WithSecure 2023	3
WithSecure in Brief	3
WithSecure Elements	4
Letter from the CEO	5
Board of Directors' report and financial statements	7
Board of Directors' report	9
WithSecure consolidated financial statements	18
Statement of comprehensive income January 1 – December 31, 2023	19
Statement of financial position December 31, 2023	20
Statement of cash flows January 1 – December 31, 2023	21
Statement of changes in equity	23
Notes to the Financial Statements	24
WithSecure Corporation financial statements	57
Income statement January 1 – December 31, 2023	58
Balance sheet December 31, 2023	59
Cash flow statement January 1 – December 31, 2023	60
Notes to the parent company Financial Statements	62
Signatures of the Board of Directors	76
Auditor's Report	77
Key figures	81
Sustainability Report	88
Maximizing net impact - Introduction of W/Sustainability	90
Safer and greener digital world	96
A truly equitable workplace	105
Responsibly run business	111
Upright Project – estimating net impact	116
Carbon footprint and climate policy	118
EU Taxonomy	121
Sustainability governance in WithSecure	126
Corporate Governance	127
WithSecure's Corporate Governance Statement 2023	129

	Internal control and risk management	134
	Board of Directors	135
	Global Leadership Team	139
	Remuneration Report
	Letter of the Chair of the Personnel Committee	145
	Remuneration of the Executives	146
	Remuneration of the Board of Directors	147
	Remuneration of the President and CEO	148
Information for shareholders		152
	Contact information	152

WithSecure in Brief

We exist to build and sustain digital trust.

Revenue, EUR million

Founded

1988

Employees

1087

Nationalities

One Experience. Fully modular. Made for Co-Security.

WithSecure Elements™ is a unified, cloud-based, intelligent and highly automated cyber security platform. It is complemented by world-class services, available to customers and partners according to their needs.

2023 – Focusing on Elements and Cosecurity

Year 2023 was marked by the slowing economic growth, especially in Europe. Cyber security industry was impacted by increasing control over IT spend and longer decision-making cycles of the customers. In 2024, the economic growth is expected to strengthen, thanks to lower inflation and increase of real disposable income. Economy growth will be supported by the pick-up in demand already visible outside of euro area.

The demand for cyber security products and services in longer term is expected to remain high, despite the IT sector softness in 2023. Professionalization of cybercrime continues, and artificial intelligence (AI) enhanced methods will be equally available to attackers as well as defenders. The geopolitical tensions are increasingly complicated and have opened new frontiers of war in the cyber space. In WithSecure, our purpose of building and sustaining digital trust is only becoming more relevant with the changes of times.

Despite the tougher economic environment, WithSecure's cloud revenue grew by 19% from the previous year. All main cloud-based products grew their revenue. Performance was particularly strong in France and DACH areas throughout the year, but growth was positive in all main geographic regions where the company operates.

Our Managed Detection and Response (MDR) product Countercept was impacted by the increasing competition in the enterprise-size customer segment. However, we have successfully shifted the sales of

Countercept to medium-sized customers in Europe, which is well aligned with our updated strategy.

In October 2023, we introduced significant updates to WithSecure strategy. In the future, we will focus on the Elements Cloud portfolio, sold through our partner network primarily to mid-market customers. We foresee a significant opportunity in supporting these often overwhelmed and under-resourced customers with cost efficient, automated solutions.

In the growingly complex world of cyber security, we are increasingly aware of the importance of collaboration between the key players. We are developing our products and services in collaboration with both our partners and end-customers, to ensure that we can meet their real-life cyber security challenges in the most effective way. Our co-security approach has already resulted to introduction of service products, such as the Co-Monitoring, to complement the services that our partners are offering to their customers. We believe that the combination of our own in-house software, complemented by worldclass supporting services that are available to our partners and customers according to their needs, will be a strong differentiating factor for WithSecure in the cyber security market.

In addition to the co-security services, we will focus on developing the Exposure management capabilities of our portfolio. The focus of cyber security will shift from stopping breaches to preventing them by understanding and minimizing the vulnerable points in the IT environment, strongly supported by AI. We are looking forward to launching some new, exciting products in the Exposure management area during 2024.

Our objective is to work towards becoming a leading European cyber security provider. We have strong roots in Finland, and alignment with the European values has always been part of our DNA. Our products will support the customers in aligning their operations with the requirements of the upcoming European regulation. We also intend to actively participate in the discussions around regulation and standard setting of the cyber security industry.

WithSecure cyber security consulting was impacted by customers delaying their spend, especially in the first half of 2023. In the fourth quarter, both consulting revenue and backlog improved significantly. In addition, the consulting unit improved its profitability, thanks to systematic efforts taken by the team to

improve coordination between customer demand and resourcing of the work. As part of the updated strategy, WithSecure announced that the cyber security consulting will be established as an independent unit serving large enterprise customers in US, Europe, and Asia. It will continue to build a world-leading offensive security consultancy. A process has been initiated to explore strategic options for the cyber security consulting business.

Cloud Protection for Salesforce (CPSF) revenue grew from previous year. We are glad to provide the Salesforce content protection to a growing number of international enterprise customers. As part of the updated strategy, WithSecure announced that a strategic review will be initiated, to explore alternatives for accelerating the CPSF business with full or partial divestment.

Since the F-Secure demerger in June 2022, WithSecure has taken continuous steps in transforming its strategy and organization to meet the requirements of a modern SaaS company. This has meant some difficult measures, such as the two restructuring rounds that we went through during the year. All parts of the organization have reviewed their processes and costs to optimize the operations. As a result of such measures, WithSecure reported its first profitable quarter at the end of 2023 – a small but significant positive Adjusted EBITDA of EUR 0.2 million and a positive operating cash flow are signs of our ability to create profitable growth in the future.

I would like to present my heartfelt thanks to the WithSecure personnel for their resilience and energy during the year. I would also like thank our customers, partners, and other collaborators for our joint journey. We are looking forward to a great year of co-security with you.

Juhani Hintikka

Board of Directors' report	9
WithSecure consolidated financial statements	18
Statement of comprehensive income January 1 – December 31, 2023	19
Statement of financial position December 31, 2023	20
Statement of cash flows January 1 – December 31, 2023	21
Statement of changes in equity	23
Notes to the Financial Statements	24
1 Segment information	31
2 Revenue	31
3 Other operating income	32
4 Leases	33
5 Depreciation, amortization, and impairment	34
6 Personnel expenses	34
7 Audit fees	35
8 Financial income and expenses	35
9 Income tax	36
10 Earnings per share	36
11 Discontinued operations	37
12 Goodwill	39
13 Non-current assets	40
14 Shareholder's Equity	42
15 Trade and other receivables	44
16 Share-based payment transactions	46
17 Financial assets and liabilities	48
18 Management of financial risks	50
19 Deferred tax	53
20 Provisions	53
21 Other liabilities	54
22 Contingent liabilities	54
23 Related party disclosures	55
24 Subsidiaries	56

WithSecure Corporation financial statements	57
Income statement January 1 – December 31, 2023	58
Balance sheet December 31, 2023	59
Cash flow statement January 1 – December 31, 2023	60
Notes to the parent company Financial Statements 62
Accounting principles for the parent company financial statements	62
1 Revenue	65
2 Other operating income	65
3 Depreciation, amortization, and impairment	65
4 Personnel expenses	66
5 Audit fees	66
6 Financial income and expenses	67
7 Appropriations	67
8 Income taxes	67
9 Non-current assets	68
10 Investments in group companies	69
11 Deferred tax	69
12 Receivables	70
13 Short-term investments	71
14 Cash and short-term deposits	71
15 Statement of changes in shareholders' equity	72
16 Shareholders' equity	73
17 Share-based payment transactions	73
18 Liabilities	74
19 Financial risk management	74
20 Operating lease commitments	75
21 Contingent liabilities	75
Signatures of the Board of Directors	76
Auditor's Report 77
Key figures	81

Board of Directors' report

Year 2023 was marked by the slowing of global economic growth, as well as increasing geopolitical turmoil. The cyber security landscape was impacted by these changes, as well as the technological developments. In 2023, the first malware using artificial intelligence was discovered. The increasing use of AI by cyber criminals will set new challenges for the defenders.

WithSecure offers a portfolio of cyber security products and services to participate in protecting companies from the increasingly complicated cyber security risks.

WithSecure revenue for 2023 was EUR 142.8 million, representing a total revenue growth of 6% from previous year. The growth in 2023 was driven by the cloud-based security products, with a 19% growth of revenue. On-premise revenue declined according to expectations. Cyber security consulting revenue declined by 6% from previous year due to a challenging first half in the market.

On 31 October 2023, WithSecure announced its updated strategy and the intention to focus on serving mid-market customers through the Elements cloud portfolio and related services. The main sales channel will be the partner channel. As part of the announcement, WithSecure communicated that it has initiated a process to explore strategic options, including a full or partial divestment of one or both enterprisefocused businesses, cyber security consulting and Cloud Protection for Salesforce.

Market overview

Digital services are an essential component of society that must always work. Disruptions of the digital services can cause serious damage to society, the wellbeing of its members and business operations. The war in Ukraine caused some exceptional consequences to the cyber security landscape, such as highly visible governmental activities, as well as organized civilian response. New situations can lead to uncontrolled cyber security threats that can be difficult to predict. In the new era of greater uncertainty, cyber resilience of organizations has become more important than ever. While advanced cyber-attacks on large enterprises continue, criminals are also targeting smaller businesses and supply chains by taking advantage of vulnerabilities in popular software as well as compromised credentials. Generative Artificial Intelligence makes ransomware and phishing schemes easier to deploy. Apart from activities carried out by criminals, governments can also

use vulnerabilities and malware for surveillance purposes. With the increasingly complex IT environments and new ways of working, such as remote work and bring-your-own-device, the attacks are evolving towards difficult-to-detect fileless techniques and identity-based attacks, rather than malware deployment. Attacks against organizations can go undetected for months, and widespread security skills shortage is holding back organizations' readiness to detect and respond to cyberattacks.

These trends are expected to continue to drive an increasing demand for detection and response products and services. As part of improved cyber resilience, threat exposure management is becoming more important than ever to proactively reduce the digital attack surface. As organizations are shifting to cloud, they seek managed security services and cloud-based delivery models to help them protect hybrid workforce and increased use of cloud services. It is also becoming increasingly important that the selected cyber security solutions consolidate point solutions into security platforms, integrate with the existing solutions, and ensure visibility across entire IT and cloud environments. Organizations are increasingly turning into outsourcing of security capabilities to address skills and resource shortages, while stricter position on data protection, particularly in Europe, is driving the demand of alternatives to globally delivered managed security services. This will increase the need for proven services from established cyber security vendors, who can respect the data restrictions of a particular region.

As artificial intelligence (AI) continues to advance, both defenders and attackers are expected to employ more sophisticated techniques, shaping the landscape of cyber threats.

AI based cyber threats will refer to malicious activities where AI techniques are used to exploit vulnerabilities in computer systems. This includes the use of AI algorithms to automate and enhance various cyber-attacks. Examples of AI based threats include advanced phishing attacks using machine learning to create convincing email content, automated and adaptive malware that evolves to evade traditional defenses, and AI driven social engineering attacks that leverage sophisticated algorithms to manipulate human behavior.

AI will also significantly impact cybersecurity by enhancing threat detection, automating response mechanisms, and improving overall defense strategies. Machine learning algorithms can analyze vast amounts of data to identify patterns and anomalies, enabling quicker identification of potential threats. Additionally, AI driven tools enhance the efficiency of cybersecurity professionals by automating routine tasks and providing real-time insights, ultimately strengthening the resilience of digital systems against evolving cyber threats.

Financial performance and key figures

Revenue and ARR

The company's total revenue grew by 6% to EUR 142.8 million from the previous year (EUR 134.7 million).

Since 2022, WithSecure has reported its revenue split into three categories. Cloud revenue includes the Elements platform cloud-based products, Managed Detection and Response (MDR) and Cloud Protection for Salesforce (CPSF) revenue. Onpremise revenue includes the Elements portfolio on-premise product (Endpoint protection) and other legacy products. Consulting revenue includes the cyber security consulting services.

Cloud revenue

Cloud-based security products' revenue grew by 19% to EUR 81.9 million (EUR 68.7 million). The growth was driven by both new customer acquisition as well as expansion of existing customers to new products, especially Endpoint Detection and Response (EDR). Elements Cloud platform is also regularly updated with new features to provide a comprehensive selection of cyber security products to the customers.

For cloud and on-premise products, WithSecure reports the Annual Recurring Revenue (ARR) on a quarterly basis to reflect the latest status of recurring revenue sales. The ARR is calculated by multiplying the monthly recurring revenue of the last month of the quarter by twelve. Monthly recurring revenue includes recognized revenue within the month excluding non-recurring revenues. In 2023, cloud ARR grew by 8% from previous year.

On-premise revenue

On-premise security products' revenue declined by 10 % to EUR 24.4 million (EUR 27.2 million). This development is in line with our expectations, with customers moving their data processing to cloud environments.

Cyber security consulting

Cyber security consulting revenue declined by 6% to EUR 36.6 million (EUR 38.8 million). In the first half of 2023, the demand for consulting services declined due to the uncertainties in the economy, especially in the financial sector that represents a large share of the WithSecure consulting customers. In 2023, the team took systematic measures to improve the coordination between customer demand and work resourcing. In the fourth quarter of 2023, consulting revenue increased to EUR 10.8 million and the profitability improved significantly. The improved consulting Gross margin impacts the overall profitability of WithSecure.

Gross margin

WithSecure Gross margin for 2023 increased to EUR 100.2 million (EUR 87.7 million) and was 70.2% (65.1%) of sales. In addition to the improved gross margin of cyber security consulting, continuous work on aligning technology platforms of the MDR solutions, as well as optimizing data processing costs has resulted in improved profitability.

Operating expenses

Operating expenses, excluding items affecting comparability (IAC) as well as depreciation and amortization, increased to EUR 117.7 million (EUR 116.7 million).

Items affecting comparability (IAC) were EUR -9.0 million (EUR -3.3 million). Of this, EUR -8.9 million is related to restructuring activities of the first quarter and fourth quarter, EUR +1.4 million to the valuation of earn-out from previously divested businesses and EUR -1.4 million to strategic projects.

Profitability

WithSecure Adjusted EBITDA was EUR -16.1 million for 2023 (EUR -23.2 million in 2022; Estimated comparable EBITDA for the first two quarters of 2022). The improvement of profitability is partly related to the improved Gross margin. In

addition, WithSecure carried out change negotiations during the first and last quarter of 2023, resulting in the termination of approximately 176 roles in total.

Cash flow

Cash flow from operating activities before financial items and taxes was EUR -19.9 million (EUR -14.2 million). Cash flow for the comparative period includes both continuing and discontinued operations. Negative operative cash flow was driven by operative result as well as significant restructuring related costs.

Discontinued operations (in 2022)

On 30 June 2022, WithSecure completed the separation of its consumer security business into an independent company, F-Secure, through a partial demerger. In this Annual Report, WithSecure presents the consumer security business for the period January – June 2022 as Discontinued operations under IFRS 5. For further information regarding the presentation of the demerger-related financials, see Accounting principles for the consolidated financial statements and Note 11 (Discontinued operations).

Acquisitions and financial arrangements

WithSecure did not carry out acquisitions during 2023.

In September 2023, the company signed a new committed EUR 20 million revolving credit facility (RCF) with OP Corporate Bank. The facility will mature in three years from its signing. The new facility is subject to conventional covenants related to the ratio of net debt to EBITDA and equity ratio. The facility diversifies WithSecure's financing base and secures reaching the growth strategy goals.

Changes in the group structure

WithSecure did not have any changes in its group structure during 2023.

Capital structure

The Group's liquid assets of EUR 36.6 million consisted of cash and cash equivalents. Cash and cash equivalents include bank deposits with maturity of less than three months.

Research and development

WithSecure research and development expenditure in 2023 was EUR 47.3 million (EUR 39.1 million), representing 33% (29%) of revenue. Capitalized development expenses were EUR 3.0 million (EUR 2.4 million). WithSecure is a cyber security technology company for which the ability to innovate is crucial.

WithSecure has been recognized in third party technology evaluations. We believe this is for providing the best protection, advanced detection and effective response capabilities and high customer satisfaction. Gartner® included WithSecure in their December 2023 Magic Quadrant™ for Endpoint Protection Platforms¹ , and Forrester recognized us as one of the notable vendors in The Forrester Wave™ for Managed Detection and Response Services in Europe Q4 2023. During 2023, WithSecure achieved top marks in the scoring for Protection and Usability in AV-TEST's continuous evaluation of the Elements portfolio. We feel this is a strong statement to the value of our solution that protects our customers effectively without sacrificing its precision. In addition, the Elements portfolio was again put through the MITRE Engenuity's ATT&CK® Enterprise evaluation, this time facing a sophisticated threat group called Turla. Elements showed its efficacy in having visibility across the kill chain.

On the cyber security research front, WithSecure continued researching and tracking threat actors, resulting in exposing not only the evolved TTPs of the DuckTail threat actor, but also novel activity from major threat actors such as FIN7 and Lazarus. This research was instrumental in improving WithSecure's cyber security capabilities and strengthening our ability to serve customers through various engagements. WithSecure also focused extensively on the topic of Large Language Models (LMM) and the challenges and opportunities that they bring to cybersecurity, resulting in several highly visible publications that strengthened

¹ GARTNER and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.The Gartner content described herein, (the "Gartner Content") represent(s) research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, Inc. ("Gartner"), and are not representations of fact. Gartner Content speaks as of its original publication date (and not as of the date of this Annual Report) and the opinions expressed in the Gartner Content are subject to change without notice.

WithSecure's position as a thought leader in this space. The WithSecure team has advised many high-profile entities and media outlets on the topic and plans to continue researching what happens at the intersection of cybersecurity and AI. The results of our research are regularly shared on the WithSecure™ Labs website.

Year 2023 brought along great advancements to our product and service offerings. Building on the Elements launches of the previous year, WithSecure continued to further develop the unified capabilities of its Elements Cloud. Our fifth Elements module, Elements Cloud Security Posture Management (CSPM), was launched to the market. Elements CSPM enables customers to protect their cloud infrastructure from the same Elements Security Center that they use for other Elements cyber security solutions. As a part of our commitment to providing comprehensive security solutions, we introduced the WithSecure Co-Monitoring service to the market. This service complements our Elements EDR offering by providing either round-the-clock or out-of-office hours monitoring of high-risk EDR incidents, managed by our dedicated WithSecure team. Throughout the year, we have rolled out numerous new features for our Elements products. Some notable additions included WithSecure Rollback, Software Updater for Mac, Outbreak Control, Dynamic threat intelligence data, and new integrations such as the SOAR integration and Sentinel Connector. WithSecure also launched a new range of Incident Readiness and Response services to help customers with the challenges of fast incident response, including Incident Readiness, Incident Response Retainer, and Emergency Incident Response Support.

A substantial part of development efforts during 2023 were also focused on the successful completion of transitional services agreements related to the F-Secure demerger. WithSecure continues to provide certain services to F-Secure on a commercial basis.

Non-financial information

In 2023, WithSecure has continued working on its W/Sustainability program started in 2022.

WithSecure's purpose is to build and sustain digital trust. Our experts work every day to ensure that the digital tools and services are safe for the users. This in turn reduces the need for materials and transportation, enabling a more sustainable world. Today, most businesses of are becoming more intelligent and data-driven

– and more vulnerable for external attacks. Our work is our most important contribution to sustainability.

In addition to its important purpose, WithSecure wants to ensure that its activities are carried out in the best possible way regarding the planet, people, and society around us. It could mean sharing knowledge and supporting the parties who cannot always defend themselves. The carbon footprint of a software and services company is not high, but every company must do their part in minimizing the environmental impacts of their activities and products. WithSecure employs highly skilled experts around the world and wants to support their wellbeing and growth opportunities. The company's internal operations must always follow highest ethical standards.

Leading guideline of W/Sustainability program is Maximizing Net Impact – on the planet, people, and society. The objective of the sustainability program is to ensure that sustainability is embedded in all company decisions. Another objective is to ensure full transparency of our sustainability activities to users of the company reports. WithSecure closely follows European legislation on sustainability reporting to ensure alignment with the requirements set to the public companies.

In 2023, WithSecure prepared a double-materiality assessment in line with the upcoming Corporate Sustainability Reporting Directive (CSRD) requirements. The resulting analysis will be used as the basis for outlining the processes and controls to ensure full compliance with the directive in 2025.

Based on the analysis of the EU Taxonomy Regulation (2020/852), and related guidance from the European Commission, WithSecure's activities are not eligible for the current taxonomy. New activities, however, with new environmental targets in the future, might be more relevant for WithSecure and trigger the need of re-assessing both eligibility and alignment.

In 2022, WithSecure quantified its carbon footprint for the first time, in accordance with the Greenhouse Gas (GHG) Protocol. In 2023, some adjustments were made to the baseline, to improve alignment with the GHG requirements. In 2023, WithSecure has set its first, informal targets regarding its climate actions.

WithSecure's sustainability work is described in more detail in the Sustainability Report 2023, published as part of the Annual Report 2023.

Organization and management

Personnel

At the end of 2023, WithSecure had 1,087 employees. The reduction of 208 employees from the previous year-end (1,295 employees) is mainly explained by the restructuring and other savings carried out during the year.

Leadership team

In July 2023, Chief Customer Officer Juha Kivikoski announced that he will leave the company. CEO Juhani Hintikka assumed the CCO role in interim. New Chief Customer Officer Lasse Gerdt started on 1 January 2024.

In December 2023, Chief Technology Officer Tim Orchard announced that he will leave the company. CTO role will be included in the Chief Product Officer role going forward.

In October 2023, WithSecure announced strategy changes which impact the operating model of the company. Cyber security consulting will operate as a separate business unit, led by Scott Reininga. Other parts of the Solutions business unit will be integrated to other units of the company. All changes became effective on 1 January 2024.

At the end of the year, the composition of the Global Leadership Team was the following:

Juhani Hintikka (President and CEO, acting CCO), Christine Bejerasco (CISO), Charlotte Guillou (Chief People Officer), Tom Jansson (Chief Financial Officer), Antti Koskela (CPO), Tim Orchard (CTO), Scott Reininga (EVP, Solutions, became EVP, Consulting on 1 January 2024), Tiina Sarhimaa (CLO) and Ari Vänttinen (CMO).

Shares, Shareholders' equity, Own shares

The total number of company shares is currently 176,098,739. The company's registered shareholders' equity is EUR 80,000. The company held 226,120 of its own shares at the end of the financial year.

The company holds its own shares to be used in the incentive compensation plans, for making acquisitions or implementing other arrangements related to the company's business, to improve the company's financial structure or to be otherwise assigned or cancelled.

In January–December, 59,951,540 (67,096,454) of WithSecure's shares were traded on the Helsinki Stock Exchange. The highest trading price was EUR 1.74 (5.65), and the lowest price was EUR 0.74 (1.27). The volume weighted average price of WithSecure's shares in 2023 was EUR 1.28 (2.75). The share's closing price on the last trading day of the year, 29 December 2023, was EUR 1.04 (1.37). Based on that closing price, the market value of the company's shares, excluding the treasury shares held by the company, was EUR 182 million (240 million).

