Annual Report 2025

spaan

Contents

1 Introduction 5

1.1. Statement by Nikola Dujmović 6
1.2. About Span 8
1.3. Overview of operation 40

2 Key features of the period 51

2.1. Key events in 2025 52
2.2. Information for shareholders 82
2.3. Financial Indicators for 2025 86
2.4. Risks 97

3 People and community 107

3.1. Human resource excellence 108
3.2. Strengthening employees' competences 108
3.3. Strengthening our international presence and employee support 109
3.4. Taking care of employees' health and well-being 110
3.5. Circular use of technology: support for education and waste reduction 111
3.6. Span for the community 111
3.7. Global partnerships and development of sustainability competences 112
3.8. Span Heroes - recognizing values in practice 113

4 Key indicators for employees and operations of Span Group 115

5 Processes and technology 121
5.1. ISO standards 122
5.2. Partnerships 124
5.3. Code of Business Conduct 124

6 Sustainability Report 127
6.1. General information (ESRS 2) 128
6.2. Environmental information (E1) 155
6.3. Social information (S1, S3, S4) 173
6.4. Governance information (G1) 204

7 Statements 221
Responsibility Statement of the Management Board on the Sustainability Report 222
Independent limited assurance report 223

8 Audited Financial Reports of Span Group and Span d.d. 229

Annex I: Limited assurance engagement on the key performance indicators, related to Sustainability-Linked Bond 319

THIS PDF DOCUMENT IN NOT THE OFFICIAL FORMAT FOR PUBLISHING THE ANNUAL REPORT

Introduction

6
7

1.1. Statement by Nikola Dujmović,

President of the Management Board

Faster, Higher, Stronger

Information solutions industry has entered a new phase which is best described by the Olympic motto: faster, higher, stronger. Large data centers and AI clusters are being built rapidly, huge amounts of data are being processed and all the more powerful AI models are being trained. The majority of the development is concentrated in the biggest technology companies in about 20 most developed and most prosperous countries. The rest of the world is trying to catch up – because the trend is global and unstoppable.

At Span, we identified this as a strategic opportunity given our extensive experience in developing solutions that enable a secure use of advanced technologies to organizations, while understanding their capabilities, limitations and impacts on the business processes. Customers in all markets search for partners with proven competencies in new technologies, with experience working on major projects and available capacities for such projects. For decades now, we have been building solutions that are aligned with European values, sustainable in terms of regulations, technologically advanced and able to create long-term value.

While the big players in the new order of information technologies take positions and focus primarily on developed markets, we recognize the opportunity to expand to markets that are close to us and at the similar level of development; Central and Eastern Europe and Central Asia countries in particular.

In order to achieve such expansion, it was clear we needed to ensure financial resources and professional staff to support our ambitious growth plan. For the purpose of financing the expansion and business development, we issued a Sustainability – Linked Bond in summer, and we also recruited management with thorough international experience to lead the expansion.

We want the development to be long-term, sustainable and in line with the ESG principles. Our vision complies with the fundamental objective of the EU AI Act: fostering innovation while preserving the trust at the same time. We believe the organizations that implement the principles of responsible artificial intelligence today – risk management, clear division of responsibilities and ethical approach – will hold a stronger market position and be resilient against regulatory and reputational challenges tomorrow.

We are building a sustainable organization ready to respond to technological challenges ahead of us.

1.2. About Span

We were established on 23 March 1993, as a limited liability company. Under the decision of the company's Assembly, we became a joint stock company on 24 December 2019. As professional IT service providers, we design, implement and maintain high-availability systems with the aim of increasing the security, productivity and success of our customers.

Our main activities include the provision of services of software asset management and licensing, infrastructure services of design and

maintenance of information systems, work in cloud and cyber security, management of information technology and technical support service centers, as well as the development of software and business solutions. During the 30 years of operation, we have developed from an IT system integrator in Croatia, to a company that today operates on the international market. We are focused on our long-term relationships with customers, and we cooperate with leading global and regional corporations. As a leading expert in Microsoft

technologies and leading regional Microsoft partner, we are continuously working on improving the knowledge of our employees with the aim of providing higher quality solutions to our customers.

In the past years, we recorded a continuing growth of revenue, with 74% of our revenue being generated in the international market. As an IT service provider, we successfully monitor and respond to trends in the digital transformation of operation, and with our

work and company values, we try to be an example of the responsible and sustainable operation in Croatia.

Today Span has more than 900 developers, IT solutions architects, consultants, IT support specialists, business analysts and researchers. We develop solutions for the fast evolving digital world, offering services and support with regards to cloud, cyber security, data platforms, artificial intelligence and business solutions.

10
11

1.2.1. Span in numbers

Company established	1993
Proactively managed devices	95,200+
Successfully completed projects in 2025	404
Availability of Span support	24/7
Resolved tickets in 2025	283,000+
Incidents resolved in terms of SLA*	99.95%
Average age of employees	36
Employees with university or college degree	675
Employees with professional certification	496

Service Level Agreement

1.2.2. History and development

Our journey started in 1993 with the decision to sell legal software at a time when Croatian market was dominated by pirate software, and awareness of the importance of purchasing legal licenses was only starting to take shape. Already in 1996, we became the first certified partner for Microsoft solutions in Croatia, only to become a Microsoft Certified Solution Provider Partner three years later. The 1996 to 2001 period was crucial for our transformation. A Hungarian system integrator, Synergon, joined our ownership structure in 2000, which further fostered the growth of the company and accelerated its market and organizational development.

In 2001, we obtained the status of the first Microsoft Gold Partner in Croatia and became the leading Microsoft Partner in the country. Alongside licensing, at that time we started to develop technical support services, consultancy and designing custom business solutions for our customers, gradually scaling up our business from software distribution to providing full IT services, laying the foundation for further development of advanced technological competences. In the years that followed, we systematically expanded our

business outside Croatia, building international presence and operational capacities on multiple markets. Today, Span is present in 16 countries through its subsidiaries, creating a stable foundation for long-term growth and further internationalisation of business.

Further development of the company was accompanied by a step towards the capital market as a growth acceleration platform. We became a joint stock company in 2019, and our shares were listed on the Zagreb Stock Exchange in September 2021, making way to a new phase of operation oriented towards expansion to new markets and scaling of business activities. Six months after the Initial Public Offering, Span's share was included in the CROBEX® and CROBEXtr® indices, whereas in March 2023, it was listed in the CROBEX10® and CROBEX10tr® indices'. In the same year, the largest provider of stock indices on the global level, MSCI, enlisted Span's share in the MSCI Frontier Market Small Cap Index, which gives it additional visibility with global investors. In the following period, we continued to further focus on cloud technology and cyber security as key business development paths. In addition to long-term

partnership with Microsoft, we continue to operate with Google, Amazon and other global technological partners. In September 2022, we opened Span Cyber Security Center where we provide education and consultancy for the business community in Croatia and the region. In 2023, we acquired GT Tarkvara, the Estonian leading Microsoft partner, and thus further confirmed the strategic direction of international growth and development of technological competences.

In 2024, we merged subsidiaries Bonsai and Ekobit with Span, thereby combining our offer of software and AI solutions within the Span brand and further expanding development capacities of the Group. Alongside cloud and cyber security, artificial intelligence is becoming one of the strategic focuses of our business.

2025 was marked by a number of strategic leaps forward that further strengthened our business and laid the foundations for future growth. In this period, we issued a Sustainability Linked Bond and further aligned our financial strategy with sustainability goals. Collected funds are aimed at establishing

and investing in new members of the Group through further internationalisation of business on the markets of South, Central and Eastern Europe, and that of Central Asia, and at financing capital investments, working capital, potential acquisitions and other corporate needs. The Bond was listed on the Official Market of the Zagreb Stock Exchange.

In accordance with clearly defined strategic guidelines, we continued to grow our international business, and in 2025 we established new companies in Kazakhstan, Poland, the Czech Republic, Romania and Greece, thereby further broadening the base for our future growth. During 2025, Span went through its fourth rebranding, prompted by the continuous business development, and the company's new visual identity was presented together with the new brand strategy. In 2025, Span's expertise was further confirmed by the Microsoft Partner of the Year Award for three countries (Croatia, Slovenia and Ukraine) in the same year, which happened for the first time, confirming the continuity of the market and organizational development of the company.

1 As of 22 September 2025, Span's shares are no longer included in the CROBEX10® and CROBEX10tr® indices.

1.2.2. History and development

Span is founded	First Croatian										AW8 and Google Cloud Services partner	12 Microsoft Advanced Specializations achieved	Merger of Borsai and Ekobit
	Microsoft Certified Solution Provider	Microsoft Partner of the Year - Croatia	European Business Award	Span LLC, Ukraine awarded best Microsoft LSP partner in Ukraine	Span LLC, Kyiv, Ukraine established	Span LLC, Ukraine awarded best Microsoft LSP partner in Ukraine	Span LLC, Ukraine	Span LLC, Ukraine	Span LLC, Ukraine	Span LLC, Ukraine
1993	Organization of Microsoft Systems & Development Conference	In-house installation of Exchange 4.0 - email exchange system	Microsoft Certified Solution Provider Partner	First Croatian Microsoft Gold Partner	Span management buy out	ISO/IEC 27001	Microsoft Partner of the Year - Croatia	Span USA, INC., Chicago, IL established	Span USA, INC., Chicago, IL	Span USA, INC., Chicago, IL	Span USA, INC., Chicago, IL	Span USA, INC., Chicago, IL	Span USA, Inc.
	1995	1998	2000	2006	2009	2012	2014	2016	2019	2021	2023	2025
	First Microsoft Certified System Engineer employed	Span launches Microsoft CTEC education center	Span partners with Hungarian system integrator Synergon	ISO 9001	Span IT, London, United Kingdom established	ISO/IEC 20000	McDonald's UK IT operator of the Year Award	Microsoft Partner of the Year - Croatia	17 Microsoft competencies achieved, 16 Gold	McDonald's Global Technology Partner	ISO/IEC 22301 Acquisition of GT Tarkvara	Span Kazakhstan Limited, Span Polska Sp. z o.o., Span Romania S.R.L and Span Hellas SA established
			First Microsoft Enterprise Agreement in Croatia		Span d.o.o., Ljubljana, Slovenia established			Span Azerbaijan, Baku, Azerbaijan established		Microsoft Partner of the Year - Croatia	12 Microsoft Advanced Specializations achieved	Span Cyber Security Arena 2025
										Span Azerbaijan, Baku, Azerbaijan established	6 Microsoft Solutions Provider designations	Span Rebranding
										Microsoft Partner of the Year - Croatia & Ukraine	Microsoft Partner of the Year - Croatia	Span Rebranding
										Span IT SRL, Chișinău, Moldova established	Span LLC, Tbilisi, Georgia established	Span Cyber Security Center transitioned into an adult learning institution
										ISO/IEC 14001		Issuance of the Sustainability Linked Bond
										ISO/IEC 50001		Starbucks Supplier of the Year award
												Golden Balance Sheet Award for the fastest growing company in Croatia

16
17

1.2.3. Organizational structure of the Group

Headquarters

Span d.d.
Koturaška cesta 47
Zagreb

Domestic subsidiaries

Cyber Security Incubator LLC
Trilix d.o.o.

2 As of December 31st, 2020, Span Group ("Group") consists of Span d.d. ("Company") and its subsidiaries.

Since March 2026, the company GT Tarkvara has begun operating under the Span brand – Span Estonia OÜ.

International subsidiaries

Span d.o.o.
Ljubljana, Slovenia

Span IT Limited
London, United Kingdom

Span USA, Inc.
Chicago, USA

Span LLC
Kyiv, Ukraine

Span Polska Sp. z o.o.
Warsaw, Poland

Span IT s.r.o.
Prague, Czechia

Span Romania S.R.L.
Bucharest, Romania

Span Hellas SA
Athina, Greece

1.2.4. Corporate Governance

Span is a company that operates taking into account the established professional and ethical values and systematically applies the highest corporate governance standards. Our shares are listed on the Official Market of the Zagreb Stock Exchange, which is why we apply the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (HANFA), as well as all the internal rules and procedures based on the principles of impartiality, transparency, equity, and accountability, adopted based on the aforementioned Code. A report on the application of the Code is a constituent part of the Annual Report of the Span Group.

A robust corporate governance model, consisting of the Management Board, the Supervisory Board and the General Assembly ensures liability at all levels and allows effective decision-making in accordance with legal requirements, best practices and our core values. Timely and objective communication of all key business activities and results to stakeholders encourages trust and contributes to the stability and long-term development of the Company.

Under our professional standards and culture of accountability, all employees and partners undertake to behave ethically, respect the regulations and adhere to the Code of Business Conduct.

We apply the same high standards in each country in which we operate, because we believe that the strong corporate governance is a key prerequisite for business excellence, long-term sustainability and added value for our shareholders.

1.2.4.1. Report on the application of the Corporate Governance Code

Pursuant to Article 272.p, and in relation to Article 250.a of the Companies Act (Official Gazette no. 111/1993, 34/1999, 121/1999, 52/2000, 118/2003, 107/2007, 146/2008, 137/2009, 111/2012, 125/2011, 68/2013, 110/2015, 40/2019, 34/2022, 114/2022, 18/2023, 130/2023, 136/2024, hereinafter: Companies Act), and Article 25 of the Act on Accounting (Official Gazette no. 85/2024, 145/2024, 151/2025), the Management Board of Span d.d., Zagreb, Koturaška cesta 47, OIB:19680551758 (hereinafter: Span or Company) issues the following

Report on the application of the Corporate Governance Code

I Span's shares were listed on the regulated Zagreb Stock Exchange market on 21 September 2021, and Span applies the Corporate Governance Code of the Zagreb Stock Exchange and the Croatian Financial Services Supervisory Agency (HANFA) (hereinafter: the Code), which is publicly available online on the sites of the Zagreb Stock Exchange (www.zse.hr) and HANFA (www.hanfa.hr).

II With this report, Span confirms that it operates in accordance with good corporate governance practices and, for the most part, according to the recommendations of the Code, publishes all information whose publication is provided for by positive regulations. The reasoning behind deviations from certain recommendations and additional adjustments shall be submitted in the Annual Compliance Questionnaire for share issuers and the Questionnaire on Management Practices for share and bond issuers, which Span will submit to HANFA for 2025 no later than 30 April of the current calendar year, and publish on the websites of the Company and Zagreb Stock Exchange, in accordance with the Rulebook on information related to corporate governance, which issuers are obliged to submit to the Croatian Financial Services Supervisory Agency, and with the form, deadlines and method of their submission (Official Gazette 59/2020, 12/2023, 6/2026).

III Internal control and risk management system in relation to the financial reporting process is carried out by accounting, treasury, controlling and internal audit units, with the supervision of the Audit Committee. In accordance with the Audit Act (Official Gazette 127/17, 27/2024, 85/2024, 145/2024, 151/2025), along with the tasks laid down in the Regulation (EU) no. 537/2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC, and all the relevant regulations, the Audit Committee monitors the financial reporting process and submits recommendations or proposals to ensure its integrity, and monitors the effectiveness of internal control and risk management systems, including effectiveness of procedures for approval and announcement of transactions between members of the Management Board and the Supervisory Board and the Company, monitors internal audit, without breaching its independence.

Providing senior management and the Supervisory Board with guarantees and information that will help achieve the organization's goals, including evaluating the effectiveness of risk management actions are key objectives of internal audit. Controlling reports to the Management Board of the Company, and internal audit to the Supervisory Board's Audit Committee and the Management Board.

Internal audit report shall be drawn up on the basis of the following eight implemented systems. Span ensures high level of reliability of its business processes and adequate degree of trust of all stakeholders.

Internal audit report shall be drawn up at the end of each audit, and contains:

list of performed audits
assessment of the adequacy and effectiveness of internal control systems, as well as improvement recommendations
illegalities and irregularities, if observed during audit, and recommendations and proposals of measures for their elimination
action taken in relation to previously issued recommendations.

Reports shall be submitted to the Management Board and the Audit Committee. In 2025, Span continued to maintain and continuously improve eight existing ISO certified management systems. Particular attention was paid to information security, IT services and business continuity management. Throughout the year, we successfully recertified our information security and anti-bribery management systems and continued with the development of risk management process.

With these eight implemented systems, Span ensures high level of reliability of its business processes and adequate degree of trust of all stakeholders.

IV As at 31 December 2025, ten most significant shareholders in Span are:

No	Name	Number of shares	%
1	FINA-VRIEDINONNEX: B.O.D./BUJMOVIĆ NIKOLA	505,438	25.09
2	RAFFEINFINRANA: KOTIWA D.D./RAFFEINEN VELUTUSKY PENNION JICHIS	131,111	6.68
3	EROTE S. STEIERMARKINCHI: RANA D.D./PRE CO-OMT - CATSIGHT 4	127,929	6.33
4	PETERKAFITAL VRIEDINONN: PAPER D.O.D./BUJMOVIĆ NIKOLA	100,000	5.10
5	OTP RANKA D.D./EROTE PLSO: OMP CATSIGHT 4	65,836	3.36
6	EROTE S. STEIERMARKINCHI: RANA D.D./PRE CO-OMT - CATSIGHT 8	65,290	3.33
7	FINA-VRIEDINONNEX: B.O.D./POWIRAC WARDAN	55,000	2.81
8	FINA-VRIEDINONNEX: B.O.D./RANEK ZUHNIMIR	54,800	2.80
9	FINA-VRIEDINONNEX: B.O.D./KOLABER HARKO	52,130	2.66
10	PROVREINA: RANKA ZAGHER D.D./RAFFEINEN OMP CATSIGHT 4	52,097	2.66

Top 10 accounts with the largest quantity of securities

Span does not have securities holders with special control rights, nor securities holders with limitation of voting rights to a specific percentage or number of votes, time limitations related to exercise of voting rights or cases in which, in cooperation with the company, financial rights from securities are separated from holding of those securities. Rules on the appointment and revocation of members of the Management Board, or the Supervisory Board, are available on Span's intranet, and they are based on the Code and the provisions of the Companies Act. Span does not have specific rules on the changes to Company Articles of Association or powers of the members of the Management Board, or the Supervisory Board. Provisions of the Companies Act and Company Articles of Association, which is available on Span's website (www.span.eu) are applied to all the relations mentioned above.

V Companies Act and Company Articles of Association define the manner of work of the General Assembly, its authorizations, rights of shareholders and manner of their realization, while invitation and decision proposals, as well as decisions made are publicly announced in accordance with the provisions of Companies Act, Capital Market Act and Rules of the Zagreb Stock Exchange. Each share carries one vote.

VI The Management Board of Span consisted of 3 members until 1 April 2025; Nikola Dujmović as president, and Saša Kramar and Ana Vukšić as members. On 27 March 2025, Mihaela Trbojević was appointed as

the member of the Management Board, and her mandate began on 1 April 2025. Members and the President of the Management Board are appointed for a maximum of 5 years. After expiry of the mandate, Members and the President of the Management Board can be reappointed, without restriction of the number of mandates. The Management Board manages Company business under its own responsibility, exhibiting all the due diligence of a conscientious businessman, in accordance with the Companies Act, Company Articles of Association and Rules of Procedure of the Management Board.

In 2025, the Supervisory Board consisted of 5 members. Powers of the Supervisory Board are defined by the provisions of the Companies Act, Company Articles of Association and Rules of Procedure of the Supervisory Board. Within the framework of their competence, the Supervisory Board makes decisions, evaluations, opinions, gives approval of decisions made by the Management Board which was provided for by Rules of Procedure, legislation or Articles of Association, gives orders to auditors and together with the Management Board determines decision proposals which are made by the General Assembly.

The Management and the Supervisory Board generally work on meetings, but also make decisions without holding a meeting, by correspondence, in accordance with the provisions of rules of procedure, legislation and Articles of Association.

According to the provisions of legislation, Corporate Governance Code and Rules of Procedure of the Supervisory Board, the Supervisory Board established two committees; the Audit Committee and the Nomination and Remuneration Committee. Description of tasks and competences of the Audit Committee and the Nomination and Remuneration Committee is available on Span's website (www.span.eu).

VII The Company is subject to the sustainability reporting obligation, and the Sustainability Report is included in the 2025 Annual Report as its integral part and placed in Chapter 6.

VIII Pursuant to Article 250.a (4), and Article 272.p (1) of the Companies Act, this Report forms a specific section and is an integral part of Annual Report for 2025.

Span d.d.

1.2.4.2. Corporate Governance Code – Compliance Questionnaire for 2024

By applying the best practices of corporate governance, we ensure unbiased, transparent and responsible decision-making in our operations. In line with the requirements of the Corporate Governance Code, in 2025 we published a Compliance Questionnaire for 2024².

2 The Questionnaire on Management Practices was also submitted to HANFA in the time period prescribed by relevant provisions of law.

22
23

1.2.4.5. Corporate Governance Structure

The three fundamental bodies of the corporate governance in Span are as follows:

Management Board
Supervisory Board
General Assembly

1.2.4.5.1. Management Board

The Management Board of the Company is responsible for the strategic management and long-term performance of the whole Span Group. It is obliged to act only on behalf of Span and its shareholders at all times, taking care of the interests of the employees and the wider community, with a view to increasing Span value. Members of the Management Board manage the affairs of the Company together, as well as independently as per individual areas of business as specified in

more detail in the Rules of Procedure for the Management Board. Irrespective of the division of competences, all members of the Management Board are responsible for the overall management of the affairs of the Company. The Management Board manages its affairs in compliance with the applicable laws and by-laws, the Articles of the Association of the Company and the Rules of Procedure for the Management Board.

The Rules of Procedure for the Management Board regulates tasks, responsibility, organization, way of operation and decision-making of the Company Management Board, as part of the corporate management process, especially:

a) Management Board tasks and responsibilities
b) organization and workflow and Management Board decision making
c) business areas which are independently managed by Management Board members
d) powers and limitations with regards to the

Management Board member	Start of the term	End of the term
Nikola Dujmović	16.12.2024	16.12.2029
Saša Kramar	16.12.2024	16.12.2029
Ana Vukšić	16.12.2024	16.12.2029
Mihaela Trbojević	1.4.2025	16.12.2029

Information on the execution of the obligation concerning a balanced representation between women and men, pursuant to Article 272.p (2) of the Companies Act on 31 December 2025.

	Total number of members	Number of women	Proportion of women	Number of men	Proportion of men
Supervisory Board and Management Board	9	5	55 %	4	44 %
Supervisory Board	5	3	60 %	2	40 %
Management Board	4	2	50 %	2	50 %
Balanced representation achieved in the Supervisory Board, Article 272.p (2)(c)		Yes
Objectives regarding the participation of women and men in the Management Board achieved, Article 272.p (2)(e)		Yes

Company's management of business affairs

e) preparing and calling for a Management Board meeting
f) working on meetings and the way in which decisions are made
g) minutes and conclusions, acts and archives
h) rules for preventing conflict of interest
i) cooperation and relationship towards the Supervisory Board
j) other questions of note for the Management Board work.

Division of work and competence of Company Management Board members is elaborated in more detail in the Appendix of the Rules of Procedure.

Up until 1 April 2025, the Management Board of Span consisted of three members:

Nikola Dujmović – President
Ana Vukšić – Member
Saša Kramar – Member

On 27 March 2025, the Supervisory Board appointed Mihaela Trbojević as the member of the Management Board, and she joined the Management Board of Span from 1 April 2025.

The number of the members of the Management Board is determined by a decision of the Supervisory Board. The Management Board is appointed for a term of office of not more than five years, with a possibility for reappointment, without restriction of the number of terms.

During 2025, 15 meetings of the Management Board took place, with the membership attendance of 100%.

The Management Board evaluated its effectiveness and the individual members' effectiveness, and communicated its conclusions to the Supervisory Board.

24
25

Nikola Dujmović
President of the Management Board

Ana Vukšić
Member of the Management Board for Finance

Nikola is a co-founder and the CEO of Span, a position he has held since the Company's establishment in 1993. An engineer by profession, he consistently identifies opportunities for business growth and improvement and is recognized for his ability to anticipate global technological trends. He graduated in 2002 from the Faculty of Electrical Engineering and Computing (FER) at the University of Zagreb. His business philosophy is grounded in belief in one's work, social responsibility, and continuous investment in people and their competencies. From the very beginning, Nikola recognized the critical importance of developing employees' knowledge and skills, enabling Span's teams today to work with cutting-edge technologies and effectively address customers' business challenges. Nikola is also responsible for Span's international expansion and was the driving force behind the company's strategic partnership with Microsoft, positioning Span among Microsoft's largest partners. He led the team that successfully executed the company's initial public offering (IPO), including the implementation of an ESOP program, resulting in Span's shares being listed on the Zagreb Stock Exchange on 21 September 2021. His areas of responsibility include the design and development of strategically important projects, corporate security, human resources management, quality assurance, legal compliance, and corporate governance. Owing to his vision and leadership, Span has evolved into an international company operating through its subsidiaries across Europe, Asia, and the United States.

Ana is the member of the Span's Management Board in charge of finance, accounting, controlling, ESG, logistics and office administration. She has 19 years of experience in finance, and the thorough knowledge of accounting, controlling, treasury, risks and taxation is her greatest strength. She started her career in 2006 at Iskon Internet d.d., and after that she was the head of controlling and reporting at Proficio d.d. She joined Span in 2020 as Finance Director. She contributed greatly to the development of new policies and procedures with her experience and knowledge, and she was also a key team member in the preparation of Span's listing on the Zagreb Stock Exchange. By managing the segments she is responsible for, Ana actively works on improving Span's business and maintaining and developing relationships with various financial institutions, creditors and investors.

Saša Kramar

Member of the Management Board for Marketing, Sales and Business Development

As the Member of the Management Board for Marketing, Sales and Business Development, Saša is responsible for Span's international business development, managing a full portfolio of marketing and sales activities. Together with his team, he is strengthening relationships with our current and future customers, suppliers and partners, and overseeing these activities on the markets in which Span operates. During his first year at Span, we have already seen him restructure Sales and Marketing departments with great success. His immense experience in organizing these corporate branches as well as managing business development and strategic growth help transform Span into an international company. During his 36-year-long productive career Saša has worked on managing positions in technology and telecommunication companies. He started his career at the Apple Center NOVEL in 1990 and moved to Iskon Internet in 2000, where he was the CEO until 2015, when he became the member of the Management Board of Hrvatski Telekom. He performed that function until January 2020, at the same time performing the function of the President of the Supervisory Board of Combis since 2016, and the Member of the Supervisory Board of Crnogorski Telekom since 2017. He studied at the Faculty of Electrical Engineering and Computing, University of Zagreb, only to continue to improve his knowledge in Croatia and abroad.

Mihaela Trbojević

Member of the Management Board for Product and Service Management

Mihaela is the member of the Management Board of Span in charge of product and service management, and the President of the Management Board of Span Cyber Security Center, which operates as an Adult Learning Institution. She joined Span in 2008, and we have her to thank for the establishment and development of services and solutions management system, as well as for the development and maintenance of key partnerships with leading tech companies. As a member of the Management Board, she is involved in defining the strategic direction of the company, and she contributes to the long-term and sustainable business through alignment of strategic and operational goals at the level of the whole Span Group. She is responsible for the development and management of services and solutions portfolio, with a view to reinforcing Span's market position and adapting Span's offer to market needs. Throughout her mandate, Span Cyber Security Center further consolidated its role and became an Adult Learning Institution, thereby starting to implement formal education programs recognized by the Croatian education system, alongside informal trainings. An engineer by trade, she graduated from the Faculty of Transport and Traffic Sciences. Apart from professional commitments, she loves to dedicate her time to writing for children and young adults. She is the author of Belo's Adventure on the Dragon Planet picture book, and a young adult book Danger Behind the Screen.

1.2.4.5.2. Supervisory Board

Ante Mandić

President of the Supervisory Board

The Supervisory Board of Span consisted of five members in 2025:

Ante Mandić, President of the Supervisory Board
Aron Paulić, Vice President of the Supervisory Board
Ivana Šoljan, Member of the Supervisory Board
Mirjana Marinković, Member of the Supervisory Board
Barbara Gradečak, Member – employees’ representative in the Supervisory Board.

Term of office of the Members of the Supervisory Board (under 1 to 4) lasts until 30 September 2029.

Barbara Gradečak’s term of office as employees’ representative lasts for four years, from 29 December 2023, when she was elected, to 29 December 2027.

Ante is the President of the Supervisory Board. He graduated from the Technical Military Academy in Zagreb in 1978, acquiring the title Bachelor of Science in Nuclear Physics, i.e. an expert for nuclear weapons. He obtained a Master’s Degree in 1985 in the area of computer simulation. He continued his career in the army, and after initial activities directed to performing commanding duties, he returned to the Technical Military Academy as a lecturer, and then worked as a scientific researcher and military advisor abroad. He left the army in 1991 and then founded a company, IN2 for the development and implementation of software and provision of related services. By 2018, IN2 developed into a Group of 12 regional companies with more than 630 employees, and in the same year, it was sold to the Canadian

group, Constellation Software. Today, Ante is the majority owner of Insig2 and NavBiz, investor and co-owner in a large number of Croatian companies, and occasionally volunteers as a mentor for small and medium-sized enterprises within Sentor, an association he founded. He is an active participant of the Croatian IT community, and through his career, he has performed the functions of the president of associations within the Croatian Employers’ Association and the Croatian Chamber of Economy. The President of the Republic of Croatia decorated him with the Order of Danica Hrvatska in 2014 for his contribution to the development of the Croatian economy. He was also declared the Manager of the Year in 1999 and 2021, and the Entrepreneur of the Year in 2014 and 2018.

30
31

Aron Paulić
Vice President of the Supervisory Board

Aron is the Vice President of the Supervisory Board and President of the Nomination and Remuneration Committee. He is responsible for the recruitment of candidates and the supervision of the process of nomination for the Supervisory Board and the Management Board so as to ensure transparency and decency. Moreover, he considers proposals for the remuneration of the members of the Management Board and supervises the amounts and the structure of remuneration of the senior management and employees as a whole. He started his career as a developer and has worked on system development and the sale of advanced solutions. He has spent the biggest part of his career in managerial positions in

the media industry. He has been an active creator of the Croatian information industry for 30 years, a publisher of IT magazines, books and digital publications, an author of numerous articles and interviews, and an organizer of fairs, conferences and seminars. He has collaborated with more than 800 associates in his career, many of whom form the backbone of the local IT industry today. He started his career in 1991 at AC NOVEL, where he worked on software development and sale positions. In 1993 he co-founded the media company BUG and has been its director since then. He graduated from the then Faculty of Electrical Engineering of the University of Zagreb in 1991, now the Faculty of Electrical Engineering and Computing.

Ivana Šoljan
Member of the Supervisory Board

Ivana Šoljan graduated with a degree in theater directing and radio broadcasting and business communication, and she also has a Master's degree in communication. She is one of the first female entrepreneurs in Croatia with experience in launching, funding and selling projects in the media, tourism and telecommunication industry. She also boasts great experience in management since she has held executive positions in a couple of managerial teams (IN2, Jupiter Adria, Hrvatski Telekom, Iskon, Europapress Holding, Z3 TV, etc.), as the Executive Di

rector and Member of the Management Board, where she was mostly responsible for sales, marketing and business development. She also has great general management experience. With Ivica Mudrinić, she is the co-founder of Foundation Luka (Zaklada Luka), a charity that finances university tuition fees for talented female students lacking financial resources. Ivana is the Director and the Member of the Management Board in Backstage consulting d.o.o., include d.o.o., and Nest 01 d.o.o., and the founder and Director of the Hub385 coworking area.

32
33

Mirjana Marinković
Member of the Supervisory Board

Barbara Gradečak
Member of the Supervisory Board

Mirjana is the Director of Sapientia Nova d.o.o. Zagreb, and of a series of project companies where she develops entrepreneurial ideas. She graduated from the Faculty of Economics, the University of Zagreb, in 1998. She went on to acquire formal education at the postgraduate studies in Accounting, Finance and Auditing major. In 2008, Mirjana was awarded the annual award "Prof. dr. sc Ferdo Spajić" by the Croatian Association of Accountants and Financial Professionals, a professional organization. She is certified as a professional TQ trainer. Her 25-year professional career has been connected to investment funds and the companies Expandia Invest and CAIB Invest since its very beginning, along with the leasing industry in Croatia, for which she organizes and manages the regional education program

called Leasing Academy. She took part in important restructuring projects in Croatia, including the position of the Finance Director/Procurator at Hypo Alpe Adria Bank in the period from 2011 to 2012, and the Group Consolidation Manager in the project for Agrokor Group restructuring. She is specialized primarily for launching businesses, risk management, consolidation, IFRS/IAS standards and entrepreneurial activity. As part of her most recent professional work, Mirjana holds one of the key development functions of the LAZZZ – Health & Wellness Resort concept, a luxury wellness and lifestyle project that integrates financial discipline, sustainable architecture and holistic approach to health. Since June 2023, she has been the member of the Supervisory Board of Span d.d.

Barbara acquired the Senior Economist for Internal and Foreign Trade title at the Faculty of Economics in Zagreb in 2006. She started her career in Amadeus M.A.J., and she has worked in Span since 2010. Apart from being assigned with payroll, during this year she also took on a role of accounting coordinator. She was actively involved in key activities of Span's operation, such as

going public on the Zagreb Stock Exchange and implementation of the ESOP (Employee Stock Ownership Plan), which confirmed her expertise and professionalism. At the end of 2023, she was elected the representative of employees in the Supervisory Board of Span, which is also a recognition of her dedication to the improvement of the Company's operation.

According to independence criteria from the Corporate Governance Code, independent members account for 80% of the members of the Supervisory Board. Employees' representative in the Supervisory Board, Barbara Gradečak, is an employee of the Company.

The Supervisory Board held 5 (five) meetings where it adopted the Annual work plan for 2025, Business plan/budget for 2025, and it assessed the work of the Management and the Supervisory Board for 2024. It also adopted the Annual plan for internal audit and Plan of the selected auditor of Span Group for 2025, reviewed and determined the Annual Financial Statements compiled by the Management Board, and the decision on the distribution of profits, Auditor's Report composed by the audit company Deloitte d.o.o., as well as Remuneration Reports of the Management Board and the Supervisory Board. Based on the recommendation of the Audit Committee, the Supervisory Board proposed to the Assembly to appoint Deloitte d.o.o. as the auditor of Span Group for 2025 and 2026. The Supervisory Board appointed Mihaela Trbojević as the fourth member of the Management Board and approved the Management Board's Decision on consideration of the issuance of Sustainability-Linked Bonds and their listing on the Official Market of the Zagreb Stock Exchange. The cooperation between the Supervisory Board and the Management Board was assessed positively.
At the meetings, the attendance of members was recorded at 88%. Mirjana Marinković,

Barbara Gradečak and Aron Paulić were present at all meetings, Ante Mandić was present at four meetings, and Ivana Šoljan was present at three meetings.

The Supervisory Board decided by correspondence three times in 2025, when it decided on the approval of contracts with affiliated persons, it adopted the Decision on the payment of variable remuneration components for the results achieved by the members of the Management Board for 2024, and it approved the Questionnaire on Management Practices and Compliance Questionnaire for issuers.
The Supervisory Board carried out self-evaluation of the profiles and competences of the members of the Supervisory Board and members of its committees where all the circumstances referred to in Article 41 of the Code were evaluated. The self-evaluation was conducted by the Vice President of the Supervisory Board without engaging an external auditor. The Supervisory Board determined that its composition and profile, as well as the composition and profile of its committees, correspond to the needs and activities of the Company. No recommendations were given, since it was established that all the members of the Supervisory Board and its committees possess knowledge, abilities and professional experience required for decision-making in all the issues that were on the agenda at the meetings of the Supervisory Board and its committees. All the members of the Supervisory Board (except for the employees' representative) are independent, and the level of women's representation being at 60% was evaluated

above average. Administrative support when preparing meetings of the Supervisory Board is provided by the Secretary of the Company in an effective and timely manner.

The Supervisory Board of the Company was informed by the Management Board in a proper, timely and transparent manner about all crucial issues concerning the operation of the Company and companies dependent on it, which are important for the existence of the Company.
No other payments, apart from the fee for their work in the Supervisory Board, were made to the members of the Supervisory Board in 2025.

The Supervisory Board of Span founded the Audit Committee and the Nomination and Remuneration Committee.

1.2.4.3.2.1. Audit Committee

The Audit Committee performed tasks in line with the Audit Act, the Regulation (EU) 537/2014, other positive regulations and the Rules of Procedure of the Audit Committee, which are available at the Company's website.

In 2025, the Audit Committee acted in the following composition:

Ante Mandić – President
Nataša Zelenika – Member
Tomislav Skorin – Member

All the members of the Audit Committee are independent.

Nataša Zelenika

Nataša graduated from the Faculty of Economics and Business in Zagreb. She started her career in 1999 as an auditor at Ernst & Young Croatia, the position she left in 2008. She then worked as Finance and Accounting Manager at PBZ Croatia d.d., where she was in charge of the finance and accounting of the company and the fund. In 2010, she continued her path in the finance of Agrokor d.d. where she mostly worked on coordination and resolution of taxation issues on the level of the holding company, while cooperating closely with external consultants. Since 2017, she has been the owner and director of a consultancy company, which provides consulting services in the area of finance and accounting, as well as functions of external accounting to various customers. She has been the member of the Audit Committee of Span since its establishment.

Tomislav Skorin

Tomislav graduated from the Faculty of Economics and Business in Zagreb in 2001. He started his career the same year as an auditor for Deloitte & Touche in Zagreb, and later he worked as an Audit Supervisor for Confida revizija, a company in Zagreb. Tomislav continued his career as a Senior Controller at Iskon Internet only to become the CFO and the member of the Management of Tvorica plinskih turbina d.o.o. in Karlovac, and finally the member of the Management of the Croatian Mint until November of 2023. Tomislav is an experienced CFO with a proven track record in the industry of production and audit

and consultancy services. He is exceptionally committed to long-term prosperity and professional goals of the company, he believes in open communication and consistently achieves and overcomes the agreed goals, frequently in very demanding circumstances.

During 2025, the Audit Committee held 4 (four) meetings where the recorded attendance of its members was 100%. During the meetings, the Audit Committee considered and adopted the Internal audit report for 2024 and the Annual work plan for 2025.

The Audit Committee considered and gave recommendations to the Supervisory Board to adopt the annual financial statements and consolidated annual financial statements of Span Group, along with a report on the condition of the Company and subsidiaries, with the reports of the authorized auditor, Deloitte d.o.o. for 2024. The Audit Committee gave recommendation to the Supervisory Board to adopt a submitted proposed Decision on appointing the auditor for 2025 and 2026, appointing Deloitte d.o.o. as the auditor of the Group, and refer it to the General Assembly for decision-making, where the proposal was adopted. The Committee adopted the Annual plan for audit for 2025, as well.

The Audit Committee evaluated the effectiveness of risk management and the internal control system, the status of the personal data protection system, procedures for approval and announcement of transactions between members of the Management Board or the

Supervisory Board and the Company (or persons related to any party) and effectiveness of the procedure for reporting irregularities and its application. The Audit Committee regularly presented its conclusions and recommendations to the Supervisory Board.

1.2.4.3.2.2. Nomination and Remuneration Committee

The Nomination and Remuneration Committee performed tasks specified in the Decision of the Supervisory Board on establishment of the Nomination and Remuneration Committee and provisions of the Rules of Procedure of the Nomination and Remuneration Committee, which are available at the Company's website.

In 2025, the Committee worked with the following composition:

Aron Paulić – President
Hana Horak – Member
Lucia Ana Tomić – Member.

All the members of the Nomination and Remuneration Committee are independent.

The Committee held 4 (four) meetings, which were attended by all the members.

Hana Horak

Prof. Hana Horak, PhD is a tenured Professor at the Faculty of Economics and Business, University of Zagreb, Department of Business Law, Jean Monnet Chair. She teaches Commercial Law, European Company Law, EU Internal Market Law and International

Commerce Law. She is also the Head of the university specialist program "Legal and Economic Framework of Business in the European Union". Since 2011, she has been the Chair of the Program Committee of the International Conference on European Company Law and Corporate Governance. She is the Editor-in-Chief of the scientific magazine INTEREULAWEAST – Journal for International and European Law, Economics and Market Integrations. She has been a member of the European Law institute (ELI) for years, and actively participates in ELI SIG Business and Financial Law as a member of the project team on the project "Corporate Sustainability, Finance, Accounting and Capital".

Since 2020, she has been a member of the Advisory Board in the Croatian center of the European Law Institute (ELI Croatian Hub). In 2022, she was elected the member of the Supervisory Board of the Croatian Academy of Legal Sciences. She is the President of ICC Croatia Commission on Corporate Responsibility and Anti-corruption. Within trainings by the ESG Academy of the Croatian Chamber of Commerce she gave a series of lectures on the legal framework of corporate governance in the area of sustainability and implementation of ESG factors. Moreover, she provided training for the Croatian Banking Association and lectures within ESG workshops of Privredna banka Zagreb and other business entities. She published numerous papers and books. She has been a member of the Span's Nomination and Remuneration Committee since its establishment.

Lucia Ana Tomić

Lucia boasts more than twenty years of experience working in the area of legal affairs and human resources. Working in a law office (banking and insurance sector), she specialized in the area of financial crime, prevention of money laundering and fraud and data protection. She is leading the Sector for Conformity, Regulatory Affairs and Procurement at Wiener Insurance, Vienna Insurance Group d.d. She has been appointed a member of the Nomination and Remuneration Committee in Span. Lucia has acquired degrees at the Faculty of Law and the Faculty of Economics in Zagreb, where she continued her education and acquired an MBA degree in the area of management and international mergers and acquisitions. Since 2020, she took part in conferences as a speaker (Leader events, Money Motion, European Company Law Association, United Nations Geneva...) and gave lectures in universities in the region as a visiting lecturer. She is a full-time lecturer on Social Criteria and Governance at the ESG Academy. She is the author of a series of scientific articles in the HR area concerning remuneration and assessment of eligibility of members of management boards. Her latest paper was published in 2023 under the title "Directors, information, remuneration and risk management // European company case law", 2 (2023), 2; 149-161, doi: DOI: 10.5771/2752-177X-2023-2-149 (Horak, Hana; Tomić, Lucia). She is the Head of the Labour Legislation Committee at the Croatian Employers' Association, the Vice President of the ICC Commission on

Corporate Social Responsibility and a licensed coach at the European Mentoring and Coach Council.

The Nomination and Remuneration Committee determined the proposed goals of the Company for 2025, and key performance indicators (KPI) in order to determine the annual bonus for the Management Board, which was referred to the Supervisory Board and adopted.

It also determined fulfilment of goals in order to determine the amount of the annual bonus for the Management Board for the previous year. It supervised the amount and structure of remuneration for the senior management and employees as a whole and gave a positive assessment and recommendations to the Management Board concerning the latter's policies. It also assessed the composition, size, membership and quality of work of the Supervisory Board. It determined the proposal of the Remuneration Report of the Management Board and Supervisory Board for 2024.

The Committee reviewed the results of the climate survey in the organization for 2025 and approved the Proposal for changes to the Rules of Procedure of the Nomination and Remuneration Committee in accordance with the new Code. At an emergency meeting, the Committee gave its positive opinion for the proposal of the member of the Management Board, Mihaela Trbojević for a five-year mandate, and recommended to the Supervisory Board to adopt the submitted proposal.

The percentage of female members in the new composition of the Management Board was 50%, in line with the provisions of the Directive on improving the gender balance among non-executive directors of listed companies. The Nomination and Remuneration Committee notified the Supervisory Board on a regular basis on recommendations adopted at its meetings and submitted annual reports on their work to the Supervisory Board.

Internal audit

Internal audit that was nominated in Span within good corporate governance practice is performed in line with the internationally recognized audit standards concerning internal audit, the code of professional ethics of internal auditors and rules of action of the internal audit. The internal audit affairs are performed in line with the annual plan.

The Annual Plan for internal audit is produced by the Company, and it must encompass:

Areas of operation that are a priority given the risk assessment
List of planned audits
Order of internal audits.

The Annual Audit Plan is proposed by the person responsible for managing internal audit, and is adopted by the Audit Committee. Within the framework stated in the annual internal audit plan, the procedures were oriented towards identification of shortfalls in terms of:

Business processes
Internal policies and procedures of the Company
Internal control system.

By way of internal audit, relevant internal acts, process functioning and design, existence and relevance of internal controls and implementation and fulfilment of business and regulatory requirements are observed, verified and assessed for each process.

Reports shall state the following:

Summary of the findings
Recommendations to the Company
Responses and reactions of the Management Board of the Company
Scope and description of procedures conducted.

In accordance with the information analysis and risk assessment conducted in the document "Audit universe Span 2024", following topics were selected for review in 2025:

Corporate governance – Risk management system
Corporate governance – Sustainability Report – establishment and implementation of ESG system
Compliance – monitoring regulatory requirements in the Company
Project management
Accounting – receiving, processing, controlling and entering incoming invoices
Finance – overview of activities of the Controlling Department (planning, analysis, monitoring the realisation of the financial plan of the Company).

1.2.4.3.3. General Assembly

The General Assembly decides on issues specified by the Company Act and the Articles of the Association of the Company. The Articles of the Association of the Company, available at the websites at the following link: the Articles of the Association of the Company, prescribe the manner of work of the General Assembly, its authorizations, rights of shareholders and manner of their realization.

The General Assembly can adopt valid decisions if it is attended by shareholders, in person or through an attorney-in-fact, whose shares make more than a half of the share capital of the Company. The right to participate in the General Assembly is ensured to shareholders who have the share of the Company registered at their securities account in the computer system of the Central Depository and Clearing Company, and have reported their participation at the General Assembly in advance. An invitation to the General Assembly regulates the conditions for applying for participation at the General Assembly in more detail.

The regular General Assembly of the Company was held on 11 June 2025. The full contents of the decisions is available on the following link: General Assembly of Span d.d.

40
41

1.3. Overview of operation

1.3.1. Description of the operation and main activities

Our business model is directed to providing a full IT service, with a possibility to adjust solutions to the specific needs of each individual customer.

We operate as a strategic technological partner to organizations in various industries, providing them with support in optimisation, modernisation and transformation of their IT environment. Our approach is based on long-term relationships, in-depth understanding of customers' business processes and integration of technological expertise.

Business activities are organized in four key segments that together form a comprehensive and complementary portfolio of services:

1. Software Asset Management and Licensing

Software Asset Management and Licensing is the core business segment, and often the first step in establishing cooperation with customers. This segment encompasses the sales of program licenses, assistance concerning the selection of optimal licensing models and support with timely renewal and coordination of licensing rights.

Through systematic analysis of the IT environment of the customer, we identify actual needs for software solutions, optimise costs and minimise operational and regulatory risks.

Special emphasis is placed on compliance, transparency and effective software asset management, thereby enabling our customers better control over IT investments and long-term sustainability of their technological environment.

With more than 30 years of experience in partnerships with leading global software manufacturers, Span has built a robust partner network and a high level of expertise in the area of licensing and software asset management.

As a long-term partner of Microsoft, the Company possesses advanced competences in the area of cloud platforms, security solutions, business applications, artificial intelligence and tools to increase productivity. By integrating expert knowledge, technological tools and standardized methodologies, Span ensures a simplified license management, process automation, cost optimization and a reliable foundation for further digital development to its customers.

42
43

Infrastructure Services, Cloud & Cyber Security 1,6

Infrastructure Services, Cloud & Cyber Security segment encompasses the design, implementation and development of information systems in line with the business goals and operational requirements of the customer, as well as advanced cloud and security services. We base our solutions on technologies and software platforms of the leading global IT manufacturers while applying industry standards and verified methodologies.

Projects of development and modernisation of information systems vary in extent and duration—from year-long to multiannual initiatives, and they are developed as tailor-made solutions, in line with the characteristics of business processes and

regulatory requirements of the customer. The goal is to build a reliable, scalable and secure IT system able to support the existing operations effectively and ensure further growth and digital transformation. In the area of cloud services, we provide comprehensive support to our customers in each phase of transition and use of cloud environment—from assessment of preparedness and defining the migration strategy, implementation, to ongoing management and optimisation of cloud infrastructure.

We particularly focus on multicloud approach that enables integrated management of different cloud platforms within a single environment while optimising costs and offering high availability and security of the system.

The Company is an authorised partner and provider of consultancy and implementation services for leading global cloud platforms, including Microsoft Azure, Amazon Web Services and Google Cloud. Long-term cooperation with global technological leaders allows us to access state-of-the-art technologies, specialised knowledge and advanced security solutions.

Cyber security is an integral and strategically important part of this segment. In conditions of growing digitalization, increased mobility and ongoing evolution of threats, organizations need continuous protection, alertness and agility. Our Security Operations Center (SOC) offers monitoring, detection and security incident response 24/7. Security analysts use advanced tools, automated systems and specialised knowledge to identify threats, assess their impact and define priority actions timely. Given the

global challenges in the area of cyber security, including extended detection time of security incidents, risks related to incorrectly configured IT environments and the lack of qualified experts, the Company continuously invests in development of competencies and transfer of knowledge.

In Span Cyber Security Center, we carry out specialised training, workshops and consultation programs for organizations in the public and private sectors. The programs are adapted to specific needs of the customers, and include practical scenarios and simulations of real-life attacks, thus strengthening the resilience of organizations to modern cyber threats. Through continuous development of professional competencies and obtaining relevant international certificates, we further confirm the high level of expertise in the area of infrastructure, cloud and cyber security.

1 https://www.span.eu/en/solutions-services/cloud-services/
2 https://www.span.eu/en/solutions-services/cyber-security/

3. Service Center Management and Technical Support

Service Center Management and Technical Support segment includes services of complete supervision, management and maintenance of customer's IT environment, in line with the Service Level Agreement (SLA). We ensure high level of availability and business continuity to our customers through organized support 24 hours a day, 7 days a week, and 365 days a year, independent on whether the systems were designed and put into operation by the Company or another supplier.

Although these services often follow after projects of implementation and integration of technological solutions, we provide them independently, especially in cases when a customer has a need for specific knowledge, additional capacities or high level of availability of expert IT support. We create particular value in complex operational environments that include high-risk activities,

complex changes or large-scale operations, where reliability and control are key for system stability.

Our service management model is based on the best practices of IT service management (ITIL), whereby we ensure a structured, measurable and transparent approach to providing services. Clearly defined processes, responsibilities and service levels enable effective management of incidents, changes and problems, alongside ongoing improvement of quality of service.

Certification and standardisation of business processes further confirm our role of reliable and organized partner. Implementation of international ISO standards in different areas of operation ensures high level of management in terms of quality, information security and operational excellence and contributes to the increase of competitiveness of Company on international markets.

Through this business segment, Span provides a stable, secure and efficient IT environment to its customers that represents a reliable foundation for their day-to-day business and further development.

4. Software and Business Solution Development

From modern business applications to responsible implementation of artificial intelligence and advanced analytics, we turn ideas into technological solutions that create measurable business value. Through comprehensive, end-to-end approach to software, data platforms and AI systems development, we design and deliver solutions aligned with the standards of security, regulatory compliance and long-term growth.

We shape technology so it corresponds to present needs of our customers, but also so it develops together with their future goals. We build reliable and scalable data

platforms that transform raw data into timely and operationally relevant insights. We integrate artificial intelligence in a practical, secure and commercially reasonable way, with clear focus on measurable return on investments (ROI).

Our approach is based on responsible AI practices, compliance with regulatory requirements and data protection. Solutions such as Chat with Your Data and the implementation of Retrieval-Augmented Generation (RAG) model enable a secure, conversational approach to internal knowledge bases and structured data sources. We thereby increase employee productivity, accelerate access to information and improve the quality of decision-making, with a complete control over security and data management.

7 https://www.span.eu/en/solutions-services/24x7-support-services/

8 https://www.span.eu/en/solutions-services/business-solutions-development/

1.3.2. Industry trends

Throughout 2025, the accelerated pace of technological advancement continued to redefine business expectations, operating models, and the role of technology partners. As an IT services provider, we observed that rapid innovation brought not only significant opportunities for transformation and growth, but also an increasing need to address ethical considerations, governance requirements, and long-term sustainability. While modern technologies enabled organizations to automate, scale, and innovate at a speed impossible up until now, they also introduced new challenges related to responsible implementation, data transparency, and building trust. Over the course of the year, customer expectations evolved simultaneously. Organizations increasingly looked to their technology partners, not only for access to advanced capabilities, but also for guidance that could help them easily overcome complexity and manage risks.

Delivering cutting-edge solutions was no longer sufficient on its own. Ensuring that these solutions were implemented in a secure, ethical and sustainable manner became equally important.

In parallel, artificial intelligence reached a new level of maturity in 2025, with agentic and generative AI moving from the phase of experimentation into broader implementation within business environment. We observed that value creation increasingly based on integrated systems, rather than isolated AI tools or models. Organizations that succeeded the most focused on merging software platforms, AI capabilities, and human expertise into coherent operating models aimed at measurable and scalable business outcomes. At the same time, many enterprises struggled to differentiate genuine capability from market hype in a rapidly growing AI ecosystem. The most effective responses based on strengthening core capacities, rather than monitoring individual technologies. Investments in

employee expertise, organizational culture, engineering discipline, operating models, data quality, and robust governance frameworks proved to be essential for long-term sustainability of AI initiatives. Independent of tools or suppliers, these fundamentals defined the success and durability of AI programs in companies. Organizations that defined clear strategies and focused on the implementation of highest-impact cases achieved more meaningful and sustainable results than those who primarily relied on experimentation. In 2025, GenAI entered the "Trough of Disillusionment" because organizations came to a better understanding of its actual potential and limits⁹.

Cloud technologies adoption trends in 2025 reflected similar priorities. Speed and agility remained the primary drivers behind most cloud investments, as organizations relied on cloud capabilities to streamline operations

and accelerate delivery. Cost optimization and productivity increase are becoming more frequent, although secondary, expected benefits across nearly all cloud adoption scenarios.

Several cloud technologies particularly stood out for their contribution to organizational agility and adaptability. AI-enabled cloud services significantly influenced demand patterns, not only by enabling advanced analytics and automation, but also by allowing enterprises to adapt rapidly to changing business and operational requirements. Cloud-native infrastructure firmly established itself as the default approach for modernizing legacy systems and building new digital services. Elastic scalability, resilience and consumption-based economics enabled infrastructure and operations teams to deliver value more rapidly and with greater reliability, making cloud-native platforms a cornerstone of many digital transformation

⁹ The Latest Hype Cycle for Artificial Intelligence Goes Beyond GenAI

initiatives. Hybrid cloud architectures also gained momentum throughout the year. By combining public and private cloud environments, organizations increased flexibility and operational resilience.

Apart from performance and scalability, resilience proved to be an important strategic driver: hybrid models helped reduce dependency on individual suppliers and enabled greater adaptability in the context of regulatory changes, data sovereignty requirements, and geopolitical uncertainty.

Today, cloud is no longer only a technological tool, but a driver of change in business and a necessity for most organizations. In the upcoming years, cloud will continue to unlock new business models, create competitive advantages and enable new ways of achieving business goals[3].

2025 was particularly challenging in the area of cyber security. Escalating geopolitical tensions and rapidly changing environment which favours the development of new threats placed significant pressure on cyber security experts and their teams.

Security programs were strained not only by the growing volume and more sophisticated nature of threats, but also by the need to align security strategies with continuously changing business models. The expanding use of artificial intelligence introduced new defence capabilities, and created new attack surfaces as well, which required faster decision-making, stronger governance and development of new competencies within organizations. The impact of these pressures was visible across all cyber security segments. Organizations had to rapidly strengthen their resilience, modernise security architectures and redefine operating models to remain efficient in an environment characterized by constant change and increased risk.

Cyber security trends in 2025 were influenced by generative artificial intelligence (GenAI) evolution, digital decentralization, supply chain interdependencies, regulatory changes, chronic lack of qualified personnel and a continuously changing threat range[1].

According to Gartner, 2026 will be characterized by the strong integration of artificial intelligence across all layers of business, from AI-native development platforms and industry-specific models to multi-agent systems that automate complex processes. At the same time, there is a pronounced shift towards proactive cyber security, the protection of AI systems, verification of the digital provenance of data, and data management in the context of regulatory and geopolitical requirements. The increasing significance of intelligent physical systems and technologies for the secure processing of sensitive data further confirms that organizations must build scalable, reliable, and security-resilient digital foundations in order to remain competitive in an AI-driven environment[10].

30 Gartner identifies the Top Trends Shaping the Future of Cloud
33 Gartner identifies the Top Cybersecurity Trends for 2025
32 Top Strategic Technology Trends for 2026 | Gartner

1.3.3. The Group Business Strategy for 2026

The Span Group's business strategy is centered on growth driven by new technologies, solutions, and markets. In 2025, we further strengthened our international presence by opening subsidiaries in Poland, the Czech Republic, Romania, Greece, and Kazakhstan. We plan to continue in this direction, selecting new markets with the highest growth potential. Our strategic focus remains on global expertise combined with local engagement.

As a provider of professional IT services, Span designs, implements, and maintains high-availability systems aimed at enhancing the security, productivity, and success of our clients. We base our business systems and solutions on the platforms of leading global cloud technology providers (Microsoft, Amazon, and Google), ensuring scalability, reliability, and cybersecurity for the solutions we deliver. We also implement artificial intelligence systems to increase our customer's productivity.

To properly care for our clients' IT environments, our strategy is also a strategy of learning—deeply understanding technologies and applying best practices to improve business operations. In this context, we see a shift in the partner ecosystem and in how success is evaluated by our major principals (Microsoft, Google). Transaction-based sales success is no longer key; what is required is expertise, experience, and technological focus—all of which Span has and has been building for years.

With the newly adopted ESG strategy, we have taken an additional step in our continued development, firmly placing sustainability among the Company's strategic priorities. The strategy is grounded in the Group's significant products and services and their connection to material impacts, risks, and opportunities. We have identified cloud and cyber security as key strategic areas capable of delivering a positive impact on the environment and the community.

Key features of the period

52
53

2.1. Key Events in 2025

2.1.1. Corporate Events

2.1.1.1. Establishments of Companies

2.1.1.1.1. Establishing the company Span Kazakhstan Limited with the registered office in Kazakhstan

On 28 March 2025, the company Span Kazakhstan Limited, 010000, Astana, Esil district, 12/1 Dismukhamed Qonayev, BC "On the water-green boulevard", office 4-05 (d, e, f) was established and registered, with the ID: 250340900945. The founders are Span d.d. and Vladislav Kuzin, who is also the Chief Executive Officer of Span Kazakhstan Limited. In accordance with our strategy of expansion into the market of Central Asia, we recognized Kazakhstan as one of the well-developed markets of that area. For that reason, we decided to open a subsidiary in Kazakhstan for consulting services in the area of IT.

2.1.1.1.2. Establishing companies in the Czech Republic and Poland

On 9 April 2025, the company SPAN IT s.r.o., Evropska 2588/33a, Dejvice, 160 00 Praha 6, ID: 23166801 was established. Company Span B.V. from the Netherlands is the sole founder.

On 26 May 2025, a company was established and registered in Poland under the name

SPAN POLSKA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. PLAC MARSZ. JÓZEFA PIŁSUDSKIEGO, nr 1, lok. ---, miejsc. WARSZAWA, kod 00-078, poczta WARSZAWA, kraj POLSKA, ID: 0001175070. The founders are Span B.V. and Span d.d.

2.1.1.1.3. Establishing the company Span Evolve d.o.o.

On 2 July 2025, the registration of incorporation of the company Span Evolve d.o.o., Zagreb, Koturaška cesta 47, OIB: 06241824468, share capital: EUR 300,000.00 was published. The founders are Krešimir Mlinarić, Josip Penavić and Span d.d., while the persons authorized to represent the company are Krešimir Mlinarić, director who represents the company independently and individually, and Josip Penavić, procurator.

Span Evolve was founded to drive business digitalization, with a focus on integrating and automating key business processes in organizations of all sizes. It will provide consulting, implementation, customization, and support services for advanced business solutions, with an emphasis on increasing operational efficiency and making better business decisions. Using modern and intelligent data

processing, customers will be provided with the agility needed for growth and innovation.

The joint cooperation of Span and Span Evolve will bring together expertise in working with the entire spectrum of business solutions—from customer relationship management and finance to operational process optimization and automation—providing customers with comprehensive support in implementing digital transformation, tailored to their specific needs and business context.

2.1.1.1.4. Establishing the company Span Romania S.R.L.

In accordance with the announced expansion strategy published in the Simplified Prospectus for the Public Offering and Listing of Sustainability-Linked Bonds, on 27 June 2025, the registration of the company Span Romania S.R.L., with its registered office at the address: București Sectorul 2, Strada C. A. ROSETTI, Nr. 17, BIROUL 120 Register06, Etaj 1, registration number: J2025045725006, was conducted in the competent commercial register in Romania. The founder is Span B.V. from the Netherlands. Romania, with a market of 19 million inhabitants and a growing economy, represents significant potential,

especially in the field of implementation and development of new technologies. It is in this context that Span recognizes an opportunity for further expansion, where, through its technological competences and existing international experience, it can contribute to the development of digitalization and digital transformation in this country.

2.1.1.1.5. Establishing the company Span Hellas in Greece

In accordance with the mentioned expansion strategy, on 9 July 2025, the company Span Hellas SA was established and registered, 54 Grigoriou Lampraki str., Glyfada, Attica, 16674, registration number: 185798801000. The founders are Span d.d. and Vassilis Papoulias, who is also the Managing Director. By opening a company in Greece, Span expands its operations to the markets of Greece, Malta and Cyprus—a geographical area in Southern Europe with significant potential for growth and investment in ICT services and solutions. Span's expertise and service portfolio are aligned with the goals of digitization and digital transformation in all three countries, and with this step, Span establishes a presence in markets where it has not been active so far.

54
55

2.1.1.2. Issuance and listing of Sustainability-Linked Bonds

On 5 June 2025, the Company's Management Board adopted a Decision on consideration of the issuance of Sustainability-Linked Bonds in accordance with the ICMA Sustainability-Linked Bond Principles developed by the International Capital Market Association, in accordance with the relevant market standards, and the decision on their listing on the Official Market of the Zagreb Stock Exchange. Issuing a Bond with a total nominal amount of up to EUR 25,000,000.00, with a one-off maturity of the principal after 5 years was considered.

On 5 June 5 2025, the Company's Supervisory Board approved the aforementioned Decision of the Company's Management Board. Following the above, on 5 June 2025, the Company published and made publicly available the Sustainability-Linked Bond Framework ("Framework") on the Company's website: Framework.

On 26 June 2025, the Croatian Financial Services Supervisory Agency (hereinafter: "HANFA") issued the decision on the approval of the Prospectus for the Public Offering and Listing of Sustainability-Linked Bonds (hereinafter: "Prospectus") dated 26 June 2025. The Prospectus relates to the public offering and listing of sustainability-linked bonds in the total nominal amount of up to EUR 25,000,000.00 with one-off maturity of the principal after 5 years, ticker: SPAN-O-307A, ISIN: HRSPANO307A0 (hereinafter: "Bonds").

On 26 June 2025, HANFA issued the decision class: UP/I 996-02/25-01/05, ref. no.: 326-01-60-62-25-12, approving the Prospectus. The Prospectus was published on 27 June 2025, and it is publicly available on the Company's website: Corporate documents. Also, on 27 June 2025, the Company published and made publicly available the investor presentation (hereinafter: "Presentation") on its website, available on: Corporate documents.

Number of SMEs registered in Span's cybersecurity course

Increase the number of SMEs registered in Span's cybersecurity course to 500 by September 2029 from a 2024 baseline

Absolute Scope 1 and 2 GHG emissions

Reduce absolute Scope 1 and 2 GHG (market approach) by 22.5% by September 2029 from a 2024 baseline

Collected funds will be used to finance the Span Group's operation. This includes establishing and investing in new members of the Group through further internationalisation of business on the markets of South, Central and Eastern Europe, and that of Central Asia, financing capital investments, working capital, potential acquisitions and other corporate needs. The first wave of expansion includes the markets of Greece, Cyprus, Malta, Poland, Czech Republic, Slovakia, Romania and Kazakhstan.

This move marks the continuation of Span's activities in the area of sustainable business so far, and further consolidates Span's role of socially responsible company. By issuing the bonds, the Company undertakes to fulfil two key sustainability goals by the end of September 2029, in accordance with the Framework aligned with the principles of sustainability-linked bonds, published by the International Capital Market Association (ICMA).

Since nowadays cyber security represents one of the most important and financially most material ESG risks for organizations, the first goal, and also a key pillar of Span's long-term ESG focus is raising awareness of cyber security by conducting free online training for 500 small and medium-sized enterprises through Span Cyber Security Center, thereby contributing to building resilience of the digital society and a more secure business environment (more on achieving the goal can be found in Chapter 6: G1 – Company-specific: Development of security solutions for cyber-attacks).

The second goal is reducing absolute GHG Scope 1 and 2 emissions (market-based approach) by 22.5%, constituting a tangible step toward climate neutrality, and confirming Span's commitment to reducing negative impact on the environment (more on achieving the goal can be found in Chapter 6: E1-4 – Target values related to climate change mitigation and adaptation).

56
57

These goals are not only commitments toward investors, but part of a broader ESG strategy of Span integrating sustainability into all business segments—from technological solutions to social responsibility.

By undertaking to fulfil the set goals, Span contributes to an increase of economic resilience, supporting the transition to a low-carbon economy at the same time.

"By issuing the sustainability-linked bond, Span shows it believes in specific actions, not just words. We want to be the drivers of change and prove that technological innovation can and must be of use when creating a more sustainable future, leading by example. Our goal is to invest in projects that make a positive impact, because we believe it is the only right way for long-term success—not only ours, but that of society in which we operate", said Ana Vukšić, Member of the Management Board of Span in charge of Finance and ESG.

Span d.d. is the first Croatian IT company to successfully issue a Sustainability-Linked Bond.

The Public Offering of Span's bond generated strong interest among investors, with overall demand of EUR 35.2 million. A maximum estimated amount of EUR 25 million was allocated, in accordance with pre-defined conditions. Bonds were issued with a maturity of five years, a 3.85% yield until maturity, and a 3.75% fixed interest rate with biannual payments.

Notice on the determined price and the total allocated amount of bonds can be found at the following link: Notice on the determined price and the total allocated amount of bonds, while Notice on the final terms of the issue can be found at the following link: Notice on the final terms of the issue of sustainability-linked bond.

Span's bond offering received a great response from institutional investors, with

Banks 66.4%
Pension funds 17.5%
Financial institutions 11.3%
Special-purpose funds 2.8%
Retail investors 2.6%

the largest share represented by banks (66.4%), pension funds (17.5%), financial institutions (11.3%), special-purpose funds (2.8%), and retail investors with a presence of 2%. Their participation shows significant support and is the reflection of their trust in the long-term strategy of the Span Group.

