1% change) 2 (2) - -
31 December 2023
EUR (1% change) 1 (1) - -
USD (1% Change) 26 (26) 37 (37)
GBP (1% change) 12 (12) 12 (12)
CAD (1% change) 1 (1) 1 (1)
AUD (1% change) 1 (1) 1 (1)
CZK (1% change) 25 (25) - -

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

83

37. Financial instruments (continued)

(c) (ii) Interest rate risk management
The Group and the Company are exposed to interest rate risk because they borrow funds at fixed and floating interest rates. The Group and the Company manage the risk by maintaining an appropriate ratio of borrowing with fixed and floating interest. The Group and the Company's exposure to interest rates on financial assets and financial liabilities is described in more detail in the section of this note relating to liquidity risk management.

Interest rate risk sensitivity analysis
The following sensitivity analyses are based on exposure to interest rates on non-derivative instruments at the end of the reporting period. For liabilities related to the floating interest rate, the analysis was made on the assumption that the amount of liabilities stated at the date of the statement of financial position was valid throughout the year. A 1 % increase or decrease is used when reporting interest rate risk internally to key management personnel and represents management’s assessment of the reasonably possible change in interest rates. In the event that interest rates were 1% higher/lower while other variables were constant:

  • The Company's profit of the current year ending 31 December 2024 would decrease/increase by EUR 45 thousand (2023: it would decrease/increase by EUR 17 thousand), which is mainly linked to the Company's exposure to variable interest rate borrowing.
Company Interest rate risk (in '000 EUR) 2024 2023
Variable interest rate instruments
Loans and borrowings 5,466 2,100
Total 5,466 2,100
Interest rate increase by 1% 45 17
  • The Group's profit of the current year ending 31 December 2024 would decrease/increase by EUR 45 thousand (2023: decrease/increase by EUR 17 thousand), which can mainly be linked to the Group's exposure to variable interest rate borrowings.
Group Interest rate risk (in '000 EUR) 2024 2023
Variable interest rate instruments
Loans and borrowings 5,466 2,100
Total 5,466 2,100
Interest rate increase by 1% 45 17

Notes to financial statements

For the year ended 31 December 2024

SPAN d.d. and its subsidiaries

84

37. Financial instruments (continued)

(d) Credit risk management

Group Company 31/12/2024 (in thousands of euros) 31/12/2023
Customer 1 4,545 4,545
Customer 2 2,165 2,165
Customer 3 1,378 801
Customer 4 1,233 425
Customer 5 801 386
Customer 6 644 304
Customer 7 547 296
Customer 8 425 280
Customer 9 386 277
Customer 10 350 273
Total 12,475 9,752
Total receivables 25,267 15,656
Share in total receivables (%) 49.37% 62.29%
Group Company 31/12/2024 (in thousands of euros) 31/12/2023
Customer 1 4,772 4,772
Customer 2 3,544 1,714
Customer 3 1,975 1,000
Customer 4 1,714 327
Customer 5 1,000 282
Customer 6 657 239
Customer 7 653 207
Customer 8 632 195
Customer 9 340 178
Customer 10 327 177
Total 15,615 9,091
Total receivables 27,252 13,348
Share in total receivables (%) 57.30% 68.11%

The Group and Company have adopted a policy of only dealing with creditworthy counterparties and obtaining sufficient collateral, where appropriate, as a means of mitigating the risk of financial loss from defaults. The Group and Company’s exposure and the credit ratings of its counterparties are continuously monitored, and the aggregate value of transactions concluded is spread amongst approved counterparties. Before accepting any new customer, a dedicated team responsible for the determination of credit limits uses an external credit scoring system to assess the potential customer’s credit quality and defines credit limits by customer. In addition, monitoring procedures have been put in place to ensure that the actions necessary to recover overdue debts are taken. The expected credit losses for trade receivables are estimated using a provisioning matrix based on experience with uncollected receivables and an analysis of the debtor's current financial position, aligned with the factors inherent in the debtor, the general economic conditions in their industry. and an assessment of the current and anticipated direction of movement of conditions. Apart from receivables for Studio Moderna, no written- off trade receivables are subject to forced collection.## 37. Financial instruments (continued)

(d) Credit risk management (continued)

Out of the total balance of trade receivables at the end of the year, 4,545 thousand euros (2023: 4,772 thousand euros) refers to the receivable from Buyer 1, the largest buyer of the Group and the Company. Apart from this, the Group and Company do not have significant credit risk exposure to any single counterparty or any group of counterparties having similar characteristics. The Company and Group consider counterparties having similar characteristics related parties. As at 31 December 2024, the estimated loss allowance for the Group was EUR 1,585 thousand (2023: EUR 1,040 thousand) and for the Company EUR 40 thousand (2023: EUR 33 thousand) (note 24).