The company currently has share-based incentive plans covering management and key personnel of the Group, as well as a share savings plan available to all employees. Information on the programs is provided in Note 16 (Share-based payment transactions) of the Financial Statements, as well as the Remuneration Report 2023.

Risks and uncertainties

WithSecure operations are subject to risks and uncertainties that can impact the business performance, profitability, financial position, market share, reputation, share price or the achievement of its short-term and long-term objectives. These risks and uncertainties described here should not be considered as an exhaustive list.

The objective of WithSecure risk management is to identify various risks that could have an impact on the business, and to implement appropriate measures to mitigate the risks. In assessing the risks, WithSecure considers both the probability and the potential impact of each risk, as well as the resources required to manage and mitigate the risk. Ensuring business continuity in all situations is an essential part of the risk management. WithSecure risk management principles and process are described in the Corporate Governance Statement of 2023.

Risks related to cyber security market

Market consolidation

The cyber security market is scattered to many providers of software and services. The large market participants are investing heavily in the development of embedded security and winning market share. Market consolidation is considered a likely development. WithSecure must succeed in its chosen strategy as well as in finding the right acquisition targets, and in integrating the acquired companies into its operations. As one of the smaller players in the market, the company must always keep itself relevant to the customers, by ensuring both up to date technology and good quality, timely services.

Geopolitical risks

Geopolitical uncertainties, such as the war in Ukraine, have significantly increased the risk of unexpected disruptions of the world economy and security stability. Likelihood of acts of terror impacting societal infrastructures has increased with this development. Any such events could also impact WithSecure's ability to run its business. The increasing activity of nation-state cyber criminals will continue to impose business interruptions also during 2024.

For corporate responsibility reasons, WithSecure is not conducting business with any Russian or Belarussian parties, even in cases where it would be permitted by the export control regulations.

WithSecure operates in different countries and is therefore exposed to country risks of each location. Changing circumstances and regulation in different operating countries is exposing WithSecure to risks, such as unfavorable tax treatment or export controls.

Environmental risks

As part of the sustainability materiality analysis, WithSecure has assessed the impact of the environmental risks, especially climate change, on its business. The company is a provider of software and services, and as such not significantly impacted by the environmental risks. Business continuity planning covers scenarios related to unavailability of resources due to natural disasters or other hazards.

Risks related to WithSecure operations and products

Attracting and retaining talent

Unavailability of skilled personnel may result in inability of providing high-quality products and services to customers. Competition for skilled personnel is increasing and there is structural undersupply of talent in the cyber security industry. WithSecure is continuously developing and adopting new ways of recruitment, building its own talent and knowledge pools, and investing in training and development of personnel.

Partners

WithSecure's cyber security products and services market model is very dependent on a functioning partner channel and network. It is critical for WithSecure to ensure it has the right partners in the regions and that the partners receive the needed support, and that WithSecure's cyber security offering is made available accordingly to the local demand. Not being able to serve the needs of the partners needs could result to negative impact on WithSecure's business performance.

Product risks

WithSecure operates in a highly competitive market. Cybercrime is growing fast and becoming more innovative and professional. Large vendors make significant investments in their development and marketing activities, while new vendors are emerging in the market, and the operating system manufacturers are increasing their focus on built-in security features. WithSecure must succeed in maintaining in-depth understanding of cyber security threat landscape, following the hacker techniques and technologies, as well as continuing to innovate in defensive technologies.

Investments in new technologies and products come with the risk of not meeting the future requirements of the market. Agile methods are applied by WithSecure to ensure that its decisions regarding future technologies are aligned with the best information and expectations of the market developments.

Cyber security incidents

Exposure to cyber security incidents threatens the confidentiality, integrity, and availability of WithSecure products and services, and their mitigation is considered as high priority in all parts of the company. WithSecure builds cyber resilience by continuously improving its capability to identify, protect, detect, and respond to relevant threats. Continuous efforts are taken to protect sensitive data of the company and its customers.

Intellectual property rights (IPR)

WithSecure protects its technologies and innovations through copyrights, patents, trademarks, and technology partnerships. While WithSecure uses all available protection mechanisms, the businesses are exposed to risks relating intellectual property claims, particularly in the US markets.

Financial risks

Inflation and interest rates

Cost inflation in the countries where WithSecure operates increases the risk for negative development of the cost structure. This is monitored very closely, and inflation will also most likely require mitigation actions to retain workforce in the company. Increasing interest rates could limit the possibilities of external funding.

Liquidity risk

As a company still improving its profitability, WithSecure must focus on accurate cash planning and prompt collections to ensure liquidity of all group companies and to avoid needs of short-term financing.

Currency fluctuations

Increasing volume of operations outside the Euro zone in different currencies exposes WithSecure to an increased risk related to currency fluctuations. To mitigate the impact of currency fluctuations on future cash flows, the group can use forward contracts.

Annual General Meeting

The Annual General Meeting (AGM) of WithSecure Corporation was held on 21 March 2023. The meeting confirmed the financial statements for the financial year 2022 and reviewed the remuneration report for governing bodies. The members of the Board and the President and CEO were discharged from liability.

The meeting approved the proposal of the Board of Directors that no dividend will be paid for the financial year 2022 due to the loss-making net result of the year. The company will focus on funding its growth and developing the business.

The AGM decided that the annual remuneration of the Board of Directors will remain unchanged: EUR 80,000 for the Chair of the Board of Directors, EUR 48,000 for the Committee Chairs, EUR 38,000 for the members of the Board of Directors, and EUR 12,667 for the member of the Board of Directors employed by the Company. Approximately 40% of the remuneration will be paid as shares in the Company.

The AGM decided that the number of Board members shall be seven. The following current Board members were re-elected: Risto Siilasmaa, Keith Bannister, Päivi Rekonen, Tuomas Syrjänen and Kirsi Sormunen. Ciaran Martin and Camilla Perselli, who belongs to the personnel of WithSecure Corporation, were elected as new members of the Board of Directors.

The Board elected Risto Siilasmaa as the Chair of the Board. Tuomas Syrjänen was nominated as the Chair of the Personnel Committee and Risto Siilasmaa and Päivi Rekonen as members of the Personnel Committee. Kirsi Sormunen was nominated as the Chair of the Audit Committee and Keith Bannister, Ciaran Martin and Camilla Perselli were nominated as members of the Audit Committee.

Audit firm PricewaterhouseCoopers Oy was re-elected as Auditor of the Company. Mr. Jukka Karinen, APA, acts as the responsible auditor.

The AGM authorized the Board of Directors to decide upon the repurchase of a maximum of 17,459,800 of the Company's own shares in total. The maximum amount equals to approximately 10% of all the shares in the Company, in one or several tranches with the Company's unrestricted equity. The authorization is valid until the conclusion of the next Annual General Meeting, in any case no later than until 30 June 2024.

The AGM authorized the Board of Directors to decide on the issuance of a maximum of 17,459,800 shares in total through a share issue as well as by issuing options and other special rights entitling to shares pursuant to chapter 10, section 1 of the Companies Act in one or several tranches. The maximum number of shares

corresponds to 10% of all shares in the Company. The authorization concerns both the issuance of new shares and the transfer of treasury shares held by the Company. The authorization is valid until the conclusion of the next Annual General Meeting, in any case until no later than 30 June 2024.

The AGM decided to change Article 10 of the Company's Articles of Association concerning the Annual General Meeting be amended to allow the General Meeting to be held completely without a meeting venue as a remote meeting.

Full disclosure of the AGM resolutions, as well as the organizing meeting of the Board of Directors held on the same day, has been provided in the Stock Exchange release of 21 March 2023.

Outlook for 2024

Annual recurring revenue (ARR) for Elements Cloud products and services will grow by 10–20 % from the end of 2023. At the end of 2023, Elements Cloud ARR was EUR 78.4 million.

Revenue from Elements Cloud products and services will grow by 10–16 % from previous year. Previous year revenue from Elements Cloud was EUR 73.7 million.

Total revenue of the group will grow by 6–12 % from previous year. Previous year revenue of the group was EUR 142.8 million.

Adjusted EBITDA of full year 2024 will be positive.

Bridge to 2023 Cloud revenue

Cloud revenue, as published in financial year 2023, includes Elements Cloud products and services and Cloud Protection for Salesforce (CPSF) product. The split of 2023 revenue is the following:

	Q1 23	Q2 23	Q3 23	Q4 23	2023 total
Elements Cloud products and services	17.9	18.1	18.5	19.2	73.7
CPSF	2.0	2.2	2.0	2.0	8.2
Cloud revenue (published)	19.9	20.3	20.5	21.2	81.9

Board of Directors' proposal for disposal of distributable funds

WithSecure's dividend policy is to pay approximately half of its profits as dividends. Subject to circumstances, the company may deviate from this policy. On 31 December 2023, WithSecure Corporation's distributable funds totaled EUR 120.2 million of which net result for the financial year was EUR -23.2 million. No material changes have taken place in the company's financial position after the balance sheet date.

WithSecure's Board of Directors proposes that no dividend will be paid for 2023 due to the loss-making result of the year. The company will focus on funding its growth and developing the business.

Net loss for the year is retained in the shareholders' equity.

Events after period-end

No material changes regarding the company's business or financial position have taken place after the end of the financial year.

Helsinki, 12 February 2024

WithSecure Corporation

Board of Directors Risto Siilasmaa, Chair Päivi Rekonen Tuomas Syrjänen Keith Bannister Kirsi Sormunen Ciaran Martin Camilla Perselli

President and CEO Juhani Hintikka

Statement of comprehensive income January 1 – December 31, 2023

		Consolidated IFRS	Consolidated IFRS
EUR 1,000	Note	2023	2022
REVENUE	(2)	142,812	134,700
Cost of revenue	(6)	-42,620	-46,972
GROSS MARGIN		100,192	87,728
Other operating income	(3)	9,735	12,325
Sales and marketing	(4,5,6)	-72,190	-83,118
Research and development	(4,5,6)	-47,254	-39,143
Administration	(4,5,6)	-34,374	-20,344
EBIT		-43,891	-42,552
Financial income	(8)	2,770	1,149
Financial expenses	(8)	-2,565	-2,768
PROFIT (LOSS) BEFORE TAXES		-43,686	-44,171
Income tax	(9)	3,655	5,961
Result for the financial year, continuing operations		-40,030	-38,210
Result for the financial year, discontinued operations			468,526
RESULT FOR THE FINANCIAL YEAR, GROUP TOTAL		-40,030	430,316

		Consolidated IFRS	Consolidated IFRS
EUR 1,000	Note	2023	2022
Exchange difference on translation of foreign operations, continuing operations		1,319	-1,066
Exchange difference on translation of foreign operations, discontinued operations			-934
Comprehensive income for the year, continuing operations		-38,712	-39,276
Comprehensive income for the year, discontinued operations			467,592
COMPREHENSIVE INCOME FOR THE YEAR, GROUP		-38,712	428,316
Result of the financial year is attributable to: Equity holders of the parent, continuing operations		-40,030	-38,210
Equity holders of the parent, discontinued operations			468,526
Equity holders of the parent, combined operations		-40,030	430,316
Comprehensive income for the year is attributable to:
Equity holders of the parent, continuing operations		-38,712	-39,276
Equity holders of the parent, discontinued operations			467,592
Equity holders of the parent, combined operations		-38,712	428,316
Earnings per share:	(10)
Basic and diluted, continuing operations		-0.23	-0.22
Basic and diluted, discontinued operations		0.00	2.67
Basic and diluted, combined operations		-0.23	2.45

ASSETS		Consolidated IFRS	Consolidated IFRS
EUR 1,000	Note	2023	2022
NON-CURRENT ASSETS
Tangible assets	(4,13)	13,032	10,749
Intangible assets	(13)	20,552	23,519
Goodwill	(12)	78,058	82,998
Deferred tax assets	(19)	10,682	6,767
Interest bearing receivables, non-current	(17)	6,059	7,865
Other receivables	(17)	1,866	1,271
Total non-current assets		130,249	133,169
CURRENT ASSETS
Accrued income	(17)	5,577	5,497
Trade and other receivables	(15,17)	31,683	34,875
Income tax receivables	(17)	1,199	932
Interest bearing receivables, current	(17)	2,074	2,220
Other financial assets at amortized cost	(17)		13,977
Other financial assets at FVTPL	(17)	26	26
Cash and cash equivalents	(17)	36,604	55,129
Total current assets		77,163	112,658
TOTAL ASSETS		207,412	245,827

SHAREHOLDERS' EQUITY AND LIABILITIES		Consolidated IFRS	Consolidated IFRS
EUR 1,000	Note	2023	2022
SHAREHOLDERS' EQUITY	(14)
Share capital		80	80
Treasury shares		-155	-155
Translation differences		-805	-2,124
Reserve for invested unrestricted equity		83,638	83,638
Retained earnings		20,222	58,649
Equity attributable to equity holders of the parent		102,980	140,089
NON-CURRENT LIABILITIES
Interest bearing liabilities, non-current	(4, 17)	8,370	8,369
Deferred tax liabilities	(19)	1,273	1,623
Other non-current liabilities	(21)	21,160	22,470
Total non-current liabilities		30,804	32,462
CURRENT LIABILITIES
Interest bearing liabilities, current	(4, 17)	5,366	4,839
Trade and other payables	(17, 21)	18,034	19,868
Provisions	(20)	3,486
Income tax liabilities	(21)	620	2,126
Other current liabilities	(21)	46,125	46,446
Total current liabilities		73,631	73,279
TOTAL SHAREHOLDERS' EQUITY AND LIABILITIES		207,412	245,827

Statement of cash flows January 1 – December 31, 2023

		Consolidated IFRS	Consolidated IFRS
EUR 1,000	Note	2023	20221
Cash flow from operations
Result for the financial year		-40,030	430,316
Adjustments
Depreciation and amortization	(5)	18,824	13,025
Non-cash adjustments related to demerger			-451,431
Loss from divestments			2,755
Change in fair value of deferred consideration from divestments			-1,084
Profit / loss on sale of fixed assets	(13)	-14	-52
Financial income and expenses	(8)	-205	1,418
Income taxes	(9)	-3,655	144
Other adjustments		231	1,933
Cash flow from operations before change in working capital		-24,849	-2,977
Change in net working capital
Current receivables, increase (-), decrease (+)	(15)	4,645	-8,944
Inventories, increase (-), decrease (+)			6
Non-interest bearing debt, increase (+), decrease (-)	(21)	-3,167	-2,233
Provisions, increase (+), decrease (-)	(20)	3,515
Cash flow from operations before financial items and taxes		-19,856	-14,148
Interest expenses paid	(8)	-314	-225

		Consolidated IFRS	Consolidated IFRS
EUR 1,000	Note	2023	20221
Interest income received	(8)	1,474	233
Other financial income and expenses	(8)	-1,985	-2,474
Income taxes paid	(9)	-2,383	-3,630
Cash flow from operations		-23,063	-20,244
Cash flow from investments
Investments in intangible and tangible assets	(13)	-5,159	-4,770
Divestments of businesses, net of cash	(3)	1,585	-734
Investments in financial instruments2	(17)	14,854	-13,979
Cash flow from investments		11,280	-19,483
Cash flow from financing activities
Increase in share capital	(14)		75,988
Repayments of interest-bearing liabilities	(17)		-19,000
Repayments of lease liabilities	(4)	-6,139	-5,989
Cash flow from financing activities		-6,139	50,999

1 Cash flow statement includes both continuing and discontinued operations until demerger on 30 June 2022.

2 Investments in financial assets include Group's investments in financial assets measured at amortized cost, such as corporate commercial papers. Investments in short term money market instruments with maturity less than three months are presented as Cash and cash equivalents

		Consolidated IFRS	Consolidated IFRS
EUR 1,000	Note	2023	20221
Change in cash		-17,921	11,273
Cash and cash equivalents at the beginning of the period	(17)	55,129	52,940
Effects of exchange rate changes		-604	-129
Demerger effect in cash2			-8,955
Cash and cash equivalents at period end3		36,604	55,129

1 Cash flow statement includes both continuing and discontinued operations until demerger on 30 June 2022.

2 Cash held by parent company at completion of the demerger was divided between WithSecure and F-Secure as determined in the demerger plan. F-Secure's share of the cash remaining at WithSecure on 30 June net of F-Secure's share of transaction costs was transferred in July. Demerger cash effect in second quarter arises from cash held by F-Secure's subsidiaries at the time of demerger.

3 Investments in financial assets include Group's investments in financial assets measured at amortized cost, such as corporate commercial papers. Investments in short term money market instruments with maturity less than three months are presented as Cash and cash equivalents

Statement of changes in equity

Attributable to the equity holders of the parent.

			Share		Translation	Unrestricted
EUR 1,000 IFRS	Note	Share capital	premium fund	Treasury shares	differences	equity reserve	Retained earnings	Total equity
Equity December 31, 2021		1,551	165	-849	-124	6,789	87,831	95,363
Result of the financial year, continuing operations							-38,210	-38,210
Result of the financial year, discontinued operations							468,526	468,526
Translation difference					-2,000			-2,000
Total comprehensive income for the year					-2,000		430,316	428,316
Share issue	(14)					75,988		75,988
Dividends							20	20
Reduction of share capital and share premium reserve		-1,471	-165				1,636
Share based payments	(16)			694		861	1,854	3,410
Assets transferred in the demerger at fair value							-463,020	-463,020
Equity December 31, 2022		80		-155	-2,124	83,638	58,649	140,089
Result of the financial year							-40,030	-40,030
Translation difference					1,319			1,319
Total comprehensive income for the year					1,319		-40,030	-38,712
Share based payments	(16)						1,603	1,603
Equity December 31, 2023		80		-155	-805	83,638	20,222	102,980

More information in note 14. Shareholders' equity

Notes to the Financial Statements

Accounting principles for the consolidated financial statements

Basic information

WithSecure provides cyber security products and services globally for businesses.

The parent company of the Group is WithSecure Corporation, incorporated in Finlandand domiciled in Helsinki. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. A copy of consolidated financial statements can be downloaded on www.withsecure.com or can be received from the parent company's registered address.

These financial statements were authorized for issue by the Board of Directors on 12 February 2024. According to the Finnish Companies Act, the Annual General Meeting can confirm or reject the consolidated financial statements after publication. The Annual General Meeting can also decide to change the financial statements.

Accounting principles

The consolidated financial statements of WithSecure Corporation of 2023 have been prepared in accordance with IFRS (International Financial Reporting Standards) accounting standards, applying the IAS and IFRS accounting standards as well as SIC and IFRIC interpretations that were in force and had been approved by the EU by 31 December 2023.

In accordance with the European Single Electronic Format (ESEF) reporting requirements, WithSecure has published the Board of Directors' report and the financial statements as an XHTML file. In line with the ESEF requirements, the primary statements of the consolidated financial statements have been labelled with XBRL tags, and the notes to the financial statements with XBRL block tags. XBRL tags are not audited.

Principles of consolidation

The consolidated financial statements incorporate the financial statements of WithSecure Corporation and entities controlled by WithSecure Corporation. Consolidation is done using the acquisition method and begins when control over the subsidiary is obtained. The consolidation stops when the control ceases. The Group does not have any associated companies nor is there any non-controlling interest in the Group.

All intra-group transactions and balances, including unrealized profits arising from intra-group transactions, have been eliminated on consolidation. Where necessary, accounting policies of the subsidiaries have been adjusted to ensure consistency with the policies adopted by the Group.

Discontinued operations

WithSecure completed the separation of its Consumer security business into an independent company F-Secure through a partial demerger on 30 June 2022, according to the plan first announced on 17 February 2022 by the Board of Directors. In these financial statements, WithSecure is presenting consumer security business until its demerger as Discontinued operations under IFRS 5.

WithSecure has applied the requirements of IFRS 5 Non-current Assets Held for Sale and Discontinued Operations in classifying, presenting and accounting for the demerger in financial reporting. Result from discontinued operations is reported separately from continuing operations' income and expenses in the consolidated income statement. Comparative periods have been restated accordingly. At the completion of the demerger on 30 June 2022, the assets and liabilities related to the discontinued operations were distributed to F-Secure. Balance sheet before demerger has not been restated.

Discontinued operation's financial information is presented in note 11. Information includes discontinued operations' income statement, statement of financial position and cash flow. Statement of financial position represents assets and liabilities related to Consumer security business right before the demerger on 30 June 2022. Income statement for discontinued operations include revenue and operating expenses which directly derived from Consumer security business and discontinued for continuing business after the demerger. Certain costs related to supporting F-Secure during transition period and costs of premises sub-leased to F-Secure after demerger are not included in Discontinued operations.

Transactions in foreign currency

The consolidated financial statements are presented in euros, which is WithSecure Corporation's functional currency. At each reporting date for the purpose of presenting consolidated financial statements, the income statements of foreign Group companies are translated at the average exchange rates for the reporting period and the balance sheets are translated using the European Central Bank's exchange rates prevailing on the reporting date. Translation differences are recognized in shareholders' equity and the change in other comprehensive income.

Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. On the reporting date, assets and liabilities denominated in foreign currencies are translated using the European Central Bank's exchange rates prevailing at that date. Exchange rate gains and losses are recognized in financial items in the income statement.

New and amended IFRS accounting standards that are effective for 2023

During 2023 there were no changes in the Group's accounting principles.

Management judgment on significant accounting principles and use of estimates

The preparation of consolidated financial statements requires the use of estimates and assumptions as well as the use of judgment when applying accounting principles. These affect the contents of the financial statements, and it is possible that actual results may differ from estimates.

Estimates made in connection with the preparation of financial statements are based on management's best knowledge at the reporting date. Estimates build upon past experience as well as assumptions of the future development of the

economic environment of the Group. Revisions in estimates and assumptions are recognized in the period they occur and in future periods if the revision affects both current and future periods.

Key sources where estimation uncertainty arises at the reporting date are:

• Impairment testing: Recoverable amount of goodwill from acquisitions is based on estimated future cash flows which are subject to management judgment.

In addition to goodwill, the intangible assets that are not yet ready for use (EUR 3.8 million) are tested annually for impairment. The recoverable amount of these assets is based on estimated future cash flows from sales and/or use of the asset.

Deferred considerations from divestments: The sales price of the UK public sector consulting team divested in December 2021 as well as the sales price of the South African subsidiary divested in February 2022 include deferred considerations which are measured at discounted fair value on each reporting date. Management judgment is used to forecast the future performances of the divested businesses which are the basis for determining the deferred consideration.
Deferred tax assets: The Group has recognized deferred tax assets from tax losses and from temporary differences. The amount of deferred tax assets is based on management estimation about future profits and the recoverability of the tax losses. Majority of the deferred tax assets are booked from temporary differences generated by the parent company (EUR 7.4 million) and from losses generated by the Danish (EUR 0.6 million) and US (EUR 0.4 million) subsidiaries.
Expected credit losses: Provision for expected credit losses in Group's balance sheet is EUR 2.1 million. Management uses judgment in defining the expected credit losses taking into account also the potential changes in economic environment.
Share-based payments: The Group's share-based incentives programs are mainly tied to market-based conditions. Management uses external valuations in determining the fair value of the shares granted under these incentive programs. The method for the valuation is Monte Carlo Simulation.

Revenue recognition

Group's revenue includes cyber security products, managed services, and cyber security consulting. In 2022 WithSecure started to classify revenue in three categories: Cloud-based security products, On-premise security products and Cyber security consulting. Cloud revenue includes the Elements platform cloudbased products, Managed Detection and Response (MDR) and Cloud Protection for Salesforce (CPSF) revenue. On-premise revenue includes the Elements portfolio on-premise product (Endpoint protection). Consulting revenue includes the cyber security consulting services.