"By issuing a sustainability-linked bond, Span confirmed its strategic commitment to responsible business and actively undertook to implement specific changes. We are glad that the investors recognized our approach—their interest, which exceeded the expectations, clearly supports our strategic goals and the line of development", said Ana Vukšić, Member of the Management Board of Span in charge of Finance and ESG.

During preparation and implementation of the issue, Span worked with Privredna banka Zagreb as the lead manager, while legal support was provided by the Praljak & Svić Law Firm. The bonds were officially issued via public offering on 16 July 2025, and listed on the Official Market of the Zagreb Stock Exchange on 17 July 2025, while the first day of trading was 21 July 2025.

2.1.1.5. Appointment of the new member of the Management Board of the Company

At the meeting held on 27 March 2025, the Supervisory Board of Span d.d. ("Company") adopted the Decision on the appointment of Mihaela Trbojević as the member of the Management Board of the Company for the period from 1 April 2025 to 16 December 2029, i.e. until the expiry of terms of office of other members of the Management Board. As the Senior Director of Product and Service Management, Mihaela Trbojević is responsible for managing Span's service portfolio, ensuring alignment with the business objectives and market needs.

In accordance with strategic goals of the Company, she is taking over the position of the member of the Management Board in charge of product and service management. She proved to be dedicated and have exceptional expertise in her work in Span so far, especially in the management of products and service portfolio, where she delivered outstanding results in the process optimization, innovations and the improvement of business performance. Mihaela's experience, familiarity with the organization and industry, as well as the ability to lead teams in a dynamic environment make her the ideal candidate for this position. She will contribute to the further reinforcement of the Management Board and the development of Company's operational functions.

2.1.1.4. Decision on the utilization of profit and payment of dividend

Meetings of the Management Board and the Supervisory Board of the Company took place on 30 April 2025, and it was then that the proposed Decision on the utilization of profit and payment of dividend in the amount of EUR 0.80 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to

the shareholders of the Company who, on 17 June 2025, were registered as shareholders of the Company in the Central Depository and Clearing Company (record date). The claim for the dividend payment became due on 1 July 2025 (payment date). The date from which the share of the Company was traded without the right to the dividend payment was 16 June 2025 (ex date). Dividend was paid from the Company profit made in 2024¹².

2.1.1.5. General Assembly of Span d.d.

Following the Invitation to the General Assembly of the Company, published on 30 April 2025, pursuant to the provisions of the Capital Market Act and the Rules of the Zagreb Stock Exchange, on 11 June 2025, starting at 10:00, at the address: Savska cesta 32, HOTO Tower, 1st floor, 10000 Zagreb, Croatia, a regular meeting of the General Assembly of the Company was held. The Assembly was chaired by Stjepan Lović, Attorney at Law, and 1,408,095 votes were represented, which makes 72.01% of the total number of Company shares with voting rights, or 71.84% of the share in the Company's share capital.

In accordance with the agenda of the General Assembly of the Company, published in

the Invitation to the General Assembly, the following decisions were made:

Decision on the election of Chairperson of the General Assembly
Decision on the utilization of profit for 2024
Decision on giving discharge to Members of the Management Board of the Company for the business year 2024
Decision on giving discharge to Members of the Supervisory Board of the Company for the business year 2024
Decision on approving of the Remuneration Report of the Management Board and the Supervisory Board of the Company in the business year 2024
Decision on appointing the auditor of the Company and the Group for the business year 2025 and 2026
Decision on remuneration of the Members of the Supervisory Board. The full contents of the decisions is available on the following link: General Assembly of Span d.d.

2.1.1.6. Acquisitions and disposals of own shares

In accordance with the Share Buy-Back Program¹⁴, the investment firm Interkapital vrijednosni papiri d.o.o. bought and sold own

shares on behalf of, and on account of the Company on the regulated market of the Zagreb Stock Exchange throughout the year. On 31 December 2024, the share capital of the Company consisted of 1,960,000 shares with the nominal value of EUR 2.00, and the Company held 8,802 own shares.

After the mentioned acquisitions and disposals, on 31 December 2025, the Company held 10,760 own shares, which was 0.5490% of the share capital of the Company.

2.1.1.7. New ESG strategy adopted

In December 2025, Span's Management Board adopted new ESG strategy representing a significant step in our future development and firmly establishing sustainability as a strategic priority of the Company. The strategy is based on the comprehensive double materiality assessment conducted in 2024. It helped us identify what's really important to Span—where we make the biggest impact, where risks emerge and where opportunities that can turn our technology into social force lie.

¹² In the business year that was concluded on 31 December 2024, net consolidated profit of the Span Group amounted to EUR 3,398,171.75, and net profit of the Company amounted to EUR 2,706,029.09.

¹³ Adopted on 5 December 2024 at the meeting of the Management Board, and upon prior agreement of the Supervisory Board of the Company (more about the Share Buy-Back Program can be found on page 83 of Annual Report 2025).

60
61

2.1.2. Business events and achievements by business segments

2.1.2.1. Software Asset Management and Licensing

Span remains the leading Microsoft partner for the provision of licensing, technical support and consultancy services even in 2025, continuously adapting its services to the dynamic needs of customers.

In 2025, we took a step forward in terms of geographic expansion by incorporating new subsidiaries in Kazakhstan, Greece (also covering markets of Cyprus and Malta), Poland, the Czech Republic (also covering the market of Slovakia) and Romania, and acquired Microsoft Direct Cloud Solution Provider (CSP) partner authorisations there. Through licensing and software asset management, we ensure optimization of expenses and efficient license management, helping our users maximize the value of their IT investments.

During 2025, we continued to reinforce our teams and improve processes in order to ensure an even higher-quality support to customers in the transition to cloud solutions and optimization of the existing environments. An increasing number of users recognize the advantages of cloud, and our expertise makes their transition efficient and cost-effective.

For all the above reasons, we received a special recognition being awarded Microsoft Partner of the Year 2025 in Croatia, Slovenia and Ukraine.

Microsoft is still in the focus of digital transformation with an emphasis on AI solutions, including Copilot for M365, which has drawn a great deal of interest from the market.

During 2025, Span continued with the implementation and the adaptation of these solutions to customers' needs, ensuring optimal use of AI solutions through custom strategies and technical support. Alongside Microsoft solutions, we further improved software asset management services, particularly in the area of cloud expenses management and optimization, enabling us to expand our offer and provide even more precise analyses and recommendations for users with complex IT environments.

Given the continuous growth of the licensing complexity and the need for optimization of IT resources, Span remains a reliable long-term consultant to its users. We are continuing to develop our portfolio of services and license selling, keeping up with the technological trends and making sure our users get the best possible solution for their business needs.

62
63

2.1.2.2. Infrastructure Services, Cloud & Cyber Security

In early 2025, a reorganization was carried out that merged all the technical teams from the Solution Consulting Services Department, including engineers and architects for Microsoft 365 cloud, productivity and collaboration, data center technologies engineers, SAP technical teams and Cloud Services Department in a new Cloud and Infrastructure business unit aimed at providing the customers with comprehensive approach to development of complete solutions based on state-of-the-art technologies and practices through professional services in five key areas:

Cloud Architecture, including the design and implementation of public cloud infrastructure, such as Azure, AWS and Google
Hybrid and Private Cloud, integrating data centers and public cloud technologies into a single system, including SAP Basis consultancy support services
Observability and Insights, dealing with the implementation of tools for overseeing infrastructure and applications in multi-cloud environments, and the design of tailor-made dashboards for different customers
Cloud Security and Identity, offering consultancy services of security analysis and implementation of security solutions in cloud, as well as analysis and implementation of identity management process in the IT system using Microsoft Entra ID Governance and Saviynit products
Productivity & Collaboration, offering professional analysis, implementation and configuration services in relation to Microsoft 365 platform, according to customers' needs, as well as the support during migration of environments during acquisitions or separations of companies.

New business unit now combines delivering solutions in the area of system and cloud infrastructure, security tools in cloud and productivity and collaboration tools.

New Cloud Architecture and Engineering sector was established mid-year, combining the delivery of system infrastructure in the area of data center and cloud technologies, and during 2025, Cloud Security team evolved into Cloud Security and Identity Department as a result of increase in workload, especially in the area of identity management in the IT environment. The increasing need for new personnel was mostly visible in the area of productivity and collaboration tools (Microsoft 365), Azure infrastructure engineers and identity management engineers and consultants in the IT system.

In 2025, most of our resources were directed towards migration, consolidation and modernization projects. Customers expect support with transitions of data center services from us, which usually includes migration to cloud and consolidation of what remains in a local data center. During this process, we carry out the modernization of infrastructure using modern Hybrid & Private Cloud technologies, such as Azure Local and VMware, whereas in public cloud we use advanced IaaS and PaaS service models adapted to specific needs of services and applications.

There was a very high demand for analysis of existing cloud environments of customers and cost optimization, given that companies with cloud-first approach often do not have total control over resources or use them in a non-optimized way. Our governance services help customers establish processes for the management of cloud environments, whereas with Cloud FinOps services we raise awareness of IT departments and business owners on costs and help them be more efficient when it comes to management. Customers appreciate the availability of cloud architects and engineers for consultancy and specialised services more and more, even when the workload is unclear or there is an ongoing need for shorter consultations. For such needs, we developed the Actionable Advisory and Execution service, which is tailored to the evolving nature of cloud environment and allows for a more rapid support provided to customers.

We completed one of our biggest projects for an international customer from the food and beverage industry, Tate & Lyle. At the end of 2024, Tate & Lyle took over CP Kelco, a transaction worth 1.8 billion dollars, and Span had a crucial role in the integration of CP Kelco's IT system into Tate & Lyle. Throughout 2025, we planned and conducted the migration and integration, covering 15 locations across four continents and central data center in the US, business-critical SAP system, the transition of network infrastructure to SD-WAN, as well as the migration of M365 tenant (Exchange, Teams, OneDrive, SharePoint) and the migration of PowerBI premium solutions to Fabric and Microsoft Power Platforms.

The project consisted of several large portions. The first part of the year was dedicated to the migration of 1,573 users, their computers and M365 services, which also involved field visits to all the locations. At the end of June, we successfully completed the transfer of server and SAP service from the main data center to Azure cloud, while during summer months and in autumn we worked on the conversion of service and server in manufacturing plants. In parallel, we worked on the deployment of SD-WAN network in 56 locations and the migration of the whole Microsoft Power Platform, including 16 Power Apps, 309 Automate flows and 16 AI Builder models, and we also ensured continuous operation on the Microsoft Fabric platform for 800 users of BI solutions, with more than 250 reports from about 15 different sources and locations.

Project tasks were completed in an extremely short period of time, an exceptional result for a project of this size and complexity. This confirms the high quality of Span's cloud portfolio and justifies the customers' trust. This complex project required the coordination between different business units of Span and the cooperation with numerous external suppliers that were a part of IT operations every day. Upon completion of the project, Span took over the maintenance of all the migrated systems.

Throughout the whole of 2025, we worked with a global leader from energy drinks industry on a system of fully automated creation of Azure environments for various business applications. The process significantly accelerates the delivery of Azure platform to application teams, and it enables a predictable architecture that is aligned with the IT policies of the company and as such manages the environment and costs more easily.

We built the PCI-DSS compliant Azure environment for a Croatian bank, showing that the public cloud technology continues to be accepted in the most regulated environments, such as the financial sector. It also shows the maturity of the public cloud offer, and this project was one of the selected projects for nomination for the 2025 Microsoft Partner of the Year Award.

Throughout the whole of 2025, we worked on the development of the new global Microsoft Active Directory environment for an international customer from the health sector. At the beginning of the year, we completed the development of the new environment, and for the rest of the year we worked on the migration of user objects, computers, groups, servers and supporting infrastructure services from 6 existing environments from locations in Europe and the US to a new, global environment.

For an international customer from the tourism, leisure and entertainment sector, we worked on increasing the visibility of global cloud portfolio by establishing a unique surveillance ecosystem that ensures real-time analytics and full transparency of the whole infrastructure.

Cyber Security segment is oriented towards strengthening the resilience of customers' business to cyber threats through the integration of technology, processes and people, and strongly relying on systematic risk management. The focus is on restricting business consequences of cyber incidents, ensuring business continuity, and on regulatory and operational readiness, with a special emphasis on security managed long-term, not only on reducing the number of security incidents.

The regulatory framework, i.e. the Cyber Security Act and the related Cyber Security Regulation in particular, significantly influenced the demand for and the development of security services in 2025. Given the large number of organizations in Croatia covered by the said legislation, clearly defined deadlines and maximum sanctions for non-compliance, there was an increased interest of customers for services related to the management of cyber risks and regulatory compliance. In this context, Governance, Risk & Compliance (GRC) business unit further expanded and adapted its service portfolio to market needs, especially in the area of risk assessment, development and implementation of security policies and operational support in fulfilling the regulatory requirements. Experience gained during projects in Croatia represents a strong basis for the implementation of same models in other EU markets as well, in the context of transposing the NIS2 Directive into national legislations.

Following all of the above, significant organizational and operational preparatory work was carried out in 2025 for the transformation of Cyber Security business segment into Cyber Resilience. This transformation reflects the expansion of action areas of this business segment from mostly operational cyber security to a more broad framework of business resilience, in line with increasing regulatory requirements, expectations of managements and needs of customers on local and international markets. Conducted preparatory work included clear separation of strategic functions and business support functions (Strategy and Enablement) from operational service delivery, and the establishment of a new Cyber Strategy unit (a vertical within Cyber Resilience business segment), as well as strengthening the engineering and research capacities and preparing the reorganization of operational security functions to a more scalable and long-term sustainable model.

Resilience Engineering segment was further reinforced by interconnecting the defensive security (Blue Team), offensive security (Red Team) and research and development (R&D), thus laying down the foundation for the continuous improvement of the capability of detection, prevention and security systems resilience testing in 2025.

Operational security segment (primarily Span Security Operations Center - SOC) went through a preparatory phase for the reorganization into a broader framework of Managed Security Services in 2025. This reorganization represents a detachment from exclusively SOC oriented model to a concept of continuously managed security, with a clearly defined ownership over services, processes and outcomes for customers.

As part of this preparatory phase, activities of process standardization, strengthening of operational capacities and improvement of technologies and automation were carried out, so as to ensure a stable transition to Managed Security Services model, without impacting the existing operations.

At the same time, Security Tools & Engineering Team (STET) was given back the role of direct engineering support with regard to operational security teams, in particular in the area of SIEM and SOAR technologies, thus laying down the technical foundations for the efficiency of the new model from 2026 onwards.

This year, our own capacities were further strengthened with the arrival of experienced experts that took over key technical, architectural and consultancy roles, thereby increasing the technical maturity and reducing the risk of operational disruptions when introducing new services and technologies.

In 2025, key operational and development areas were the automation of security operations, advanced analysis and correlation of security events, continuous management of vulnerabilities, validation of security controls and the integration of security activities with regulatory frameworks, in particular the NIS2 Directive and national Cyber Security Act.

Mode of operation based more and more on standardized and reproducible delivery models, clear ownership over processes, and measurable outcomes for customers, with a pronounced shift from project approach to managed services model.

In 2025, we completed numerous projects for customers from the financial and public sectors, critical infrastructure and those who operate on international markets. Activities encompassed operational work of SOC, projects of compliance with legal requirements, red teaming and penetration testing, improvement of SIEM and SOAR platforms, and consultancy services through vCISO models.

107.347 security events were processed within SOC in 2025, a 17.96% increase compared to previous year, in line with the increase in the number of customers. Throughout the year, no critical security incidents were recorded with business consequences among customers.

Processes of detection, response and incident management were further improved, and preparatory work for the transformation of the business segment was carried out without interrupting the operations. A strong focus on employee and customer training continued, with a view to reinforcing the security culture.

Transformation into Cyber Resilience laid down strong foundations for future scalability, regulatory readiness and long-term development of this segment as one of the most important strategic areas of business at Span.

2.1.2.5. Software and Business Solution Development

Building on the successful integration of a large number of experts for software and advanced AI solutions development, we started 2025 under a new name - Software and AI Solutions.

This change clearly demonstrates our focus on creating synergies between the code and AI. In terms of organizational structure, the department consists of three key segments: Data, AI and Software. This interconnection of teams and high-quality delivery is exactly why our active customers database has tripled in size, enabling further strengthening of our teams and broadening the knowledge base with continuous training and advanced certificates.

In Data Solutions area, in 2025 the focus was on building complex systems for data

management. We are currently working on the development of "Data Lake" solutions based on Databricks technology for four large international customers, with advanced reporting through Microsoft Power BI platform. By means of these tools, from massive amounts of collected information, we extract key strategic insights that are being integrated into advanced data products. By developing recommender model, we enable customers receive recommendations of potential products that complement those already selected, thereby transforming the data into direct added value and advantage on the global market.

In 2025, the AI area saw a significant technological breakthrough. Whereas over the last years we primarily focused on exploring the LLM (Large Language Models) integration, in 2025 we delivered specific solutions based on RAG (Retrieval-Augmented Generation) technique to our customers. These systems enable banks, the food industry and other customers a secure use of AI models over own, specific data, thereby eliminating the risks of generating false information. We guarantee our customers an additional level of security by isolating the data on specific instances, thereby facilitating access control and avoiding information leaks. In addition, we developed and implemented advanced AI Agents that automate complex business processes. We confirmed our expertise in this area by obtaining the "AI Platform on Microsoft Azure" Advanced Specialization and extending the ISO/IEC 42001 standard that guarantees an ethical and safe implementation of AI technologies.

In the Software Development area, the team provided key support in the development of Span.Zone and Licence.Zone internal platforms, and its impact is now particularly reflected in Span's further internationalization and incorporation of

new subsidiaries. Furthermore, we successfully executed a number of complex international projects, from remote solutions for medical operations to control systems for food storage for one of the largest American companies in the sector. Our long-term cooperation with the global fast food chain also continued, and we are especially proud of the stabilisation and reinforcement of partnerships in the area of automated building management, paving the way for extending the cooperation in the following period.

DevSecOps approach remains at the core of all our processes, ensuring the integration of security into each development phase. Although we rely on verified technologies such as .NET/C# and Angular, we introduced the AI-assisted software development into our day-to-day work, enabling us to be significantly more efficient and faster when delivering solutions.

We are proud of the fact that the excellence of our team has been recognized at the highest level, confirmed by the "Supplier of the Year" Award from Starbucks, our important international customer. With a large number of successfully completed projects and solid plans, we continue to build solutions that bring clear competitive advantage to our customers.

The Enterprise Business Solutions business unit develops advanced business solutions on the Microsoft Business Applications platform, such as Microsoft Dynamics 365 and Microsoft Power Platform technologies. Last year, Microsoft continued to extensively improve this platform, with a particular focus on the integration of native AI functionalities aimed at business processes digitization and automation.

Major value our customers gain with the implementation of Business Applications solution is the overall digitization of their

business, particularly in the area of sales, customer support, digital contact centers, marketing and production. By integrating data, processes and advanced analytics, we ensure increased operational efficiency, better customer interaction and faster and higher quality decision making to organizations.

Projects completed in 2025 for local and international customers involved the implementation of CRM system, business processes automation and the delivery of advanced BI solutions on Microsoft Fabric platform, thus further strengthening our data and analytics competences portfolio.

A number of complex and strategically significant projects particularly stands out. We expanded our collaboration with a global fast food chain through new Power Platform-based solutions, and we upgraded the existing CRM system of an international pharmaceutical company with a modern Digital Contact Center solution. Implemented solution includes advanced functionalities of modern contact centers, further enhanced with AI capabilities that improve the quality of communication with customers and increase agent performance.

Over the course of the year, we also successfully carried out CRM system implementation and development projects for customers from investment, energy and insurance sectors in Croatia and Slovenia. These projects confirm our ability to deliver scalable, secure and business-critical systems in regulatory challenging and operationally complex environments.

Our employees that constantly invest in the development of their expert and technological competences are fundamental to our success. It is their expertise we have to thank for the renewal of our Microsoft Business Application Solutions Partner in 2025, thereby further confirming our expertise and reliability in the delivery of solutions built on Dynamics 365 and Power Platform technologies.

2.1.2.4. Service Center Management and Technical Support

Service Center Management and Technical Support business segment offers support, supervision and consultancy 24 hours a day. In 2025, we continued with the ongoing increase of workload and further improved the process maturity of teams, with an emphasis on standardization of key operational flows and the extended use of advanced AI solutions in day-to-day operation. We focused on creating sustainable and scalable processes that enable faster response, more consistent quality and better visibility across the service chain, and on building the support that is able to follow along the planned growth.

By implementing new AI tools and automation frameworks, we expanded our areas of expertise and further reinforced our ability to manage complex and dynamic infrastructure and cloud environments for our customers.

When it comes to our employees, we are moving along with the existing strategy of strengthening our internal expertise to ensure quality support and preparedness in the face of new business challenges. The recruitment processes are still aimed at strengthening the Service Desk and at engineers specialized in multicloud technologies, with an additional focus on the development of competences related to maintenance and implementation of AI solutions in operations.

The number of resolved tickets in 2025 increased by $19\%$ compared to 2024, and users rated their satisfaction with our services with a high 4.96 out of 5 rating.

68
69

2.1.2.5. Overview of operation of international subsidiaries

In 2025, Span further reinforced its international presence and the position of one of the leading providers of advanced IT services through a well-structured network of subsidiaries and a strategic focus on global expertise and local engagement. Building on Span's growth strategy in the markets of Southern, Central and Eastern Europe and Central Asia, within our organization we have also established a separate strategic function for international markets to further support existing and future growth initiatives.

Through its subsidiaries, Span operates in Slovenia, Ukraine, Moldova, Georgia, Azerbaijan, Kazakhstan, Estonia, Poland, and Greece, with the Greek office also covering Malta and Cyprus.

This robust network underpins Span's capacity to deliver tailored solutions that address the specific needs of each market while drawing on the knowledge and resources gained working on large projects with our major business customers.

In the upcoming period, we intend to expand our operations by launching activities in Romania (the company was established in June 2025) and in the Czech Republic (the company was established in April 2025), with Slovakia being covered through the Czech office. We plan to continue expanding into markets with the greatest potential, in the countries of Southern, Central and Eastern Europe, as well as in the regions of Central Asia.

Such growth initiatives are integral to our vision of expanding our operations and strengthening our international role in the services area.

Span's strategic approach combines deep local engagement and experience gained through long-term work on large and complex international projects.

This enables us to provide our customers with expert knowledge and business value tailored exclusively to their specific needs. Such approach ensures Span both sustainable business growth and leadership on markets where it operates.

To support our international growth and ensure operational excellence, we are investing in developing a robust organizational framework, processes optimization and building advanced systems that enable efficient collaboration of employees in different countries. We operate within a matrix structure that balances centralized governance and local autonomy, enabling us to rapidly adapt to market-specific requirements while maintaining consistency in service delivery.

Such operating model is supported by integrated digital platforms that enable real-time collaboration, combined customer and service delivery insights, and management driven by the data from markets in which we operate. Rather than isolated initiatives, these systems form a solid backbone of governance across expanding international network.

By using proven competences and continuously improving our organizational design, we mitigate implementation risks typically associated with international expansion. Span Group therefore positions itself to expand efficiently into new markets while maintaining service quality, operational control, and the agility required to timely respond to customer needs.

Slovenia

Span Slovenia has been operating on Slovenian market for 16 years. In 2025, it continued to reinforce its market presence with a team of nearly 30 experts and a stronger focus on

70
71

sales of added-value services. Compared to 2024, the most noticeable growth was achieved in software solutions segment, whereby a large portion is occupied by solutions based on artificial intelligence.

There was a higher demand for other services from the Span Portfolio, showing the increasing trust of customers and their willingness to build long-term partnerships. It must be pointed out that Span Slovenia was awarded Microsoft Partner of the Year 2025 for the first time.

In the cyber security area, there was a higher demand for mature Security Operations Center (SOC) services. Nowadays, customers want ongoing surveillance of their infrastructure, development of operational resilience and a faster response to security incidents. All this led to contracting first SOC customers, opening the door to further business development in this area to Span Slovenia.

The most important projects completed in 2025 related to SOC implementation for several customers, covering process set-up, monitoring and operational support.

In addition, throughout the year an increased need for secure and responsible deployment of AI technologies was observed, an area in which Span also possesses remarkable expertise and is able to provide support to its customers in every segment—from AI infrastructure set-up to end-customer training, including security elements and management.

Azerbaijan

Span has been successfully building its business presence in the market of Azerbaijan for nine years, achieving stable and steady progress toward new business milestones. As in previous years, our small but very productive team continues to work closely with leading organizations in telecommunications and banking sectors,

large corporations and major producers of goods and services.

The market of Azerbaijan continues to present significant growth potential, driven by accelerating digital transformation and increasing cyber security demands. Data protection has become a strategic priority across numerous industries, as confirmed by the launch of new local Security Operations Centers (SOCs). Relying on Span's global expertise in security solutions, software asset management and infrastructure support, Span Azerbaijan remains well-positioned to meet the ever more complex needs of the local market.

In 2025, artificial intelligence (AI) emerged as one of the key areas of interest for many organizations in Azerbaijan, with some of them already beginning to implement AI-driven solutions. Using Span's experience and best practices, we help customers identify, implement and manage the appropriate AI solutions, with a view to enhance efficiency and foster innovation.

This year was also marked by several major achievements, including the successful renewal of Microsoft Enterprise Agreement (EA) with key customer in the telecommunications sector, and the acquisition of new Microsoft customers in oil and gas industry and financial sector. Also, we signed our first Dynatrace contract with the main government cloud services provider. In addition, multiple Microsoft projects were completed in which our competencies and dedication were recognized by partners and customers.

In the period that follows, Span Azerbaijan remains committed to fostering innovation, executing complex and high-value projects, and contributing to the region's ongoing digital transformation through a combination of proven global expertise and strong local presence.

Ukraine

Span Ukraine continues its strategic focus on Microsoft partnership, gathering a team of 44 professionals as the company approaches its 8th business anniversary in 2026. This year's crowning recognition was winning the Microsoft Partner of the Year Award in Ukraine for the third time, further confirming the company's leading market position.

In 2025, the company observed high demand across government, finance, education and software development sectors. Key trends included higher interest in AI-based tools and agents, business process automation, data science solutions, and ongoing focus on Microsoft security solutions.

Span Ukraine used Microsoft technology portfolio to deliver critical digital infrastructure that contributed to country's wartime resilience. Azure solutions ensured business continuity of government institutions and enterprises, while M365 platform transformed the education sector, covering more than 260,000 students across 28 universities. By implementing AI innovations and security solutions, the Ukrainian team demonstrated how strategic partnerships can encourage national digital transformation during crisis.

The project portfolio was diverse. In Ukraine, Span carried out numerous implementations, PoCs and workshops on Microsoft security services from the M365 ES stack (Intune, Defender, Sentinel, Conditional Access and Entra Premium) for customers in government, education, pharmaceutical, software development and finance sectors. Notable projects included Microsoft Fabric platform implementation for an international tobacco company and multiple migrations from on-premises and Google infrastructure to 0365/M365 and Azure.

On the global scale, Ukrainian experts contributed to one of the major projects of

the Group, implementing cloud-oriented SD-WAN network across more than 80 sites worldwide for a leading food and beverages company.

Moldova

In 2025, Span Moldova continued to follow its strategic trajectory established during 2022-2024, focusing on delivering a comprehensive portfolio of services aimed at driving technological modernization and digital transformation of business entities and government institutions. The core objective was still supporting customers in their migration to cloud platforms and fostering a shift in how IT services are perceived and used in private and public sectors.

This strategy encompasses the introduction of innovative IT services at both national and international levels, with a strong emphasis on expanding Span's presence in the market of Moldova. The Infrastructure Services, Cloud, and Cyber Security segment experienced significant progress during 2025, highlighted by successful collaborations with local customers and the introduction of infrastructure IT services, resulting in onboarding of new cloud users. In the Software Asset Management (SAM) and Licensing segment, several key SAM projects were executed, and license delivery for one of Moldova's largest commercial banks was enabled.

Building on these foundations, Span Moldova's strategic priorities began to evolve. The focus gradually shifted toward increasing service-related revenue relative to licensing, reflecting a notable shift in customer behaviour and needs in the market of Moldova. Span Moldova successfully doubled the number of service projects delivered compared to 2024. At the same time, the ratio of services to licensing revenue improved significantly, further confirming the company's commitment to positioning itself as a leading IT services provider in the region.

72
73

Estonia

With more than 26 years of experience, GT Tarkvara is the leading software solutions and services provider for the largest commercial customers, as well as customers from the public and education sector in Estonia. With focus on software, cloud, and cyber security services the company focuses on stable growth and long-term partnerships.

In 2025, Estonian customers shifted from initial interest to structured deployment of AI-enabled workplace and productivity solutions, with clear expectations regarding measurable value, governance and security. At the same time, demand for comprehensive cyber security services grew, especially in security operations, monitoring, compliance and incident preparedness, with preference for integrated solutions covering the entire service lifecycle.

Estonian company led strategic projects in Microsoft cloud, modern workplace, and cyber security, including optimizing Microsoft 365 environment and controlled deployment of AI tools like Microsoft Copilot, meeting governance and security needs. The company's cyber security activities included status assessments, advanced protection, and continuous surveillance, increasing resilience and compliance for customers in key sectors.

As part of the Span Group, the company will continue to participate in larger and more complex projects while maintaining a strong local presence and relying on established trust with over 700 customers in the Estonian market.

Georgia

Span has been actively developing its presence in the Georgian market for the past two and a half years, steadily positioning itself as a trusted technology partner of leading organizations. With one of our key customers in the banking sector, we are continuing our growth by extending the cooperation across several strategic technology initiatives and new project pipelines.

Georgia's IT market is evolving rapidly, driven by ongoing investments in financial technology, cyber security and cloud modernization. Organizations are increasingly recognizing the importance of digital resilience and secure infrastructure—an area where Span's work experience in Microsoft technologies, cyber security, and software asset management brings tangible business value.

In 2025, strengthening the Microsoft business and deepening the technical and commercial cooperation with existing customers remained in focus. Despite facing certain challenges during this process, we achieved a major milestone by becoming a Microsoft Direct Cloud Solution Provider (CSP) and acquiring our first CSP customer in Georgia. This status enables Span Georgia to deliver end-to-end Microsoft solutions directly to customers with greater agility, control, and support.

In the following period, we plan to further expand our cooperation with key financial and corporate customers, explore new business opportunities and execute complex digital transformation projects that align with Georgia's evolving market needs.

Kazakhstan

Span Kazakhstan established its operations in March 2025, quickly expanding by opening offices in Almaty and Astana and assembling a team of members with an average of 20 years of industry experience.

The company provides services to customers in different sectors, including finance, telecommunications, academia, electricity and nuclear power. Although established only in March 2025, Span Kazakhstan has already executed important projects, such as server infrastructure migration, e-mail system migration, and operational analysis, laying the foundation for further strategic initiatives.

The team focused on services, consulting and technical support, with growing demand for cloud solutions, artificial intelligence (AI), machine Learning (ML), and PowerApps solutions, addressing high market interest for digitalization and implementation of state-of-the-art IT technologies and solutions.

Building on these initial results, strategic priorities for the next year include further transformation into a service-oriented business, expanding the service portfolio, building the team and delivering planned financial targets.

Greece

In alignment with the Group's expansion strategy, Span Hellas was successfully established in the latter half of 2025. This further strengthened the Group's presence within the EU, and expanded the business outreach in the Eastern Mediterranean region. Local office was established shortly after the establishment of the company, followed by the formation of a core team of experts with extensive market experience and profound understanding of the regional business environment, paving the way for the successful operation in this dynamic market.

During the initial phase, Span Hellas focused on establishing the operational and commercial foundations required for sustainable growth. Key activities included structured engagement with strategic technology partners, direct cooperation with corporate and public sector organizations, and the development of an initial business opportunity pipeline across the markets of Greece, Cyprus, and Malta.

In 2025, market trends indicated growing demand for cloud operations, cyber security and digital transformation initiatives. In response to such trends, Span Hellas focused its activities around cloud operations and managed services, cyber security, and AI-assisted digital transformation, with a view to optimize business processes and increase organizational efficiency.

Despite the early development phase, Span Hellas achieved market visibility within a short timeframe, established relationships across the local business ecosystem and became involved in selected strategic initiatives. These activities validated the market entry approach and the relevance of Span's service portfolio in the region, setting the strong foundation for future operation.

In its operation, Span Hellas combines a local operational presence, a growing business opportunity pipeline, and a clear strategic focus, positioning the company for further development across the markets of Greece, Cyprus, and Malta.

74
75

2.1.2.6. Business awards, recognitions and achievements

2.1.2.6.1. Span Croatia, Slovenia and Ukraine – winners of 2025 Microsoft Partner of The Year Awards

Span has been named 2025 Microsoft Partner of The Year for Croatian, Slovenian and Ukrainian market. With this award, Microsoft honours the best among its partners for demonstrating excellence in their work and delivering solutions based on Microsoft technologies. It's the first time Span has been recognized as the winner for three countries in the same year.

"This award is another confirmation of Span's technological expertise, and our commitment to delivering solutions tailored to the actual needs of our customers. It is also the result of the continuous trust of our customers and the measurable value of our teams' achievements by applying Microsoft technology into secure and scalable solutions. We are especially honoured that this year we received the Microsoft Partner of The Year Award for our three markets simultaneously, which further strengthens our expertise and international recognition", emphasized Mihaela Trbojević, a member of Span's Management Board responsible for product and service management.

The Microsoft Partner of the Year Awards recognize companies that have developed and delivered solutions and innovations in the area of AI based on Microsoft Cloud technologies. The award is bestowed in several categories, and winners are selected among more than 4,600 nominations from more than 100 countries worldwide. Span Croatia, Slovenia and Ukraine were recognized for providing top-quality services and solutions in their respective countries. Span Croatia has won this prestigious award for the 7th time. The complete list of categories, winners, and finalists can be found at Partner of the Year Awards.

2.1.2.6.2. Starbucks Supplier of the Year

Span has received Starbucks Supplier of the Year award. The award is based on an internal voting procedure and is awarded to suppliers that achieved extraordinary results in Team Player and Service Owner categories.

Supplier of the Year

SPAN

TOGETHER WE RUN STARBUCKS

While other suppliers were awarded in individual categories, Span has been recognised as a partner that demonstrated each of those qualities, delivering beyond expected, and acting as an actual part of the Starbucks team.

2.1.2.6.3. Modernization of visual identity and strengthening market recognition

We introduced our new visual identity and the slogan "We get IT!" as a strong message to the local and international market: we understand the challenges of the digital age—and we are ready to tackle them. The rebranding comes ten years after the last change of visual identity and is a logical step in the development of the company, which today employs more than 900 experts.

The central element of the new visual identity is Priority Star, a dynamic illustration that is updated every ten minutes and displays support requests and security alerts in real-time. This interactive display pulses like the company's digital heart, symbolizing its 24/7 presence and readiness to support its customers—always and everywhere.

"Rebranding is more than changing the logo—it is a reflection of our identity today and the direction we are heading towards. Through the new visual expression, we want to further strengthen Span's position as an expert IT partner that helps customers grow and be secure in today's dynamic digital environment with its knowledge, experience, and responsibility", said Nikola Dujmović, President of the Management Board of Span.

SPAN
we get IT

Our partner in the entire process of creating the new visual identity was the marketing communication agency Bruketa&Žinić&Grey, and the creative team was led by the creative director Davor Bruketa.

"Span is a company that, along with technological excellence, places a strong focus on partnership and 24/7 customer support. Therefore, the visual identity, along with the logo, includes Priority Star—an infographic that displays Span's pulse during a 24-hour period in real-time. Every employee and every customer at any moment can see what is happening inside Span—transparently, clearly, and precisely. Today, when cyber security and continuous availability of IT systems are the backbone of every serious business, it is crucial to have a partner like Span—a partner who always has your back", said Davor Bruketa, creative director and co-founder of the Bruketa&Žinić&Grey agency.

The new visual identity enables us greater consistency and recognition, clearly communicating our key values—ahead of time, care, honesty and transparency.

76
77

2.1.2.6.4. Span Cyber Security Arena

Cyber security has become fundamental to the survival of businesses and society as a whole, evolving into a multidisciplinary field that requires collaboration of experts across various sectors. This was the central message of the second edition of Span Cyber Security Arena, a three-day conference held in Opatija in May 2025 that brought together leading international and local experts in IT, security, law, regulation and communication.

Cyber security is becoming the heart of every company today, and IT experts must sit at the same table with management, legal professionals, and compliance teams. They all need to establish a common language because regulatory pressure is growing, and the responsibility for security can no longer be delegated to a single function, emphasized Nikola Dujmović, the President of the Management Board of Span at the opening of the conference which gathered around 450 attendees and global IT experts in Opatija.

The program of our conference encompassed general, professional, and highly specialized topics spanning IT, law, regulation, and communication. Through this content, we highlighted that cyber security is a collective responsibility involving all sectors and levels of society. Only a multidisciplinary approach can effectively address the cyber challenges we face today, and those that lie ahead, said Hrvoje Englman, Chief Information Security Officer (CISO) at Span and co-director of the conference.

We will continue discussions on high-quality cyber security within Span Cyber Security Arena in 2026 as well. Third edition of the conference will be held in Poreč from May 20 to 22, 2026, at the Valamar Collection Pical Resort 5®.

In times of rapid technology changes and more sophisticated nature of threats, once again we are focusing on core building elements of cyber security, essential practices underlying any resilient defense strategy. We will ask one seemingly simple question, what is really important? Are we so focused on complexity that we lost sight of the key principles that silently hold everything together? Or is mastering the foundations indeed the most advanced move we can do today?

This Span Cyber Security Arena will be the most eventful so far—through lectures, presentations, panel discussions and best practices, it is the central place to gain most recent insights from the cyber security world in 2026 as well.

78
79

2.1.2.6.5. Golden Balance Sheet

We were awarded the Golden Balance Sheet Award as the fastest growing company in Croatia—a recognition acknowledging our significant business expansion, stable growth and strategic focus towards creating long-term value. We received the award on 24 June 2025 at the ceremony organized by Fina and Jutarnji list, and among more than 160,000 analysed entrepreneurs and 4,707 companies in the final, Span was recognized as the most successful in the growth category. Although the recognition is based on numbers and financial indicators, it represents much more to us—the power of ideas that came to life, a team that never gives up and values we base our success on for more than three decades.

2.1.2.6.6. Hewlett Packard Enterprise Gold Partner Status renewed

Once again, this year we renewed our Hewlett Packard Enterprise Gold Partner Status—an acknowledgement of long-term expertise, trust and commitment to providing top-quality solutions in the area of hybrid cloud and IT infrastructure. We were awarded the recognition at the HPE Intelligent Data Conference—a gathering of leading experts, HPE partners and users, where specific implementation of artificial intelligence, HPE GreenLake platform and network solutions in modern IT environments were discussed. Our focus remains on providing quality service to users when implementing demanding and complex HPE solutions.

2.1.2.6.7. Three new Microsoft Specializations

AI platform on Microsoft Azure

This specialization confirms Span's expertise in design and delivery of AI solutions using Microsoft technologies, including generative AI, predictive models, AI agents and systems for conversations that recognize documents, and all of that developed and delivered on Azure. For Span, this specialization creates new investment opportunities by Microsoft and lists Span as one of the AI leaders within Microsoft partner ecosystem. This not only confirms Span's profound expertise in building actual AI solutions on Azure, but opens the door to joint sales, priority support when entering the market and access to exclusive partner benefits.

Microsoft Copilot

Extensive use of artificial intelligence in business processes and day-to-day work marked this past period, during which we worked on the development and implementation of advanced AI solutions based on Microsoft Copilot technology with our customers. Through specific projects, workflow optimization and responsible use of artificial intelligence, we confirmed our expertise, reliability and commitment to creating real business value. As a result of this work, we obtained the Microsoft Copilot Advanced Specialization, a recognition that proves our ability to provide customers with safe, effective and strategic implementation of Copilot in their everyday operation.

80
81

Calling for Microsoft Teams

In the fourth quarter, we obtained the Calling for Microsoft Teams Advanced Specialization, showcasing our proven success in deploying and managing Microsoft 365 Phone System solutions.

Modern voice solutions like Teams Calling enhance security, compliance, mobility, and productivity, and this specialization further validates our expertise in delivering these capabilities.

Span now holds a total of 14 Microsoft Advanced Specializations—further strengthening our expertise and reliability in delivering quality solutions to customers, with continued monitoring of trends in technology.

2.1.2.6.8. Span Cyber Security Center transitioned into Educational Institution for Adults

Span Cyber Security Center transitioned into an Adult Learning Institution that will provide

formal and informal education programs in the area of cyber security. This means that it will be possible to gain formal qualifications recognized by the Croatian education system, in addition to existing training courses.

Since its establishment three years ago, the Center has remained dedicated to the same mission: sharing the latest knowledge, practices and experiences in order to improve the competences of the business community in the area, and to educate a new generation of experts. The number of cyber threats is continuously increasing worldwide, making experts in this area indispensable. According to a survey of ISC2, the world's leading organization for cyber security experts, as many as 4.8 million experts in this field were needed in 2024.

Through available programs in the Span Cyber Security Center and simulations of real-life cyber attacks, participants acquire practical and theoretical knowledge that enables them to recognize, analyze

and respond to cyber threats efficiently. Most of the lecturers are Span's experts who acquired a lot of practical experience and knowledge working on national and international projects for many years, the knowledge that they now share with the participants.

"The demand for experts in the area of cyber security is increasing year after year, and educational capacities in Croatia can't keep up with that demand. That's why we recognized the importance of targeted programs for those that want to build their career in this profession of the present, and future as well. At Span Cyber Security Center, experts from the real sector share their knowledge and practical experience with participants to enable them to start or continue working in this area as soon as possible", said Marinko Žagar, director of the Span Cyber Security Center, who gained extensive experience in the area of cyber security during his 30-year career as a lecturer.

More than 2,500 participants were trained in the Span Cyber Security Center so far. Education programs are continuously updated, and they are designed to respond to specific needs of organizations and individuals, with a particular focus on practical applicability of the content. Two micro-qualifications are now available to the participants with the establishment of institution: Cyber Security Analyst and Cloud Security Expert. These are formal qualifications, which form part of the National Qualifications Framework and are entered into e-workbook. Acquiring micro-qualifications can also be co-financed using Croatian Employment Services vouchers, that can be used by all employed and unemployed persons over the age of 15.

2.2. Information for shareholders

FIMA Vrijednosnice d.o.o. / Nikola Dujmović 25.69%
Raiffeisenbank Austria d.d. / Raiffeisen Voluntary Pension Fund 6.69%
Erste & Steiermarkische Bank d.d. / PBZ CO OMF - Category A 6.53%
Interkapital Vrijednosni Papiri d.o.o. / Dujmović Nikola 5.10%
OTP Banka d.d. / Erste Plavi OMF Category A 3.36%
Erste & Steiermarkische Bank d.d. / PBZ CO OMF - Category B 3.33%
FIMA Vrijednosnice d.o.o. / Pongrac Marijan 2.81%
FIMA Vrijednosnice d.o.o. / Banek Zvonimir 2.80%
FIMA Vrijednosnice d.o.o. / Kolarek Darko 2.66%
Privredna Banka Zagreb d.d. / Raiffeisen OMF Category A 2.66%
Others 38.37%

2.2.1. Share capital

The Company's share capital amounts to EUR 3,920,000.00 and is split into 1,960,000 common shares with a nominal value of EUR 2.00, under the symbol SPAN-R-A and ISIN symbol HRSPANRA0007.

The Company has one type of common shares that do not confer the right to a fixed return.

2.2.2. Top 10 accounts with the largest quantity of securities

In the ownership structure as of 31 December 2025, the largest individual share of 30.85% is held by the President of the Management Board Nikola Dujmović. The table on the next page shows information on the number of shares held by the Members of the Management Board and the Supervisory Board on 31 December 2025.

Management Board

Name and surname	Position	Number of shares	%
Nikola Dujmović	President of the Management Board	604,692	30.85%
Saša Kramar	Member of the Management Board	11,032	0.56%
Ana Vukšić	Member of the Management Board	489	0.02%
Mihaela Trbojević	Member of the Management Board	3,016	0.15%

Supervisory Board

Name and surname	Position	Number of shares	%
Arun Paulić	Member of the Supervisory Board	300	0.02%
Barbara Gradečak	Member of the Supervisory Board	152	0.01%

2.2.3. Share movements and trading volume

In 2025, the trading of the share started on 02 January 2025 with its price being EUR 44.30. The last day of trading on the Zagreb Stock Exchange was on 30 December 2025, when the price of the share amounted to EUR 63.60, which was a growth of 43.57%. Compared to the price of the share in the Initial Public Offering (HRK 175 / EUR 23.23) price of the share had increased by 173.83%. The trading volume of the share in the observed period amounted to EUR 13,296,612.80.

2.2.4. Share Buy-Back Program

A meeting of the Management Board of Span d.d. was held on 5 December 2024, at which, with the prior consent of the Supervisory Board, the new Share Buy-Back Program was adopted, in accordance with

the Decision of the General Assembly of 13 June 2022.

The Program is implemented with the purpose of the disposal of shares within the ESOP Program of the Company, remuneration of the members of the Management Board, the employees of the Company and subsidiaries, potential acquisition of companies, and for any other purposes that are provided for as such and allowed under the applicable legislation of the Republic of Croatia, in line with the Decision of the General Assembly of the Company of 13 June 2022.

The Company plans to repurchase treasury shares on the regulated market of the Zagreb Stock Exchange, up to the maximum of 150,000 (one hundred and fifty thousand) shares with the amount of funds allocated with the Program in the amount of EUR 11,250,000.00 (eleven million two hundred and fifty thousand).

The Company is not obliged at any point to purchase its own shares, acting as a purchaser depending on the market conditions. The Program started on 05 December 2024, and will end by 13 June 2027, at the latest. It depends on the market conditions and strategic decisions of the Company, and may be suspended, discontinued, or modified in any way during the Program period.

This Program does not regulate the purchase of own shares through organized tender offers at the Zagreb Stock Exchange.

2.2.5. Dividend Payment Policy

At the meeting of the Management Board of the Company that took place on 25 February 2022, a Dividend Payment Policy of the Company was adopted, which will be implemented in line with the development plans of the Company, the capital market

situation, net profit growth, revenue levels, and other relevant factors.

When adopting the proposed decision on the payment and the amount of dividend, the Company will pay regard to ensuring successful regular operations, continuing growth on the markets where it already operates, as well as the growth on new markets. In the event the described conditions are met, the Company will pay the shareholders 20 to 50 percent of the consolidated profit in the form of dividend. The proposals of the Management Board and the Supervisory Board of the Company for the payment of dividend will reflect the stated position, but the final decision on the dividend payment, its amount and the method of its disbursement will be determined by a decision of the General Assembly of the Company.

According to the above-mentioned, a meeting of the Management Board and the Supervisory Board of the Company took place on 30 April 2025, and it was then that the proposed Decision on the utilization of profit and payment of dividend in the amount of EUR 0.80 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who, on 17 June 2025, were registered as shareholders of the Company in the Central Depository & Clearing Company (record date). The claim for the dividend payment became due on 1 July 2025 (payment date). The date from which the share of the Company was traded without the right to the dividend payment was 16 June 2025 (ex date). Dividend was paid from the Company profit made in 2024.

2.2.6. Acquisitions and disposals of own shares

In accordance with the mentioned Share Buy-Back Program, the Company acquired and disposed of own shares during the year.

Acquisitions and disposals of shares over the year 2023:

Note	Corporate event	Purpose	Number of shares	Number of shares after corporate event	% of share capital before corporate event	% of share capital after corporate event
14 January 2023	Acquisition of own shares	Share Buy-Back Program	968	9,770	0.4451%	0.4963%
24 January 2023	Acquisition of own shares	Share Buy-Back Program	930	10,480	0.4961%	0.5366%
21 January 2023	Acquisition of own shares	Share Buy-Back Program	119	10,710	0.5366%	0.5367%
14 January 2023	Acquisition of own shares	Share Buy-Back Program	108	10,610	0.5367%	0.5418%
14 January 2024	Acquisition of own shares	Share Buy-Back Program	105	10,802	0.5416%	0.5511%
28 March 2023	Disposal of own shares	Share Buy-Back Program	8,076	4,436	0.5511%	0.6163%
7 April 2023	Acquisition of own shares	Share Buy-Back Program	500	4,835	0.5501%	0.5560%
25 June 2023	Disposal of own shares	Share Buy-Back Program	3,066	1,360	0.2360%	0.8766%
15 July 2023	Acquisition of own shares	Share Buy-Back Program	640	2,280	0.8786%	0.4122%
1 August 2023	Acquisition of own shares	Share Buy-Back Program	500	2,380	0.1122%	0.4300%
25 August 2023	Acquisition of own shares	Share Buy-Back Program	512	2,380	0.1300%	0.4678%
25 August 2023	Acquisition of own shares	Share Buy-Back Program	440	2,770	0.1678%	0.5523%
28 August 2023	Acquisition of own shares	Share Buy-Back Program	352	4,352	0.1923%	0.2210%
28 August 2023	Acquisition of own shares	Share Buy-Back Program	116	4,440	0.2210%	0.2260%
1 September 2023	Acquisition of own shares	Share Buy-Back Program	112	4,380	0.2260%	0.2327%
8 September 2023	Acquisition of own shares	Share Buy-Back Program	532	3,132	0.2327%	0.2608%
9 September 2023	Acquisition of own shares	Share Buy-Back Program	448	3,360	0.2608%	0.2857%
10 September 2023	Disposal of own shares	Share Buy-Back Program	1,380	4,040	0.2857%	0.2573%
10 September 2023	Acquisition of own shares	Share Buy-Back Program	3,000	3,000	0.2573%	0.2805%
23 September 2023	Acquisition of own shares	Share Buy-Back Program	1,000	3,500	0.2805%	0.2973%
23 September 2023	Acquisition of own shares	Share Buy-Back Program	200	3,500	0.2733%	0.2927%
28 September 2023	Acquisition of own shares	Share Buy-Back Program	158	3,710	0.2857%	0.2927%
29 September 2023	Acquisition of own shares	Share Buy-Back Program	42	3,500	0.2927%	0.2950%
8 November 2023	Acquisition of own shares	Share Buy-Back Program	580	6,340	0.8100%	0.9337%
12 November 2023	Acquisition of own shares	Share Buy-Back Program	220	6,550	0.3537%	0.3440%
1 December 2023	Acquisition of own shares	Share Buy-Back Program	1,808	7,500	0.5440%	0.4643%
2 December 2023	Acquisition of own shares	Share Buy-Back Program	802	8,550	0.4643%	0.4480%
10 December 2023	Acquisition of own shares	Share Buy-Back Program	300	9,370	0.4480%	0.4763%
17 December 2023	Acquisition of own shares	Share Buy-Back Program	2,150	9,000	0.4763%	0.4860%
18 December 2023	Acquisition of own shares	Share Buy-Back Program	1,150	10,550	0.4950%	0.5480%
As of 31 December 2023				30,780		0.7490%

On 31 December 2024, the Company held 8,802 shares, which represents $0.449\%$ of the share capital of the Company. After the mentioned acquisitions and disposals during the year, on 31 December of 2025, the Company held 10,760 own shares, representing $0.5490\%$ of the share capital.

2.2.7. Contracts with affiliated persons

During 2025, Span signed two contracts with Bug d.o.o., a company whose Director is the Vice President of the Supervisory Board, Aron Paulic.

One contract concerned the realization of an annual media and sponsorship package in the amount of EUR 30,000.00 for the period from 1 January to 31 December 2025.

The second contract was a renewal of the Contract on the provision of subscription services and delivery of Microsoft services via CSP program, which Span offers to Bug d.o.o. The annual value of the contract was EUR 1,871.70, and together with the Azure subscription in the amount of EUR 30,000.00 amounted to a total of EUR 31,871.70.

The same contract on the provision of subscription services and the delivery of Microsoft services via CSP program was concluded with Pinima d.o.o., whose Director is Ante Mandić, and is being renewed from 2023. The annual value of the contract was EUR 2,363.91.

CSP contract with Sapientia Nova d.o.o., of the Founder and Director Mirjana Marinković, was renewed with the annual value of EUR 322.00.

86
87

2.3. Financial Indicators for 2025
2.3.1. Key features of the period – 2025

2.3.1.1. Operating Revenue, EBITDA and Net Profit of Span Group
2.3.1.2. Operating Revenue, EBITDA and Net Profit of Span d.d.

Operating revenue	+29% Net	Operating revenue	+55% Net
230.9 mil. EUR		148.6 mil. EUR
EBITDA before one-off items	+58% Net	EBITDA before one-off items	+109% Net
13.7 mil. EUR		10.6 mil. EUR
EBITDA after one-off items	+47% Net	EBITDA after one-off items	+139% Net
13.5 mil. EUR		10.4 mil. EUR
Net Profit after one-off items	+68% Net	Net Profit after one-off items	+127% Net
5.7 mil. EUR		6.3 mil. EUR

Profit and Loss Account – shortened

Span Group
In thousands of EUR

	2024	2025	Δ %
Total revenue	180,879	232,225	28%
Operating revenue*	179,039	210,861	29%
Other revenue	1,840	1,364	-26%
Total costs	171,685	218,680	27%
Costs of goods and services sold*	123,251	164,659	34%
Personnel expenses**	37,680	43,322	19%
Other operating expenses**	10,755	10,701	-11%
EBITDA before one-off items	9,951	11,689	38%
EBITDA one-off items	757	114	-81%
EBITDA after one-off items	9,194	11,544	47%
Depreciation and amortization	3,748	4,255	14%
Goodwill impairment losses	-	1,431	-
EBIT before one-off items	6,203	9,434	52%
EBIT after one-off items	5,446	7,858	44%
Net financial result	-652	-235	64%
Shares of profit/loss of associated companies	-1	-90	-7879%
Impairment losses on investments in associates	-	260	-
Profit/loss before taxation before one-off items	5,550	9,107	64%
Profit/loss before taxation after one-off items	4,792	7,272	52%
Corporate tax	1,394	1,565	12%
Profit/loss after taxation before one-off items	4,155	7,542	82%
Profit/loss after taxation after one-off items	3,398	5,597	68%

revenue from voucher sales of the subsidiary undertaking that was previously reported in gross amount is now reported in net amount, while revenue and direct expenses are adapted for the previous period without impacting the results of the Company and the Group.
** in 2025, a reclassification of expenses related to employees was carried out, from other operating expenses to personnel expenses, with a view to improving the overview of labor expenses. For the purpose of consistency and comparability, reclassification was carried out for 2024 as well.

Span d.d.
In thousands of EUR

	2024	2025	Δ %
Total revenue	110,567	149,220	35%
Operating revenue	110,033	148,617	35%
Other revenue	534	503	-6%
Total costs	106,216	138,703	31%
Costs of goods and services sold	68,109	93,180	37%
Personnel expenses**	30,101	37,100	28%
Other operating expenses**	8,006	8,423	8%
EBITDA before one-off items	5,053	10,561	109%
EBITDA one-off items	702	114	-79%
EBITDA after one-off items	4,351	10,417	139%
Depreciation and amortization	2,782	3,438	24%
Goodwill impairment losses	-	1,431	-
EBIT before one-off items	2,271	7,123	214%
EBIT after one-off items	1,569	5,548	254%
Net financial result	1,547	1,439	-7%
Shares of profit/loss of associated companies	-	-	-
Impairment losses on investments in associates	-	266	-
Profit/loss before taxation before one-off items	3,818	8,562	124%
Profit/loss before taxation after one-off items	3,116	6,721	116%
Corporate tax	360	459	28%
Profit/loss after taxation before one-off items	3,458	8,103	134%
Profit/loss after taxation after one-off items	2,756	6,262	127%

** in 2025, a reclassification of expenses related to employees was carried out, from other operating expenses to personnel expenses, with a view to improving the overview of labor expenses. For the purpose of consistency and comparability, reclassification was carried out for 2024 as well.

Revenue
Total consolidated revenue increased by EUR 51,346 thousand, or 28% compared to the 2024. The operating revenue grew by EUR 51,822 thousand in the same observed period. The highest absolute and relative growth was recorded by the Software Asset Management and Licensing segment. Total revenue growth from IT services with high added value amounted to EUR 10,522 thousand.

In the same period, Span d.d. recorded a growth of total revenue by EUR 38,553 thousand, or 35%. The growth came from the operating revenue, which increased by EUR 38,584 thousand. Revenue growth is the result of growth in all business segments, while the most significant growth was recorded in the Software Asset Management and Licensing segment. In 2025, a bid of the Group of bidders Span d.d. and Combis d.o.o. was selected on a public tender for the use of Microsoft software products and services, followed by the implementation of contract in July. Also, the contract for buy in and technical support renewal of Microsoft licenses was implemented in July, as part of an open procedure for the public procurement of Hrvatska elektroprivreda d.d.

Operating expenses
The total consolidated operating expenses saw an increase by EUR 46,997 thousand, or 27% compared to 2024. The largest generator of the growth of expenses was the cost of goods and services sold, following the revenue growth, while the increase has been further stimulated by the expansion to foreign markets, including incorporation and operational start-up of subsidiaries.

The personnel expenses increased by EUR 5,642 thousand, or 15% compared to 2024. The average number of employees in the Group in 2025 was 890, compared to the prior year when the average number of employees in the Group was 859.

Total expenses of Span d.d. increased by EUR 32,487 thousand compared to the same period last year. Cost of goods and services sold increased by EUR 25,071 thousand, while personnel expenses increased by EUR 6,999 thousand, which is mostly due to the merger of the companies Ekobit and Bonsai. The average number of employees in the Company in the observed period is 776, which is an increase compared to the previous year when the average number of employees in the Company was 698. Increase in the number of employees is a result of Ekobit and Bonsai mergers, and after the merger, the employees continue to work in the segments of services with high added value.

EBITDA
EBITDA of the Group before one-off items increased by EUR 3,736 thousand, or 38% and amounts to EUR 13,687 thousand. One-off items of EBITDA of the Group were EUR 144 thousand and related to: 1) severance pay to a former member of the Management Board 2) adjustment of the last instalment liability related to the acquisition of GT Tarkvara.

EBITDA after one-off items in 2025 recorded an increase of 47% compared to the same period of the prior year.

Span d.d. recorded an increase of EBITDA before one-off items of EUR 5,508 thousand, or 109%, amounting to EUR 10,561 thousand. In the observed period, Span d.d. recorded an increase of EBITDA after one-off items of EUR 6,066 thousand, to EUR 10,417 thousand, which was a 139% increase.

The increase of depreciation and amortization in the Company is mostly the result of the merger of the company Ekobit, and leasing an additional business premise.

The Group's net financial result of the period amounted to EUR -235 thousand, a result of foreign exchange losses in Span Croatia and interest expense due to bond issuance.

Revenues by segments

Span Group

In thousands of EUR	2024	2025	Δ %
Total operating revenue	179,039	230,061	29%
Software Asset Management and Licensing	129,152	170,451	32%
Infrastructure Services, Cloud & Cyber Security	16,135	19,128	19%
Service Center Management and Technical Support	19,193	24,628	28%
Software and Business Solutions Development*	14,559	16,654	14%

revenue from voucher sales of the subsidiary undertaking that was previously reported in gross amount is now reported in net amount, while revenue and direct expenses are adapted for the previous period without impacting the results of the Company and the Group.

Span d.d.

In thousands of EUR	2024	2025	Δ %
Total operating revenue	110,033	148,617	35%
Software Asset Management and Licensing	66,576	93,187	40%
Infrastructure Services, Cloud & Cyber Security	14,058	18,147	29%
Service Center Management and Technical Support	18,730	23,569	26%
Software and Business Solutions Development	10,669	13,713	29%

Net profit

Profit after taxation before one-off items of the Group increased by EUR 3,387 thousand, to EUR 7,542 thousand. In the observed period, profit after taxation after one-off items of the Group increased by EUR 2,309 thousand, to EUR 5,707 thousand. One-off items are higher by EUR 1,078 thousand compared to the same period last year.

One-off items of the Group at the level of EBITDA include the severance pay to a former member of the Management Board and the adjustment of the last instalment liability related to the acquisition of GT Tarkvara, in the amount of EUR 144 thousand; at the level of EBIT, they include the expenses stated and goodwill impairment in the amount of EUR 1,431 thousand; while at the level of gross and net profit, they further include impairment of investment in associate Fintech Digital Services d.o.o., in the amount of EUR 260 thousand. Goodwill arising from the merger of subsidiary

Recro-net d.o.o. has been written off based on the estimate of recoverable values, in accordance with the long-term strategic direction and business development priorities of the Company.

Span d.d. recorded a growth of profit after taxation before one-off items by EUR 4,645 thousand, to EUR 8,103 thousand. Span d.d. recorded a growth of profit after taxation after one-off items by EUR 3,506 thousand to EUR 6,262 thousand. The cost of corporate tax reflected the release of the deferred tax assets for both tax reliefs obtained based on the Investment Promotion Act. More details about the reliefs obtained can be found in the chapter "Deferred tax assets".

The Management Board of Span d.d. continuously considers all risks related to the Russian - Ukrainian war and is of opinion that those risks do not jeopardize the financial results of the Group.

Revenues by segments

Span d.d. 2024

Span Group 2025

2.3.2. Revenues by segments

Span Group generated revenue in the following segments:

Software Asset Management and Licensing
Infrastructure Services, Cloud & Cyber Security
Service Center Management and Technical Support
Software and Business Solution Development

Data on revenues by segments of the operation of the Group and Span d.d. for 2024 and 2025 is provided below.

Software Asset Management and Licensing recorded a growth of revenue by 32%. The Group recorded higher revenue compared to the 2024. The highest growth was recorded by Span Croatia and Span LLC Ukraine, followed by Span Slovenia and GT

Tarkvara. The share of revenue in the total operating revenue was 74%.

Infrastructure Services, Cloud & Cyber Security increased by 19% in the observed period, compared to the same period of the prior year. Revenue growth in this segment was generated by the realization of strategic investment in this business segment, additionally expanded by the implementation of a major project with one of our key customers in 2025.
Service Center Management and Technical Support contributed to a continuous growth of revenue through the supervision and management of the IT surroundings services, with the increase of revenue of this segment amounting to 28% compared to the same period last year.
Software and Business Solution Development in the observed period grew by 14% compared to last year.

Revenues by geographic markets

Span Group 2024

Span Group 2025

Span d.d. 2024

Span d.d. 2025

2.3.3. Revenues by geographic markets

Revenues by geography show the geographic market where goods, or services are invoiced. The share of revenue the Group makes in foreign markets accounts for 74% of the total revenue. The most significant growth of revenue, totalling EUR 13,697 thousand was recorded by the Croatian market, followed by the Ukrainian (EUR 7,353 thousand) and Slovenian market (EUR 6,428 thousand). In the Ukrainian market, Microsoft for most of its users in Q1 2024 still allowed the use of products free of charge.

Span d.d. achieves 40% of revenue on the Croatian market, which also recorded the highest growth compared to the same period last year.

2.3.4. Balance Sheet

In thousands of EUR	Span Group		Span d.d.
	31.12.2024	31.12.2025	31.12.2024	31.12.2025
ASSETS	81,177	113,767	61,034	87,434
Fixed assets	25,033	20,245	30,002	30,566
Deferred tax assets	1,158	632	933	624
Current assets	20,028	37,315	17,113	24,594
Cash and cash equivalents	24,368	44,056	8,994	28,705
Prepaid expenses and accrued income	4,590	5,519	3,992	4,945
LIABILITIES	81,177	113,767	61,034	87,434
Equity and reserves	33,853	37,846	29,840	34,624
Long-term liabilities	2,414	30,044	2,377	29,076
Current liabilities	39,334	39,662	25,461	21,620
Accrued expenses and deferred revenue	5,575	6,215	3,356	2,114

Investment in assets

In thousands of EUR	Span Group		Span d.d.
	2024	2025	2024	2025
Computer equipment and other equipment	740	878	704	713
Tangible assets in preparation	23	36	-	-
Right-of-use assets	2,411	4,956	2,223	3,787
Other intangible assets	36	58	3	26
Intangible assets in preparation	312	495	429	453
Investment in assets total	3,522	6,423	3,359	4,979

Assets

The total value of the assets of the Group was higher by EUR 22,590 thousand. The increase of the total assets is mostly the result of the increase of cash and cash equivalents, as well as the increase of accounts receivable.

Investment in assets

Investments of Span Group in tangible assets mostly related to expenditure for the procurement and replacement of worn out computers and other equipment required for the work of employees. Right-of-use assets related to business premises and leased vehicles. In the fourth quarter of 2025, the existing lease agreements were extended, thus leading to a remeasurement of lease liabilities and right-of-use assets in accordance with applicable accounting standards. This resulted in an increase of carrying amount of right-of-use assets and corresponding liabilities. Investment in intangible assets in preparation related to the implementation of software for own use, capitalised labour costs relating to the continuation of development of inter

nally generated intangible assets, and the investment in business premises leased by the Group.

Deferred tax assets

Deferred tax assets represent income tax return amounts which are recoverable based on future taxable profit deductions. Deferred tax assets are recognized up to the amount of taxable earnings which are likely to be achieved. When determining future taxable profits and the amount of taxable earnings which are likely to be achieved in the future, the Group judges and creates an estimate based on taxable profits from the previous years and the expected future earnings which are considered to be reasonable in existing circumstances. The Group made an assessment of the usability of tax relief for the estimate of the amount of deferred tax assets, based on support received from the Ministry of Economy, Entrepreneurship and Crafts. Based on the above, deferred tax assets were further recognized, and they amounted to EUR 632 thousand as at 31 December 2025.

The financial support received allows Span d.d. to be exempt from paying corporate income tax from 2021 to 2031, for 50% of the amount of the tax base, up to the maximum threshold in the amount of the total investment according to the Investment Promotion Act (ZOPI).

Equity and reserves

The total equity and reserve of the Group increased by EUR 3,993 thousand. The increase arises from the retained earnings and the profit of the current period.

Long-term and short-term liabilities

Total long-term liabilities increased by EUR 27,630 thousand, primarily as a result of bond issuance in the third quarter and the increase of lease liabilities after the remeasurement of lease liabilities, carried out due to the extension of existing lease agreements.

Short-term liabilities increased by EUR 328 thousand, as a result of the increase in liabilities to suppliers.

2.3.5. Cash flow

The Group recorded positive cash flow from business activities, which is lower compared to the previous year, primarily as a result of an increase in accounts receivable as at 31 December 2025, leading to an increase of tied-up resources in the working capital and consequently lower net inflow from business activity. The Group recorded the coefficient of the current liquidity of 1.89, which points to the ability of the Group to settle its current liabilities.