(d) (i) Collection insurance instruments and other credit improvements

Where appropriate, the Company and Group hold collateral to cover their credit risks associated with their financial assets and continuously monitor customers.

d)(ii) Overview of the Group's and The Company's exposures to credit risk

Credit risk refers to the risk that a counterparty will default on its contractual obligations resulting in financial loss to the Group and Company. As at 31 December 2024, , the Group and Company’s maximum exposure to credit risk, without taking into account any collateral held or other credit enhancements, which will cause a financial loss to the Group and Company due to failure to discharge an obligation by the counterparties and financial guarantees provided by the Group arises from the carrying amount of the respective recognized financial assets as stated in the statement of financial position. For trade receivables, the Group and Company have applied the simplified approach in IFRS 9 to measure the loss allowance at lifetime ECL. The Group and Company determine the expected credit losses on these items by using a provision matrix, estimated based on historical credit loss experience based on the past due status of the debtors, adjusted as appropriate to reflect current conditions and estimates of future economic conditions. Thus, the credit risk profile of the relevant assets has been presented based on the past due status in relation to the Group’s provision matrix.

37. Financial instruments (continued)

d)(ii) Overview of the Group and the Company's exposures to credit risk (continued)

Group

External credit rating Internal credit rating 12-month expected credit losses or expected credit losses throughout the lifetime Gross Carrying value Loss allowance Net Carrying Value
31/12/2024
Note '000 EUR '000 EUR '000 EUR
Trade and other receivables 24 N/a Expected credit losses throughout the lifetime (simplified approach) 31,353 1,585 29,768
External credit rating Internal credit rating 12-month expected credit losses or expected credit losses throughout the lifetime Gross Carrying value Loss allowance Net Carrying Value
31/12/2023
Note '000 EUR '000 EUR '000 EUR
Trade and other receivables 24 N/a Expected credit losses throughout the lifetime (simplified approach) 32,559 1,069 31,490

Company

External credit rating Internal credit rating 12-month expected credit losses or expected credit losses throughout the lifetime Gross Carrying value Loss allowance Net Carrying Value
31/12/2024
Note '000 EUR '000 EUR '000 EUR
Trade and other receivables 24 N/a Expected credit losses throughout the lifetime (simplified approach) 20,733 40 20,693
External credit rating Internal credit rating 12-month expected credit losses or expected credit losses throughout the lifetime Gross Carrying value Loss allowance Net Carrying Value
31/12/2023
Note '000 EUR '000 EUR '000 EUR
Trade and other receivables 24 N/a Expected credit losses throughout the lifetime (simplified approach) 17,834 33 17,802

37. Financial instruments (continued)

(e) Liquidity risk management

Responsibility for liquidity risk management rests with the management, which has established an appropriate liquidity risk management framework for managing short, medium and long-term funding and liquidity. The Group and Company manage liquidity risk by maintaining adequate reserves and credit lines, continuously comparing the planned and realized cash flow by monitoring the maturity of claims and liabilities. Details on unused credit products available to the Group and Company to additionally decrease liquidity risk are provided below.

Group Company
31/12/2024 31/12/2023
'000 EUR '000 EUR
Bank loans with different maturities until 2025, secured by collection instruments, which can be prolonged by mutual agreement:
– amount used 5,466 1,667
– amount unused 21,465 19,633
Total 26,931 21,300

The Group and the Company expect to meet their other obligations from operating cash flows and proceeds of maturing financial assets.

(e)(i) Liquidity and interest rate risk tabular analysis

The remaining period until the contract maturity of non-derivative financial liabilities of the Group and Company was analysed in the following tables. The tables have been drawn up based on the undiscounted cash outflows for financial liabilities in line with the earliest date when the Group and Company may demand payment. The tables detail cash flows from principal and interest. Based on expectations at the end of the reporting period, the Group and Company consider that it is more likely than not that no amount will be payable under the arrangement. However, this estimate is subject to change depending on the probability of the counterparty claiming under the guarantee which is a function of the likelihood that the financial receivables held by the counterparty which are guaranteed suffer credit losses. The contractual maturity is based on the earliest date on which the Group and Company may be required to pay.