Cloud-based security products are sold as Security-as-a-Service. On-premise security products are sold by granting the customer access to use the intellectual property during the license period. WithSecure delivers the product and provides continuous automated updates against new threats. The software and the accompanied services are highly interdependent and therefore treated as one performance obligation for which revenue is recognized over time on a straight-line basis for the license period. Cyber security consulting services are recognized as revenue based on the delivery of the work.

Cloud-based security products and on-premise security products are provided either as a continuous service or for a fixed term. Continuous services are invoiced on a monthly basis and fixed term fully upfront or monthly, quarterly or annually upfront. Cyber security consulting services are invoiced as agreed with the customer. The standard payment term within the Group is 30 days.

Presentation of receivables and liabilities from contracts with customers

Receivables from contracts with customers are presented in the balance sheet as Accrued income. Liabilities from contracts with customers are presented in the balance sheet as Deferred revenue and included in Total non-current liabilities or Total current liabilitiesdepending on the duration of the liability.

Pensions

All of WithSecure Group's pension arrangements are defined contribution plans in accordance with local statutory requirements. Contributions to defined contribution plans are recognized in the income statement in the period to which the contributions relate.

Leases

Group as lessee

Leases which meet with IFRS 16 requirements are booked to balance sheet as right-of-use asset with corresponding lease liability. Right-of-use assets and lease liabilities are initially valued at the present value of the remaining lease payments. Incremental borrowing rate is applied in discounting the remaining payments. WithSecure's incremental borrowing rate varies between 2,45 % and 9,15 % depending on the geographical location of the leased asset, lease period and guarantees.

WithSecure's right-of-use assets comprise of rented office premises and leased cars. Short-term contracts (remaining contract period 12 months or less) and low value assets are excluded from leases, and lease expense is recognized on a straight-line basis as permitted by IFRS 16.

Lease contracts for the Group's office premises are typically made for fixed periods of 3 to 6 years and they may contain extension options. Each office lease contract is negotiated individually, and the contracts may contain wide range of different terms and conditions. Some of Group's office premises are leased with on-going contracts where the ending date is not defined. The management assesses the probable duration for these contracts case-by-case and the lease liability is calculated accordingly. Changes to the estimates are accounted for at each reporting date. Estimated duration for on-going contracts vary between 3 to 5 years and the total liability from on-going contracts is EUR 0.5 million.

In measuring the present value of the liabilities arising from leases, any servicerelated fees are excluded from the lease payment. The Group's lease contracts do not contain residual value guarantees or purchase options.

Group as lessor

After the demerger, Group acts as a lessor in sub-lease agreements signed with F-Secure. The sub-lease arrangements have been accounted for as finance leases. According to IFRS 16, the Group has derecognized the right-of-use assets related to the sub-lease arrangements and recognized a receivable for the net investment in the lease. Net investment in the lease is calculated as the net present value of the future payments under the sub-lease. The Group does not have operating lease arrangements.

Income taxes

The income tax expense in income statement represents the sum of current taxes and deferred taxes. Current taxes are calculated on the taxable income for all Group companies in accordance with the local tax rules. Deferred taxes, resulting from temporary differences between the financial statement and the income tax basis of assets and liabilities, use the enacted tax rates in effect in the years in which the differences are expected to reverse. Deferred tax assets are recognized to the extent that it is probable that future taxable profit will be available. Deferred tax liabilities are recognized for all temporary differences.

Deferred tax assets and liabilities are offset when there is a legally enforceable right to set off current tax assets against current tax liabilities, and when they relate to the same taxation authority and the Group intends to settle the assets and liabilities on a net basis.

Business combinations

Acquisition method is used for accounting the acquisitions of businesses. The consideration transferred in a business combination is measured at fair value, which is calculated as the sum of the acquisition-date fair values of assets transferred by the Group and liabilities incurred by the Group to the former owners of the acquiree. Contingent considerations related to business combinations are measured at fair value at acquisition date and included as part of the consideration transferred. Costs related to the acquisition are recognized in profit and loss statement.

The identifiable assets acquired and the liabilities assumed are recognized at fair value at the acquisition date, except for deferred tax assets or liabilities which are measured in accordance with IAS 12 Income taxes. Goodwill is measured as the excess of the transferred consideration over the net amount of the acquired identifiable assets and assumed liabilities.

Changes in fair value of the contingent consideration that do not arise within one year from the acquisition from facts and circumstances that existed at the acquisition date are recognized in profit or loss.

Goodwill

Goodwill is initially recognized and measured in business combinations as set out above. Goodwill is not amortized but is instead tested for impairment at least annually and whenever there is an indication that it may be impaired. For the purpose of impairment testing, goodwill has been allocated to cash generating units expected to benefit from the synergies of the combination. If the recoverable amount of the cash generating unit is less than the carrying amount of the unit, the impairment loss is allocated first to reduce the carrying amount of any goodwill allocated to the unit and then to the other assets of the unit. If an impairment loss for goodwill is recognized, it will not be reversed in the subsequent periods. Goodwill is recorded at historical cost less accumulated impairment losses.

Intangible assets

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditure on new products or product versions with significant new features are recognized as intangible assets when the Group can demonstrate:

The technical feasibility of completing the intangible asset so that it will be available for use or sale.
Its intention to complete and its ability to use or sell the asset.
How the asset will generate future economic benefits.
The availability of resources to complete the asset.
The ability to reliably measure the expenditure during development

Amortization is recorded on a straight-line basis over the estimated useful life, which is 3–8 years for these assets.

Intangible assets acquired in business combinations

Intangible assets acquired in business combinations and recognized separately from goodwill are initially recognized at fair value on the acquisition date. Subsequent to initial recognition, these assets are reported at initial value less accumulated amortization and accumulated impairment losses.

Intangible assets acquired in business combinations include technology, trademarks and customer relationships, which all have a finite useful life. Initial valuation for technology and trademarks is done based on Relief from royalty method and for customer relationships based on Excess earnings method. The estimated useful lives for intangible assets acquired in business combinations are:

Technology	10 years
Trademark	2 years
Customer relationships	6–10 years

The estimated useful life and amortization method are assessed at each reporting date and updated if necessary.

Other intangible assets

Other intangible assets include intangible rights and software licenses, all with a finite useful life. Other intangible assets are recorded at historical cost less accumulated amortization and possible impairment. Amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of other intangible assets are as follows:

Intangible rights 3–8 years Other intangible assets 5–10 years

The estimated useful life and amortization method are assessed at each reporting date and updated if necessary.

Tangible assets

Tangible assets are recorded at historical cost less accumulated depreciation and possible impairment. Depreciation is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible assets are as follows:

Machinery and equipment	3–8 years
Other tangible assets	5–10 years

Other tangible assets include renovation costs of rented office space.

Gains or losses on disposal of tangible assets are shown in other operating income or expense.

The estimated useful life and amortization method are assessed at each reporting date and updated if necessary.

Impairment of assets

At each reporting date, the Group assesses whether there is any indication that an asset may be impaired. Where an indicator of impairment exists, the Group makes a formal estimate of recoverable amount. The recoverable amount of goodwill and intangible assets that are not ready for use are estimated annually, regardless of whether any indication of impairment exists.

Where the carrying amount of an asset exceeds its recoverable amount, the asset is considered impaired and the carrying amount is reduced to its recoverable amount. The recoverable amount is the fair value of an asset less costs of disposal or value in use, whichever is higher. An impairment loss is recorded in the income statement.

A previously recognized impairment loss is reversed only if there has been a change in the estimates used to determine the asset's recoverable amount since the last impairment loss was recognized. The maximum reversal of an impairment loss amounts to no more than the carrying amount of the asset if no impairment loss had been recognized, net of depreciation. Impairment losses relating to goodwill cannot be reversed in future periods.

Financial instruments

Financial assets and liabilities

All financial assets and liabilities are initially recognized at fair value and subsequently classified as financial assets or liabilities at amortized cost or financial assets or liabilities at fair value through profit or loss. Financial assets and liabilities are classified according to their cash flow characteristics and the business model they are managed in.

Financial assets at amortized cost

Financial assets at amortized cost are subsequently measured using the effective interest rate method. All assets in this category are subject to a business model with the objective to collect contractual cash flows of principal and interest. This category includes trade and other receivables, corporate commercial papers, cash and cash equivalents, asset transfer receivables, sublease receivables and other interest-bearing receivables.

Corporate commercial papers are valued at amortized cost and held until due date. Asset transfer receivables are valued at amortized cost and held until the end of the agreement period. Sublease receivables are initially valued at the present value of the remaining lease payments and subsequently by applying a cost model, where asset cost is reduced by accumulated depreciation and impairment losses and adjusted by remeasurement of a respective lease liability. Other interestbearing receivables are related to deferred considerations which are measured at discounted fair value on each reporting date.

Trade and other receivables are originally valued with transaction price and later with amortized cost reduced by expected credit loss. Trade and other receivables are written off from the balance sheet as the rights to associated cash flows end or become transferred to the counterpart. The increase in the credit risk for financial assets measured at amortised cost is assessed at the end of the reporting period. The credit loss allowance is estimated based on the Group's historical credit loss experience adjusted with current conditions and reasonable and supportable forecasts about the future. An expected credit loss is recognized for trade receivables according to IFRS 9. The amount of expected credit loss is updated at each reporting date to reflect changes in credit risk since initial recognition of the respective financial instrument. The Group applies the simplified approach to estimate the expected credit loss by using a provision matrix where

trade receivables are grouped based on historical credit loss experience and characteristics that depict the credit risk of receivables (e.g. geographical area and days past due).

Financial assets at fair value through profit or loss

This category includes investments in unlisted shares. As their fair value cannot be measured reliably, the cost is considered to be a reasonable approximation of their fair value.

Financial liabilities at amortized cost

Financial liabilities at amortized cost are initially recognized at fair value. After initial recognition, other financial liabilities are subsequently measured at amortized cost using the effective interest method. Amortized cost is calculated by taking into account any issue costs, and any discount or premium on settlement. This category includes lease liabilities, other loans related to demerger, and trade and other payables. Financial liabilities are classified as current, unless the Group has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Derivative financial instruments and hedging

The Group uses derivative financial instruments such as forward currency contracts to hedge its risks associated with foreign currency fluctuations. Derivatives are valued at fair value. The fair value of forward currency contracts is calculated based on current forward exchange rates at the reporting date for contracts with similar maturity profiles. The gains and losses arising from the change of fair value are booked through the income statement as the Group does apply hedge accounting.

Provisions

Provisions are recognized when the Group has a present obligation (legal or constructive) as a result of a past event, the outflow of resources is probable, and a reliable estimate of the amount of the obligation can be made. The amount recognized is a best estimate of the consideration required to settle the obligation at each reporting date. Risks and uncertainties are taken into account when making the estimate.

Treasury shares

Parent company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Share-based payment transactions

WithSecure provides incentives to employees in the form of equity-settled sharebased instruments. Currently the Company has share-based programs.

WithSecure's share-based incentive programs are targeted to the Group's key personnel. The programs are equity-settled and valued at fair value at grant date. The expense is recognized evenly in the income statement over the vesting period with the counter-entry in retained earnings.

All current programs include market-based conditions, which are taken into consideration when the fair value of equity-based instrument is determined by utilizing commonly used valuation techniques. Equity-based payments that are settled net of taxes are considered in their entirety as equity-settled share-based payment transactions. The cumulative expense recognized at the grant date is based on the Group's estimate of the number of shares that will vest at the end of the vesting period times the fair value of equity-based instruments at the grant date. If a person leaves the company before vesting, the reward is forfeited. The Group revives its estimate of the non-market conditions and number of equitybased instruments that are expected to vest at the end of vesting period each reporting date. The impact of revision of original estimates is recognized in the income statement.

Presentation of expenses

Classification of the functionally presented expenses has been made by presenting direct expenses in their respective functions and by allocating other expenses to operations on the basis of average headcount in each function.

Operating result

IAS 1 Presentation of Financial Statements standard does not define the concept of Earnings before interest and taxes (EBIT). The Group has defined it as follows: EBIT is the net amount, which consists of revenue and other operating income less cost of revenue, sales and marketing, research and development, and administration.

New standards and interpretations not yet effective

New or amended standards or interpretations are not expected to have an impact on the consolidated financial statements.

1 Segment information

The Group has one segment: security. Segment reporting is consistent with the internal reporting submitted to the chief operating decision-maker. The Leadership Team has been appointed as the chief operating decision-maker, responsible for allocating resources and assessing performance as well as making strategic decisions. For the geographical information, revenue is presented based on the location of the customer and the long-term assets based on the location of the assets.

Geographical information

Geographical information about revenue is presented in disclosure 2. Revenue.

Long-term assets		Consolidated Consolidated
EUR 1,000	2023	2022
Nordic countries	47,256	46,786
Europe excl. Nordics	74,645	78,165
North America	1,756	837
Rest of world	6,591	7,796
Total	130,249	133,584

2 Revenue

Principles of revenue recognition are stated in accounting principles to consolidated financial statements, section Revenue recognition.

Disaggregation of revenue

Sales channels	Consolidated Consolidated
EUR 1,000	2023	2022
Revenue from external customers
Cloud-based security products	81,870	68,711
On-premise security products	24,356	27,152
Cyber security consulting	36,586	38,837
Total	142,812	134,700

Geographical information	Consolidated Consolidated
EUR 1,000	2023	2022
Revenue from external customers
Nordic countries	39,781	40,985
Europe excl. Nordics	67,733	60,383
North America	14,025	11,664
Rest of world	21,273	21,668
Total	142,812	134,700

Assets and liabilities from contracts with customers

Satisfied performance obligations from contracts with customers that have not yet been invoiced on the reporting date are presented in the balance sheet as Accrued income included in trade and other receivables. The balances relate to products and services which have been delivered to customers and recognized as revenue but not invoiced. Liabilities from contracts with customers are presented in the balance sheet as Deferred revenue and included in Total non-current liabilities or Total current liabilities depending on the duration of the liability. Prior year current deferred revenue is recognized as revenue in the current period. Remaining performance obligations from contracts with customers represent contracted revenue that has not yet been recognized. These balances are presented as Deferred revenue and relate to obligations to provide software subscription services or managed services in contracts with a duration of multiple years.

		Consolidated Consolidated
EUR 1,000	2023	2022
Accrued income	5,577	5,497
Deferred revenue, non-current	20,772	22,153
Deferred revenue, current	46,125	46,446

Transaction price allocated to all fully or partially unsatisfied performance obligations amounted to 66,897 thousand euros at the end of the year. 69 % of the amount is expected to be recognized as revenue during 2024. The Group total revenue will also include new orders, renewals and contract extensions/expansions which are not known at reporting date and thus are excluded from these figures.

Increases in deferred revenue resulting from billing were EUR 44,745 thousand. Decreases in deferred revenue resulting from satisfying performance obligations were EUR 46,446 thousand.

3 Other operating income

	Consolidated Consolidated
EUR 1,000	2023	2022
Service fees charged from F-Secure under TSA	6,939	8,994
Capital gains from sales of operations	1,372	1,272
Government grants	543	1,186
Gain from sublease arrangements	589	354
Other	292	520
Total	9,735	12,325

Capital gains from sales of operations includes revision of fair value of deferred consideration from divestment of UK public sector consulting team in December 2021.

Government grants consist mainly from grants from Business Finland and European Union related to R&D activities. The grants are recognized as income over those periods in which the corresponding expenses arise.

4 Leases

		Consolidated Consolidated
EUR 1,000	2023	2022
Decrease in Cost of Revenue	30	34
Decrease in operating expenses (lease expenses)	6,488	5,774
Increase in right-of-use asset depreciation
Buildings	-4,516	-4,640
Cars	-756	-603
Total	-5,272	-5,243

Increase in EBIT	1,246	568
Increase in financial expenses	-392	-279
Profit / Loss for the period	854	-303

Short-term leases booked as rent expense	104	529

	Consolidated Consolidated
EUR 1,000	2023	2022
Right of use assets and liabilities
Right of use assets
Buildings	8,182	7,455
Cars	997	737
Machinery	212
Total	9,391	8,192
Lease liabilities
Buildings	9,152	8,924
Cars	1,030	688
Total	10,182	9,612
Repayments of lease liabilities	6,139	5,989

Right of use assets related changes are stated in disclosure 13. Non-current assets.

Right of use assets related interest payments are stated in disclosure 8. Financial income and expenses.

Maturity of lease liabilities is stated in disclosure 17. Financial assets and liabilities.

Some office premises were subleased to F-Secure on the demerger date. Right of use assets related to these offices were derecognized on 30 June 2022.

5 Depreciation, amortization, and impairment

		Consolidated Consolidated
EUR 1,000	2023	2022
Depreciation and amortization of non-current assets
Other intangible assets	-1,302	-1,287
Capitalized development	-4,891	-4,792
Intangible assets	-6,193	-6,080

Machinery and equipment	-768	-960
Right of use assets	-5,272	-5,243
Other tangible assets	-392	-323
Tangible assets	-6,433	-6,526

Impairment	-6,198
Total impairment	-6,198

Total depreciation and amortization	-18,824	-12,606
Depreciation and amortization by function
Sales and marketing	-4,142	-4,033
Research and development	-5,300	-5,412
Administration	-9,382	-3,161
Total depreciation and amortization	-18,824	-12,606

6 Personnel expenses

	Consolidated Consolidated
EUR 1,000	2023	2022
Personnel expenses
Wages and salaries	-95,313	-93,804
Pension expenses - defined contribution plan	-10,296	-10,547
Share-based payments	-3,326	-2,580
Other social expenses	-9,631	-7,867
Total	-118,566	-114,798

Employee benefits of the management are stated in disclosure 23. Related party transactions.

Share-based payments are stated in disclosure 16. Share-based payment transactions.

	Consolidated Consolidated
	2023	2022
Average number of personnel	1,191	1,438
Personnel by function December 31
Consulting and delivery	316	377
Sales and marketing	287	368
Research and development	341	367
Administration	143	183
Total	1,087	1,295

7 Audit fees

		Consolidated Consolidated
EUR 1,000	2023	2022
Group auditor
Audit fees, PricewaterhouseCoopers	-210	-169
Other consulting, PricewaterhouseCoopers	-22	-2,302
Total	-233	-2,471

In 2022 PricewaterhouseCoopers Oy provided non-audit services to entities of WithSecure Group for total 2.3 million euros, which mainly related to services provided during demerger process.

Other auditors		Consolidated Consolidated
EUR 1,000	2023	2022
Audit fees	-82	-79
Total	-82	-79

The Finnish Patent and Registration Office Auditor Oversight has granted to PricewaterhouseCoopers Oy upon its request an exemption from the maximum amount of fees for non-audit services referred to in Chapter 5, section 4 of the Finnish Auditing Act (1141/2015).

8 Financial income and expenses

	Consolidated Consolidated
EUR 1,000	2023	2022
Financial income
Interest income from financial assets	1,474	257
Exchange gains	1,258	886
Other financial income	38	6
Total	2,770	1,149
Financial expenses
Interest expense from loans and liabilities	-314	-336
Interest expense from lease liabilities	-392	-279
Exchange losses	-1,596	-1,704
Other financial expenses	-263	-448
Total	-2,565	-2,768

9 Income tax

		Consolidated Consolidated
EUR 1,000	2023	2022
Current income tax for the year	-814	2,515
Adjustments for current tax of prior periods	-114	-20
Change in deferred tax	4,583	3,465
Total	3,655	5,961

A reconciliation of income tax expense in the income statement and income tax calculated at the parent company's country of residence income tax rate (20%):

		Consolidated Consolidated
EUR 1,000	2023	2022
Result before taxes	-43,686	-44,171

Income tax at Finnish tax rate of 20%	8,737	8,834
Effect of overseas tax rates	482	97
Non-deductible expenses/tax-exempt revenue	-2,201	-2,087
Unrecognised tax losses	-2,748	-1,050
Adjustments for prior period tax	-114	-69
Other	-502	235
Total	3,655	5,961

10 Earnings per share

Basic earnings per share amounts are calculated by dividing net profit for the year attributable to ordinary equity holders of the parent by the weighted average number of ordinary shares outstanding during the year. Diluted earnings per share amounts are calculated by dividing the net profit attributable to ordinary shareholders by the weighted average number of ordinary shares outstanding during the year adjusted for the effects of dilutive options.

		Consolidated Consolidated
EUR 1,000	2023	2022
Net profit attributable to equity holders of the parent company
Continuing operations	-40,030	-38,210
Discontinued operations		468,526
Combined operations	-40,030	430,316
Weighted average number of ordinary shares (1 000)	175,594	171,296
Adjusted weighted average number of ordinary shares for diluted earning
per share	175,594	171,296

Basic and diluted earnings per share (EUR/share), continuing operations	-0.23	-0.22
Basic and diluted earnings per share (EUR/share),
discontinued operations	0.00	2.67
Basic and diluted earnings per share (EUR/share), combined operations	-0.23	2.45

Earnings per share has been recalculated for comparative periods using average weighted share amount after share issues.

The weighted average number of shares takes into account the effect of change in treasury shares.

11 Discontinued operations

On 17 February 2022, WithSecure announced a plan to pursue towards the separation of the company's consumer security business (F-Secure) through a partial demerger. Demerger was completed on 30 June 2022. Following information includes impacts of discontinued operations on reported income statement and cash flow. Statement of financial position represents assets and liabilities related to Consumer security business right before the demerger on 30 June 2022. Income statement for discontinued operations include revenue and operating expenses which directly derive from Consumer security business and will discontinue for continuing business after the demerger. Certain costs related to supporting F-Secure during transition period and costs of premises which will be sub-leased to F-Secure are not included in Discontinued operations.

Income statement		Consolidated Consolidated
EUR 1,000	2023	2022
Revenue		54,828
Cost of revenue		-4,360
Gross margin		50,468
Other operating income		348
Sales and marketing		-14,637
Research and development		-7,903
Administration		-9,503
EBIT		18,774
Financial net		201
Result before taxes		18,975
Income taxes		-5,402
Profit after taxes of the operations transferred to F-Secure		13,574
Fair value gain recognised from valuation of discontinued operations'
net assets		450,499
Demerger expenses		3,762
Taxes related to demerger expenses		-702
Translation difference		1,393
Result for the period		468,526

	W	/
--	---	---

Statement of financial position	Consolidated
EUR 1,000	30 June 2022
Assets
Tangible assets	900
Intangible assets	6,244
Deferred tax assets	102
Other long-term receivables	87
Total non-current assets	7,332
Inventories	44
Accrued income	2,090
Trade and other receivables	19,032
Cash and bank accounts	12,716
Total non-current assets	33,882
Total assets	41,214

Statement of financial position	Consolidated
	30 June
EUR 1,000	2022
Liabilities
Deferred tax liability	314
Deferred revenue, non-current	3,310
Other non-current liabilities	75
Total non-current liabilities	3,699
Current interest bearing liabilities	56
Trade and other payables	4,912
Deferred revenue, current	17,303
Income tax liabilities	878
Total current liabilities	23,148
Total liabilities	26,847

Statement of cash flows	Consolidated Consolidated
EUR 1,000	2023	2022
Net cash flow from operating activities		18,300
Net cash flow from investing activities		-600
Net cash flow from financing activities		0

12 Goodwill

For impairment testing goodwill is allocated to cash-generating units (CGUs). The carrying amount of goodwill EUR 78 058 thousand is allocated to two CGUs:

		Consolidated Consolidated
EUR 1,000	2023	2022
Consulting	51,214	54,779
MDR	26,844	28,219
	78,058	82,998

WithSecure tested goodwill valuation already in third quarter deviating from the annual cycle due to lowering revenue estimates. Due to the lower revenue forecast, as well as the impact of increasing interest rates, the carrying value of consultingrelated goodwill was higher than its recoverable value, based on a value in use calculation using future cashflows. WithSecure recorded an impairment of the consulting-related goodwill of EUR 6.2 million. Goodwill test was updated at the normal annual cycle.