Negative cash flow from investment activities was mostly the result of the payment of the last instalment for the acquisition of GT Tarkvara.

The positive cash flow from financial activities is the result of bond issuance.

Negative net debt of the Group amounted to EUR 12,704 thousand, and is an indicator of the financial liquidity of the Group.

Current Assets, Current Liabilities and Working Capital	Span Group			Span d.d.
In thousands of EUR	31.12.2024	31.12.2025	31.12.2024	31.12.2025
Current assets	54,986	86,890	30,098	56,244
Current liabilities	44,910	45,877	28,817	23,734
Working capital	10,077	41,021	1,281	32,510
Current liquidity ratio	1.22	1.89	1.04	2.37
Net debt	Span Group			Span d.d.
---	---	---	---	---
In thousands of EUR	31.12.2024	31.12.2025	31.12.2024	31.12.2025
Financial debt*	8,299	31,352	8,118	30,334
Cash and cash equivalents	24,368	44,056	8,994	28,705
Net debt*	(16,069)	(12,704)	(876)	3,629
Total equity	33,853	37,847	29,840	34,624
Net debt and total equity ratio	-	-	-	10.5%

*Long-term and short-term credits and loans, lease liabilities and liabilities for issued securities

96
97

2.4. Risks

Span has established and maintained a risk management system on the level of the Company in order to connect strategic goals and risks with the operative risks and in this way manage the operations in the best possible way. By late 2022, the Company started the implementation of the risk management system according to ISO 31000 standard. The standard contains recommendations and good practice in the area of risk management and there is no official ISO certificate for it.

The Risk Management Policy¹⁵ was defined, applying to all temporary, occasional and permanent employees of Span, depending on defined roles and responsibilities. The policy specified competences, responsibilities and principles. The risk assessment frequency and reference to the Risk Appetite document were defined. It is specified that Span will accomplish its business goals offering products and services while taking into account:

Maintenance and respect of high ethical standards of operation and sustainability
Preservation of long-term financial profitability and business sustainability of Span
Protection of interests of customers and ensuring decent treatment by providing high quality services
Ensuring operations in full compliance with the legislation and regulatory requirements
Maintaining the internal control system in order to preserve and maintain continuity and security of operation
Ensuring operations continuously focused on well-being of people and communities, and climate and natural environment protection.

Furthermore, a document with the context of the influence of the main shareholders was created, as well as Risk Appetite¹⁶, and the Risk Management Methodology, elaborated based on the previous Information Security Management System methodology.

A further progress in risk management was achieved in 2025. Through activities of identification, training and education, and the systemic application of controls, the Company created an environment that encourages proactivity in facing risks. Transparent risk management system was created, suitable for risk processing in every domain of the operation of Span. Based on the probability of occurrence and the potential reach of negative impacts of the operations, the financial condition and results of the operation of the Group, the following risks were identified:

¹⁵ Created on 30 November 2022, and the actual version is from 6 November 2023.
¹⁶ The Management Board of the Company adopted the Risk Appetite Statement on 23 March 2023, which defined the appetites of operative, reputational and financial risks, as well as compliance risk in accordance with strategic guidelines.

98
99

The risks were distributed by categories depending on their nature, and may be mutually connected. There is a possibility of the occurrence of additional risks that could influence the operations, financial condition and results of the operations of the Group, if they were realized, but they are currently not known or they are not considered key risks at the moment.

2.4.1. Financial risks

Foreign currency risk

The Group operates on an international level and is exposed to the foreign currency risk that arises from changes in the exchange rate of foreign currencies. The Group is exposed to transaction and translation risk of changes in the exchange rate of foreign currencies. It is exposed to transaction risk in procurement and sales of goods and services denominated in foreign currencies, while translation risk arises from financial reports of subsidiaries denominated in foreign currency in consolidated statements that are presented in local currency (EUR).

The Group is mostly exposed to the risk of change in the exchange rate of the US dollar (USD). The risk is mostly present in relation to the conversion costs USD – EUR and Ukrainian Hryvnia (UAH) – USD. Changes in the exchange rate in aforementioned currencies may impact the business results, future cash flows of Group’s companies and balance sheet changes that manifest as lower value of net monetary instruments in foreign currencies.

The risk is managed by the Group by using financial instruments for the protection of exchange rates and contractual safeguard clauses with customers. More detailed description can be found in the audit report under note 35. Financial instruments.

Interest rate risk

The Group is exposed to interest rate risk because Span and its subsidiaries are debited at fixed and variable interest rates. The Group manages the stated risk by maintaining an appropriate borrowing ratio with the fixed and changing interest rate. More detailed description can be found in the audit report under note 35. Financial instruments.

Accounts receivable risk (credit risk)

Accounts receivable risk (credit risk) is a risk of a customer’s failure to pay, i.e. default by the customer concerning the contracted liabilities, which impacts possible financial loss of the Company or the Group. Credit risk of the Group is diversified by geography and by customers, and the exposure, creditworthiness of the customers and their orderliness in meeting the contracted obligations towards the Group is continuously monitored. To reduce the accounts receivable risk, the Group adopted a policy of operation only with creditworthy customers, contracting collaterals securing the collection and securing the claims. More detailed description can be found in the audit report under note 35. Financial instruments.

Liquidity risk

The liquidity risk itself relates to a situation where the Group cannot meet its due financial liabilities on time due to the lack of its own cash, shortage of available assets on the cash market or impossibility of crediting by financial institutions. The Group has set up an appropriate framework for the liquidity risk management by which it is guided in the management of the short-term, medium term, and long-term requirements of the Group for funding and liquidity. The Group manages the liquidity risk in a manner that it maintains adequate reserves and credit lines, constantly oversees the projected and actual cash inflows and outflows and adjusts maturity of the financial assets and financial liabilities. More detailed description can be found in the audit report under note 35. Financial instruments.

Risk of over-indebtedness

The risk of over-indebtedness is expressed in the too high level of debt that adversely affects the financial stability of the Group. The Group monitors its status of indebtedness and manages the risk of over-indebtedness through the indicators of indebtedness.

The Group manages the risk of over-indebtedness by monitoring and regulating indicators, such as the share of financing with its own funds with respect to financing with third party, i.e. external funds, and net debt coverage ratio.

The debt structure consists of short-term liabilities to banks for loans and lease liabilities for business premises and company cars, as well as issued bonds and long-term liabilities for the lease of cars and business premises of the Group.

100
101

2.4.2. Legal risks

Risk of change of regulations and regulatory risk

The Group operates in the global market and it is therefore subject to the risk of change of tax regulations in a manner that would adversely affect profitability of the operations of the Group. This risk is also reflected through possible changes of tax rates as well as the subject of taxation. The presence of the Group in different jurisdictions implies different global and regional economic, political, legal, regulatory and operational risks, which instils additional complexity in the operation due to diversity of the rules applied, including regulations governing the access to and use of the Internet, data privacy and IT security, along with labor law and other issues in each jurisdiction where the Group operates. There is a risk that the Group will not be able to detect and/or prevent a breach of regulations, i.e. that the standards of control and risk management applied by the Group will not be implemented efficiently in all subsidiaries.

Risks related to the protection of personal data and intellectual property

Within their operations, the members of the Group process the personal data of participants (e.g. employees, customers, business partners and third persons, such as job candidates). Obligations concerning processing personal data differ depending on whether personal data is processed in the role of the controller or in the role of the processor. GDPR

and the Croatian Act on the Implementation of the GDPR, i.e. national and other regulations on data protection according to the territorial application for different members of the Group, provide for regulations in accordance with which the members of the Group act in relation to personal data, and competent bodies, primarily Croatian Personal Data Protection Agency, monitor the compliance with the said regulations.

Risks arising from this area are primarily related to potential incidents that could result in personal data leak, and improper handling of personal data. The Group aims to prevent the risk in question by applying relevant technical and organizational data protection measures, such as ISO certification, regulations governing data processing, implementation of security solutions, use of verified applications owned by reputable companies, training and presentation on the importance of personal data protection to employees and similar.

The Group encounters different forms of intellectual property of its partners and customers in its operation. There is a risk posed by possible violations of the intellectual property rights specific for the operation of the Group, such as the use of the source code and IT products contrary to the terms and conditions from the license and the use of open source solutions contrary to restrictions set by the customers of the Group. An additional risk is reflected in unauthorized and/or improper use of intellectual property of partners and customers, in particular the use of different

types of trade marks during marketing and similar activities.

The Group makes sure to prevent mentioned risk by coordinating teams in consultation with the legal team, and informing interested internal stakeholders about specific provisions of certain contracts. A risk is also posed by potential and successful cyber attacks directed at personal data of customers. The very perception that a threat or violation of personal data has occurred, whether the danger is real or not, can significantly disturb the business reputation and make future operation of the Group difficult.

2.4.5. Risks related to the operations

Risk of the susceptibility of the profitability of the Group, its operating results and working capital to significant fluctuations

The operating results of the Group may be influenced by the fact that the operations that make up for a significant part of the Group's revenue are not contracted for the long term and thus there is no certainty that the Group will make revenue from these jobs in the long run. Customers are not obliged by volume commitment. Revenues of the Group based on license subscription are relatively stable in the short term (excluding the effects of potential foreign currency fluctuations), but in the long run, they can vary due to the pace of the IT industry and market in which the Group operates. However, low margins in relation to license subscription reduce the effects of the concerned revenues on the profitability of the Group. With a strong

focus on long-term growth and investments oriented to strengthening the capacities for growth of the Group, the Group expects the profitability and the working capital to vary on quarterly and annual levels

Risk of the loss of key employees and of the lack of skilled labor

Operation of the Group largely depends on its ability to retain and motivate the existing employees, but also the ability to identify and attract new professional employees to key positions. In the markets in which the Group operates, the demand for IT experts has increased, and the labor market features a constant lack and increased turnover of IT experts of all levels of expertise. It follows that there is a risk that the Group will not be able to respond adequately to the demanding pace of the labor market and timely engage the required additional staff or retain the existing one. This could lead to the distortion of competitive position of the Group or increased costs related to increased employment competition.

To maintain the quality of IT staff it employs, the Group organizes training for advancement and obtaining professional certificates required for the performance of specific IT services, demanded by technology partners on the one hand, and customers on the other. The Group recognizes the importance of continuous investment in knowledge and development of employees as the key element in preserving the competitive advantage. 63.42% of employees on technical positions hold active professional certificates. Global trends, such as increased employee turn-

over, can be seen in the operation of the Group as well. In 2025, the turnover rate amounted to 16.29%.

Departure of key strategic employees is very rare at Span. However, we are aware that turnover at key positions may occur, which is normal in the industry, and we classify such situations as a material financial and operational risk for the company. Loss of key talents may lead to knowledge gaps, delays in project delivery and increased recruitment and onboarding costs.

Risk of business environment and political risk

The risk of the business environment is determined by political, economic and social conditions in a country, and includes political, macroeconomic and economic risks. The political risk of a country includes all the risks related to a possibility for political instability, and in its extreme, includes the integrity and survival of the state. Such changes may force a country's authorities to introduce legislative changes that can include: declaration of state of war, introduction of sanctions, tariffs, quota and restrictions of currency and capital flows.

Risks of this nature are mostly not present significantly in the Group, apart from the Ukrainian market, where Russian aggression and war are still taking place. War between Ukraine and Russia led to the introduction of sanctions to Russia by the EU and the US, as well as the introduction of sanctions by Russia especially to the EU and the US, which are frequently updated and extended.

In 2025, the share of subsidiary SPAN LLC with headquarters in Kyiv, the Republic of Ukraine in the total revenue of the Group amounted to 15%.

Unfavourable macroeconomic developments on the global and local level, such as recession, economic slowdown, inflation and other may potentially impact the operation of the Group and that of Group's customers. More significant changes or, in the worst case scenario, termination of the business relationship between the most developed trading blocks that would lead to hindrance or interruption of free movement of goods and services, could significantly impact the operation, business and investment plans of Group's customers, by potentially leading to the reduction in the use of services and delays in development investments, all of which may negatively impact the Group's operation.

Risk of exposure to cyber attacks

Cyber risk is the risk of financial loss, disruption of service availability and loss of reputation of an organization as a result of deliberate and unauthorized security breaches for the purpose of gaining access to information for espionage or extortion, inadvertent or accidental security breaches and bad IT system integration or other factors.

In day-to-day operation, the Group is exposed to risk of cyber attacks and security threats to own systems. In its operations with customers, the Group is obliged to maintain systemic security, provide security patches and improvements, antivirus measures of protection against a malicious code, and ensure credibility of its own employees who cooperate with the customers of the Group. IT security breaches can lead to setbacks in the provision of services and/or functioning of the system controlled by the Group and to potential endangering of reliable information. Every year, the Group increases investments in order to better protect itself against risks of exposure to cyber attacks and security threats.

Since cyber risks can critically impact the operation, the Group regularly carries out simulations, exercises and testing of crisis management plans, crisis communication, recovery and continuation of business in case of cyber attacks. The Group also evaluated the ability of the management team to make informed and timely decisions during crisis. The Group continuously makes effort to raise awareness and permanently educates the management team about the risks and the impact of ransomware or other cyber attacks. The Group also implements extensive security training measures and training of its IT and security experts.

Supplier risk

Results of the Group largely depend on a possibility of sale of Microsoft program licenses and use of Microsoft solutions of operation in Cloud, which the services the Group renders to their customers are based on to a significant extent. Therefore, global acceptance of Microsoft programs and solutions in relation to operation in Cloud is a significant factor in the business model of the Group. Even though Microsoft IT solutions are widely prevalent, there is no guarantee that they will keep the current market position in the future so the risk of adjustment to fast changes in technology on the competitive market is applicable to Microsoft itself as well.

The authorization of the Group for sales of Microsoft products to customers and the business requirements of the cooperation are related to the status of the provider of services of licensing, whereby the supplier risk is based on a contract that is not exclusive and should be renewed on an annual basis for each geographic area where the Group sells Microsoft products. Successful cooperation of the Group with Microsoft also depends on a successful adjustment to business requirements of cooperation specified by Microsoft, which include various incentives in form of rebates, investments, marketing assets and other payments.

The incentives Microsoft offers to its Microsoft LSP (Licensing Solution Provider) partners, including the Group, depend on whether a partner meets certain indicators of success such as the revenue growth in certain areas of products or services, finding new customers, acquiring certain Microsoft competencies and specializations, etc.

Business requirements for cooperation are subject to annual changes, so if the Group is not able to adapt to those changes on time, this can result in a significant reduction of the received incentives and adversely affect the profit margins of the Group. The Group, a

multiyear Microsoft partner with more than 30 years of successful cooperation, enjoys business trust, but there is no guarantee that the cooperation will continue equally successfully in the future. Finally, concerning Microsoft as a supplier, along with other IT companies whose products are used by the Group, one cannot rule out that the mentioned companies will offer their products and services directly at certain markets or to certain customers. Such a change of the business model of companies that can be considered suppliers of the Group could adversely impact the operation of the Group.

Reputational risk

Reputational risk is the risk of losing reputation and trust of users, suppliers, employees and other interest groups of the Group. It is manifested as a consequence of either operational, financial, or other previously mentioned risk. Occurrence and active lack of management of one of the mentioned risks can significantly affect the operation of the Group and its long-term financial position. Through implementation of the risk management system in accordance with ISO 31000 standard and internal coordination of all the Group's activities according to interest groups, the Group actively manages all the risks that could lead to the manifestation of this one.

Risk related to retaining the current and finding new customers and risk of concentration of key customers

The operation of the Group depends on its ability to keep and expand the cooperation with the current customers through cross-selling and up-selling, and successfully attracting new customers. Growth of revenue

of the Group depends on the growth of sales to existing customers through an increase of the number and types of services provided, which makes the retaining of the existing customer base especially important.

A significant category of users of the Group, as per their share in the revenues, is made up of customers of the Microsoft licenses that are by rule renewed annually. However, customers are not obliged to renew their subscription after the expiry of the contracted duration of a license, therefore the Group cannot be certain that those customers will renew the subscription for a further period after the expiry of a license. In addition, the Group is exposed to the risk of the concentration of key customers. The risk is reflected in the concentration of revenue in relation to customers that belong to one business group. It is therefore not possible to rule out the possibility that such customers may cease to use the services of the Group for whatever reason, or to continue to use them to a lower extent.

Maintenance of the continuity of operation risk

The total operation of the Group depends on the possibility for proper functioning of its own IT infrastructure and ability of the Group to protect it in case of unpredictable events (continuity of operation). Smooth functioning of its own IT systems is a prerequisite for regular operation and the foundation of trust the customers have in the Group's services. Besides, technology used by the IT infrastructure is susceptible to difficulties in functioning caused by the human factor, delays in the supply of electricity, systemic errors, telecommunication problems, natural

disasters, and similar events that can cause significant obstructions in regular operation of the Group and cause violations of the assumed contractual obligations, if the Group cannot eliminate them within a reasonable time span.

The Group uses the IT infrastructure of renowned global technological companies such as Microsoft Corporation, Cisco Systems, Google and others and has backups of all important data, which is not stored at one location. Furthermore, the Group also uses the IT infrastructure of third persons that it does not control, such as services of operation in Public cloud, so the operation of the Group largely depends on proper functioning of the concerned infrastructure and its connection with the Group's customers. IT infrastructure risks that can significantly impact the continuity of operation and the achievement of business objectives are identified in the business impact analysis. Also, based on the Business Continuity Plan, Disaster Recovery Pans are created for all higher importance risks. The plans were successfully tested and Span demonstrated its compliance with ISO 22301 standard - Business continuity management system.

Competition risk

Markets in which the Group operates are highly competitive and are characterized by fast changes in technology and frequent introduction of new products and services. Future profitability of the Group significantly depends on the successful improvement of its solutions and implementation of new services, and on efficient interoperability

between an increasing number of operative systems, applications and software solutions.

There is no guarantee that the future effort of the Group to comply with the current requirements of the market will be successful. Any belatedness in adopting new technologies, which would result in the lack of competition, would reflect adversely on the business results of the Group. Moreover, it is possible that competitor companies will meet the requirements for changes in the IT technologies in the future more efficiently, and in that way jeopardize the profitability of the operation of the Group. Even though the Company is among the leading companies in its industry, there is a risk that some of the current competitors could make a high financial investment and launch an attempt to take over customers or employees of the Group. Given the trends of consolidation in markets where the Group operates, some of the global competitors are also likely to access those markets.

Risk of climate change adaptation

Physical climate-related risks (e.g., extreme heat, storms, floods) could affect electrical and information and telecommunications infrastructure, service continuity, and the entire supply chain that Span relies on in its operations. As a provider of business-critical IT services, these risks could disrupt operations and undermine customer trust.

People and community

108
109

3.1. Human resource excellence

Human resources management was still one of the key strategic areas of Span in 2025. With a view to monitoring engagement, satisfaction and sense of belonging of employees, we carried out the Organizational Climate Survey this year as well, including international subsidiaries. This year's survey was expanded with a new segment dedicated to inclusion, and the part concerning international offices was further developed, so that all the future climate surveys can be of higher quality and cover all the subsidiaries within Span Group. The results showed a positive trend in the perception of work environment and interpersonal relationships. Further activities focused on the development of organizational culture, enhancing the engagement and improving the employee well-being program were defined based on the results.

3.2. Strengthening employees' competences

In order to further improve competences of employees and reinforce organizational performance, in 2025, we launched and defined competences at the level of Span Group for all employees. Competences include key skills and behaviours required to successfully perform day-to-day tasks and to achieve goals of the organization in the long run. The implementation of 360° feedback process through SAP module 360° is planned within this project, which enables obtaining structured feedback from multiple perspectives—from superiors, colleagues, members of own team and self-evaluation of employees.

These activities are essential for continuous development of talent and ensuring that each employee has clear guidance and support for personal and professional growth, thus further strengthening the stability and resilience of Span Group.

3.3. Strengthening our international presence and employee support

This year we took on the reorganization of our operational structure, with a view to adapt to market conditions, increase operational efficiency and provide firmer support to Span's international growth. The existing, mostly vertical organizational model was upgraded with more pronounced horizontal elements, thus improving the multifunctional cooperation, strengthening the decision making, and increasing autonomy and responsibility of managers.

In addition to organizational changes, we continued to expand our business and strengthen the international presence of Span by employing new colleagues in Croatia, and in foreign markets. Particular emphasis was then placed on quality onboarding and systematic support to new team members in subsidiaries outside Croatia.

In order to further facilitate their integration, we launched the International Onboarding page on Intranet, offering a comprehensive overview of business units and key internal policies of Span, and another page with an overview of Span's Portfolio with relevant documents and video materials for each business unit. By means of this step forward, the onboarding process became more structured, efficient and informative, thus further reinforcing compliance of employees with Span's organizational values and culture.

110
111

3.4. Taking care of employees' health and well-being

In 2025, we organized lectures and education programs concerning female and male health, mental health and healthy lifestyle, by way of which we aim to raise awareness of employees on the importance of work-life balance, and encourage them to preserve and continuously strengthen that balance.

In 2025, our dedication to sustainable habits and employee well-being was confirmed by the renewal of European Cycle Friendly Employer (CFE) Certificate. This certificate is awarded to organizations that actively encourage their employees to use bicycles as a sustainable and healthy means of transportation, while ensuring needed infrastructure and support. At Span, for many employees arriving to work by bicycle is part of their everyday life and culture of responsible behaviour. In order for Span's cycling fleet to still safely contribute to the reduction of carbon footprint, we organized a "Cycling to work – no sweat, no paranoia" lecture in cooperation with Cyclists' Union, and ensured a free bicycle repair for employees.

We also organized our first Span Christmas Pub Quiz, which gathered more than 180 employees. Participants competed in teams in a relaxed, holiday atmosphere, enjoying the party and shared experiences, paving the way for future quizzes.

3.5. Circular use of technology: support for education and waste reduction

As part of activities aimed at strengthening the cooperation with local community, at Span we annually carry out donation activities that seek to support and facilitate the work of institutions whose activity contributes to education, youth development and social inclusion. During 2025, we donated more than 90% of Span's equipment that was no longer meeting our internal standards, but is still completely functional, so we found a way to extend its lifecycle and help the community. Computers and associated equipment will continue to be used as a valuable tool for learning, creativity and connection in the hands of students, teachers and volunteers. We thereby also actively reduce waste and promote the reuse of equipment, extending its lifecycle in a sustainable way.

3.6. Span for the community

Span contributes to positive changes in society by organizing already traditional humanitarian activities. One of them was initiated and carried out by the member of our Management Board, Mihaela Trbojević, together with Mali zmaj, an association which helps improve the quality of life of children from vulnerable families.

112
113

Good Deeds Day, which aims to raise awareness of the importance of doing something good for the community every day, was celebrated this year with two humanitarian activities of collecting clothes and other necessities for socially disadvantaged groups in cooperation with B.a.b.e. Association and Osijek Voluntary Club. In addition, two humanitarian blood donations were also organized, attracting more and more new donors each year.

In cooperation with the Volunteers' Center Zagreb, another volunteering action was organized. After two years dedicated to the furnishing of nursing homes, this year we focused on the youth—we furnished the living room and hallway of the Trnoružica Kindergarten in Zagreb. Through joint work of our employees, we created a more comfortable, warm and stimulating area for children and kindergarten teachers, proving that even slight changes can have a great impact on everyday life of the youngest members of the community.

3.7. Global partnerships and development of sustainability competences

Span has been a member of UN Global Compact and Croatian Business Council for Sustainable Development since 2023. Taking part in international and national initiatives that promote sustainable development is an important part of Span's approach to sustainable operation.

As part of ongoing efforts to strengthen the competences in the area of sustainability and the development of internal professional capacities, Span Group's employees participated in a number of professional training programs in 2025. Colleagues from ESG and Environmental Protection Department participated in Climate Ambition Accelerator program under the auspices of UN Global

span Heroes

Compact, months-long global training program aimed at the integration of climate objectives with business strategies. At the same time, Span's HR and ESG team continued to systematically strengthen the knowledge and competences related to children's rights. In this context, another UNICEF's CSR Academy was completed successfully.

Also, employees of the ESG, Legal and HR departments participated in a professional internal workshop on human rights in business environment of Croatian Business Council for Sustainable Development, with an emphasis on legislative framework, examples of violations and the protection of children's and human rights. Within #EUD-iversityMonth initiative, two internal workshops for the management were organized, and they focused on recognizing unconscious bias and strengthening inclusion.

More information about activities concerning human rights and inclusion can be found in Chapter 6 – Sustainability Report.

3.8. Span Heroes – recognizing values in practice

For the sixth year in a row, Span Heroes program has continued to recognize employees who embody the core values of the company with their work and behaviour. For 2025, the recognition system is further streamlined and oriented toward Span's brand values: ahead of time, care, honesty and transparency. The program covered two categories: Span Heroes for employees who continuously embody Span's values, and Cross Team Heroes for those who connect teams and foster cooperation within the company as a whole. In the last voting phase, employees selected 21 Span heroes, thereby further highlighting the importance of the culture of recognition, community and mutual respect.

Key indicators for employees and operations of Span Group

116
117

1) Overview of number of employees over years

2) Share of employees by country

Croatia 88.5%
Slovenia 2.9%
Ukraine 4.8%
Other 3.8%

3) Overview of employees by business segment

Software Asset Management and Licensing Infrastructure Services, Cloud & Cyber Security
Service Center Management and Technical support
Software and Business Solution Development
Managerial and Corporate Functions

4) Age structure of employees

5) Average age of Span Group employees
6) Average work experience

7) Gender structure of Span Group employees

8) Share of women in managerial positions

What we would like to especially point out is the share of women in managerial positions. Thus, 25.8% of managerial positions at Span are performed by women 27.1% at Span.d.j, and 6 women were promoted or employed in a managerial role in 2025.

9) Employee structure according to the degree of education

High school 253 (27.2%)
Bachelor's degree 260 (28.0%)
Master's degree 413 (44.6%)
Doctoral degree 2 (0.2%)

10) Share of certified employees

number of certified employees
number of passed certifications

11) Employee turnover

Processes and technology

5.1. ISO standards

We started 2025 with eight certified management systems compliant with the ISO standards:

ISO 9001 – Quality management system (QMS)
ISO/IEC 27001 – Information security management system (ISMS)
ISO/IEC 20000 – IT services management system (SMS)
ISO 14001 – Environmental management system (EMS)
ISO 50001 – Energy management system (EnMS)
ISO 37001 – Anti-bribery management system (ABMS)
ISO 22301 – Business continuity management system (BCMS)
ISO/IEC 42001 – Artificial intelligence management system (AIMS).

In January 2025, we successfully completed a recertification audit for the anti-bribery management system according to ISO 37001. At the beginning of March, we successfully performed an external control audit for ISO 9001 (Quality management system) and transitioned to a more recent version of ISO/IEC 27001 (Information security management system).

In March, we additionally successfully carried out a control audit for the business continuity system according to ISO 22301, which is a very important progress in supporting our key business processes. In September, we performed a control audit for the artificial intelligence management system according to ISO/IEC 42001 standard. We continue to maintain the existing management systems and implement new ones. We finished the year with eight certificates:

ISO 9001 (Quality management): Maintaining the strong system of quality management since 2006, we continue to maintain and improve our dedication to providing exceptional products/services, ensuring satisfaction of customers and continuous improvement.

ISO 27001 (Information security management): Since 2011, our information security management practices have developed, complying with the latest standards so as to ensure integrity, reliability and availability of data. This experience will help us comply with the NIS2 Directive in the following years, and we are developing competencies for assisting our customers in the adjustment.

ISO 20000 (Service management system): With the certificate obtained in 2012, our service management practice has consistently met the international standards, ensuring the effective delivery of services.

ISO 14001 (Environmental management) and ISO 50001 (Energy management): Obtained in 2021, these certifications emphasize our commitment to environmentally sustainable practice and energy effectiveness, contributing to a greener future.

ISO 37001 (Anti-bribery management): Implemented in 2022, this certification strengthens our dedication to operations in an ethical and transparent manner, preventing bribery and corruption. In line with ISO 14001 and ISO 50001, this system significantly helps us comply with the ESG initiative, one of a few strong regulatory guidelines in the next few years.

ISO 22301 (Business continuity management): We successfully implemented and certified this system in early 2023. Our business continuity management system ensures resilience to disruptions, preserving key business processes and trust of the customers.

ISO 42001 (Artificial intelligence management): We were the first in Croatia to be certified for the ISO/IEC 42001 standard, an international standard that defines the requirements for an artificial intelligence management system. The standard is based on best practices that ensure the ethical, safe and effective use of AI technologies. Through certification, Span confirmed owning the processes and resources enabling the management of the entire life cycle of AI solutions – from development to implementation and monitoring.

Implementation of ISO 31000 Recommendations: Span has been implementing and perfecting the ISO 31000 Recommendations since 2022, improving the risk management practices. This integration ensures a proactive approach to recognition, assessment and mitigation of risks in all business functions. By adopting these systems, we have enabled:

Risk and opportunity management
Improving the quality of our products/services
Better organization of internal processes
Adequate protection of information in accordance with their sensitivity

Managing the environmental impact and energy efficiency
Compliance with best global practices
Independent proof of the strategic focus on the structure of our processes.

As we are always strongly committed to excellence, the proactive maintenance of our management systems reflects our orientation to continuous improvement, ensuring the highest standards of quality, security, responsibility to the environment and total operational resilience.

5.2. Partnerships

In 2025, Span retained all six Solutions Partner for Microsoft Cloud statuses, thus confirming high level of expertise and reliability in delivering solutions on Microsoft platform. Together with advanced specializations, these statuses require continuous delivery quality controls, expert certifications and measuring the performance of solution delivery, thereby ensuring the quality and security of end solutions to our customers. In 2025, Span renewed the existing 12 advanced specializations and acquired two new ones in the area of artificial intelligence, namely Microsoft Copilot Specialization and AI Platform on Microsoft Azure Specialization, further strengthening its focus on AI and cyber security, and on acceleration of business productivity in customers. In line with the responsible development and implementation of AI solutions, Span was also one of the first ones in the region to introduce the ISO/IEC 42001 (AI Management), in addition to existing certificates in the area of quality, security, continuity and services, thus ensuring an additional level of trust and compliance to customers. In 2025, Microsoft recognised Span as Partner of the Year in three markets—Croatia, Slovenia and Ukraine. These achievements are the result of proven efficiency in the delivery of Microsoft technologies and successful AI projects.

In the past period, Span signed new contracts and established new partnerships with renowned cyber security companies, thereby further reinforcing the efforts in the protection against cyber attacks and the delivery of innovative solutions for the protection of critical infrastructure and information systems.

Span retained the Hewlett Packard Enterprise (HPE) Gold Partner status throughout 2025, which once again confirmed the extreme dedication and excellence of the company in the area of hybrid cloud and tested quality products and services of the IT infrastructure.

Span remains the Aruba Gold Partner, and this status proves our expertise in the area of network and security solutions. This status is the result of successful execution of complex projects that require profound technical knowledge, high level of expertise and the ability to implement advanced technologies in demanding business environments.

Furthermore, following the exceptional business results, Span also acquired the Veeam Gold Partner status in 2025, which highlighted our efficiency in the delivery of advanced solutions for the secure data storage and system recovery.

These recognitions and partnerships are a reflection of our continuous dedication to providing premium technologies and solutions that help companies tackle challenges around modern business environment, with a particular focus on innovations, security, and optimization of business processes.

5.3. Code of Business Conduct

Span is one of the leading Croatian IT companies. We have devoted more than 30 years to software development, and service and system integration. Our work is guided by

the principles and standards mentioned in the Code of Business Conduct, which we adhere to in all our interactions with customers, partners, employees and the wider public. We have achieved our position on the market based on solid professional and ethical foundations, and are resolved to make all future business decisions in accordance with all legal requirements and moral principles. We, therefore, expect all our employees and partners to commit to honest business practices and behaviour in accordance with our core values.

We are growing according to all business parameters year after year - Span Group is currently employing over 900 people and is constantly increasing that number. 496 of our employees have been awarded one or more professional certificates. Thus, the Code of Business Conduct is an expression of Span values that reflects the principles and policies that govern our business, and provides concrete guidelines for employee and partner behaviour. We believe that

strong corporate governance requires transparency and trust of all stakeholders. Therefore, our governance principles, in addition to compliance with rules and regulations, emphasize the need for socially responsible business conduct and the application of our core values in relationships with partners, employees, and customers.

Our Code applies to Span and all its subsidiaries (Span Group), all our employees and business partners, including customers, suppliers, consultants, external associates, shareholders and other business partners appropriately associated with Span in accordance with local legal requirements and regulations.

Sustainability Report

128

6.1. General information (ESRS 2)

List of the Disclosure Requirements complied with in the Sustainability Report of Span Group

ESRS 2 - General information
BP-1 - General basis for preparation of the sustainability statement	130
BP-2 - Disclosures in relation to specific circumstances	131
GOV-1 - The role of the administrative, management and supervisory bodies	132
GOV-2 - Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies	135
GOV-3 - Integration of sustainability related performance in incentive schemes	135
GOV-4 - Statement on due diligence	136
GOV-5 - Risk management and internal controls over sustainability reporting	136
SBM-1 - Strategy, business model and value chain	136
SBM-2 - Interests and views of stakeholders	139
SBM-3 - Material impacts, risks and opportunities and their interaction with strategy and business model	141
IRO-1 - Description of the process to identify and assess material impacts, risks and opportunities	151
ESRS 2 IRO -1 E3 - Description of the process to identify and assess material impacts, risks and opportunities related to climate change	153
ESRS 2 IRO -1 E2, E3, E4, E5 - Description of the processes to identify and assess material impacts, risks and opportunities related to pollution, water and marine resources, biodiversity and ecosystems, resource use and circular economy	159
ESRS 2 IRO -1 E2, E3, E4, E5 - 154	166
IRO-2 - Disclosure requirements in ESRS covered by the undertaking's sustainability statement	130
---	---
MDR-P - Policies adopted to manage material sustainability matters	Included in disclosures related to policies in the thematic standards
MDR-A - Actions and resources in relation to material sustainability matters	Included in disclosures related to policies in the thematic standards
MDR-M - Metrics in relation to material sustainability matters	Included in disclosures related to policies in the thematic standards
MDR-T - Tracking effectiveness of policies and actions through targets	Included in disclosures related to policies in the thematic standards
Environmental information
ESRS E1 - Climate change
---	---
EU Taxonomy Disclosures	155
EI-1 - Transition plan for climate change mitigation	161
EI-2 - Policies related to climate change mitigation and adaptation	161
EI-3 - Actions and resources in relation to climate change policies	161
EI-4 - Targets related to climate change mitigation and adaptation	163
EI-5 - Energy consumption and mix	165
EI-6 - Gross Scopes 1, 2, 3 and Total GHG emissions	166
Social information
ESRS S1 - Own workforce
---	---
SI-1 - Policies related to own workforce	174
SI-2 - Processes for engaging with own workers and workers' representatives about impacts	177
SI-3 - Processes to remediate negative impacts and channels for own workers to raise concerns	178
SI-4 - Taking action on material impacts on own workforce, and approaches to mitigating material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions	181
SI-5 - Targets related to managing material impacts, advancing positive impacts, as well as to risks and opportunities	186
SI-6 - Characteristics of the Undertaking's Employees	190
SI-9 - Diversity metrics	192
SI-16 - Remuneration metrics (pay gap and total remuneration)	192
SI-17 - Incidents, complaints and severe human rights impacts	193
ESRS S3 - Community - Entity-specific disclosures
S3-1 - Policies related to affected communities	194
S3-4 - Taking action on material impacts, and approaches to mitigating material risks and pursuing material opportunities related to affected communities, and effectiveness of those actions and approaches
S3-5 - Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities
ESRS S4 - Consumers and end-users
---	---
S4-1 - Policies related to consumers and end-users	198
S4-2 - Processes for engaging with consumers and end-users about impacts	199
S4-3 - Processes to remediate negative impacts and channels for consumers and end-users to raise concerns	199
S4-4 - Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions	200
S4-5 - Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities	202
Governance information ESRS G1 - Business conduct
GI-1 - Business conduct policies and corporate culture	204
GI-2 - Management of relationships with suppliers	208
GI-3 - Prevention and detection of corruption and bribery	205
GI-4 - Confirmed incidents of corruption or bribery	205
GI-6 - Payment practices	208
G1 - Company-specific disclosures
Development of security solutions for cyber attacks	209
Appendix B
List of datapoints in cross-cutting and topical standards that derive from other EU legislation	212

129

130
131

IRO-2

Previous list includes disclosure requirements from ESRS-2 of the European Sustainability Reporting Standards (ESRS), and four topical standards that are material for Span Group and that steered the preparation of our Sustainability Report. The list can be used for easier retrieval of information relating to the specific disclosure requirement within the Sustainability Report. Datapoints that shall be disclosed, as well as the material information, are determined by the qualitative mapping based on thorough examination of identified impacts, risks and opportunities (IRO) at the level of content. Mapping is based on the criteria defined in point 31 of ESRS, and its detailed description can be found in Chapter IRO-1 on page 151. After the comprehensive examination of our business activities and locations, we assessed the topical standards ESRS E2 – Pollution, ESRS E3 – Water and marine resources, ESRS E4 – Biodiversity and ecosystems, ESRS E5 – Resource use and circular economy and ESRS S2 – Workers in the value chain as non-material.

BP-1 – General basis for preparation of sustainability reports

Sustainability Report of Span d.d. (Company/Span) and its subsidiaries (together: Group/Span Group) for 2025 has been prepared in accordance with the Act on Accounting (Official Gazette no. 85/24, 145/24, 151/25), and European Sustainability Reporting Standards (ESRS) under Corporate Sustainability Reporting Directive (CSRD). Also, the Group has included information from Article 8 of the Regulation (EU) 2020/852 (Taxonomy Regulation) in this report. Information required by the Taxonomy Regulation can be found in the topical part: Environmental information (page 155). Sustainability Report is drawn up on a consolidated basis. The scope of consolidation is the same as for the financial statements. Number of subsidiaries included in the consolidation can be found in Note 20.1 of the Company's annual financial report. Report has been prepared at the level of Span Group for the financial year concluded on 31 December 2025. Information provided relates exclusively to Span and to Span Group and, where applicable, its value chain and business relations. No subsidiaries were exempted from consolidated sustainability reporting pursuant to Article 29.a of Directive 2013/34/EU.

Sustainability Report includes information on the material impacts, risks and opportunities connected with the undertaking through its direct and indirect business relationships in the upstream and/or downstream value chain, which is the result of double materiality assessment (DMA) in 2024. While preparing the report, we considered the expectations of our stakeholders. We also included their passive involvement by analyzing publicly available information, such as sectoral analyses and existing sustainability reports of our business partners. This allowed us to account for impacts from upstream and downstream value chains and ensure we address the issues most important to them. The 2024 double materiality assessment remains valid in 2025 by the decision of the Management Board, given that the changes within Group in 2025 didn't at all impact the materiality of topics, nor was the revision of assessment required. No relevant information was exempted for reasons related to confidential and sensitive information, as well as information about intellectual property, knowledge and experience or innovation performance.

BP-2 – Disclosures in relation to specific circumstances

In our consolidated 2025 Sustainability Report, we adopted the same time intervals as defined in ESRS 1. To calculate Scope 3 GHG emissions related to our suppliers and customers we used indirect sources such as average industrial emission factors; they are therefore subject to high uncertainty of calculation (> 50%). To calculate those emissions, generic emission factors from relevant emission factors databases were applied, such as: Croatian emission factors database, ADEME, Exiobase, DEFRA, etc. More details can be found in the topical part: Environmental information, greenhouse gas emissions (E1-6). In the future, we hope to obtain emission factors for goods purchased from suppliers, make agreements with all the transport companies to submit the information on quantity of fuel used for the transport of goods and capital goods, obtain specific emission factors for waste categories from waste disposal companies, and increase turnout in the survey concerning employees' means of arrival to work. There are no changes in approach, methodology or compilation process of this disclosed data with respect to the prior reporting period.

Certain topics which are elaborated in this report, and which include disclosures related to the future are subject to risks and uncertainties. Such disclosures have no guarantees, and future activities and developments may significantly differ from those described or implied.

The Group uses the possibility of phased-in disclosure requirements, in accordance with the provisions of Appendix C of the ESRS guidelines. List of datapoints in cross-cutting and topical standards that derive from other EU legislation, as well as the appropriate application of this possibility of phase-in is shown in the table on page 212 (Appendix B of the ESRS guidelines).

List of disclosures incorporated by reference

Disclosure Requirement	Incorporated by reference to
BP 1 The consolidation scope is the same as in the financial statements	Note 20.1 of the annual financial statements
G1 ESRS 2 G0V.1 Sa Detailed information on the composition and functioning of the Management Board and the Supervisory Board	1.2.4.3. Corporate governance structure
G0V 1 Information on the experience of the members relevant to the sectors, products and geographical locations	1.2.4.3. Corporate governance structure
SEM 1 Description of significant product groups offered and the markets in which the company operates	Chapter 1.3. Business overview
G0V 1 Risk management and internal controls over sustainability reporting	2.4.3. Business risks

132
133

GOV-1 The role of the administrative, management and supervisory bodies

The composition and diversity of the administrative, management and supervisory bodies

		Broj
The number of executive members (Management Board)		4
The number of non-executive members (Supervisory Board and subcommittees)		II
Members of the undertaking's administrative, management and supervisory authorities	Percentage (%)	The Board's gender diversity
Female	53.33%
Male	46.67%	50% F, 50% M
Other*	0
*Gender as specified by the employees themselves
		Percentage (%)
Independent members of the supervisory bodies		90.90

The roles and responsibilities of the management bodies with regard to sustainability matters

Role of the Management Board

The Management Board of Span primarily operates on the principles of transparency, efficiency, clearly defined roles and responsibilities, and established supervisory mechanisms, whereby taking care of sustainability as an integral part of strategic and operational decision-making. Such framework of governance directly impacts the reduction of negative and strengthening of positive impacts of Company's operation. By systematically managing conflicts of interest, clearly delineating the responsibilities and applying control mechanisms, the risk of corruption and bribery is reduced, and unethical and non-transparent practices that may have a materially adverse effect on the Company are avoided.

By applying the principles of independence, transparency and the prohibition of the conflict of interest in making the decisions on cooperation and contracting jobs, the Management Board contributes to the reduction of

negative impacts related to irregular practices, favoritism or non-transparent choice of the partner, particularly in the area of supplier management. By reinforcing the integrity of procurement processes and responsibly managing the relationships with suppliers, business decisions are ensured to be based on objective, measurable and sustainable criteria, thereby increasing the positive impact on the Company and its stakeholders. At the same time, the Management Board manages business independently, without any dependency on other bodies, while obliged to act in the best interest of the Company.

The efficiency of ESG organizational processes is being monitored systematically within the responsibility of the Management Board. The Management Board is responsible for the implementation of Policy of Assessment of Span's influence on the Environment and Community, and it is also responsible for monitoring material impacts, risks and opportunities related to sustainability, as well as for their integration into strategic management and business decision-making. Likewise, it is responsible for monitoring impacts, risks and opportunities for the entire Span Group.

In 2025, the Management Board adopted new ESG strategy and defined 11 key, measurable objectives that guide the implementation of ESG priorities and enable systematic monitoring of progress. The Management Board will regularly assess the achievement of set objectives, identify any deviations and, where appropriate, suggest corrective measures or strategic adaptations. It also coordinates the division of responsibilities and monitors the implementation of activities related to the management of impacts, risks and opportunities in the area of sustainability.

When it comes to sustainability, no member of the Management Board is a certified expert in this area, but member of the Management Board in charge of finances is responsible for the implementation of sustainability related activities. As part of her role, she regularly participates in weekly working meetings dedicated to ESG matters, where current activities, risks and regulatory requirements are being considered. She also continuously participates in expert training by taking part in relevant courses, conferences and specialized programs in the area of sustainability and ESG, to monitor best practices and regulatory changes.

Role of the Supervisory Board

Responsibilities of the Supervisory Board are defined in the Articles of Association, the Rules of Procedure of the Supervisory Board and the Policy of managing conflict of interest, thus establishing a clear framework for its supervisory function in the area of corporate governance and sustainability. The Supervisory Board supervises the defining, implementation and periodic audit of the ESG strategy, including the achievement of set objectives and management of actual and potential impacts, risks and opportunities.

Within its competence, the Supervisory Board gives its consent to decisions of the Management Board when provided for by the relevant rules, assesses their alignment with the long-term strategy and stakeholders' interests, and ensures additional control over key business and sustainable decisions. It thereby contributes to the reduction of risk of making decisions that may produce materially negative financial, governance or reputational impacts.

By collaborating with auditors and supervising the internal control systems, it ensures reliability and transparency of both financial and non-financial information. By giving the prior consent to the Policy of managing conflict of interest, it further strengthens mechanisms to prevent corruption, bribery and other irregularities.

The Supervisory Board supervises the implementation of Policy of Assessment of Span's Influence on the Environment and Community and Management of Associated Risks, ensuring that the identified negative impacts are mitigated, and positive impacts strategically reinforced. Members of the Supervisory Board act with great care in the interest of the Company and its stakeholders, with a strict prohibition of competition and consistent application of rules on preventing a conflict of interest. The Supervisory Board may organize meetings with external stakeholders to better understand the matters important to the Company, thus contributing to transparency, dialogue and responsible supervision of the implementation of ESG strategy.

Role of the Audit Committee

As part of its supervisory role in sustainability, the Audit Committee monitors the effectiveness of the internal control and risk management systems, including procedures for approving and disclosing transactions between members of the Management Board, the Supervisory Board, and the Company. At least once a year, the Committee assesses the quality of these systems to identify the main risks the Company faces, including those that could have a material negative impact on society, the environment, and stakeholders.

This assessment makes it possible to manage risks transparently, reduce negative impacts and reinforce positive impacts through responsible planning and monitoring, whereby the Audit Committee contributes to long-term resilience and sustainability of Company's operation.

Role of the Nomination and Remuneration Committee

The Nomination and Remuneration Committee actively supervises management processes that impact the sustainability, diversity and long-term resilience of the Company by establishing the independence of members of the Supervisory Board and by at least once a year assessing the composition, size, membership and quality of work of the Supervisory Board and Management Board, giving recommendations to the Supervisory Board for optimizing the management structure and efficiency. It prepares the succession plan for re-appointment or change of members of the Supervisory Board and Management Board, monitors the progress in achieving target percentage of female members of the Management Board and Supervisory Board, and contributes to strengthening diversity and inclusiveness at the highest decision-making levels.

The Committee also considers the Management Board's policy on recruitment of senior management and gives recommendations in relation to the remuneration policy for members of the Management Board and Supervisory Board. The Committee supervises the amount and structure of remuneration for the senior management and employees as a whole, it gives recommendations to the Management Board concerning the remuneration policies, and it supervises the draw up of obligatory annual remuneration report for the approval of the Supervisory Board, ensuring the transparency and integrity of the remuneration process.

The Committee thus contributes to reduction of risks of unethical or non-transparent practices in management processes,

strengthening of stakeholders' trust, fostering diversity and inclusiveness, and long-term sustainability and resilience of the Company.

The set targets, administrative, management and supervisory bodies, as well as relevant directors will monitor the established targets related to material impacts, risks and opportunities. They will monitor progress in achieving those targets at the monthly meetings of the senior management, and through reports of the ESG and Environmental Protection Department, which shall be submitted to the Management Board at least once a year.

ESG and Environmental Protection Department

The Management Board established the ESG and Environmental Protection Department (hereinafter: ESG Department) that deals with development and coordination of the implementation of ESG strategy of Span Group, planning, leading and supervising ESG initiatives and projects, organizing and managing teams involved in ESG activities, drawing up and supervising ESG reports for internal and external stakeholders, as well as monitoring and analyzing new statutory and regulatory requirements in the ESG area and ensuring compliance. ESG Department also works with different departments to integrate ESG standards into business processes and strategy. It also organizes training sessions, workshops, and campaigns to raise employee awareness of ESG matters, and communicates with external stakeholders, including partners, customers, auditors, and regulatory bodies.

ESG Department prepares guidelines and develops internal policies related to ESG. Person responsible for the management of the ESG Department reports to the member of the Management Board in charge of finances about the status of the activity on weekly meetings.

Sustainable Development Working Group

To ensure consistent, coordinated and comprehensive approach to management of sustainability, there is a cross-functional Sustainable Development Working Group at Span, composed of representatives of key organizational units. The working group plays an important role in the integration of ESG objectives into business processes, data exchange and expert insights, identification of relevant risks and opportunities, as well as gathering information for internal and external reporting, including non-financial statement. Based on their competence and operational focus, organizational units monitor relevant Key Performance Indicators (KPIs) and ensure accurate and timely data that supports informed decision-making at the level of the Management. The results and progress in the implementation of ESG objectives and measures are regularly consolidated through a system of internal monitoring and external reporting.

GOV-2 - Information provided to and sustainability matters addressed by the organization's administrative, management and supervisory bodies

The Management Board of Span has a crucial responsibility when it comes to monitoring impacts, risks and opportunities related to sustainability, and it ensures their integration into strategic planning and business decision-making. In 2025, the Management Board considered the results of the conducted double materiality assessment and made the decision that identified material impacts, risks and opportunities remain unchanged, thereby confirming their relevance for Company's operation.

Based on those findings, the Management Board adopted the ESG strategy that defines priority areas of action and establishes management mechanisms for identified impacts, risks and opportunities. At the same time, 11 measurable ESG objectives and

corresponding KPIs that are directly related to material topics were defined. Strategy, objectives and the implementation plan were presented to the Supervisory Board.

Starting from 2026, the Management Board will regularly monitor the progress in achieving the objectives and KPIs through structured reporting, conduct a formal estimation of the achievement of objectives at least twice a year and, where appropriate, adopt corrective measures and adapt priorities.

GOV-3 - Integration of sustainability-related performance in incentive schemes and ESRS E1 - ESRS 2, GOV-3

Span has the Remuneration Policy related to sustainability factors in place that is publicly available on the Company's website. Annual bonus of the Management Board as a means of rewarding the work performance of the Management Board is based on the achievement of financial and non-financial targets for the specific business year. In 2025, variable remuneration of the members of the Management Board was formally connected to pre-defined ESG indicators. The said policy is adopted by the General Assembly after the proposal of the Supervisory Board of the Company.

As one of the key governance objectives for 2025, the Management Board was mandated to develop and adopt the ESG strategy based on the results of the double materiality assessment. This objective accounted for 15% of variable remuneration of the members of the Management Board. It was achieved in full by adopting the ESG strategy and defining 11 measurable ESG objectives and corresponding performance indicators, thus laying the foundation for systematic management of impacts, risks and opportunities related to sustainability.

Climate change considerations are currently not included in remuneration of the members

of administrative bodies. Same responses apply to the remuneration report of the members of the Management Board and Supervisory Board as they apply to the Remuneration Policy.

GOV-4 – Statement on due diligence

Pursuant to the requirements of the ESRS, Span Group initiated the implementation of the due diligence processes related to ESG matters. In 2024, through double materiality assessment we applied OECD Guidelines as a framework for assessing and managing risks and impacts within our value chain. Given the high level of uncertainty related to the available information, especially from our suppliers and partners, we relied on external sources and relevant analyses to ensure necessary due diligence in the process. In the next two years, we plan on implementing a formalized due diligence process in accordance with the international standards and guidelines to enhance our ability of monitoring and managing ESG risks and opportunities in the value chain.

The following table shows how and where the most important aspects and steps of the due diligence process were taken into account in the Sustainability Report.

An overview of key aspects and steps of the due diligence process in the Sustainability Report

Core elements of due diligence	Paragraphs in the Sustainability Report
Embedding due diligence in governance, strategy and business model	ESRS 2 GOV-2, ESRS 2 GOV-3, ESRS 2 GOV-5 ESRS 2 SRM-3
Engaging with affected stakeholders in all key steps of the due diligence	SRM-2 SI-1
Identifying and assessing adverse impacts	IRO-1, EI- IRO 1 SI-3, SA 3 GS 2
Taking actions to address those adverse impacts	EI-3 SI-4, SA 4 GS 1, GS 3
Tracking the effectiveness of these efforts and communicating	EI-4 SI-5 SA 5 GS 3

GOV-5 – Risk management and internal controls over sustainability reporting

Span has implemented and actively maintains the corporate risk management systems that is completely aligned with the recommendations of the ISO 21001. The system encompasses the assessment of strategic, tactical and operational risks in all key business domains. In 2025, the system was further improved by including three new risks identified through double materiality process. A more detailed overview of the risk management system can be found in chapter 2.4. – Risks. In addition to regular weekly reporting to the member of the Management Board in charge of finances on sustainability-related matters, the representative of the Management Board for risk management reports to the Management Board and Supervisory Board on the status of the risk management system and on all the material changes and findings at least once a year, or more often, as appropriate.

SBM-1 – Strategy, business model and value chain

At the end of 2025, the Company, at the level of Span Group, adopted a new ESG strategy representing the basis for the future integration of sustainability into business model and strategic management. In line with the ESRS requirements, the strategy stems from significant products and services of the Group and their connection to material impacts, risks and opportunities. In this process, the Company recognized two strategic areas of Span Group – cloud and cyber security – as key areas that are capable of having a positive impact on the environment and community. These areas are integrated into the ESG strategy through clearly defined objectives and expected outcomes aligned with business priorities and long-term sustainability, thus contributing to reducing emissions, increasing energy efficiency and strengthening

digital resilience of small- and medium-sized enterprises, as well as knowledge sharing through partnerships with the education and non-profit sectors.

Sustainability-related risks and opportunities, including European Union regulatory requirements, market expectations and transitional climate risks, are expected to shape the further adaptations of business and investment approach over the medium- and long-term. The strategy and the business model are continuously adjusted through the integration of ESG objectives into decision-making, monitoring performance by way of defined indicators (KPIs), improvement of internal

policies and procedures, and strengthening the management function in terms of environment and sustainability. Starting from 2026, the Management Board will regularly monitor the progress through structured reporting and conduct a formal estimation of the achievement of objectives twice a year, as well as implement corrective measures and adapt the priorities to ensure long-term resilience and compliance with regulatory and strategic sustainability requirements.

An overview of key activities in Span's value chain is shown in the diagram, as well as geographic areas in which Span operates.

SBM-2 - Interests and views of stakeholders

Key stakeholder		Method of engagement		Purpose and outcome of engagement
Customer	+	-Year-round dialogue through sales, marketing and customer support teams - Collaboration with customers on product development and responding to customers' questions about sustainability through questionnaires - Compliance with the Corporate Governance Code of the Zagreb Stock Exchange	+	-Enhancing customer satisfaction and improving products and services offered - Protection of personal data of customers - Protection of business information related to customer and/or its employees and business partners - Business continuity maintained
Employees	+	-The role of employee representative on the Supervisory Board acts as the voice of employees at management level. - Regular assessment of the work environment is a key tool for understanding actual and potential impacts on the workforce	+	-Attractive employment and career opportunities - Skills, talent and experience building - Promoting diversity, equality, inclusion and sense of belonging - Creating an environment where employees are engaged and feel a strong sense of belonging
Suppliers and partners	+	-Regular quality reviews, audits, surveys and collaborations	+	-Fulfillment of obligations towards suppliers in accordance with negotiated contract terms - Reliability, financial stability and business continuity - Protection of sensitive information of suppliers, outsourcing partners and other business partners and customers - Protection of personal data of suppliers - Business continuity maintained
Investors	+	-Year-round dialogue through a global program of events and meetings for investor relations - Regular engagement with analysts - Annual shareholders' meeting	+	-Equal treatment of all shareholders so they can access the Company and fully participate in the funeral Assembly - Protection of data and business secret - Protection of personal data of shareholders - Business continuity maintained
Communities	+	-Various programs supporting our communities worldwide	+	-Availability of our products and services where needed - Engagement of our employees in the community

140
141

Span Group actively cooperates with key stakeholders to ensure that the strategy and the business model reflect their interest and expectations. Double materiality assessment is the fundamental tool that we use to listen to our stakeholders, and it helps us create long-term value. Span Group conducted a detailed double materiality assessment in 2024. During the analysis, feedback and views of the relevant external stakeholders on impacts, risks and opportunities were taken into account.

The Company included internal and external stakeholders in the materiality assessment. Internal stakeholders, as representatives of their organizational units and subject matter experts, participated through online surveys and focus workshops conducted with the support of external consultants, and they evaluated 11 material topics according to the significance and severity of the impact, likelihood of their occurrence and performance in their management. External stakeholders are involved through value chain mapping, benchmark and publicly available ESG information analysis, as well as through interviews and focus groups with key suppliers, users and other relevant partners. Collected insights are submitted to the Management Board and used in strategic decision-making, development of services and solutions, with reporting on sustainability topics on a regular basis.

In 2025, an internal audit of the relevance of the results was carried out, and it was established that there were no significant

changes in the business model, operation or environment of the Group that may have an impact on the identified material impacts, risks or opportunities, so there was no need for a formal audit of the assessment.

ESRS 2 SBM-2, S1 – Employees

Employees are crucial for providing 24/7 services of service management, technical support and cyber security, whereby work intensity may impact the working conditions and work-life balance. Their views are systematically collected through work climate analyses, anonymous digital channels and regular communication, and obtained insights are used to adjust working practices and improve working conditions. In addition, employees are represented in the management structure by the employees' representative in the Supervisory Board, so as to ensure the perspective of workforce is included in strategic decision-making.

ESRS 2 SBM-2, S3 – Community

The Company cooperates with educational institutions and non-profit organizations through knowledge sharing, professional workshops and digital solutions development, thus contributing to the strengthening of digital competences and operational efficiency of the community. These activities support the long-term availability of professional staff, foster innovation and build the reputation of the Company, and needs of the community are taken into account when planning relevant initiatives.

ESRS 2 SBM-2, S4 – Customers

Customers are at the core of the business model, and their requests and feedback are collected through continuous communication, surveys and customer support, and used to adapt and develop services. The Company ensures high standards of data protection, cyber security and regulatory compliance, thus protecting the rights of customers and reinforcing the trust in digital solutions it provides.

SBM-3 – Material impacts, risks and opportunities and their interaction with strategy and business model

In the course of DMA, we identified and assessed a total of 41 impacts, and 30 risks and opportunities. As the result of double materiality assessment, we identified a total of 19 material impacts, risks and opportunities (IRO) – 11 material impacts, and 8 material risks and opportunities. Given the fact that Span Group does desk job only, no specific impacts on economy, society and environment by specific location were identified. Therefore, we don't have impacts defined for a specific subsidiary, but solely for the Group.

Span Group conducted a qualitative analysis of identified impacts, risks and opportunities through double materiality. Financial effects were assessed in respect of the assumed

impacts on operations, i.e. potential financial impacts in case of complete suspension of the possibility to provide service. The analysis included the estimate of costs of three-day key process stoppage, taking into account potential days of inability to work, loss of key customers, decline in trust, loss of reputation and impact on the quality of service.

In 2025, no actual financial effects deriving from identified risks and opportunities were recorded, and expected financial effects of material risks and opportunities on financial position, financial performance and cash flows over the short-, medium- and long-term were not systematically assessed. We plan on updating the existing qualitative assessment with a quantitative analysis of financial effects of key ESG risks in the next two years, thus further reinforcing the ability to manage and report on the resilience of the strategy of Span Group.

Adopted in 2025, our ESG strategy was developed in response to identified material impacts, risks and opportunities, and represents the framework for their systematic management. The strategy includes activities, measures and objectives that contribute to the resilience of business model, enable proactive management of negative impacts and risks and making the most out of opportunities.

SBM-3 E1 Environment

		Location in the value chain			Time horizon		Implications for the strategy and its resilience
Sustainability matters and related IROs	UK/O	Upstream	Downstream	More stream	Short term	Medium term	Long term
EI - Climate change mitigation Negative impact	1. GHG emissions from Scopes 1,2 and 3	X	X	X		X	The reduction of greenhouse gas emissions is integrated into the ESG strategy, and the Group has adopted an implementation plan for the related measures. The reduction of Scope 1 and Scope 2 emissions is guided by medium term targets, while efforts to reduce Scope 3 greenhouse gas emissions will be pursued over the long term.
Scope 1 emissions, generated directly from sources owned or controlled by the Group; contribute to climate change by increasing atmospheric CO2 levels. Scope 2 emissions, arising from purchased electricity, heat or steam, further increase the company's carbon footprint, depending on the energy mix. The most significant impact comes from Scope 3 emissions, which include indirect emissions across the entire value chain, such as those from suppliers, product use and transportation.	2. Energy consumption
EI - Climate change mitigation Positive impact	Sector specific (cloud solutions)		X	X	X		This positive impact is integrated into our ESG strategy, where cloud solutions represent a strategic focus area with defined targets aimed at reducing environmental footprint, fostering innovation, and strengthening the long term competitiveness of the Span Group.
Cloud services have been identified as a key opportunity that positively influences our business model and value chain, as they enable a reduction of our own emissions through infrastructure consolidation and improved energy efficiency, while also helping customers reduce their indirect emissions by transitioning to more optimized, secure and sustainable IT environments.
EI - Climate change adaptation Risk Physical climate related risks (e.g. extreme heat, storms, flooding) could affect Span's cloud infrastructure, data center availability, service continuity and supply chain, causing potential business disruptions, material damage and increased operational costs. As a provider of business critical IT services, these risks could adversely impact operations and undermine customer trust.	Physical risks related to climate change	X	X			X	The Company continuously monitors these risks and evaluates potential mitigation measures, including business continuity plans within the Business Continuity Management (BCM) system, as well as infrastructure adaptations aimed at reducing the impact of extreme weather events. Additionally, during 2020 the Group will conduct a climate risk assessment and an evaluation of the resilience of its strategy. If the analysis indicates an increasing level of risk, it will be incorporated into the ESG strategy in the future.

In 2026, the Group plans on conducting a detailed analysis of climate risks and resilience to climate risks. This will include physical climate risks assessment by significant assets/location, and reassessment of transitional risks. Also, the resilience of business model to identified risks in relation to climate scenarios will be analyzed taking into consideration the likelihood, magnitude and duration, as well as the geospatial coordinates specific for our locations and supply chains.

As part of the Business Continuity Plan, Span analyzed the risk of fire and flooding and the resilience of business model to climate changes for the first time in 2022. These risks can seriously jeopardize network infrastructure and business continuity, especially if they occur in central locations

in Zagreb. More information about this can be found in the topical part Environmental information, IRO-1 - Climate change. In 2024, analysis of value chain resilience was conducted through a sectoral analysis of 15 of Span's key customers and suppliers and and their vulnerability in terms of transition to low-carbon economy. Except for publicly available information (sustainability reports), Span does not possess detailed information from the suppliers, which is a challenging factor in the assessment of total vulnerability. Span Group did not establish critical assumptions and analyses related to transition to a lower-carbon and resilient economy until now. In the following period, a channel for obtaining more accurate information from the suppliers will be set in place, and financial analysis was qualitative.

SBM-3 Si Own workforce

		Location in the value chain	Time horizon	Implications for the strategy and its resilience
Sustainability matters and related IROs	UK/O	Upstream	Downstream	Downstream
SI - Equal treatment and equal opportunities for all Negative impact	Non-compliance with human rights, discrimination and inequality	X	X	Although Span promotes equal treatment and equal opportunities, structural challenges within the IT industry and specific company circumstances may still limit equal opportunities, particularly for women and early career employees. This may affect employee satisfaction, motivation and performance. Span continuously implements initiatives related to diversity, inclusive hiring and career development, yet the possibility of inequality in specific situations may still exist.
A lack of equal treatment and opportunities for all-invoicing age, gender, culture), including equal pay for equal work, may negatively impact employee satisfaction and performance. Span has implemented a structured pay framework, but the potential for pay inequality may still exist in specific circumstances.
SI - Working conditions - work-life balance Negative impact	Imbalance between work and private life (burnout, stress, mental health)	X	X	Shift work and night work, extended and overtime working hours, and high demands in stressful situations may negatively affect employees' mental health, their overall satisfaction, and their work-life balance. Span implements measures such as monitoring overtime hours and resource planning to mitigate these impacts and maintain business continuity.
Inadequate management of working hours and rest periods may have negative impacts on employees and their mental health. This impact is particularly evident among employees working in shifts and night work.
SI - Other employment related rights - employee privacy Negative impact	Employee data privacy	X	X	The Company has integrated this negative impact into its ESG strategy by defining targets and measures aimed at strengthening the data protection system, ensuring continuous employee training, and enhancing technical and organizational controls, in order to reduce the risk of personal data breaches and preserve the resilience of the business model.
A significant impact on employees arises from the connection between Span's strategy and business model and the management of personal data. As a provider of IT services and solutions involving data processing, we have a key responsibility to ensure ongoing compliance with GSPB, data protection and prevention of privacy breaches.
SI - Working conditions - secure employment Risk	Loss of key personnel	X	X	The loss of key personnel in strategic positions directly affects business continuity, operational efficiency and the ability to execute strategic initiatives. Span integrates this risk into its ESG strategy through the development and implementation of succession plans, leadership development programs and the monitoring of critical roles, thereby ensuring company stability, the preservation of knowledge and competencies, and long term business resilience and competitiveness.
The loss of key personnel in strategic positions may disrupt operations, hinder strategic initiatives and weaken organizational capabilities, leading to reduced productivity, morale and innovation within the organization.
		Location in the value chain	Time horizon	Implications for the strategy and its resilience
---	---	---	---	---
Sustainability matters and related IROs	UK/O	Upstream	Downstream	Downstream
SI - Equal treatment and opportunities for all - diversity Opportunity Promoting equal opportunities to enhance diversity and inclusion of women, which can lead to higher employee retention and increased employee satisfaction.	Diversity and inclusive employment with equal opportunities	X	X	Promoting equal opportunities and inclusiveness, particularly for women in the IT sector, strategically contributes to Span's resilience and long term success. Through initiatives such as career development, training programs, internal mobility, and participation in STEM and Girls in ICT initiatives, Span strengthens employee engagement and retention, reduces dependence on external recruitment, and ensures the stability of key competencies. This approach simultaneously supports a positive organizational culture, increases employee satisfaction, and contributes to sustainable competitiveness in a dynamic IT environment.
SI - Equal treatment and opportunities for all - training and skills development Opportunity	Training and education for corporate employees	X	X	Continuous career development and employee training strengthen competencies and engagement, reduce the risk of turnover and loss of critical knowledge, support an inclusive and diverse culture, and contribute to the long term resilience and competitiveness of the company.
Opportunities for professional growth (e.g., career development plans and skills enhancement opportunities) can increase morale, leading to higher employee satisfaction, lower turnover, and reduced organizational costs associated with retraining new employees.
SI - Equal treatment and opportunities for all - training and skills development Opportunity	Internal filling of open positions	X	X	Internal filling of positions and continuous development of employee skills strengthen engagement and loyalty, reduce turnover and loss of knowledge, foster an inclusive and diverse culture, and contribute to the organization's operational efficiency and long term resilience.
Internal filling of open positions within the organization gives employees a sense of belonging and signals that they have further opportunities to develop their skills, leading to increased employee satisfaction, reduced turnover and, consequently, lower organizational costs for acquiring and training new employees.
SI - Company specific Risk Acquisitions and the environment in which we operate (the IT industry) are highly dynamic, which makes change management a very important topic. It brings challenges related to employee resistance due to changes in ways of working.	Employee resistance in implementing measures	X	X	Span manages change systematically through employee involvement, competency development and strengthening an inclusive culture, thereby reducing resistance to change, ensuring business continuity and, in the long term, enhancing operational efficiency, organizational resilience and the ability to deliver strategic initiatives in a dynamic IT environment.