Group

Average weighted effective interest rate (%) 0-12 months ('000 EUR) 1-5 years ('000 EUR) After 5 years ('000 EUR) Total ('000 EUR) Carrying value ('000 EUR)
31/12/2024
Liabilities to suppliers and other liabilities - 33,116 - - 33,116 33,116
Liabilities per lease (nominal amount) 3.52% 1,303 1,473 - 2,777 2,777
Loans (nominal amount) 4.02% 5,522 - - 5,522 5,522
Interest on liabilities per lease - 93 72 - 165 -
Interest on loans - 40 - - 40 -
31/12/2023
Liabilities to suppliers and other liabilities - 28,930 150 - 29,080 29,080
Liabilities per lease (nominal amount) 4.64% 938 947 - 1,884 1,884
Loans (nominal amount) 4.31% 2,073 33 - 2,107 2,107
Interest on liabilities per lease - 49 49 - 98 -
Interest on loans - 19 - - 19 -

Company

Average weighted effective interest rate (%) 0-12 months ('000 EUR) 1-5 years ('000 EUR) After 5 years ('000 EUR) Total ('000 EUR) Carrying value ('000 EUR)
31/12/2024
Liabilities to suppliers and other liabilities - 17,263 - - 17,263 17,263
Liabilities per lease (nominal amount) 3.14% 1,159 1,436 - 2,595 2,595
Loans (nominal amount) 4.02% 5,522 - - 5,522 5,522
Interest on liabilities per lease - 89 71 - 161 -
Interest on loans - 40 - - 40 -
31/12/2023
Liabilities to suppliers and other liabilities - 13,971 - - 13,971 13,971
Liabilities per lease (nominal amount) 4.64% 665 752 - 1,417 1,417
Loans (nominal amount) 4.31% 2,073 33 - 2,107 2,107
Interest on liabilities per lease - 49 48 - 97 -
Interest on loans - 19 - - 19 -

37. Financial instruments (continued)

(e) Liquidity risk management (continued)

(e) (ii) Funding instruments

The Group and the Company use a combination of cash inflows from financial assets and available bank liquidity management instruments. The table below contains an overview of cash inflows from assets:

Group

0-12 months ('000 EUR) 1-5 years ('000 EUR) After 5 years ('000 EUR) Total ('000 EUR)
31 December 2024
Long-term trade receivables 1 - - 1
Investments in financial assets 540 83 - 623
Trade and other receivables 29,768 - - 29,768
31 December 2023
Long-term trade receivables 1 - - 1
Investments in financial assets 436 213 - 648
Trade and other receivables 31,519 - - 31,519

Company

0-12 months ('000 EUR) 1-5 years ('000 EUR) After 5 years ('000 EUR) Total ('000 EUR)
31 December 2024
Long-term trade receivables - 1 - 1
Investments in financial assets 112 66 - 178
Trade and other receivables 20,693 - - 20,693
31 December 2023
Long-term trade receivables - 1 - 1
Investments in financial assets 74 111 - 185
Trade and other receivables 17,802 - - 17,802

(f) Capital management risk

The Group and Company manage their capital to ensure they will be able to continue as a going concern while maximizing the return to stakeholders through the optimisation of the debt and equity balance. The capital structure of the Group and Company consists of net debt (borrowings after deducting cash and bank balances) and equity of the Group and Company (comprising issued capital, reserves, retained earnings and non- controlling interests). The Group and the Company have contractually defined obligations with certain banks for certain key business indicators, such as the coverage of total net debt and the ratio of capital in the company's liabilities.The Group and the Company did not violate the contractually defined obligations for key indicators in 2023 and 2024.

Gearing ratio:

Capital Management Risk
31/12/2024 31/12/2023 31/12/2024 31/12/2023
'000 EUR '000 EUR '000 EUR '000 EUR
Debt (8,299) (3,991) (8,118) (3,524)
Cash and bank balances 24,368 14,379 8,994 4,832
Net debt 16,069 10,388 876 1,309
Equity 33,853 30,423 29,840 27,082
Net debt-to-equity ratio - - - -

Debt covers non-current and current borrowings and lease liabilities. Equity includes the total equity and reserves all of which the Group and Company manage as equity

Notes to financial statements
For the year ended 31 December 2024

SPAN d.d. and its subsidiaries 89

38. Events after the reporting period
From the reporting period to the date of issuance of these financial statements, there were no events that would require disclosure in the financial statements.

38.1 Contingent assets and liabilities
There are no contingent assets and liabilities.

39. Approval of financial statements
The financial statements were approved by the Management Board on 30 April 2025. The Annual Reports of the Group and the Company are available at the website of the company Span d.d.

For SPAN d.d.:

President of the Management Board
Member of the Management Board
Member of the Management Board
Member of the Management Board

Nikola Dujmović
Ana Vukšić
Saša Kramar
Mihaela Trbojević

More from Span d.d.

Transaction in Own Shares 2026
May 22
Transaction in Own Shares 2026
May 22
Transaction in Own Shares 2026
May 19
Transaction in Own Shares 2026
May 19
Transaction in Own Shares 2026
May 15
Transaction in Own Shares 2026
May 15
Transaction in Own Shares 2026
May 14
Transaction in Own Shares 2026
May 14
Transaction in Own Shares 2026
May 12
Transaction in Own Shares 2026
May 12
View all filings →