Goodwill is tested for impairment annually, or more frequently if there are indications that goodwill might be impaired. The recoverable amount for each CGU is determined based on a value in use calculation which uses cash flows for the period determined for the CGU. Cash flows are based on financial budgets and forecasts approved by the Board of Directors. Forecast period used in the calculations is five years. Discount rate for Consulting is 12.2 % (9.9 %) before taxes and for MDR 15.6 % (15.6%) before taxes.

Cash flows beyond forecast period have been extrapolated using steady 2 % (2 %) per annum growth rate for both CGUs. Revenue growth % in average during forecast period for Consulting is 12% (14%) and MDR 22% (44%).

Sensitivity analysis

The Group has prepared a sensitivity analysis of the impairment tests to changes in the key assumptions which are revenue, profitability and discount rate. The table

below shows the required change in a single assumption that the recoverable amount would fall below the carrying amounts.

EUR 1,000	2023	2022
Variable
Revenue growth during forecast period
Consulting	1 % decrease	1 % decrease
MDR	33 % decrease	11 % decrease
Profitability (EBIT-%) during forecast period
Consulting	10 % decrease	10 % decrease
MDR	76% decrease	34% decrease
Discount rate (Post-tax WACC)
Consulting	2.9 %-point increase	2.7 %-point increase
MDR	25.9 %-point increase	6.4 %-point increase

Sensitivity analyses assume a change in only one key variable while all other variables in the forecasts remain unchanged. In WithSecure's analyses sensitivity is tested by assuming a similar change in the tested assumption throughout the forecast period. In reality, it is highly unlikely that such change in the cash flows would occur as the management has means to react in case there is a change to the expected business performance.

During 2023 sensitivity of Consulting goodwill has remained at the same level as in 2022 despite the impairment in September 2023. Management considers the headroom for Consulting goodwill to be adequate and no additional impairment is needed.

Headroom for MDR remains high and the management believes that no reasonably possible change in any of the key variables would lead to the recoverable amount to fall below the carrying amount.

13 Non-current assets

			Intangible assets			Tangible assets
EUR 1,000	Other Intangible	Capitalized development	Goodwill	Advance payments & incomplete development	Total	Machinery & equip.	Right of use assets	Other Tangible	Total
Acquisition cost Jan 1, 2022	19,526	56,090	85,143	3,425	164,184	10,520	26,505	3,276	40,301
Translation difference	-193	-899	-2,146		-3,237	-160	-136	-33	-329
Additions				3,702	3,702	507	6,600	732	7,840
Transfers	800	1,982		-3,206	-424	7			7
Acquisitions and divestments	-305				-305	-704	-602	-455	-1,761
Demerger impact1		-10,009		-2,481	-12,490	-84	-567	-58	-709
Disposals	-5,350				-5,350	-382	-9,197	-492	-10,071
Acquisition cost Dec 31, 2022	14,478	47,164	82,997	1,441	146,080	9,703	22,603	2,971	35,277
Translation difference	63	342	1,256		1,661	45	-161	-12	-129
Impairment			-6,198		-6,198
Additions		674		2,333	3,007	1,325	8,461	1,211	10,997
Disposals						-211	-5,040	-185	-5,436
Acquisition cost Dec 31, 2023	14,541	48,181	78,058	3,773	144,550	10,862	25,863	3,984	40,709
Acc. depreciation Jan 1, 2022	-15,710	-29,614			-45,324	-8,425	-17,269	-2,580	-28,275
Translation difference	124	315			439	158	274	26	458
Acquisitions and divestments	234				234	595	365	310	1,270
Demerger impact1		5,731			5,731	10	315		325
Depreciation for the period	-1,268	-4,626			-5,894	-1,101	-5,289	-324	-6,713
Depreciation of disposals	5,350				5,350	724	7,113	436	8,273
Acc. depreciation Dec 31, 2022	-11,269	-28,194			-39,463	-8,039	-14,491	-2,130	-24,663
Translation difference	-45	-152			-196	-36	103	10	77

W	l
---	---

Intangible assets					Tangible assets
EUR 1,000	Other Intangible	Capitalized development	Goodwill	Advance payments & incomplete development	Total	Machinery & equip.	Right of use assets	Other Tangible	Total
Depreciation for the period	-1,298	-4,884			-6,182	-789	-4,842	-403	-6,033
Depreciation of disposals						39	3,132	48	3,220
Acc. depreciation Dec 31, 2023	-12,612	-33,230			-45,842	-8,825	-16,098	-2,475	-27,399
Book value as at Dec 31, 2022	3,209	18,970	82,997	1,441	106,617	1,664	8,111	841	10,615
Book value as at Dec 31, 2023	1,929	14,951	78,058	3,773	98,708	2,037	9,765	1,509	13,310

1 Demerger effect in second quarter includes all WithSecure's Consumer business related tangible and intangible assets which were transferred to F-Secure on June 30, 2022.

At the end of 2023, book value of right of use assets consists of buildings EUR 8.2 million (7.5m), cars EUR 1.0 million (0.7m) and machinery EUR 0.2 million (0).

14 Shareholder's Equity

EUR 1,000	Total number of shares	Number of shares outstanding	Number of treasury shares	Share capital	Share premium fund	Unrestricted equity reserve	Treasury shares
Dec 31, 2021	158,798,739	158,387,381	411,358	1,551	165	6,789	-848
Share issue	15,800,000	15,800,000				75,988
Demerger impact				-1,471	-165
Share based payments		339,563	-339,563			861	694
Dec 31, 2022	174,598,739	174,526,944	71,795	80		83,638	-155
Directed share issue to company itself	1,500,000		1,500,000
Share based payments		1,345,675	-1,345,675
Dec 31, 2023	176,098,739	175,872,619	226,120	80		83,638	-155

A share has no nominal value. All issued shares are fully paid and listed on Nasdaq Helsinki.

On 23 March 2022, WithSecure issued 15,800,000 new shares in an accelerated book-built offering deviating from the shareholders' pre-emptive subscription rights. Based on resolution of the Extraordinary General Meeting, WithSecure Corporation reduced its share capital by EUR 1,471,311.18 to EUR 80,000 in relation to the demerger. Liability for the assets transferring in the demerger at fair value was recognized after resolution of the Extraordinary General Meeting. Impact of the liability recognition offset the impact of distribution gain through income statement in Company's equity.

Share premium fund

Based on resolution of the Extraordinary General Meeting, WithSecure Corporation dissolved the share premium fund in relation to the demerger in 2022.

Unrestricted equity reserve

On March 20, 2007, the shareholders' meeting decided to decrease the share premium fund. The decreased amount of 33,582 thousand euros was transferred to unrestricted equity reserve. On March 26, 2008, the shareholders' meeting decided that the total amount of the subscription prices paid for new shares issued after the date of the meeting, based on stock options under the F-Secure Stock Option Plan 2005, be recorded in Companys' unrestricted equity reserve. Capital raised in the share issue on 23 March 2022 was booked in unrestricted equity reserve according to the resolution of the Extraordinary General Meeting.

Translation differences

The translation difference is used to record exchange difference arising from the translation of the financial statements of foreign subsidiaries.

Dividends proposed and paid

Proposed for approval at AGM for financial year 2023 is that no dividend will be paid.

For financial year 2022 company decided to not pay any dividend.

Treasury shares

Treasury shares contains shares acquired from the market (71,795 shares) and shares from the direct share issue to company itself (154,325 shares). The cost of acquired shares is reported as a deduction in shareholders' equity. The shares have been acquired through public trading on Nasdaq Helsinki. The parent company has not acquired treasury shares during the period. During the financial year, parent company's treasury shares have been used for board remuneration and incentive programs.

The total number of treasury shares was 226,120 at the end of 2023. This represents 0.13% of the Company's voting power on December 31, 2023.

15 Trade and other receivables

	Consolidated Consolidated			Consolidated Consolidated
EUR 1,000	2023	2022	EUR 1,000	2023	2022
Non-current receivables			Current receivables
Other receivables	1,866	1,271	Trade receivables	25,237	26,354
Total	1,866	1,271	Other receivables	189	217
			Prepaid expenses	5,788	8,067
			Accrued income	5,577	5,497
			Accrued income tax	1,616	1,355
			Total	38,407	41,492

Aging of trade receivables and expected credit losses

EUR 1,000	Not fallen due	Overdue 1-30 days	Overdue 31-60 days	Overdue 61-90 days	Overdue over 90 days	Total
Average expected credit loss rate	1.5 %	1.5%	1.3%	6.3%	26.9%
Gross trade receivables	19,636	3,100	766	597	3,330	27,429
Loss allowance	294	45	9	37	689	1,074
Additional provision					1120	1120
Total trade receivables at amortized cost Dec 31, 2023	19,342	3,055	757	560	1,522	25,237

EUR 1,000	Not fallen due	Overdue 1-30 days	Overdue 31-60 days	Overdue 61-90 days	Overdue over 90 days	Total
Average expected credit loss rate	2.1 %	2.1 %	1.9 %	6.6 %	23.6 %
Gross trade receivables	20,697	3,861	1,003	766	1,599	27,926
Loss allowance	435	81	19	51	377	963
Additional provision					609	609
Total trade receivables at amortized cost Dec 31, 2022	20,263	3,780	984	715	613	26,354

		Consolidated Consolidated
EUR 1,000	2023	2022
Book value as at Jan 1	1,571	2,063
Change for the year	440	-299
Receivables written off during the year	183	-192
Book value as at Dec 31	2,194	1,571

Material items included in prepaid expenses

		Consolidated Consolidated
EUR 1,000	2023	2022
Prepaid royalty	2,015	2,072
Grant receivables	279	769
Other prepaid expenses	3,494	5,226
Total	5,788	8,067

16 Share-based payment transactions

During the period Group has had share-based incentive plans covering management and the key personnel of the Group and a share savings plan available to all employees as described below. The programs have been established as part of incentive and retention system within WithSecure. The programs offer the participants a possibility to receive WithSecure shares as an incentive reward if the financial targets set for the earning period have been achieved. No reward can be given to a participating employee whose employment has terminated before the end of the lock-up period. WithSecure's current plans consist of Performance Share Plans, Restricted Share Plans, a Performance Matching Share Plan and an Employee Share Savings Plan.

Share-based incentive program 2020–2022

The share-based incentive program 2020-2022 was established in February 2020. The program's duration is five years and it comprises three earning periods: 2020-2022 with the grant date in April 2020, 2021-2023 with the grant date in April 2021 and 2022-2024 with the grant date in March 2022. Each earning period lasts for three years. The program ends on December 31, 2024. The value of the WithSecure share at grant date for the program were EUR 2.18 for the 2020-2022 earning period, EUR 3.42 for the 2021-2023 earning period, and EUR 5.12 for the 2022-2024 earning period. The rewards will be equity-settled. The original maximum total of shares to be given as reward were as follows: 3,400,000 shares on the basis of earning period 2020-2022; 2,600,000 shares on the basis of earning period 2021-2023, and 2,200,000 shares on the basis of earning period 2022-2024. The vesting of the rewards for all periods was conditional to the participant remaining in the service of WithSecure. In addition, the 2020-2022 earning period had a performance condition based on WithSecure's relative total shareholder return of WithSecure's share, and earning periods 2021-2023 and 2022-2024 have a performance condition based on the absolute shareholder return of WithSecure's share. The Board has approved the metrics, targets and participants on annual basis for each earning period.

After the demerger, share-based incentive program 2020-2022 was converted into new WithSecure shares by updating total amount of shares to be granted and the performance criteria. The Board has approved the new metrics, targets and amount of shares. IFRS2 modification accounting was applied in the conversion. In the modification, the fair value of the original reward and the fair value of the new reward was calculated to modification date August 12, 2022. Incremental expense from the modification is booked as cost for the remaining earning period. The converted maximum total of shares to be given as reward are as follows: 9,100,000 shares on the basis of earning period 2020-2022; 6,900,000 shares on the basis of earning period 2021-2023; 5,900,000 shares on the basis of 2022-2024 earning period, and 4,600,00 shares on the basis of 2023-2025 earning period.

In December 2022, WithSecure's Board of Directors decided on a new Performance Share Plan for years 2023-2025 within a share-based long-term incentive scheme first announced in February 2020. The plan is offered to the management and selected key employees. The performance criteria for the new plan is WithSecure's total shareholder return (TSR). The aggregate maximum number of shares to be paid based on the plan is approximately 4,700,000 shares. Expected total cost of the program is EUR 3.3 million, and the rewards have been granted to approximately 110 employees.

The expenses arising from the share-based incentive program in financial statements for 2023 are EUR 2,037 thousand (1,448 including reversed expense from forfeiture of F-Secure participants)

Restricted share plan

A Restricted share plan was established in February 2020. The program's duration is five years. The Restricted share plan complements the incentive programs and comprises of four earning periods: 2020-2021 with grant date in October 2020, 2021-2022 with grant date in August 2021, 2021-2023 with grant date in January 2021, and 2022-2024 with grant dates in March 2022, June 2022 and September 2022. The original maximum total shares to be given is as follows: 300,000 shares on the basis of the earning period 2020-2021; 500,000 shares on the basis of the earning period 2021-2022; 500,000 shares on the basis of earning period 2021-2023, and 500,000 shares on the basis of earning period 2022-2024. The vesting of the rewards for all periods is conditional on the participant remaining in service of WithSecure. The Board has approved the participants for each earning period.

After the demerger, the Restricted share plan was converted into new WithSecure shares by updating total amount of shares to be granted. The Board has approved the new amount of shares. IFRS2 modification accounting was applied in the conversion. In the modification, the fair value of the original reward and the fair value of the new reward was calculated to modification date August 12, 2022. Incremental expense from the modification is booked as cost for the remaining earning period. The converted maximum total shares to be given is 1,400,000 shared for each earning period 2021-2022, 2021-2023 and 2022-2024.

In December 2022, WithSecure's Board of Directors also decided on a new Restricted Share Plan for years 2023-2025 within a restricted share plan scheme first announced in September 2020. The plan is offered to selected key employees. The aggregate maximum number of shares to be paid based on the plan is approximately 1,100,000 shares.

The expenses arising from the Restricted share plan in financial statements for 2023 are EUR 1,007 thousand (2022 EUR 1,113 thousand including reversed expense from forfeiture of F-Secure participants.)

Performance Matching Share Plan

Performance Matching Share Plan was established in September 2022. The program consists of one 4-year performance period which started on September 1, 2022 and ends on November 30, 2026. In the plan, participants were given an opportunity to invest in WithSecure shares and earn WithSecure shares through a matching reward. The Board has approved participations in the plan. The company will match the participants' own investment based on WithSecure's market capitalization value. The maximum matching is 5 times the number of invested shares. In addition, the participants will receive a guaranteed matching of 0.5 times the initial investment, given that their employment continues without termination at the time of the payment.

Performance Matching Share Plan replaced Share-based incentive program's earning period 2022-2024 for participants. According to IFRS 2 modification accounting has been applied. In the modification, the fair value of the original reward and the fair value of the new reward was calculated to the modification date September 9, 2022. Expense from the original reward is booked as cost for the original earning period and the incremental expense from the modification is booked as cost for the performance period of the new reward.

The expenses arising from the Performance Matching Share Plan in financial statements for 2023 are EUR 0.2 thousand.

Employee Share Savings Plan

Employee share savings plan was established in August 2022. The plan consists of a 12-month savings period that is followed by a 2-year restriction period. In the plan, participants are given an opportunity to invest in WithSecure shares through monthly savings and earn WithSecure shares through a matching reward. After the restriction period, the participants will receive one guaranteed matching share for every two shares saved within the plan given that their employment continues without termination at the time of the reward payment.

In September 2023, WithSecure's Board of Directors decided to launch a new Plan period 2024-2026 within the ESSP for the employees of WithSecure Corporation and its subsidiaries.The maximum number of matching shares (gross number before taxes) for the plan period is approximately 1,000,000 shares.

The expenses arising from the Employee Share Savings Plan in financial statements for 2023 are EUR 2 thousand (2022 2 thousand).

Impacts of share-based payment transactions on financial statements

	Consolidated Consolidated
EUR 1,000	2023	2022
Booked as expense during the period	3,326	2,836
Booked in retained earnings during the period	1,603	1,473

17 Financial assets and liabilities

Classes and categories of financial assets and liabilities and their fair values

Fair value hierarchy levels 1 to 3 are based on the degree to which the fair value is observable:

Level 1: Fair values of financial instruments are based on quoted prices in active markets for identical assets and liabilities

				Consolidated Consolidated
		Fair value
EUR 1,000	Note	hierarchy	2023	2022
Financial assets at fair value through profit or loss
Current
Investments in unlisted shares		Level 3	26	26
Financial assets at amortized cost
Non-current
Interest bearing receivables1		Level 3	6,059	7,865
Current
Interest bearing receivables1		Level 3	2,126	2,260
Trade receivables	15	Level 2	25,237	26,354
Corporate commercial papers		Level 2		13,977
Cash and cash equivalents2			36,604	55,129
Total			70,052	105,613

1 Interest bearing receivables include receivables related to premises subleased to F-Secure, receivables related to deferred consideration and receivables related to asset transfers in Group subsidiaries in relation to demerger.

2 On 31 December EUR 15 million of Group cash assets were invested in short term deposits for maturity of maximum 3 months. These deposits are included in the balance for Cash and cash equivalents, and their fair value is equivalent to their carrying value.

Level 2: Financial instruments are not subject to trading in active and liquid markets. The fair values of financial instruments can be determined based on quoted market prices and deduced valuation.

Level 3: Measurement of financial instruments is not based on verifiable market information, and information on other circumstances affecting the value of the instruments is not available or verifiable.

			Consolidated Consolidated
		Fair value
EUR 1,000	Note	hierarchy	2023	2022
Financial liabilities at amortized cost
Non-current
Interest bearing liabilities
Other loans		Level 3	3,554	3,596
Lease liabilities		Level 2	4,851	4547
Current
Interest bearing liabilities
Lease liabilities		Level 2	5,331	5,065
Trade and other payables	21		3,376	4,409
Total			17,113	17,618

The carrying amount of all financial assets and liabilities, carried at amortized cost is considered to provide a reasonable approximation of their fair value.

In September 2023, the company signed a new committed EUR 20 million revolving credit facility (RCF) with OP Corporate Bank. The facility will mature in three years from its signing. The new facility is subject to conventional covenants related to ratio of net debt to EBITDA and equity ratio. The facility remains unused at the end of the year.

	W	/
--	---	---

Contractual maturities of							Total contractual
financial liabilities	Less than 1 year	1 to 2 years	2 to 3 years	3 to 4 years	4 to 5 years	Over 5 years	cash flows	Carrying amount
Lease liabilities	5,331	1,607	1,537	1,227	480		10,182	10,182
Other loans		3,554					3,554	3,554
Total financial liabilities	5,331	5,162	1,537	1,227	480		13,736	13,737

Other loans are liabilities related to asset transfers in Group subsidiaries in relation to demerger.

Lease liabilities consists mainly of buildings (EUR 9.2 million). Cars are totalling to EUR 1.0 million and the maturity for them is mainly less than 2 years.

18 Management of financial risks

General

The goal of risk management is to identify risks that may hinder the Group from achieving its business objectives. The Group may be exposed to a variety of financial risks: market risk (including currency risk, interest rate risk and commodity risk), credit risk and liquidity risk. The responsibility for the Group's risk management lies with the CEO, the management and ultimately with the Board of Directors. The operative management of the treasury activities are centralized into Group Treasury. The Treasury Policy, which has been approved by the Board of Directors, defines the principles for measuring and managing liquidity risk, interest rate risk, currency risks and counter-party risk of the Group.

Credit risk

Credit risk is managed on Group level in line with the Group Credit policy. Credit risk derives from financial investments, derivative contracts and customer-related assets, such as accounts receivable. The Group trades only with recognized, creditworthy third parties and requires a credit review to be performed for any new customers. Advance payments or short payment terms can be used to reduce credit risk, especially with significant contracts. Receivable balances are monitored and collected on an ongoing basis. The maximum exposure to credit risk at the reporting date is the carrying value of trade receivables. There are no significant concentrations of credit risk within the Group due to its diversified customer portfolio operating in different regions. See note 15. Trade and other receivables

Liquidity risk

Liquidity risk arises if the Group's existing liquidity reserves, net cash flows and available additional financing are not sufficient to cover commitments falling due within next 12 months. Group manages its liquidity risk by centralizing the management of cash and liquid assets and thereby optimizing the use of liquid funds for operational and refinancing needs. Group Treasury is responsible for monitoring cash balances and cash forecasts to keep liquidity risk at manageable level. The Group has not identified any significant concentrations of liquidity risks in sources of available financing.

Cash and bank balance was at solid level throughout 2023, and at the end of the reporting period the Group held EUR 21.6 million in its bank accounts and EUR 15.0 million in short trem deposits with maturity of less than three months. In total, Group's cash and cash equivalents were EUR 36.6 million (EUR 55.1 million euro in 2022). The Group also holds a revolving credit facility (RCF) of EUR 20 million which remains unused at the end of the year. The management and the Board of Directors monitors Group's liquidity through a regular cash forecast on a monthly basis.

Market risk

The Group invests liquidity in excess of operative requirement according to Investment Policy approved by the Board of Directors. Assets available for investing are determined based on cash and liquidity forecasts. The objective is to generate stable positive returns and at minimum ensure that the invested nominal amounts can be redeemed. Market risk arising from investments is managed by defining neutral allocation per asset class complemented by minimum and maximum limits. The Board of Directors approves allowed counterparties and issuers for the Group's investments

Foreign currency risk

The Group operates globally and is exposed to a currency risk arising from exchange rate fluctuations against its reporting currency euro. Transaction risk is related to foreign currency transactions in sales and expenses. Translation risk arises from the Group's net investments outside euro zone.

Transaction risk

Majority of sales is invoiced in Euros. Other main currencies for invoicing are GBP, USD and JPY. Currency risk arising from sales invoicing is notably diminished by operational expenses arising in same currencies as the sales invoicing. In order to minimize the impact of the fluctuation of the exchange rates, the Group can use forward currency contracts to eliminate the currency exposure of the estimated cash flow of these currencies.

Group has forward contracts to hedge internal loan receivable in USD. As of 31 December 2023, the nominal value of the forward contracts was EUR 7 million and the market value was EUR -1 thousand.