Through double materiality assessment, Span identified material actual and potential impacts, risks and opportunities related to own workforce that derive from the business model of the Company as a provider of technological and managed IT services, heavily dependent on knowledge, expertise and engagement of employees. People represent a crucial factor in creating value, and quality and stability of the workforce directly impact the operational efficiency, service quality, customer satisfaction and long-term business resilience.

As one of the key positive impacts and opportunities, Span recognizes promoting equal treatment and opportunities for all employees, including the principle of equal pay for equal work. This approach is formalized in the Diversity and Inclusion Policy, Code of Business Conduct and other internal acts. Lack of equal opportunities and inclusion may negatively impact the satisfaction of employees, their work performance and organizational culture.

An additional opportunity arises from continuous investment in career development, training, certifications and internal employee mobility, thus strengthening the competencies, engagement and talent retention and reducing dependency on external recruitment, which contributes to the resilience and competitiveness of the Company in the long run.

On the other hand, a potential negative impact was identified and it related to the organization of work, including extended

working hours, overtime and shift work. Continuous availability of service 24/7 requires some of the teams to work in shifts, including night shifts, which in periods of increased demand can lead to more frequent overtime and increase the risk of employee fatigue, disrupted work-life balance and turnover. Managing the work load, monitoring overtime and adequate planning of resources are among the key measures for mitigating these impacts.

When it comes to risks, Span recognizes the risk related to business continuity and talent management. Loss of key experts, although rare, may lead to knowledge loss, delays in project delivery and increased recruitment costs, which is why it is considered a material financial and operational risk. Moreover, organizational changes in a dynamic IT environment may increase the risk of turnover, disrupting employer reputation and reduced efficiency, which is why efficient management of changes and employee engagement are integrated into strategic priorities and the broader ESG strategy of the Company.

By ongoing reinforcement of inclusive culture, development of competencies and systematic management of workforce-related risks, Span aims to reduce negative impacts on employees, and maximize positive contributions to the organization and the community at the same time.

Own workforce of the Span Group comprises full-time employees, as well as people employed on the basis of student contracts and fixed-term employment contracts. Within defined workforce, Span identified specific employee groups that may be exposed to increased risk of negative impacts, given the characteristics of the IT industry, organization of work and market circumstances.

One such group are women in the IT industry. Women are usually under-represented in the IT sector, which is further exacerbated by the limited number of skilled female candidates on the labor market. While the proportion of women in the IT sector remains low, data from publicly available statistics of the Croatian Bureau of Statistics and data of some of the engineering faculties point to a long-term trend of increase of the proportion of women in IT education. While at engineering faculties such as FER the proportion of women is only around 25% (16.91% in 2008), at interdisciplinary studies such as FOI it amounts to as high as 50%, with a visible growth at faculties such as FERIT. It is expected that this positive trend will gradually reflect on the increased availability of skilled female candidates on the labor market and contribute to the increase in the proportion of women within Span d.d., as well. The above mentioned structural challenges may make it difficult to achieve gender equality, in terms of equal representation of women at certain technical and management positions. Span is aware of the said risks and carries out initiatives focused on promoting diversity, inclusive employment and development of female experts in IT. As part of promoting STEM and enhancing the presence of women

in ICT, Span also participates in activities that foster the interest of girls in IT careers, including the participation of female employees in educational and promotional events, such as Girls in ICT initiative, where the aim is to inspire young people to choose a STEM occupation through personal experience and knowledge exchange.

Employees at the beginning of their career may be exposed to increased risks, especially those working in technical support and in Security Operations Center (SOC) that work in shifts in order to ensure continuous availability of service 24/7, 365 days a year. Such positions often include night work, increased exposure to stressful situations and need for ongoing learning and adapting, which may negatively impact the work-life balance and mental health of employees. Work-life imbalance in this area of business represents a systematic challenge due to nature of work.

Furthermore, Span recognizes the risk related to key personnel retention, particularly in the context of underdeveloped succession plans for certain key positions. Negative impacts such as increased stress, sense of uncertainty in terms of professional development and long-term work-life imbalance may encourage key employees to leave, which as a result may have an adverse impact on the business continuity and financial stability of the Company.

146
147

SBM-3 - S3- Community

		Location in the value chain	Time horizon	Implications for the strategy and its resilience
Sustainability matters and related IROs	UK/O	Upstream	Downstream	Medium term
S3 - Company specific - Partnership with educational institutions and enhancement of digital competencies Positive impact Span builds partnerships with educational institutions and thereby has a positive impact on the local and wider community. Span also provides opportunities for education and the enhancement of digital competencies for children in schools.	Partnership with educational institutions and enhancement of digital competencies	X	X	Span integrates social impact into its ESG strategy through partnerships with educational institutions and by educating high school and university students in the field of digital competencies. In this way, it contributes to strengthening the local community, enhancing the company's reputation, and improving the resilience of its strategy to social and reputational risks.

As a company specializing in infrastructure services, cloud solutions, cyber security, technical support and software development, we aspire to pass our knowledge and experience on future experts. Our employees regularly take part in lectures, workshops and

coaching programs, sharing their expertise in key technological areas, including infrastructure, service management, cloud technology, cyber security and software development, thereby enhancing the digital competencies of the community.

SBM-3 - S4- End users

		Location in the value chain	Time horizon	Implications for the strategy and its resilience
Sustainability matters and related IROs	UK/O	Upstream	Downstream	Medium term
S4 - Impacts related to information provided to consumers and/or end users - privacy Negative impact	Information privacy breach	X	X	The Company has integrated this negative impact into its ESG strategy by defining targets and measures aimed at strengthening the data protection system, ensuring continuous employee training, and enhancing technical and organizational controls, in order to reduce the risk of personal data breaches and preserve the resilience of the business model.

A significant impact on customers arises from the connection between Span's strategy and business model and the management of personal data. As we provide IT services and solutions that involve data processing, ensuring continuous GDPR compliance, data protection and the prevention of privacy breaches to one of our key responsibilities. Unauthorized access to or disclosure of data may lead to identity theft, financial losses and a sense of insecurity among customers, which directly affects the adaptation of our strategy and business model.

Users of our digital services may be subject to negative impacts related to personal data privacy and protection, i.e. they depend on accurate and available information in order to prevent potentially harmful use, and the impact is related to individual cases. Span continuously improves technical and organizational protection measures with advanced security mechanisms, data protection policies and employee training. Business activities include a compliance monitoring system and proactive measures of responsible data management, thus reducing the risk of adverse impacts. Development of security solutions for tackling cyber attacks was recognized as a material opportunity in terms of the protection of personal data of our users. More details can be found in chapter 1.3.1. Description of the operation and main activities, and in the topical part Governance information - company-specific: Development of security

solutions for tackling cyber attacks. Our material impact relates to all the subjects whose data Span may access.

Span Group does not have products inherently harmful to people, products that increase risks for chronic disease, products that particularly impact the children or financially vulnerable individuals. When assessing the materiality of impacts on users, we did not identify specific user groups with particular characteristics that may be at greater risk of harm compared to other users. Our products and services do not target specific vulnerable user groups, and data management processes are equally rigorous for all users, regardless of their age, location or other specifics.

SMB 5 - G1 Management

		Location in the value chain		Time horizon	Implications for the strategy and its resilience
Sustainability matters and related IROs	I/RO	Opelmann	Own operations	Short term	Medium term
GI - Management of supplier relationshipsPositive impactA positive impact on suppliers is achieved through the consistent application of agreed payment terms and transparent communication, contributing to the financial stability of suppliers, particularly small and medium sized enterprises, thereby strengthening the resilience and sustainability of the value chain.	Supplier relationship management, including payment practices	X	X	X	Responsible supplier management and timely settlement of obligations increase the stability of the value chain and thereby directly contribute to the resilience of the Company's business model and strategy. The Company has incorporated a targeted value related to this impact into its ESG strategy to ensure continued adherence to agreed contractual terms.
GI - Supplier selectionNegative impactIf a company does not take social and environmental criteria into account when selecting its suppliers, it may inadvertently support uncontainable and unethical practices. This can lead to negative environmental and social impacts and undermine the long term sustainability of the business.	Poor supplier management	X	X	X	Span recognizes the risk of negative impact arising from uncontainable or unethical supplier practices and has integrated this risk into its ESG strategy. Although a specific target is still being defined, this approach will enhance the resilience of the strategy by reducing social and environmental risks within the supply chain.
GI - Corruption and bribery - prevention and detectionNegative impactA lack of effective measures for preventing and detecting corruption and bribery may result in unethical behavior within the organization. This can undermine the organizational culture and create an unfair working environment for employees.	Lack of effective measures - bribery and corruption	X	X	X	Span has identified the risk of potential negative impact in cases of unethical behavior and corruption within the organization and has integrated it into its ESG strategy. By setting a measurable target for the prevention and detection of corruption, Span strengthens the resilience of its business strategy, ensuring a fair and safe working environment for all employees and supports the long term sustainability of the business.
GI - Cyber security solutions - Company specificOpportunityThe increased demand for cybersecurity solutions and services creates an opportunity to offer innovative solutions and a potential return on investment.	Cyber security solutions	X	X	X	Span's long standing experience in responding to security incidents, implementing security solutions and providing cybersecurity training enables the Company to contribute its expertise and capabilities towards strengthening the resilience of the most vulnerable market participants. In doing so, we improve the security posture not only of our customers but also of the entire digital value chains in which Span operates.

IRO-1 - Description of the process to identify and assess material impacts, risks and opportunities

We developed a comprehensive methodology of double materiality assessment for the Group, based on regulatory requirements of the CSRD and ESRS. This methodology allows us to identify and prioritize key sustainability topics over four phases: understanding, identification, assessment and consolidation.

In the understanding phase, we defined the scope of the reporting, mapped the value chain, and identified relevant sustainability topics through benchmark analysis and a review of previous materiality assessments. This analysis includes taking into account external sources, such as sectoral reports and suppliers' data, involvement of stakeholders through focus groups, as well as internal insights of Span's key departments.
In the identification phase, we identified potential and actual impacts, risks and opportunities (IRO) within own operations and the entire value chain. Internal and external stakeholders were involved in order to ensure the integrity of analysis, and contextual factors, such as IT industry specifics were further taken into account.
In the assessment phase, we assessed the identified impacts, risks and opportunities based on clearly defined criteria: severity, scale, scope and likelihood for impacts, and financial effect for risks and opportunities. Assessment process is supported by the rating mechanisms (from 1 to 5) that ensure objectivity and consistency. In this phase, the results were verified through consultations with internal experts.
In the consolidation phase, we consolidated and analysed assessment results in accordance with set thresholds of materiality (3.5 of 5). Topics that require managing and reporting were defined based on that, in accordance with the ESRS.

Impact materiality:

The first dimension of double materiality is the impact materiality ("inside-out" perspective). According to EFRAG (European Financial Reporting Advisory Group) standards, a topic is material from the following perspective: "when it pertains to the organization's material actual or potential, positive or negative impacts on people or the environment". It is defined as "impacts in relation to environmental, social and governance factors".

For this part of the analysis, impacts in relation to environmental, social and governance factors were identified in discussions with key internal stakeholders, through research and active and passive involvement of external stakeholders from the value chain through interviews, as well as through benchmark analysis. The analysis aims to identify cause/ effect relationships between Span's practices and its value chain, as well as its impact on society or the environment.

Firstly, topics were contextualized in order to explain why they are relevant to Span and its value chain. Next, impacts of each topic on society or the environment were described. Finally, impacts were classified as prescribed in ESRS 1. (point 43). In the identification process, it was taken into account whether an impact:

is actual or potential
is negative or positive on people or the environment
occurs over the short-, medium- or long-term, covering all affected stakeholders (own operations and upstream and downstream value chain).

Span's assessment process focuses on identifying key risk factors related to business, entire value chain (including own business, suppliers and customers) and geographical areas. Looking at inherent impacts, and on the basis of Span's sector (IT industry), we

assumed that the impacts deriving from Span's business are negative. Along with negative impacts, we identified several positive impacts.

Negative impacts are prioritized under severity (scale, scope, irremediable character) and likelihood criteria. Identification comprises short-, medium- or long-term impacts on people or the environment, including own business and the entire value chain. Positive impacts are also prioritized, but the emphasis is placed on their relative scale, scope and long-term benefit.

Financial materiality

The second dimension of double materiality is the financial materiality ("outside-in" perspective). According to EFRAG standards, a topic is material from the following perspective: "If it triggers material financial effects on the organization".

Span approaches the assessment of risks and opportunities with financial effects through an integrated model that connects business impacts and value chain dependencies with potential risks and opportunities. Through value chain mapping, Span identifies key business aspects that may have financial effects, including direct (e.g. increase of energy costs) and indirect ones (e.g. reputational risks related to suppliers and customers). Analysis of dependencies includes an assessment of the dependency of business model on key resources (human, technological or natural), and how potential disruptions related to availability of those resources can impact the business. Connection of impacts and dependencies with the risks and opportunities is further considered through benchmark analysis and sectoral data, thus ensuring the comparison with competitors and industry standards. In addition, consultations with stakeholders

(internal and external) provide additional insights into potential opportunities arising from sustainability, such as implementation of new technologies or entry into markets with increased sustainability requirements.

The analysis aims to establish how risks and opportunities (e.g. legal, reputational, operational, financial, as proposed in ESRS 1 AR 13.) related to topics identified in the short list can impact Span's activities over short-, medium- and long-term. Financial assessment of risks or opportunities is drawn up through the assessment of scale, likelihood and impact on long-term performance of topic on Span, and it sums up main sustainability related risks and opportunities.

Since ESRS does not specify range of scores, we decided to define thresholds of materiality:

3.0 for materiality of actual impacts (1 to 5 on severity scale);
3.5 for materiality of potential impacts (1 to 5 on a scale with likelihood dimension);
3.5 for financial materiality (on a 1 to 5 scale).

Impacts, risks and opportunities below these thresholds of materiality are not considered significant enough to be defined as material (ESRS 1, point 31.). Different thresholds of materiality for the impact assessment are the result of assessment methodology in order to ensure that actual impacts have greater significance with respect to potential impacts.

Scale of the assessment comprises financial effect of risks or opportunities on key business metrics (e.g. revenue, costs, operational activities). Threshold of materiality for financial statements was taken as a starting point when determining the material financial effect threshold, and it was subsequently adapted for the short- and long-term period and estimated financial effect the Group may sustain due to negative effect of risks, but also positive effect of opportunities. Assessment combines quantitative analyses

(e.g. assessments of financial effect) with qualitative insights (e.g. feedback from stakeholders and internal experts). This process allows for clear understanding of priorities among identified risks and opportunities. The process was developed in order to ensure that disclosed information faithfully reflects organization's impact on sustainability and its exposure to risks and opportunities that may significantly impact the business model, strategy and financial results.

Administrative, management and supervisory bodies are notified about the views and interests of the stakeholders concerning sustainability through reports and during meetings of the Management Board. Decision-making process is done by way of a structured framework in which roles and responsibilities of key participants are clearly defined. Team Manager for ESG Department and Sustainability Working Group are in charge of the analysis and gathering material for materiality assessment, which is then presented to the Management Board and senior management. In 2025, we completely integrated ESG risks into risk management processes of the organization.

IRO-1 - Climate change

At the level of Span Group, an analysis of activities and plans was conducted in order to identify actual and potential impacts on climate change by way of calculating GHG Scope 1, 2 and 3 emissions in own operations and in the entire value chain for 2024. Those results are applied as starting point for future comparison of emissions. This process includes an analysis of emissions that are directly related to our business (Scope 1), emissions from the consumption of purchased electricity (Scope 2), and emissions that occur in the value chain (Scope 3). More detailed information can be found in the topical part Environmental Information - E6. Also, drivers of other impacts related to climate change

were identified, such as energy consumption. This analysis enabled us to develop a target for medium-term reduction of emissions by 2029 and to improve energy efficiency.

When identifying and assessing material impacts, risks and opportunities related to climate change, we identified the following material impacts:

a) Climate change mitigation (GHG emissions - Scope 1, 2 and 3):

We assess GHG emissions that are directly related to our business (Scope 1 and 2), and they largely derive from the energy consumption for the purpose of company vehicles, air conditioning and heating, and electricity for offices. Moreover, we analyse Scope 3 emissions in the supply chain (upstream and downstream) and focus on transport, product use and other activities related to value chain. We analyse the impact of our largest suppliers as well.

b) Energy consumption:

We analyse the total energy consumption, and focus on the consumption of electricity in the IT industry for the purpose of equipment operation, cooling, heating, ventilation and air conditioning.

c) Sector specific impacts (cloud solutions):

Transition to cloud solutions reduces the use of individual servers, thus reducing total energy consumption and GHG emissions. Also, redesign of system architecture includes replacing platform resources, such as virtual servers, with more efficient resources that are automatically scaled depending on their load, or using newer types of resources that perform better with fewer emissions.

In addition, a risk for the business model was identified and recognized in sub-topic:

d) Climate change adaptation:

This risk concerns inability of exercising core

154
155

business activities due to network infrastructure problems caused by the climate change consequences, such as acute hazards related to climate (e.g. flooding and fire).

In 2026, the Group plans on conducting a detailed analysis of all climate risks and resilience to climate risks. This will include assessment of all physical climate risks by significant assets/location, and a more detailed reassessment of transitional risks. First assessment of physical climate risks for critical infrastructure we manage, and for buildings that we own and operate was conducted in 2022, but only in terms of fires, flooding and earthquake. The assessment was conducted within the certification process for ISO 22301 (Business continuity management), a standard we were certified for in April 2023. We did not identify major hazards in the short-term in daily operational activities, except for fires, flooding and earthquake. These physical risks can seriously jeopardize business continuity or even cause disruption of services, especially if they occur in central locations in Zagreb. IT manager and CISO were consulted, with IT director being in charge of the risk. Business Continuity Plan was indicated as an initial control process, and risk treatment plan was created. Activity proposed was reconfiguration of network resources to support functioning of only one location in Zagreb. Performance measure of the plan was a successfully carried out exercise of relocating Service Desk to Savska, and SOC to a location in Koturaška street. We continue to monitor and analyse business impacts and risks. Testing of existing recovery procedures has proved to be successful. In case of changes of architecture and functionalities, we will repeat the testing as appropriate, but for now we focus on potential new risks and recovery procedures as a result of their analysis.

We identified key transition events, such as regulatory changes (measures of the

Croatian Government), market pressure for reducing emissions and technological innovations. At this moment, we did not identify transition risks as material.

IRO-1 – Business conduct

In the process of identifying material impacts, risks and opportunities related to business conduct, we focused on Span's existing good practices. We analysed our business conduct by way of comparison with other organizations and interviews with internal experts, taking into account relationships with customers by all means. As a result of this assessment, anti-corruption and management of relationships with suppliers, including payment practices were highlighted as core matters. Opportunity for developing security solutions to combat cyber attacks was also recognized.

6.2. Environmental information (E1)

Disclosures pursuant to Article 8 of the Regulation (EU) 2020/852 (Taxonomy Regulation)

Article 8 of the Regulation (EU) 2020/852 (Taxonomy Regulation) is a classification scheme of environmentally sustainable economic activities and a vital tool for achieving the strategic goals of the European Green Deal. In its 2025 report, Span Group discloses the proportions of environmentally sustainable economic activities aligned with the taxonomy related to the first two taxonomy objectives: (1) climate change mitigation and (2) climate change adaptation; taxonomy-eligible activities related to all six taxonomy objectives and taxonomy-non-eligible activities in its turnover, capital expenditure (CapEx), and operational expenditure (OpEx).

In calculating the key indicators, we used the following interpretations: taxonomy-eligible economic activities are those described in the delegated acts supplementing the Taxonomy Regulation, regardless of whether they meet any or all of the technical screening criteria established in the delegated acts. Taxonomy-aligned economic activities meet the criterion of significant contribution to one or more environmental objectives; do not cause significant harm to any of the environmental objectives; are conducted in compliance

with minimum safeguards; and comply with the technical screening criteria in the delegated acts supplementing the taxonomy. A taxonomy-unaligible economic activity is any economic activity not described in the delegated acts supplementing the Taxonomy Regulation. Key indicators for reporting according to the Taxonomy Regulation (taxonomy KPI) include turnover taxonomy KPI, CapEx taxonomy KPI and OpEx taxonomy KPI, and they are calculated separately for eligibility and compliance.

Eligibility analysis

The proportion of taxonomy-eligible economic activities in our turnover is calculated as the share of turnover derived from products and services related to taxonomy-eligible economic activities (numerator) divided by total turnover (denominator) for the reporting year 2025. The numerator of the turnover taxonomy KPI is defined as the revenue generated from products and services related to the taxonomy-eligible economic activity from the section Computer programming, consultancy, and related activities.

The CapEx KPI for eligibility is defined as the ratio of taxonomy-eligible capital expenditures (numerator) and total capital expenditures for the reporting year. Capital

expenditures include the acquisition/commissioning of new fixed assets, capitalized internal software development, and capitalized long-term leases. In this segment, we compared the activities with taxonomy-eligible economic activities. We identified the internal development of software solutions, ownership of vehicles, and ownership and use of property, as described in the sections Computer programming, consultancy, and related activities, Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings.

The OpEx KPI for eligibility is defined as the ratio of total taxonomy-eligible operating expenditures (numerator) and total operating expenditures (denominator) in the reporting year. According to the taxonomy, total operating expenditures consist of direct non-capitalized costs related to research and development, building renovation measures, short-term leases, maintenance and repairs, and all other direct expenses related to the day-to-day servicing of property, plant, and equipment. In our case, this includes costs for the maintenance of the Group's business premises, maintenance and car rentals related to sections Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings.

Analysing the business in accordance with the Taxonomy Regulation, we identified that our only taxonomy-eligible turnover falls under the section Computer programming, consultancy, and related activities, pertaining to IT services. The total turnover generated from taxonomy-eligible IT services in 2025 amounted to EUR 60,409 thousand, or 26% (in 2024: EUR 51,031 thousand, or 28%), and the capital expenditures related to internal development costs associated with these services amounted to EUR 181 thousand, or 3% (in 2024: EUR 544 thousand (15%)).

Considering that the Taxonomy Regulation is not limited to activities related to our core

business, we recognized taxonomy-eligible activities in our capital expenditures and operating expenses under the sections Transport by motorcycles, passenger cars and light commercial vehicles, and Acquisition and ownership of buildings. Capital expenditures related to the Transport by motorcycles, passenger cars and light commercial vehicles activity include car purchases in 2025, and amounted to EUR 875 thousand (14%) (in 2024: EUR 464 thousand (13%)), while the operating expenses amounted to total of EUR 380 thousand (42%) (in 2024: EUR 611 thousand (52%)), including car maintenance and rental costs. In the reporting period, the taxonomy activity Acquisition and ownership of buildings, specifically the right-of-use assets accounted for 65% (in 2024: 53%) of total capital expenditures (EUR 4,080 thousand, in 2024: EUR 1,947 thousand) and 35% (in 2024: 19%) of total operating expenses (EUR 322 thousand, in 2024: EUR 227 thousand) for the maintenance and rental of right-of-use properties.

Alignment analysis

We subjected the identified eligible activities to a taxonomy alignment assessment. We followed the prescribed evaluation steps for taxonomy-eligible activities from sections Computer programming, consultancy and related activities, and Acquisition and ownership of buildings. Given that according to the Taxonomy Regulation both groups of activities can contribute to the taxonomy objective of climate change adaptation, we determined to what extent they contribute to this objective. For economic activities related to Transport by motorcycles, passenger cars and light commercial vehicles, we examined whether they significantly contribute to climate change mitigation. Next, we verified whether these activities met the technical screening criteria for doing no significant harm to other taxonomy objectives and checked their alignment. Finally, we ensured that we met the minimum safeguards in their implementation, in alignment with the OECD Guidelines for

Multinational Enterprises and the UN Guiding Principles on Business and Human Rights, including the principles and rights set out in the eight core conventions defined in the ILO Declaration on Fundamental Principles and Rights at Work and the International Bill of Human Rights.

A prerequisite for determining that an economic activity contributes to the goal of climate change adaptation for recognized taxonomy-eligible IT services and property is conducting a process of analysis and assessment of physical climate risks. The first evaluation of physical climate risks for the critical infrastructure we manage and for buildings we own and operate was carried out in 2022 as part of the ISO 22301 Business Continuity Management certification process (for which we received the certification in April 2023).

The carried out assessment included a limited number of physical climate risks. The assessment was not carried out using location-based climate projections and impact assessments, considering the latest scientific advancements in sensitivity and risk analysis and related methodologies in line with the latest reports from the Intergovernmental Panel on Climate Change. In 2026, we will conduct a comprehensive physical climate risk assessment that includes climate projections based on various climate scenarios for all our locations, but we cannot assert that our activities are aligned with this technical screening criterion. In 2025, we invested EUR 416 thousand (in 2024: EUR 29 thousand) in new vehicles that meet the criteria for emissions from light vehicles and road vehicle tires. These are new cars that comply with the recyclability criteria and will be given back by the Group to the leasing company at the end of the lease period.

Span's Code of Business Conduct outlines the values and ethical principles we rely on in our operations. At Span, we respect

the fundamental human rights defined in the United Nations Universal Declaration of Human Rights and internationally recognized principles and guidelines. As an employer, Span is committed to working in accordance with the International Labour Organization's Declaration on Fundamental Principles and Rights at Work. In 2025, we conducted an assessment of our potential and actual adverse impacts on the environment and society, including human rights, and did not encounter any cases of human rights violations. We will continue to strengthen our responsible policies and practices regarding human rights protection by examining the impacts of our activities across our entire value chain.

Taxonomy-aligned economic activities constitute 7% (in 2024: 1%) of our capital expenditures and 3% (in 2024: 1%) of our operating expenditures.

158
159

Turnover

Economic activities	Substantial Contribution Criteria							IPH00 criteria (Share Not Significantly Rural)							Investment activity
	125 R1	%	TencNec/E	TencNec/E	TencNec/E	TencNec/E	TencNec/E	TencNec/E	TencNec	TencNec	TencNec	TencNec	TencNec	TencNec	%	E	T
TAXONOMY ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (Taxonomy, aligned)
Turnover of environmentally sustainable activities (Taxonomy, aligned) (A.2)	0.04	0.00%	0.00%	0.00%	0.00%	0.00%	0.00%	0.04%	No	No	No	No	No	No	%	0.00%
A.2 Taxonomy: Eligible but not environmentally sustainable activities (not Taxonomy, aligned) (A.3)
B.2. Computer programming, resembassy and related activities	0.2	68,600,020.00	28.2%													28.32%
Turnover of Taxonomy eligible but not environmentally sustainable activities (not Taxonomy, aligned) (A.4)		68,600,020.00	28.2%													28.32%
Total (A.4 - B)		68,600,020.00	28.2%													28.32%
B. TAXONOMY NON ELIGIBLE ACTIVITIES
Turnover of Taxonomy non-eligible activities		191,432,948.00	72.03%
Total turnover (A-B)		299,808,751.70	100.00%

Capital expenditure

Economic activities	Substantial Contribution Criteria							IPH00 criteria (Share Not Significantly Rural)							Investment activity
	125 R1	%	TencNec/E	TencNec/E	TencNec/E	TencNec/E	TencNec/E	TencNec/E	TencNec	TencNec	TencNec	TencNec	TencNec	TencNec	%	E	T
A. TAXONOMY ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (Taxonomy, aligned)
B.2. Transport by marketplace, passenger cars and light commercial vehicles	0.3	482,500.00	0.02%	0.02%	0.00%	0.00%	0.00%	0.00%	0.00%	No	Yes	No	Yes	Yes	%	0.70%
Capital expenditure of environmentally sustainable activities (Taxonomy, aligned) (A.2)		482,500.00	0.02%	0.02%	0.00%	0.00%	0.00%	0.00%	0.00%							0.70%
A.2 Taxonomy: Eligible but not environmentally sustainable activities (not Taxonomy, aligned) (A.3)
B.3. Transport by marketplace, passenger cars and light commercial vehicles	0.3	875,050.00	0.00%													52.32%
T2. Acquisition and ownership of buildings	77	4,000,020.07	87.24%													52.72%
B.3. Computer programming, resembassy and related activities	0.2	80,205.00	2.54%													0.48%
Capital expenditure of Taxonomy eligible but not environmentally sustainable activities (not Taxonomy, aligned) (A.4)		5,655,910.00	82.54%													70.52%
Total (A.4 - B)		5,532,770.40	80.59%													80.54%
B. TAXONOMY NON ELIGIBLE ACTIVITIES
Capital expenditure of Taxonomy non-eligible activities (A.2)		1,08,564.50	37.88%
Total capital expenditure (A-B)		6,253,872.33	100.00%

160
161

The Company is working on the development of plans for the alignment of capital expenditures, operating expenditures and turnover with the criteria defined in Commission Delegated Regulation (EU) 2021/2139.

E1 Climate change

E1-1 - Transition plan for climate change mitigation

Currently, there is no transition plan for climate change mitigation at the level of Span Group. The Company will continue with the monitoring of regulatory requirements and industrial-technological progress, and the possibility of development of a transition plan will be considered according to those circumstances.

E1-2 - Policies related to climate change mitigation and adaptation

The Company adopted the Policy of environmental protection and climate change, energy efficiency and business continuity as an integral part of its Management system policy. This policy is aimed at the responsible management of environmental business aspects related to climate change and at the integration of climate risks into business planning, with a focus on climate change mitigation and energy efficiency in compliance with current legislation, international standards and strategic goals of the company. The policy applies to all locations, organizational units and business processes of Span, and to those parts of supply chain the undertaking may have an impact on. The Company's Management Board is responsible for the implementation of policy, and it ensure supervision, resources and strategic framework, while the operational implementation and monitoring are coordinated by designated functions at Span.

E1-3 - Actions and resources in relation to climate change policies

In 2025, key actions that Span Group plans to adopt for climate change mitigation, the reduction of Scope 1 and 2 emissions and the increase of energy efficiency by the end of 2029 were confirmed:

Replacement of existing company vehicles with plug-in hybrid or electric vehicles
Purchase of certificate of guarantee of origin for electricity (GoO)
Replacement of old server equipment with more efficient equipment
Launch of new business services in an energy efficient data center.

Replacement of existing company vehicles with plug-in hybrid or electric vehicles

This action is aimed at the reduction of direct GHG emissions (Scope 1) that derive from the use of company vehicles. It applies to vehicle fleet of the Span Group that is used for regular business activities of employees, across all geographical locations on which the under

taking operates, and the action covers only own operations. The expected outcome is a gradual reduction of fossil fuel consumption and $\mathrm{CO}{2}$ emissions, thereby directly contributing to the objective of emission reduction. The implementation of action is planned gradually, whereby each existing company vehicle will be replaced with a new plug-in hybrid or electric vehicle at the end of the leasing contract, with a view to completing the transition of vehicle fleet by October 2029. A reduction by approximately 20 tonnes of $\mathrm{CO}{2}$ is expected in case of use of equal number of company vehicles as in 2024.

The implementation of action plan includes significant capital and operating expenditures. An assessment of the cost of transition to plug-in hybrid and electric vehicles by October 2029 was carried out. Estimated undiscounted capital expenditure of the replacement of fleet with plug-in hybrid and electric vehicles by October 2029 amounts to EUR 200 thousand. Estimated operating expenditure by October 2029 stands at the same amount. The possibility of implementing the plan does not include specific preconditions.

Current financial resources are not material given that the action only started in the last quarter of 2025. Monetary expenditure for the implementation of the action plan can be directly linked to the Commission Delegated Regulation (EU) 2021/2178 because the action plan includes the eligible "Transport by motorcycles, passenger cars and light commercial vehicles" activity. Expenditures according to this action plan will be included in eligible (aligned/non-aligned) capital and operating expenditures.

Purchase of certificate of guarantee of origin for electricity (GoO)

Action concerns the reduction of indirect GHG emissions (Scope 2) related to the consumption of electricity in Group's operations. The expected outcome is the reduction of market emissions related to the consumption of electricity and the increase of share of energy from renewable sources. In the reporting year 2025 and by means of GoO certificate, the Company covered its total annual electricity consumption in the Republic of Croatia (all business locations, independent of geographical location) with energy from renewable sources in full. In the following period, an extension of this action to other subsidiaries that operate within the European Union is planned. Given the fact that Span mostly operates in rented offices spaces and has no own manufacturing plants, the possibilities for direct optimization and the reduction of energy consumption are limited. Nevertheless, Span remains committed to continuous improvement of energy efficiency within areas it controls. All the new offices that it opens, Span plans on locating in buildings that use electricity from renewable sources wherever possible and available on the market, including the possession of one of the available renewable energy certificates. Action contributes directly to objectives of climate change mitigation through decarbonising the energy mix, and the purchase of GoO certificate is planned as a continuous activity, with annual renewal. In 2025, emissions were reduced by 56.45 tonnes of $\mathrm{CO}{2}$ in the indirect emissions due to electricity consumption category with this action, and a total reduction by approximately 60 tonnes of $\mathrm{CO}{2}$ is expected by the end of 2029.

For the implementation of these key actions regular operational resources are assigned, and they do not represent a significant amount.

Replacement of old server equipment with more efficient equipment

This action is aimed at the increase of energy efficiency of IT infrastructure, and the reduction of electricity consumption in Company's own operations. It is implemented at the location in Zagreb, where the Company replaced old physical servers with 2 new physical servers. Anticipated annual savings of about 25,000 kWh is based on the reduction of energy consumption by data processing unit, which should also result in lower indirect GHG emissions (Scope 2). Since the shutting down of old servers was carried out at the end of 2025, it was still not possible to record a more significant impact on emissions in the reporting period. Action contributes to the objective of emission reduction by 2029 through technological optimization and more efficient resource management, and its implementation was limited solely to this location and this year.

Launch of new business services in an energy efficient data center

In 2025, Span set up an action to increase the usage of Sweden Central Azure region, one of the most energy efficient regions in Europe. Data centers there have PUE (Power Usage Effectiveness) of 1.172 and WUE (Water Usage Effectiveness) of 0.16 l/kWh. This data center is unique because 100% of the electricity used is recovered in renewable energy network, and all the water used for air humidifying during winter months comes from rainwater collected around data centers. In addition, diesel generators use Preem Evolution Diesel Plus fuel, produced from a minimum of 50% renewable materials and having at least 45% lower $\mathrm{CO}_{2}$ emissions compared to regular fuel.

In 2025, Span commissioned all of the new applications and resources in the Sweden Central region, and some of the existing applications were moved from other Azure regions. New applications are Data Platform, Personal Portal, Cloud FinOps, Cyber Security Arena Web, and moved applications are AI Connect and Personal Data Protector. As a result, the utilization of Sweden Central was significantly increased, from 32,770 in 2024, to 157,818 hours of processing power, disc space and data transfer, a measure for calculation of GHG emissions used by Microsoft. This means we increased the $\mathrm{CO}{2}$ emissions in the Sweden Central region from 0.098 mt$\mathrm{CO}{2}$e in 2024, to 0.358 mt$\mathrm{CO}_{2}$e in 2025.

E1-4 - Targets related to climate change mitigation and adaptation

Span Group established a measurable, time-limited GHG emissions reduction target, with a view to support the policy of climate change mitigation and decarbonization of business, and it responded to its material impacts, risks and opportunities.

Target:

Reduction of absolute Scope 1 and 2 GHG emissions by 22.5% by September 2029 from a 2024 baseline (market-based approach).

Target refers to the Span Group, covering all the business locations and operations, independent of geographical features and without including the value chain outside of own operations (Scope 3). At the same time, this target was defined as one of the key objectives within the Sustainability Linked Bond of the Span Group. The effectiveness of actions for the reduction of emissions and the achievement of this objective is monitored through a Key Performance Indicator (KPI):

Absolute Scope 1 and 2 GHG emissions (baseline of the market-based approach from the reference year 2024 amounts to 403.64 tCO₂e).

This KPI enables monitoring of the progress towards the objective of the reduction of emissions and the efficiency of implemented actions, including the replacement of company vehicles with plug-in hybrid and electric vehicles, purchase of the GoO certificate for electricity and the modernization of server equipment. At this moment, no formal intermediate target values are defined, and the progress is monitored annually. Also, the Group has still not adopted the targets for 2030, nor for 2050.

The target was defined through an internal process that involved the Management Board,

the ESG Department, the IT and cloud development teams, the Finance Department and operational functions related to energy consumption. Actions that directly support the achievement of this objective were also defined through cooperation of these stakeholders, ensuring that the target and operational activities are aligned and interconnected. The methodology for defining and monitoring of the target is based on the GHG (Greenhouse Gas) Protocol, with the implementation of Scope 2 market-based approach. Defined in accordance with the relevant European climate policies and long-term decarbonization objectives, while taking into account business model of the undertaking, which is based primarily on office and IT activities without manufacturing plants. The target is not formally validated as a science-based target (e.g. by way of initiatives such as SBTi).

Total progress towards the target is monitored annually by way of KPI: absolute GHG Scope 1 and 2 emissions (tCO₂e). Emissions in the amount of 338.72 tCO₂e were recorded in the reporting year, representing a reduction of 16.08% with respect to 2024 baseline. Since the target was defined for short-term period, and some of the actions were carried out only at the end of the reporting year, current results are considered aligned with the planned dynamic of the achievement of objective.

Cloud solutions and climate change (sector-specific topic)

Through its cloud services, Span Group contributes to climate change mitigation by helping customers to transition from individual on-premises server solutions to centralized and energy efficient cloud infrastructures. Such transition reduces the total energy consumption and GHG emissions related to IT infrastructure, while increasing business agility, reducing costs and shortening the time of entry of products and services on the market on global level at the same time.

For the purpose of managing material positive impacts related to climate change, Span established a measurable and time-limited target to ensure systematic integration of sustainability and emission reduction aspects into cloud solutions that it offers to its customers. The policy of climate change mitigation is thus further supported through reduction of carbon footprint of customers and fostering energy efficient IT solutions.

Target:

By the end of 2026, Span will include sustainability considerations related to cloud infrastructure efficiency and reduction of GHG emissions in 100% of cloud services offers and statements of work for data centers.

Target is determined based on the strategic assessment of the role of cloud solutions in the decarbonization of digital infrastructure, as well as the business opportunity of systematic integration of sustainability into commercial and contractual processes. It applies to Span's own activities and has an indirect, but material positive impact on the reduction of GHG emissions outside of own operations, enabling the customers to optimize energy consumption and reduce their environmental footprint. Geographical spread covers all the markets in which Span offers cloud services. Key internal stakeholders, including Span's Management Board, cloud and infrastructure senior director and ESG Department are involved in determining the target.

The effectiveness of the achievement of this objective is monitored through Key Performance Indicators:

Percentage of cloud services offers and SOWs that include a sustainability and emission reduction clause.

The calculation methodology is based on internal records of cloud offers and SOWs, and the verification of the integration of clauses that relate to cloud infrastructure sustainability, energy efficiency and GHG emissions reduction, and it is calculated as: number of cloud services offers and SOWs, multiplied by 100%. In the reference year 2025 the baseline is 0, given the fact that the objective was defined only at the end of 2025, and monitoring will start from 2026.

E1-5 - Energy consumption and mix

Information on energy consumption of Span Group for 2025 includes Scope 2 electricity and thermal energy, and natural gas and fuel for vehicles indicated in Scope 1 (whereby conversion factors for fuels are used).

Energy consumption and mix	Comparative 2024	2025
(I) Total energy consumption from fossil sources (MWh)	1,782.59	1,294.89
The share of energy from fossil sources in total energy consumption (%)	87%	62%
(II) Total energy consumption from nuclear sources (MWh)	0	0
The share of energy from nuclear sources in total energy consumption (%)	0	0
(3) Fuel consumption for renewable sources including biomass (also comprising industrial and municipal waste of biologic origin), biofuels, biogas, hydrogen from renewable sources (MWh)	0	0
(4) Consumption of purchased or acquired electricity, heat, steam, and cooling from renewable sources (MWh)	263.36	806.81
(5) Consumption of self-generated non-fuel renewable energy (MWh)	0	0
(6) Total energy consumption from renewable sources (MWh) calculated as the sum of rows 3 to 5	263.36	806.81
The share of energy from renewable sources in total energy consumption (%)	13%	38%
Total energy consumption (MWh) calculated as the sum of rows 1 and 6	2,045.95	2,101.70

GHG emissions of Span Group, market-based approach

E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions

For the purpose of reporting on GHG emissions and climate impacts management, Span applied the operational control approach, whereby all the locations and activities the Company has operational control over are included in the scope. To calculate GHG emissions and their $\mathrm{CO}_{2}$ equivalents, Span Group applies the GHG Protocol (Greenhouse Gas Protocol).

The year 2024 was chosen as the base year for monitoring and managing GHG emissions at Span Group, since it was then that the comprehensive calculation of Scope 1, 2 and 3 emissions was conducted for the first time. In 2025, we continued with the calculation of Scope 3 emissions and further expanded the coverage of this scope by including more activities, suppliers and relevant categories in accordance with ESRS and GHG Protocol guidelines. Coverage expansion enabled a more precise reporting on indirect emissions along the value chain and represents an important step in the further reinforcement of our system of climate impacts management. Also, new subsidiaries of the Span Group that started to operate during the reporting period (Greece, Czech Republic and Kazakhstan) are included in the calculation of emissions for 2025, reflecting the expansion of organizational borders and ensuring a transparent and comprehensive overview of emissions at the level of Span Group.

The calculation included emissions of $\mathrm{CO}_{2}$, $\mathrm{N}_2\mathrm{O}$ and $\mathrm{CH}_4$ in Scope 1 and 2 categories, while fluorinated gas emissions, such as emissions of PFCs, $\mathrm{SF}_6$ and $\mathrm{NF}_3$ were not identified in Span Group's business and were therefore not included in the calculation. Global Warming Potential (GWP) for refrigerants used in all Span Group business locations was taken from the Sixth IPCC report (Intergovernmental Panel on Climate Change). When calculating emissions, relevant emission factors were applied taking into account national, international and industry recognized databases.

Scope 1

Our Scope 1 emissions include direct emissions from sources that are owned or controlled by Span Group. These emissions derive from mobile sources (owned company vehicles) that account for the biggest proportion of Scope 1, emissions from stationary sources (fuel consumption for heating), and direct fugitive emissions from refrigerating appliances. There are no direct process emissions in Span Group. Scope 1 accounts for $11.27\%$ of total emissions, an increase of $3.98~\mathrm{tCO_2}$ compared to the base year 2024. The increase was recorded primarily in the O1-2 category (indirect emissions from mobile energy sources), while in the O1-3 category (direct emissions from fugitive sources) a reduction was recorded due to lower leakage of refrigerants in refrigerating appliances at the majority of locations of Span Group. An increase from $175.08~\mathrm{tCO_2}$ (2024) to $191.09~\mathrm{tCO_2}$ (2025) in the O1-2 category is the result of a combination of methodological and operational factors. The calculation methodology was further improved by applying an approach based on the actual consumption of gasoline and diesel in company vehicles, ensuring better precision and reliability of data, compared to the calculation of average consumption of fuel based on odometer data in company vehicles. Estimation of difference between methodologies showed that the implementation of calculation based on fuel consumption for 2024 would result in slightly higher emissions in that category $(+0.5\%)$. Since the originally calculated value is retained for 2024, it remains defined as the base year. Moreover, in 2025 there was an increase in the number of employees, resulting in the higher number of company vehicles in use. Furthermore, the scope of reporting was extended to additional subsidiaries within Span Group.

For the purpose of calculating indirect emissions from mobile energy sources, data on the actual consumption of gasoline and diesel fuel (I) in company vehicles was collected.

Scope 1 14.26%
Scope 2 12.53%
Scope 3 73.27%

Scope 1 11.27%
Scope 2 6.23%
Scope 3 82.32%

This approach was introduced to increase the level of accuracy and reliability of collected data in accordance with methodology requirements of ESRS guidelines. The calculation of emissions based on the actual consumption of fuel represents a more reliable approach in terms of methodology because emissions are directly linked to the amount of fuel used and enable the implementation of accurate emission factors per liter. This method reduces reliance on estimations and reduces the risk of error, while being in compliance with the GHG Protocol and ESRS requirements on data quality at the same time. In 2025, fugitive emissions of hydrofluorocarbons (HFCs) occurred due to the leakage of refrigerants in refrigerating systems at the locations in Estonia and Kazakhstan.

Due to high level of reliability of available data, level of uncertainty of calculation is low, whereby the most precise were fuel and natural gas calculations.

Scope 2

Scope 2 emissions include indirect emissions from the consumption of purchased electricity, heat and cooling, and account for $6.21\%$ of total emissions of Span Group.

Compared to the base year 2024, when Scope 2 emissions (market-based approach) amounted to $189.24\mathrm{tCO_2}$, in 2025 there was a significant reduction of Scope 2, by $36\%$. The biggest contribution to the overall reduction was achieved in the O2-1 category (Purchased electricity). Emissions reduced by $56.45\mathrm{tCO_2}$ in that category, a direct consequence of action taken to purchase guarantees of origin (GoO) for electricity in 2025. By purchasing guarantees of origin, Span Group ensured that the overall annual consumption of electricity in Croatia is covered by electricity produced from renewable sources.

Electricity consumption data was collected at the level of Span Group (subsidiaries in Moldova, USA, Georgia and Czech Republic do not use office space, so there was no electricity consumption), and locations in Zagreb (Koturaška and Savska) account for the largest proportion. For Span Group business locations in Croatia, we applied emission factor for electricity from the Croatian emission factors database for 2022, the last year available. For the market-based approach, 0 g/kWh emission factor was used, given that guarantees of origin (GoO) were purchased for

all Span Group business locations in Croatia for overall annual consumption of electricity in 2025. The same methodology was also applied for Greece subsidiary that has guarantees of origin (GoO) for its consumption of electricity as well, which is why emission factor according to the market-based approach equals 0 g/kWh. When calculating emissions from electricity consumption in subsidiaries outside EU, for location- and market-based approach emission factors from the publicly available database were applied (for Ukraine, Azerbaijan and Kazakhstan, emission factors for the remaining mixture were not available, and emission factors applied were the same as in the location-based approach). Given the high level of reliability of these sources, level of uncertainty of calculation is low as well, ensuring a relatively precise assessment of the impact of energy consumption on total emissions of Span Group.

Scope 3

Scope 3 emissions encompass indirect emissions that occur upstream or downstream in the value chain of Span Group, outside of own business. Upstream emissions are emissions from purchased goods and services, including purchased materials, low value adding services, and emissions from capital goods - such as investing in IT equipment and furniture. Also, fuel and energy-related activities are covered as well (not covered in Scope 1 and 2), and they include gas, electricity and heat consumption, as well as emissions from upstream transportation and distribution of goods. Furthermore, Scope 3 includes emissions from waste generated in operations, business traveling and employee commuting. In the business traveling category, emissions are calculated on the basis of travel orders and travel agency data, while estimates based on modal split were used for employee commuting, whereby some employees use public transport, bus or passenger car. Since Span Group does not produce nor sell physical products, no emissions were identified in the following downstream categories: processing of sold products, use of sold products, end-of-life treatment of sold products and downstream leased assets and franchises.

Scope 3 emissions account for 82.52% of total emissions, a significant increase compared to the base year 2024. The increase is related to the extension of the scope of calculation. The biggest contribution to the increase derives from categories O3-1 - Purchased materials and services and O3-2 - Capital goods, where wider range of materials, services and activities relevant for business processes of the Group was covered. Increase of emissions in the O3-2 category is also related to the opening of new subsidiaries within the Group, which required investments in furnishing and decoration of those locations. In addition, in categories O3-4 - Upstream transportation and distribution and O3-9 - Downstream transportation and distribution a greater number of suppliers and transportation services was covered. Number of logistics partners and transport operators included in the calculation expanded, thus ensuring a more comprehensive overview of emissions related to the transport of goods and equipment for the purposes of Span Group, which also resulted in the increase of total Scope 3 emissions. An increased number of employees in 2025 compared to 2024 also impacted the increase of Scope 3 emissions, which was reflected in various Scope 3 categories that are partly related to the number of employees, such as business traveling (O3-6), use of third party services (O3-1) and higher activity intensity in the value chain. In addition to the above, better data availability and higher quality of collected information were recorded in 2025 compared to the previous year, which often results in higher reported value of emissions in practice, because previously excluded activities are now included in the calculation.

Span Group invested EUR 310 thousand in investment funds as at 31 December 2025 (31 December 2024: EUR 206 thousand), accounting for less than 1% of total net value of the fund's assets, and does not estimate emissions from said investment. The Company does not invest in securities.

Scope 3 emission estimates are associated with high levels of uncertainty, mainly due to limited availability of primary data obtained from suppliers and customers, and using estimates and conversion factors for specific activities. Depending on the category of emissions, the level of uncertainty varies between 15 to 100%, whereby more uncertain estimates are mainly related to purchased goods and services and capital goods due to the use of consumption-based method and emission factors that are not service- or good-specific. Emission factors used were from Croatian and French emission factors database, the UK database and Exiobase. Capital goods (24.74%), employee commuting (21.67%), purchased goods and services (15.13%) and business traveling (12.76%) contributed to Scope 3 emissions the most.

Data for calculating indirect emissions from purchased goods and services (category 3-1)

Purchased goods and services concern emissions related to purchased goods, materials, raw materials and services used by the company for its business. Data on water, paper and the consumption of other office supplies was collected, as well as data on external services cost. Data on water and paper consumption was collected in natural units of measurement (m³ and kg), while data on other office supplies and external services was collected in monetary units. External services cost was aggregated in two groups, namely services with high equipment cost whose production involves the use of fuel or energy, or they cause high emissions, and services with low equipment cost (so-called intellectual services), with relatively low emissions. Apart from that, data was collected concerning the cost of cloud services and Microsoft licenses directly from suppliers.

Data for calculating indirect emissions from capital goods (category 3-2)

Capital goods are products that have a lifespan longer than 12 months. In terms of accounting, capital goods are classified as fixed assets. Data was collected concerning the mass of purchased furniture and vehicles, and the number of purchased pieces of IT equipment, pieces of furniture, white goods, mobile phones and televisions in 2025 for Span Group.

Data for calculating indirect emissions from fuel and energy-related activities (category 3-3)

Category concerning fuel and energy-related activities includes emissions related to fuel and energy production that the Group consumed in the reporting year, which are not included in Scope 1 or Scope 2. Data on the consumption of fuel from stationary and mobile energy sources (Scope 1) and data on the consumption of electricity and heat (Scope 2) is used to calculate emissions from this category, but emission factors concerning fuel and energy-related activities are applied.

Data for calculating indirect emissions from upstream transportation and distribution (category 3-4)

Category concerning upstream transportation and distribution of goods includes transporting company emissions due to transportation and distribution of goods (including materials and capital goods) purchased in the reporting year, between our locations and supplier's location, when transportation costs are covered by Span Group (by airplanes, lorries and delivery and small-sized truck vehicles).

Data for calculating indirect emissions from waste generated in operations (category 3-5)

Category concerning waste generated in operations includes emissions from disposal

Uncertainties of carbon footprint calculation for Span Group (location-based approach), 2025

Label	Category	Qualitative assessment of uncertainty
01-1	Stationary energy sources	A (0-15%)
01-2	Mobile energy sources	A (0-15%)
01-4	Fugitive sources	B (15-50%)
02-1	Electricity consumption	A (0-15%)
02-2	Consumption of thermal and cooling energy	A (0-15%)
03-1	Purchased goods and services	C (50-100%)
03-2	Capital goods	C (50-100%)
03-3	Fuel and energy-related Activities (not included in Scope 1 or Scope 2)	A (0-15%)
03-4	Upstream transportation and distribution	B (15-50%)
03-5	Waste generated in operations	C (50-100%)
03-6	Business traveling	B (15-50%)
03-7	Employee-commuting	C (50-100%)
03-9	Downstream transportation and distribution	B (15-50%)

and recovery of solid waste (hazardous and non-hazardous) generated in operations of Span Group in the reporting year. Data was collected on mixed municipal waste, waste paper, plastic, glass, organic waste, bulky waste, textile, waste batteries, light bulbs, toners and electric and electronic waste during 2025. Information regarding method of disposal and recovery was submitted for different types of waste.

Data for calculating indirect emissions from business traveling (category 3-6)

Category concerning business traveling includes emissions from employee transportation during business traveling in the course of the reporting year, in vehicles not owned or controlled by the Group. Data on business traveling of Span Group employees during 2025 was submitted. Business traveling by means of company vehicles are considered within Scope 1, while business traveling by other means of transportation is considered in this category. Diesel fuel and motor gasoline consumed in private

vehicles is considered, as well as passenger-kilometers travelled by buses, trains and airplanes for the purpose of business traveling. For business traveling by airplane, data on $\mathrm{CO}_{2}$ emissions shown on flight tickets was collected and used.

Data for calculating indirect emissions from employee commuting (category 3-7)

Category concerning employee commuting includes emissions resulting from transportation of employees from their homes to their workplaces in the course of the reporting year, in vehicles not owned or controlled by the Group. Data required to calculate emissions from employee commuting was collected through a survey. Survey was completed by $60.73\%$ of employees in Span Group business locations in Croatia, and $81.33\%$ of employees in Span Group subsidiaries outside Croatia. An assumption of average commutes in 2025 was used in the calculation, taking into account the organizational model on the basis of which employees work from home once a week on average (an average of 172 commutes

was assumed). Employees estimated diesel fuel and motor gasoline consumption for private vehicles, and passenger-kilometers for commuting by tram, bus or train.

Data for calculating indirect emissions from downstream transportation and distribution (category 3-9)

Category concerning upstream transportation and distribution of goods includes transporting company emissions due to transportation and distribution of goods purchased in the reporting year, between Span's locations and supplier's location, when transportation costs are not covered by Span Group. Emissions resulted from the combustion of diesel fuel in lorries and delivery and light-duty vehicles for the purpose of goods transportation.

Uncertainty of emissions calculation:

Uncertainty of GHG emissions calculation is an essential parameter implying the quality of collected data and emission factors used. In the calculation of uncertainty for Scope 1 and Scope 2 categories, Tier 1 ap

proach from IPCC Good Practice Guidance was used. Estimated uncertainty of emissions calculation from each emission source represents a combination of uncertainty of input data on activities and corresponding emission factors. For Scope 3 categories, a qualitative expert evaluation of uncertainty was provided, whereby the lowest level of uncertainty was marked A (uncertainty: $0 - 15\%$ ), then B (uncertainty: $15 - 50\%$ ) and C (uncertainty: $50 - 100\%$ ), and the highest level of uncertainty was marked D (uncertainty: higher than $100\%$ ).

Results of the evaluation of uncertainty of GHG emissions calculation by category is shown in the table above.

A detailed overview of GHG emissions for Span Group in 2025 and 2024 for Scope 1, 2 and 3 is shown in the table.

	N-12024	N2025	%N/N-1	2029
Scope 1 GHG emissions
Gross Scope 1 GHG emissions (tCO2 eq)	214.40	238.38	-1.9%
1. Stationary energy sources	23.14	20.82	-6.7%
2. Mobile energy sources	173.08	191.09	-9.1%
3. Fugitive sources	14.18	0.47	-96.7%
Percentage of Scope 1 GHG emissions from regulated emission trading schemes (%)	0	0
Scope 2 GHG emissions
Gross location-based Scope 2 GHG emissions (tCO2 eq)	224.29	224.98	-0.3%
1. Electricity consumption	138.45	152.70	-10.3%
2. Consumption of thermal and cooling energy	85.85	72.28	-15.8%
Gross market-based Scope 2 GHG emissions (tCO2 eq)	189.24	120.34	-36.4%
1. Electricity consumption	101.05	44.60	-55.9%
2. Consumption of thermal and cooling energy	88.19	75.74	-14.1%
Total Scope 1 and Scope 2 greenhouse gas emissions (location-based) (tonnes of CO2 equivalent)	438.69	443.36	-1.1%
Total Scope 1 and Scope 2 greenhouse gas emissions (market-based) (tonnes of CO2 equivalent)	403.64	338.72	-16.1%	312.82
Significant Scope 3 GHG emissions
Total Gross indirect (Scope 3) GHG emissions (tCO2 eq)	1,106.27	1,338.92	-44.3%
1. Purchased goods and services	136.16	282.94	-107.8%*
Optional sub-category: Cloud computing and data center services	11.74	10.25	-12.7%
2. Capital goods	213.51	479.30	-124.5%*
3. Fuel and energy-related activities (not included in Scope 1 or Scope 2)	78.86	81.59	-3.5%
4. Upstream transportation and distribution	0.44	56.89	-12,829.5%*
5. Waste generated in operations	13.67	20.83	-52.4%
6. Business traveling	139.53	247.26	-77.2%
7. Employee commuting	492.32	419.79	-14.7%
8. Upstream leased assets	0	0	0
9. Downstream transportation	20.04	0.07	-99.7%
10. Processing of sold products	0	0	0
11. Use of sold products	0	0	0
12. End-of-life treatment of sold products	0	0	0
13. Downstream leased assets	0	0	0
14. Franchises	0	0	0
15. Investments	0	0	0
Total GHG emissions
Total GHG emissions (location-based) (tCO2 eq)	1,544.96	2,042.28	-32.2%
Total GHG emissions (market-based) (tCO2 eq)	1,509.91	1,937.64	-28.3%

The high percentage increase is a result of the expanded scope of this category's calculation in 2025, introduced to ensure a more accurate and reliable estimate.

6.3. Social information (S1, S3, S4)

S1

S1

S1 - Own workforce

S1-1 - Policies related to own workforce

Details of specific policies

Policy name	General objectives	Material impacts, risks, opportunities	Scope	Accountable level	Monitoring/ interests of workforce	Policy availability
Rules of Procedure	Regulating the rights and obligations of employers in accordance with the Labour Act.	Equal treatment and equal opportunities for all; Employee wellbeing and work-life balance; Data protection	R applies to all Span & £'s employees, except for people employed on the basis of student and service contracts.	Members of the Management Board	Employees may request to exercise their rights if they believe their rights were infringed within 15 days of the notification of the decision.	Available on Intranet
Rulebook on procedures and measures for the protection of employee dignity	Ensuring working conditions free of discrimination, harassment and sexual harassment.	Equal treatment and equal opportunities for all; Employee wellbeing and work-life balance	R applies to all Span & £'s employees; R protects them from harassment on the part of colleagues, superiors or third parties.	Members of the Management Board	Employees can report violations of dignity to Commissioners for the protection of employee dignity.	Available on Intranet
Diversity and Inclusion Policy	Promoting diversity and inclusion in work environment, with guidelines and principles of action within and outside of the organization.	Equal treatment and equal opportunities for all; Employee wellbeing and work-life balance	R applies to Span & £; it is recommended to partners, suppliers and associates within the value chain.	Members of the Management Board	Employees can report violations of dignity or discrimination to Commissioners, and partners can report violations on compliance@ span.eu.	Available on Intranet and public web site
Span Code of Business Conduct	Providing guidelines for ethical conduct and good business practices; defining principles and business rules for employees and partners.	Equal treatment and equal opportunities for all; Employee wellbeing and work-life balance	R applies to Span Group and all the business partners in accordance with local legislation.	Management and Supervisors Board	Employees and partners are obliged to report unlawful or unethical conduct using available channels, including compliance@ span.eu.	Available on Intranet and public web site
Whistleblower protection procedure; Violation or suspected violation reporting procedure	Regulating the rights and obligations of whistleblowers, and obligations of employer in relation to the process of protection of whistleblowers.	Equal treatment and equal opportunities for all; Employee wellbeing and work-life balance; Data privacy	R applies to Span Group, business partners and third parties.	Members of the Management Board	Employees and partners are obliged to report unlawful or unethical conduct using available channels.	Available on Intranet

At the moment, standards and initiatives of third parties are not applicable for said policies. When adopting and implementing policies, we take into account employee feedback by means prescribed in those policies. Particular attention is paid to ensuring the availability of policies to all employees through Intranet, onboarding process and training.

The Company adopted a series of internal acts governing own workforce. Code of Business Conduct of Span Group is a broader document that includes key guidance for the workforce, such as respect for human rights, diversity, equality and employee well-being. Rules of Procedure govern the fundamental rights and obligations arising from employment relationship. Rulebook on procedures and measures for the protection of employee dignity, Diversity and Inclusion Policy, Whistleblower protection procedure and Violation or suspected violation reporting procedure regulate specific areas in detail, such as protection of dignity and promoting diversity and equal opportunities.

As regulated by our Code of Business Conduct, at Span, we respect the fundamental human rights defined in the United Nations Universal Declaration of Human Rights and internationally recognized principles and guidelines, including the ILO Declaration on Fundamental Principles and Rights at Work, which concerns freedom of association and collective bargaining, prohibition of forced labour, child labour and discrimination.

In addition, we respect laws and standards of human rights in all countries in which we operate, thus ensuring consistent compliance with international and local obligations.

The Company monitors compliance through several key mechanisms described in S1.

Policies and internal codes - We adopt and apply internal policies and procedures aligned with principles of human rights, such as the Code of Business Conduct, Diversity and Inclusion Policy, etc.
Risk assessment - As part of non-financial reporting, we regularly analyze potential and actual impacts of business on human rights, including impact on employees and the community.
Notification mechanisms and whistleblower protection - To our employees and external stakeholders we offer the possibility to report human rights violation anonymously by means of safe channels, and protection from retaliation.
Monitoring working conditions - We regularly evaluate working conditions, including salaries, working hours, work-life balance, etc. (work climate survey).
Regular reporting and transparency - With the publication of Sustainability Report, we ensure transparent communication about mentioned topics, and we report on potential violations, impact management, etc.
Training and raising awareness - We conduct surveys and carry out trainings for employees and management on human rights, discrimination, equality.

In order to protect the employees from discrimination, harassment and sexual harassment on the part of other employees, superiors, partners and other people that employees have regular contact with when doing their job, we adopted the Rulebook on procedures and measures for the protection of employee dignity, and appointed two people of opposite sex authorized to receive and handle complaints in relation to the protection of employee dignity.

Our corporate policies and practices are in compliance with universally adopted principles related to own workforce, as shown in the table below.

UN GLOBAL COMPACT PRINCIPLES

HUMAN RIGHTS	Principle 1	Businesses should support and respect the protection of internationally proclaimed human rights.	Span d.d. promotes its corporate values and culture through aligned policies and procedures in terms of human rights, equal opportunities and safe and healthy working conditions. These policies and procedures, including Code of Business Conduct, Rules of Procedure, Diversity and Inclusion Policy, and Rulebook on procedures and measures for the protection of employee dignity are made available to all employees through Intranet. In addition, Code of Business Conduct was made public on Span's website to ensure its transparency and availability to all the stakeholders.
	Principle 2	Businesses should make sure that they are not complicit in human rights abuses.
LABOUR	Principle 3	Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining.	Span d.d. is a signatory of the Diversity Charter – an initiative launched in 18 EU countries, which in Croatia was developed under project of the Croatian Business Council for Sustainable Development. In addition, Span adopted its own Diversity and Inclusion Policy used to clearly express its commitment to equal opportunities and respecting diversity in all business aspects. Principles explicitly stated in Code of Business Conduct of the Group are freedom of association, prohibition of forced labor and abolition of child labor.
	Principle 4	Businesses should uphold the elimination of all forms of forced and compulsory labor.
	Principle 5	Businesses should uphold the effective abolition of child labor.
	Principle 6	Businesses should uphold the elimination of discrimination in respect of employment and occupation.

Span has the Rulebook on Occupational Safety, as well as Fire Protection Rules in place. We use them to ensure safe work environment through regular risk assessments and implementation of measures to prevent accidents and injuries.

Basis of the Diversity and Inclusion Policy lies in the legal framework defined by the Anti-discrimination Act (Official Gazette 85/08, 112/12). This Act, based on the principles of protection and promotion of equality, acknowledges seventeen basic types of discrimination grounds, including race, ethnic affiliation, colour, gender, language, religion, political or other belief, national or social origin, property, trade union membership, education, social status, marital or family status, age, health condition, disability, genetic heritage, native identity, expression and sexual orientation. We don't have ongoing specific policy commitments related to inclusion or positive action for people from groups at particular risk of vulnerability in our own workforce.

Zero tolerance for discrimination is deeply rooted in Span's culture. This rigorous approach to discrimination is reflected during the entire employee life cycle, especially in crucial phases, such as selection and recruitment, talent management, leadership, professional development, rewarding and advancement, as well as adaptation to different stages of life, including parenthood, family care, and even termination of employment contract. In case our employees experience or notice discrimination, violence or harassment, they have the right to contact the commissioners for the protection of employee dignity and raise a complaint. Protection measures and the procedures for the protection of employee dignity are laid down in the Rulebook on procedures and measures for the protection of employee dignity.

Span does not have insights into codes of conduct of all suppliers, however, it obliges them to respect Span Code of Business Conduct in its contractual arrangements. Provisions of available supplier codes of conduct include the protection of labor rights, however, available codes do not correspond completely to requirements of ILO standards. At the moment, Span is establishing supplier check mechanism that will also include compliance check in terms of the said standard.

Sr-2 – Processes for engaging with own workforce and workers’ representatives about impacts

The Company has in place several key processes to ensure open and transparent engagement with own workforce and employees' representatives about impacts. Assessment of satisfaction with work climate is carried out regularly, where employees can express their opinions and views. Analysis includes different work environment aspects, such as basic working conditions, organization of work, reward system, climate within teams and organization, dimensions of personal work experience (such as health and work-life balance), the experience of inclusion, as well as the satisfaction of subsidiaries with respect to Span d.d. Furthermore, employee feedback, which is collected through provided channels are taken into account in the development and implementation of policies and processes, and particular attention is paid to ensuring the availability of policies to all employees through Intranet, onboarding process and training. These processes enable continuous engagement with own workforce and employees' representatives, ensuring that performance and needs of employees are consistently monitored, analyzed and integrated in the development of policies and action plans.