Consolidated 2023 Consolidated 2022 Sales in different currencies % % EUR 52 51 GBP 18 19 USD 13 11 JPY 10 11 SEK 3 3 Other currencies 4 6 100 100

The carrying Euro amounts of the Group's financial assets and liabilities at the reporting date are as follows:

Financial assets	Consolidated 2023	%	Consolidated 2022	%
EUR	37,943	54	68,066	65
JPY	7,901	11	13,815	13
GBP	10,956	16	9,742	9
USD	6,817	10	5,768	5
Other currencies	6,423	9	7,994	8
	70,040	100	105,386	100

	Consolidated		Consolidated
Financial liabilities	2023	%	2022	%
EUR	7,237	42	9,156	52
USD	5,200	30	4,689	27
GBP	3,914	23	2,589	15
Other currencies	802	5	1,184	6
	17,154	100	17,618	100

The table below demonstrates how sensitive the Group's profit before taxes is to foreign exchange rate fluctuations when all other variables are held constant. The open exposure against USD, GBP and JPY arising from Group treasury, trade receivables and trade payables have an impact on Group's profit before taxes. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the functional currencies the Group operates in.

EUR million	Consolidated 2023	Consolidated 2022
USD	+0,2/-0,3	+0,3/-0,3
GBP	-0,2/+0,3	-0,4/+0,5
JPY	+0,0/-0,0	-0,3/+0,4

Translation risk

Translation risk arises from the Group's net investments in foreign currencies. Most significant translation risks arise from goodwill generated in MWR InfoSecurity acquisition. Main currencies in goodwill are GBP and EUR. In the divestment of the South African subsidiary, ZAR based goodwill was reallocated to GBP and EUR. Translation differences also arise from translating Group companies' balance sheets into euros using exchange rates prevailing on the reporting date. Internal loans are granted mainly in subsidiaries' home currencies. According to current policy, WithSecure does not hedge equity investments made in its subsidiaries.

The table below demonstrates how sensitive the Group's equity is to foreign exchange rate fluctuations when all other variables are held constant. The sensitivity calculation is based on a change of 10% in the Euro exchange rate against the main functional currencies exposing the Group to translation risk.

EUR million	Consolidated 2023	Consolidated 2022
GBP	+7.7/-6.3	+7.9/-6.5
DKK	+0.8/-0.7	+0.9/-0.7

Interest rate risk

The Group repaid its bank loans in June 2022 which reduced exposure to interest rate risk. Interest rate risk is limited to interest bearing liabilities in subsidiaries from asset transfers related to the demerger (EUR 3.6 million).

Capital management

The Group's shareholders' equity is managed as capital. The objective of the Group's capital management is to maintain an efficient capital structure that ensures the functioning of business operations and promotes shareholder value. After June 2022, the Group has not had external financing. Capital structure is reviewed regularly as a part of financial performance monitoring. The capital structure can be adjusted among other things by distribution of dividends, share repurchase or capital repayment. The dividend policy of WithSecure is to pay approximately half of its annual profit as dividend. Subject to circumstances, the Company may deviate from its policy.

19 Deferred tax

		Consolidated Consolidated
EUR 1,000	2023	2022
Deferred tax assets relate to following:
Fixed assets	273	1,019
Accruals and provisions	10,588	5,625
Tax losses carried forward	3,033	4,762
Total	13,894	11,406
Offset against deferred tax liabilities	-3,212	-4,639
Net deferred tax assets	10,682	6,767

Total at the beginning of the period	6,767	4,124
Recognized in profit or loss	3,915	2,643
Total at the end of the period	10,682	6,767

Deferred tax liabilities relate to the following:
Fixed assets	562	2,738
Accruals and provisions	3,924	3,524
Total	4,485	6,262
Offset against deferred tax assets	-3,212	-4,639
Net deferred tax liabilities	1,273	1,623

Change in deferred tax liabilities:
Total at the beginning of the period	1,623	1,880
Recognized in profit or loss	-350	-257

On December 31, 2023 the Group had EUR 76.6 million losses carried forward that are available to be offset against future taxable profits in the companies in which the losses have been generated. Deferred tax asset has been recognized for losses in total of EUR 27.8 million.

20 Provisions

	Consolidated Consolidated
EUR 1,000	2023	2022
Provision at 1.1.
Provision for the period	9,046
Provision reversed	-263
Provision used	-5,298
Total 31.12.	3,486

Provision is related to restructuring in Q4 2023 and is expected to be used in 2024.

21 Other liabilities

		Consolidated Consolidated
EUR 1,000	2023	2022
Non-current liabilities
Deferred revenue	20,772	22,153
Other non-current liability	388	317
Total	21,160	22,470

		Consolidated Consolidated
EUR 1,000	2023	2022
Current liabilities
Deferred revenue	46,125	46,446
Trade payables	3,376	4,409
Other liabilities	5,841	5,547
Accrued expenses	12,303	9,912
Income tax liabilities	620	2,126

		Consolidated Consolidated
EUR 1,000	2023	2022
Material amounts shown under accrued expenses
Accrued personnel expenses	8,802	5,661
Deferred royalty	96	82
Other accrued expenses	3,406	4,169
Total	12,303	9,912

Total 68,265 68,440

22 Contingent liabilities

	Consolidated Consolidated
EUR 1,000	2023	2022
Guarantees for other group companies
Other liabilities
Others	110	110

23 Related party disclosures

The Group's related parties include members of the Board, CEO and members of the Leadership Team as well as their close family members and entities where the aforementioned persons have either control or shared control.

Compensation of key management personnel of the Group

		Consolidated Consolidated
EUR 1,000	2023	2022
Wages and other short-term employee benefits	3,002	2,952
Share-based payments	298	236
Total	3,300	3,188

Wages and other short-term employee benefits incl. share-based payments

		Consolidated Consolidated
EUR 1,000	2023	2022
CEO	510	556
Leadership Team	2,790	2,633
Members of the Boards of Directors	313	314
	3,612	3,502

Board of Directors 2023 and Managing Director

EUR 1,000	Wages	Fees
Juhani Hintikka, Managing Director	510
Risto Siilasmaa, Chairman of the Board		80
Pertti Ervi		1
Päivi Rekonen		41
Tuomas Syrjänen		48
Keith Bannister		41
Kirsi Sormunen		48
Ciaran Martin		41
Camilla Perselli		13
Total	510	313

Share-based payments granted to the CEO are presented at the IFRS 2 expense of the share plans. The share-based payments are equity-settled and are measured at the fair value of the WithSecure Corporation share on the date they were granted. The cost is recognized over the period in which the performance conditions are fullfilled (earning period).

The CEO's retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the CEO during the period was 81 thousand euro (88 thousand euro in year 2022). The period of notice for the CEO is six (6) months both ways, and CEO is entitled to severance payment equivalent of six (6) months' salary.

24 Subsidiaries

Name	Country of incorporation	Group (%)
Parent WithSecure Corporation, Helsinki	Finland
WithSecure A/S, Copenhagen	Denmark	100.00
WithSecure AB, Stockholm	Sweden	100.00
WithSecure B.V., Utrecht	The Netherlands	100.00
WithSecure BV, Heverlee-Leuven	Belgium	100.00
WithSecure Cyber Security Services Oy, Helsinki	Finland	100.00
WithSecure GmbH, Munich	Germany	100.00
WithSecure Inc., Camden	United States	100.00
WithSecure KK, Tokyo	Japan	100.00
WithSecure Limited, Basingstoke	United Kingdom	100.00
WithSecure Norge AS, Oslo	Norway	100.00
WithSecure Pte. Ltd., Singapore	Singapore	100.00
WithSecure SARL, Maisons-Laffitte	France	100.00
WithSecure Sdn Bhd, Kuala Lumpur	Malaysia	100.00
WithSecure SP. z.o.o., Poznan	Poland	100.00
WithSecure Srl, Milano	Italy	100.00
Bytegeist GmbH, Oldenburg	Germany	100.00
F-Secure Software (Shanghai) Co Ltd, Shanghai	China	100.00
F-Secure Digital Assurance Ltd, Basingstoke	United Kingdom	100.00
F-Secure Informatica S de RL de CV, Mexico City	Mexico	99.41
F-Secure Argentina S.R.L., Buenos Aires	Argentina	95.00

Income statement January 1 – December 31, 2023

		FAS	FAS
EUR	Note	2023	2022
REVENUE	(1)	79,051,349.83	125,760,790.06
Cost of revenue	(4)	-18,928,442.47	-23,773,994.14
GROSS MARGIN		60,122,907.36	101,986,795.92
Other operating income	(2)	15,892,880.57	19,609,712.80
Sales and marketing	(3,4)	-46,255,012.90	-71,096,329.39
Research and development	(3,4)	-43,260,260.15	-43,659,729.58
Administration	(3,4)	-18,575,859.70	-19,472,202.17
EBIT		-32,075,344.81	-12,631,752.42
Financial income and expenses	(6)	2,409,113.80	-3,230,411.29
PROFIT (LOSS) BEFORE APPROPRIATIONS AND TAXES		-29,666,231.01	-15,862,163.71
Appropriations	(7)	3,456,219.00
Income taxes	(8)	3,044,675.81	2,201,733.85
RESULT FOR THE FINANCIAL YEAR		-23,165,336.20	-13,660,429.86

Balance sheet December 31, 2023

ASSETS		FAS	FAS
EUR	Note	2023	2022
NON-CURRENT ASSETS
Intangible assets	(9)	14,238,999.72	12,521,854.93
Tangible assets	(9)	843,111.47	775,254.20
Investments in group companies	(10)	121,565,483.93	119,845,463.72
Long-term receivables	(12)	8,325,632.42	7,122,694.62
Total non-current assets		144,973,227.54	140,265,267.47
CURRENT ASSETS
Trade and other receivables	(12)	41,269,461.75	42,677,663.30
Deferred tax assets	(11)	5,384,977.72	2,132,169.90
Short-term investments	(13)	26,071.99	14,003,150.78
Cash and cash equivalents	(14)	27,855,507.07	42,537,524.43
Total current assets		74,536,018.53	101,350,508.41
TOTAL ASSETS		219,509,246.07	241,615,775.88

SHAREHOLDERS' EQUITY AND LIABILITIES		FAS	FAS
EUR	Note	2023	2022
SHAREHOLDERS' EQUITY	(15,16)
Share capital		80,000.00	80,000.00
Share premium
Treasury shares		-154,558.06	-154,558.06
Reserve for invested unrestricted equity		84,438,441.61	84,438,441.61
Retained earnings		69,669,289.62	83,329,719.27
Profit for the financial year		-23,165,336.20	-13,660,429.86
Total shareholders' equity		130,867,836.97	154,033,172.96
APPROPRIATIONS
Depreciation reserve		90,614.56	90,614.56
LIABILITIES
Long-term liabilities	(18)	25,693,038.53	23,290,809.17
Short-term liabilities	(18)	62,857,756.01	64,201,179.19
Total liabilities		88,550,794.54	87,491,988.36

TOTAL SHAREHOLDERS' EQUITY AND LIABILITIES		219,509,246.07	241,615,775.88

Cash flow statement January 1 – December 31, 2023

	FAS	FAS
EUR 1,000	2023	2022
Cash flow from operations
Result for the financial year	-23,165	-13,660
Adjustments
Depreciation and amortization	4,091	4,654
Profit / loss on sale of fixed assets	5	0
Other adjustments	4,600	3,003
Financial income and expenses	-2,409	37
Income taxes	-3,045	-2,202
Cash flow from operations before change in working capital	-19,924	-8,167
Change in net working capital
Current receivables, increase (-), decrease (+)	-3,746	-8,956
Inventories, increase (-), decrease (+)		6
Non-interest bearing debt, increase (+), decrease (-)	-1,610	-2,447
Cash flow from operations before financial items and taxes	-25,280	-19,565

Interest expenses paid	-144	-218
Interest income received	2,705	865
Other financial income and expenses	-570	-2,274
Income taxes paid	-110	-3,149
Cash flow from operations	-23,399	-24,341

	FAS	FAS
EUR 1,000	2023	2022
Cash flow from investments
Investments in intangible and tangible assets	-5,991	-4,020
Investments in subsidiary shares		-141
Proceeds from sale of intangible and tangible assets	111	0
Intercompany loans granted		-3,105
Dividends received	150	191
Investments in financial assets1	13,977	-13,977
Cash flow from investments	8,247	-21,051
Cash flow from financing activities
Share issue		76,788
Decrease in interest-bearing liabilities		-19,000
Increase / Decrease in Intra Group liabilities	530	-5,017
Group contributions		3,000
Cash flow from financing activities	530	55,771

1 Investments in financial assets include Group's investments in financial assets measured at amortized cost, such as corporate commercial papers. Investments in short term money market instruments with maturity less than three months are presented as Cash and cash equivalents.

	FAS	FAS
EUR 1,000	2023	2022
Change in cash	-14,622	10,378
Effect of exchange rate changes on cash	-60	-55
Demerger effect in cash1		-6,808
Cash and bank at the beginning of the period	42,537	39,023
Cash and bank at period end	27,855	42,537

1 Cash held by parent company at completion of the demerger was divided between WithSecure and F-Secure as determined in the demerger plan. F-Secure's share of the cash remaining at WithSecure on 30 June net of F-Secure's share of transaction costs was transferred in July. Demerger cash effect in second quarter arises from cash held by F-Secure's subsidiaries at the time of demerger.

Notes to the parent company Financial Statements

Accounting principles for the parent company financial statements

Basic information

WithSecure provides cyber security products and services globally for businesses.

WithSecure Corporation (previously known as F-Secure Corporation) is the parent company of WithSecure Group, incorporated in Finland and domiciled in Helsinki. Company's registered address is Tammasaarenkatu 7, 00180 Helsinki. Copy of consolidated financial statements can be downloaded from www.withsecure.com or can be received from the Company's registered address.

Accounting principles

The financial statements of WithSecure Corporation has been prepared in accordance with Finnish Accounting Standards (FAS).

Demerger

WithSecure completed the separation of its Consumer security business into an independent company F-Secure through a partial demerger on 30 June 2022, according to the plan first announced on 17 February 2022 by the Board of Directors. In the demerger, assets and liabilities transferred to F-Secure were derecognized from the parent company's balance sheet at book values on 30 June 2022. The net amount of the assets and the liabilities was booked as deduction to Company's equity. Demerger impact on parent company's equity was EUR -9.7 million.

Foreign currency translation

Foreign currency transactions are translated using the exchange rates prevailing at the dates of the transactions. On the reporting date, assets and liabilities

denominated in foreign currencies are translated using the European Central Bank's exchange rates prevailing at that date. Exchange rate gains and losses are recognized in financial items in the income statement.

Revenue recognition

Revenue is derived from corporate business. Corporate security business revenue includes cyber security products and managed services. In 2022, WithSecure started to classify revenue in three categories: Cloud-based security products, Onpremise security products, and Cyber security consulting. Cloud revenue includes the Elements platform cloud-based products, Managed Detection and Response (MDR) and Cloud Protection for Salesforce (CPSF) revenue. On-premise revenue includes the Elements portfolio on-premise product (Endpoint protection).

Presentation of receivables and liabilities from contracts with customers

Pensions

WithSecure's pension arrangements are defined contribution plans in accordance with local statutory requirements. Contributions to defined contribution plans are recognized in income statement in the period to which the contributions relate. The Company recognizes the disability commitment of TyEL pension plan when disability appears.

Leases

Leases where the lessor retains substantially all the risks and benefits of ownership of the asset are classified as operating leases. Operating lease payments are recognized as an expense in the income statement on a straight-line basis over the lease term. The Company has only operating leases.

Income taxes

Current income taxes are calculated in accordance with the local tax and accounting rules. Deferred tax assets from losses carried forward are recognized to the extent that it is probable that future taxable profit will be available.

Tangible and intangible assets

Intangible assets include intangible rights and software licenses. Tangible and intangible assets are recorded at historical cost less accumulated depreciation, amortization, and possible impairment. Depreciation and amortization is recorded on a straight-line basis over the estimated useful life of an asset. The estimated useful lives of tangible and intangible assets are as follows:

Machinery and equipment	3–8 years
Capitalized development costs	3–8 years
Intangible rights	3–8 years
Intangible assets	5–10 years

Ordinary repairs and maintenance costs are charged to the income statement during the financial period in which they are incurred. The cost of major renovations is included in the assets' carrying amount when it is probable that the Company will derive future economic benefits in excess of the originally assessed standard or performance of the existing asset. Any gain or loss arising on derecognition of the asset (calculated as the difference between the net disposal proceeds and the carrying amount of the asset) is included in the income statement in the year the asset is derecognized.

Research and development expenditure

Research expenditure is recognized as an expense at the time it is incurred. Development expenditures are capitalized as intangible assets.

Financial assets and liabilities

Cash and cash equivalents in the balance sheet comprise cash at bank and in hand and other highly liquid short-term investments.

WithSecure classifies loans from financial institutions, trade payables and other payables as other financial liabilities which are measured at amortized cost. Financial liabilities are classified as current unless WithSecure has unconditional right to postpone their repayment by at least 12 months from the end date of the reporting period.

Treasury shares

The company has acquired treasury shares in 2008–2011. The purchase price of the shares has been deducted from equity.

Share-based payment transactions

WithSecure provides incentives to employees in the form of equity-settled sharebased instruments. Currently the Company has share-based programs.

WithSecure's share-based incentive programs are targeted to the Group's management and key personnel. In addition, employee share savings plan was launched in 2022 for all employees. The programs are equity-settled and recognized in the Company's equity on vesting date.

Presentation of expenses

1 Revenue

	FAS	FAS
EUR 1,000	2023	2022
Geographical information
Nordic countries	23,454	43,037
Europe excl. Nordics	42,931	61,354
North America	1,379	9,178
Rest of the world	11,287	12,192
Total	79,051	125,761

Due to the partial demerger of Consumer security business on 30th of June 2022, the comparative information for 2022 is not fully comparable with 2023.

2 Other operating income

	FAS	FAS
EUR 1,000	2023	2022
Service fees charged from F-Secure under TSA	6,939	8,708
Rental revenue	1,489	778
Government grants	543	1,452
Other	6,922	8,673
Total	15,893	19,610

Government grants are recognized as income over those periods in which the corresponding expenses arise.

Other category includes administrative and other fees charged from group companies.

3 Depreciation, amortization, and impairment

	FAS	FAS
EUR 1,000	2023	2022
Depreciation and amortization of non-current assets
Other intangible assets	-762	-743
Capitalized development	-3,073	-3,626
Intangible assets	-3,834	-4,369

Machinery and equipment	-256	-285
Tangible assets	-256	-285
Total depreciation and amortization	-4,091	-4,654
Depreciation and amortization by function
Sales and marketing	-124	-191
Research and development	-3,605	-4,101
Administration	-362	-363
Total depreciation and amortization	-4,091	-4,654

Due to the partial demerger of Consumer security business on 30th of June 2022, the comparative information for 2022 is not fully comparable with 2023.

4 Personnel expenses

	FAS	FAS
EUR 1,000	2023	2022
Personnel expenses
Wages and salaries	-36,205	-42,463
Pension expenses	-5,885	-7,317
Other social expenses	-1,945	-1,511
Total	-44,036	-51,291

Due to the partial demerger of Consumer security business on 30th of June 2022, the comparative information for 2022 is not fully comparable with 2023.

Compensation of key management personnel

	FAS	FAS
EUR 1,000	2023	2022
Wages and other short-term employee benefits	-2,415	-2,588
Wages and other short-term employee benefits
Managing Directors	510	556
Members of the Board of Directors	313	314

Wages and other short-term employee benefits of the Board of Directors and Managing Director: see group disclosure 23. Related party disclosures.

The Managing Director's retirement age and the determination of his pension conform to the standard rules specified by Finland's Employee Pension Act (TYEL). The pension cost of the Managing Director over the period was 81 thousand euro (88 thousand euro in year 2022). The period of notice for the Managing Director is six (6) months both ways, and Managing Director is entitled to severance payment equivalent of six (6) months' salary.

	FAS	FAS
	2023	2022
Average number of personnel	463	573
Personnel by function Dec 31
Consulting and delivery	42	38
Sales and marketing	110	125
Research and development	228	250
Administration	61	79
Total	441	492

5 Audit fees

	FAS	FAS
EUR 1,000	2023	2022
Audit fees, PricewaterhouseCoopers	-131	-130
Other consulting, PricewaterhouseCoopers	-22	-2,302
Total	-153	-2,432

6 Financial income and expenses

	FAS	FAS
EUR 1,000	2023	2022
Interest income	2,705	865
Interest expense	-144	-218
Other financial income	2
Dividends	150	191
Exchange gains (+) and losses (-)	-130	-617
Impairment of non-current investments		-3,194
Other financial expenses	-173	-256
Total	2,409	-3,230

Impairment of non-current investments relates to a dormant group company. Its shares have been written off during the previous year.

7 Appropriations

Total	3,456
Group contribution	3,456
EUR 1,000	2023	2022
	FAS	FAS

8 Income taxes

	FAS	FAS
EUR 1,000	2023	2022
Income tax for the year	-177	89
Adjustments for income tax of prior periods	-32	-19
Deferred tax	3,253	2,132
Total	3,045	2,202

Result before appropriations and tax	-29,666	-15,862

	Intangible assets				Tangible assets
EUR 1,000	Other intangible	Capitalized development	Incomplete	development Advance payments		Total Machinery & equip.	Other tangible	Total
Acquisition cost Jan 1, 2021	13,335	36,025	2,743	681	52,785	4,591	5	4,597
Additions	59		3,450	118	3,628	258		258
Transfers	800	2,406	-2,406	-800
Disposals	-5,350	-10,009	-2,346		-17,706	-39		-39
Acquisition cost Dec 31, 2022	8,844	28,422	1,441		38,706	4,810	5	4,816
Additions	2,544		3,007		5,551	333		333
Transfers		674	-674
Disposals						-16		-16
Acquisition cost Dec 31, 2023	11,389	29,096	3,773		44,258	5,127	5	5,133
Acc. depreciation Jan 1, 2021	-11,611	-21,666			-33,277	-3,785		-3,785
Depreciation for the period	-743	-3,626			-4,369	-285		-285
Acc. depreciation of disposals	5,350	6,112			11,462	30		30
Acc. depreciation Dec 31, 2022	-7,005	-19,181			-26,185	-4,040		-4,040
Depreciation for the period	-762	-3,073			-3,834	-256		-256
Acc. depreciation of disposals						7		7
Acc. depreciation Dec 31, 2022	-7,766	-22,253			-30,019	-4,289		-4,289
Book value as at Dec 31, 2022	1,839	9,242	1,441		12,522	770	5	775
Book value as at Dec 31, 2023	3,622	6,844	3,773		14,239	838	5	843

10 Investments in group companies

EUR 1,000	Shares in group companies	Total
Book value as at Jan 1	119,845	119,845
Additions	1,720	1,720
Book value as at Dec 31	121,565	121,565

Name	Country of incorporation	Share of ownership (%)
Parent WithSecure Corporation, Helsinki	Finland
WithSecure A/S, Copenhagen	Denmark	100
WithSecure AB, Stockholm	Sweden	100
WithSecure B.V., Utrecht	The Netherlands	100
WithSecure BV, Heverlee-Leuven	Belgium	100
WithSecure GmbH, Munich	Germany	100
WithSecure KK, Tokyo	Japan	100
WithSecure Limited, Basingstoke	United Kingdom	100
WithSecure SARL, Maisons-Laffitte	France	100
WithSecure Sdn. Bhd., Kuala Lumpur	Malaysia	100
WithSecure Sp. z o.o., Poznan	Poland	100
WithSecure Srl, Milan	Italy	100
F-Secure Argentina SRL, Buenos Aires	Argentina	95
F-Secure Digital Assurance Ltd, Basingstoke	United Kingdom	100
F-Secure Software (Shanghai) Co Ltd, Shanghai	China	100

11 Deferred tax

Total	5,385	2,132
Deferred tax assets	5,385	2,132
EUR 1,000	2023	2022
	FAS	FAS

12 Receivables

	FAS	FAS
EUR 1,000	2023	2022
Non-current receivables
Other receivables	72	72
Total	72	72
Receivables from group companies
Loan receivables	8,254	7,051
Total	8,254	7,051
Non-current receivables total	8,326	7,123
Current receivables
Trade receivables	12,316	11,681
Loan receivables	53	58
Other receivables	135	87
Prepaid expenses and accrued income	5,462	7,408
Total	17,966	19,235
Receivables from group companies
Trade receivables	9,099	11,864
Loan receivables	10,068	11,557
Other receivables	4,021	22
Prepaid expenses and accrued income	116
Total	23,303	23,443
Current receivables total	41,269	42,678

	FAS	FAS
EUR 1,000	2023	2022
Material items included in prepaid expenses and accrued income
Prepaid royalty	2,015	2,072
Grant receivables	279	769
Other prepaid expenses	2,641	4,257
Accrued income	527	310
Total	5,462	7,408

13 Short-term investments

	FAS	FAS
EUR 1,000	2023	2022
Fair value as at Jan 1	26	26
Fair value as at Dec 31	26	26

Shares - unlisted	26	26
Fair value as at Dec 31	26	26
Original purchase price as at Dec 31	26	26

14 Cash and short-term deposits

	FAS	FAS
EUR 1,000	2023	2022
Cash at bank and in hand	27,856	42,538

Cash at bank includes also investments in short term deposits with maturity of less than 3 months (EUR 15 million)

15 Statement of changes in shareholders' equity

Parent Company FAS
				Unrestricted
EUR 1,000	Share capital	Share premium fund	Treasury shares	equity reserve	Retained earnings	Total equity
Equity Dec 31, 2021	1,551	165	-849	6,789	92,586	100,243
Result of the financial year					-13,660	-13,660
Cost of share based payments			694		-1,220	-526
Share issue				77,649		77,649
Reduction of share capital and share
premium reserve	-1,471	-165			1,636
Assets transferred in the demerger					-9,671	-9,671
Equity Dec 31, 2022	80		-155	84,439	69,670	154,033
Result of the financial year					-23,165	-23,165
Equity Dec 31, 2023	80		-155	84,439	46,505	130,868

16 Shareholders' equity

The company's share capital amounted to 80,000 euros, and the number of shares was 176,098,739 at the end of the year 2023.

See group disclosure 14. Shareholders' Equity.

Treasury shares

See group disclosure 14. Shareholders' Equity.

Distributable shareholders' equity on December 31, 2023
EUR 1,000
Unrestricted equity reserve	84,439
Retained earnings	69,515
Result of the financial year	-23,165
Less capitalized development expense	-10,617
Distributable shareholders' equity on December 31, 2023	120,171

17 Share-based payment transactions

See group disclosure 16. Share-based payment transactions.

18 Liabilities

	FAS	FAS
EUR 1,000	2023	2022
Non-current liabilities
Deferred revenue	15,862	16,597
Total	15,862	16,597
Liabilities to the group companies
Cashpool	7,223	6,694
Other liabilities	2,608
Total	9,832	6,694
Total non-current liabilities	25,693	23,291
Current liabilities
Deferred revenue	30,336	28,010
Trade payables	3,064	3,868
Other liabilities	2,116	1,983
Accrued expenses	11,415	12,562
Total	46,932	46,424
Liabilities to the group companies
Advance payments	1,308	2,802
Trade payables	12,397	14,795
Other liabilities	2,221
Total	15,926	17,597
Total current liabilities	62,858	64,021

	FAS	FAS
EUR 1,000	2023	2022
Material amounts shown under accruals and deferred income
Accrued personnel expenses	8,496	9,206
Deferred royalty	96	82
Accrued expenses	2,824	3,274
Total	11,415	12,562

19 Financial risk management

See Group disclosure 18. Management of financial risks.

The Group has entered into commercial leases on office space and on motor vehicles. Motor vehicle leases have an average life of three years and office spaces between two and five years with renewal terms included in the contracts.

Future minimum rentals payable under non-cancellable operating leases as at 31 December are as follows:

As lessee	FAS	FAS
EUR 1,000	2023	2022
Within one year	3,912	3,773
After one year but not more than five years	200	688
Total	4,112	4,461

21 Contingent liabilities

	FAS	FAS
EUR 1,000	2023	2022
Guarantees for other group companies	110	110

Signatures of the Board of Directors

Helsinki, February 12, 2024

Risto Siilasmaa Chair	Ciaran Martin	Päivi Rekonen
Kirsi Sormunen	Tuomas Syrjänen	Keith Bannister

Camilla Perselli

Juhani Hintikka Managing Director

Auditors' note

Our auditors' report has been issued today.

Helsinki, February 12, 2024

PricewaterhouseCoopers Oy Authorized Public Accountants

Jukka Karinen Authorized Public Accountant

Auditor's Report

To the Annual General Meeting of WithSecure Oyj

Report on the Audit of the Financial Statements

Opinion

In our opinion

the consolidated financial statements give a true and fair view of the group's financial position, financial performance and cash flows in accordance with IFRS Accounting Standards as adopted by the EU
the financial statements give a true and fair view of the parent company's financial performance and financial position in accordance with the laws and regulations governing the preparation of financial statements in Finland and comply with statutory requirements.

Our opinion is consistent with the additional report to the Audit Committee.

What we have audited

We have audited the financial statements of WithSecure Oyj (business identity code 0705579-2) for the year ended 31 December 2023. The financial statements comprise:

statement of comprehensive income, statement of financial position, statement of cash flows, statement of changes in equity and notes, which include material accounting policy information and other explanatory information
the parent company's balance sheet, income statement, cash flow statement and notes.

Basis for Opinion

We conducted our audit in accordance with good auditing practice in Finland. Our responsibilities under good auditing practice are further described in the Auditor's Responsibilities for the Audit of the Financial Statements section of our report.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Independence

We are independent of the parent company and of the group companies in accordance with the ethical requirements that are applicable in Finland and are relevant to our audit, and we have fulfilled our other ethical responsibilities in accordance with these requirements.

To the best of our knowledge and belief, the non-audit services that we have provided to the parent company and group companies are in accordance with the applicable law and regulations in Finland and we have not provided non-audit services that are prohibited under Article 5(1) of Regulation (EU) No 537/2014. The non-audit services that we have provided are disclosed in note 7 to the Financial Statements.

Our Audit Approach

As part of designing our audit, we determined materiality and assessed the risks of material misstatement in the financial statements. In particular, we considered where management made subjective judgements; for example, in respect of significant accounting estimates that involved making assumptions and considering future events that are inherently uncertain.

Materiality

The scope of our audit was influenced by our application of materiality. An audit is designed to obtain reasonable assurance whether the financial statements are free from material misstatement. Misstatements may arise due to fraud or error. They are considered material if individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.

Based on our professional judgement, we determined certain quantitative thresholds for materiality, including the overall group materiality for the consolidated financial statements as set out in the table below. These, together with qualitative considerations, helped us to determine the scope of our audit and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements on the financial statements as a whole.

Overall group materiality	€1 050 000 (previous year €1 000 000)
---------------------------	---------------------------------------

How we determined it	0.7% of consolidated revenue
Rationale for the materiality benchmark applied	The groups profitability has been volatile during the last years due to restructuring related costs, significant investments in product development and a change in strategy. We chose revenue as the benchmark because, in our view, it is the benchmark against which the perfor mance of the group is commonly measured by users and is a generally accepted benchmark. We chose 0.7% which is within the range of acceptable quantitative materiality thresholds in auditing standards.

How we tailored our group audit scope

We tailored the scope of our audit, taking into account the structure of the group, the accounting processes and controls, and the industry in which the group operates.

Group operates globally through several legal entities. Group's sales are mainly generated by the parent company and we have audited the parent company as part of our audit of the consolidated financial statements. In addition, we have performed audit procedures related to two significant subsidiaries. We have considered that the remaining subsidiaries don't present a reasonable risk of material misstatement for consolidated financial statements and thus our procedures have been limited to analytical procedures performed at group level.

By performing the procedures above at legal entities, combined with additional procedures at the group level, we have obtained sufficient and appropriate evidence regarding the financial information of the group as a whole to provide a basis for our opinion on the consolidated financial statements.

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

As in all of our audits, we also addressed the risk of management override of internal controls, including among other matters consideration of whether there was evidence of bias that represented a risk of material misstatement due to fraud.

Key audit matter in the audit of the group

Valuation of goodwill

Refer to accounting principles and note 12 for the consolidated financial statements.

Goodwill is one of the most significant balance sheet items and amounted to €78.1 million at the balance sheet date. During the financial year an impairment of €6.2 million was recognized for the goodwill related to consulting business. Impairment testing of goodwill requires significant degree of management judgement, including identifying cash generating units, meaning the level at which the goodwill is tested, estimating the future profitability of the business and the discount rate applied for the expected future cash flows.

Due to materiality and judgment associated we have considered valuation of goodwill as key audit matter in the audit of the group.

How our audit addressed the key audit matter

Our audit focused on assessing the appropriateness of management's judgment and estimates used in the goodwill impairment analysis through the following procedures:

We tested the methodology applied in the value in use calculation by comparing it to the requirements of IAS 36, Impairment of Assets, and we tested the mathematical accuracy of calculation;

We evaluated the process by which the future cash flow forecasts are drawn up, including comparing them to the latest Board approved targets and long-term plans

We tested the key underlying assumptions for the cash flow forecasts, including sales and profitability forecasts, discount rate used and the implied growth rates beyond the forecasted period

We compared the current year actual results included in the prior year impairment model to consider whether forecasts included assumptions that, with hindsight, had been optimistic

We tested whether the sensitivity analysis performed by the management around key assumptions of the cash flow forecast are appropriate by considering the likelihood of the movements of these key assumptions.

We have no key audit matters to report with respect to our audit of the parent company financial statements.

There are no significant risks of material misstatement referred to in Article 10(2c) of Regulation (EU) No 537/2014 with respect to the consolidated financial statements or the parent company financial statements.

Responsibilities of the Board of Directors and the Managing Director for the Financial Statements

The Board of Directors and the Managing Director are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with IFRS Accounting Standards as adopted by the EU, and of financial statements that give a true and fair view in accordance with the laws and regulations governing the preparation of financial statements in Finland and comply with statutory requirements. The Board of Directors and the Managing Director are also responsible for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the financial statements, the Board of Directors and the Managing Director are responsible for assessing the parent company's and the group's ability to continue as a going concern, disclosing, as applicable, matters relating to going concern and using the going concern basis of accounting. The financial statements are prepared using the going concern basis of accounting unless there is an intention to liquidate the parent company or the group or to cease operations, or there is no realistic alternative but to do so.

Auditor's Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with good auditing practice will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with good auditing practice, we exercise professional judgment and maintain professional skepticism throughout the audit. We also:

Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the parent company's or the group's internal control.
Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management.
Conclude on the appropriateness of the Board of Directors' and the Managing Director's use of the going concern basis of accounting and based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the parent company's or the group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor's report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor's report. However, future events or conditions may cause the parent company or the group to cease to continue as a going concern.
Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events so that the financial statements give a true and fair view.
Obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor's report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

Other Reporting Requirements

Appointment

We were first appointed as auditors by the annual general meeting on 7 April 2016. Our appointment represents a total period of uninterrupted engagement of eight years.

Other Information

The Board of Directors and the Managing Director are responsible for the other information. The other information comprises the report of the Board of Directors and the information included in the Annual Report, but does not include the financial statements and our auditor's report thereon.

Our opinion on the financial statements does not cover the other information.

In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. With respect to the report of the Board of Directors, our responsibility also includes considering whether the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

In our opinion

the information in the report of the Board of Directors is consistent with the information in the financial statements
the report of the Board of Directors has been prepared in accordance with the applicable laws and regulations.

If, based on the work we have performed, we conclude that there is a material misstatement of the other information, we are required to report that fact. We have nothing to report in this regard.

Helsinki 12 February 2024

PricewaterhouseCoopers Oy Authorised Public Accountants

Jukka Karinen Authorised Public Accountant (KHT)

Key figures

	IFRS	IFRS	IFRS	IFRS	IFRS
Economic indicators	2023	2022	2021	2020	2019
Revenue (MEUR)1	142.8	134.7	130	220.2	217.3
Revenue growth %	6.0 %	3.6 %		1.3 %	14.0 %
EBIT (MEUR)1	-43.9	-42.6	-30.1	19.7	7.2
% of revenue	-30.7 %	-31.6 %	-23.1 %	8.9 %	3.3 %
Result before taxes1	-43.7	-44.2	-30.4	16.5	4.2
% of revenue	-30.6 %	-32.8 %	-23.4 %	7.5 %	2.0 %
ROE (%)	-32.9 %	-32.5 %	14.3 %	16.2 %	4.7 %
ROI (%)	-30.5 %	-30.5 %	15.6 %	18.5 %	4.5 %
Equity ratio (%)	73.3 %	79.0 %	59.5 %	52.5 %	49.0 %
Investments (MEUR)2	6.7	4.8	6.6	14.3	12.8
% of revenue	4.7 %	3.6 %	5.1 %	6.5 %	5.9 %
R&D costs (MEUR)	47.3	39.1	32.1	41.9	39.6
% of revenue	33.1 %	29.1 %	24.7 %	19.0 %	18.2 %
Capitalized development (MEUR)	3.0	2.4	5.6	5.5	6.2
Gearing %	-22.2 %	-39.9 %	-25.8 %	-14.1 %	20.8 %
Wages and salaries (MEUR)1	95.3	93.8	87.3	103.7	104.4
Personnel on average	1191	1438	1,678	1,691	1,701
Personnel on Dec 31	1087	1295	1,656	1,678	1,696

1 For years 2022 and 2021, the figures have been restated to reflect continuing operations only according to IFRS 5.

2 From 2021 onwards, the figure is presented without investments to leased assets.

	IFRS	IFRS	IFRS	IFRS	IFRS
Key ratios	2023	2022	2021	2020	2019
Earnings per share (EUR), combined operations	-0.23	2.45	0.07	0.08	0.02
Earnings per share (EUR), continuing operations	-0.23	-0.22	-0.15
Earnings per share (EUR), discontinued operations		2.67	0.22
Earnings per share (EUR), diluted, combined operations	-0.23	2.45	0.07	0.08	0.02
Earnings per share (EUR), diluted, continuing operations	-0.23	-0.22	-0.15
Earnings per share (EUR), diluted, discontinued operations		2.67	0.22
Shareholders' equity per share	0.59	0.80	0.6	0.52	0.48
Dividend per share1				0.04
Dividend per earnings (%)				50.0 %
Effective dividends (%)				1.0 %
P/E ratio	-4.5	-6.2	62.0	47.1	142.7
Share price, lowest (EUR)	0.74	1.27	3.66	2.04	2.19
Share price, highest (EUR)	1.74	5.65	5.53	4.14	3.40
Share price, average (EUR)	1.28	2.75	4.39	3.10	2.68
Share price Dec 31	1.04	1.37	4.97	3.84	3.05
Market capitalization (MEUR)	182.2	239.6	786.4	606.7	483.5
Trading volume (millions)	60.0	67.1	20.2	22.8	26.5
Trading volume (%)	34.0 %	38.4 %	12.7 %	14.3 %	16.7 %
Adjusted number of shares, average during the period,	175,593,924	171,295,721	158,354,073	158,082,324	157,719,368
Adjusted number of shares, average during the period, diluted	175,593,924	171,295,721	158,354,073	158,082,324	157,719,368
Adjusted number of shares, Dec 31	176,098,739	174,598,739	158,798,739	158,798,739	158,798,739
Adjusted number of shares, Dec 31, diluted	176,098,739	174,598,739	158,798,739	158,798,739	158,798,739

1 Board proposal

Calculation of key ratios

Equity ratio, %	Total equity Total assets - deferred revenue	x 100
ROI, %	Result before taxes + financial expenses Total assets - non-interest bearing liabilities (average)	x 100
ROE, %	Result for the period Total equity (average)	x 100
Gearing, %	Interest bearing liabilities - cash and cash equivalents and liquid financial assets Total equity	x 100
Earnings per share, euro	Profit attributable to equity holders of the company Weighted average number of outstanding shares
Shareholders' equity per share, euro	Equity attributable to equity holders of the company Number of outstanding shares at the end of period
P/E ratio	Closing price of the share, end of period Earnings per share
Dividend per earnings (%)	Dividend per share Earnings per share	x 100
Effective dividends (%)	Dividend per share Closing price of the share, end of period	x 100
Operating expenses	Sales and marketing, research and development and administration costs
EBITDA	EBIT + depreciation, amortization and impairment
Adjusted EBITDA	EBITDA +/- items affecting comparability
Adjusted EBIT	EBIT +/- items affecting comparability
Annual Recurring Revenue (ARR)	Monthly Recurring Revenue of last month of the quarter x 12
Monthly Recurring Revenue (MRR)	Recognized revenue within the month excluding non-recurring revenues
Net Revenue Retention (NRR)	100 % x (MRR of last month of the quarter/MRR of same month last year for the same customers). NRR includes expansion revenue, downgrades and customer churn.

Reconciliation of alternative performance measures

		Consolidated Consolidated
EUR 1,000	2023	2022
Estimated comparable EBITDA	-16.1	-23.2
Adjustments to adjusted EBITDA
Research and development		-2.6
Facilities held by WithSecure		-0.9
Adjusted EBITDA	-16.1	-26.7
Adjustments to EBITDA
Other items	-1.4
Divestments	1.4	-1.5
Demerger		-1.8
Restructuring	-8.9
Income for costs under TSA	6.9	8.7
Costs of services under TSA	-6.9	-8.7
EBITDA	-25.1	-29.9
Depreciation, amortization and impairment losses	-18.8	-12.6
EBIT	-43.9	-42.6

	Consolidated Consolidated
EUR 1,000	2023	2022
Adjusted EBIT	-26.3	-36.8
Adjustments to EBIT
Other items	-1.4
Divestments	1.4	-1.5
Demerger		-1.8
Restructuring	-8.9
PPA amortization	-2.4	-2.5
Impairment	-6.2
Income for costs under TSA	6.9	8.7
Costs of services under TSA	-6.9	-8.7
EBIT	-43.9	-42.6

Classification of adjusted costs in operating expenses

	Operating Expenses 2023	Costs under TSA	Restructuring	Other items	Expenses for adjusted EBIT	Depreciation	Impairment	PPA amortization	Operating Expenses for Adjusted EBITDA 2023
Sales and marketing	-72.2				-72.2	4.1			-68.1
Research and development	-47.3	5.6			-41.7	5.3			-36.3
Administration	-34.4	1.4	8.9	1.4	-22.7	0.8	6.2	2.4	-13.3
Operating expenses	-153.8	6.9	8.9	1.4	-136.6	10.2	6.2	2.4	-117.7

	Operating Expenses 2022	Costs under TSA	Demerger	Divestments	Expenses for adjusted EBIT	Depreciation	PPA amortization	Operating Expenses for Adjusted EBITDA 2022
Sales and marketing	-83.1				-83.1	4.0		-79.1
Research and development	-39.1	5.4			-33.7	5.3		-28.4
Administration	-20.3	3.3	1.8	2.8	-12.5	0.7	2.5	-9.2
Operating expenses	-142.6	8.7	1.8	2.8	-129.3	10.1	2.5	-116.7

Classification of adjusted income in other operating income

	Other operating income 2023	Income for costs under TSA	Divestments	Other income for adjusted EBITDA 2023		Other operating income 2022	Income for costs under TSA	Divestments	Other income for adjusted EBITDA 2022
Other operating income	9.7	-6.9	-1.4	1.4	Other operating income	12.3	-8.7	-1.3	2.3

Shares and shareholders

Shares and share ownership distribution, 31 Dec 2023

	Number
Shares		of shareholders % of shareholders	Total shares	% of shares
1-100	9,173	26.76%	428,427	0.24%
101-1 000	17,994	52.49%	7,098,655	4.03%
1001-50 000	6,994	20.40%	30,559,518	17.35%
50 001-100 000	62	0.18%	4,563,191	2.59%
100 001-	61	0.18%	133,448,948	75.78%
Total	34,284	100.00%	176,098,739	100.00%

Shareholders by category, 31 Dec 2023	Total shares	% of shares
Corporations	9,838,674	5.59%
Financial and insurance institutions	37,619,087	21.36%
General government	18,219,240	10.35%
Non-profit organizations	1,977,880	1.12%
Households	98,567,802	55.97%
Other countries and international organizations	497,378	0.28%
Nominee registered	9,378,678	5.33%
Total	176,098,739	100.00%

Largest shareholders and administrative register

Owner	Shares	% of shares	% of votes
Risto Siilasmaa	60,038,063	34.09%	34.14%
Nordea Nordic Small Cap Fund	11,557,976	6.56%	6.57%
Skandinaviska Enskilda Banken AB	6,523,386	3.70%	3.71%
Ilmarinen Mutual Pension Insurance Company	6,020,000	3.42%	3.42%
Mandatum Life Insurance Company Limited	5,081,002	2.89%	2.89%
Varma Mutual Pension Insurance Company	3,970,660	2.25%	2.26%
The State Pension Fund	3,900,000	2.21%	2.22%
Proprius partners Micro Finland	3,237,886	1.84%	1.84%
Nordea Finnish Stars Fund	2,728,458	1.55%	1.55%
Elo Mutual Pension Insurance Company	2,557,275	1.45%	1.45%
OP-Finland Small Firms Fund	2,326,897	1.32%	1.32%
Administrative register
Skandinaviska Enskilda Banken AB	6,523,386	3.70%	3.71%
Citibank Europe Plc	2,041,707	1.16%	1.16%
Other registers	813,585	0.46%	0.46%
Other shareholders	67,117,431	38.11%	38.16%
Total	175,872,619	99.87%	100.00%
Own shares WithSecure Corporation	226,120	0.13%
Total	176,098,739	100.00%

Ownership of management

Board of Directors	Shares	% of shares
Risto Siilasmaa	60,038,063	34.09%
Tuomas Syrjänen	41,637	0.02%
Päivi Rekonen	36,374	0.02%
Kirsi Sormunen	15,952	0.01%
Keith Bannister	22,103	0.01%
Ciaran Martin	9,831	0.01%
Camilla Perselli	3,277	0.00%
Total	60,167,237	34.17%

Executive team	Shares	% of shares
Juhani Hintikka	612,670	0.35%
Christine Bejerasco	90,517	0.05%
Tiina Sarhimaa	77,583	0.04%
Scott Reininga	73,621	0.04%
Antti Koskela	63,767	0.04%
Ari Vänttinen	61,267	0.03%
Charlotte Guillou	61,267	0.03%
Tom Jansson	61,267	0.03%
Total	1,101,959	0.63%

The Board of Directors and executive team owned a total of 61,269,196 shares on December 31, 2023. This represents 34.8 percent of the Company's shares and 34.8 percent of votes.