Results of the assessment are used to identify problems and opportunities for improvement. Suggestions and action plans are made on the basis of the feedback, in order to improve the work environment and increase employee satisfaction. Work climate surveys are conducted once a year.

In order to ensure that defined action plans are systematically monitored and implemented, Key Performance Indicators (KPIs) were introduced this year, and they are described in chapter S1-S and directly related to the results of the work climate survey. The focus of all the relevant stakeholders on the achievement of set objectives is thus further reinforced, and the responsibility for the continuous improvement of work environment is ensured.

178
179

Role of the employees' representative in the Supervisory Board

Employees' representative in the Supervisory Board participates in the supervisory activities of the Company and represents employees' interests through supervision of the Management Board's work and implementation of policies that impact the working conditions, reward system, security and employee well-being. Its role is advisory and supervisory, including the right to raise questions, asking for clarifications and participating in the discussions of the Supervisory Board on topics concerning employees. It is thereby ensured that decisions of the Supervisory Board and Management Board take into account employees' interests.

Engaging with own workforce at different levels

There is a possibility to consult the employees' representative as appropriate. There were no such requests from employees so far. Given the above, engaging with own workforce is carried out directly.

HR experts are primarily engaged, as well as experts from other departments, such as corporate communications and digital production, as appropriate. Financial resources are used to hire external consultants that conduct work climate surveys and other analyses.

Communication of results and engagement with employees

Employees are notified about the results of surveys and actions plans through official communication channels, such as Company's Intranet, Span TV and Viva Engage, internal social media platform. In addition, there is a possibility of direct communication through superiors and HR Department. Regular 1:1 and Performance Review meetings further foster the two-way communication.

S1-3 – Processes to remediate negative impacts and channels for own workers to raise concerns

The Company established a number of measures to protect employee dignity and ensure availability of efficient channels that employees may use to raise concerns or report irregularities. These are the defined procedures for reporting and remediating discrimination, harassment and sexual harassment, and for the protection of persons that use reporting mechanisms.

Rulebook on procedures and measures for the protection of employee dignity

In order to protect the employees from discrimination and harassment on the part of colleagues, superiors and other people that employees have regular contact with, Rulebook on procedures and measures for the protection of employee dignity was adopted (hereinafter: Rulebook on Dignity). On the basis of the Rulebook on Dignity, two people of opposite sex authorized to receive and handle complaints in relation to the protection of employee dignity were appointed. Rulebook on Dignity is part of the onboarding process that all the new employees go through and is made easily available to them through Company's Intranet, ensuring transparency and availability of relevant information.

Reviewing complaints

In accordance with the Rulebook on Dignity, within 8 days of notification commissioners are obliged to initiate a review of the complaint related to the protection of dignity, and notify complainants and the Company of the process. When reviewing complaints, commissioners may hear the opinions of complainant, person against whom the complaint was submitted and witnesses, or obtain written observations, examine the documentation or labor assets, and take other evidence that according to the circumstances of the case they consider purposeful in order to determine relevant facts.

Span regularly examines existing mechanisms in order to ensure that employees know how and where to report possible irregularities, and that they trust the system. In this context, we regularly conduct surveys on the perception of diversity and inclusion within organizational climate survey (more about this can be found in chapter S1-3: Employee perception of the protection system), which include an assessment of employee awareness of available channels and processes for reporting concerns or forms of inequalities observed.

All the received complaints are filed in the internal database, and their handling is defined in the Rulebook on Dignity. In one complaint received in 2025, internal procedure was followed in accordance with applicable provisions and internal acts, and it resulted in adopting appropriate measures in the context of labor.

Although complaints are rare, we are aware of the fact that violation of human rights, discrimination and inequality may negatively impact the work environment, including challenges employees may face in different life and professional circumstances. Due to that, we established a system which includes commissioners and clearly defined procedures for enabling employees to report irregularities and ensuring timely and effective action of protecting their rights.

Channel for raising concerns

To ensure unbiased and objective handling of complaints, their handling is delegated to commissioners appointed for the protection of employee dignity, who are external legal experts. In addition, other channels for raising concerns are continuously available to employees:

anonymous “virtual inbox” on Intranet enables employees to ask questions, raise concerns and making suggestions with full anonymity
by way of open questions in the organizational climate survey that enable employees to give their opinions, suggestions and raise concerns
employees can also directly communicate with the HR Department in relation to reporting or problem resolving.

The Company has a grievance/complaints handling mechanism in place specifically related to employee matters. Each employee who believes that their dignity was violated, i.e. that they were discriminated, harassed or sexually harassed has the right to raise a complaint to the commissioners for the protection of dignity. The complaint shall be submitted in writing, stating the circumstances in which the harassment occurred, and it must be signed by the complainant. The complaint may be sent by mail as a registered letter, or to the commissioners' e-mail: [email protected], taking into account the information published on Span's website, expressly indicating that the letter is intended for the commissioners for the protection of employee dignity. Within 8 days of submitting the complaint, commissioners are obliged to initiate a review of the complaint related to the protection of dignity and notify complainants and Span of the process. When reviewing complaints, commissioners may hear the opinions of complainant, person against whom the complaint was submitted and witnesses, or obtain written observations, examine the documentation or labor assets, and take other evidence that according to the circumstances of the case they consider purposeful in order to determine relevant facts. In the process of reviewing complaints, commissioners take action together. In exceptional cases, if one commissioner is prevented from participating, and actions that need to be taken in the process of reviewing complaints

are of immediate necessity, they can be taken independently by the other commissioner. After the process, the commissioners will prepare and submit their decision to Span in writing, in which they will determine that complainant's dignity was violated or reject the complaint as unfounded.

Employee perception of the protection system

Employee perception of the efficiency of the protection of rights and equal treatment system is monitored through organizational climate survey. A survey conducted in September 2025 produced a very high response rate among employees (95.96%), indicating a high level of engagement and trust in the process. Results show that employees greatly perceive the systems of protection as available and functional – 88.28% of employees state they know who to contact in case of experiencing or noticing inequality, while 91.60% considers themselves treated equally as other employees at Span, regardless of their personal characteristics.

Safeguarding the confidentiality and preventing retaliation

Span Group implemented a number of measures in order to ensure confidentiality and protection of employees who report irregularities:

Confidentiality of data: All the data obtained during the process of the protection of dignity is considered a business secret and must not be disclosed to third parties, unless absolutely necessary, e.g. in legal proceedings.
Protection against retaliation: Code of Business Conduct commands the prohibition of any retaliation on employees who report irregularities in good faith. Any retaliation, such as threats or demotion is subject to disciplinary action.
Protection of whistleblowers: Whistleblower protection procedure defines the protection of whistleblowers, ensures the confidentiality of investigations and, where appropriate, allows for temporary relocation of whistleblowers for their protection.

Handling questions and notifying employees

In case employees have concerns in relation to equal treatment, salaries or working hours, they can contact the employer through available internal channels, such as virtual inbox for suggestions and open responses in the organizational climate survey.

Questions asked through anonymous "Virtual Inbox" are processed by the HR Department and Internal Communications Department experts. After analyzing and taking necessary actions, responses and information on the outcomes are transferred via Viva Engage platform.

Span is continuously working on raising awareness and promoting trust in existing systems of the protection of employee dignity, as well as on providing training on employee rights and available protection and reporting mechanisms.

St-4 – Taking action on material impacts on own workforce, and approaches to mitigating material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions

In 2025, key actions that the Span Group took and that it plans on taking in order to prevent or mitigate negative impacts on own workforce were confirmed, as well as the expected outcomes and contribution to objectives. Implementation of actions and action plans currently does not require significant operating expenditures and/or capital expenditures.

1. Equal treatment and equal opportunities for all employees

Within its ESG strategy, Span recognizes equal treatment and equal opportunities for all employees as a material topic that includes both potential negative impacts and material opportunities related to development of inclusive and fair working environment.

Potential negative impact was identified in terms of equal pay for equal work. Lack of clearly defined pay grades and transparent criteria for workplace evaluation may negatively impact the perception of fairness, employee satisfaction and their work performance in the long run.

In order to mitigate the above mentioned negative impact, following actions were formalized in 2025:

Define clear pay ranges for each pay grade
Adopt an operational plan and budget for the implementation of Pay Equity principle.

As part of those actions, a comprehensive revision of workplaces was launched, with a view to correctly evaluating each position and establishing a clearly structured class system within the company. In parallel, the SAP module Performance & Goals was implemented, and it enables a transparent monitoring of individual goals of employees and their alignment with long-term strategic goals of the organization.

The above-mentioned activities contribute to the increase of transparency and equal opportunities, strengthening of inclusive and fair organizational culture, strategic approach to human rights and ESG standards, as well as to long-term talent retention and resilience of business. A more detailed process of definition of operational goals and Key Performance Indicators (KPIs) is planned after the full implementation of the system for workplace classification, which will enable a more clear alignment of the reward system with employee contribution and performance. For this purpose, a gradual further improvement of relevant policies and procedures is planned, with a view to further reinforcing the transparency and fairness in the pay and reward system.

Span systematically works on the development of organizational culture based on fairness, inclusiveness and equal opportunities for all employees, representing a material opportunity for strengthening employee engagement, reputation of the Company and long-term business resilience. This commitment is reflected in day-to-day practices of employees and management, and is further reinforced by formal internal acts and policies.

In 2025, following actions were formally adopted and defined:

promoting fairness, inclusion, equal opportunities and dignity at work
conducting training on unconscious bias

182
183

and diversity for the management and the HR Department.

As part of these actions, building the knowledge and competencies of employees in the area of sustainable business, ESG standards and human rights continued, with a particular focus on inclusion and equal opportunities. A team of the Company's employees completed UNICEF's CSR Academy and corporate sustainability training, while Span also involved the ESG, Legal Affairs and HR departments, as well as members of the Management Board, in workshops on human and children's rights in business, in cooperation with the Croatian Business Council for Sustainable Development (HRPSOR).

Furthermore, within Workplace Inclusion Champion program foundation was laid for the initiative of providing scholarships for pupils and students with disabilities in the Republic of Croatia, thus boosting the availability of education and creating conditions for integration into the labor market in the long run. Particular focus was placed on the development of inclusive leadership. During #EUDiversityMonth, workshops were conducted for the management of the Company gathering more than 30 participants, with a view to raising awareness of unconscious bias, discrimination and day-to-day challenges in managing diverse teams. The Organizational Climate Survey was conducted in the same period, and it covered more than 800 employees of Span Group, with additional indicators aimed at measuring inclusivity and cooperation with Span d.d. The statement saying "I believe I am treated equally as others at Span..." achieved a 91.60% result, confirming that employees perceive Span as a fair and inclusive working environment.

In the coming period, further systematic monitoring of indicators related to fairness, equal opportunities and inclusivity is planned through regular organizational climate surveys, as well as further development of

trainings for the management in the area of inclusive leadership. Further development and implementation of the initiative of providing scholarships for pupils and students with disabilities is also planned, with a stronger alignment of the organizational climate survey results with development initiatives within the HR Department and ESG program.

2. Career development and talent retention

Span recognizes professional development of employees and internal career advancements as a key opportunity for strengthening engagement, satisfaction and talent retention, while reducing turnover and costs related to acquisition and training of new employees at the same time. Enabling clear career paths, development of competencies and internal recruitment positively impacts the sense of belonging to the organization and fosters long-term development of employees within the Company.

In 2025, following actions were formally adopted and defined:

management system for career development and employee competencies
management system for performance and development goals
development of the organizational mentoring system to support professional development and internal career advancements.

As part of these actions, a framework of competencies for all employees of the Company was developed in 2025. After introducing leadership competencies at the end of 2024, the catalog of non-leadership competencies was developed, serving as a common framework for understanding expected behaviors, work standards and professional development at Span. Competencies are aligned with the Company's values and expectations and described through concrete behaviors that are recognizable in practice. The catalog covers eight key competency areas, thus ensuring a clearer insight into expectations,

facilitating giving and receiving feedback and laying the foundation for structured career development to employees. Framework of competencies was developed as an integral part of preparing for the 360 survey, whose implementation was planned for the beginning of 2026, while the necessary prep work and adaptation in the SAPSuccessFactors system was carried out in 2025. In addition, individual career goals for 2025 were defined for all employees through Performance & Goals module. Furthermore, SAP Learning Module was introduced successfully, and it ensures a centralized approach to educational content and a systematic and continuous improvement of knowledge and skills of employees.

In the coming period, an initiation of revision and unification of career paths by main business verticals is planned, with a view to ensuring transparent advancement criteria and clear alignment of competencies, performance and career development. Updated career paths will be published on Company's Intranet to make them available to all employees.

These actions are aimed at fostering professional development of employees through clear and transparent career paths. They will be applied to all employees of the Company and will cover all the main business verticals. Expected outcome is greater clarity in terms of advancement criteria, efficient transfer of knowledge and strengthening of competencies and motivation of employees. The implementation of actions is planned gradually, whereby the revision and unification of career paths and the organization of planned training will be completed in 2026, while the mentoring system will be developed in the following period. The long-term objective of the action is the continuous improvement of human resources process and the increase of employee satisfaction, in relation to objectives of the Company in the area of ESG initiatives.

3. Employee well-being and work-life balance

Increased demand of the work environment, overtime, and the intensity of business activities and the challenges of work-life balance in general may negatively impact the employee well-being, causing fatigue, increased stress levels and disrupting the work-life balance. These impacts are particularly visible in employees doing shift and night work, an integral part of business activities of the Company. If these risks are not addressed appropriately, they may lead to decreased satisfaction with work, lower productivity and increased turnover. With a view to mitigating mentioned material negative impacts, following actions were adopted in 2025:

system of promoting employee well-being
support program for parents and return to work.

As part of promoting employee well-being, Span carries out structured activities aimed at preserving physical and mental health, reducing stress and reinforcing the work-life balance. The program includes educational, preventive and participatory initiatives that foster healthy lifestyle habits, mental resilience and social connection of employees.

Workshops and webinars dedicated to mental health were carried out in 2025, including celebrating the World Mental Health Day, as well as preventive health activities as part of Movember initiative, enabling specialist check ups to employees and providing donation to the health care system to support the education of health care professionals. The program was further enriched with activities that foster physical activity and team spirit, such as participating of employees in the B2Run race, Cycling to work, and the organization of internal events, including Span Christmas Pub Quiz.

Employee satisfaction is related to well-being and work-life balance and is regularly monitored through organizational climate surveys.

In 2025, a 67.8% result was achieved, indicating there is room for further improvement, especially in the area of management of work load and organization of work. For this reason, we defined a target for this negative impact.

In the following period, Span plans to continue promoting employee well-being at the level of the Company. Activities such as Fit Happens program, aimed at fostering movement and healthy lifestyle of employees, with additional educational content on health and stress prevention. In parallel, other initiatives aimed at healthy lifestyle will be promoted as well, such as arriving to work by bicycle. As part of Support program for parents and return to work, Span plans to implement a structured re-boarding package dedicated to employees returning to work after parental leave, with a view to facilitating reintegration into work environment, gradual taking on work obligations again and providing additional support in the alignment of professional and private responsibilities.

Impact of these actions will continue to be monitored through regular organizational climate surveys, including indicators related to employee well-being and work-life balance. Results will be used to further improve the actions, with a view to reducing negative impacts related to stress and work load, increasing employee satisfaction and reinforcing organizational culture aimed at care for people and long-term resilience of business.

4. Business continuity and talent risk management

Departure of key strategic employees is rare at Span, but we are aware that turnover in critical roles may occur, which is normal in the IT industry. We classify this risk as a material financial and operational challenge for the organization, given that the loss of key talent may lead to knowledge gaps, delays in project delivery and increased recruitment and onboarding costs.

As part of the ESG strategy, Span recognizes the business continuity and managing the risk of talent loss as a material topic that covers strategic development of key employees and strengthening of organizational resilience. Actions planned in the coming year:

Succession planning
Development of leadership competencies (action carried out continuously).

In order to reinforce business continuity and to adapt to market conditions, we conducted a major reorganization of the business structure. New organization introduced horizontal elements that reinforce cooperation and coordination among teams, reorganized Project Management Office for the purpose of providing better support to strategic initiatives, and divided the business into five key business units. A potential and performance assessment tool – 9 Box Grid, introduced in 2024, was continuously used for monitoring employee development in 2025, as well. Standards for potential and performance defined last year are applied in regular monitoring and evaluation of employees, thereby further reinforcing the basis for development of the succession plan. These activities enable systematic development and key staff retention, strengthening the resilience of organization and ensuring business continuity.

5. Change management and employee adaptability – Company specific

Span operates in a rapidly evolving IT industry, where frequent changes, including acquisitions and expansions into new markets may cause employee resistance and increase the risk of loss of key talent. Such changes may also cause reputational damage and negative impacts on business results and turnover. In order to mitigate these risks, efficient change management and proactive employee engagement are crucial.

Actions that we implement and plan to implement:

change management – planning
engagement and communication with employees
key staff retention
training managers for principles and tools of change management
monitoring employee adaptability and engagement.

As part of actions we implemented this year, targeted training was organized for new managers and, where appropriate, other employees as well, in order to strengthen their competencies of leading the teams through change. Based on the results of the 360 survey from 2024, development and operational goals for 2025 were set for managers, with a focus on strengthening employee engagement and resilience of teams. In parallel, through communication channels such as Span TV, Intranet and Viva Engage, employees were timely notified of news and changes within the organization, contributing to greater transparency and inclusion of employees in the process.

Activities will continue in the following period, including updating of plans for key initiatives, strengthening employee communication and engagement, implementation of targeted initiatives for key staff retention, additional training for managers and regular 360 assessments, in order to monitor employee adaptability and engagement and relate to further development initiatives. After a year-long gap, we plan on conducting "Ask the Management" – the platform for open communication between employees and members of the Management Board.

These activities contribute to strengthening of employee resilience, reducing the risk of loss of key talent and preserving the business continuity.

Group uses the following mechanisms to track the effectiveness of actions:

Work climate survey: Analysis of employee satisfaction
Tracking the engagement: Tracking the numbering of employees participating in initiatives such as B2Run, online training, Span Christmas Pub Quiz and MultiSport
Quantitative metrics: Number of participants in programs or professional practices for young people
Qualitative feedback: Feedback from employees and managers on the benefits of initiatives implemented
Program evaluation: Training results
Health metrics: Results related to health promotion, such as reduced number of days of sick leave or increased engagement in health initiatives.

186
187

Sr-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities

1. Equal treatment and equal opportunities for all employees

At the moment, Span Group does not disclose the target for this identified negative impact because it is still working on defining operational classes and criteria for evaluation of workplaces within the organization. The main reason is the upcoming EU Pay Transparency Directive, which is why it is important to align the reward system and KPIs with new regulatory requirements. The target and the corresponding KPIs will be established after the implementation of the system for workplace classification, which is planned to be over by the end of 2026.

On the other hand, Span Group established a measurable and time-limited target aimed at maintaining or increasing the employee engagement in the area of fairness, equal opportunities and inclusivity, as a response to the identified opportunity related to organizational culture, human rights and long-term talent retention.

Target:

Maintain or increase the level of positive responses of employees in relation to fairness, equal opportunities and inclusivity to at least 80% by December 2026.

The target refers to the Span Group and covers all employees, including subsidiaries, regardless of geographical location or organizational structure. The objective is monitored through regular annual Organizational Climate Survey, which includes specifically defined parts.

Effectiveness of actions and progress towards the target are monitored through a KPI:

Indicator of employee engagement in the area of fairness, equal opportunities and inclusivity, expresses as the percentage of employees that responded positively to relevant questions in the annual Organizational Climate Survey (total result of inclusion indicators) – Baseline for inclusivity in 2025 amounted to 83.9%, representing the baseline for monitoring further progress.

This KPI enables monitoring of employee perception of fairness and inclusivity of the work environment and the efficiency of actions taken, including strengthening the competencies of the management in the area of inclusive leadership, development of diversity and inclusion policies, adaptation of organizational climate surveys for measurement of inclusion and conducting training in the area of human rights and ESG standards. At the moment, no formal intermediate target values are defined, and the progress towards the target is monitored annually, through Organizational Climate Survey results. The target is defined as medium-term, and continuous maintenance or slight increase of results in relation to baseline is assumed. The target was defined through an internal process that involved the Management Board, the ESG and HR departments, while using the results of the Organizational Climate Survey as a key input data. Activities that support the achievement of this objective were identified through cooperation of relevant stakeholders, ensuring alignment of strategic guidelines, organizational culture and operational practices.

Organizational climate survey is conducted combining quantitative and qualitative methods, in order to obtain a comprehensive view of employee experience. The survey includes structured questions with Likert scale for satisfaction measurement, as well as open questions for providing additional comments.

Collected data is analyzed statistically and by topics, and the results are compared with previous cycles and internal goals in order to identify opportunities for improvement.

2. Career development and talent retention

Span Group defined a measurable and time-limited target aimed at fostering internal mobility and career development of employees, thus responding to identified opportunities related to development of human capital, employee retention and strengthening the long-term organizational resilience. The target contributes to the management of opportunities related to continuous development of competencies, knowledge transfer within the organization and reducing dependency on external recruitment.

Target:

Continuously ensure a minimum annual ratio of internal career moves (Next Career Moves) of 15% with respect to average number of employees.

The target refers to the Span Group and covers all employee, regardless of organizational unit or geographical location. Internal career moves include changes of positions within the organization, advancement and horizontal transfers that enable employee development within Span Group.

Effectiveness of actions and progress towards the target are monitored through a KPI:

The ratio of internal career moves (Next Career Moves) with respect to average number of employees on an annual basis, expressed as a percentage.

At this moment, no formal intermediate target values are defined, and the progress towards the target is monitored annually. The target is defined as medium-term, and is aligned with development priorities of Span Group in the area of human resources management. The target was established through an internal process that involved the Management Board, the ESG and HR departments, while using the available data on employee movements and strategic goals of competencies development. Alignment of the target with business strategy, policies of human resources management and the ESRS requirements in the area of social factors was thereby ensured.

KPI calculation methodology is based on the proportion of employees who, in the reporting period, changed their position within the organization with respect to average number of employees in the same period. KPI enables monitoring the performance, career management practices, internal talent development and succession planning. The baseline is currently based on indicative data for the 2023 – 2025 period, serving as a guiding basis for future monitoring and improvement of data quality. Further standardization and specifying of monitoring methodology is planned for this year.

3. Employee well-being and work-life balance

Span Group established a measurable and time-limited target aimed at the improvement of employee well-being and work-life balance, thus responding to the identified material negative impact related to extended working hours, overtime, stress and burden of employees. This target also contributes to the management of risks related to reduced employee satisfaction, lower productivity and increased turnover.

Target:

Increase the level of positive responses of employees related to work-life balance, well-being and stress at work from 67.8% in 2025, to at least 70% by the end of 2026.

The target refers to the Span Group and covers all employees, including employees doing shift and night work, regardless of organizational unit or geographical location.

188
189

A particular focus was paid to roles in which extended working hours and overtime are more common due to nature of business.

Effectiveness of actions and progress towards the target are monitored through a KPI:

Employee perception of work-life balance, well-being and stress levels at work, expressed as the percentage of employees that responded positively to relevant questions in the annual Organizational Climate Survey (Employee Wellbeing and Energy at Work section – Health, combined result).

The baseline for monitoring the progress amounts to 67.8% and is based on the results of the Organizational Climate Survey conducted in 2025.

This KPI enables monitoring of employee perception of the impact of working conditions on their well-being and energy at work, and the effectiveness of actions aimed at managing the workload, organization of work and stress prevention. Negative impacts of extended working hours and overtime, especially in employees doing shift and night work, may cause fatigue, disrupt the work-life balance and reduce satisfaction with work, which is why this area is approached as an important factor of long-term sustainability of workforce.

At the moment, no formal intermediate target values are defined, and the progress towards the target is monitored continuously, through annual Organizational Climate Survey cycles. The target is defined as short- to medium-term, and gradual improvement is expected through the improvement of organization of work, more careful management of the workload and capacity and recruitment planning.

The target was defined through an internal process that involved the Management Board, the ESG and HR departments, while analyzing the results of the Organizational Climate Survey and identified risks for employee well-being. Obtained results serve as the basis for planning further actions aimed at reinforcing the healthy, sustainable and encouraging work environment within the Span Group.

4. Change management and employee adaptability – Company specific

Span Group recognizes challenges of working in the fast and ever-changing IT industry, including mergers, acquisitions and expansion to new offices abroad. Such changes may cause employee resistance, increase the risk of talent loss, damage the reputation and negatively impact the business results. In order to mitigate these risks, efficient change management and proactive employee engagement are crucial.

Target:

Maintain and continuously strengthen capabilities of management in leading organizational changes, ensuring an average score from the 360 survey of at least 4.00 by the end of 2026 when it comes to Change Management competency.

The target refers to all the Span Group managers and includes all management levels, regardless of location or function. Monitoring of the target is conducted through a regular 360 evaluation of management competencies, with a particular focus on Change Management competency.

Effectiveness of actions and progress towards the target are monitored through a KPI:

Average 360 score of the Change Management competency is expressed as the average of all scores obtained through 360 management evaluation. Since the 360 evaluation was carried out in this form for the first time in 2024, the average score achieved of 4.26 serves as a guiding basis for future monitoring.

This KPI enables monitoring the efficiency of actions taken, including training and workshops in the area of change management, and strengthening the ability of managers to proactively and efficiently lead teams through changes, reducing resistance, increasing engagement and ensuring business stability.

At this moment, no formal intermediate target values are defined, and the progress is monitored annually using the results of 360 evaluation. The target is defined as medium-term, and continuous maintenance or slight improvement of results in relation to baseline is assumed.

The target was defined through an internal process that involved the Management Board and the HR Department, while using the results of previous 360 evaluations as a key input data. Activities that support the achievement of this objective were defined through cooperation of relevant stakeholders, ensuring alignment of strategic guidelines, organizational culture and operational practices.

5. Personal data protection – employees

The protection of security and privacy of personal data of employees is identified as a material negative impact within the management of impacts, risks and opportunities. Given that the policies, due diligence processes, control mechanisms and measurable objectives for the management of this impact are aligned with those that apply to end users, a comprehensive overview of the approach to management can be found in chapter 54.

S1-6 - Characteristics of the Span Group employees

2025

Male

640

Female

287

Other*

Not reported

Total Employees

927

Gender as specified by the employees themselves

Cross-referencing of the information mentioned above to the most representative number in the financial statements

Country

Reference ID

Staff Costs

Number of

employees

Croatia

826

In 2025, there were 145 departures from the Span Group, and employee turnover rate was 16.29%. Calculated as the ratio of the number of departures and the average number of employees in 2025. Average number of employees is calculated as the arithmetic mean of the number of employees at the beginning and at the

end of reporting year. In 2024, employee turnover rate was 14.44%.

Employee turnover rate in 2025 is a reflection of larger-scale trends in the IT industry and continued adjustment to evolving market conditions. Macroeconomic factors, actions aimed at increasing operational efficiency

2025

Span	Croatia	Ukraine	Slovenia	Kazakhstan	Estonia	Greece	Azerbaijan	USA	Czechia	Moldova	Georgia
Number of employees (head count)	826	39	27	11	9	8	3	1	1	1	1
Number of permanent employees (head count)	822	39	27		9	8	3	1	1	1
Number of temporary employees (head count)	4			11							1
Number of non-guaranteed hours employees (head count)

2025

Span	Male	Female	Total
Number of employees (head count)	640	287	927
Number of permanent employees (head count)	629	282	911
Number of temporary employees (head count)	11	5	16
Number of non-guaranteed hours employees (head count)	0	0	0

Gender as specified by the employees themselves

and rationalizing expenses, and fast changes in competencies required and organizational priorities influenced those developments. Despite these challenges, total number of employees remained stable thanks to targeted employment of profiles aligned with the strategic direction of the Company and a focused development of key skills.

All the information regarding the number of employees and employee breakdown was obtained from internal databases. In order to reach the presented information, we did not include estimations.

192

S1-9 - Diversity metrics

Senior management consists of the members of the Management Board, senior directors and directors

Male 30
Female 6
16.7%
Other* 0%
* Gender as specified by the employees themselves

Age group
Under 50 years 0%
Between 50 and 50 years 26
51.2%
Over 50 years 10
27.8%

S1-16 - Remuneration metrics (pay gap and total remuneration)

The unadjusted gender pay gap in Group is 14.95% (2024: 14.25%).

As part of the analysis of the employee structure and their average earnings, a gap of 14.95% was recorded, and it was primarily the result of the structural distribution by function, the level of seniority in critical technical positions, and the market value of specific positions.

The Group predominantly has highly specialized engineering positions (e.g. software engineers, system architects), which are highly competitive in the labor market, and where currently the majority of employees with extensive experience are men. Therefore, this gap is a reflection of the workforce composition and market valuation of the highest expert levels, while within the same levels of responsibility the principle of equal pay for work of equal value is consistently applied.

Excessive CEO pay ratio is 5.78 (2024: 5.20). The total compensation ratio for the reporting

period is 5.78, which means that the total annual compensation of the highest-paid employee, including base salary, bonuses, allowances, benefits in kind, and other forms of remuneration, is 5.78 times greater than the medial compensation of other employees within the organization.

This ratio indicates a moderate difference between the compensation of the highest-paid employee and the medial compensation of employees in the organization. The ratio of 5.78 reflects the practice of rewarding key management with competitive compensation packages, aiming to attract and retain highly qualified leaders while maintaining balance and fairness in the distribution of compensation among a broader range of employees.

The total compensation ratio also demonstrates the organization's responsibility in structuring the compensation system, taking into account industry standards and best practices. This ratio is in line with the organization's policy based on transparency and fairness, ensuring competitiveness in relation to the labor market.

S1-17 - Incidents, complaints and severe human rights impacts

In 2025, the Company recorded one case of confirmed violation of employee dignity. The violation was confirmed by the Commissioner

for the protection of employees, and upon receiving the complaint, the Company immediately acted in accordance with applicable provisions and internal acts.

No irregularities in the organization of work, implementation of internal procedures or conduct of the Company as employer were identified in the procedure. The Company took every action provided by the law or internal rules in order to remediate the consequences and prevent similar situations to occur again.

Activities included the assessment of circumstances of that specific case, implementation of appropriate corrective measures and monitoring the performance to further ensure consistent respect of rights and dignity of all employees.

Except the said case, throughout the year no other complaint related to harassment, discrimination or other violation of human rights of employees was received or confirmed, nor were there fines imposed. The Company continuously monitors the respect of employee rights and conducts internal activities and procedures to ensure a consistent application of applicable provisions and internal acts.

193

194
195

S3 – Community – Company-specific

In the process of DMA, Span Group identified no negative impacts, risks or opportunities for affected communities with particular characteristics, nor did it identify risks that could lead to adverse effects. Communities in the business locations of the Group are not exposed to material negative impacts because the Group operates primarily in the digital environment, without physical production activity. However, it identified a material positive impact through cooperation with educational institutions and non-profit organizations.

Our engagement in the educational sector naturally derives from strategic orientation and business model. As a company specializing in infrastructure services, cloud solutions, cyber security, technical support and software development, we aspire to pass our knowledge and experience on future experts. Our employees regularly take part in lectures, workshops and coaching programs, sharing their expertise in key technological areas, including infrastructure, service management, cloud technology, cyber security and software development, thereby enhancing the digital competences of the community.

Apart from that, Span supports non-profit organizations with application development in order to facilitate their business, using technologies such as Microsoft Power Platform. In addition, we ensure support during licenses activation, creating user accounts, data migration and user training regarding the basic use of Office 365 services, enabling them to be more efficient in managing day-to-day business. We thereby contribute to the improved efficiency of those companies, and we support the local community in their work.

By integrating education goals and local community in the ESG strategy, Span ensures the alignment of positive impact with business strategy and the social contribution to be observed as a part of sustainable growth, not separate activity.

The Group did not adopt special policies for affected communities because it is not necessary, given the nature of business and non-existence of negatively affected communities.

In 2025, we defined actions to implement in order to continue achieving the positive impact stated:

Formal education – Visiting lectures and knowledge transfer
Professional community and IT conferences
Employer branding and career events
Volunteering, coaching and panels.

Formal education – Visiting lectures and knowledge transfer

Action includes activities of visiting lectures and professional training carried out by our experts in cooperation with educational institutions, and it refers exclusively to Span d.d.

Activities are carried out at the following levels:

Faculty of Economics & Business in Zagreb – as part of the course Electronic Business in Private and Public Sector, our colleague from the Risk Management team gives visiting lectures on fundamentals of law, data protection and information security, with a particular focus on regulatory requirements such as NIS2 Directive and GDPR, with examples from the business practice.
Technical High School in Zagreb – continuing our long-term cooperation through technical lectures, with a view to getting the students acquainted with modern technologies, cyber security and practical aspects of work in the IT.

Action is implemented continuously, depending on the needs of educational institutions and availability of experts, and it covers geographical locations where collaborations are actualized.

Expected outcomes of the action include strengthening the social capital, transfer of practical knowledge from actual business environment, increase of the level of awareness of information security, data protection and regulatory compliance, and a positive contribution to the local and professional community.

Professional community and IT conferences

Action includes participating in professional IT conferences and industry events, as well as the cooperation with the academic community, whereby our experts share their knowledge and practical experience and continuously improve own competencies at the same time. Action refers to own operations and operations of Span Group and it is implemented as part of regular business activities, with a focus on the Company, which carried out these activities the most, while other subsidiaries are currently primarily oriented towards market positioning and business development.

Activities within this action include participation in and contribution to the following professional events:

RiComp – “The Development of Efficient Referral Systems” lecture, that was held by our machine learning engineer, with a focus on the implementation of machine learning in actual business scenarios.
Data Saturday – “The Implementation of Power BI CI/CD via Azure DevOps” lecture, that was held by our data engineer, with a view to transferring practical knowledge in the area of analytics and automation.
croBA2025 – “The Analyst as a Bridge lecture: Connecting People, Ideas, and Disciplines”, organized by the business analyst team, aimed at the development of interdisciplinary cooperation and business impact of analyst roles.
Mediterranean Machine Learning Summer School (M2L) – participation of our experts in advanced lectures and workshops in the area of artificial intelligence, while presenting Span’s ML/AI projects and actively networking with academic researchers and industry experts.

Action is implemented continuously throughout the year, depending on relevant professional events and business needs.

Expected outcomes of the action include development of professional and technical competencies of employees, increase of visibility and reputation of the Span Group in the professional community, contribution to development of the IT ecosystem and strengthening innovation potential through knowledge and experience exchange.

Effectiveness of actions and initiatives implemented is monitored through ongoing cooperation and quality relationships that we cultivate with representatives and organizers of professional conferences. Feedback and repeated invitations to participate in workshops and professional events are a key indicator of relevance, recognized expertise of our employees and a real contribution to the community.

Employer branding and career events

Action includes participating in career events, open days and lectures, where our employees pass on practical knowledge and experience, while students get an insight into actual business processes and competencies needed for the labor market. Action is implemented as part of regular business activities of the Span Group and refers to own operations at specific locations.

Activities within this action include:

Career Days: University of Applied Sciences in Velika Gorica, FOI Career Compass, Job Fair Rijeka (RITEH), FER Job Fair, Meet the Mathematicians 2025, including presentations and the possibility of individual guidance.
Open Day – Service Desk: a practical insight into work of customer support, including resolving tickets, monitoring system, technologies and processes, with organized career speed dating.

Action is implemented continuously and it is adjusted depending on the calendar of educational events and business needs. By participating in these activities, students and young experts gain practical skills, while employees of the Span Group develop competencies related to knowledge sharing and coaching.

Expected outcomes of the action include increased recognizability of Span among students and young experts, linking theoretical knowledge to practical experience in the IT industry, creating a network of future experts and potential employees and improving knowledge transfer between educational institutions and the industry.

Volunteering, coaching and panels

Action includes participating in coaching, panels and panel discussions, where our employees pass on practical knowledge and experience, while students and young professionals get an insight into actual business processes, develop competencies needed for the labor market and foster innovation. Action is implemented as part of regular business activities of the Span Group and refers to own operations at specific locations.

Activities within this action include:

"Idea of the Year 2025" (srednja.hr): participation of the Service Desk employees as panelists and coaching young innovators
ESG Academy of the Croatian Chamber of Commerce: participating in the "Workforce Challenges" panel
National Volunteering Conference (Croatian Volunteer Development Centre): "Volunteering in the Digital Age" panel
Career Days: lectures and coaching at the University of Applied Sciences in Virovitica, and Algebra.

Action is implemented continuously and it is adjusted depending on the calendar of events and business needs. By participating in these activities, students and young experts gain practical skills, while employees of the Span Group develop competencies related to knowledge sharing and coaching. Expected outcomes of the action include increased recognizability of the Span Group among students and young expert, development of a network of young innovators and future experts, linking theoretical knowledge to practical experience and improving knowledge transfer and innovation between educational institution and the industry.

For the implementation of these key actions regular operational resources are assigned, and they do not represent a significant amount with respect to total expenses of the enterprise and are not material in the context of financial statements.

For the purpose of management of this material positive impact, in 2025 Span established a measurable and time-limited target to ensure systematic and continuous cooperation with relevant educational institutions. This approach supports the long-term development of digitally capable society and strengthening Span's position as a reliable partner of the education system.

Target:

On an annual basis, continue at least five active and relevant partnerships with key educational institutions (Faculty of Electrical Engineering and Computing, University of Zagreb; Faculty of Organization and Informatics, University of Zagreb; the University of Applied Sciences in Zagreb; Faculty of Electrical Engineering, Computer Science and Information Technology, Josip Juraj Strossmayer University of Osijek; Faculty of Engineering in Rijeka).

The target applies to own activities of Span and covers the cooperation with educational institutions across all locations in which Span d.d. operates. The baseline was established for 2025, in which year the objective is already achieved through at least five active partnerships with educational institutions.

Relevant internal stakeholders, including Span's Management Board, HR and ESG departments and expert teams that participate in educational, coaching and lecturing activities are involved in determining the target.

The target is defined taking into account the needs of educational institutions, student interest and strategic goals of the business, thereby ensuring its relevance and sustainability. Effectiveness of achievement of the objective is monitored through a KPI:

Number of partnerships established and retained with key educational institutions annually.

Calculation methodology is based on an internal record of active collaborations and partnerships with educational institutions. KPI is monitored annually and it is used to monitor cooperation continuity, identify opportunities for further expansion of partnerships and to assess the total contribution of Span to the development of local and wider social community.

198
199

S4 - Consumers and end users

S4-1 - Policies related to consumers and end users

Transparency of business processes and correlation with individual's rights are ensured through a system of rights and obligations related to the protection of (personal) data and privacy of users, which are defined by available acts, including Privacy Policy, Code of Business Conduct and User Personal Data Processing Rules. Mentioned acts serve as the basis of ensuring compliance with the General Data Protection Regulation, and they clearly define methods of collection, processing, protection and management of user data.

In order to ensure the best possible data management, Span adopted internal policies and procedures that further elaborate on the processing of the personal data of subjects.

General objectives of the policy:

ensure protection of privacy and security of user personal data
align business activities with GDPR requirements and the requirements of other relevant laws
encourage users to trust our services through transparent data management.

We are aware of the fact that GDPR incompliance may result not only in the invasion of user privacy, but also in financial losses and loss of trust in Span. Therefore, the implementation of policy is monitored by responsible persons who conduct periodic audits, risk assessments, and monitor the compliance with standards and requirements in force. This applies to all business activities that include collecting, processing and storing user personal data (whether own employees or users), and it encompasses all the value chain levels and geographic regions in which Span operates. There are no exemptions in

the policy, it applies to all users and stakeholders equally. The Management Board has the highest level of responsibility for the implementation of policy. Data Protection Officer (DPO) is also appointed, ensuring GDPR compliance and supervising the implementation of policy. The policy is in compliance with the General Data Protection Regulation and other relevant regulatory requirements. In addition, it is based on the best industry practices and information security standards, including ISO 27001.

The interests of users are taken into account through:

Transparency: Clear communication about the modes of collecting, processing and protecting data in the Privacy Policy available on our website.

Rights of users: We enable users to exercise rights such as access, rectification, erasure and restriction of processing of their data.

Feedback: To our users we offer the opportunity of direct communication concerning enquiries or complaints, according to the procedure of handling of requests.

Privacy Policy is made publicly available to all users on our website. We thus ensure transparency and user awareness in terms of way we collect and process, but also protect their data. Data protection is not particularly aimed at specific groups of users, and it is applied universally to all persons whose personal data is processed in the context of Span's business activities. This is because our goal is to ensure equally high level of privacy protection and data security for all users, regardless of their characteristics or specific needs.

In particular, users are provided with clearly defined legal protection, including right to access, rectification, erasure, restriction of processing, portability and objection to the processing of personal data, as well as right

to withdraw consent. Requests related to exercising these rights may be submitted free of charge, and the Company undertakes to respond to them within the prescribed legal deadlines. In case of justifiable need, response deadline may be extended, with timely notification of the person who submitted the request. The Company regularly communicates procedures and contact points for exercising the rights, ensuring that employees, users and other stakeholders are informed of their rights and mechanisms of remedy, thus strengthening the trust, transparency and responsibility in the protection of personal data and human rights as a whole.

Policies related to users are mostly in compliance with internationally recognized standards that are particularly related to users, including the UN Guiding Principles on Business and Human Rights. Span does not have a due diligence system established when it comes to respect for the human rights in relation to users. There were no reported cases of non-respect of the UN Guiding Principles on Business and Human Rights, the ILO Declaration on Fundamental Principles and Rights at Work, or the OECD Guidelines for Multinational Enterprises that include users.

S4-2 - Processes for engaging with consumers and end users about impacts

At Span Group, different channels of communication and engagement with users already exist in the context of our Customer support service, appointing responsible persons for the performance of contracts, Data Protection Officer, as well as the Compliance Officer. Depending on the type of relationship, these departments communicate with users in order to provide information, respond to enquiries and process their requests. Also, we regularly evaluate user satisfaction by means of surveys in the IT services management system, and after the project completion

as well. The process of handling user complaints is clearly defined in our Complaint Management Procedure. Results of the user satisfaction analysis are discussed at monthly meeting of the management, and yearly at the Management Report. Also, there is a basic process for engaging with users, which includes direct communication via telephone, e-mail, and online channels (website and social media platforms).

In case situations that may impact the workforce occur (e.g. if user data is likely to impact employee security or business processes), we conduct internal consultations with relevant teams, including the Legal Department, Data Protection Officer and IT departments, in order to ensure timely addressing of all potential negative impacts.

Basic interactions with users occur in the process of license selling, management of IT services of users, and project activities at the level of IT infrastructure of users, and in all those aspects we monitor the security of data privacy. Cooperation with users and relevant stakeholders takes place in accordance with ISO 27001, which ensures comprehensive measures of data protection and safe product development. Director of the relevant business unit is responsible for assessing the relevance of the information and for integrating the information into security measures, in cooperation with security and compliance teams. Effectiveness of the engagement is evaluated by analysing the complaints and through user satisfaction surveys.

S4-3 - Processes to remediate negative impacts and channels for consumers and end users to raise concerns

We defined the Complaint Management Procedure, which describes the process of handling user complaints. This procedure ensures

that all complaints are carefully considered and handled in accordance with our internal policies and relevant legislation. Each complaint must be registered and processed, by means of communicating the reason for dissatisfaction to the user representative and attempting to correct the mistake or misunderstanding.

Within the anti-bribery management system, we established a Violation or suspected violation reporting procedure, which enables employees, partners, users and other relevant stakeholders to anonymously raise concerns in relation to any occurrence or conduct they consider irregular. Depending on the type of irregularity, users can submit their complaint to the Compliance Officer, Data Protection Officer and Span's Legal Department (whose e-mail addresses are available on the website). The Reporting Committee, which consists of the Compliance Officer and the directors of the Legal and Quality departments of Span, is responsible for receiving and further processing of all anonymously reported cases. We thereby guarantee transparency and responsibility in handling reported cases. We have not yet been able to assess the effectiveness of the legal remedy introduced, and we did not assess the user awareness of these processes. More about this can be found in the topical part: Governance information, G1-1.

Span respects the rights of users to legal protection, and it established mechanisms that users may utilize to report their concerns or irregularities observed, in order to ensure and facilitate the right to a remedy.

In case an employee is exposed to any type of discrimination, harassment or sexual harassment, Span also appointed commissioners for the protection of employee dignity. Those commissioners are authorized to receive and handle complaints related to the protection of employee dignity in accordance with the Rulebook on procedures and measures for

the protection of employee dignity, which is available to all employees on Span's Intranet. Employees may address all complaints, notifications, questions, requests and other findings that fall under the scope of responsibility of the commissioners for the protection of employee dignity:

a. via e-mail on: povjerenici.spangrupa@ jelavicipartneri.com
b. in writing to the address of the commissioner: Odvjetničko društvo Jelavič & partneri j.t.d., Palmotičeva 70, 10000 Zagreb.

S4-4 - Taking action on material impacts on consumers and end users, and approaches to managing material risks and pursuing material opportunities related to consumers and end users, and effectiveness of those actions

Span implements technical and organizational measures in order to ensure the highest possible degree of data protection. Measures applied vary from technical protection measures, such as access limitation to certain spaces, supervising access to spaces, use of firewall and technical solutions that prevent data leakage, to organizational measures, such as implementation of ISO 27001 and ISO 22201 standards, adopting rules on data protection, procedures related to handling cases of requests or incidents, and training and raising awareness of employees in terms of data protection.

Span enabled the subjects to submit requests in relation to the protection and exercise of their rights by way of information available on Span's website or by contacting the Data Protection Officer via e-mail. Additional measures were not identified as necessary

at the moment. Obligations defined by the GDPR and related acts that represent the minimum in terms of obligations are not stated, because their establishment and maintenance are considered conditio sine qua non when it comes to respecting the GDPR.

At the level of Span, we defined actions that we use to monitor the GDPR compliance, which are based on the following:

Training of new employees by way of onboarding processes, whereby they are provided with basic training related to data processing. Each new employee undergoes training that is recorded in Span's LMS system. In addition, Span conducts annual informative training by means of presentations, videos etc. for existing employees through its internal communication channels such as Teams, Viva Engage and LMS system. There is no deadline for this action, and it is continuously renewed.

When it comes to organizational units in which we identified an increased need for training in terms of personal data processing, apart from regular training, additional specific cyclical training is planned (every 2 years) in order to ensure that they are familiar with particularities of data processing in their areas (e.g. human resources, accounting, marketing). Development of materials for specific training was carried out in Q4 2025, and first trainings will be held in Q1 2026.

As a third action, we took into account the ongoing maintenance of the ISO 27001 certificate and constant investments in technical and organizational measures within this certificate. Here as well, there is no deadline, but constant maintenance is expected. Responsible persons for the implementation of actions are DPO, Governance, Risk & Compliance Department, and CISO.

In addition, we monitor the effectiveness of our policies and actions related to the protection of privacy and data security using

monitoring and reporting processes. These processes include monitoring of the GDPR compliance by way of legal and security teams. We monitor relevant metrics that helps us in the assessment of effectiveness of actions and policies. Progress is assessed on the basis of internal and external evaluations, with a particular focus on achieving high standards of data protection. Quantitative metrics includes number of user complaints, time needed to handle complaints and the percentage of successfully handled complaints. In addition to that, we measure progress using quantitative metrics such as number of successfully conducted audits and the percentage of employees that received training on the topic of data protection. Reference period for monitoring progress covers a calendar year, and the results are analyzed and presented to the Management Board. Based on those metrics and results of regular reports, we are able to evaluate the effectiveness of the implementation of our policies in relation to the GDPR compliance.

The process by which we determine actions that are needed and appropriate in response to a particular actual or potential negative impact on users is based on the risk analysis and the evaluation of existing policies and procedures. Teams from the Legal Department and Customer support and data protection service took part in this process, and they evaluate potential negative impacts of our services and products on users, including the violation of data privacy.

We have taken the steps to enable remedy in case of material negative impacts on users. We ensured users have access to clear information on their rights in relation to remedy through our privacy policies and complaints procedure. Complaints are handled within a legal deadline, and updated reports about the status of their cases are sent to users. We haven't had the opportunity to evaluate the results of securing remedy for those affected, and so far there

200
201

have been no serious incidents and cases related to human rights of our users.

The Legal Department, in cooperation with the Data Protection Officer ensures that provisions regulating the processing of personal data according to the GDPR are included in all the contracts with users. We also sign separate Data Processing Agreements, whose content is in compliance with the GDPR in all legal relationships as applicable.

S4-5 – Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities

Maintaining a constant compliance with the obligations established by the General Data Protection Regulation and data protection acts

This objective is supported through a combination of mandatory training, implementation of internal policies and continuous supervision, with a particular focus on processes exposed to increased risk. Key internal stakeholders were involved in determining the target: CISO, Governance, Risk & Compliance Department, and DPO, thus ensuring the compliance of objectives with relevant provisions, internal policies and operational needs. Targets are measurable, time-limited and aimed at the outcome, and they are directly related to the objectives of GDPR compliance. They apply to all activities of Span. The progress towards the set objectives will be monitored annually, through analysis of KPI results, and the results are examined regularly by the competent management and compliance functions.

The effectiveness of actions related to compliance is monitored through two KPIs.

KPI	Target	Unit	Baseline	Deadline
KPI 1 – Percentage of new employees completing onboarding	100% of newly hired employees completing onboarding	Percentage	100%	Continuous
KPI 2 – Percentage of employees working in high risk departments completing specific training every 2 years	100% of employees in high risk departments completing the training every second year	Percentage	100%	Every two years per department from 2020
KPI 3 – Maintenance of ISO 27001 standard and technical-organizational measures	100%	Percentage	100%	Continuous

Actions for KPI 1 and 2 are monitored through Teams lists of presence, Learning Management System implemented at Span, and DPO archive. In addition, Span carries out annual trainings for all employees at the level of the Company.

Actions for KPI 3 are monitored through regular annual internal audits of the system, and regular certificate renewal and audit by the independent third party.

204
205

6.4. Governance information (G1)

Number of reported cases of corruption and bribery

Percentage of late payments to SMEs

G1-1 - Corporate culture and business conduct policies

Our corporate culture is based on the principles of cooperation, professionalism, ethical conduct, responsibility and transparency. We actively foster open communication, we promote employee improvement and ensure the availability of mechanisms for reporting unethical conduct. Internal code of conduct and business policies are regularly updated and adjusted to the regulatory requirements and best industry practices.

Identified material impacts, risks and opportunities related to governance:

Impact of the management of relationships with suppliers, including payment practices: The Company maintains positive relationships with suppliers through open communication

and cooperation, including the expansion of product/service range of suppliers, improving the quality of services and regular payment of services. Also, if the Group does not take into account social and environmental criteria in its supplier selection, it might be interpreted as supporting unsustainable and unethical practices, which can negatively impact the environment and society and threaten the long-term sustainability of business.

Impact of corruption and bribery: Lack of efficient measures to prevent and detect corruption and bribery can result in unethical conduct within the Group, it can threaten the working culture and create an unfair working environment for employees.
Opportunity related to the increased demand for cyber security solutions: Span Group identified this opportunity because the demand

paves the way for the offer of innovative solutions and a potential opportunity for returns on investments.

Span Group is committed to maintaining high standards of business conduct and fostering a positive corporate culture. In this context, we developed policies that guide our operations in the key aspects of business conduct, including management of relationships with suppliers and prevention and detection of corruption and bribery.

Code of Business Conduct: Code of Business Conduct defines the standards of conduct we expect from all employees, as well as business partners and shareholders. The Code covers topics such as decency, integrity, respect and responsibility.

Anti-corruption and anti-bribery policy: The Company has rigorous policies in place for the prevention and detection of corruption and bribery. These policies include procedures for reporting suspicious activity, measures for the protection of whistleblowers, policy of managing conflict of interest, and gift giving and receiving rules.

Data protection policy: Data protection policy of the Company ensures a unified approach when it comes to the processing of personal data in accordance with the relevant laws.

Reports of suspicions or violations of internal rules of conduct can be submitted in several ways, depending on the situation and the preferences of the person submitting the report. The report can be verbally addressed to the superior. If such a method is not possible for any reason, the report can be sent by e-mail to [email protected] or anonymously via the online form available on our website, within the Procedure for Reporting Suspicion or Violation. Received reports are reviewed by a committee consisting of the Compliance Officer and the directors of the Legal and Quality departments.

In cases where employees or third parties, such as customers, wish to submit a report outside of the mentioned channels, they can do so via any of our official contact details, either by phone call to Span's phone number: +385 1 6690 240, or by sending a letter to Span d.d., attn: Compliance Officer, Koturaška cesta 47, 10 000 Zagreb, with a clear note "DO NOT OPEN".

When it comes to reports related to violations of employees' dignity, reports are directly addressed to the Commissioner for the protection of employee dignity at the e-mail address: [email protected].

Except for the Code, Policy and Reporting procedure mentioned, we also developed:

1) Gift giving and receiving procedure
2) Whistleblower protection procedure (described in detail in the topical part S1-1).

During onboarding, all employees are obliged to watch a presentation about our Code of Business Conduct and pass a short test on our Learning Management System (LMS). This is our standard onboarding process for new employees, a responsibility of our Human Resources Department.

Also, the results are presented to the Management and Supervisory Board once a year, and they relate to all eight ISO systems implemented in Span, with a particular focus on ISO 37001, since the obligation of such reporting is a mandatory requirement of the standard concerned.

G1-3 - Prevention and detection of corruption and bribery

Our Anti-bribery management system (ABMS) in accordance with ISO 37001 was certified in 2022. Within this system, we created a Procedure for Reporting Suspicion or Violation, defining the ways in which one can report a violation or suspected violation of internal code of conduct (valid

for internal and external users). Internal code of conduct is defined in our Code of Business Conduct, which refers to other procedures we defined within ABMS, and our Anti-corruption policy is available on our website.

Investigating committee for the prevention of irregularities is represented by the independent representative of the Management Board and the Director of Legal Department, and we consider them separate from the chain of management. Once a year, the Management Report is drawn up, consisting of the outcomes of internal and external monitoring related to ABMS, and it is presented to the Management and Supervisory Board. All our policies and procedures related to anti-corruption are based on the fundamental principles of the United Nations Convention against Corruption, and they respect those principles.

At our regular Management Academies, where we prepare potential employees for managing positions, we also conduct an anti-corruption and anti-bribery training program (Anti-corruption at Span), carried out by the representative of the Management Board for countering bribery. Functions-at-risk covered by the training program include the members of the Management Board, and all employees of the Departments of Finance, Accounting, Controlling, Sales and the Legal Department of the Company. Finally, we cooperate closely with Microsoft, whose Partner Code of Conduct is very similar to ours, and members of the Management Board and the Sales Department have already undergone the training on that code a couple of times, and they passed an extensive test after the training.

By way of contractual clauses, Span obliges primarily its suppliers, but the customers as well, to respect all the relevant regulations in the area of anti-corruption and money laundering, and the Span Code of Business

Conduct. A breach of said contractual clauses, as well as an infringement results in the termination of the contract and a right to compensation.

The Anti-corruption policy and the Code of Business Conduct are available on Span's website in six languages for our external stakeholders, and there is also basic information about our commitment for a successful functioning of all our management systems, our anti-bribery management system included.

Span has not been convicted, nor have there been fines imposed on Span for violation of anti-corruption and anti-bribery laws. In addition, there have been no actions taken to address breaches in procedures and standards of anti-corruption and anti-bribery, since there have been no breaches.

In order to maintain a high level of business integrity and continue preventing or detecting corruption and bribery, at the end of 2025, Span defined an objective:

Culture of zero tolerance for corruption and bribery through mandatory training and implementation of policy.

This objective is supported through a combination of mandatory training, implementation of internal policies and continuous supervision, with a particular focus on processes exposed to increased risk. Key internal stakeholders were involved in determining the target: The Management Board, Quality Director, Anti-Bribery Compliance Officer and the Legal Department, thus ensuring the compliance of objectives with relevant provisions, internal policies and operational needs. Targets are measurable, time-limited and aimed at the outcome, and they are directly related to the objectives of policy of zero tolerance for corruption and bribery. They apply to all activities of Span, regardless of geographical location. The progress towards the set objectives will

KPI	Target	Unit	Baseline	Deadline
KPI 1 - Reported cases of corruption and bribery	0 reported cases per year	Number of cases	0 ([2022)	Continuous
KPI 2 - Completion of training for high risk functions	100% of employees in high risk functions complete the training annually	%	To be defined in 2028 when the training is developed	Continuously (from 2028 onward)

be monitored annually, through analysis of KPI results, and the results are examined regularly by the competent management and compliance functions.

The effectiveness of actions for the prevention and detection of corruption and bribery is monitored through two KPIs as shown in the table:

First indicator refers to the percentage of reported cases of corruption and bribery, whereby the target is the maintenance of zero level of reported cases. This indicator is monitored continuously, based on internal systems for reporting irregularities and mechanisms for monitoring the compliance, and the baseline was determined for the reference year 2022. The second indicator refers to the rate of completion of mandatory training in the area of anti-corruption and prevention of bribery for employees working in the higher risk business areas, with a view to achieving a 100% rate of such employees who completed the mandatory training annually. For the purpose of establishing such special training, the baseline for this indicator is determined from 2026.

At the end of 2025, key actions that Span plans to implement in order to achieve the objective were confirmed:

Development of mandatory training for employees involved in high-risk business activities
Ongoing campaign to raise awareness of policies
Maintenance of a confidential complaints mechanism for reporting unethical conduct.

Development of mandatory training for employees involved in high-risk business activities

In accordance with the Workplace Evaluation and Risk Analysis, Span identified job positions with medium or high level of risk of irregularities. So far, during onboarding, all the new employees have undergone a mandatory training on Span Code of Business Conduct, as well as on procedures and policies of anti-bribery system.

In order to further strengthen the risk management system, the decision was made to improve this process by introducing periodic training for all employees working at medium- and high-risk job positions. After the training, employees will have to pass a short test of their understanding of key topics through Span's Learning Management System (LMS). Employees will undergo this training at least once a year. This training is planned to be implemented and completed by the end of March 2026.

Ongoing campaign to raise awareness of policies

It is expected that the planned training will significantly contribute to raising awareness of policies, procedures and Code of Business Conduct among new employees and employees working at medium- and high-risk job positions.

For our next step in Q4 2026, we are planning to extend these activities to international markets, thus ensuring a consistent implementation of standards of ethical conduct in the whole of the Group.

Maintenance of a confidential complaints mechanism for reporting unethical conduct Span maintains a confidential and safe mechanism for reporting unethical or irregular conduct. The system is tested once a year in order to ensure its functionality and reliability.

We believe that additional actions aimed at raising awareness of policies and procedures of ethical conduct will further encourage employees to use the reporting mechanism and contribute to reinforcing the culture of integrity within the organization.

G1-2 - Management of relationships with suppliers

Span Group is guided by the principles of fair and responsible business with suppliers, with a view to ensuring transparent, predictable and long-term terms of cooperation. All the suppliers have clearly defined business conditions, and relationships are based on open communication, mutual trust and fostering an ongoing improvement of quality of products and services and the compliance with applicable standards.

We have been assessing suppliers within our Quality Management System since 2006, based on the quality of delivery and feedback. In the last few years, we identified the need for raising the level of assessment within other management systems, including the sustainability requirements and the recommendations of the Cyber Security Act (NIS2 Directive transposed into Croatian legislation).

In order to ensure a systematic and proportional approach to management of relationships with suppliers, Span d.d. launched a pilot project of supplier assessment in 2024,

and in 2025 it conducted an initial assessment of suppliers. This project enabled a collection of initial insights into supplier practices, but also indicated a need for further improvement of approach to assessment at the same time. The Company concluded that the questionnaire is not fully applicable to all the types and categories of suppliers, given the differences in the scope of business, type of products and services provided and the level of exposure to risks of sustainability and information security. Also, a need to further adapt the content of the questionnaire, to carry out a digital improvement of the questionnaire and to structure the assessment more clearly was identified.

In the upcoming period, Span plans to define the criteria for identifying strategic suppliers and begin with their priority assessment, including a gradual introduction of ESG thresholds relevant for specific categories of suppliers. This will enable focusing our efforts on those suppliers who have the biggest impact on the business and value chain of the enterprise.

Although Span Group still has not applied a formalized, comprehensive framework for the assessment of social and environmental criteria in its supplier selection, certain environmental aspects are already being taken into account for certain categories of services. For example, when choosing the provider of cloud services, their principles and practices in relation to sustainability are assessed, including GHG emissions, energy efficiency and governance of water resources.

G1-6 - Payment practices

Span is guided by the principles of equitable operations, ensuring all suppliers have transparent terms of cooperation. Standard payment terms in the Company are defined by the Guidelines for contracting payment terms with suppliers, as follows: for large- and medium-sized enterprises: 60 days,

and for micro- and small-sized enterprises: 30 days, but always as per agreement with suppliers. Payments are made twice a week in order to minimise the risk of late payment in general (including payments to micro-, small- and medium-sized enterprises - SME). The average time of payment of Span d.d. is 15 days. Payments are prepared in our accounting system, and timely entry of data into that system is ensured by internal controls. In 2025, 3% of all payments were late. Given the fact that the principles of timely payments, transparency and open communication have already been integrated into regular business processes, and proved themselves efficient, apart from those, Span did not define additional actions. Despite this fact, in order to reinforce the positive impact on the SME sector, which greatly depends on the stability of cash flow and predictability of business partners, the Company established a measurable target at the end of 2025.

Objective:

Keeping the proportion of late payments to small- and medium-sized enterprises below 5%.

The year 2024 was defined as the baseline year for monitoring (2.5%), and it refers to Company's own operations. Effectiveness of achievement of the objective is monitored through a KPI:

Proportion of late SME payments in the total number of annual payments.

The methodology comprises the identification of all payments to SME suppliers, defining deadlines and the calculation of proportion of late transactions, enabling transparent reporting and timely identification of need for further improvements.

There are currently no unresolved court proceedings in relation to late payments.

G1 - Company-specific: Development of security solutions for tackling cyber attacks

Cyber security is one of the most significant challenges of modern business, especially in an environment where the frequency and sophistication of cyber threats are constantly increasing. In such context, Span is aware that the overall resilience of the digital ecosystem does not depend only on large companies, but on small- and medium-sized enterprises (SME) as its backbone equally, and often essentially. SMEs play a crucial role in the economy and value chains, however, they are among the most vulnerable participants of the cyber space at the same time. At their disposal, they often have limited professional capacities and resources for security investments, making them particularly exposed to attacks and incidents that may extend over to larger organizations associated with them. Their vulnerability is not only an individual risk, but potentially a source of broader destabilization of market.

Alongside structural challenges of SMEs, a regulatory context that, at a national and European level, highlights the need for increasing cyber awareness and improving the digital resilience in this segment is also important. At the same time, double materiality assessment proved that activities related to cyber security, as well as the development of solutions and services in this area, represent a material opportunity for creating added value. Extensive experience in response to security incidents, implementation of security solutions and trainings in the area of cyber security enable Span to contribute to raising the level of resilience in the most vulnerable market participants with its knowledge and capacities. We thus not only improve the security position of customers, but of the whole digital value chain in which Span operates. Further strategic and financial

210
211

dimension to this area is provided by the fact that the cyber security is included in the Sustainability-Linked Bond (SLB), which Span issued in 2025.

Therefore, Span established an operational objective aimed at strengthening the resilience of SMEs to cyber security risks by providing training through Interactive Cyber Security Course.

Target:

Reach a total of 500 small- and medium-sized enterprises registered for the Interactive Cyber Security Course by the end of September 2029.

The objective applies to activities of the Span Group related to the development and implementation of training programs and has an indirect positive impact on the wider value chain. At the same time, this target was defined as one of the key objectives within the Sustainability Linked Bond of the Span Group. The course will be offered to SMEs with whom Span Group directly does business with, i.e. in Croatia, Slovenia, Ukraine and Estonia. This scope enables an efficient implementation of training by using the existing infrastructure, resources and local market knowledge, and it complies with the business model and the available operational capacities. Key internal stakeholders, including Span's Management Board, cyber resilience senior director and ESG Department are involved in determining the target.

The effectiveness of actions for the achievement of this objective is monitored through a Key Performance Indicator (KPI):

Total number of beneficiaries of Span's Interactive Cyber Security Course for small- and medium-sized enterprises (SME) – cumulative.

KPI will be calculated as the arithmetic sum of all small- and medium-sized enterprises (SMEs by the definition of the European Union)

that registered for the course in mentioned countries. The course will be available in the form of e-learning through a special landing page on the website of the Span Cyber Security Center, in Croatian and English language. Since the course is being developed from the very beginning and was not implemented before 2024, the baseline is 0, and 2026 was defined as the reference year for monitoring the progress. In order to correctly demonstrate the impact of the course, beneficiaries will be counted as the number of SMEs that registered for the course, not as the number of individual participants.

Achievement of the objective will require significant investments, resources, knowledge and engagement of the Company in the development and implementation of the course, as well as in its promotion to potential beneficiaries in different countries.

Mid-2025, key actions that Span plans to implement in order to achieve the objective were confirmed:

Development of interactive online course
Implementation of a marketing plan and platform maintenance.

Development of interactive online course.

Complementary module for raising awareness of cyber security was particularly designed and developed for the management personnel of small- and medium-sized enterprises that makes the decisions about actions the enterprise will take in order to improve its cyber security. The course is based on the best practices adapted to small- and medium-sized enterprises, taking into account the recommendations of the European Network and Information Security Agency (ENISA). By means of this course, participants will become aware that cyber security is not a concern of large companies only, but a crucial topic for the business of companies of all sizes. They will develop a deeper understanding of the material impact the cyber security may

have on their business, and they will learn about key actions and controls that may be applied to reduce the vulnerability and increase the cyber resilience. Also, key improvements of cyber security are discussed from three critical perspectives: people, technology and processes. Participants will gain knowledge of the best practices for password management, including multi-factor authentication, the importance of software updates, phishing detection and data storage management. The course also includes the basic elements of business continuity planning and the fundamentals of an incident response plan. A special section is dedicated to the GDPR compliance, network security, physical security and the protection of devices used in day-to-day work. The course also includes a summary of key security recommendations for employees. It will be possible to download the certificate and the guide for employees on the course platform, and they can be easily shared within the company. The course includes a questionnaire and a certificate of completed course. The platform for the implementation of the course is planned to finish in Q1 2026.

Implementation of a marketing plan and platform maintenance

Marketing plan consists of several parts: digital campaign with paid advertising, SEO (Search Engine Optimization) and content marketing, live promotions, PR activities and production of promotion materials.