Maximizing net impact - Introduction of W/Sustainability	90
Safer and greener digital world	96
Co-securing outcomes	97
W/You – giving back to society	99
Product lifecycle – all we need is less	101
A secure security company	103
A truly equitable workplace	105
Living WIDE every day	106
Equal and inspiring opportunities to learn and grow	109
Responsibly run business	111
Doing the right thing	112
Chasing zero – in, out and between offices	114
Upright Project – estimating net impact	116
Carbon footprint and climate policy	118
EU Taxonomy	121
Sustainability governance in WithSecure	126

Maximizing net impact - Introduction of W/Sustainability

WithSecure's purpose is to build and sustain digital trust. Our experts work every day to ensure that the digital tools and services are safe for the users. This in turn reduces the need for materials and transportation to support reaching a more sustainable world. Today, most businesses are becoming more intelligent and datadriven – and more vulnerable to external attacks. Our work is our most important contribution to sustainability.

In 2023, we have continued working on our W/Sustainability program to ensure that sustainable ways of working are embedded in our daily work. We expanded the previous materiality analysis into a double-materiality assessment that will form the basis for the Corporate Sustainability Reporting Directive -based reporting in the future. We continued working on all the themes and topics of the program. Most important results of the work are presented in this Sustainability Report 2023.

Foundation of trust

Together with the WithSecure values, sustainability forms the basis of our updated strategy for the coming years.

WithSecure's purpose is to build and sustain trust in the digital society. Trust is based on our company values: Integrity, Excellence, Experimentation and Care.

Integrity – "We do the right things and for the right reasons"

Integrity is crucial to cultivating trust. To us, integrity means that we do the right things for the right reasons; that we consider the impact of our work in "building and sustaining trust in our digital society", not just the profits we make. It means that we try our best to act in the best interests of our customers, colleagues, and partners; that we can rely on each other's support to make hard but right decisions, stand by our commitments, and follow through with them. We are open and transparent with each other.

Excellence – "We are passionate about quality and impact"

Another part of being trustworthy to each other and to our customers is our commitment to delivering high quality work (together). It is about challenging ourselves and each other to create meaningful impact. For us, excellence is achieved through collaboration, good partnerships, continuous improvement, and customer-centricity. The impact we are especially passionate about is building and sustaining trust in the digital society.

Experimentation – " We drive for growth & continuous improvement"

Complementary to our commitment to excellence is experimentation: we are disciplined with our direction and quality, and agile and autonomous on our way there. We test our assumptions and seek evidence on how to move forward through action-orientation and experimentation. For us, experimentation is a process that helps us to strive for excellence and a mindset that allows us to accept failures as opportunities to learn and grow - we want to experiment & learn, and not get stuck in analysis over the fear of failure, and we want to cultivate curiosity, over having ready answers to everything.

Care – "We're in this together"

We care for our customers, partners, and clients through our commitment to their security. We care about how our words and actions impact our colleagues, partners, and society. Care is also central to our sense of togetherness and belonging. We assume good intentions from each other; we are on the same team. We appreciate and respect each other; we care about each other's wellbeing, and it is important to us that our colleagues feel included, respected, and free to be who they are. We show up for our colleagues when life happens, and help each other to succeed. It is this connection and sense of togetherness that makes us unique and our bonds strong.

Double materiality assessment leading to W/Sustainability

Due to the EU's upcoming Corporate Sustainability Reporting Directive (CSRD), materiality assessment will be of the basis of the companies' sustainability work. In 2023, WithSecure's materiality assessment was conducted following the double materiality principle, consisting of impact materiality and financial materiality. Double-materiality assessment includes the topics that WithSecure could have a material impact on, as well as the topics that can pose financial risks or opportunities for the company. WithSecure follows the CSRD requirements in the materiality assessment process. Only topics considered as material will be included in the reporting. Both internal and external stakeholders were involved in the materiality assessment process which helped to identify material sustainability topics throughout the value chain. Nine different key sustainability topics were identified in our materiality assessment process. Assessment was based on the previous year materiality assessment and complemented by adding the full value chain analysis, as well as other stakeholders that could have significant inputs to the process.

The sustainability topics considered most material for WithSecure are Cyber security & data privacy, Own employees, Workers in the value chain, Climate change mitigation and adaptation, and Business ethics. Cyber security and data privacy can be identified as the most material topic for WithSecure since this topic is strongly linked to WithSecure's business and it has a major positive impact on society through the company's end-users and customers. On the other hand, the topic is identified as a risk for the company. Strong cyber security protection of the company's own processes and assets is a fundamental question, and any failure would have large negative impacts.

Own employees is a material topic for WithSecure. It includes the employees' wellbeing, health and safety, employee competence, as well as the diversity, equity and inclusion of the organization. Gaining and retaining right talent is an important area for the company. In this area, WithSecure has large positive impacts and financial opportunities. However, failures to manage the employee competence and wellbeing can create a significant financial risk.

Workers in the value chain is a topic where WithSecure can have similar impacts as in the Own employees area. However, the value chains of WithSecure are relatively short and well known, which reduces the significance of this topic.

Climate change mitigation and adaptation is a material topic for WithSecure, entailing a positive impact through its products, especially in terms of optimizing energy consumption. Travel by employees, energy consumed in the offices, and the impacts of the value chain create some negative climate impacts. Circular economy and other environmental impacts from WithSecure's upstream value chain were considered of lower significance material topics.

Business ethics is a major topic for WithSecure, causing a large positive impact on society. Financial opportunities are moderate, but consequences of failing to manage an ethical way of working through the company and its value chain could expose the company to large reputational and financial risks.

Our view on Sustainability

Our role of protecting the digital society and preventing damages and losses caused by cybercrime is our most important contribution to a more sustainable world. With this role, our activities will always generate a significant positive impact on society.

However, we do not want to stop there. We also want to ensure that our activities are carried out in the best possible way regarding planet, people and society around us. We want to share our knowledge and support parties who cannot always defend themselves. As a software and services company, our carbon footprint is not high, but we think we must do our part in minimizing the environmental impacts of products as well as our own activities. We employ highly skilled experts around the world and want to support their wellbeing and growth opportunities. Our internal operations must always follow highest ethical standards.

Leading guideline of W/Sustainability program will be Maximizing Net Impact – on the planet, people and society. The objective of the program is to ensure that sustainability is embedded in all our decisions. We also want to ensure full transparency of our activities to the users of our reporting.

W/Sustainability themes and topics

Each of these themes is structured around topics presented in more detail in this report. We have mapped each of the themes to the relevant UN Sustainable Development Goals and present the most important metrics and objectives to understand the magnitude and impact of the theme. Our objective is to report in full compliance with the EU Corporate Sustainability Reporting Directive and the related standards when they become applicable.

The net impact of WithSecure activities has been quantified by Upright Project, an external firm, using a net impact quantification model that uses machine learningbased technology, to process the knowledge contained in scientific articles, and resulting a net impact ratio that is comparable between companies.The results, supporting our Maximizing Net Impact approach, are presented in their own section of this report.

WithSecure carbon footprint is calculated for the second time. Results and our plans on climate strategy are presented in their own section of the report.

We have conducted an analysis of our activities under the Taxonomy Regulation (2020/852) of the European Union. Results of the analysis are presented in their own section of this report.

The governance structure of W/Sustainability program and the related activities is described in its own section at the end of this report.

	Topic	What good looks like	Target 2024
Sustainable Development Goals	Co-securing outcomes	None of our customers has suffered from serious loss due to a cyber attack	Internal targets for net promoter score (NPS)
	W/You - giving back to society	We are an active global citizen, sharing our cyber security knowledge to those who need it and participating in local communities	One day per four employees of voluntary work
13 ACTION	Product lifecycle - all we need is less	We are actively reducing the carbon footprint caused by our products - both in the cloud and the customer endpoints	Reduce WithSecure carbon footprint to 75 tons of CO2e per million euro of revenue
17 PARTNERSHIPS	A secure security company	We are a Secure by design organization	No serious cyber security incident of WithSecure operation

Co-securing outcomes

In a rapidly evolving digital landscape, our commitment to making the world safer goes beyond just providing cyber security products and services. It extends to fostering collaboration with partners, customers, innovators, and disruptors to address multifaceted challenges and to work together to bring about positive changes in the online world.

Co-Security: A Collaborative Approach

Recognizing the limitations of individual efforts, WithSecure embraces a cosecurity approach. We understand that no single entity can solve every cyber security problem alone. Through partnerships with technology leaders, service providers, and the wider information security community, we expand our knowledge, resources, and capabilities. Co-security is not just a concept; it is a commitment to working together as a collective solution. To gauge our adherence to high standards, we conduct annual surveys targeting our customers and partners. The results consistently reflect high satisfaction, particularly in endorsing our cosecurity approach.

Security Outcome Canvas Tool

Most businesses go from responding to one cyber security crisis to tackling the next one. It is easy to get pulled into responding – especially when security budgets need to be constantly justified with one hand while you're fending off attackers with the other.  

It does not have to be this way.

By transitioning from reactive to proactive and then to progressive outcome-based strategies, organizations can align cyber security with business goals.

To help businesses on this journey we have developed a free tool with our Chief Information Security Officer (CISO) aiming to:

Provide a complete view of your risks and security maturity
Gain competitive agility
Manage costs better
Measure the value of your cyber security

The tool was introduced at our yearly flagship event THE SPHERE, and our CISO has provided free coaching and online training sessions related to the tool for businesses. It can be downloaded from: Security Outcomes Canvas | WithSecure™ Labs

Co-Security Community Program

Our Co-Security Community Program serves as a testament to our belief in the power of partnerships. For our channel partners, we host a vibrant Partner Advisory Board where we collaborate on new offerings, pilot new products and services, and gather feedback on effective cyber security technology.

By collaborating with some of the world's most inspiring minds, our goal is to co-create a better future by collectively addressing cybersecurity challenges from a unique perspective. This initiative aligns seamlessly with our vision of a safer and more dynamic future for businesses and society.

Our journey to create a safer digital world is not a solitary endeavour but a collaborative one. Through our distinctive co-security approach, we are paving the way for a future where cybersecurity serves as an enabler of progress, and the collective effort ensures the safety and sustainability of our interconnected world.

The WithSecure™ Co-Security Community exists to demonstrate how collaboration helps us unlock fresh perspectives, share brilliant ideas, remove obstacles that hinder innovation and produce positive change through dialogue. WithSecure™ Co-Creators are athletes, artists, activists, entrepreneurs, thought leaders and innovators who are known for elevating their entire field with inspirational results.

In 2023, we have worked with the following Co-Creators, among others:

• Matilda Castrén is the most successful Finnish female golf professional ever and a rising star on the LPGA Tour, the world's biggest golf tour. Matilda's unprecedented achievements have been made possible by a relentless dream, an unbreakable focus and her love for the game. Her belief, and the indispensability of teamwork and long-term cooperation based on trust are invaluable, has been proven by her success.

• Ari Kaura, co-founder and master distiller at Authors Distillery, has introduced co-creation into the world of gin distilling. The products he creates are carefully crafted through extensive blind testing and a reflection of people's preferences.

• Marcus John Henry Brown is a performance artist splitting his time between performance art, mentoring young creatives, and creating exciting virtual event experiences. He has created a series of critically acclaimed performances that look at the relationships between and impact of technology, culture and commerce on society.

4.6/5

Key partners agree that WithSecure is committed to building long-term partnerships every day

High partner satisfaction: Net promoter score

W/You – giving back to society

At WithSecure, every team member contributes to our dedication to establish and maintain trust in a digital society. With a legacy spanning over 35 years, we have remained committed to supporting private and corporate foundations, as well as individuals globally, who are at the forefront of addressing some of the most pressing societal issues of our era. Our mission extends beyond only securing networks, devices, the cloud or even AI-based systems. We take pride in collaborating with like-minded individuals who share this commitment, providing our partners with the necessary resources to protect the data, identities, and digital landscape of today.

Partnerships

In 2023, WithSecure has teamed up with different institutions and joined alliances to prevent attacks against vulnerable communities. The potential societal harm of cyber-attacks against critical services around the world puts people's lives at risk. By investigating confirmed and suspected compromises for those in need, we are fulfilling our role as responsible cyber security professionals.

To counter attacks against vulnerable communities, WithSecure has teamed up with Switzerland-based CyberPeace Institute, an independent non-governmental organization whose mission is to protect the security, dignity, and equity of people in cyberspace. Through its Cyber Peace Builders Program, WithSecure provided its cyber security expertise and support in the form of performing missions such as security awareness training sessions to several non-governmental organizations (NGOs). These sessions were adapted to the ways of working and specific requirements of the NGOs in question. As NGOs face nation state-backed cyberattacks and are under constant threat, being able to give concise and expert advice makes the difference between detecting and surviving an intrusion and suffering through the chaos and life-threatening impact on some of the most unprotected groups of people.

Through collaboration with the CMI – Martti Ahtisaari Peace Foundation, WithSecure aims to raise awareness of the pivotal role that technology plays in both peacemaking and security provision. The significance of digital technologies in initiating and sustaining peace processes is on the rise, contributing to the establishment of enduring peace. Recognizing that NGOs, foundations, and nonprofits share similar cybersecurity concerns with businesses, WithSecure has organized a series of workshops to enhance CMI's cyber security practices

and governance maturity. These workshops comprehensively addressed key components of effective cybersecurity management, encompassing cyber risk management practices, vendor management, and technical capabilities.

Recognizing that cyber security demands the same skills and abilities as those needed in the sailing world – preparedness, adaptability to unexpected events, and learning from failures to build resilience – WithSecure partnered with the Galiana WithSecure team ahead of the upcoming Ocean Globe Race 2023 (OGR 2023). This collaboration with the Tapio Lehtinen sailing team is rooted in shared values and sustainability goals, aiming to contribute to a safer and greener digital world, operate a responsible business and contribute to the development of the next generation of experts in their respective fields.

Backed up by notable institutions such as the City of Poznań and the Embassy of Finland in Poland, the Cyber Hero (Cyfrowy Bohater) project in Poland aims to create a positive impact by fostering education and promoting sustainability. With a dedicated focus on schools, WithSecure is supporting this initiative by running workshops tailored for diverse age groups, encompassing children and their parents and teachers. The project's success is underscored by the numbers – tens of workshops delivered, engaging well over 1000 participants.

Fundacja Czas Kobiet (FCK) has teamed up with WithSecure in an unprecedented collaboration to combat cyber violence. FCK, renowned for aiding women facing rights violations, is now extending its support to include comprehensive cyber assistance on two fronts. Direct consultations offer victims assistance with various cyber threats, deploying WithSecure Elements products for ongoing protection. Simultaneously, efforts are directed towards education and awareness, including a unique scale of cyber violence and a self-help first aid guide. WithSecure actively contributes to FCK's mission by presenting insights at conferences like "Pozitive Technologies" and educating the support team on identifying and addressing technical concerns of cyber stalking. This collaboration represents a crucial step in addressing cyber violence, ensuring victims receive holistic support and promoting broader awareness of this issue.

In the latter part of 2023, WithSecure and the Finnish Olympic Committee (FOC) forged a partnership dedicated to implementing outcome-based security within Finland's sports community. This collaboration aims to foster a safer and

more equitable environment for sports and athletics in the country. As the FOC increasingly utilizes data in its operations, enhancing cyber resilience becomes paramount without compromising resources allocated to other crucial activities. In a joint effort with professional golfer and WithSecure Co-Creator Matilda Castrén, a significant charity fund was raised in August to support the FOC's Children's Movement ("Lasten Liike") program. The partnership's recent focus has been on transitioning the FOC's security model to outcome-based security, including a technical assessment of their current cybersecurity infrastructure, including the Suomisport service. The next phase involves establishing guidance to fortify the cyber resilience of Finland's sports community in the future.

Research & Tools

Engaging in research, publishing reports, and fostering the development of free and open-source tools are indispensable pillars of the cyber security community. These endeavors serve as the bedrock for sharing knowledge and equipping individuals with the necessary armor to combat the most advanced threats. Through research and reports delivered by WithSecure Labs as well as WithSecure's Intelligence Teams, we help the information security community not only to identify emerging cyber threats but also disseminate critical insights and best practices. We have published numerous advisories, blog posts and research white papers on Home | WithSecure™ Labs to benefit the wider industry and present at prestigious security conferences worldwide.

Open-source tools play a pivotal role by democratizing access to cyber security solutions, empowering a broader spectrum of users to enhance their digital defenses. This collaborative and transparent approach not only fortifies our collective resilience but also ensures that individuals, organizations, and communities worldwide are well-equipped to confront the dynamic and sophisticated landscape of cyber threats. We regularly make our tools publicly available at WithSecure Labs · GitHub. Many of these tools have since been adopted within the cyber security industry.

Product lifecycle – all we need is less

With the progressing digitalization, energy efficiency of software is becoming an increasingly relevant aspect. Through the principles of "green coding", significant changes in the energy consumption of both cloud capacity and endpoint energy can be obtained. As part of our responsibility for an energy efficient world, we monitor and optimize the energy consumption of our products without compromising the protection results and the tracking of data processing practices. Almost in full, all this takes place in cloud environments, while the share of own or leased data centers is becoming negligible (for more, see the Carbon footprint section of this report).

Climate change is feeling increasingly more real across the globe. We are beginning to understand that the ICT sector significantly contributes to the emissions. We process more data, in more applications and in many areas of life. In WithSecure, we continue to believe that the tech sector has an important role to play in reducing the emissions footprint – both in the cloud and in the endpoint devices that we use every day.

Our view is also that vendors around the globe should increasingly introduce energy efficiency related settings into software products, giving users control over the settings that will affect the energy footprint of their digital activities.

WithSecure has already undertaken steps in designing and planning the visualization of the energy impacting settings in our product. Simultaneously, to ascertain that empowering users to adjust profile editor settings will not result in compromising their security level, in 2023 we prepared a study and surveyed our customers to evaluate their tendency of lowering security levels for environmental benefits. The results from this research showed that sustainable development is in the center of interest of our customers, and that visualizing the energy consumption factor does influence users' decisions, although the impact is not dramatic.

Releasing greener software

Another key thing that the industry should focus on is the overall energy efficiency of the code. We expect that common standards will start to emerge in the next 12– 18 months and that energy efficiency will be actively demanded by users.

In 2023, we started systematic measurements of our Elements Windows Agent software in the customer endpoints. However, we concluded that this method did not satisfactorily reflect the real-life energy usage and efficiency. Because of that we are currently testing a new approach. Instead of a synthetic test environment, we attempt to gather energy usage telemetry from a sample of real machines protected by Elements, collecting only the usage caused by WithSecure product. This will allow us to get more statistically sound measurements that better reflect the real-life usage pattern. Based on this, we will use data science to identify the aspects of functionalities that are the most energy-consuming and focus our optimization on them. At the same time, we are making our product more transparent regarding energy intensity to the user.

Emerging Generative Artificial Intelligence (AI) technologies offer endless capabilities in content creation and analytical tasks, but this progress comes at the expense of computing operations and energy consumption. This applies both to the process of building (training) new AI engines and the computational economics of operating them. In many cases, generating a result is much more computationally expensive for generative AI compared to traditional algorithms. We must consider this aspect when applying technologies in real-life, value-creating scenarios.

We believe that besides necessary optimizations and technical improvements, we can contribute to the green movement in the ICT sector by changing the mindset of engineers and inculcating sustainable coding principles. Our internal learning system is now equipped with Green software training available to all employees, and we have integrated this asset into the onboarding process for technical employees.

Optimizing cloud capacity

In 2023, we continued our optimization activities based on the learnings of 2022. We identified and implemented further improvement actions for our most relevant cost drivers, namely the event volumes and backend efficiency. In addition to the already established approaches of automatic filtering, limiting and deduplicating event volumes on the edge, we continued manual filtering where and when applicable. With the gained maturity, we were able to define "event per sensor" KPIs to monitor the impact of our actions. These KPI's have supported us in finding a balance

between the quality and cost of our services, while strongly contributing to a greener footprint of our business.

While the reduction of event volumes directly contributes to the overall consumption, we continued to look for architectural improvements to reduce the consumption even further. We targeted specific services (e.g. AWS OpenSearch) and identified several optimization opportunities in close cooperation with the cloud vendor. Finally, through the maturity achieved with FinOps practices, we monitored the smaller, yet impactful, optimization opportunities and reduced the cost anomalies to a minimum.

As a result of these actions, we were able to decrease the event per sensor by approximately 28% in 2023.

Sustainable AI

The evolving concept of "sustainable AI" revolves around the implementation of artificial intelligence (AI) systems aligned with sustainable business practices, seeking to generate positive societal impacts while mitigating any potential adverse effects associated with AI technologies. In line with this vision, the European Union (EU) has been actively engaged in crafting regulations and guidelines to foster trustworthy and ethical AI. The EU's strategic approach centers on ensuring the development and utilization of AI systems in alignment with fundamental rights and values.

The EU's landmark AI Act underscores key principles such as transparency, accountability, and the promotion of human-centric AI, with the overarching goal of addressing potential risks associated with AI applications while fostering innovation. At WithSecure, we firmly believe that beyond essential optimizations and technical enhancements, we can significantly contribute to the "green movement" in the ICT sector by reshaping the mindset of technical personnel and instilling sustainable coding principles.

of data processed in 99 % cloud environments

67 % reduction of carbon footprint from cloud usage from 2022 to 2023

A secure security company

In the past decade, we have seen the wide repercussions of a single compromise in our digital supply chain. Therefore, in addition to being part of the solution through the cybersecurity products and services that we offer, we also want to be a responsible part of the supply chain by taking reasonable measures to continuously elevate the security posture of our estate.

Our commitment to our internal security is externally evidenced by our ISO 27001 certification and ISAE 3000 Type 2 assessments for Cloud Protection for Salesforce and Collaboration Protection that we have once again acquired in 2023.

Recognizing that our digital and physical dimensions can no longer be separated, we have also taken additional measures to build a baseline standard for physical security together with our WithSecure Consulting team. This work involved looking at our physical assets in the different offices that we have globally, then performing physical threat modeling, and finally coming up with a practical checklist of requirements for each required security level. The result of this work is already being used to define requirements for lessors and building contractors.

The separation of the F-Secure and WithSecure IT estate after the demerger was a rare opportunity that we were able to capitalize on as we managed to let go of legacy environments that were becoming cumbersome to maintain. The retirement of legacy technologies also continues in the post-demerger environment, as our R&D moves towards a more modern cloud-based estate. Even at the early stages, this move has already resulted in a reduction in vulnerabilities that is also externally visible in the WithSecure score of 95 in SecurityScoreCard¹ .

In 2023, we also refreshed our primary internal cybersecurity awareness training to highlight the main policies, guidelines, and reporting measures with which our employees need to be familiar. We also brought in a new provider of pre-created trainings and phishing simulations. With these new trainings, surveys, simulations and games, the organization has more tools that help elevate our practical cybersecurity knowledge. Our employees are getting more vigilant with suspicious emails, resulting in the company having issues with many legitimate emails being reported as phishing. We believe it is a good problem to have.

For improved security governance, we strengthened our Acceptable Use Policy and refreshed our Information Security Classification Policy. Our information classification is now helping us evaluate which types of information are allowed to be used in which external AI models we utilize in the organization. As part of security governance, the CISO participated in 3 Board meetings during 2023 and has reported the cyber security posture and risk management work to the Board during those engagements. As the CISO is part of the global executive team, cybersecurity is represented in the monthly reporting meetings. Additionally, quarterly security steering is arranged together with relevant members of the executive team, and a monthly review is also performed with the relevant security, IT and privacy representatives of incidents manifesting from risks. These engagements give internal security visibility on the operational, tactical and strategic levels of the organization.