Focus is on educating the market about cyber security for the SME segment. It is based on a multi-channel approach that combines Google, Meta, LinkedIn, Reddit and Microsoft advertising in order to cover different target groups. The campaigns rely on raising awareness through display and video formats, using search and lead-gen campaigns for generating requests and conversions at the same time. They are spread

through three years in four countries (Croatia, Slovenia, Estonia and Ukraine), with defined budgets by channel and activity type, ensuring a continuous presence, optimization and monitoring the results. Besides that, the plan is based on the optimization of websites and e-mail marketing in each of the mentioned countries. Marketing plan is accompanied by planned live promotions, PR activities through accessible media and the production of promotion materials in the form of video and graphic content.

Marketing plan will become active with the start of the platform (H1 2026) and will be implemented depending on the results by channels and countries, and reached target groups.

For the implementation of these key actions regular operational resources are assigned on a four-year level, and on the annual level they do not represent a significant amount.

Appendix B: List of datapoints in cross-cutting and topical standards that derive from other EU legislation

Disclosure Requirement and related datapoint	SFDR (i) reference	Pillar 3 (2) reference	Benchmark Regulation (3) reference	EU Climate Law (4) reference	Page number	Not significant
ESR9 2 GOV 1 Board's gender diversity paragraph 21 (d)	Indicator number 13 of Table #1 of Annex 1		Commission Delegated Regulation (EU) 2020/1806 (5), Annex II		132
ESR9 2 GOV 1 Percentage of board members who are independent paragraph 21 (e)			Delegated Regulation (EU) 2020/1806, Annex II		132
ESR9 2 GOV 4 Statement on due diligence paragraph 30	Indicator number 10 Table #3 of Annex 1				136
ESR9 2 SBM 1 Involvement in activities related to fossil fuel activities paragraph 40 (d) i	Indicators number 4 Table #1 of Annex 1	Article 449a Regulation (EU) No 575/2003; Commission Implementing Regulation (EU) 2022/2453 (6) Table 1: Qualitative information on Environmental risk and Table 2: Qualitative information on Social risk	Delegated Regulation (EU) 2020/1806, Annex II			Not significant
ESR9 2 SBM 1 Involvement in activities related to chemical production paragraph 40 (d) ii	Indicator number 9 Table #2 of Annex 1		Delegated Regulation (EU) 2020/1806, Annex II			Not significant
ESR9 2 SBM 1 Involvement in activities related to controversial weapons paragraph 40 (d) iii	Indicator number 14 Table #1 of Annex 1		Delegated Regulation (EU) 2020/1808 (7), Article 12(1) Delegated Regulation (EU) 2020/1806, Annex II			Not significant
ESR9 2 SBM 1 Involvement in activities related to cultivation and production of tobacco paragraph 40 (d) iv			Delegated Regulation (EU) 2020/1808, Article 12(1) Delegated Regulation (EU) 2020/1806, Annex II			Not significant
ESR9 E1 1 Transition plan to reach climate neutrality by 2050 paragraph 14				Regulation (EU) 2021/109, Article 2(1)	161
ESR9 E1 1 Undertakings excluded from Paris-aligned Benchmarks paragraph 16 (g) to/ka 16. podto/ka (g)		Article 449a Regulation (EU) No 575/2003; Commission Implementing Regulation (EU) 2022/2453 Template 1: Banking book - Climate change transition risk: Credit quality of exposures by sector, emissions and residual maturity	Delegated Regulation (EU) 2020/1808, Article 12.1 (d) to (g), and Article 12.2			Not significant
ESR9 E1 4 GHG emission reduction targets paragraph 34	Indicator number 4 Table #2 of Annex 1	Article 449a Regulation (EU) No 575/2003; Commission Implementing Regulation (EU) 2022/2453 Template 3: Banking book - Climate change transition risk: alignment metrics	Delegated Regulation (EU) 2020/1808, Article 6		163
ESR9 E1 5 Energy consumption from fossil sources disaggregated by sources (only high climate impact sectors) paragraph 38	Indicator number 5 Table #1 and Indicator number 5 Table #1 and Indicator n. 5 Table #2 of Annex 1					Not significant
ESR9 E1 5 Energy consumption and mix paragraph 37	Indicator number 5 Table #1 of Annex 1				165
ESR9 E1 5 Energy intensity associated with activities in high climate impact sectors paragraphs 40 to 43	Indicator number 6 Table #1 of Annex 1					Not significant
ESR9 E1 6 Gross Scope L 2, 3 and Total GHG emissions paragraph 44	Indicators number 1 and 2 Table #1 of Annex 1	Article 449a; Regulation (EU) No 575/2003; Commission Implementing Regulation (EU) 2022/2453 Template 1: Banking book - Climate change transition risk: Credit quality of exposures by sector, emissions and residual maturity	Delegated Regulation (EU) 2020/1808, Article 5(1), 6 and 8(1)		172

Appendix B: List of datapoints in cross-cutting and topical standards that derive from other EU legislation

Disclosure Requirement and related datapoint	SFDR (i) reference	Pillar 3 (2) reference	Benchmark Regulation (3) reference	EU Climate Law (4) reference	Page number	Not significant
ESR9 E1-8 Gross GHG emissions intensity paragraphs 53 to 55	Indicators number 3 Table #1 of Annex 1	Article 449a Regulation (EU) No STL/2003; Commission Implementing Regulation (EU) 2022/2453 Template 3; Banking book - Climate change transition risk: alignment metrics	Delegated Regulation (EU) 2020/1808, Article 8(1)			Not significant
ESR9 E1-T GHG removals and carbon credits paragraph 56				Regulation (EU) 2021/539, Article 2(1)		Not significant
ESR9 E1-9 Exposure of the benchmark portfolio to climate-related physical risks paragraph 66			Delegated Regulation (EU) 2020/1808, Annex II Delegated Regulation (EU) 2020/1816, Annex II		Not included in the report, gradually being introduced
ESR9 E1-9 Disaggregation of monetary amounts by acute and chronic physical risk paragraph 66 (a) ESR9 E1-9 Location of significant assets at material physical risk paragraph 66 (c).			Article 449a Regulation (EU) No STL/2003; Commission Implementing Regulation (EU) 2022/2453 paragraphs 46 and 47; Template 5: Banking book - Climate change physical risk: Exposures subject to physical risk.		Not included in the report, gradually being introduced
ESR9 E1-9 Breakdown of the carrying value of its real estate assets by energy-efficiency classes paragraph 67 (c).		Article 449a Regulation (EU) No STL/2003; Commission Implementing Regulation (EU) 2022/2453 paragraph 34; Template 2: Banking book - Climate change transition risk: Loans collateralised by immovable property - Energy efficiency of the collateral			Not included in the report, gradually being introduced
ESR9 E1-9 Degree of exposure of the portfolio to climate-related opportunities paragraph 69			Delegated Regulation (EU) 2020/1808, Annex II		Not included in the report, gradually being introduced
ESR9 E2-4 Amount of each pollutant listed in Annex II of the E-PBTR Regulation (European Pollutant Release and Transfer Register) emitted to air, water and soil, paragraph 28	Indicator number 8 Table #1 of Annex 1 Indicator number 2 Table #2 of Annex 1 Indicator number 1 Table #2 of Annex 1 Indicator number 3 Table #2 of Annex 1					Not significant
ESR9 E3-1 Water and marine resources paragraph 9	Indicator number 7 Table #2 of Annex 1					Not significant
ESR9 E3-1 Dedicated policy paragraph 15	Indicator number 8 Table 2 of Annex 1					Not significant
ESR9 E3-1 Sustainable oceans and seas paragraph 14	Indicator number 12 Table #2 of Annex 1					Not significant
ESR9 E3-4 Total water recycled and reused paragraph 28 (c)	Indicator number 6.2 Table #2 of Annex 1					Not significant
ESR9 E3-4 Total water consumption in m3 per net revenue on own operations paragraph 29	Indicator number 6.1 Table #2 of Annex 1					Not significant
ESR9 2- IRO 1 - E4 paragraph 16 (a) i	Indicator number 7 Table #1 of Annex 1				130
ESR9 2- IRO 1 - E4 paragraph 16 (b)	Indicator number 10 Table #2 of Annex 1				130
ESR9 2- IRO 1 - E4 paragraph 16 (c)	Indicator number 14 Table #2 of Annex 1				130
ESR9 E4-2 Sustainable land / agriculture practices or policies paragraph 24 (b)	Indicator number 11 Table #2 of Annex 1					Not significant
ESR9 E4-2 Sustainable oceans / seas practices or policies paragraph 24 (c)	Indicator number 12 Table #2 of Annex 1					Not significant

Appendix B: List of datapoints in cross-cutting and topical standards that

derive from other EU legislation

Disclosure Requirement and related datapoint	SFDR (i) reference	Benchmark Regulation (3) reference	Page number	Not significant
ESRS E4-2 Policies to address deforestation paragraph 24 (d)	Indicator number 15 Table #2 of Annex 1			Not significant
ESRS E5-5 Non-recycled waste paragraph 37 (d)	Indicator number 13 Table #2 of Annex 1			Not significant
ESRS E5-5 Hazardous waste and radioactive waste paragraph 39	Indicator number 9 Table #1 of Annex 1			Not significant
ESRS 2- SRM3 - SI Risk of incidents of forced labour paragraph 14 (f)	Indicator number 13 Table #3 of Annex 1		175
ESRS 2- SRM3 - SI Risk of incidents of child labour paragraph 14 (g)	Indicator number 12 Table #3 of Annex 1		175
ESRS S1-1 Human rights policy commitments paragraph 20	Indicator number 9 Table #3 and Indicator number 11 Table #1 of Annex 1		174
ESRS S1-1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 21		Delegated Regulation (EU) 2020/1806, Annex II	175
ESRS S1-1 processes and measures for preventing trafficking in human beings paragraph 22	Indicator number 11 Table #3 of Annex 1			Not significant
ESRS S1-1 workplace accident prevention policy or management system paragraph 23	Indicator number 1 Table #3 of Annex 1		176
ESRS S1-3 grievance/complaints handling mechanisms paragraph 32 (e)	Indicator number 5 Table #3 of Annex 1		178
ESRS S1-14 Number of fatalities and number and rate of work-related accidents paragraph 88 (b) and (e)	Indicator number 2 Table #3 of Annex 1	Delegated Regulation (EU) 2020/1806, Annex II		Not significant
ESRS S1-14 Number of days lost to injuries, accidents, fatalities or illness paragraph 88 (e)	Indicator number 3 Table #3 of Annex 1			Not significant
ESRS S1-16 Unadjusted gender pay gap paragraph 97 (a)	Indicator number 12 Table #1 of Annex 1	Delegated Regulation (EU) 2020/1806, Annex II	192
ESRS S1-16 Excessive COD pay ratio paragraph 97 (b)	Indicator number 8 Table #3 of Annex 1		192
ESRS S1-17 Incidents of discrimination paragraph 103 (a)	Indicator number 7 Table #3 of Annex 1		193
ESRS S1-17 Non-respect of UNGPs on Business and Human Rights and OECD paragraph 104 (a)	Indicator number 10 Table #1 and Indicator n. 14 Table #3 of Annex 1	Delegated Regulation (EU) 2020/1806, Annex II Delegated Regulation (EU) 2020/1808 Art 12 (1)	193
ESRS 2- SRM3 - S2 Significant risk of child labour or forced labour in the value chain paragraph 11 (b)	Indicators number 12 and n. 13 Table #3 of Annex 1			Not significant
ESRS S2-1 Human rights policy commitments paragraph 17	Indicator number 9 Table #3 and Indicator n. 11 Table #1 of Annex 1			Not significant
ESRS S2-1 Policies related to value chain workers paragraph 18	Indicator number 11 and n. 4 Table #3 of Annex 1			Not significant

Appendix B: List of datapoints in cross-cutting and topical standards that derive from other EU legislation

Disclosure Requirement and related datapoint	SFDR (i) reference	Benchmark Regulation (3) reference	Page number	Not significant
ESR9 92-1 Non-respect of UNGPs on Business and Human Rights principles and OECD guidelines paragraph 19	Indicator number 10 Table #1 of Annex 1	Delegated Regulation (EU) 2020/1801, Annex II Delegated Regulation (EU) 2020/1808, Art 12 (1)		Not significant
ESR9 92-1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 19		Delegated Regulation (EU) 2020/1801, Annex II		Not significant
ESR9 92-4 Human rights issues and incidents connected to its upstream and downstream value chain paragraph 36	Indicator number 14 Table #3 of Annex 1			Not significant
ESR9 93-1 Human rights policy commitments paragraph 16	Indicator number 9 Table #3 of Annex 1 and Indicator number 11 Table #1 of Annex 1		182-183
ESR9 93-1 non respect of UNGPs on Business and Human Rights, ILO principles or and OECD guidelines paragraph 17	Indicator number 10 Table #1 Annex 1	Delegated Regulation (EU) 2020/1801, Annex II Delegated Regulation (EU) 2020/1808, Art 12 (1)		Not significant
ESR9 93-4 Human rights issues and incidents paragraph 36	Indicator number 14 Table #3 of Annex 1			Not significant
ESR9 94-1 Policies related to consumers and end-users paragraph 10	Indicator number 9 Table #3 and Indicator number 11 Table #1 of Annex 1		198
ESR9 94-1 Non respect of UNGPs on Business and Human Rights and OECD guidelines paragraph 17	Indicator number 10 Table #1 of Annex 1	Delegated Regulation (EU) 2020/1801, Annex II Delegated Regulation (EU) 2020/1808, Art 12 (1)	199
ESR9 94-4 Human rights issues and incidents paragraph 35	Indicator number 14 Table #3 of Annex 1		199
ESR9 G1 United Nations Convention against Corruption paragraph 10 (b)	Indicator number 15 Table #3 of Annex 1		206
ESR9 G1-1 Protection of whistleblowers paragraph 10 (d)	Indicator number 6 Table #3 of Annex 1		205
ESR9 G1-4 Fines for violation of anticorruption and anti-fertilizer laws paragraph 24 (a)	Indicator number 17 Table #3 of Annex 1	Delegated Regulation (EU) 2020/1801, Annex II)	206
ESR9 G1-4 Standards of anti-corruption and anti-fertilizer paragraph 24 (b)	Indicator number 16 Table #3 of Annex 1		206

(1) Regulation (EU) 2018/2088 of the European Parliament and of the Council of 27 November 2018 on sustainability-related disclosures in the financial services sector (Sustainable Finance Disclosures Regulation) (EU L 317, 9.12.2019, p. 1).
(2) Regulation (EU) No 675/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 649/2012 (Capital Requirements Regulation "CRR") (EU L 176, 27.6.2013, p. 1).
(3) Regulation (EU) 2018/2011 of the European Parliament and of the Council of 8 June 2018 on Indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 696/2014 (EU L 171, 29.6.2018, p. 1).
(4) Regulation (EU) 2021/1119 of the European Parliament and of the Council of 30 June 2021 establishing the framework for achieving climate neutrality and amending Regulations (EC) No 401/2009 and (EU) 2018/1999 (European Climate Law) (EU L 243, 9.7.2021, p. 1).

(6) Commission Delegated Regulation (EU) 2020/1816 of 17 July 2020 supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council as regards the explanation in the benchmark statement of how environmental, social and governance factors are reflected in each benchmark provided and published (EU L 406, 3.12.2020, p. 1).
(6) Commission Implementing Regulation (EU) 2022/2453 of 30 November 2022 amending the implementing technical standards laid down in implementing Regulation (EU) 2021/637 as regards the disclosure of environmental, social and governance risks (EU L 324, 29.12.2022, p.1.)
(7) Commission Delegated Regulation (EU) 2020/1818 of 17 July 2020 supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council as regards minimum standards for EU Climate Transition Benchmarks and EU Paris-aligned Benchmarks (EU L 406, 3.12.2020, p. 17).

Statements

222

Responsibility Statement of the Management Board on the Sustainability Report

Pursuant to Articles 32 and 36 of the Accounting Act (Official Gazette 135/24), the Management Board is responsible for the preparation of the consolidated Sustainability Report in accordance with the European Sustainability Reporting Standards (ESRS) and for:

preparation of disclosures in the section "Disclosures pursuant to Article 8 of the Regulation (EU) 2020/852 (Taxonomy Regulation)" of the consolidated Sustainability Report in accordance with the reporting requirements of Article 8 of the Regulation (EU) 2020/852 (EU Taxonomy Regulation);
design, implementation, and maintenance of internal control systems that the Management Board deems necessary to enable the preparation of the consolidated Sustainability Report, free from material misstatements due to fraud or error;
selection and application of appropriate sustainability reporting methods that are reasonable considering the circumstances.

The Management Board is also responsible for the design and implementation of the process for identifying information disclosed in the consolidated Sustainability Report in accordance with the ESRS, and for disclosing this process in the section "ESRS 2; IRO-1

Nikola Dujmovic
President of the Management Board, Span d.d.

Saša Kramar
Member of the Management Board for Marketing, Sales and Business Development

Ana Vukšić
Member of the Management Board
Finance

Mihaila Trbojević
Member of the Management Board for Product and Service Management

Independent limited assurance report

Deloitte.

Deloitte d.o.o.
Zigesti/Fower
Radnička cesta 80
32-000 Zagreb
Croatia
TAN ID: 22606457780
Tel: +385 (0) 1 2351 900
Fax: +385 (0) 1 2351 999
www.deloitte.com/hr

INDEPENDENT LIMITED ASSURANCE REPORT

To the Shareholders of Span d.d.

We have conducted a limited assurance engagement on the Sustainability Statement included in the Annual Report of Span d.d. (the "Company") and its subsidiaries ("the Group") as at 31 December 2025 and for the period from 1 January 2025 to 31 December 2025 (the "Sustainability Statement").

Identification of Applicable Criteria

The Sustainability Statement was prepared by the Management Board of the Company in order to satisfy the requirements of article 32 and 36 of Accounting Act implementing 29(a) of the EU Directive 2013/34/EU, including:

Compliance with the European Sustainability Reporting Standards introduced by Commission Delegated Regulation (EU) of 31 July 2023 supplementing Directive 2013/34/EU of the European Parliament and of the Council ("ESRS"), including that the process carried out by the Company to identify the information reported in the Sustainability Statement (the "Process") is in accordance with the description set out in note ESRS 2 IRO-1; and
Compliance of the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement with Article 8 of EU Regulation 2020/852 (the "Taxonomy Regulation").

Inherent Limitations in Preparing the Sustainability Statement

The criteria, nature of the Sustainability Statement, and absence of long-standing established authoritative guidance, standard applications and reporting practices allow for different, but acceptable, measurement methodologies to be adopted which may result in variances between entities. The adopted measurement methodologies may also impact the comparability of sustainability matters reported by different organizations and from year to year within an organization as methodologies evolve.

In reporting forward looking information in accordance with ESRS, management of the Company is required to prepare the forward-looking information on the basis of disclosed assumptions about events that may occur in the future and possible future actions by the Group. Actual outcome is likely to be different since anticipated events frequently do not occur as expected.

In determining the disclosures in the Sustainability Statement, management of the Company interprets undefined legal and other terms. Undefined legal and other terms may be interpreted differently, including the legal conformity of their interpretation and, accordingly, are subject to uncertainties.

This version of the independent limited assurance report is translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the report takes precedence over this translation.

The company was registered at Zagreb Commercial Court: M86-500022053; paid-in initial capital: EUR 5,500,00; Company Directors: Katarina Kadunc, Goran Kocićar and Helena Schrodt, Bank: Provodna banka Zagreb d.o., Radnička cesta 80, 10 000 Zagreb, bank account no. 2340009-1110098294; SWIFT Code: PBZGH02K-BANK: HK3823400001110098294.

Deloitte refers to one or more of Deloitte Trauma Technology ("DTTs"), its global network of member firms, and their related entities (collectively, the "Deloitte organization"). DTTs (also referred to as "Deloitte Global") and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTs and each DTTs member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTs does not provide services to clients. Please see www.deloitte.com/en/about to learn more.

464D6E116DB59C636A3FC97BF1A59DBC

Deloitte.

INDEPENDENT LIMITED ASSURANCE REPORT (continued)

Responsibility of the Management Board of the Company

Management of the Company is responsible for designing and implementing a process to identify the information reported in the Sustainability Statement in accordance with the ESRS and for disclosing this process in note ESRS 2 IRO-1 of the Sustainability Statement. This responsibility includes:

Understanding the context in which the Group's activities and business relationships take place and developing an understanding of its affected stakeholders;
The identification of the actual and potential impacts (both negative and positive) related to sustainability matters, as well as risks and opportunities that affect, or could reasonably be expected to affect, the Group's financial position, financial performance, cash flows, access to finance or cost of capital over the short, medium, or long-term;
The assessment of the materiality of the identified impacts, risks and opportunities related to sustainability matters by selecting and applying appropriate thresholds; and
Making assumptions that are reasonable in the circumstances.

Management of the Company is further responsible for the preparation of the Sustainability Statement, in accordance with article 32 and 36 of Accounting Act implementing 29(a) of the EU Directive 2013/34/EU, including:

Compliance with the ESRS;
Preparing the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement, in compliance with Article 8 of EU Regulation 2020/852 (the "Taxonomy Regulation");
Designing, implementing and maintaining such internal controls that management determines are necessary to enable the preparation of the Sustainability Statement that is free from material misstatement, whether due to fraud or error; and
The selection and application of appropriate sustainability reporting methods and making assumptions and estimates about individual sustainability disclosures that are reasonable in the circumstances.

Those charged with governance are responsible for overseeing the Group's sustainability reporting process.

Practitioner's Responsibility

We conducted our limited assurance engagement in accordance with International Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements other than Audits or Reviews of Historical Financial Information.

The procedures performed in a limited assurance engagement vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement. Consequently, the level of assurance obtained in a limited assurance engagement is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed.

Our objectives are to plan and perform the assurance engagement to obtain limited assurance about whether the Sustainability Statement is free from material misstatement, whether due to fraud or error, and to issue a limited assurance report that includes our conclusion. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence decisions of users taken on the basis of the Sustainability Statement as a whole.

As part of a limited assurance engagement in accordance with ISAE 3000 (Revised) we exercise professional judgment and maintain professional skepticism throughout the engagement.

Deloitte.

INDEPENDENT LIMITED ASSURANCE REPORT (continued)

Practitioner's Responsibility (continued)

Our responsibilities in respect of the Sustainability Statement, in relation to the Process, include:

Obtaining an understanding of the Process but not for the purpose of providing a conclusion on the effectiveness of the Process, including the outcome of the Process; and
Designing and performing procedures to evaluate whether the Process is consistent with the Group's description of its Process, as disclosed in note ESRS 2 IRO-1.

Our other responsibilities in respect of the Sustainability Statement include:

Obtaining an understanding of the entity's control environment, processes and information systems relevant to the preparation of the Sustainability Statement but not evaluating the design of particular control activities, obtaining evidence about their implementation or testing their operating effectiveness;
Identifying disclosures where material misstatements are likely to arise, whether due to fraud or error; and
Designing and performing procedures responsive to disclosures in the Sustainability Statement where material misstatements are likely to arise. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.

Our Independence and Quality Management

We complied with the applicable independence and other ethical requirements of the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants (the "Code"). The Code is founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behavior.

We applied International Standard on Quality Management (ISQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements, and accordingly maintain a comprehensive system of quality control including documented policies and procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

Summary of Work Performed

A limited assurance engagement involves performing procedures to obtain evidence about the Sustainability Statement.

The nature, timing and extent of procedures selected depend on professional judgement, including the identification of disclosures where material misstatements are likely to arise, whether due to fraud or error, in the Sustainability Statement.

In conducting our limited assurance engagement, with respect to the Process, we:

Obtained an understanding of the Process by:
performing inquiries to understand the sources of the information used by management (e.g., stakeholder engagement, business plans and strategy documents); and
reviewing the Group's internal documentation of its Process; and
Evaluated whether the evidence obtained from our procedures about the Process implemented by the Group was consistent with the description of the Process set out in note ESRS 2 IRO-1.

464D6E1160B59C636A3FC97BF1A59DBC

Deloitte.

INDEPENDENT LIMITED ASSURANCE REPORT (continued)

Summary of Work Performed (continued)

In conducting our limited assurance engagement, with respect to the Sustainability Statement, we:

Obtained an understanding of the Group's reporting processes relevant to the preparation of its Sustainability Statement by:
performing inquiries to understand the Group's control environment, processes and information systems relevant to the preparation of the sustainability statements;
Evaluated whether material information identified by the Process to identify the information reported in the Sustainability Statement is included in the Sustainability Statement;
Evaluated whether the structure and the presentation of the Sustainability Statement is in accordance with the ESRS;
Performed inquiries of relevant personnel and analytical procedures on selected disclosures in the Sustainability Statement;
Performed substantive assurance procedures on a sample basis on selected disclosures in the Sustainability Statement;
Obtained evidence on the methods for developing material estimates and forward-looking information and on how these methods were applied; and
Obtained an understanding of the process to identify taxonomy-eligible and taxonomy-aligned economic activities and the corresponding disclosures in the Sustainability Statement.

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our conclusion.

Limited Assurance Conclusion

Based on the procedures we have performed and the evidence we have obtained, nothing has come to our attention that causes us to believe that the Sustainability Statement is not prepared, in all material respects, in accordance with article 32 and 36 of Accounting Act implementing 29(a) of the EU Directive 2013/34/EU, including:

Compliance with the European Sustainability Reporting Standards (ESRS), including that the process carried out by the Company to identify the information reported in the Sustainability Statement is in accordance with the description set out in note ESRS 2 IRO-1; and
Compliance of the disclosures in subsection Disclosures pursuant to Article 8 of Regulation (EU) 2020/852 (Taxonomy Regulation) within the environmental section of the Sustainability Statement with Article 8 of EU Regulation 2020/852 (the "Taxonomy Regulation").

Katarina Kadunc

Director and Certified auditor

Deloitte d.o.o.

For signatures, please refer to the original Croatian auditor's report, which prevails.

30 April 2026

Radnička cesta 80,

10 000 Zagreb, Croatia

This version of the Independent limited assurance report is translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the report takes precedence over this translation.

464D6E1160B59C636A3FC97BF1A59DBC

Audited Financial Reports of
Span Group and Span d.d.

SPAN d.d., Zagreb

Annual report

for the year ended 31 December 2025

This version of annual report is a translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the annual report takes precedence over this translation.

SPAN d.d. and its subsidiaries

Content
Page

Annual Report of the Management Board
2

Responsibility of the Management Board for the Annual Report
8

Independent Auditor's Report

Financial statements

Statement of comprehensive Income
17

Statement of financial position
18

Statement on changes in shareholders' equity
19–20

Statement of cash flows
21

Notes to the financial statements
22 - 89

Annual Management Report

Annual Report of the Management Board

The Management Board of the company Span d.d. Zagreb ("The Company" or "Parent Company") presents the Company's separate and consolidated financial statements for the year ended 31 December 2025. The consolidated financial statements include the financial data of the Company and its subsidiaries that make up the Span Group (the "Group").

The Management Board of the Company considers that the consolidated financial statements for the period from 1 January to 31 December 2025 have been prepared based on applicable standards and thus provide a comprehensive and truthful overview of assets and liabilities and the financial position and business operations of the Group and the Company. The Annual Report of the Management Board contains a truthful overview of the development, business results and financial position of the Group and the Company, with a description of the most significant risks to which the Group and the Company are exposed.

Principal activity:

The principal activity of the Group and the Company is to provide professional services of design, construction and maintenance of information systems to medium and large users. In more than 30 years of business, the Company has evolved from an IT system integrator in Croatia to a Group that today operates on the global market.

In 1996, the Company became the first Croatian certified provider of Microsoft solutions, and since 2001 the Group and the Company have been certified as a Microsoft Gold Certified Partner and is the leading Microsoft partner in the Croatian market.

In addition to Microsoft technology, the Group and the Company base their solutions on the technology of other first-class manufacturers and also hold the appropriate accreditations and certificates:

AWS Select Consulting Partner
Google Cloud Partner
CheckPoint Partner Advanced
Cisco Legacy Premier Integrator
CyberArk Authorized Partner and Managed Services Provider
Dynatrace Master Partner
F5 Partner Authorized
Fortinet Select Partner
HP Synergy Partner
HPE Certified Aruba Gold Partner
HPE Certified Gold Partner
IBM Silver Business Partner and Managed Services Provider
Kemp Authorized Partner
Lenovo Authorized Reseller
Nutanix Enrolled Partner
Palo Alto Networks Solution Provider Innovator
Saviyn Authorized Reseller and Managed Services Provider
SentinelOne Silver Partner
Sophos Gold Partner
Symantec Partner
Tanium Partner
Veeam Cloud Service Provider Silver and Value-Added Reseller Gold
Veritas Registered Partner
Qualys Authorized Partner

Key events in 2025

At its session held on March 27, 2025, the Supervisory Board of the Company adopted a decision appointing Mihaela Trbojević the member of the Management Board for the term of office from April 1, 2025 to December 16, 2029, or until the expiry of the term of office of the other members of the Management Board.

SPAN d.d. and its subsidiaries

Annual Management Report

Key events in 2025 (continued)

On March 28, 2025, a company was established and registered under the firm Span Kazakhstan Limited, Z05K7P2, Astana, Esil district, 8/2, Turkistan, office 308, ID: 250340900945. The founders are Span d.d. and Vladislav Kuzin, who is also the Chief Executive Officer of Span Kazakhstan Limited.

On 30 April 2025, the meetings of the Management Board and the Supervisory Board of the Company were held, at which the proposal for a Decision on the use of profit and payment of dividends in the amount of EUR 0.80 per share was adopted. The Management Board and the Supervisory Board proposed to the General Assembly that the dividend in the specified amount be paid to the shareholders of the Company who were registered as shareholders of the Company in the depository of the Central Depository and Clearing Company Inc. on 17 June 2025 (record date). The date from which the Company's shares were traded without the right to dividend payment is 16 June 2025 (ex date). In accordance with the proposal, the claim for the payment of the dividend was due on July 1, 2025 (payment date), and the dividend was paid out of the Company's profit achieved in 2024.

The company, SPAN IT s.r.o., V celnici 1031/4, Nové Město, 110 00 Prague 1, ID 231 66 801 was established on April 9, 2025. The single founder is Span B.V. from the Netherlands.

A company was established and registered in Poland on May 26, under the firm SPAN POLSKA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. PLAC MARSZ. JÓZEFA PIŁSUDSKIEGO, nr 1, lok. ---, miejsc. WARSZAWA, kod 00-078, poczta WARSZAWA, kraj POLSKA, ID:0001175070. The founders are Span B.V. and Span d.d.

On June 5, 2025, the Management Board of the Company adopted Decision on Considering the Issuance of Sustainability-Linked Bonds, related to the Sustainability-Linked Bond Principles developed by the International Capital Market Association (ICMA), in line with the relevant market standards, and a decision on their inclusion in the official market of the Zagreb Stock Exchange. Issue of bonds with the total nominal amount of up to max. 25,000 thousand euros was considered, with one-off maturity of the principal in five years. On June 5, 2025, the Supervisory Board of the Company gave approval to the above Decision of the Management Board of the Company. The Company announced and made publicly available the Framework for Sustainability-Linked Bonds (hereinafter "Framework document") on June 5, 2025, and on June 26, 2025, the Croatian Financial Services Supervisory Agency adopted a decision approving the Prospectus for the public offering and enlisting the sustainability-linked bonds. On June 27, the Prospectus was published and made publicly available on the Internet site of the Company. By the issuance of the bonds, the Company undertakes to meet two key sustainability objectives by the end of September 2029, in accordance with the Framework document aligned with the Sustainability-Linked Bond Principles, announced by the International ICMA. Since today, cyber security is one of the most significant and financially most important ESG risks for organizations. The first objective is raising awareness of cyber security by conducting free-of-charge online education for small-sized and medium-sized enterprises by the Span Cyber Security Center. The second objective relates to mitigating climate change by reducing absolute greenhouse gas emissions of scope 1 and 2. The bond was officially issued on July 16, 2025 and enlisted in the Official Market of the Zagreb Stock Exchange on July 17, with the first trade day being July 21, 2025. Maximum envisaged 25,000 euros were allocated, in line with the pre-defined conditions. The bonds were issued with the maturity term of five years, with the yield to maturity of $3.85\%$ and fixed interest rate of $3.75\%$ with semi-annual payment.

Registration of establishment of Span Evolve d.o.o., Zagreb, Koturaška cesta 47, OIB: 06241824468, share capital: 300 thousand euros was announced on July 2, 2025. The founders are Krešimir Mlinarić, Josip Penavić abd Span d.d.

Registration of Span Romania S.R.L., with the registered office in: București Sectorul 2, Strada C. A. ROSETTI, Nr. 17, BIROUL 120 Register 06, Etaj 1, registration number: J2025045725006, was made in the competent Commercial Register in Romania on June 27, 2025. The founder is Span B.V. from the Netherlands.

Span Hellas SA, Zeppou str 33, Glyfada - Athina, 16677, reg. number 185798801000 was established and registered on 9 July 2025. The founders are Span d.d. and Vasileios Papoulias, who is also the Director of the company.

SPAN d.d. and its subsidiaries

Annual Management Report

Key events in 2025 (continued)

In September 2025, the Span Cyber Security Center transitioned into an Adult Education Institution, which provides formal and informal education programs in the area of cyber security. This means that in addition to the existing education, one can also acquire formal qualifications recognized in the Croatian educational system.

Total consolidated revenues increased by 51,346 thousand euros, or 28% compared to 2024, and the Company achieved revenue growth of 38,552 thousand euros, or 35%. Total consolidated operating expenses increased by 48,935 thousand euros, or 28% compared to 2024 and the Company's expenses increased by 34,573, thousand euros. The Group's profit after tax increased by 2,309 thousand euros, to 5,707 thousand euros. The Company recorded an increase in profit after tax of 3,506 thousand euros, to 6,262 thousand euros.

2026 Strategy

Research and development activities

Development expenditure generally refers to internally developed intangible assets. The total value of the Group's intangible assets relating to development expenditure is EUR 1,313 thousand (EUR 1,313 thousand for the Company) (Note 17). During 2025 at the Group level, a total of EUR 181 thousand was activated in the position of Software Development (Company EUR 181 thousand) (Note 17).

Financial instruments

The Group and Company use financial instruments that affect the assessment of financial position and performance of the business. The Company and Group are primarily exposed to the financial risks of changes in foreign currency exchange rates and interest rates. These and other risks are further described in the Note 35 Financial instruments.

The Company and Group's Corporate Treasury function supports operations, co-ordinates access to domestic and international financial markets, monitors and manages the financial risks relating to the operations of the Company and Group.

Financial assets of the Group and Company mainly consist of receivables and cash in bank, while financial liabilities predominantly refer to short-term and long-term borrowings from banks, long-term bonds, short-term and long-term lease liabilities, and trade payables.

Information on the purchase of own shares

During 2025, the Company acquired 13,000 of its own shares with the symbol SPAN-R-A on the Regulated Market of the Zagreb Stock Exchange. During 2025, the Company disposed of 11,042 of its own shares with the symbol SPAN-R-A. As of December 31, 2025, the Company owned a total of 10,760 (2024: 8,802) of its own shares.

SPAN d.d. and its subsidiaries

Annual Management Report

Existence of Company and Group branches

The Company and Group have no branches.

Group companies

SPAN d.o.o. Ljubljana was registered on August 18, 2009., offering a wide range of products, services and solutions on the Slovenian market.

Span IT Ltd. London, started operations during 2009 as a sales representation of the Company and significantly contributed to the growth of exports of services and solutions to the UK market.

SPAN USA, Inc., began operations on October 10, 2012, primarily as a sales representation and customer support center in the U.S.

Trilix d.o.o. was established on August 27, 2007 as a company specialized in services in the area of information technologies, including development of software solutions and IT counseling. The company is focused on implementation of advanced IT systems, with special emphasis on the information security and optimization of business processes.

During 2016, the Company opened a subsidiary Span Azerbaijan LLC in Azerbaijan through which it offers its services and knowledge in that market as well.

During 2018, the Company established two 100% owned subsidiaries Span LLC, Kiev, Ukraine and Span GmbH, Munich, Germany with the aim of expanding the markets in which it offers its services and knowledge.

During 2019, the Company opened a subsidiary SPAN SWISS AG, Switzerland. The management of Span Swiss AG made the decision to shut down the company on 13 November 2023 and the company was liquidated during 2025.

During July 2021, the Company officially opened another member of the group - Span-IT s.r.l. based in Chisinau, Moldovan capital.

On April 15, 2022, the Commercial Court in Zagreb issued a decision on the registration of the establishment of a company under the company name FINTECH DIGITAL SERVICES, a limited liability company for IT services.

Also, in 2022, the company Span Cyber Security Center, d.o.o. was founded for services and consulting that provides education and training in the field of security. On September 9, 2024, Span Cyber Security Center changed its name to Span Cyber Security Incubator.

At the beginning of 2023, the Company acquired the company GT Tarkvara, Tallinn, Estonia. It is a leading Estonian company for licensing and management of software assets.

On September 8, 2023, the limited liability company Span was founded in Georgia, Tbilisi.

On July 1, 2024, the merger was registered based on the merger agreement concluded between Span and companies Ekobit and BonsAI, as well as the decision of the general meetings of the merged companies approving the merger.

On December 16, 2024, the limited liability company Span B.V. was established in Amsterdam, the Netherlands with a purpose of strengthening the commercial and strategic ties with the most significant organizations in that area.

On December 20, 2024, the Institution Span Cyber Security Center was established in Zagreb, Koturaška cesta 47. The institution was established to provide education for adults, with formal and informal educational programs in the area of cyber security.

On March 28, 2025, Span Kazakhstan Ltd was established in Astana, Kazakhstan with a view of providing consulting services in the area of information technologies in the Central Asian market.

On April 9, 2025, Span IT s.r.o. was established in Prague, Czech Republic, with a purpose of providing IT services.

On May 26, 2025, Span Polska sp z.o.o. was established in Warsaw, Poland, where we recognized a long-term business opportunity for sales of products and provision of services from our digital portfolio.

SPAN d.d. and its subsidiaries
5

Annual Management Report

Group companies (continued)

Span Romania s.r.l. was established in Bucharest, Romania on June 27, 2025, where it can contribute to developing digitization and digital transformation through its technological competencies and existing international experience.

On July 2, 2025, Span Evolve d.o.o. was established in Zagreb, offering services of consulting, implementation, adjustment and support for advanced business solutions, with emphasis on increasing the operating efficiency.

On July 9, 2025, Span Hellas S.A. was established in Athens, Greece with a view of establishing the presence in the area of Europe and provision of ICT services and solutions.

SPAN d.d. and its subsidiaries
6

Annual Management Report

Supervisory Board

Aron Paulić, member of the Supervisory Board since September 30, 2020, Deputy Chairman of the Supervisory Board since November 5, 2021, re-elected on September 30, 2024.
Ante Mandić, member of the Supervisory Board since September 30, 2020, Chairman of the Supervisory Board since June 14, 2023, re-elected on September 30, 2024.
Ivana Šoljan, member of the Supervisory Board from June 14, 2023 to September 30, 2024, and re-elected on September 30, 2024.
Mirjana Marinković, member of the Supervisory Board from June 14, 2023 to September 30, 2024 and re-elected on September 30, 2024.
Barbara Gradečak, employee representative on the Supervisory Board of the Company since December 29, 2023.

Audit Committee

Ante Mandić, President of the Audit Committee, appointed by a Decision of the Supervisory Board on May 10, 2021, re-elected by a Decision of the Supervisory Board of April 30, 2025 for the term of office of 4 years, starting from May 10, 2025.
Nataša Zelenika, member of the Audit Committee, appointed by a Decision of the Supervisory Board on May 10, 2021, re-elected by a Decision of the Supervisory Board of April 30, 2025 for the term of office of 4 years, starting from May 10, 2025.
Tomislav Skorin, member of the Audit Committee, appointed by a Decision of the Supervisory Board of May 10, 2021, re-elected by a Decision of the Supervisory Board of April 30, 2025 for the term of office of 4 years, starting from May 10, 2025.

Nomination and Remuneration Committee

Aron Paulić, President of the Committee, appointed by a Decision of the Supervisory Board on May 10, 2021, re-elected by a Decision of the Supervisory Board of April 30, 2025 for the term of office of 4 years, starting from May 10, 2025.
Hana Horak, member of the Committee appointed by a Decision of the Supervisory Board of May 10, 2021, re-elected by a Decision of the Supervisory Board of April 30, 2025 for the term of office of 4 years, starting from May 10, 2025.
Lucia Ana Tomić, member of the Committee appointed by a Decision of the Supervisory Board of May 10, 2021, re-elected by a Decision of the Supervisory Board of April 30, 2025 for the term of office of 4 years, starting from May 10, 2025.

Management

Members of the Management Board of the Company from 1 January 2025* to the date of signing these financial statements were:

Nikola Dujmović, president of the Management Board
Ana Vukšić, member of the Management Board
Saša Kramar, member of the Management Board
Mihaela Trbojević*, member of the Management Board – from 1 April 2025

In Zagreb, on 30 April 2026, signed by the Management Board:

SPAN d.d. and its subsidiaries

Responsibility of the Management Board for the Annual Report

Statement of the Management Board about responsibility for the Annual Report

The Management Board is obliged to ensure that the financial statements for each financial year are prepared in accordance with the International Financial Reporting Standards adopted by the European Union (IFRS) to give a truthful and objective review of the financial position and the results of the business operations of SPAN d.d. ("The Company") and its subsidiaries (collectively the "Group") for each period presented.

After making enquiries, the Management Board reasonably expects the Group and the Company to have adequate resources to continue their operations for the foreseeable future. For this reason, the Management Board continues to adopt the going concern basis in preparing the financial statements of the Group and the Company.

In the preparation of financial statements, the Management Board is responsible:

to select and then consistently apply appropriate accounting policies;
that judgments and estimates be reasonable and cautious;
to apply relevant accounting standards; and
that the financial statements are prepared on the going concern basis.

The Management Board is responsible for keeping proper accounting records, which will at any time reflect with reasonable accuracy the financial position of the Group and the Company, as well as its compliance with the Croatian Accounting Act. The Management Board is also responsible for safeguarding the assets of the Group and the Company, and therefore for taking reasonable measures to prevent and detect embezzlement and other illegalities.

Signed by members of the Management Board:

For SPAN d.d.:

SPAN d.d.

Koturaška cesta 47

Zagreb

Republic of Croatia

30 April 2026

SPAN d.d. and its subsidiaries

Deloitte.

Deloitte d.o.o.
ZagrebTower
Radnička cesta 80
10 000 Zagreb
Croatia
TAX ID: 11686457780
Tel: +385 (0) 1 2351 900
Fax: +385 (0) 1 2351 999
www.deloitte.com/hr

INDEPENDENT AUDITOR'S REPORT

To shareholders of SPAN d.d.

Report on the Audit of the Financial Statements

Opinion

We have audited the separate financial statements of SPAN d.d (the Company) and consolidated financial statements of the SPAN d.d. and its subsidiaries (the Group) which comprise the separate and the consolidated statement of financial position as at 31 December 2025, the separate and the consolidated statement of comprehensive income, the separate and the consolidated statement of changes in shareholder's equity and the separate and the consolidated statement of cash flows for the year then ended, and notes to the separate and the consolidated financial statements, including material accounting policy information.

In our opinion, the accompanying separate and consolidated financial statements present fairly, in all material respects, the financial position of the Company and the Group as at 31 December 2025, and its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards as adopted by the European Union (IFRS).

Basis for Opinion

We conducted our audit in accordance with the International Standards on Auditing (ISAs) and Regulation (EU) 537/2014 of the European Parliament and of the Council, dated 16 April 2014, on specific requirements regarding statutory audit of public-interest entities. Our responsibilities under those standards are further described in the Auditor's Responsibilities for the Audit of the Separate and the Consolidated Financial Statements section of our report. We are independent of the Company and the Group in accordance with the International Ethics Standards Board for Accountants' International Code of Ethics for Professional Accountants, including International Independence Standards (IESBA Code), together with the ethical requirements that are relevant to audits of the financial statements of public interest entities in Croatia. We have also fulfilled our other ethical responsibilities in accordance with these requirements and the IESBA Code. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Key Audit Matter

Key audit matter is the matter that, in our professional judgment, is of most significance in our audit of the separate and the consolidated financial statements of the current period. This matter was addressed in the context of our audit of the separate and the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on this matter.

This version of the auditor's report is translation from the original, which was prepared in the Croatian language. All possible care has been taken to ensure that the translation is an accurate representation of the original. However, in all matters of interpretation of information, views or opinions, the original language version of the report takes precedence over this translation.

The company was registered at Zagreb Commercial Court: MBS 030022053; paid-in initial capital: EUR 5,930.00; Company Directors: Katarina Kadunc, Goran Končar and Helena Schmidt, Bank: Privredna banka Zagreb d.d., Radnička cesta 80, 10 000 Zagreb, bank account no. 2340009-1110098294; SWIFT Code: PBZGHR2X IBAN: HR3823400091110098294.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited ("DTTL"), its global network of member firms, and their related entities (collectively, the "Deloitte organization"). DTTL (also referred to as "Deloitte Global") and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/en/about to learn more.

A4ECB1A39DF0A2ACF2B994B3720230A0

Deloitte.

INDEPENDENT AUDITOR'S REPORT (continued)

Report on the Audit of the Financial Statements (continued)

Key Audit Matters (continued)

Key audit matter – Revenue recognition from contracts with customers	How did we address key audit matter during our audit
For accounting policies, please see Significant accounting policies – note 3: Revenue recognition. Revenue from contracts with customers are disclosed in note 5 and amount to 230,861 thousand EUR (2024: 179,039 thousand EUR) for the Group and 148,617 thousand EUR (2024.: 110,033 thousand EUR) for the Company.
Revenue recognition is a significant aspect of the Group's and Company's financial statements due to the complexity of the Group's and Company's revenue streams, the different types of licenses and services offered, and the various recognition criteria and methods applied under International Financial Reporting Standard 15: Contract with customers (IFRS 15).

With reference to the sale of various types of licenses, the Group and the Company primarily generate revenue from the sale of Microsoft licenses. The Group and the Company are primarily responsible to customers for delivering the specified characteristics of the licenses, are exposed to the potential risk of rejection of licenses by customers, and have discretion in determining pricing and retain the benefits from the licenses until the transfer of control.

Advisory services that the Group and Company provides may be divided in two main service groups: services related to contracted projects with customers and advisory services which refer to customer support based on contracted price lists.

The recognition of revenue involves significant management judgment and estimation in determining the appropriate point in time or the stage of completion for performance obligations, as well as the transaction price for each distinct performance obligation. Due to these risks, this area was established as a key audit matter. | To address the risks associated with revenue recognition, we designed audit procedures that enabled us to obtain sufficient and appropriate audit evidence to support our conclusion on this matter.

Our audit procedures included, among others:
• Assessing the Group's and Company's revenue recognition policies and their compliance with IFRS 15;
• Testing the design and implementation of internal controls related to the revenue recognition in terms of the adequacy of their recording;
• Selecting a sample of transactions for each revenue stream and performing substantive testing to determine the appropriateness of revenue recognition, considering the relevant criteria under IFRS 15;
• Evaluating management's judgments and estimates used in determining the transaction prices, distinct delivery obligations, and the point in time or stage of completion for performance obligations;
• Assessing whether the disclosures regarding revenue from customer contracts are appropriate. |

A4ECB1A39DF0A2ACF2B994B3720230A0

Deloitte.

INDEPENDENT AUDITOR'S REPORT (continued)

Report on the Audit of the Financial Statements (continued)

Other Information

Management is responsible for the other information. The other information comprises the information included in the Annual Report, but does not include the separate and the consolidated financial statements and our auditor's report.

Our opinion on the separate and the consolidated financial statements does not cover the other information.

In connection with our audit of the separate and the consolidated financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the separate and the consolidated financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. With respect to the Management Report and the Corporate Governance Report, which are included in the Annual Report, we have also performed the other procedures prescribed by the Accounting Act. These procedures include examination of whether the Management Report include required disclosures as set out in the Articles 22 and 24 of the Accounting Act and whether the Corporate Governance Report includes the information specified in the Articles 22 and 25 of the Accounting Act.

Based on the procedures performed during our audit, to the extent we are able to assess it, we report that:

1) Information included in the other information is, in all material respects, consistent with the attached separate and consolidated financial statements.

2) Management Report has been prepared, in all material respects, in accordance with the Articles 22 and 24 of the Accounting Act, excluding the requirements on sustainability reporting. In respect of the Sustainability Report, which is included as part of the other information and constitutes a separate part of the Management Report, we performed a limited assurance engagement, the results of which were presented in a separate limited assurance report with an unmodified conclusion.

3) Corporate Governance Report has been prepared, in all material aspects, in accordance with the Articles 22 and 25 of the Accounting Act,

Based on the knowledge and understanding of the Company and the Group and its environment, which we gained during our audit of the separate and the consolidated financial statements, we have not identified material misstatements in the other information.

Responsibilities of Management and Those Charged with Governance for the Separate and the Consolidated Financial Statements

Management is responsible for the preparation and fair presentation of the separate and the consolidated financial statements in accordance with IFRSs and for such internal control as Management determines is necessary to enable the preparation of separate and consolidated financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the separate and the consolidated financial statements, Management is responsible for assessing the Company's and the Group's ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless Management either intends to liquidate the Company or the Group or to cease operations, or has no realistic alternative but to do so.

Those charged with governance are responsible for overseeing the Company's and the Group's financial reporting process.

Auditor's Responsibilities for the Audit of the Separate and the Consolidated Financial Statements

Our objectives are to obtain reasonable assurance about whether the separate and the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs will always detect a material misstatement when it exists.

A4ECB1A39DF0A2ACF2B994B3720230A0

Deloitte.

INDEPENDENT AUDITOR'S REPORT (continued)

Report on the Audit of the Financial Statements (continued)

Auditor's Responsibilities for the Audit of the Separate and the Consolidated Financial Statements (continued)

Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these separate and consolidated financial statements.

As part of an audit in accordance with ISAs, we exercise professional judgment and maintain professional scepticism throughout the audit. We also:

Identify and assess the risks of material misstatement of the separate and the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Company's and the Group's internal controls.
Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by Management.
Conclude on the appropriateness of Management's use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Company's and the Group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor's report to the related disclosures in the separate and the consolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the Company and the Group to cease to continue as a going concern.
Evaluate the overall presentation, structure and content of the separate and the consolidated financial statements, including the disclosures, and whether the separate and the consolidated financial statements represent the underlying transactions and events in a manner that achieves fair presentation.
Plan and perform the group audit to obtain sufficient appropriate audit evidence regarding the financial information of the entities or business units within the group as a basis for forming an opinion on the group financial statements. We are responsible for the direction, supervision and review of the audit work performed for purposes of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, actions taken to eliminate threats or safeguards applied.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the separate and the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

A4ECB1A39DF0A2ACF2B994B3720230A0

Deloitte.

INDEPENDENT AUDITOR'S REPORT (continued)

Report on Other Legal and Regulatory Requirements

Report based on the requirements of Delegated Regulation (EU) No. 2018/815 amending Directive No. 2004/109/EC of the European Parliament and of the Council as regards regulatory technical standards for the specification of the uniform electronic format for reporting (ESEF)

Auditor’s reasonable assurance report on the compliance of separate and consolidated financial statements (financial statements), prepared based on the provision of Article 462 (5) of the Capital Market Act by applying the requirements of the Delegated Regulation (EU) 2018/815 specifying for the issuers a single electronic reporting format (“ESEF Regulation”). We conducted a reasonable assurance engagement on whether the financial statements of the Company the Group for the financial year ended 31 December 2025 prepared to be made public pursuant to Article 462 (5) of the Capital Market Act, contained in the electronic file 747800L0D5F39CX8NA43-2025-12-31-1-en_FINAL.zip have been prepared in all material aspects in accordance with the requirements of the ESEF Regulation.

Responsibilities of the Management and Those Charged with Governance

Management is responsible for the preparation and content of the financial statements in line with the ESEF Regulation.

In addition, Management is responsible for maintaining the internal controls system that reasonably ensures the preparation of financial statements without material differences with the reporting requirements from the ESEF Regulation, whether due to fraud or error.

Furthermore, Company Management is responsible for the following:

public reporting of financial statements presented in the Annual Report in valid XHTML format
selection and use of XBRL markups in line with the requirements of the ESEF Regulation.

Those charged with governance are responsible for supervising the preparation of financial statements in ESEF format as part of the financial reporting process.

Auditor’s Responsibilities

It is our responsibility to carry out a reasonable assurance engagement and, based on the audit evidence obtained, give our conclusion on whether the financial statements have been prepared without material differences with the requirements from the ESEF Regulation. We conducted our reasonable assurance engagement in accordance with the International Standard on Assurance Engagements 3000 (Revised) – Assurance Engagements Other than Audits or Reviews of Historical Financial Information (ISAE 3000). This standard requires that we plan and perform the engagement to obtain reasonable assurance for providing a conclusion.

Quality management

We have conducted the engagement in compliance with independence and ethical requirements as provided by the Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants. The code is based on the principles of integrity, objectivity, professional competence and due diligence, confidentiality, and professional conduct. We comply with the International Standard on Quality Management 1, Quality Management for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements (ISQM 1) and accordingly maintain an overall management control system, including documented policies and procedures regarding compliance with ethical requirements, professional standards, and applicable legal and statutory requirements.

A4ECB1A39DF0A2ACF2B994B3720230A0

Deloitte.

INDEPENDENT AUDITOR'S REPORT (continued)

Report on Other Legal and Regulatory Requirements (continued)

Procedures performed

As part of the selected procedures, we have conducted the following activities:

We have read the requirements of the ESEF Regulation;
We have gained an understanding of internal controls of the Company and the Group, relevant for the application of the ESEF Regulation requirements;
We have identified and assessed the risks of material differences with the ESEF Regulation due to fraud or error;
We have devised and designed procedures for responding to estimated risks and obtaining reasonable assurance in order to give our conclusion.

Our procedures focused on assessing whether:

Financial statements included in the separate and the consolidated report have been prepared in valid XHTML format;
Data included in the separate and the consolidated financial statements required by the ESEF Regulation have been marked up and meet all of the following requirements:
XBRL has been used for markups.
Core taxonomy elements stipulated in the ESEF Regulation with the closest accounting meaning were used unless an extension taxonomy element was created in line with the Annex IV of the ESEF Regulation;
Markups comply with the common rules on markups in line with the ESEF Regulation.

We believe the evidence we obtained to be sufficient and appropriate to provide a basis for our conclusion.

Conclusion

We believe that, based on the procedures performed and evidence obtained, the financial statements of the Company and the Group presented in the ESEF format, contained in the aforementioned electronic file, and based on the provision of Article 462 (5) of the Capital Market Act, have been prepared to be published for public, in all material aspects in accordance with the requirements of articles 3, 4 and 6 of the ESEF Regulation for the year ended 31 December 2025.

In addition to this conclusion, as well as the audit opinion contained in this Independent Auditor's Report for the accompanying financial statements and Annual Report for the year ended 31 December 2025, we do not express any opinion on the information contained in these documents or other information contained in the above mentioned file.

A4ECB1A39DF0A2ACF2B994B3720230A0

Deloitte.

INDEPENDENT AUDITOR'S REPORT (continued)

Report on Other Legal and Regulatory Requirements (continued)

Other reporting obligations as required by Regulation (EU) No. 537/2014 of the European Parliament and the Council and the Audit Act

We were appointed as the statutory auditor of the Company and the Group by the shareholders on General Shareholders' Meeting held on 11 June 2025 to perform audit of accompanying separate and consolidated financial statements. Our total uninterrupted engagement has lasted 8 years and covers the period from 1 January 2018 to 31 December 2025.

We confirm that:

our audit opinion on the accompanying separate and consolidated financial statements is consistent with the additional report issued to the Audit Committee of the Company on 28 April 2026 in accordance with the Article 11 of Regulation (EU) No. 537/2014 of the European Parliament and the Council;
no prohibited non-audit services referred to in the Article 5(1) of Regulation (EU) No. 537/2014 of the European Parliament and the Council were provided.

There are no services, in addition to the statutory audit, which we provided to the Company and its controlled undertakings, and which have not been disclosed in the Annual Report.

The engagement partner on the audit resulting in this independent auditor's report is Katarina Kadunc.

Katarina Kadunc

Director and certified auditor

Deloitte d.o.o.

For signatures, please refer to the original Croatian auditor's report, which prevails.

30 April 2026

Radnička cesta 80,

10 000 Zagreb,

Croatia

A4ECB1A39DF0A2ACF2B994B3720230A0

Statement of comprehensive income

for the year ended 31 December 2025

		Group		Company
		2025	2024	2025	2024
(in thousands of euros)
	Note
Revenue from contracts with customers	5	230,861	179,039	148,617	110,033
Other operating income	6	1,364	1,840	503	534
Costs of licenses and hardware sold		(160,317)	(119,696)	(88,533)	(63,217)
Raw material and supplies	7	(544)	(591)	(478)	(500)
Services costs	8	(11,280)	(10,064)	(10,303)	(10,042)
Staff costs	9	(43,322)	(37,680)	(37,100)	(30,101)
Amortization costs	10	(4,255)	(3,748)	(3,438)	(2,782)
Impairment losses (including reversal of impairment losses) from financial assets and contract assets	23	(240)	(298)	(37)	(29)
Goodwill impairment	16	(1,431)	-	(1,431)	-
Other expenses	11	(2,979)	(3,357)	(2,252)	(2,328)
Financial expenses	12	(1,860)	(1,676)	(1,667)	(601)
Financial income – interest income	13	695	362	325	113
Financial income – other	13	930	662	2,781	2,036
Impairment of investment in associates	21	(260)	-	(266)	-
Share of profit of associates	21	(90)	(1)	-	-
Profit before tax		7,272	4,792	6,721	3,116
Corporate income tax	14	(1,565)	(1,394)	(459)	(360)
Profit for current year		5,707	3,398	6,262	2,756
Attributable to:
Owners of the Company		5,758	3,398	-	-
Non-controlling interests		(51)	-	-	-
		5,707	3,398	6,262	2,756
Items that are not subsequently reclassified to profit or loss:
Profit from revaluation of land and buildings	18	-	1,675	-	1,675
Tax on profit from revaluation of land and buildings	14	-	(302)	-	(301)
Items that can be subsequently reclassified to profit or loss:
Exchange rate differences on the translation of foreign operations		(437)	17	-	-
Total comprehensive income attributable to:
Owners of the Company		5,321	4,789	6,262	4,130
Non-controlling interest		(51)	-	-	-
		5,270	4,789	6,262	4,130
Earnings per share (euros)
Basic (euros and cents)	15	2.95	1.74	3.20	1.41
Diluted (euros and cents)	15	2.95	1.74	3.20	1.41

The corresponding notes on pages 22 to 89 are an integral part of these financial statements.

SPAN d.d. and its subsidiaries
17

Statement of financial position

For the year ended 31 December 2025

		Group		Company
		31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)	Note
Assets
Non-current assets
Goodwill	16	7,474	8,905	2,471	3,902
Other intangible assets	17	5,057	6,072	3,367	3,979
Property, plant and equipment	18	6,655	7,021	6,406	6,822
Right-of-use assets	19	5,867	2,722	4,764	2,547
Investments in financial assets	20	118	52	246	45
Investments in subsidiaries	20.1	-	-	13,191	12,441
Other investments accounted for using the equity method	21	30	260	120	266
Non-current trade receivables	23	1,044	1	1	1
Deferred tax assets	25	632	1,158	624	933
Total non-current assets		26,877	26,191	31,190	30,936
Current assets
Inventories	22	287	279	284	277
Investments in financial assets	20	711	571	1,243	134
Trade and other receivables	23	41,679	29,604	27,855	20,562
Receivables for corporate income tax	23	157	164	157	131
Cash and cash equivalents	32	44,056	24,368	26,705	8,994
Total current assets		86,890	54,986	56,244	30,098
Total assets		113,767	81,177	87,434	61,034
Equity and liabilities
Equity and reserves
Share capital	28	3,920	3,920	3,920	3,920
Capital reserves	29	8,888	8,802	9,092	9,006
Profit reserves		1,216	1,458	1,127	1,369
Reserves for own shares		53	53	-	-
Own shares		(53)	(53)	-	-
Revaluation reserves - Property	30	2,902	3,130	2,902	3,130
Translational reserve of foreign operations		(657)	(220)	-	-
Other equity items		-	-	-	-
Retained earnings		21,425	16,763	17,583	12,415
Equity attributable to owners of the Company		37,694	33,853	34,624	29,840
Non-controlling interests	31	152	-	-	-
Total Equity		37,846	33,853	34,624	29,840
Long-term liabilities
Trade and other payables	27	200	-	-	-
Borrowings	24	24,651	-	24,651	-
Deferred tax liabilities	25	766	835	763	835
Lease liabilities	26	4,419	1,473	3,654	1,436
Contract liabilities	34	8	106	8	106
Total long-term liabilities		30,044	2,414	29,076	2,377
Short-term liabilities
Trade and other payables	27	39,366	32,773	20,101	17,263
Lease liabilities	26	1,574	1,303	1,308	1,159
Borrowings	24	708	5,522	721	5,522
Contract liabilities	34	100	2,255	100	2,255
Deferred income	33	3,792	2,714	1,504	2,618
Corporate profit tax liability	27	337	343	-	-
Total short-term liabilities		45,877	44,910	23,734	28,817
Total Liabilities		75,921	47,323	52,810	31,194
Total equity and liabilities		113,767	81,177	87,434	61,034

The corresponding notes on pages 22 to 89 are an integral part of these financial statements.

SPAN d.d. and its subsidiaries
18

Statement of changes in shareholder's equity

for the year ended 31 December 2025

	Group
	Share capital	Capital reserves	Profit reserves	Reserves for own shares	Own shares	Revaluation reserves - Property	Translational reserve of foreign operations	Retained earnings	Owners of the parent	Non-controlling interests	Total
(in thousands of euros)
Balance as of 01 January 2024	3,920	9,919	1,377	624	(624)	1,877	(237)	13,248	30,103	320	30,423
Profit for the year (note 15)	-	-	-	-	-	-	-	3,398	3,398	-	3,398
Changes in revaluation reserves (note 30)	-	-	-	-	-	1,253	-	121	1,374	-	1,374
Other comprehensive income for the year less corporate profit tax	-	-	-	-	-	-	17	-	17	-	17
Total comprehensive income	-	-	-	-	-	1,253	17	3,519	4,789	-	4,789
Changes in reserves and development costs	-	-	81	-	-	-	-	(81)	-	-	-
Change of controlling interests	-	(928)	-	-	-	-	-	93	(835)	(320)	(1,155)
Repurchase of own shares	-	-	-	233	(233)	-	-	(233)	(233)	-	(233)
Allotment of own shares in line with IFRS 2 (note 29)	-	(189)	-	(804)	804	-	-	804	615	-	615
Dividend paid	-	-	-	-	-	-	-	(586)	(586)	-	(586)
Balance as of 31 December 2024	3,920	8,802	1,458	53	(53)	3,130	(220)	16,763	33,853	-	33,853
Profit for the business year (note 15)	-	-	-	-	-	-	-	5,758	5,758	(51)	5,707
Change in revaluation reserves (note 30)	-	-	-	-	-	(228)	-	228	-	-	-
Other comprehensive income for the current year less corporate profit tax	-	-	-	-	-	-	(437)	-	(437)	-	(437)
Total comprehensive income	-	-	-	-	-	(228)	(437)	5,986	5,321	(51)	5,270
Change of reserves and development costs	-	-	(242)	-	-	-	-	242	-	-	-
Change of controlling interests (note 31)	-	-	-	-	-	-	-	-	-	203	203
Repurchase of own shares/stocks	-	-	-	776	(776)	-	-	(776)	(776)	-	(776)
Allotment of own shares in line with IFRS 2 (note 29)	-	86	-	(776)	776	-	-	776	862	-	863
Dividend paid	-	-	-	-	-	-	-	(1,564)	(1,564)	-	(1,564)
Other allotments	-	-	-	-	-	-	-	(2)	(2)	-	(2)
Balance as of 31 December 2025	3,920	8,888	1,216	53	(53)	2,902	(657)	21,425	37,694	152	37,846

The corresponding notes on pages 22 to 89 are an integral part of these financial statements.

SPAN d.d. and its subsidiaries

Statement of changes in shareholder's equity

for the year ended 31 December 2025

	Company
	Share capital	Capital reserves	Profit reserves	Reserves for own shares	Own shares	Revaluation reserves - Property	Retained earnings	Total
(in thousands of euros)
Balance as of 01 January 2024	3,920	9,919	1,259	571	(571)	1,877	10,107	27,082
Profit for the year (note 15)	-	-	-	-	-	-	2,756	2,756
Changes to revaluation reserves (note 30)	-	-	-	-	-	1,253	120	1,374
Total comprehensive income	-	-	-	-	-	1,253	2,877	4,130
Changes in reserves and development costs	-	-	110	-	-	-	(110)	-
Repurchase of own shares	-	-	-	233	(233)	-	(233)	(233)
Allotment of own shares in line with IFRS 2 (note 29)	-	(189)	-	(804)	804	-	804	615
Dividend paid	-	-	-	-	-	-	(586)	(586)
Merger of companies	-	(724)	-	-	-	-	(444)	(1,168)
Balance as of 31 December 2024	3,920	9,006	1,369	-	-	3,130	12,415	29,840
Profit for the year (note 15)	-	-	-	-	-	-	6,262	6,262
Change of revaluation reserves (note 30)	-	-	-	-	-	(228)	228	-
Total comprehensive income	-	-	-	-	-	(228)	6,490	6,262
Changes in reserves and development costs	-	-	(242)	-	-	-	242	-
Repurchase of own shares/stocks	-	-	-	776	(776)	-	(776)	(776)
Allotment of own shares in line with IFRS 2 (note 29)	-	86	-	(776)	776	-	776	862
Dividend paid	-	-	-	-	-	-	(1,564)	(1,564)
Balance as of 31 December 2025	3,920	9,092	1,127	-	-	2,902	17,583	34,624

The corresponding notes on pages 22 to 89 are an integral part of these financial statements.

SPAN d.d. and its subsidiaries

Statement of cash flows

For the year ended 31 December 2025

		Group		Company
(in thousands of euros)	Note	2025	2024	2025	2024
Profit of the year before tax		7,272	4,792	6,721	3,116
Adjustments:
Financial income	13	(695)	(362)	(2,622)	(1,763)
Financial expenses	12	724	350	747	348
Depreciation of property plant and equipment	10	1,218	999	1,085	881
Depreciation of right-of-use assets	10	1,559	1,338	1,350	1,128
Amortisation of intangible assets	10	1,478	1,410	1,003	773
Gains and losses from impairment of financial assets less reversals	23, 12	2,021	301	1,734	58
Gains and losses from sales and value adjustments of non-current tangible and intangible assets		18	(32)	19	(33)
Net carrying value of disposed property plant and equipment	18	53	27	44	8
Operating cash flows before changes in working capital		13,648	8,823	10,081	4,516
Decrease/(increase) in inventories		(8)	(4)	(7)	(15)
Decrease/(increase) of trade and other receivables		(12,431)	2,254	(6,377)	(888)
Increase/(Decrease) of trade and other payables		7,167	3,185	3,117	2,364
Increases/(Decreases) in contractual liabilities		-	(301)	-	(301)
Increases/(decreases) in deferred income		(289)	(1,401)	(2,196)	(1,905)
Cash from operations		8,087	12,555	4,618	3,771
Corporate income tax paid		(1,116)	(623)	(247)	(266)
Net cash from operating activities		6,971	11,932	4,371	3,506
Investing activities
Interest received		695	362	325	113
Dividends received		-	-	2,297	1,650
Purchase of property, plant and equipment	18	(915)	(762)	(713)	(704)
Purchase of intangible assets	17	(553)	(348)	(480)	(432)
Sales of non-current tangible and intangible assets		71	33	71	33
Acquisition of subsidiary	20.1	(2,316)	(2,228)	(3,067)	(2,462)
Paid investment in associates	21	(120)	-	(120)	-
Net cash (used in)/from investing activities		(3,138)	(2,943)	(1,687)	(1,802)
Financial activities
Dividends paid		(1,564)	(586)	(1,564)	(586)
Interest paid		(289)	(334)	(299)	(331)
Repayment of loans and borrowings	24	(11,750)	(7,600)	(14,761)	(10,157)
Cash receipts from loans and borrowings	24	6,501	10,999	8,440	13,449
Repayment of liabilities for lease		(1,694)	(1,480)	(1,440)	(1,189)
Cash receipts from issued bonds		24,651	-	24,651	-
Net cash (used in)/from financing activities		15,855	999	15,027	1,186
Net increase/(decrease) in cash and cash equivalents		19,688	9,990	17,711	2,890
Cash acquired through the acquisition/merger of a subsidiary		-	-	-	1,272
Cash and cash equivalents at the beginning of the year		24,368	14,379	8,994	4,832
Cash and cash equivalents at the end of the year	32	44,056	24,368	26,705	8,994

The corresponding notes on pages 22 to 89 are an integral part of these financial statements.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

1. General

SPAN d.d. (hereinafter: "The Company") is a joint stock company established and registered in the Republic of Croatia. The ultimate controlling parties of the Company are Nikola Dujmović President of the Management Board and other investors.

The amounts in these financial statements are expressed in euros and rounded to the nearest thousand. Foreign parts of the business are included in accordance with the policies described in note 3. Due to technical limitations related to textual marking of notes in the group's and company's financial statements in accordance with the Single Electronic Format (European single electronic format; ESEF) the content of certain XBRL tags related to tabularly displayed disclosures may not be shown identically to the accompanying financial statements.

The principal activities of the Company and its subsidiaries (the Group) and the nature of the Group's activities are described below.

a. SPAN d.d.

Span d.d., Zagreb. company registration number: 080192242, Company ID: 19680551758. was established under the laws and regulations of the Republic of Croatia as a limited liability company, on 23 March 1993. On 13 December 2019, the General Assembly of the Company adopted the Decision on the transforming the company into a joint stock company.

Headquarters: Zagreb, Koturaška cesta 47

Management Board: Nikola Dujmović, President of the Management Board and the following members of the Management Board: Ana Vukšić, Saša Kramar and Mihaela Trbojević.

The subject of operation of the Company is resale of software licenses and provision of various information technology services.

b. Trilix d.o.o.

Company Trilix d.o.o., Zagreb, company registration number: 080621127, Company ID: 23149457295. was established according to the laws and regulations of the Republic of Croatia as a limited liability company, on 8 August 2007.

Headquarters: Zagreb, Ulica grada Vukovara 269F

Management Board: Mladen Amidžić, President of the Management Board and Nikola Dujmović, Member of the Management Board

The company's core activities are the following: IT security consultancy; business and other management consulting services; and computing and related activities.

c. SPAN d.o.o., Ljubljana

Span d.o.o., Ljubljana. company registration number: 359638900, was established under the laws and regulations of the Republic of Slovenia as a limited liability company, on 18 August 2009.

Headquarters: Ljubljana, Verovškova ulica 55A, Republic of Slovenia

Directors of the company: Miha Koren, director and Saša Kramar, director

The subject of the Company's business is the design of information systems and the provision of services from the IT solutions segment on the Slovenian market.

d. SPAN IT Ltd., London

SPAN IT Ltd., London, company registration number: 06810505, was established under the laws and regulations of the United Kingdom as a limited liability company, on 5 February 2009.

Company headquarters: 1 Giltspur Street, Farringdon, London, United Kingdom, EC1A 9DD

Directors of the company: Saša Kramar, director and Marijan Mlađan, director

The subject of the Company's business is the provision of services in the field of IT solutions on the UK market.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

1. General (continued)

e. SPAN USA, Inc.

SPAN USA, Inc., company registration number: 68-0682850, was incorporated under the laws and regulations of the United States of America as a limited liability company, On 10 October 2012. Headquarters: 10 South Riverside Plaza, Suite 875, Chicago, IL 60606, United States. Directors of the company: Marijan Mlađan, President of the Management Board, Nikola Dujmović, Secretary. The company's business is to provide IT services and customer support in the United States.

f. Span Azerbaijan LLC, Baku

Span Azerbaijan LLC, company registration number: 1701936521, was established under the laws and regulations of Azerbaijan as a limited liability company, on 15 April 2016. Headquarters: Landmark I Building 96E Nizami Street, Baku, AZ1010, Azerbajdzan. Director of the company: Sabina Huseynova, director. The subject of the Company's business is consulting and services in information technologies.

g. Span LLC

Span LLC, company registration number: 42424948, was established under the laws and regulations of Ukraine, as a limited liability company, on 30 August 2018. Headquarters: Naberezhno-Khreshchatytska St. 9, building 9, 4th floor, 04070 Kiev, Ukraine. Director of the company: Oleg Avilov Mikolajević, director. The subject of the Company's business is consulting and services in information technologies.

h. SPAN GmbH

SPAN GmbH, company registration number: 242618, was established under the laws and regulations of Germany, as a limited liability company, on 31 July 2018. Company headquarters: Marcel-Breuer-Str. 15, 80807 München, Germany. Directors of the company: Nikola Dujmović, director and Saša Kramar, director. The subject of the Company's business is consulting and services in information technologies.

i. Span-IT s.r.l.

Span-IT s.r.l., company registration number: 1021600030638. was established under the laws and regulations of Moldova. as a limited liability company, on 19 July 2021. Headquarters: str. 31 August 1989, 78, mun., Chisinau, Moldova. Directors of the company: Nikola Dujmović, director, Saša Kramar, director and Serghei Smigaliov, director. The subject of the Company's business is consulting in the field of information technologies.

j. Inkubator kibernetičke sigurnost d.o.o.

Inkubator kibernetičke sigurnosti d.o.o., Zagreb, company registration number: 081452193, Company ID: 88052917618, was established according to the laws and regulations of the Republic of Croatia as a limited liability company, on 21 July 2022. Headquarters: Zagreb. Koturaška cesta 47. Directors of the company: Mihaela Trbojević, President of the Management Board, Nikola Dujmović, Member of the Management Board and Saša Kramar, Member of the Management Board. The subject of the Company's business are computer and related activities.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

1. General (continued)

k. GT Tarkvara OU

GT Tarkvara OU was established on August 7, 1997, and on March 31, 2023, Span acquired the 100% ownership of the company in question by the agreement on purchase and sale of business shares.

Headquarters: Harju maakond, Tallinn, Kesklinna linnaosa, Pärnu mnt 141, 11313. The Company's directors: Ahti Leppik, director and Saša Kramar, director. The subject of the Company's business is the sale of computers, computer equipment and software.

l. Span LLC

Span LLC, Tbilisi, Georgia was founded in September 2023. Headquarters: Vake District, Nikoloz Kipshidze Street, N12B, Apartment 51, Tbilisi, Gruzija. Directors of the company: Tahir Alyev, director. The subject of the Company's business is consulting and services in information technologies.

m. Span B.V.

The company Span B.V., MB: 95799907, was founded on December 16, 2024. Sjedište društva: Keizersgracht 482, 1017 EG, Amsterdam, Nizozemska. The company's director: Davor Majetić, director. The company's business is software licensing, providing security and cloud services, etc.

n. Span Cyber Security Center

On December 20, 2024, the Commercial Court in Zagreb issued a decision on the registration of the establishment of an institution under number 081625374, with the aim of providing various training and professional development programs in the field of cybersecurity and related areas through formal and informal forms of adult education. Founder is company Span d.d. Institution headquarters: Savska cesta 32, Zagreb. Director: Marinko Žagar

o. Span Kazakhstan Limited

Span Kazakhstan Limited, company registration number: 250340900945, established on March 28, 2025. Headquarters: 010000, Astana, Esil district, 12/1 Dinmukhamed Qonayev, office 4-05 (d, e, f). Company's director: Vladislav Kuzin, President of the Management Board, Nikola Dujmović, director, Davor Majetić, director. The subject of the Company's business is consultancy services in the area of IT technologies.

p. Span IT s.r.o.

Span IT s.r.o., company registration number: 231 66 801, established on April 9, 2025. Headquarters: Evropská 2588/33a, Dejvice, 160 00 Prague 6. Company's director: Nikola Dujmović, Director and Davor Majetić, Director. The subject of the Company's business is computer and related activities.

q. Span Polska sp. z o.o.

Span Polska sp. z o.o, company registration number: 0001175070, established on May 26, 2025. Headquarters: Plac Piłsudskiego 1, Warsaw, Poland. Company's director: Michal Cherek, President of the Management Board, Davor Majetić, Director. The subject of the Company's business is provision of IT technology services.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

1. General (continued)

r. Span Romania s.r.l.

Span Romania s.r.l., company registration number: J2025045725006, established on June 25, 2025. Headquarters: Office 120 Register 06, 1st floor, Strada C.A. Rosetti 17, District 2, Bucharest, Romania. Company's director: Davor Majetić, Director. The subject of the Company's business is provision of services in the IT technology area.

s. Span Hellas S.A.

Span Hellas S.A., company registration number: 185798801000, osnovano je 9. srpnja 2025. godine. Headquarters: 54 Grigoriou Lampraki str., Glyfada, Attica, 16674. Company's director: Vasileios Papoulias, Director. The subject of the Company's business is provision of services in the IT technology area.

SPAN d.d. and its subsidiaries
25

Notes to financial statements

For the year ended 31 December 2025

2. Adoption of new and amended international financial reporting standards ("IFRS") and interpretations

a) First application of new amendments to the existing standards effective for the current reporting period

In the current year, the Company applied amendments to the IAS 21 “Lack of Exchangeability” published by the International Accounting Standards Board (IASB) and adopted by the EU, which shall be applied mandatorily for accounting periods starting as at or after January 1, 2025. Their adoption did not lead to any substantive change in announcements or amounts presented in these financial statements.

b) Standards and amendments to the existing standards that have been published but have not yet become effective

On the date when the issuance of these financial statements was approved, the Company did not apply new and amended IFRSs that were published, but had not yet become effective:

Standard	Name	Date of entry into force
Amendments to IFRS 9 and IFRS 7	Amendments in the classification and measurements of financial instruments	January 1, 2026
Amendments to IFRS 9 and IFRS 7	Contracts related to electricity dependant on natural factors	January 1, 2026.
Amendments to IFRS 1, IFRS 7, IFRS 9, IFRS 10 and IAS 7	Annual improvements of IFRS accounting standards – Issue 11	January 1, 2026.
IFRS 18	Presentation and disclosure in financial statements	January 1, 2027.
IFRS 19 (with additional amendments)	Subsidiaries without public responsibility: Announcements	January 1, 2027.
Amendments to IFRS 10 and IAS 28	Sales and contribution of assets between the investor and their affiliated company or a joint venture and further amendments	Deferred for indefinite time

The Company believes that adoption of the above standards will not lead to significant change in the financial statements of the Company in future periods.

c) New standards and amendments to the existing standards that have been published and adopted in the European Union but have not yet become effective

On the date when the issuance of these financial statements was approved, the Company did not apply yet new and amended IFRSs that were published by IASB and adopted by the EU but had not yet become effective:

Standard	Name	Date of entry into force
Amendments to IFRS 9 and IFRS 7	Amendments in the classification and measurements of financial instruments	January 1, 2026.
Amendments to IFRS 9 and IFRS 7	Contracts related to electricity dependant on natural factors
(IASB Date of entry into force: January 1, 2026.)	January 1, 2026.
Amendments to IFRS 1, IFRS 7, IFRS 9, IFRS 10 and IAS 7	Annual improvements of IFRS accounting standards – Issue 11	January 1, 2026.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

2. Adoption of new and amended International Financial Reporting Standards ("IFRS") and interpretations (continued)

d) New standards and amendments to the existing standards that have been published, but have not yet been adopted in the European Union

Currently the standards adopted by the EU do not differ significantly from the regulations adopted by the International Accounting Standards Board. except for the following new standards and amendments to existing standards. which have not yet been adopted by the EU:

Standard	Name	Adoption status in the EU
IFRS 18	Presentation and Disclosure in Financial Statements (IASB effective date: 1 January 2027)	They have not yet been adopted in the EU
IFRS 19 (with additional amendments)	Non-Publicly Responsible Subsidiaries: Disclosures (IASB effective date: 1 January 2027)	They have not yet been adopted in the EU
IFRS 14	Regulatory Deferral Accounts (Effective date set by the IASB: 1 January 2016)	The European Commission has decided to postpone the process of adopting this transitional standard until the publication of its final version
Amendments to IFRS 10 and IAS 28	The sale or entry of assets between the investor and its associated entity or joint venture and further amendments	procedure postponed until completion of the research project on the topic of application of the share method

The Company and the Group do not expect that the adoption of the above Standards will have a significant impact on the financial statements of the Company and the Group in future periods.

The Hedge accounting concerning the portfolio of financial assets and liabilities the principles of which have not yet been adopted by the EU is still not regulated. According to the Company's estimates, application of Hedge accounting on the portfolio of the financial assets and liabilities in line with IAS 39 "Financial instruments: recognition and measurement" would not lead to significant change in the financial reports if applied on the date of the report.

SPAN d.d. and its subsidiaries
27

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies

Accounting principle

The financial statements have been prepared in accordance with International Financial Reporting Standards adopted by the European Union (IFRS) and therefore the Group and the Company's financial statements are in accordance with Article 4 of the Regulation (EU) on international accounting standards.

The financial statements are prepared on the principle of historical cost, with the exception of the revaluation of certain property, which are presented in revalued amounts. as explained in the accounting policies that follow. The historical cost is based mainly on the fair value of the consideration given in exchange for goods or services.

The following is an overview of significant information on the accounting policies adopted for the preparation of these financial statements. These accounting policies are consistently applied for all periods included in these statements.

Going Concern

The Management Board has, at the time of approving the financial statements, a reasonable expectation that the Group and Company have adequate resources to continue in operational existence for the foreseeable future. Thus they continue to adopt the going concern basis of accounting in preparing the financial statements.

Basis for consolidation

The consolidated financial statements incorporate the financial statements of the Company and entities controlled by the Company made up to 31 December 2025. Consolidation of a subsidiary begins when the Company obtains control over the subsidiary and ceases when the Company loses control of the subsidiary. Specifically, the results of subsidiaries acquired or disposed of during the year are included in the consolidated statement of comprehensive income from the date the Company gains control until the date when the Company ceases to control the subsidiary. Where appropriate, adjustments were made in the subsidiaries' financial statements to align their accounting policies with those of the Company. The consolidation eliminates in full intra-Group assets and liabilities, equity, income, expenses and cash flows relating to transactions between entities of the Group. Non-controlling interests in subsidiaries are accounted for separately from the Group's ownership interest. Those interests of non-controlling shareholders that are present entitle their holders to a proportionate share of net assets upon liquidation may initially be measured at fair value or at the non-controlling interests' proportionate share of the fair value of the acquiree's identifiable net assets. Valuation method is selected separately for each acquisition. Remaining non-controlling interests are initially measured at fair value. After acquisition, the carrying value of non-controlling interests is the amount of shares at initial recognition increased by the share of non-controlling interest in subsequent changes to the equity. Profit or loss and each component of other comprehensive income are attributed to the owners of the Company and to the non-controlling interests. Total comprehensive income shall be attributed to the owners of the Company and non-controlling interests even if this results in the non-controlling interests having a deficit balance.

Investments in subsidiaries

Subsidiaries are companies in which the Group has the power to influence their operating and financial policies. In the Span Group, these are all companies in which Span has over 50% ownership interest. Investments in subsidiaries are valued at acquisition cost less impairment, if any. Investments in subsidiaries are tested annually for potential impairment. The difference is made between the current carrying value and the fair value calculated based on the free cash flow model. If the fair value is lower than the carrying value, the Company adjusts the carrying value to fair value. The cost or income from impairment of investment into subsidiaries is recognized in the profit and loss statement for the year. The prior recognized cost from impairment can be annulled in case the fair value calculated on the date of reporting is higher than the carrying value, but not more than up to the acquisition cost.

Investments in associates

Investments in associates are investments in companies in which the Group has significant influence over their operating and financial policies. In the Span Group, these are companies in which Span has 20% - 49% ownership interest. Investments in associates are measured at cost and are subsequently adjusted using the equity method. The equity method means that the value is adjusted for the profit or loss of the associate in each reporting period in proportion to the ownership interest less any dividends received by Span from the associate. The proportionate profit or loss attributable to Span Group is recognized in the income statement.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Business combinations

Acquisitions of businesses are accounted for using the acquisition method. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group, liabilities incurred by the Group to the former owners of the acquiree and the equity interest issued by the Group in exchange for control of the acquiree. Acquisition-related costs are recognized in profit or loss as incurred.

At the date of acquisition, the assets acquired, and the identifiable liabilities assumed are recognized at their fair value on the date of acquisition.

Goodwill is measured as the excess of the sum of the consideration transferred, the amount of any non-controlling interests in the acquiree, and the fair value of the acquirer's previously held equity interest in the acquiree (if any) over the net of the acquisition-date amounts of the identifiable assets acquired and the liabilities assumed. If the reassessment finds that the share of the Group in the fair value of the identifiable amount of the acquiree's net assets exceeds the sum of the consideration transferred, the amount of non-controlling interest, if any, and the fair value of the acquirer's previously held equity interest in the acquiree, the difference shall be recognized immediately in profit or loss as a gain from a bargain purchase.

When the consideration the Group transfers within business merger includes a contingent consideration arrangement, that consideration will be recognized at fair value on the date of the acquisition and will be included in the consideration being transferred within the business merger. Changes in fair value of the contingent consideration that meet the acceptability criteria as consideration in the period of evaluation, i.e. measurements, are adjusted retrospectively, together with the related adjustment of goodwill. The adjustments in the period of evaluation are those that are a consequence of additional knowledge of facts and circumstances that existed on the date of the acquisition, which were acquired in the period of evaluation, i.e. measurement, which may not be longer than a year counting from the date of the acquisition.

Goodwill

Goodwill is not amortized, but is tested for impairment at least once a year. For the purpose of impairment testing, goodwill is allocated to each of the Group's cash-generating units (or groups of cash-generating units) expected to benefit from the synergies of the combination. A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. If the recoverable amount of the cash-generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro rata on the basis of the carrying amount of each asset in the unit. Such impairment loss for goodwill will not be reversed in subsequent periods.

The policy used by the Group for calculating goodwill resulting from acquisition of associates is described in note 16.

Revenue Recognition

Revenue is measured based on the consideration to which the Group and Company expect to be entitled according to the customer contract, excluding amounts collected on behalf of third parties. The Group and Company recognize revenue when they transfer control of a licence, product or service to a customer.

The Group and the Company shall report revenue from the following main sources:

sale of licences;
sale of hardware and
sale of service

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Revenue recognition (continued)

Sale of licenses

Revenue from sale of different types of licences is primarily realised from the sale of Microsoft licences. The Group and Company are primarily responsible for delivering specific characteristics of licences to customers, they are exposed to the potential risk of rejection of licences by the customer and have the discretion to define prices and benefits from licences to the moment of transfer of control. Licences are prepared for activation for a specific customer and are granted at a particular point in time. The Group and Company determine that the license agreement does not require, and the customer does not reasonably expect, that the Group and Company shall undertake activities that significantly affect the software. Since the reseller shall not undertake activities that significantly affect the intellectual property for which the users have rights and benefits, be they positive or negative activities that do not affect the licensor; and that the activities that might affect the intellectual property do not constitute additional performance actions in the contract, the licences thus represent the right of usage and the Group, therefore, recognizes revenue at a particular point in time. Revenue is recognized when control of the licence has been transferred, that is at the point the licences become available to the customer and the customer has gained the control over a licence. The value of transactions from these contracts has been defined in framework contracts with customers (usually on an annual basis), determined based on price lists, and charged within 30 days. Based on the framework contract, the customers use order requests for purchasing licences to commit to the purchase during the life of the contract. The Group and Company use a practical exception for disclosing the transaction price allocated to outstanding performance obligations since they have the right to the consideration paid by the customer in the amount equivalent to the value of the performance obligation by the reporting date, thus the Group and Company recognizes revenue in the amount that they invoice. The Group and Company do not expect variable consideration from such contracts. In case the contract at the same time includes the delivery of licences and provision of advisory services as part of the solutions requested by the customer, advisory services, as well as licences, are considered individual distinct performance obligations. Transaction price is distinct in contracts per type of licence and advisory service, thus is determined based on an individual sales price of a licence or service.

Sale of hardware

The Group and Company sell hardware directly to customers in line with the contract on the sale of hardware and provision of services or individual contracts on the sale of hardware. Revenue is recognized at the point in time when the control over the equipment has been transferred to customers, and the sale of equipment is considered a distinct performance obligation. Transferring control to the customer entails physical ownership and use of hardware by the customer, transfer of all rights to use and risks of use of hardware to the customer, as well as the Group and Company's right to payment. The process of sale of hardware in most cases meets the condition to transfer of control after the goods have been delivered to the customer's specific location. Transaction prices stipulated in these contracts are usually fixed and are collected after the delivery of the hardware and installation services provided.

Sales of services

Advisory services the Group provides are divided in two main service groups: services related to contracted projects with customers, and advisory services which refer to customer support based on contracted price lists. Advisory services related to contracted projects (e.g. installation and/or development of different software products for specialised business operations) are recognized as a performance obligation satisfied over time. Revenue is recognized in the financial statements based on the stage of completion of the contract. The management and competent bodies have assessed that the stage of completion determined as the proportion of the expected project duration, i.e. time that has elapsed at the end of the reporting period is an appropriate measure of progress towards complete satisfaction of these performance obligations under IFRS 15. Since the projects are related to the time cost of each developer, the time spent on the project reflects the work performed, i.e. delivered. If the services are charged in an amount higher than required considering their stage of completion, the difference is recognized as deferred income. Support advisory services include hourly based standard services recognized at a certain time of delivery of services based on contracted price lists.

A support advisory service is a distinct service as it is both regularly supplied by the Group and Company to other customers on a stand-alone basis and is available for customers from other providers in the market. Discounts are not considered as they are only given in rare circumstances and are not material.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Leases

Group and Company as a lessee

The Group and Company assess whether a contract is or contains a lease at the beginning of the contract. The Group and Company recognize a right-of-use asset and a corresponding lease liability with respect to all lease arrangements in which they are the lessee, except for short-term leases (defined as leases with a lease term of 12 months or less) and leases of low value assets (such as tablets and personal computers, small items of office furniture and telephones). For these leases, the Group and Company recognize the lease payments as an operating expense on a straight-line basis over the term of the lease unless another systematic basis is more representative of the time pattern in which economic benefits from the leased assets are consumed.

The lease liability is initially measured at the present value of the lease payments that have not been settled at the beginning of the lease term, discounted at the rate implicit in the lease. If this rate cannot be readily determined, the Group and Company use their incremental borrowing rate.

The lease liability is presented as a separate line in the statement of financial position.

The lease liability is subsequently measured by increasing the carrying amount to reflect interest on the lease liability (using the effective interest method) and by reducing the carrying amount to reflect the lease payments made.

The right-of-use assets include the initial measurement of the relevant lease liability, lease payments made at or before the commencement date of the lease, less any lease incentive received for concluding the operating lease and all initial direct costs. These are subsequently measured at cost less accumulated depreciation and accumulated impairment losses.

The right-of-use assets are presented as a separate line in the statement of financial position.

The Group and Company apply IAS 36 to determine whether a right-of-use asset is impaired and account for any identified impairment loss as described in the 'Property and Equipment' policy.

Group as a lessor

Leases in which the Group is the lessor are classified as financial or operating leases.

When the Group is an intermediate lessor, it accounts for the head lease and the sub-lease as two separate contracts. The sub-lease is classified as a finance or operating lease by reference to the right-of-use asset arising from the head lease.

Rental income from operating leases is recognized on a straight-line basis over the term of the relevant lease. Initial direct costs incurred in negotiating and arranging an operating lease are added to the carrying amount of the leased asset and recognized on a straight-line basis over the lease term.

SPAN d.d. and its subsidiaries
31

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Foreign currencies

In the financial statements, assets and liabilities of the Group's foreign operations have been calculated using the exchange rates prevailing at the end of the reporting period. Income and expense items are translated at the average exchange rates for the period, unless exchange rates fluctuate significantly during that period, in which case the exchange rates at the date of transactions are used. Potential foreign exchange differences are recognized in other comprehensive income and accumulated in a foreign exchange translation reserve (and added to non-controlling interests, if any).

Goodwill and fair value adjustments arising on the acquisition of a foreign entity are treated as assets and liabilities of the foreign entity and translated at the closing rate. Such foreign exchange differences are recognized in other comprehensive income.

Government grants

Government grants that are receivable as compensation for expenses or losses already incurred or for the purpose of giving immediate financial support to the Group and Company with no future related costs are recognized in profit or loss in the period in which they become receivable.

Tax reliefs for investment

Tax reliefs for investment are considered to be reliefs arising from state incentive measures that allow the Company and the Group to reduce the tax liability of corporate tax or other specified taxes in future periods and are related to the acquisition of certain assets and / or the performance of a particular activity and / or the fulfilment of certain specific conditions prescribed by the relevant regulations for investment incentives by the relevant authorities. Tax credits for investments are recognized as deferred tax assets and tax revenue when the necessary conditions are met for this in the amount of relief estimated to be available to the Company and the Group during the period of the incentive measure. Deferred tax assets recognized as a result of the tax relief for investments are abolished during the period of the incentive measure. i.e. until the expiry of the relief (if specified), in accordance with the availability of tax liabilities in subsequent years.

SPAN d.d. and its subsidiaries
32

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Retirement and termination benefits

Payments made to a defined contribution retirement benefit plan are recognized as expenses once the employees have their right to contributions. Payments made to state-managed retirement benefit plans are accounted for as payments to defined contribution plans where the Group and Company's obligations under the plans are equivalent to those arising in a defined contribution retirement benefit plan.

Short-term and other long-term employee benefits

A liability is recognized for benefits accruing to employees in respect of salaries, annual leave and sick leave in the period the related service is rendered at the undiscounted amount of the benefits expected to be paid in exchange for that service.

Liabilities recognized in respect of short-term employee benefits are measured at the undiscounted amount of the benefits expected to be paid in exchange for the related service.

Furthermore, the Company usually rewards its employees for their exceptional performance for the year by making bonus payments in the form of Company shares (own shares). The fair value of the shares is established once the vesting period expires, at the share's market price.

In line with the Remuneration Policy, the Management Board members' annual bonus constitutes a variable portion of their remuneration and amounts to a maximum of 40% of their annual salary which is equal to 12 monthly gross salaries, as defined in the contract on their rights and obligations concluded between individual members of the Management Board and the Company. The Company may decide to make annual bonus payments in the form of Company shares, in which case the Company transfers own shares to the member of the Management Board.

Taxation

Current tax

The tax currently payable is based on the taxable profit for the year. Taxable profit differs from the net profit reported in profit or loss because it excludes items of income or expense that are taxable or deductible in other years and it further excludes items that are not taxable or deductible at all. The Group and Company's liability for current tax is calculated using tax rates that have been enacted or substantively enacted by the end of the reporting period.

Provisions are recognized for matters with uncertain tax charge, when an outflow of funds to the tax authority is highly probable. Provisions are measured by using the best estimate of likely tax values. The estimate is based on the judgement of tax experts within the Company in line with prior experience in such activities and, in certain cases, based on tax advice of independent experts.

Deferred tax

Deferred tax is recognized as the difference between the carrying amount of assets and liabilities in the financial statements and the corresponding tax basis used in the computation of taxable profit and is accounted for using the balance sheet liability method.

The carrying amount of deferred tax assets is reviewed at each reporting date and reduced to the extent that it is no longer probable that sufficient taxable profit will be available to allow all or a part of the asset to be recovered.

Deferred tax is measured at the tax rates that are expected to apply in the period in which the liability is settled or the asset realised, based on tax rates and tax laws that have been enacted or substantively enacted by the end of the reporting period.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Property, plant and equipment

Buildings and land used in the supply of goods or services, or for administrative purposes, are stated in the statement of financial position at their revalued amounts, being the fair value at the date of revaluation, less any subsequent accumulated depreciation and subsequent accumulated impairment losses.

Any revaluation increase arising on the revaluation of buildings is credited to the property's revaluation reserve, except to the extent that it reverses a revaluation decrease for the same asset previously recognized as an expense, in which case the increase is credited to profit or loss to the extent of the decrease previously expensed. A decrease in carrying amount arising on the revaluation of buildings is charged as an expense to the extent that it exceeds the balance, if any, held in the property's revaluation reserve relating to a previous revaluation of that asset.

Depreciation on revalued buildings is recognized in profit or loss. When selling or retiring items of non-current assets recorded at the revalued amount, every surplus recognized in the revaluation reserve is directly transferred to retained earnings.

Fixed tangible assets under construction and land are not depreciated. Equipment is reported at a cost less accumulated depreciation and impairment losses.

Depreciation is recognized so as to write off the cost or valuation of assets, other than owned land and non-current tangible assets under construction, over their useful lives, by using the straight-line method, on the following bases:

Buildings	5% p.a.
IT equipment	15-50% p.a.
Office equipment	15-25% p.a.

Estimated useful life, residual value, and depreciation method are reviewed at the end of each reporting period, with impacts of potential changes in estimated accounted for prospectively.

Buildings and equipment are no longer accounted for or recognized after they have been sold or when future economic benefits associated with their use are no longer expected. The gain or loss arising on the disposal or retirement of an asset is determined as the difference between the sales proceeds and the carrying amount of the asset and is recognized in profit or loss.

Intangible assets acquired separately

Intangible assets with finite useful lives that are acquired separately are carried at cost less accumulated amortisation and accumulated impairment losses. Amortisation is recognized on a straight-line basis over their estimated useful lives which are disclosed in note 18. Estimated useful life and depreciation method are reviewed at the end of each reporting period, with impacts of potential changes in estimated accounted for prospectively.

Depreciation is recognized so as to write off the cost or valuation of assets less their residual values over their useful lives, using the straight-line method, on the following bases:

Software and other rights	25% p.a.

Separately acquired intangible assets include software and other rights and intangible assets under constructions.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Internally developed intangible assets

The amount initially recognized for internally generated intangible assets is the sum of expenditures incurred as of the date when the assets met the recognition criteria. If internally developed intangible assets cannot be recognized, expenditures from development are recognized in profit and loss for the period in which they incurred. After initial recognition, internally developed intangible assets are reported at cost less accumulated amortisation and accumulated impairment losses, on the same basis as intangible assets that are acquired separately. Internally generated intangible assets consist of software development and intangible assets under construction.

Intangible assets acquired in a business combination

Subsequent to initial recognition, internally generated intangible assets are reported at cost less accumulated amortisation and accumulated impairment losses, on the same basis as intangible assets that are acquired separately.

Derecognition of intangible assets

Intangible assets are derecognized on disposal or when future economic benefits associated with the use of the asset are no longer expected. The gain or loss arising on the derecognition of an intangible asset item is determined as the difference between the net sales proceeds and the carrying amount of the item and is recognized in profit or loss for the period of derecognition.

Impairment of buildings and equipment and intangible assets other than goodwill

At each reporting date, the Group and the Company review the carrying amounts of their property and equipment, and intangible assets to determine whether there is any indication that those assets have suffered an impairment loss. If any such indication exists, the recoverable amount of the asset is estimated to determine the extent of any impairment loss. For assets not generating cash flows independent from other assets, the Group and the Company estimate the recoverable amount of the cash-generating unit to which the asset belongs. When a reasonable and consistent basis of allocation can be identified, corporate assets are also allocated to individual cash-generating units, or otherwise they are allocated to the smallest group of cash-generating units for which a reasonable and consistent allocation basis can be identified.

Intangible assets with an indefinite useful life are subject to impairment tests on an annual basis and if there is an indication of potential impairment at the end of the reporting period.

Impairment losses are recognized immediately in profit or loss, unless the relevant assets have been recognized in their revalued amount, in which case the impairment loss first affects revaluation increase. If the impairment loss exceeds the related revalued amount surplus, impairment losses are recognized in profit and loss.

In the event of a later cancellation of impairment loss, the carrying amount of the asset (the cash-generating unit) increases to its revised estimated recoverable amount.

Inventories

Inventories are carried at the lower of the cost and net realisable value. Cost comprises direct materials and, where appropriate, direct labour costs and surplus incurred in bringing the inventories to their present location and condition. Cost is calculated by using the weighted average method.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Financial instruments

Financial assets and financial liabilities are initially measured at fair value, other than the trade receivable with no significant financial component initially measured at transaction cost. Transaction costs that are directly attributable to the acquisition or issue of financial assets and financial liabilities (other than financial assets and financial liabilities at fair value through profit or loss) are added to or deducted from the fair value of the financial assets or financial liabilities, as appropriate, on initial recognition. Transaction costs directly attributable to the acquisition of financial assets or financial liabilities at fair value through profit or loss are recognized immediately in profit or loss.

Financial assets

The regular purchase and sales of financial assets are recognized or derecognized at the trading date. Regular purchases or sales are purchases or sales of financial assets that require delivery of assets within the time frame established by the regulation or convention in the marketplace.

All reported financial assets are subsequently measured in full at amortized cost, except investments in interests in investment companies that are measured at fair value.

Income from interest is stated in profit or loss and is included in the item „Financial income – interest income“ (Note 13).

Derivative financial instruments

The Group and the Company occasionally negotiate derivative financial instruments in order to protect themselves against risks. The fair value of the derivative instruments was 7 thousand euros on December 31, 2025. The Group and the Company do not recognize fair values of derivatives in the financial status report up to the amount of 40 thousand euros because the effects are immaterial.

Gains and losses from exchange rate changes in foreign currencies

The carrying amount of financial assets that are denominated in a foreign currency is determined in that foreign currency and translated at the spot rate at the end of each reporting period.

Impairment of financial assets

The Group and the Company recognize lifetime expected credit losses (ECL) for trade receivables, and contract assets. The expected credit losses on those financial assets are estimated using a provision matrix by reference to past credit loss experience, adjusted for factors that are specific to the debtors, general economic conditions, and an assessment of both the current as well as the forecast direction of conditions as at the reporting date, including, where appropriate, the time value of money.

(i) Significant increase in credit risk

When assessing whether the credit risk for the financial instrument significantly increased since the initial recognition, the Group and the Company compare the risk of default on the reporting date to the risk of default of the financial instrument on the date of initial recognition. During the assessment, the Group and the Company consider both quantitative and qualitative information which are reasonable and available, including the historical experience and forward-looking information, which can be accessed without unnecessary costs or engagements. Forward-looking information considered includes the prospects of the industries in which the Group and Company's debtors operate, obtained from economic expert reports, financial analysts, governmental bodies, relevant think-tanks and other similar organisations, as well as consideration of various external sources of actual and forecast economic information that relate to the Group and the Company's core operations. In particular, the following information is considered when assessing whether credit risk has increased significantly since initial recognition:

an actual or expected significant deterioration in the financial instrument's external (if available) or internal credit rating
a significant deterioration in external market indicators of credit risk for a particular financial instrument, e.g. a significant increase in the credit spread, the credit default swap prices for the debtor, or the length of time or the extent to which the fair value of a financial asset has been less than its amortised cost
existing or forecast adverse changes in business, financial or economic conditions that are expected to cause a significant decrease in the debtor's ability to meet its debt obligations

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

actual or expected significant deterioration in the operating results of the debtor
significant increases in credit risk for other financial instruments of the same debtor; and existing or forecast adverse changes in business, financial or economic conditions that are expected to cause a significant decrease in the debtor's ability to meet its debt obligations.

Irrespective of the outcome of the above assessment, the Group and the Company presume that the credit risk on a financial asset has increased significantly since initial recognition when contractual payments are more than 30 days past due, unless the Group and Company have a reasonable and supportable information that demonstrates otherwise.

Despite this, the Group and the Company assume that the credit risk for the financial instrument has not significantly increased since the initial recognition if we determine that the financial instrument has a low credit risk at the reporting date. We believe that the financial instrument has a low credit risk if:

(1) the financial instrument has a low risk of default;
(2) the debtor has a strong capacity to meet its contractual cash flow obligations in the near term; and
(3) adverse changes in economic and business conditions in the long term may, but do not necessarily have to, decrease the debtor's ability to meet their contractual cash flow obligations.

The Group and the Company consider a financial asset to have low credit risk when the asset has external credit rating of 'investment grade' in accordance with the globally understood definition or if an external rating is not available, the asset has an internal rating of 'performing'. 'Performing' means that the counterparty has a strong financial position and there are no past due amounts. For financial guarantee contracts, the date on which the Group and the Company become a party to irrevocable commitment is considered the date of initial recognition for the purposes of estimating the impairment of a financial instrument. When judging if the credit risk significantly increased since initial recognition of the financial guarantee contract, the Group and the Company examine the changes in the risk of a debtor's default. The Company regularly monitors the efficiency of criteria used to determine whether there has been a significant increase in credit risk and reviews them so that the criteria may identify a significant increase in credit risk before any default occurs.

(ii) Definition of non-performance

The Group and Company consider the following as constituting an event of default for internal credit risk management purposes as historical experience indicates that financial assets that meet either of the following criteria are generally not recoverable:

when there is a breach of financial covenants by the debtor; or
information developed internally or obtained from external sources indicates that the debtor is unlikely to pay its creditors, including the Group, in full (without taking into account any collateral held by the Group and Company)

Irrespective of the above analysis, the Group and Company consider that default has occurred when a financial asset is more than 90 days past due unless the Group and the Company have reasonable and supportable information to demonstrate that a more lagging default criterion is more appropriate.

(iii) Credit-impaired financial assets

Financial assets are credit-impaired when one or more events with an adverse effect on estimated future cash flows and financial assets occurred. Evidence that a financial asset is credit-impaired includes observable data about the following events:

(a) significant financial difficulties of the borrower or counterparty; or
(b) a breach of contract, such as a default or past-due event (see item II. above);
(c) the lenders for economic or contractual reasons relating to the borrower's financial difficulty granted the borrower tax reliefs that would not otherwise be considered;
(d) it is becoming probable that the borrower will enter bankruptcy or other financial reorganisation; or
(e) the disappearance of an active market for the financial assets concerned due to financial difficulties.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Impairment of financial assets (continued)

(iv) Write-off policy

The Group and the Company write off a trade receivable when there is information indicating that the debtor is in severe financial difficulty and there is no realistic prospect of recovery, e.g. when the debtor has been placed under liquidation or has entered into bankruptcy proceedings, or in the case of trade receivables, when the amounts are over two years past due, whichever occurs sooner. Financial assets written off may still be subject to enforcement activities under the Group and the Company's recovery procedures, taking into account legal advice where appropriate. Any recoveries of receivables previously written-off are recognized in profit or loss.

(v) Measurement and recognition of expected credit losses

Measurement of expected credit losses is the function of Probability of Default (PD), Loss Given Default (LGD), i.e. size of loss in case of default, and Exposure at Default (EAD). Probability of Default and Loss Given Default is based on historical data adjusted for forward-looking information. As for the exposure at default, for financial assets, this is represented by the assets' gross carrying amount at the reporting date; for financial guarantee contracts, the exposure includes the amount drawn down as at the reporting date, together with any additional amounts expected to be drawn down in the future by default date determined based on historical trend, the understanding of the specific future financing needs of the debtors, and other relevant forward-looking information. For financial assets, the expected credit loss is estimated as the difference between all contractual cash flows that are due to the Group and Company in accordance with the contract and all the cash flows that the Group and Company expect to receive, discounted at the original effective interest rate. For lease receivables, cash flows used to determine expected credit losses correspond to the cash flows used for measuring lease receivables in line with IFRS 16.

For a financial guarantee contract, as the Group and the Company are required to make payments only in the event of a default by the debtor in accordance with the terms of the instrument that is guaranteed, the expected loss allowance is the expected payments to reimburse the holder for a credit loss that it incurs less any amounts that the Group and the Company expect to receive from the holder, the debtor or any other party.

If the Group and Company have measured the loss allowance for a financial instrument at an amount equal to lifetime ECL in the previous reporting period, but determine at the current reporting date that the conditions for lifetime ECL are no longer met, the Group and Company measure the loss allowance at an amount equal to 12-month ECL at the current reporting date, except for assets for which the simplified approach was used.

The Group and the Company recognize profits and losses from impairment of value in the profit and loss statement for trade receivables by corresponding adjustments of their carrying value in the account of provisions for impairment of value.

Termination of recognition of financial assets

The Group and the Company derecognize a financial asset only when the contractual rights to the cash flows from the asset expire, or when it transfers the financial asset and substantially all the risks and rewards of ownership of the asset to another entity. On derecognition of a financial asset measured at amortised cost, the difference between the asset's carrying amount and the sum of the consideration received is recognized in profit and loss.

Financial liabilities and equity

Instruments of ownership

Repurchase of the Company's own equity instruments is recognized and deducted directly in equity. No gain or loss is recognized in profit or loss on the purchase, sale, issue, or cancellation of the Company's own equity instruments.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

3. Significant accounting policies (continued)

Financial liabilities and equity (continued)

Financial liabilities

All financial liabilities, including loans and bonds, are measured subsequently at amortised cost using the effective interest method at the end of each reporting period.

Financial liabilities subsequently measured at amortised cost

Financial liabilities that are not (i) contingent consideration of an acquirer in a business combination, (ii) held-for-trading, or (iii) designated to be measured subsequently at amortised cost using the effective interest method.

Termination of recognition of financial liabilities

Where there has been an exchange between the Group and the Company and the existing creditor with substantially different terms, this transaction is accounted for as an extinguishment of the original financial liability and the recognition of a new financial liability. Similarly, the Group and the Company account for a substantial change in the terms of an existing liability or a portion thereof as an extinguishment of the original financial liability and recognition of a new financial liability. The terms are considered substantially different if the discounted current value of cash flows, in line with the new terms, including consideration paid, net of fees received and impaired by using the original effective interest rate, is at least 10% different from the discounted current value of remaining cash flows of the original financial liability. If the change is not substantial, the difference between: (1) the carrying value before the change; and (2) the current value of cash flows after the change is recognized in profit and loss as a gain or loss from the change in other gains and losses.

Own shares

Own shares are held with the CDCC (Central Depositary and Clearing Company). Own shares are recognized at cost and deducted from equity.

Rewarding employees in the form of shares

The Company has an employee reward scheme in the form of granting company shares. Annual bonuses are determined at the end of the year, and based on the defined amount, a provision for expected payout is created. For the amount of the provision, the company recognizes an increase in equity alongside the expense.

SPAN d.d. and its subsidiaries
39

Notes to financial statements

For the year ended 31 December 2025

4. Critical accounting judgments and key sources of estimation uncertainty

In applying the Group and the Company's accounting policies, which are described in Note 3, the Management Board is required to make judgements (other than those involving estimations) that have a significant impact on the amounts recognized and to make estimates and assumptions about the carrying amounts of assets and liabilities that are not readily apparent from other sources. The estimates and associated assumptions are based on historical experience and other factors that are relevant. Actual results may differ from these estimates. The estimates and underlying assumptions are reviewed on an ongoing basis. Revisions to accounting estimates are recognized in the period in which the estimate is revised if the revision affects only that period, or in the period of the revision and future periods if the revision affects both current and future periods.

Assessing whether the Group and the Company are principal or agent in the sale of licenses

IFRS provides guidance for determining whether an entity is the principal or an agent. The Group and the Company act as a principal in a transaction if they obtain control of the specified goods or services before they are transferred to the customer. On the contrary, the Group and Company are an agent if they do not control the specified goods or services before they are transferred to the customer. Determining that the Group and the Company are a principal is based on the assessment of whether the Group and Company obtain control of the goods and services based on the facts and circumstances stipulated in the contracts with customers. In this assessment, the Group and the Company have used the judgement based on the main indicators of their business model, business practice, processes, rights and responsibilities that Group and the Company have and can be summarized as follows:

Identifying a selling opportunity with a customer;
direct contacts with customers to determine their need and demands as well consultation for determining adequate license program;
sharing opportunity details with license providers;
revealing customers identity is the standard rule with vendors in the industry,
industry standard is that licenses cannot be sold to customers without sharing data with the licensed vendors;
discretion with respect to accept or reject orders from customers;
responsibility related to the sales strategy;
responsibility for ensuring that delivered goods and services are in accordance with the customer demands/infrastructure;
responsibility for ensuring the validity of goods and services;
directing license vendors over which licensing program and product to place and to which customer to place it to;
full discretion over establishing a final price for goods and services;
before license activation, full discretion to change the scope, program, withdraw from the deal as well as to change the supplier and choose another supplier on the market ("non-exclusive rights");
existing commercial agreement with customer by which the Group and the Company are primarily responsible for fulfilling the promise to provide goods and services;
customer cannot prove their right to use goods and services without formal order confirmation to the Group and the Company, invoice from the Group and Company and payment confirmation;
discretion to re-direct the use of goods and services in the case if customer breach the contract

Determining whether an entity is a principal or an agent in an arrangement require review of indicators relating to principle/agent status. As stated above, the Group and the Company continuously review the relationships and contractual arrangements with customers. This includes identifying the specified good and/or services being provided to the customers and the nature of the Group and Company's promise in the assessment of the agent or principal status.

Assessing whether the Group and the Company recognize revenue as point in time or over time

The Group and the Company determine that the license agreement does not require, and the customer does not reasonably expect, that the Group and the Company shall undertake activities that significantly affect the software. Since the licensor shall not undertake activities that significantly affect the intellectual property for which the users have rights and benefits, be they positive or negative activities that do not affect the licensor; and that the activities that might affect the intellectual property do not constitute additional performance actions in the contract, the licences thus represent the right-of-use and the Group, therefore, recognizes revenue at a particular point in time.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

4. Critical accounting judgments and key sources of estimation uncertainty (continued)

Impairment of trade receivables

Trade receivables are reviewed at each reporting date and their value is impaired based on the assessment of probability that the reported amount will be recovered. Each customer is considered individually based on the expected date of collection of the receivable and the estimated probability to collect amounts due. The management believes that the trade receivables have been recognized in line with their recoverable amount as at the reporting date.

Goodwill Impairment

A cash-generating unit to which goodwill has been allocated is tested for impairment annually, or more frequently when there is indication that the unit may be impaired. If the recoverable amount of the cash-generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit pro-rata based on the carrying amount of each asset in the unit. Any gain or loss on remeasurement at fair value is included directly in profit or loss. Such impairment loss for goodwill will not be reversed in subsequent periods.

The Group and the Company use the smallest cash-generating unit for their goodwill impairment tests. The Group and the Company defined every individual subsidiary as the smallest cash-generating unit, having in mind the diversity of sources of income and business models of individual subsidiaries. For goodwill impairment tests, they used the income method based on discounted cash flows.

The discounted cash flow method comprised the assessment of future cash flows for a 5-year period, discounting the relevant cash flows, applying a discount rate reflecting the cash flow risk and time value of money, assessing the residual value and terminal value.

The Group and the Company test goodwill annually for impairment, or more frequently if there are indications that goodwill might be impaired.

Sensitivity analysis

The Group and the Company have conducted a sensitivity analysis for changes in key assumptions used for determining the recoverable amount of each group of cash-generating units to which goodwill has been allocated. The recoverable amount of this cash-generating unit is determined based on a value-in-use or fair value calculation which uses cash flow projections based on financial budgets approved by the Management Board covering a five-year period. The impairment test established that there is an indication of goodwill impairment. The sensitivity analysis considered the change in terminal growth of the Group and Company ranging from $-0.5\%$ to $1.5\%$, and the WACC range from $9.7\%$ to $11.7\%$. Through sensitivity analysis within the impairment test, an impairment loss was identified.

Revaluation of property, useful life of plant and equipment

The Group and the Company recognize property at fair value based on periodic assessments conducted by an independent appraiser, net of depreciation. The Group and the Company regularly monitors the fair value of property and engages an independent appraiser in the event of substantial departures. Regardless of the movements in the fair value of property, the Company conducts an assessment every 3-5 years.

The Group and the Company review the estimated useful life of plant and equipment, and intangible assets at the end of each annual reporting period. Plant and equipment are reported as per purchase cost less accumulated value adjustment.

Leases – Estimate the incremental borrowing rate

The Group and the Company are not able to easily determine the lease interest rate, thus they use an incremental borrowing rate for calculating lease liabilities. Incremental borrowing rate is the rate the Group and the Company would pay if they, in a similar period and with similar collateral, borrowed funds necessary for purchasing property of similar value as right-of-use assets in a similar economic surrounding. Calculating the incremental borrowing rate requires assessing when such rates are not available or need to be adjusted to reflect the lease terms. The Group and the Company use different inputs to calculate the incremental borrowing rate. The interest rate calculated by the Group and Company for contracts represents the lessee's credit risk, lease period, safety, and economic surrounding. It is determined based on comparable transactions. The data the Company uses for determining the incremental borrowing rate are renewed at least once a year or in case of a significant change in the Group and the Company's credit rating.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

4. Critical accounting judgments and key sources of estimation uncertainty (continued)

Corporate income tax

The Company is liable for income tax under the laws and regulations of the Republic of Croatia. Tax returns are subject to examination by the tax authorities, which have the right to subsequently review business books of the taxpayer. There are different possible interpretations of tax laws and therefore, the amounts in the consolidated financial statements may be amended subsequently, based on the decision of tax authorities.

The Company is the beneficiary of investment financial support in line with the Investment Incentive Law. Support has been mostly used as tax benefits in the part of reducing the liability for payment of the corporate income tax since 2021. The Company recognizes deferred tax assets based on the currently exercised right to a tax benefit.

Impact of the war in Ukraine

The war in Ukraine has an impact on the Company's and Group's business in 2025, but Span LLC Ukraine continues to operate smoothly, making positive progress.

Climate change impact

Climate change did not affect the operations of the Company and the Group in 2025 or its financial performance.

The Company and the Group see the contribution to the fight against climate change in the development of energy-efficient products and services, as well as in reducing greenhouse gas emissions through the procurement of green energy system, along with changing their own habits.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

5. Revenue from contracts with customers

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Sales of software licenses	167,336	123,479	90,109	61,789
Sales of services – foreign	49,221	39,492	47,736	36,936
Sales of services – domestic	11,188	10,395	7,694	6,521
Sales of hardware	3,116	5,673	3,078	4,787
Total	230,861	179,039	148,617	110,033
	2025	2024	2025	2024
(in thousands of euros)
External revenue by timing of revenue
Goods transferred at a point in time	170,451	129,152	93,187	66,576
Services transferred at a point in time	35,499	30,232	32,905	27,427
Services transferred over time	24,911	19,655	22,525	16,030
Total	230,861	179,039	148,617	110,033

6. Other operating income

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Government grants	20	44	20	44
Other operating income	1,344	1,796	483	490
Total	1,364	1,840	503	534

Other operating income consists primarily of income from Microsoft incentives for marketing activities and market development and changes in the provision for credit losses on trade receivables (Note 23).

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

6.1. Operating segments

Products and services resulting in revenue for reportable segments

The reporting segments of the Group and the Company in accordance with IFRS 8 identified as separate parts include Software asset management and licensing, Infrastructure services, Cloud and Cyber Security, Service management and technical support, and Software development and business solutions. Segment costs include only direct costs, i.e., there is no allocation of fixed costs to segments.

	Group
	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Eliminations	Consolidated total
	2025	2025	2025	2025	2025	2025	2025
(in thousands of euros)
Revenues
External sales	197,136	20,944	24,882	17,482	1,528	(29,748)	232,225
Total revenues	197,136	20,944	24,882	17,482	1,528	(29,748)	232,225
Result
Segment profit	5,633	5,146	13,209	5,748	(21,889)	11	7,858
Shares in profits of associated companies	-	-	-	-	(90)	-	(90)
Financial income	545	-	-	-	2,778	(1,700)	1,623
Other gains and losses	-	-	-	-	(260)	-	(260)
Financial expenses	-	-	-	-	(1,910)	50	(1,860)
Profit before tax	6,177	5,146	13,209	5,748	(21,371)	(1,639)	7,271
Corporate profit tax	-	-	-	-	(1,565)	-	(1,565)
Profit for the year	6,177	5,146	13,209	5,748	(22,935)	(1,639)	5,707
	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Eliminations	Consolidated total
	2024	2024	2024	2024	2024	2024	2024
(in thousands of euros)
Revenues
External sales	148,049	17,443	19,641	16,671	1,981	(22,907)	180,879
Total revenues	148,049	17,443	19,641	16,671	1,981	(22,907)	180,879
Result
Segment profit	5,348	3,766	10,326	3,874	(17,816)	(53)	5,446
Financial income	-	-	-	-	2,695	(1,671)	1,024
Other gains and losses	-	-	-	-	(1)	-	(1)
Financial expenses	(588)	-	-	-	(1,101)	13	(1,676)
Profit before tax	4,761	3,766	10,326	3,874	(16,225)	(1,710)	4,792
Corporate profit tax	-	-	-	-	(1,394)	-	(1,394)
Profit for the year	4,761	3,766	10,326	3,874	(17,618)	(1,710)	3,398

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

6.1. Operating segments (continued)

Products and services resulting in revenue for reportable segments (continued)

	Company
	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Total
	2025	2025	2025	2025	2025	2025
(in thousands of euros)
Revenues
External sales	93,187	18,147	23,569	13,713	503	149,120
Total	93,187	18,147	23,569	13,713	503	149,120
Result
Segment profit	3,576	4,460	12,585	4,423	(19,496)	5,548
Financial income	-	-	-	-	3,107	3,107
Other profits and losses	-	-	-	-	(266)	(266)
Financial expenses	-	-	-	-	(1,667)	(1,667)
Profit before tax	3,576	4,460	12,585	4,423	(18,323)	6,721
Corporate profit tax	-	-	-	-	(459)	(459)
Profit for the year	3,576	4,460	12,585	4,423	(18,782)	6,262
	Software Asset Management and Licensing	Infrastructure services, Cloud and Cyber Security	Service management and technical support	Software development and business solutions	Other	Total
	2024	2024	2024	2024	2024	2024
(in thousands of euros)
Revenues
External sales	66,576	14,058	18,730	10,669	534	110,568
Total	66,576	14,058	18,730	10,669	534	110,568
Result
Segment profit	2,396	2,661	9,971	2,830	(16,289)	1,569
Financial income	-	-	-	-	2,148	2,148
Financial expenses	-	-	-	-	(601)	(601)
Profit before tax	2,396	2,661	9,971	2,830	(14,742)	3,116
Corporate profit tax	-	-	-	-	(360)	(360)
Profit for the year	2,396	2,661	9,971	2,830	(15,102)	2,756

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

6.1. Operating segments (continued)

Products and services from which reporting segments generate revenue (continued)

	Non-current assets
	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Software Asset Management and Licensing	770	487	142	38
Infrastructure services. Cloud and Cyber Security	981	807	669	489
Service management and technical support	542	385	470	354
Software and business solutions development	657	800	551	701
Other	23,927	23,712	29,358	29,355
Total segment assets	26,877	26,191	31,189	30,936
Total consolidated assets	26,877	26,191	31,189	30,936
	Depreciation and amortization
---	---	---	---	---
	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Software Asset Management and Licensing	119	144	36	35
Infrastructure services. Cloud and Cyber Security	323	330	239	249
Service management and technical support	349	295	312	281
Software and business solutions development	379	270	324	164
Other	3,085	2,709	2,527	2,053
	4,255	3,748	3,438	2,782
	Additions
---	---	---	---	---
	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Software Asset Management and Licensing	180	200	48	64
Infrastructure services. Cloud and Cyber Security	487	509	313	464
Service management and technical support	527	535	408	524
Software and business solutions development	572	369	469	915
Other	4,657	3,599	3,742	6,386
	6,423	5,213	4,979	8,354

The accounting policies of the reportable segments are the same as the Group and Company's accounting policies described in note 3. Segment profit represents the profit earned by each segment before central administration costs including directors' salaries, other general costs, financial expenses and income, and taxes.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

6.1. Operating segments (continued)

Territorial analysis of operations

Territory, in this context, means the location from which the goods and services have been invoiced.

Details on the revenues of the Group and the Company from external customers and information on segment assets (non-current assets without financial instruments, deferred tax assets and other financial assets) for each territory are provided below:

	Group
	Revenue from external customers
	2025	2024
(in thousands of euros)
Croatia	125,873	93,717
Ukraine	34,231	26,929
Slovenia	33,620	27,804
Estonia	28,777	23,946
Other	9,723	8,483
	232,225	180,879
	Group
---	---	---
	Non-current assets
	31/12/2025	31/12/2024
(in thousands of euros)
Croatia	25,488	25,379
Slovenia	605	396
Greece	382	-
Estonia	213	77
Ukraine	159	266
Other	30	73
	26,877	26,191

Information about key customers

Revenues from the sale of services include revenues of EUR 13,790 thousand (2024: EUR 11,530 thousand) which arose from sales to the Group and Company's largest customer. No single customer exceeds more than 10% of the Group's total revenue.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

7. Energy and material costs

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Small inventory and spare part costs	115	94	107	76
Energy costs	306	391	271	343
Office supplies costs	118	102	100	81
Other expenses	5	4	-	-
Total	544	591	478	500

8. Service costs

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Costs of services in product development and service provision	4,342	3,555	4,646	4,893
Costs of intellectual services	1,809	1,771	1,084	1,019
Costs of licences and rights of usage	1,564	1,494	1,522	1,445
Rental costs	263	519	175	424
Maintenance costs	645	656	601	602
Costs of utility services	597	512	552	457
Representation costs	614	449	528	343
Telecommunication costs	239	235	190	162
Promotion costs	748	548	599	446
Transportation costs	256	161	253	154
Costs of other services	203	163	153	97
Total	11,280	10,063	10,303	10,042

Service costs contain the cost of fees charged by the independent auditor for the statutory audit of the annual financial statements or annual consolidated financial statements, which for the Group amounts to EUR 112 thousand (2024: EUR 115 thousand), and for the Company EUR 78 thousand (2024: EUR 72 thousand).

9. Staff costs

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Net salaries	25,605	22,582	20,609	16,939
Contribution and taxes from salaries	10,567	9,377	9,934	8,162
Contributions and taxes on salaries	3,985	3,196	3,617	2,781
Other employee costs	3,165	2,525	2,940	2,219
Total	43,322	37,680	37,100	30,101

The average number of employees in 2025 in the Group was 890, and in the Company 776 (2024: Group 859, Company: 698).

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Depreciation and amortisation cost

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Depreciation of Property, plant and equipment	1,218	999	1,085	881
Amortisation of intangible assets	1,478	1,410	1,003	773
Amortisation of right-of-use assets	1,559	1,338	1,350	1,128
Total	4,255	3,748	3,438	2,782

Other expenses

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Membership and similar fees	184	133	174	117
Insurance costs	488	426	404	319
Bank and payment operation charges	188	135	90	74
Professional training costs	344	334	304	270
Donation and sponsorship costs	109	175	77	134
Costs of business trips	787	397	622	296
Additional cost of acquiring GT Tarkvara	61	424	61	424
Taxes that do not depend on the operating result	167	435	-	-
Other expenses	651	898	520	694
Total	2,979	3,357	2,252	2,328

Financial expenses

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Foreign exchange losses	1,136	1,326	920	232
Interest on bank loans	143	244	180	253
Interest on bonds	457	-	457	-
Interest on liabilities for lease	124	106	110	95
Other financial expenses	-	-	-	21
Total	1,860	1,676	1,667	601

Financial income

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Interest income:
Financial instruments measured at amortised cost
Bank deposits	695	362	325	113
Foreign exchange gains	914	656	476	386
Other financial income	14	6	9	-
Dividend income	-	-	2,297	1,650
Total	1,623	1,024	3,107	2,149

Dividend income refers to dividends received from GT Tarkvara, Estonia, Span d.o.o., Slovenia and Span LLC., Ukraine.

Average interest rates on deposits in banks:

Currency	UAH	KZT	GBP	EUR	USD	CZK
% per annum	7.35%	15.00%	3.11%	1.86%	3.22%	2.57%

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

14. Corporate profit tax

The standard corporate profit tax rate applicable to the reported profit is 18% (2024: 18%) for companies operating in the Republic of Croatia. For other companies within the Group, the corporate profit tax rates range from 9% to 25% (2024: 9% to 25%).

Taxation in other jurisdictions is calculated in line with the rates effective in the relevant jurisdictions.

	Group		Company
	2025	2024	2025	2024
(in thousands of euros)
Current tax	(1,122)	(900)	(222)	(145)
Deferred tax	(443)	(495)	(237)	(215)
Total	(1,565)	(1,394)	(459)	(360)
	2025	2024	2025	2024
(in thousands of euros)
Accounting profit before tax	7,272	4,792	6,721	3,116
Corporate profit tax	1,309	1,173	1,210	561
Effect of non-deductible expenses	707	240	550	213
Effect of tax-exempt revenue	(1,132)	(707)	(1,538)	(583)
Effect of movement of deferred tax liabilities	443	495	238	215
Effect of different tax rates of subsidiaries operating in other jurisdictions and unrecognized deferred tax assets on transferred tax losses	238	194	-	(46)
Tax expense	1,565	1,394	459	360
Effective tax rate	22%	29%	7%	12%
Average weighted tax rate	19%	19%	18%	18%
Overview of the movement of Tax losses carried forward:
	2025	2024	2025	2024
(in thousands of euros)
2021 tax loss	27	28	-	-
2022 tax loss	54	61	-	-
2023 tax loss	159	219	-	-
2024 tax loss	14	14	-	-
2025 tax loss	551	-	-	-
Total	804	322	-	-

In accordance with the tax legislation, the Tax Administration may, at any time, inspect the books and records of the Company within three years from the end of the year in which the tax liability is reported and may impose additional tax liabilities and penalties.

The Company acquired the status of a beneficiary of incentive measures in accordance with the regulation on investment incentives in 2022. By merging with the company Bonsai, the Company took over and continued to use the incentive measure that was approved for the company Bonsai in 2022. The Company uses the incentives for exemption from paying corporate profit tax.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

15. Earnings per share

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
Net profit attributable to the owners of the parent company's capital (in thousands of euros)	5,758	3,398	6,262	2,756
The average weighted number of ordinary shares for the purposes of calculating diluted earnings per share	1,953,981	1,950,258	1,953,981	1,950,258
Earnings from continuing operations for the purpose of calculating diluted earnings per share	2.95	1.74	3.20	1.41

The basic earnings per share are calculated in such a way that the profit/loss attributed to the owners of the parent company's capital is divided by the weighted average number of ordinary shares issued during the year, which does not include the average number of ordinary shares purchased by the Group and the Company that they hold as their own shares.

16. Goodwill

Goodwill in the Group's balance sheet was recognized upon the acquisition of subsidiaries InfoCumulus d.o.o., Delion d.o.o., Recro-net d.o.o., Ekobit d.o.o. and GT Tarkvara, while in the Company's balance sheet upon the merger of subsidiaries InfoCumulus d.o.o., Recro-net d.o.o. and Ekobit d.o.o. The Company and the Group annually conduct goodwill impairment testing. The method used to test the value is explained in more detail in note 3 under Accounting Policies. In 2025, it was decided that it was not possible to attribute future economic benefits to the goodwill related to Recro-net d.o.o. so the goodwill in the amount of EUR 1,431 thousand was impaired and recognized as expense. The test was conducted at the level of the cash-generating unit to which goodwill was allocated by comparison of the recoverable amount and the carrying amount. The recoverable amount was assessed using the discounted cash flow method. The assessed recoverable amount of the cash-generating unit was lower than its accounting amount and this resulted in the reduced value of goodwill.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Goodwill Recro.net	-	1,431	-	1,431
Goodwill InfoCumulus	890	890	890	890
Goodwill Delion	263	263	-	-
Goodwill Ekobit	1,582	1,582	1,581	1,582
Goodwill GT Tarkvara	4,739	4,739	-	-
Total	7,474	8,905	2,471	3,902
Acquisition Cost	Group	Company
On 1 January 2024	8,905	2,321
Increase/reduction	-	1,582
On 31 December 2024	8,905	3,902
Increase/reduction	(1,431)	(1,431)
On 31 December 2025	7,474	2,471
Accumulated losses from the value reduction
On 31 December 2024	-	-
On 31 December 2025	-	-
Carrying value
As at 31 December 2024	8,905	3,902
As at 31 December 2025	7,474	2,471

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Other intangible assets

in thousands of euros(in thousands of euros)Acquisition CostAs of 1 January 2024Additions from internal developmentAdditionDisposalTransferAs of 31 December 2024Additions from internal developmentAs of 31 December 2025	Group
	Software development	Software and other rights	Intangible assets under constructions	Other intangible assets	Total
	3,973	1,899	694	4,425	10,992
	25	11	268	-	304
	-	-	44	-	44
	-	(1)	-	-	(1)
	519	355	(886)	-	(12)
	4,517	2,264	120	4,425	11,327
	-	47	181	-	228
	-	9	314	2	325
	-	(11)	-	-	(11)
	-	-	(89)	-	(89)
	182	182	(364)	-	-
	4,699	2,491	162	4,427	11,779
AmortisationAs of 1 January 2024Exchange rate differencesAmortisation during the yearDisposalsAs of 31 December 2024Amortisation during the yearDisposalsAs of 31 December 2025	2,2001562-	1,118-291(1)	-5251557-	3,84421,410(1)	3,84421,410(1)
	2,763622-	1,409299(12)	-1,083557-	5,2551,479(12)	5,2551,479(12)
	3,385	1,696	-	1,641	6,722
Carrying valueAs at 31 December 2025As at 31 December 2024As at 1 January 2024	1,3131,7541,773	795855781	162120694	2,7873,3423,900	5,0576,0727,149

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Other intangible assets (continued)

	Company
	Software development	Software and other rights	Intangible assets under constructions	Other intangible assets	Total
(in thousands of euros)
Acquisition Cost
On 1 January 2024	2,289	1,380	890	-	4,559
Additions from internal development	-	3	385	-	388
Additions	-	-	44	-	44
Merger of Bonsai	25	36	86	-	147
Merger of Ekobit	1,327	43	(407)	1,620	2,583
Transfer	523	355	(879)	-	-
On 31 December 2024	4,164	1,818	120	1,620	7,722
Additions from internal development	-	26	181	-	208
Additions	-	-	272	-	272
Disposals	-	(11)	-	-	(11)
Write-offs	-	-	(89)	-	(89)
Transfer	181	150	(331)	-	-
On 31 December 2025	4,346	1,983	153	1,620	8,102
Amortization
On 1 January 2024	1,096	670	-	-	1,766
Amortization during the year	445	275	-	54	773
Merger of Bonsai	27	36	-	-	63
Merger of Ekobit	854	43	-	243	1,140
On 31 December 2024	2,422	1,024	-	297	3,743
Amortization during the year	610	285	-	108	1,003
Disposals	-	(11)	-	-	(11)
On 31 December 2025	3,032	1,298	-	405	4,735
Carrying value
As at 31 December 2025	1,314	685	153	1,215	3,367
As at 31 December 2024	1,742	794	120	1,323	3,979
As at 1 January 2024	1,192	711	890	-	2,793

Investment in intangible assets under construction refers to internally generated intangible assets resulting from the continuation of software development available for resale/use.

Property, plant and equipment

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Carrying value
Buildings	2,755	3,150	2,755	3,150
Land	2,359	2,360	2,359	2,360
Computer equipment	936	1,030	899	1,015
Other equipment	601	478	393	298
Assets under construction	4	3	-	-
Total	6,655	7,021	6,406	6,822

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Property, plant and equipment (continued)

	Group
	Buildings	Land	Computer equipment	Other equipment	Assets under construction	Total
(in thousands of euros)
Cost or valuation
As of 1 January 2024	4,093	1,732	3,680	1,862	4	11,372
Additions	-	-	730	10	23	762
Exchange rate differences	-	-	-	18	-	18
Disposals	-	-	(195)	(91)	(25)	(311)
Transfer	-	-	3	(3)	-	-
Revaluation increase	1,048	628	-	-	-	1,675
As of 31 December 2024	5,141	2,360	4,218	1,796	3	13,517
Increases	-	-	552	326	36	914
Exchange rate	-	-	-	(50)	-	(50)
Disposals	-	-	(509)	(384)	(8)	(901)
Transfer	-	-	-	26	(26)	-
As of 31 December 2025.	5,141	2,360	4,261	1,715	4	13,480
Accumulated depreciation and impairment
As of 1 January 2024	1,728	-	2,803	1,234	-	5,765
Depreciation during the year	263	-	579	157	-	999
Exchange rate differences	-	-	-	16	-	16
Disposals	-	-	(195)	(90)	-	(284)
As of 31 December 2024	1,991	-	3,188	1,317	-	6,496
Depreciation during the year	394	-	609	214	-	1,218
Exchange rate differences	-	-	-	(41)	-	(41)
Disposals	-	-	(472)	(376)	-	(848)
As of 31 December 2025	2,386	-	3,325	1,114	-	6,825
Carrying value
As at 31 December 2025	2,755	2,360	936	601	4	6,655
As at 31 December 2024	3,150	2,360	1,030	478	3	7,021
As at 1 January 2024	2,365	1,732	877	628	4	5,607
Including:
At a cost	-	-	936	601	4	1,541
According to the 2025 valuation	2,755	2,360	-	-	-	5,115

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Property, plant and equipment (continued)

| (in thousands of euros)
Cost or valuation | Company | | | | | |
| --- | --- | --- | --- | --- | --- | --- |
| | Buildings | Land | Computer equipment | Other equipment | Assets under construction | Total |
| As of 1 January 2024 | 4,093 | 1,732 | 3,249 | 925 | 1 | 10,000 |
| Additions | - | - | 717 | (13) | - | 704 |
| Disposals | - | - | (190) | (11) | (1) | (201) |
| Bonsai Merger | - | - | 125 | 59 | - | 184 |
| Ekobit Merger | - | - | 216 | 26 | - | 242 |
| Revaluation increase | 1,048 | 628 | - | - | - | 1,675 |
| As of 31 December 2024 | 5,141 | 2,360 | 4,118 | 986 | - | 12,604 |
| Additions | - | - | 513 | 200 | - | 713 |
| Disposals | - | - | (509) | (25) | - | (534) |
| As of 31 December 2025 | 5,141 | 2,360 | 4,122 | 1,160 | - | 12,783 |
| Accumulated depreciation and impairment | | | | | | |
| As of 1 January 2024 | 1,728 | - | 2,436 | 575 | - | 4,739 |
| Depreciation during the year | 263 | - | 543 | 75 | - | 881 |
| Disposals | - | - | (183) | (10) | - | (193) |
| Bonsai Merger | - | - | 93 | 28 | - | 121 |
| Ekobit Merger | - | - | 214 | 20 | - | 234 |
| As of 31 December 2024 | 1,991 | - | 3,102 | 688 | - | 5,782 |
| Depreciation during the year | 395 | - | 592 | 98 | - | 1,085 |
| Disposals | - | - | (471) | (19) | - | (490) |
| As of 31 December 2025 | 2,386 | - | 3,223 | 768 | - | 6,377 |
| Carrying value | | | | | | |
| As at 31 December 2025 | 2,755 | 2,360 | 899 | 392 | - | 6,406 |
| As at 31 December 2024 | 3,150 | 2,360 | 1,015 | 298 | - | 6,822 |
| As at 1 January 2024 | 2,365 | 1,732 | 814 | 350 | 1 | 5,261 |
| Including: | | | | | | |
| At cost | - | - | 899 | 392 | - | 1,291 |
| According to the 2025 valuation | 2,755 | 2,360 | - | - | - | 5,115 |

Investments in tangible assets of Group are largely related to expenses for the acquisition and replacement of worn-out computer and other equipment necessary for the work of employees.

SPAN d.d. and its subsidiaries
55

Notes to financial statements

For the year ended 31 December 2025

18. Property, plant and equipment (continued)

Measuring the fair value of buildings owned by the Group and the Company

The Group and the Company's buildings are stated at their revalued amounts, being the fair value at the date of revaluation, less any subsequent accumulated depreciation and subsequent accumulated impairment losses.

The fair value measurements have been classified as level 3, in accordance with inputs used in the valuation.

The assessment of the value of buildings and land was made in February 2025. While assessing the value of buildings and land, the independent appraiser disclosed in their report to have used the comparison approach method, having determined for it to be the most adequate method considering the location, land registry, and cadastral status of the property owned by the Company. Inter alia, the comparison approach method considers and assesses the quality of the building and its position at a similar location for a comparable building type.

Details of the Group and Company's buildings and information about the fair value hierarchy as at the end of the reporting period are as follows:

	Level 2	Level 3	Fair value as at 31/12/2025
(in thousands of euros)
Land	-	2,360	2,360
Buildings	-	2,755	2,755
	Level 2	Level 3	Fair value as at 31/12/2024
(in thousands of euros)
Land	-	2,360	2,360
Buildings	-	3,150	3,150

In the event that the lands and buildings of the Group and the Company, are valued at historical cost, their carrying amounts would be as follows:

	31/12/2025	31/12/2024
(in thousands of euros)
Land	765	765
Buildings	810	927
	1,575	1,692

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

18.1. Transactions with related parties

Related parties are companies in which the Company has ownership of business shares. i.e. companies that are part of the Group, associated by ownership and associated companies. All related party transactions are based on normal business and market conditions. The balances of receivables and liabilities between the Company and its related parties at the date of the statement of financial position are as follows:

	Loans and receivables		Liabilities
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Span d.o.o., Slovenia	573	602	70	194
Trilix d.o.o., Croatia	5	1	4	10
Span USA Inc., USA	-	-	45	43
Span LLC, Ukraine	10	14	2,975	5
Span Swiss AG, Switzerland	-	59	-	-
Span Hellas SA, Greece	1	-	-	-
SPAN IT s.r.o., Czech Republic	151	-	-	-
Span Azerbaijan LLC, Azerbaijan	20	-	4	6
Span B.V., The Netherlands	753	-	-	-
Span IT Ltd., Great Britain	-	-	31	4
Institution Span Cyber Security Center, Croatia	11	-	10	-
Inkubator kibernetičke sigurnosti d.o.o., Croatia	-	9	-	-
Span Kazakhstan Limited, Kazakhstan	43	-	-	-
Span LLC, Georgia	203	88	-	-
Span Romania S.R.L., Romania	10	-	-	-
Total	1,780	774	3,139	176

Transactions reported in the statement of comprehensive income for 2025 and 2024 were as follows:

	Revenue		Expenses
	2025	2024	2025	2024
(in thousands of euros)
Span d.o.o., Slovenia	24,539	19,302	1,200	918
Span USA Inc., USA	-	342	315	263
Trilix d.o.o., Croatia	17	20	37	57
Bonsai d.o.o., Croatia	-	22	-	899
Span LLC, Ukraine	19	1	3,040	71
Span Hellas SA, Greece	1	-	-	-
SPAN IT s.r.o., Czech Republic	2	-	-	-
Span Azerbaijan LLC, Azerbaijan	28	29	47	83
Span B.V., The Netherlands	3	-	-	-
Span IT Ltd., Great Britain	-	-	51	21
Ekobit d.o.o., Croatia	-	20	-	307
Institution Span Cyber Security Center, Croatia	28	-	50	-
Inkubator kibernetičke sigurnosti d.o.o., Croatia	11	52	23	68
Span Kazakhstan Limited, Kazakhstan	1	-	-	-
Span LLC, Georgia	6	-	-	-
Span Romania S.R.L., Romania	-	-	-	10
Total	24,655	19,790	4,763	2,697

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

18.2. Remuneration of key management personnel

Remuneration of directors, i.e. key management of the Group and the Company is provided below. Key management personnel include 4 members (2024: 4).

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Short-term employee benefits	1,631	1,264	1,631	1,264

19. Right-of-use assets

In its application of IFRS 16, the Group and Company used the following practical exemptions as allowed by the standard: exemptions from recognizing lease contracts that as at their commencement date have a lease period of 12 months or short-term leases of low value assets.

The Group and the Company have business premises and company vehicles in operating lease. Lease contracts are usually concluded for a period from 3 to 5 years.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Right-of-use assets - Vehicles	1,358	869	1,224	861
Right-of-use assets - Business premises	4,509	1,854	3,540	1,686
	5,867	2,722	4,764	2,547
	Group
---	---	---	---
Right-of-use assets	Business premises	Vehicles	Total
(in thousands of euros)
Acquisition Cost
As of 1 January 2024	3,023	1,378	4,401
Increase	1,947	464	2,411
Decrease	(2,302)	(302)	(2,605)
Exchange rate differences	(2)	-	(2)
As of 31 December 2024	2,666	1,540	4,205
As of 1 January 2025	2,666	1,540	4,205
Increase	4,080	875	4,956
Decrease	(537)	(431)	(968)
Exchange rate differences	(5)	-	(5)
As of 31 December 2025	6,204	1,984	8,188
Accumulated amortization
As of 1 January 2024	1,934	674	2,609
Amortization for the year	1,042	296	1,338
Decrease	(2,164)	(299)	(2,463)
Exchange rate differences	(1)	-	(1)
As of 31 December 2024	812	671	1,483
As of 1 January 2025	812	671	1,483
Increase	1,249	310	1,559
Decrease	(362)	(355)	(717)
Exchange rate differences	(4)	-	(4)
As of 31 December 2025	1,695	626	2,321
Carrying amount
As of 31 December 2025	4,509	1,358	5,867
As of 31 December 2024	1,854	869	2,722

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Right-of-use assets (continued)

	Company
Right-of-use assets	Business premises	Vehicle	Total
(in thousands of euros)
Acquisition Cost
As of 1 January 2024	2,058	1,281	3,339
Increase	1,759	464	2,223
Decrease	(1,726)	(280)	(2,006)
Merger of Bonsai	109	54	163
Merger of Ekobit	26	-	26
As of 31 December 2024	2,226	1,519	3,745
As of 1 January 2025	2,226	1,519	3,745
Increase	3,051	735	3,787
Reduction	(220)	(431)	(652)
As of 31 December 2025	5,057	1,823	6,880
Accumulated amortization
As of 1 January 2024	1,407	623	2,030
Amortization during the year	844	284	1,128
Reductions	(1,726)	(278)	(2,004)
Merger of Bonsai	4	30	33
Merger of Ekobit	11	-	11
As of 31 December 2024	540	658	1,198
As of 1 January 2025	540	658	1,198
Amortization during the year	1,054	296	1,350
Deregistration	(77)	(355)	(432)
As of 31 December 2025.	1,517	598	2,116
Carrying value
As of 31 December 2025	3,540	1,224	4,764
As of 31 December 2024	1,686	861	2,547
	Group		Company
Amounts recognized in profit and loss	2025	2024	2025
(in thousands of euros)
Depreciation costs for right-of-use assets	1,559	1,338	1,350
Business premises	1,249	1,042	1,054
Vehicles	310	296	296
Interest expense on lease liabilities	124	106	110
Business premises	69	62	58
Vehicle	55	44	52
Expenses related to short-term leases	263	519	175
	2025	2024	2025
(in thousands of euros)
Fixed payments
Business premises	1,296	1,103	1,109
Vehicles	360	334	339
Total	1,656	1,437	1,448

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

19. Right-of-use assets (continued)

	Group
	Within five years	Total
(in thousands of euros)
Options to extend expected to be exercised	1,911	1,911
	1,911	1,911
	Company
	Within five years	Total
(in thousands of euros)
Options to extend expected to be exercised	1,584	1,584
	1,584	1,584

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

20. Investments in financial assets

	Short-term
	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Financial assets measured at amortised cost
Deposits in banks	325	325	-	-
Receivables for guarantees from tenders	19	-	-	-
Investment in securities	341	236	22	22
Given loans	8	10	1.159	88
Finance lease receivables	18	-	61	24
Total	711	571	1,243	134
	Long-term
---	---	---	---	---
	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Financial assets measured at amortised cost
Receivables for tender guarantees	63	47	63	44
Receivables for lease guarantees	7	5	-	-
Finance lease receivables	49	-	184	-
Total	118	52	246	44

Investments in securities relate to shares in bond investment funds.

Receivables for financial leasing relate to sublease of business premises to a subsidiary or an associated company.

The current value of receivables for deposits and guarantees are considered a reasonable assessment of their fair value.

Impairment of financial assets

There has been no change in the estimation techniques or significant assumptions made during the current reporting period in assessing the loss allowance for these financial assets.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

20.1. Investments in subsidiaries

Subsidiaries are all companies over which the Company has control over financial and business policies. which includes more than half of the voting rights. During 2025, the Company established and invested in new members of the Group internationally.

(in thousands of euros)	Ownership	31/12/2025	31/12/2024
Span d.o.o., Slovenia	100%	395	395
Inkubator kibernetičke sigurnosti d.o.o., Zagreb	100%	350	350
Span LLC, Ukraine	100%	310	310
Trilix d.o.o., Zagreb	100%	543	543
Span-IT s.r.l., Moldova	100%	176	176
Span USA Inc., USA	100%	15	15
GT Tarkvara, Estonia	100%	10,427	10,427
Span LLC, Georgia	100%	124	124
Institution Span Cyber Security Center, Zagreb	100%	100	100
Span B.V., Netherlands	100%	150	-
Span Ltd, Kazakhstan	85.72%	150	-
Span Hellas, Grčka	90%	450	-
Total		13,191	12,441
		2025	2024
(in thousands of euros)
Balance at the beginning of the year		12,441	16,808
Acquisitions/establishments		750	634
Mergers		-	(5,001)
Balance at the end of the year		13,191	12,441

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Investments in associates

Associate name	Main activity	Place of establishment and business	Ownership share in %
			31/12/2025	31/12/2024
Fintech Digital Services d.o.o.	Computer and related activities	Zagreb, Republic of Croatia	35	35

Group

Associate name	Place of foundation and business	Value of investment	Impairment of the associated company	Share in the result for 2025	Value of investment
(in thousands of euros)		31/12/2024			31/12/2025
Fintech Digital Services d.o.o.	Zagreb, Republic of Croatia	260	(260)	-	-
Total		260	(260)	-	-

Company

Associate name	Place of foundation and business	Value of investment	Imapirment of the associated company	Value of investment
(in thousands of euros)		31/12/2024		31/12/2025
Fintech Digital Services d.o.o.	Zagreb, Republic of Croatia	266	(266)	-
Total		266	(266)	-

On December 31, 2025, the Company conducted impairment testing of investments in the associated company Fintech Digital Services d.o.o. It was determined that no future economic benefit can be expected from the investment. Based on the above, value adjustment was recognized.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Investment in associates (continued)

Associate name	Main activity	Place of establishment and business	Ownership share in %
			31/12/2025	31/12/2024
Span Evolve d.o.o.	Computer and related activities	Zagreb, Republic of Croatia	40	-

Group

Associate name	Place of foundation and business	Value of investment	Incorporation	Share in the result for 2025	Value of investment
(in thousands of euros)		31/12/2024			31/12/2025
Span Evolve d.o.o.	Zagreb, Republic of Croatia	-	120	(90)	30
Total		-	120	(90)	30

Company

Associate name	Place of foundation and business	Value of investment	Value of investment
(in thousands of euros)		31/12/2024	31/12/2025
Span Evolve d.o.o.	Zagreb, Republic of Croatia	-	120
Total		-	120

On 2 July 2025, registration of establishment of the company Span Evolve d.o.o., Zagreb, Koturaška cesta 47, OIB: 06241824468, share capital: EUR 300 thousand was announced. The Company holds 40% interest in the ownership of Span Evolve d.o.o.

Inventories

Merchandise inventories refer mainly to hardware purchases for customers and exceptionally this year to licenses for 2026, and for which the invoice was received on 31/12/2025. These licenses were sold on 1/1/2026.

The purchase value of licenses and hardware, which is expressed as an expense for the Group in the current year EUR 160,317 thousand (2024: EUR 119,696 thousand), and for the Company it is EUR 88,533 thousand (2024: EUR 63,217 thousand).

At the end of each year, the Group and Company review the net realizable value of inventories and adjust the value of inventories older than 1 year.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

22. Inventories (continued)

The purchase price of inventories expensed for the year, for both the Group and the Company amount to EUR 11 thousand (2024: EUR 12 thousand) and refer to the value adjustment of inventories up to net realisable value. Value adjustment of inventories has been reversed for inventories sold in the amount of EUR 12 thousand (2024: EUR 5 thousand).

The inventories value of EUR 287 thousand (2024: EUR 279 thousand) for the Group and EUR 284 thousand (2024: EUR 277 thousand) for the Company is expected to be sold within 12 months.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Trade goods	16	9	13	7
Licenses	271	271	271	271
Total	287	280	284	278

23. Trade and other receivables

	Long-term
	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Measured at amortized cost
Long-term trade receivables	1,043	-	-	-
Long-term receivables for pre-bankruptcy settlements	1	1	1	1
Total	1,044	1	1	1
	Short-term
---	---	---	---	---
	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Domestic trade receivables	21,626	19,250	8,790	9,342
Foreign trade receivables	13,717	6,645	13,305	6,314
Costs paid in advance	1,380	1,197	841	901
Receivables for VAT	1,404	45	27	37
Receivables from associated parties	-	-	621	628
Accrued income	4,139	3,393	4,104	3,091
Reduction of value of trade receivables	(1,343)	(1,585)	(52)	(40)
Income tax receivables	157	164	157	131
Other receivables	756	659	220	289
Total	41,836	29,768	28,013	20,693

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

23. Trade receivables and other receivables (continued)

Age structure of trade receivables

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Outstanding	30,646	21,861	19,097	14,128
0-30 days	1,839	1,701	1,486	1,388
31-60 days	673	299	523	230
61-90 days	651	214	616	173
91-180 days	1,002	353	874	240
181-270 days	127	159	103	74
271-360 days	85	61	-	34
Over 360 days	1,364	1,246	18	16
Total	36,386	25,894	22,717	16,283

The average credit period for the sale of goods for the Group is 48 days and for the Company 46 days (2024: Group 55 days, Company 48 days). Interest is not calculated for outstanding trade receivables.

The Group and Company always measure impairment of trade receivables in the amount equivalent to lifetime ECL. The expected credit losses on trade receivables are estimated using a provision matrix by reference to past default experience of the debtor and an analysis of the debtor's current financial position, adjusted for factors that are specific to the debtors, general economic conditions of the industry in which the debtors operate and an assessment of both the current as well as the forecast direction of conditions as at the reporting date.

The impairment of trade receivables is mostly related to the value adjustment of receivables in Span d.o.o., Slovenia for Studio Moderna, which is bankrupt.

Changes in expected credit losses on trade receivables

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Opening balance	1,585	1,069	40	33
Expected credit losses, net	11	21	14	1
Amount recovered during the year	(253)	-	(1)	-
Individual value adjustments	-	495	-	6
Closing balance	1,343	1,585	52	40

The Group and Company make value adjustments off trade receivables when there is information indicating that the debtor is in severe financial difficulty and there is no realistic prospect of recovery, e.g. when the debtor has been placed under liquidation or has entered bankruptcy proceedings, or in the case of trade receivables, when the amounts are over one year past due, whichever occurs sooner. In addition to the written off trade receivable for Studio Moderna, no written-off trade receivables are subject to enforcement activities.

Given that experience of the Group and Company in credit losses from the prior period does not point to significantly different loss patterns for different segments of customers, provisions for value adjustment based on exceeding the maturity do not differ additionally among different customers of the Group and the Company.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

23. Trade and other receivables (continued)

The Table below contains movement of expected credit losses through the whole period that are recognized for trade receivables in line with the simplified approach given in IFRS..

	Group
	Trade receivables - Overdue
31/12/2025	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
(in thousands of euros)
Expected credit losses	0.03%	0.14%	1.23%	4.74%	44.11%	91.74%
Estimated total gross carrying amount at default	30,646	3,163	1,002	126	85	1,364	36,386
Lifetime ECL	9	4	12	6	37	1,252	1,321
							35,065
	Trade receivables - Overdue
	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
(in thousands of euros)
Expected credit losses	0.02%	0.53%	12.85%	1.84%	4.62%	99.60%
Estimated total gross carrying amount at default	21,861	2,213	353	159	61	1,247	25,894
Lifetime ECL	5	12	45	3	3	1,242	1,310
							24,584
	Company
	Trade receivables - Overdue
31/12/2025	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
(in thousands of euros)
Expected credit losses	0.05%	0.13%	1.22%	5.13%	9.68%	43.69%
Estimated total gross carrying amount at default	19,097	2,625	874	103	0.09	18	22,717
Lifetime ECL	9	3	11	5	0.01	8	36
							22,681
	Trade receivables - Overdue
	Overdue	< 90	91 - 180	181 - 270	271 - 360	> 360	Total
(in thousands of euros)
Expected credit losses	0.03%	0.11%	1.64%	3.47%	6.17%	50.00%
Estimated total gross carrying amount at default	14,128	1,791	240	74	34	16	16,283
Lifetime ECL	4	2	4	3	2	8	23

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Borrowings

	Group		Company
(in thousands of euros)	31/12/2025	31/12/2024	31/12/2025	31/12/2024
Borrowings at amortised cost
Long-term
Bonds	24,651	-	24,651	-
	24,651	-	24,651	-
Borrowings at amortised cost
Short-term
Zagrebačka banka d.d.	-	1,007	-	1,007
OTP bank d.d.	-	2,038	-	2,038
Privredna banka Zagreb d.d.	-	2,310	-	2,310
Raiffeisenbank Austria d.d.	251	167	251	167
Borrowings from associated parties	-	-	13	-
Bonds	457	-	457	-
	708	5,522	721	5,522
Total	25,359	5,522	25,372	5,522
	2025	2024	2025	2024
(in thousands of euros)
As at 1 January	5,522	2,107	5,522	2,107
New loans	6,501	10,999	8,070	12,999
Loan repayments	(11,750)	(7,600)	(13,319)	(9,600)
Issued bonds	24,651	-	24,651	-
Interest expense	149	242	162	242
Interest repayments	(172)	(226)	(172)	(226)
Interest for issued bonds	457	-	457	-
Total	25,359	5,522	25,372	5,522

Loans to subsidiaries

Short-term	Company
(in thousands of euros)	2025	2024
As at 1 January	146	38
New loans	1,442	557
Loan repayments	(370)	(450)
Loan write-off	(58)	-
Foreign exchange differences	(11)	-
Interest expense	12	3
Interest repayments	(1)	(2)
Total	1,159	146

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

24. Borrowings (continued)

Other main features of the Group and the Company's borrowings are as follows:

i. The company does not use overdrafts.

ii. The Company has one bank loan (2024: six bank loans)

a. Loan of EUR 251 thousand that was contracted in March 2025 with Raiffeisenbank Austria d.d. (2024: EUR 167 thousand) from the multipurpose framework of EUR 5,000 thousand which is active on the reporting date. The framework is agreed upon and renewed on an annual level, and the date of maturity of the framework is July 2026. The utilized loan accrues interest of 3.05 % annually, as a fixed rate. The loan is insured with a promissory note issued by the Company.

iii. The company has issued bonds:

Sustainability-linked bonds with the ISIN: HRSPANO307A0 in the amount of EUR 25,108 thousand (2024: EUR 0 thousand), issued in July 2025 with the fixed interest rate of 3.75% with semi-annual payment and one-off maturity in July 2030. The simplified prospectus for the public offering and enlisting the sustainability-linked bonds is available at Corporate documents | Span.eu.

A part of loans in bank institutions are subject to liabilities defined by contracts on loans and multi-purpose frameworks based on which the Company and the Group are liable to meet the key performance indicators such as coverage of net debt. All liabilities are fulfilled at the date of the balance.

Analysis of borrowings per currency:	Group		Company
	EUR	USD	EUR	USD
(in thousands of euros)
December 31, 2024
Bank loans	5,522	-	5,522	-
Total	5,522	-	5,522	-
December 31, 2025
Bank loans	251	-	251	-
Bonds	25,108	-	25,108	-
Borrowings from related parties	-	-	-	13
Total	25,359	-	25,359	13

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

25. Deferred tax

The following is an overview of deferred tax liabilities and assets reported by the Group and the Company and their movement during the reporting period.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Deferred tax liability	(765)	(835)	(762)	(835)
Deferred tax assets	631	1,158	623	933
	(134)	323	(139)	98
	Group
---	---	---	---	---
Deferred tax assets	Tax incentives	Tax losses	Other	Total
(in thousands of euros)
As at 1 January 2024	1,472	248	4	1,724
Increase/(decrease) of deferred tax assets	(545)	(248)	226	(566)
Na dan 31. prosinca 2024	927	-	231	1,158
Increase/(decrease) of deferred tax assets	(312)	-	(214)	(526)
As at 31 December 2025	614	-	17	631
Deferred tax liability	Group
---	---	---	---	---
	Revaluation of the building and land	Acquisition of Ekobit	Other	Total
(in thousands of euros)
As at 31 December 2024.	412	169	-	581
Increase/(decrease) of deferred tax liability	275	(21)	-	254
As at 31 December 2024	687	148	-	835
Increase/(decrease) of deferred tax liability	(50)	(22)	3	(69)
As at 31 December 2025	637	125	3	765

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

25. Deferred tax (continued)

Deferred tax liability refers to the revaluation of land and buildings owned by the Group and the Company, the impact of which was recognized in other comprehensive income.

Deferred tax assets represent the corporate tax amounts that are recoverable based on future deductions of taxable profit and recognized in the statement of financial position. Deferred tax assets are recognized up to the amount of the tax revenues which are likely to be realised. When determining future taxable profit and amount of tax revenues that are likely to be realised in the future, the Group and Company make judgements and estimates based on taxable profit from prior years and expectations of future revenues that are considered reasonable in the current circumstances.

The Group and the Company recognized deferred tax assets mainly based on approved incentive measures that the Company expects to use for exemption from paying income tax.

SPAN d.d. and its subsidiaries
71

Notes to financial statements

For the year ended 31 December 2025

26. Lease liabilities

The Group and the Company are not exposed to substantial liquidity risk in terms of their lease liabilities.

Lease liabilities	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Lease liabilities – long-term	4,419	1,473	3,654	1,436
Lease liabilities - short-term	1,574	1,304	1,308	1,159
Total	5,993	2,777	4,962	2,595

Lease liabilities refer to the lease of business premises and company vehicles recognized in line with the provisions of IFRS 16 Leases.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Maturity of liabilities:
1st year	1,720	1,342	1,486	1,184
2nd year	2,163	1,130	1,385	1,103
3rd year	1,473	264	1,270	264
4th year	1,254	146	1,109	146
5th year	255	59	119	59
More than 5 years	36	-	-	-
	6,901	2,941	5,369	2,756
Less: unearned interest	(908)	(165)	(407)	(161)
	5,993	2,777	4,962	2,595
Analysed as:
Non-current	4,419	1,473	3,654	1,436
Current	1,574	1,303	1,308	1,159
	5,993	2,777	4,962	2,595

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

27. Trade and other payables

Trade payables and liabilities accounted for mainly comprise outstanding amounts for purchasing trade goods and current costs. The average credit period for the purchase of goods for the Group is 49 days and for the Company 46 days (2024: Group 56 days, Company 53 days). For most suppliers interest on trade payables is not calculated for the first 180 days from the invoicing date. Afterwards, interest is calculated for open balances by using different interest rates. The Group and the Company have financial risk management policies in place to ensure that all payables are paid within the agreed credit terms.

The Management Board believes that the carrying amount of trade payables approximates their fair value.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Domestic suppliers	4,013	8,592	1,318	6,479
Foreign suppliers	22,133	13,477	9,346	5,700
Replated party payables	-	-	3,126	176
VAT payable	4,291	1,948	1,230	602
Amounts due to employees	2,369	2,049	1,937	1,677
Accrued expense	2,423	2,863	610	740
Taxes and contributions on employee salaries	1,462	1,165	1,277	1,063
Advances received	672	606	227	292
Income tax liabilities	337	343	-	-
Other liabilities	2,203	2,073	1,030	534
Total	39,903	33,116	20,101	17,263

The Group's liabilities to foreign suppliers in 2025 mostly relate to liabilities to Microsoft Ireland Operations Ltd. Dublin, Ireland for resale licenses.

28. Equity

The share capital comprises of 1,960,000 shares with a nominal value of EUR 2 per share.

The Group's total capital and reserves increased by EUR 3,993 thousand. On 27/6/2025, the Company paid a dividend of EUR 1,564 thousand to the account of the Central Depository and Clearing Company (CDCC), which was paid to shareholders on 1/7/2025.

As of 31 December 2025, the Company held 10,760 (2024: 8,802) of its own shares.

The Company has one type of shares that do not carry the right to a fixed yield.

The Company has no losses in 2025 and no losses carried forward from previous years.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

29. Capital reserves

Capital reserves as of 31 December 2025 amount to EUR 8,888 thousand. The increase in the amount of EUR 86 thousand occurred during the allocation of shares during the year as the difference in the share price on the date of redemption and on the date of allocation.

30. Revaluation reserves

Property revaluation reserves

The reserve from the revaluation of property was formed in 2019 from the revaluation of land and buildings based on the assessment of an independent appraiser and was increased in 2024 based on a new estimate by an independent appraiser and as of 31 December 2024, is amounted to EUR 3,130 thousand, and as of 31 December 2025, it is amounted to EUR 2,902 thousand.

Revaluation reserves may be realised once the asset is derecognized or gradually by using assets in the amount defined as the difference between depreciation based on the revalued carrying amount of assets and depreciation based on the original purchase cost. Realised revaluation reserve is transferred to retained earnings.

When selling revalued land or revalued buildings, a portion of the properties revaluation reserve referring to the assets sold is transferred directly to retained earnings. Other comprehensive income items included in the properties revaluation reserve are not subsequently transferred to profit or loss.

The Group and the Company decided to realise the revaluation reserve by gradually using assets and in 2025 they realised revaluation reserves in the amount of EUR 228 thousand.

SPAN d.d. and its subsidiaries
74

Notes to financial statements

For the year ended 31 December 2025

31. Non-controlling interests

Below is an overview of summary information on all subsidiaries of the Company, in which the Company has material non-controlling interests until the time of the acquisition of 100% ownership. The summarised financial information below represents amounts before intra-Group eliminations.

	Group
	2025	2024
(in thousands of euros)
Balance at the start of the year	-	320
Increase of non-controlling interest based on conclusion of contracts	203	-
Decrease in non-controlling shares due to share acquisition	-	(320)
Shares in profits of the current year	(51)	-
Closing balance	152	-
Non-controlling interest
	2025	2024
(in thousands of euros)
Non-controlling interest - Trilix d.o.o.
Balance as at January 1	-	217
Decrease of non-controlling interest based on acquisition of shares	-	(217)
Balance as at December 31	-	-
Non-controlling interest - Bonsai d.o.o
Balance as at January 1	-	102
Decrease of non-controlling interest based on acquisition of shares	-	(102)
Balance as at December 31	-	-
Non-controlling interest - Span Kazakhstan Ltd
Balance as at January 1	-	-
Increase/decrease of non-controlling interest	28
Attributed net profit/loss	(5)	-
Balance as at December 31	23	-
Non-controlling interest - Span Hellas SA
Balance as at January 1	-	-
Increase/decrease of non-controlling interest	50
Attributed net profit/loss	(30)	-
Balance as at December 31	20	-
Non-controlling interest - Span Polska Sp. z o.o.
Balance as at January 1	-	-
Increase/decrease of non-controlling interest	125
Attributed net profit/loss	(16)	-
Balance as at December 31	109	-
Total	152	-

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Non-controlling interests (continued)

	31/12/2025	31/12/2024
(in thousands of euros)
Span Kazakhstan Ltd
Current assets	625	-
Fixed Assets	63	-
Current liabilities	(506)	-
Non-current liabilities	(19)	-
Equity attributable to owners of the Company	85.72%	0%
Non-controlling interests	14.28%	0%
	2025	2024
(in thousands of euros)
Revenues	1,015	-
Expenses	(1,046)	-
Profit/loss for the year	(32)	-
Profit/loss attributable to the owners of the Company	(27)	-
Profit/loss attributable to non-controlling interests	(5)	-
Profit/loss for the current year	(32)	-
Total comprehensive profit/loss attributable to the owners of the Company	(27)	-
Total comprehensive profit/loss attributable to owners of non-controlling interests	(5)	-
Total comprehensive profit/loss of the current year	(32)	-
	31/12/2025	31/12/2024
(in thousands of euros)
Span Hellas SA
Current assets	226	-
Fixed Assets	382	-
Current liabilities	(124)	-
Non-current liabilities	(283)	-
Equity attributable to owners of the Company	90%	0%
Non-controlling interests	10%	0%
	2025	2024
(in thousands of euros)
Revenues
Expenses	(299)	-
Profit/loss for the year	(299)	-
Profit/loss attributable to the owners of the Company	(269)	-
Profit/loss attributable to non-controlling interests	(30)	-
Profit/loss for the current year	(299)	-
Total comprehensive profit/loss attributable to the owners of the Company	(269)	-
Total comprehensive profit/loss attributable to owners of non-controlling interests	(30)	-
Total comprehensive profit/loss of the current year	(299)	-

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

Non-controlling interests (continued)

	31/12/2025	31/12/2024
(in thousands of euros)
Span Polska Sp. z o.o.
Current assets	442	-
Fixed Assets	-	-
Current liabilities	(6)	-
Non-current liabilities	-	-
Equity attributable to owners of the Company	75%	0%
Non-controlling interests	25%	0%
	2025	2024
(in thousands of euros)
Revenues	-	-
Expenses	(66)	-
Profit/loss for the year	(66)	-
Profit/loss attributable to the owners of the Company	(49)	-
Profit/loss attributable to non-controlling interests	(16)	-
Profit/loss for the current year	(66)	-
Total comprehensive profit/loss attributable to the owners of the Company	(49)	-
Total comprehensive profit/loss attributable to owners of non-controlling interests	(16)	-
Total comprehensive profit/loss of the current year	(66)	-

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

32. Notes to the cash flow statement

The carrying amount of these assets is approximately equal to their fair value. Below is an overview of cash and cash equivalents at the end of the reporting period.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Cash in bank	44,054	24,362	26,704	8,993
Cash at hand	2	7	1	1
Total	44,056	24,368	26,705	8,994

33. Deferred income

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Deferred income	3,792	2,714	1,504	2,618
Total	3,792	2,714	1,504	2,618

Deferred income refers to accruals and deferrals, i.e. income recognized in future periods in which the service is realised. Deferred income predominantly refers to advisory services regarding contracted projects with customers, recognized by reference to the stage of completion of the contract.

34. Contractual liabilities

Contractual liabilities predominantly refer to the liabilities for the purchase of business shares in the company Trilix d.o.o.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Contractual liabilities – non-current	8	107	8	107
Contractual liabilities - current	100	2,255	100	2,255
Total	108	2,362	108	2,362

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments

(a) Groups and categories of financial instruments and their fair value

Levels of fair value indicators 1 to 3 shall be based on the degree of fair value measurability:

Level 1 fair value measurements are those derived from quoted prices (unadjusted) in active markets for identical assets or liabilities;
Level 2 fair value measurements are those derived from inputs other than quoted prices included within Level 1 that are observable for the asset or liability, either directly (i.e. as prices) or indirectly (i.e. derived from prices); and
Level 3 fair value measurements are those derived from valuation techniques that include inputs for the asset or liability that are not based on observable market data (unobservable inputs).

The property fair value measurements were classified as level 3 measurements.

(b) Goals of financial risk management

The Group and the Company's treasury function supports operations, co-ordinates access to domestic and international financial markets, monitors and manages the financial risks relating to the operations of the Group and the Company. These include market risk (including currency risk, interest rate risk and price risk), then credit risk and liquidity risk.

The Group and the Company seek to minimise the effects of these risks by using financial instruments to hedge against the relevant exposures. The Company concluded a framework contract on derivative financial instruments for hedging against the interest and currency risk, as well as other risks that incur or may incur due to changes in prices, values etc.

(c) Market risk

The Group and the Company are primarily exposed to the financial risk of currency exchange rate changes in their business (see below). During 2024 and 2025, the Company contracted foreign exchange forward transactions to manage the exchange rate risk of USD and GBP currencies.

SPAN d.d. and its subsidiaries
79

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(c)(i) Currency risk management

The Group and Company undertake transactions denominated in foreign currencies; consequently, exposures to exchange rate fluctuations arise. The Company concluded a contract on derivative financial instruments for hedging against the currency risk. The table below details the carrying amounts of the Group and Company's foreign currency denominated monetary assets and liabilities at the reporting date.

Group

	31 December 2025
	EUR	USD	GBP	CAD	AUD	CZK
(in thousands of euros)
Cash in bank and petty cash	32	2,662	250	-	-	688
Trade and other receivables	7	6,049	2,055	47	44	-
Borrowings	-	(90)	-	-	-	-
Trade and other payables	(56)	(10,069)	(17)	-	-	-
Net balance sheet exposure	(17)	(1.448)	2.288	47	44	688
	31 December 2024
---	---	---	---	---	---	---
	EUR	USD	GBP	CAD	AUD	NOK
(in thousands of euros)
Cash in bank and petty cash	49	1,637	249	-	-	-
Financial assets	-	88	-	-	-	-
Trade and other receivables	38	1,961	559	74	53	-
Borrowings	-	(107)	-	-	-	-
Trade and other payables	(42)	(5,963)	(12)	-	-	(23)
Net balance sheet exposure	45	(2,384)	797	74	53	(23)

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(c)(i) Currency risk management (continued)

Company	31 December 2025
	USD	GBP	CAD	AUD
(in thousands of euros)
Cash in bank and petty cash	2,614	250	-	-
Financial assets	243	-	-	-
Trade and other receivables	5,837	2,055	47	44
Borrowings	(13)	-	-	-
Trade and other payables	(3,156)	(48)	-	-
Net balance sheet exposure	5,525	2,257	47	44
	31 December 2024
---	---	---	---	---
	USD	GBP	CAD	AUD
(in thousands of euros)
Cash in bank and petty cash	491	250	-	-
Financial assets	88	-	-	-
Trade and other receivables	1,655	559	74	53
Trade and other payables	(154)	(12)	-	-
Net balance sheet exposure	2,080	797	74	53

Currency risk sensitivity analysis

The Group and the Company are primarily exposed to USD risk as a result of the sale of services to customers mainly from the USA and the GBP currency due to sales to customers from the United Kingdom. The following table analyses the Group and the Company's vulnerability to an increase and decrease in the euro exchange rate of 1% against relevant foreign currencies. The 1% sensitivity rate is the rate used in internal reports to key managers on currency risk and represents management's assessment of realistically possible currency exchange rate fluctuations. Sensitivity analysis includes only open cash items in foreign currency, and it is converted items adjusted for a change of 1% in year-end currency exchange rates. Sensitivity analysis includes certain receivables (trade and other receivables) and liabilities ((loan liabilities to financial institutions, trade payables, and other contractual liabilities) that are denominated in foreign currency. A positive number indicates an increase in profits and other principal if the value of the euro rises by 1% against the currency in question. In the event of a 1% drop in the value of the euro against the currency concerned, the impact on profit or principal would be the same but opposite, i.e. the amounts in the table would be negative.

The following exchange rates were applied

	2025	2024
EUR 1	1.0000	1.0000
USD 1	1.1757	1.0444
GBP 1	0.8712	0.8295
CAD 1	1.6104	1.5035
AUD 1	1.7543	1.6756
CHF 1	0.9293	0.9435
NOK 1	11.8260	11.8455
SEK 1	10.8180	11.4865
CZK 1	24.2550	25.2260

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(c)(i) Currency risk management (continued)

	Group		Company
	Appreciation	Depreciation	Appreciation	Depreciation
31 December 2025
USD (1% Change)	(14)	14	55	(55)
GBP (1% Change)	23	(23)	23	(23)
AUD (1% Change)	1	(1)	-	-
CZK (1% Change)	7	(7)	-	-
31 December 2024
USD (1% Change)	(24)	24	21	(21)
GBP (1% Change)	8	(8)	8	(8)
CAD (1% Change)	1	(1)	1	(1)
AUD (1% Change)	1	(1)	1	(1)
CZK (1% Change)	2	(2)	-	-

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(c)(ii) Interest rate risk management

The Group and the Company are exposed to interest rate risk because they borrow funds at fixed and floating interest rates. The Group and the Company manage the risk by maintaining an appropriate ratio of borrowing with fixed and floating interest. The Group and the Company's exposure to interest rates on financial assets and financial liabilities is described in more detail in the section of this note relating to liquidity risk management.

Interest rate risk sensitivity analysis

The following sensitivity analyses are based on exposure to interest rates on non-derivative instruments at the end of the reporting period. For liabilities related to the floating interest rate, the analysis was made on the assumption that the amount of liabilities stated at the date of the statement of financial position was valid throughout the year. A 1% increase or decrease is used when reporting interest rate risk internally to key management personnel and represents management's assessment of the reasonably possible change in interest rates.

In the event that interest rates were 1% higher/lower while other variables were constant:

the Company's profit of the current year ending 31 December 2025 would decrease/increase by EUR 0 thousand (2024: it would decrease/increase by EUR 55 thousand), which is mainly linked to the Company's exposure to variable interest rate borrowing.

Company
Interest rate risk
(in thousands of euros)	2025	2024
Variable interest rate instruments
Loans and borrowings	-	5,466
Total	-	5,466
Interest rate increase by 1%	-	55

The Group's profit of the current year ending 31 December 2025 would decrease/increase by EUR 0 thousand (2024: decrease/increase by EUR 55 thousand), which can mainly be linked to the Group's exposure to variable interest rate borrowings

Group
Interest rate risk
(in thousands of euros)	2025	2024
Variable interest rate instruments
Loans and borrowings	-	5,466
Total	-	5,466
Interest rate increase by 1%	-	55

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(d) Credit risk management

	Group	Company
	31/12/2025	31/12/2025
(in thousands of euros)
Customer 1	2,993	2,993
Customer 2	2,971	2,971
Customer 3	2,620	2,620
Customer 4	2,121	1,745
Customer 5	1,745	1,567
Customer 6	1,567	1,525
Customer 7	1,525	668
Customer 8	1,251	512
Customer 9	1,233	414
Customer 10	776	373
Total	18,802	15,388
Total receivables	34,722	22,096
Share in total receivables (%)	54.15%	69.64%
	Group	Company
---	---	---
	31/12/2024.	31/12/2024
(in thousands of euros)
Customer 1	4,545	4,545
Customer 2	2,165	2,165
Customer 3	1,378	801
Customer 4	1,233	425
Customer 5	801	386
Customer 6	644	304
Customer 7	547	296
Customer 8	425	280
Customer 9	386	277
Customer 10	351	273
Total	12,475	9,752
Total receivables	25,267	15,656
Share in total receivables (%)	49.37%	62.29%

The Group and Company have adopted a policy of only dealing with creditworthy counterparties and obtaining sufficient collateral, where appropriate, as a means of mitigating the risk of financial loss from defaults. The Group and Company's exposure and the credit ratings of its counterparties are continuously monitored, and the aggregate value of transactions concluded is spread amongst approved counterparties.

Before accepting any new customer, a dedicated team responsible for the determination of credit limits uses an external credit scoring system to assess the potential customer's credit quality and defines credit limits by customer.

In addition, monitoring procedures have been put in place to ensure that the actions necessary to recover overdue debts are taken. The expected credit losses for trade receivables are estimated using a provisioning matrix based on experience with uncollected receivables and an analysis of the debtor's current financial position, aligned with the factors inherent in the debtor, the general economic conditions in their industry, and an assessment of the current and anticipated direction of movement of conditions. Apart from receivables for Studio Moderna, no written-off trade receivables are subject to forced collection. Furthermore, the Group and Company review the recoverable amount of each trade debt and debt investment on an individual basis at the end of the reporting period to ensure that adequate loss allowance is made for irrecoverable amounts. In this regard, the directors of the Company consider that the Group and Company's credit risk is significantly reduced. Trade receivables refer to many customers from different economic sectors and regions.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(d) Credit risk management (continued)

Out of the total balance of trade receivables at the end of the year, EUR 2,993 thousand (2024: EUR 4,545 thousand) refers to the receivable from Buyer 1, the largest buyer of the Group and the Company. Apart from this, the Group and Company do not have significant credit risk exposure to any single counterparty or any group of counterparties having similar characteristics. The Company and Group consider counterparties having similar characteristics related parties.

As at 31 December 2025, the estimated loss allowance for the Group was EUR 1,343 thousand (2024: EUR 1,585 thousand) and for the Company EUR 52 thousand (2024: EUR 40 thousand) (note 23).

(d)(i) Collection insurance instruments and other credit improvements

Where appropriate, the Company and Group hold collateral to cover their credit risks associated with their financial assets and continuously monitor customers.

d)(ii) Overview of the Group's and The Company's exposures to credit risk

Credit risk refers to the risk that a counterparty will default on its contractual obligations resulting in financial loss to the Group and Company. As at 31 December 2025, the Group and Company's maximum exposure to credit risk, without taking into account any collateral held or other credit enhancements, which will cause a financial loss to the Group and Company due to failure to discharge an obligation by the counterparties and financial guarantees provided by the Group arises from the carrying amount of the respective recognized financial assets as stated in the statement of financial position. For trade receivables, the Group and Company have applied the simplified approach in IFRS 9 to measure the loss allowance at lifetime ECL. The Group and Company determine the expected credit losses on these items by using a provision matrix, estimated based on historical credit loss experience based on the past due status of the debtors, adjusted as appropriate to reflect current conditions and estimates of future economic conditions. Thus, the credit risk profile of the relevant assets has been presented based on the past due status in relation to the Group's provision matrix.

SPAN d.d. and its subsidiaries
85

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

d)(ii) Overview of the Group and the Company's exposures to credit risk (continued)

Group
31/12/2025	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
(in thousands of euros)
Trade and other receivables	23	-	-	Expected credit losses throughout the lifetime (simplified approach)	43,179	1,343	41,836
Long-term trade receivables	23	-	-	Expected credit losses throughout the lifetime (simplified approach)	1,043	-	1,043
31/12/2024	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
(in thousands of euros)
Trade and other receivables	23	-	-	Expected credit losses throughout the lifetime (simplified approach)	31,353	1,585	29,768
Company
31/12/2025	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
(in thousands of euros)
Trade and other receivables	23	-	-	Expected credit losses throughout the lifetime (simplified approach)	28,065	52	28,013
31/12/2024	Note	External credit rating	Internal credit rating	12-month expected credit losses or expected credit losses throughout the lifetime	Gross Carrying value (s)	Loss allowance	Net Carrying Value (s)
(in thousands of euros)
Trade and other receivables	23	-	-	Expected credit losses throughout the lifetime (simplified approach)	20,733	40	20,693

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(e) Liquidity risk management

Responsibility for liquidity risk management rests with the management, which has established an appropriate liquidity risk management framework for managing short, medium and long-term funding and liquidity. The Group and Company manage liquidity risk by maintaining adequate reserves and credit lines, continuously comparing the planned and realized cash flow by monitoring the maturity of claims and liabilities. Details on unused credit products available to the Group and Company to additionally decrease liquidity risk are provided below.

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Bank loans with different maturities until 2026, secured by collection instruments, which can be prolonged by mutual agreement:
- amount used	251	5,466	251	5,466
- amount unused	30,130	21,465	28,169	19,684
	30,381	26,931	28,420	25,150

The Group and the Company expect to meet their other obligations from operating cash flows and proceeds of maturing financial assets.

(e)(i) Liquidity and interest rate risk analysis

The remaining period until the contract maturity of non-derivative financial liabilities of the Group and Company was analysed in the following tables. The tables have been drawn up based on the undiscounted cash outflows for financial liabilities in line with the earliest date when the Group and Company may demand payment. The tables detail cash flows from principal and interest. Based on expectations at the end of the reporting period, the Group and Company consider that it is more likely than not that no amount will be payable under the arrangement. However, this estimate is subject to change depending on the probability of the counterparty claiming under the guarantee which is a function of the likelihood that the financial receivables held by the counterparty which are guaranteed suffer credit losses. The contractual maturity is based on the earliest date on which the Group and Company may be required to pay.

	Group
	Average weighted effective interest rate	0-12 months	1-5 years	After 5 years	Total	Carrying value
(in thousands of euros)	%
31/12/2025
Liabilities to suppliers and other liabilities		39,903	-	-	39,903	39,903
Liabilities per lease (nominal amount)	3.52%	1,574	4,419	-	5,993	5,993
Loans (nominal amount)	4.06%	708	24,651	-	25,359	25,359
Interest on liabilities per lease		514	395	-	909	-
Interest on loans		938	3,750	-	4,688	-
31/12/2024
Liabilities to suppliers and other liabilities		33,116	-	-	33,116	33,116
Liabilities per lease (nominal amount)	3.52%	1,303	1,474	-	2,777	2,777
Loans (nominal amount)	4.02%	5,522	-	-	5,522	5,522
Interest on liabilities per lease		93	72	-	165	-
Interest on loans		40	-	-	40	-
	Company
	Average weighted effective interest rate	0-12 months	1-5 years	After 5 years	Total	Carrying value
(in thousands of euros)	%
31/12/2025
Liabilities to suppliers and other liabilities		20,101	-	-	20,101	20,101
Liabilities per lease (nominal amount)	3.14%	1,308	3,654	-	4,962	4,962
Loans (nominal amount)	4.06%	721	24,651	-	25,372	25,372
Interest on liabilities per lease		227	180	-	407	-
Interest on loans		938	3,750	-	4,688	-
31/12/2024
Liabilities to suppliers and other liabilities		17,263	-	-	17,263	17,263
Liabilities per lease (nominal amount)	3.14%	1,159	1,436	-	2,595	2,595
Loans (nominal amount)	4.02%	5,522	-	-	5,522	5,522
Interest on liabilities per lease		89	71	-	161	-
Interest on loans		40	-	-	40	-

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

35. Financial instruments (continued)

(e)(ii) Funding instruments

The Group and the Company use a combination of cash inflows from financial assets and available bank liquidity management instruments.

The table below contains an overview of cash inflows from assets:

	0-12 months	Group
		1-5 years	After 5 years	Total
(in thousands of euros)
31 December 2025
Long-term trade receivables	-	1,044	-	1,044
Investments in financial assets	711	118	-	830
Trade and other receivables	41,836	-	-	41,836
31 December 2024
Long-term trade receivables	-	1	-	1
Investments in financial assets	571	52	-	623
Trade and other receivables	29,768	-	-	29,768
	Company
	0-12 months	1-5 years	After 5 years	Total
(in thousands of euros)
31 December 2025
Long-term trade receivables	-	1	-	1
Investments in financial assets	1,243	246	-	1,489
Trade and other receivables	28,013	-	-	28,013
31 December 2024
Long-term trade receivables	-	1	-	1
Investments in financial assets	134	44	-	178
Trade and other receivables	20,693	-	-	20,693

(f) Capital management risk

The Group and Company manage their capital to ensure they will be able to continue as a going concern while maximizing the return to stakeholders through the optimisation of the debt and equity balance.

The capital structure of the Group and Company consists of net debt (borrowings after deducting cash and bank balances) and equity of the Group and Company (comprising issued capital, reserves, retained earnings and non-controlling interests).

The Group and the Company have contractually defined obligations with certain banks for certain key business indicators, such as the coverage of total net debt and the ratio of capital in the company's liabilities. The Group and the Company did not violate the contractually defined obligations for key indicators in 2024 and 2025.

Gearing ratio:

The funding ratio at the end of the year may be shown as follows:

	Group		Company
	31/12/2025	31/12/2024	31/12/2025	31/12/2024
(in thousands of euros)
Debt	(31,352)	(8,299)	(30,334)	(8,118)
Cash and bank balances	44,056	24,368	26,705	8,994
Net debt	12,704	16,069	(3,629)	876
Equity	37,847	33,853	34,624	29,840
Net debt-to-equity ratio	(0.34)	(0.47)	0.10	(0.03)

The Company and the Group have low or negative net debt ratio for all years. The debt includes long-term and short-term borrowings and liabilities for lease. The equity capital includes total capital and reserves that the Group and the Company manage of as capital.

SPAN d.d. and its subsidiaries

Notes to financial statements

For the year ended 31 December 2025

36. Events after the reporting period

After the date of the balance a war in the area of the Middle East outburst. The Group and the Company continuously monitor development of the situation and assess possible effects on the operation. On the date of approval of these financial statements, the Group and Company do not have significant direct exposure to the affected markets. The Management Board will continue to actively monitor the developments and take adequate measures for mitigation of possible adverse effects.

36.1 Contingent assets and liabilities

There are no contingent assets and liabilities

37. Approval of financial statements

The financial statements were approved by the Management Board on 30 April 2026.

The Annual Reports of the Group and the Company are available at the website of the company Span d.d.

For SPAN d.d.:

SPAN d.d. and its subsidiaries
89

Annex I: Limited assurance engagement on the key performance indicators, related to Sustainability-Linked Bond

span

Deloitte.

Deloitte d.o.o.
ZagrebTower
Rudničko cesta 80
35 000 Zagreb
Croatia
TAX ID: 11686457780
Tel: +385 (0) 1 2351 900
Fax: +385 (0) 1 2351 999
www.deloitte.com/hr

Independent Limited Assurance Report on the Limited Assurance Engagement on the performance indicators presented in the Sustainability Report of the company Span d.d. and its subsidiaries ("the Group") as at 31 December 2025, related to Sustainability-Linked Bond

To the Management Board of Span d.d.

Subject Matter and Applicable Criteria

We have undertaken a limited assurance engagement on the following key performance indicators, related to Sustainability-Linked Bond ("Selected Indicators"), presented in the Sustainability Report of the Group as of 31 December 2025 (the "The Sustainability Report") prepared by Span d.d. (the "Company"):

KPI 1: Total number of users of interactive cybersecurity training for small and medium-sized enterprises (SMEs) ("KPI 1") and

KPI 2: Absolute greenhouse gas emissions – Scope 1 and Scope 2 ("KPI 2")

The subject of the procedures referred to the confirmation of calculation of the Selected Indicators in terms of sustainability, the confirmation of the accuracy and/or appropriateness of the adjustments of the Selected Indicators, if any, as outlined under point 5.4.10 of Simplified Prospectus for Issuing a Public Offering and Listing of Sustainability Linked Bonds ("Sustainability Linked Bond Prospectus") published by the Company on 26 June 2025.

Selected indicators presented in the Sustainability Report, in section G1 – Company-specific disclosures: Development of security solutions for cyber attacks for KPI 1 and in sections E1-4 – Targets related to climate change mitigation and adaptation and E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions for KPI 2, were prepared in accordance with the Sustainability Linked Bond Framework published by the Company in June 2025 ("Sustainability Linked Bond Framework") and Sustainability Linked Bond Prospectus (point 5.4.10).

Our limited assurance engagement is limited to the selected indicators presented in the Sustainability Report.

Responsibility of the Management Board of the Company

The Management Board of the Company is responsible for the preparation and presentation of Selected Indicators presented in the Sustainability Report, in section G1 – Company-specific disclosures: Development of security solutions for cyber attacks for KPI 1 and in sections E1-4 – Targets related to climate change mitigation and adaptation and E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions for KPI 2, in accordance with the Sustainability Linked Bond Framework and Prospectus (point 5.4.10) published by the Company. This responsibility includes establishing and maintaining appropriate performance management and internal control systems from which the reported information is derived. The Management Board of the Company is also responsible for the provision of reliable, correct, and fair information, and for the accurate preparation of the documentation provided to us.

The company was registered at Zagreb Commercial Court: MBS-030022053; paid in initial capital: EUR 5,930.00; Company Directors: Katarina Kadunc, Goran Končar and Helena Schmidt, Bank: Privredna banka Zagreb d.d., Rudničko cesta 80, 10 000 Zagreb, bank account no. 2340009–1110098294; SWIFT Code: PBZGHR2X-BAN: HR3823400091110098294.

Deloitte refers to one or more of Deloitte Touche Tehnicatu-Linked ("DTTL"), its global network of member firms, and their related entities (collectively, the "Deloitte organisation"). DTTL (also referred to as "Deloitte Global") and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/en/about to learn more.

Deloitte.

Our Independence and Quality Management

Our Responsibility

Our responsibility is to express a limited assurance conclusion on the Selected Indicators presented in the Sustainability Report, in section G1 – Company-specific disclosures: Development of security solutions for cyber attacks for KPI 1 and in sections E1-4 – Targets related to climate change mitigation and adaptation and E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions for KPI 2, based on the procedures we have performed and the evidence we have collected. We conducted our limited assurance engagement in accordance with International Standards on Assurance Engagements 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information, issued by the International Auditing and Assurance Standards Board. This standard requires that we plan and perform this engagement to obtain limited assurance about whether that the key performance indicators KPI 1 and KPI 2 contained in the Sustainability Report, in section G1 – Company-specific disclosures: Development of security solutions for cyber attacks for KPI 1 and in sections E1-4 – Targets related to climate change mitigation and adaptation and E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions for KPI 2, are not inconsistent with the Sustainability Linked Bond Framework and Prospectus (point 5.4.10) published by the Company.

The procedures performed under the limited assurance engagement are different in nature and limited in scope both in terms of risk assessment procedures, including an understanding of internal control, and in terms of the procedures performed in response to the risks assessed compared to the reasonable assurance engagement. As a result, the level of assurance obtained through an assurance service providing limited assurance is significantly lower than the level of assurance that could be obtained through an assurance service providing reasonable assurance.

The procedures we performed were based on our professional judgement, our assessment of the risk of material misstatement of the indicators due to intentional actions or misstatements, and included interviews, observations of the processes performed, examination of documents, analytical procedures, assessments of the appropriateness of calculation methods and reporting policies, and reconciling with underlying records.

Summary of the Work Performed

In order to form our conclusion on the Selected Indicators presented in the Sustainability Report, in section G1 – Company-specific disclosures: Development of security solutions for cyber attacks for KPI 1 and in sections E1-4 – Targets related to climate change mitigation and adaptation and E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions for KPI 2, as at 31 December 2025, cumulatively for KPI 1 and compared to 2024 base year for KPI 2, we performed the following procedures:

Through inquiries, obtained an understanding of control environment and information systems of the Company relevant to reporting the indicators under review, but did not evaluate the design of particular control activities, obtain evidence about their implementation or test their operating effectiveness.
Obtained through inquiries, analytical procedures, observation and other applicable evidence gathering procedures on a sample basis, an understanding on the key structures, systems, processes, procedures and internal controls relating to collation, aggregation, validation and reporting of data for the indicators under review.
Compared and reconciled the information included in the Sustainability Report, in section G1 – Company-specific disclosures: Development of security solutions for cyber attacks for KPI 1 and in sections E1-4 – Targets related to climate change mitigation and adaptation and E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions for KPI 2, to internal documentation of the Company for Selected Indicators.
Based on inquiries, analytical procedures, observation and other applicable evidence gathering procedures on a sample basis, confirmed accuracy of Selected Indicators presented in Sustainability Report

FDF304F978FE3AA34E5DD7D53A394DD2

Deloitte.

Inherent limitations

The process the organization adopts to define, gather, and report data on its non-financial performance is not subject to the formal processes adopted for financial reporting. Therefore, data of this nature is subject to variations in definitions, collection, and reporting methodology with no consistent, accepted standard. This may result in non-comparable information between organizations and from year to year within the organization as methodologies develop. The accuracy and completeness of the information disclosed in the Sustainability Report is subject to inherent limitations given its nature and the methods for determining, calculating, or estimating such information.

Conclusion

Based on the work we have done and the procedures we have performed, nothing has come to our attention that causes us to believe that the Selected Indicators (i.e. key performance indicators KPI 1 and KPI 2) from the scope of our work presented in the Sustainability Report, in section G1 – Company-specific disclosures: Development of security solutions for cyber attacks for KPI 1 and in sections E1-4 - Targets related to climate change mitigation and adaptation and E1-6 – Gross Scopes 1, 2, 3 and Total GHG emissions for KPI 2, as at 31 December 2025 prepared by Span d.d. have not been prepared or compiled, in all material respects, in accordance with the Sustainability Linked Bond Framework and Prospectus and point 5.4.10 published by the Company.

Katarina Kadunc

Director and Certified Auditor

Deloitte d.o.o.

30 April 2026

Radnička cesta 80

10 000 Zagreb

Republic of Croatia

For signatures, please refer to the original Croatian auditor's report, which prevails.

span

FDF304F978FE3AA34E5D07D53A394DD2

AI assistant

Span d.d. — Annual Report 2025

2101_10-k_2026-04-30_61ab8455-d2b9-4c82-850c-784cc9a9ffa4.pdf

1.1. Statement by Nikola Dujmović,

Faster, Higher, Stronger

1.2. About Span

1.2.1. Span in numbers

1.2.2. History and development

1.2.2. History and development

1.2.3. Organizational structure of the Group

Headquarters

Domestic subsidiaries

International subsidiaries

1.2.4.1. Report on the application of the Corporate Governance Code

Report on the application of the Corporate Governance Code

1.2.4.2. Corporate Governance Code – Compliance Questionnaire for 2024

1.2.4.5. Corporate Governance Structure

1.2.4.5.1. Management Board

Saša Kramar

Mihaela Trbojević

Ante Mandić

1.2.4.3.2.1. Audit Committee

Nataša Zelenika

Tomislav Skorin

1.2.4.3.2.2. Nomination and Remuneration Committee

Hana Horak

Lucia Ana Tomić

Internal audit

1.2.4.3.3. General Assembly

1.3. Overview of operation

1.3.1. Description of the operation and main activities

1. Software Asset Management and Licensing

3. Service Center Management and Technical Support

4. Software and Business Solution Development

1.3.2. Industry trends

1.3.3. The Group Business Strategy for 2026

2.1. Key Events in 2025

2.1.1. Corporate Events

2.1.1.1. Establishments of Companies

2.1.1.1.1. Establishing the company Span Kazakhstan Limited with the registered office in Kazakhstan

2.1.1.1.2. Establishing companies in the Czech Republic and Poland

2.1.1.1.3. Establishing the company Span Evolve d.o.o.

2.1.1.1.4. Establishing the company Span Romania S.R.L.

2.1.1.1.5. Establishing the company Span Hellas in Greece

2.1.1.2. Issuance and listing of Sustainability-Linked Bonds

Number of SMEs registered in Span's cybersecurity course

Absolute Scope 1 and 2 GHG emissions

2.1.1.5. Appointment of the new member of the Management Board of the Company

2.1.1.4. Decision on the utilization of profit and payment of dividend

2.1.1.5. General Assembly of Span d.d.

2.1.1.6. Acquisitions and disposals of own shares

2.1.1.7. New ESG strategy adopted

2.1.2. Business events and achievements by business segments

2.1.2.1. Software Asset Management and Licensing

2.1.2.2. Infrastructure Services, Cloud & Cyber Security

2.1.2.5. Software and Business Solution Development

2.1.2.4. Service Center Management and Technical Support

2.1.2.5. Overview of operation of international subsidiaries

Slovenia

Azerbaijan

Ukraine

Moldova

Estonia

Georgia

Kazakhstan

Greece

2.1.2.6. Business awards, recognitions and achievements

2.1.2.6.1. Span Croatia, Slovenia and Ukraine – winners of 2025 Microsoft Partner of The Year Awards

2.1.2.6.2. Starbucks Supplier of the Year

Supplier of the Year

2.1.2.6.3. Modernization of visual identity and strengthening market recognition

2.1.2.6.4. Span Cyber Security Arena

2.1.2.6.5. Golden Balance Sheet

2.1.2.6.6. Hewlett Packard Enterprise Gold Partner Status renewed

2.1.2.6.7. Three new Microsoft Specializations

AI platform on Microsoft Azure

Microsoft Copilot

Calling for Microsoft Teams

2.1.2.6.8. Span Cyber Security Center transitioned into Educational Institution for Adults

2.2. Information for shareholders

Span d.d. Annual Report 2025