As WithSecure provides incident response services, we can reduce the speed of investigations of suspected incidents by employing our Incident Responders early. This enables arriving to the conclusion faster as their knowledge of threat actor activities is colored by their vast experience across different organizations. Their knowledge was essential in swiftly identifying if there were potential breaches that merited further investigation, or if these types of attacks have nothing to do with our estate. Having our R&D team working with them also provides real-world understanding of why the security logs exist.

Our WithSecure Consulting is heavily experienced in securing various organizations. In 2023, we had the opportunity to use their capabilities for:

Crisis management tabletop exercises for IT, R&D and Security personnel
Crisis management tabletop exercises for the Global Leadership Team
Security assessments for our new IT environment prior to migration
Threat modeling exercises with IT, R&D, the Security Champions, process owners and personnel responsible for physical security
Building physical security baseline standards
Physical security red teaming
Security assessments of various components of our products and components

"The cobbler's children have no shoes", can at times apply to industries that are able to deliver something excellent for others but unable to utilize it for themselves.

¹ SecurityScoreCard is a specialized service in cybersecurity ratings and has rated millions of organizations globally.

In 2023, we have increased actions related to our internal cybersecurity security measures and improved the capabilities we deliver to secure our customers. The work we do for ourselves strengthens our posture in the digital supply chain, but as we are one of the first recipients of our products and services, we are also able to give feedback on how these capabilities perform in the enterprise environment. This helps to improve our offerings a well. It's exciting to help shape our products by testing them against the realities of the real world. Our aim is that the cobbler's children have the shiniest of shoes.

Privacy as an integral part of Data Security

Privacy forms an essential part of our data security measures. We are highly committed to protecting privacy and complying with the requirements of applicable data protection legislation. By taking privacy into account in all levels of business on a continuous basis and applying strict security measures to protect the personal data in our solutions, we ensure that the personal data of our customers and employees is protected and safe, while maximizing our protection capabilities and providing world class cyber security. We are assessing our privacy processes continuously to ensure that our employees are aware of the importance of and able to make the right decisions in privacy-related matters.

We are in the business of protecting our customers' privacy, not selling it. We only partner with external service providers that share our commitment to security and privacy. All our solutions are produced independent of governmental direction. We clearly see that there is an imbalance between the defenders of fair practices and human rights, and online criminality and the offensive capabilities of nation state threat actors. To level the playing field, we refuse to introduce backdoors in our products and will detect malware no matter what the source is.

Privacy Principles

As a company that is in the business of protecting customer data, we know that our customers care how WithSecure processes their personal data, and we work hard to earn and maintain our customers' trust. In all our global operations and across all our solutions, our approach to privacy begins with being respectful of our customers' data privacy, being transparent about our personal data processing activities, adhering to what we have committed to and maintaining strict security measures. We maintain and regularly review a group-wide privacy strategy and personal data policy that strengthens and furthers our privacy posture. All new WithSecure employees take mandatory privacy and cybersecurity trainings. For

more information on our privacy principles, practices, and processing activities please read our privacy policies.

WithSecure privacy policies: Privacy | WithSecure™

Privacy and cybersecurity oversight

WithSecure's Audit committee receives reports from the management and reports to the Board at least annually on privacy and cybersecurity matters. The committee also reviews the measures implemented by WithSecure to identify and mitigate privacy and cybersecurity risks.

ISO 27001 and ISAE 3000

certifications for cyber security

Cyber insurance

in place since 2019

We have never

suffered a material cyber incident

	Topic	What good looks like	Achievement 2023	Target 2024
Sustainable Development Goals	Living WIDE every day	Our employees are satisfied with their overall well-being	62 %	70 %
3 AND WELL-BEING DECENT WORK AN ECONOMIC GROWT		Our employees feel they can be themselves at work	85 %	87 %
10 INEQUALITIES A 1 = >	Equal and inspiring opportunities to learn and grow	Our employees agree that they are supported in their professional development	70 %	75 %

Living WIDE every day

Our purpose is to build and sustain trust in a digital society. Every single human "out there" is part of the digital society, in one way or the other. Therefore, if we want to be successful, we must be as diverse as the society we wish to serve. We deliver outcome-based security, through our diverse workforce and by making sure all our employees feel like they can bring their best and true self to work.

Meaningful steps taken to a more inclusive workplace

In 2023, we have made tangible progress towards cultivating a workplace where differences are not only recognized but also embraced. Through awareness building and education initiatives, our employees have become more attuned to the differences that exist among us. We firmly believe that this inclusive approach not only enriches our work culture but also serves as a catalyst for innovation and growth.

Strategic Partnership

To enhance our commitment to diversity, equity, inclusion, and belonging (DEIB), we have sought the partnership of one of the leading consultancies specializing in these areas. This collaboration is a cornerstone of our DEIB strategy, ensuring that we adopt best practices and integrate global DEIB insights into our organizational fabric. This partnership has been instrumental in auditing our current practices, identifying areas for improvement, and crafting tailored trainings that advance our DEIB objectives. Their guidance is a catalyst for change, driving us toward a more inclusive future, and ensuring that our approach is informed by the latest in thought leadership and best practices.

Executive Training

Recognizing the critical role of leadership in driving DEIB, we have invested in a training for our Global Leadership Team. This interactive training was designed to create a shared understanding and equip them with the necessary tools to lead change within their respective spheres of influence.

Company-Wide Training

2023 marked the rollout of a DEIB training accessible to every employee of the company. The initiative was designed to raise awareness, foster understanding, and cultivate a shared commitment to inclusivity at every level of the organization. The training covered key DEIB concepts and provided practical tools and resources to help employees create a supportive and respectful workplace environment. This effort was a critical step in ensuring that our commitment to DEIB is not only understood but also lived out in our daily operations.

WithSecure is committed to continuing to offer its employees DEIB-related trainings, and DEIB will remain one of the key strategic priorities in the future.

WIDE strategy

The WIDE (well-being, inclusion, diversity and equity) strategy presents a comprehensive framework for cultivating a workplace culture that prioritizes the holistic well-being of our team members, fosters inclusion and belonging, embraces diversity in all its facets, and upholds principles of equity to ensure that everyone has equal opportunities for growth and success within our organization.

The goals set by us underscore our proactive stance on DEIB and our WIDE initiative, and they are hallmarks of our dedication to fostering a workplace that is as diverse as the digital society we aim to secure.

As we continue to evolve our WIDE initiatives, we are committed to translating our strategic visions into concrete actions. In 2024, we will put special focus on the pillar "Winning hearts & minds" and continue to build awareness of all aspects of WIDE.

17 different countries

70 nationalities

62%

of employees rate their wellbeing at work somewhat or extremely good

85%

of employees agree or strongly agree that they can be themselves at work

70%

of employees agree that they are supported in their professional development

Equal and inspiring opportunities to learn and grow

To stay at the forefront of our industry, we recognize the imperative of continuous learning and development for our employees. WithSecure is dedicated to nurturing a skilled workforce, acknowledging the pivotal role played by employee well-being and learning. Consequently, we are fully committed to and actively investing in the personal and professional development of our employees. Additionally, we are cultivating future experts in cybersecurity, which we believe will not only benefit our clients but also contribute positively to the societies in which we operate.

Internships and Associates

To foster new talent in the field of cybersecurity, WithSecure organizes internship programs and has an annual Consulting Associate Scheme. Both initiatives aim to provide hands-on experience and training for individuals who aspire to become professionals in the cybersecurity industry.

WithSecure's internship program continues to be at the core of building future experts in the field of cybersecurity. Interns complete practical training courses and work side by side with WithSecure's leading cybersecurity experts to learn for example about application and network security, reverse engineering, and cryptography to provide them with the core technical skills and competencies.

The Consulting Associate Scheme is the backbone of nurturing future talent in the consulting business. The scheme is designed to give entry-level consultants the best foundation for a rewarding and meaningful career in cybersecurity. These talents are offered full-time roles, and they are working in the consulting team side by side with our experienced consulting experts. As part of the program, the associates are assigned to spend time on self-development, and they will get support from their dedicated mentors.

The purpose of these programs is to offer talented individuals a career path in cybersecurity. We aim to hire as many participants as possible from these programs as full-time employees. These initiatives have assisted several individuals in making a successful career shift.

Professional development

In 2023, WithSecure continued to invest in enhancing the expertise of our employees in cybersecurity and providing meaningful opportunities for personal and professional growth. Our objective is that our employees feel that they are supported in their professional development at WithSecure. We saw slight improvement in this compared to the previous year as 70% of employees reported being satisfied with the learning and growth opportunities within the company.

The launch of new internal training programs on security and AI highlights our dedication to continuous improvement and maintaining a workforce as skilled as possible in these critical fields. These trainings have been added to the curriculum for all employees.

The introduction of LinkedIn Learning for all employees further expands access to a wide array of training resources. Providing everyone with equal access to growth opportunities, LinkedIn Learning licenses are provided to all employees globally.

New technologies, especially cloud and AI related technologies, continue to be in focus when planning our future learning concepts and skill development initiatives. For example, in 2023, WithSecure launched a Cloud Upskilling project that is designed to align with our strategic goals of fostering a skilled and agile workforce equipped to meet the challenges of a dynamic digital landscape. Through this program, we have undertaken a comprehensive approach that includes collaborating with stakeholders across the business to identify key cloud related skills and create a unified Cloud Skills Framework.

Personal and professional development has also remained a key topic to be discussed regularly in employee-manager one-to-one conversations. The revised performance review process focuses on self-reflection, collecting feedback, setting development goals, and planning actions for improvement, emphasizing a more constructive and developmental approach.

Finally, our internal mentoring program stands as one of the cornerstones of our commitment to talent development. With pride, we report the establishment of over 60 new mentoring relationships, fostering diverse connections across the

Working at WithSecure™

organization. At the heart of our approach is a firm belief in the exchange of knowledge and experiences among our skilled employees. This initiative reinforces our dedication to professional development and enhances the collective strength of our workforce through collaborative learning.

Leadership in fostering the values

Values-based leadership remains central to our commitment to skills development in 2023. A dedicated training program aimed at cultivating our four company values in the day-to-day leadership of our managers was conducted three times during the year. This initiative resulted in having in total more than 100 managers who have undergone this comprehensive 30-hour long training, providing them with practical experience in leading through our values.

At WithSecure, we believe that line managers play a key role in employee engagement and satisfaction. Therefore, a new onboarding program for new line managers was built. This onboarding program includes the basics of leading teams, focusing on providing managers with everything they need to support the company in providing its employees as good an employee experience as possible. This training is available to all line managers as a refresher program.

100 (108) managers have completed values-based leadership program

80%

of employees have an active Personal Development Plan documented

745 €

average external training spend per employee

70%

of employees agree or strongly agree with "I have good opportunities to learn and grow at WithSecure"

	Topic	What good looks like	Target 2024
ustainable evelopment Goals	Doing the right thing	All employees, suppliers and contractors act according to the WithSecure Code of Conduct	> 95 % of new employees have completed WithSecure Code of Conduct training
PEACE, JUSTICI 16 PEACE, JUST STRON INSTITUTIO	Chasing zero - in, out and between offices
3 ACTION	Sustainable ways of working	We make our workplace as sustainable as we can	Sustainable workplace guidelines are fully implement- ed and improvements measured
	Sustainable travel	Our employees know the choices they make on CO2e emissions when travelling on business	CO e emissions from business flights are maintained at the level of 2023

Doing the right thing

WithSecure exists to build and sustain trust in the digital society. At WithSecure, we want to do what is right. Trust ensures we will succeed in our mission. Trust is earned when action matches words. Everyone working for WithSecure has a critical role in building and maintaining trust in the eyes of each other and earning the trust of our customers.

Code of Conduct

We foster a culture that supports the highest standards of ethical conduct. The foundation of all activities is our Code of Conduct; it guides everything we do. Also, WithSecure suppliers and partners are expected to act responsibly and comply with the principles set in the Code of Conduct. WithSecure's Code of Conduct covers the following areas:

Building Trust in Society
Responsible Working with Malware and Offensive Techniques
Intellectual Property Rights and Confidentiality
Equality and Diversity
Protecting Human Rights
Respecting the Environment
No Bribery or Corruption
Preventing Conflicts of Interest
Securities Markets Compliance
Trade Compliance
Fair Competition

WithSecure's Code of Conduct reflects the company's business culture for highest standards of ethical conduct, sets clear expectations on business conduct, and provides guidance for critical risk areas. It guides us in everything we do. All new employees complete the mandatory Code of Conduct training as part of their induction. The Code of Conduct and the related training were updated during 2022 to reflect the new strategy and brand. Additionally, the training was updated to better recognize the different roles at WithSecure, to place more emphasis on sustainability aspects, and to raise awareness about the Whistleblowing Channel.

WithSecure also has various role-based compliance trainings, as well as guidelines and policies to support the decision-making in different situations.

Policies, Public	Policies, Internal
Code of Conduct	Insider Policy
Sustainability Policy	AI Policy
Remuneration Policy	Corporate Procurement Policy
Disclosure Policy	Background Check Policy
Modern Slavery statement	Anti-Bribery Policy
Whistleblowing Policy	Export Control Policy

Competition Law Instructions

Anti-bribery / Gifts and hospitality

WithSecure has issued an Anti-Bribery Policy that applies to all employees. It defines the rules to be applied related to gifts, hospitality, traveling and accommodation, specific terms concerning governmental officials, and the escalation process as needed. Ethical business practices are emphasized in contracts and the company engages in continuous dialogue with relevant stakeholders.

Everyone at WithSecure must apply the highest standards of ethical conduct.

We do not offer or accept any bribes or other improper payments.
We never engage in fraudulent practices.
We do not give or accept gifts or hospitality over the appropriate limits.
We do not endorse or provide financial support to individual political parties.
When conducting business with any governmental body, we carefully abide by all applicable regulations and ethical standards.

We do not tolerate any form of bribery, corruption or fraudulent practices by our partners or any parties acting on our behalf.

Whistleblowing

At WithSecure, everyone has a professional responsibility to speak up, report any possible corrupt, illegal or other undesirable conduct and take required actions after such conduct is discovered.

To enable this, WithSecure provides an effective, objective, confidential and secure Whistleblowing Channel which allows both WithSecure employees and other stakeholders to express their concerns or suspicions openly and safely. WithSecure's Whistleblowing Channel was launched to all stakeholders in 2022, following its internal launch at the end of 2021. The Whistleblowing Channel is available to all stakeholders 24/7. It is maintained by an impartial and independent service provider to ensure objective and timely handling of reports.

Export control

At WithSecure we are relentlessly fighting against criminals and disruptive forces. Our products, solutions and consulting services are meant to protect human rights, individuals, entities, and society by defending them from malicious actors. In line with this mission, we are equally committed to ensuring that malicious actors do not obtain any advantages by gaining access to or utilizing WithSecure's innovative cyber security technology and services. Our actions are three-fold:

We ensure that WithSecure's technology and solutions are exported and classified according to the applicable export control regulations.
We do not deliver our technology or solutions to individuals, entities or governments that are targeted by relevant sanctions laws.
We require that our distributors and other partners adhere to the equivalent standards of compliance and ethics.

The war in Ukraine has significantly increased the uncertainty in the world and the risk of unexpected disruptions of the world economy. Any such events might also impact WithSecure's business. The war has increased the awareness of the importance of cyber security, especially for companies, and it will continue impacting the corporate cyber security market.

For corporate responsibility reasons, WithSecure does not conduct business with any Russian or Belarussian parties, even in cases where it would be permitted by the export control regulations.

Internal control and risk management

WithSecure's internal control and risk management processes support the management of sustainability and seek to ensure that risks related to the company's business operations are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

Additional information on the company's internal control and risk management processes is disclosed in the annual Corporate Governance Statement.

Code of conduct training completed by 99.03% (102/103) of new employees

Sustainability Policy published in 2023

Chasing zero – in, out and between offices

We are a software and services company, and the environmental footprint of our operations is not very large. However, it is important for us to do our share in reducing the amount of waste and emissions produced by our operations, whenever it makes sense.

Offices

WithSecure has 16 offices globally, the major locations being Helsinki (Finland), London (UK), Kuala Lumpur (Malaysia) and Poznan (Poland). WithSecure offices are leased premises, and therefore the company does not have full control of the decisions taken by landlords on the energy efficiency of the buildings. However, we strongly encourage our landlords to take all available measures to optimize heating, cooling, lighting, and waste management at our office premises. We strive to minimize our ecological footprint by providing sustainable offices that enhance our employees' wellbeing.

We have introduced our Sustainable Workplace Guidelines (replacing the earlier Green Office Pledge) to be implemented in all our 16 offices across the globe:

To reduce greenhouse gas emissions, we promote sustainable modes of transportation for our employees and support hybrid working.
To enhance our energy efficiency, we monitor our energy consumption and implement best practices across our operations.
To reduce our carbon footprint, we source our energy from providers of renewable energy and urge our landlords to do the same.
To increase our waste diversion rate, we provide clear guidance and adequate facilities for recycling in all our locations.
To conserve natural resources, we limit our paper consumption and use digital alternatives whenever possible.
To foster a green supply chain, we adopt eco-friendly purchasing policies, minimize deliveries and partner with suppliers who share our commitment to sustainability.
To create a healthy and ethical work environment, we procure recycled, non-toxic, reusable, organic and fair-trade products for our offices.
To improve our air quality and well-being, we incorporate plants and greenery in our office spaces.

We have developed a checklist to assist our team in applying these Guidelines at the local level. The checklist aims to evaluate the current sustainability level, offer recommendations and best practices, monitor and report on progress, and engage the local team.

We are also designing and planning our new office spaces with sustainability and social responsibility in mind. In 2023, the London office relocated to more sustainable premises, and more moves are planned for 2024. For example, to the Helsinki office will move to new headquarters in Wood City, where the building will have a LEED Platinum certification and A class energy rating.

We believe that by building for the future and implementing our "Sustainable Workplace Guidelines", we can make a positive difference for the planet and our people!

Commuting

Green commuting of the employees is supported through various measures. In three of our locations, we offer a bicycle benefit for the employees to encourage cycling to work. In three locations, we provide commuting allowances to support the use of public transportation.

Business travel

WithSecure Travel Policy continues to provide a unified and simplified travel process to ensure safe, efficient and environmentally friendly business travel. It aims to reduce the environmental impact of traveling, aligned with the company sustainability targets. Employees are encouraged to use digital meeting tools when collaborating with internal and external stakeholders, and to travel only when needed, using environmentally friendly options and combining travel when possible. Due to the nature of our business and our multi-location teams, we will always require some travelling.

Wood City

In 2024, WithSecure will take the premises of Wood City into use. Wood city, the wooden quarter in Helsinki, is one of the projects in Finland complying with EU taxonomy and aiming to have a positive environmental impact, i.e., a large carbon handprint. The building has solar panels as part of the LEED Platinum Certificate, net zero carbon construction site and is in a location with good public transportation. The first floor, basement, and elevator and stairwell shafts of the office building will be made of concrete, and floors 2 to 7 will be made of wood. Engineered wood like CLT (cross-laminated timber) has many environmental benefits such as a wooden building removes more carbon dioxide than it emits. Wood as a material can retain carbon that is absorbed from the atmosphere by trees for five to six decades. Also, the building has much lighter building materials, meaning less energy and less heavy machinery is needed in construction. Construction can be quicker to complete since there is no drying phase as there is with concrete. Wood City is made of renewable material that binds carbon dioxide and combines sustainable development and design. (Text and picture source: SRV)

16 office sites

17 countries

997 MWh of energy consumed by offices in 2023

1330

tons of CO2 emissions from business flights in 2023

Upright Project – estimating net impact

The net impact profile is a bird's eye view of the holistic net impact created by WithSecure's business. The bars to the left illustrate the resources used and the negative impacts created by WithSecure, while the bars to the right depict the positive impact created and what is achieved with the use of those resources. The analysis is based on WithSecure's core business, meaning the products and services offered, and it takes into consideration the entire value chain of those services – from the materials needed to produce the hardware required all the way to the customer industries WithSecure serves. The profile has been calculated and produced by the Upright Project's net impact quantification model which uses machine-learning-based technology to process the knowledge contained in millions of scientific articles. Upright is actively developed, and the most recent research findings are continuously incorporated as part of the data.

WithSecure's net impact ratio of +55% is clearly positive, i.e., WithSecure creates more value compared to the resources it uses. This highly positive score signifies that WithSecure efficiently utilizes modest environmental and scarce human resources while generating a diverse array of positive impacts on society, knowledge, and health.

Society

Like all companies, WithSecure has a positive impact on society by creating jobs and paying taxes and thus contributing to the joint resources of society. The tax impact consists of corporate taxes and value-added taxes. WithSecure's employee count has slightly decreased compared to revenue. This has led to a slight decrease in the relative impact on jobs.

WithSecure's positive impact on societal infrastructure mainly stems from downstream, i.e., the customers. By producing cybersecurity software for e.g. the energy and finance sectors, which are considered to be part of the basic infrastructure needed by our modern society to function, WithSecure contributes to protecting and enabling this infrastructure.

The positive impact on societal stability is one of WithSecure's major impacts. All WithSecure's products and services inherently have a very positive impact on societal stability, since they are targeted towards preventing and fighting cybercrime and attacks and promoting a more stable and peaceful society.

Knowledge

Knowledge infrastructure is the infrastructure that enables the effective and safe creation, distribution, and maintenance of knowledge, information, and data. WithSecure's products are an essential component of this kind of an infrastructure, resulting in a very positive impact.

WithSecure's positive knowledge creation happens mainly through consultative services and R&D. New knowledge is created through services such as managed detection and response, where potential cybersecurity threats and vulnerabilities are detected and analyzed. The revenue share growth of this product has also slightly increased the positive creation of knowledge impact.

The positive impact on distributing knowledge mainly stems from cybersecurity training, where knowledge is communicated to larger audiences. Some small impacts are also inherited through downstream industries such as information and communications.

Scarce human capital remains one of WithSecure's main resources used. This impact measures the opportunity cost of scarcely available human resources. The assessment includes the level and scarcity of the required education needed to produce the products and services offered.

WithSecure employs highly educated coders and cybersecurity specialists who are scarcely available leading to a prominent impact. This is WithSecure's main resource used. This is very typical for software companies and this resource is used to create all the positive impacts.

Health

Safety creates long-term feelings of happiness and well-being. WithSecure directly impacts this by protecting cyber security in various industries with all its products.

The small positive and negative impacts are inherited through downstream industries, mainly the arts, entertainment, and recreation industry and the information and communications industry, which include activities that promote a sedentary lifestyle that has adverse health effects. On the other hand, many of these industries also enable means of communication and improved health.

Environment

WithSecure's use of environmental resources has stayed modest. WithSecure's main source of greenhouse gas (GHG) emissions is the electricity used to run the software. A small share of the GHG emissions also stem from downstream, from industries such as manufacturing and energy. Also, small impacts are inherited from upstream through the emissions emitted when the hardware needed is manufactured.

This impact measures the consumption of rare natural resources. The rare earth elements required for electrical components and consequently required for the hardware used by WithSecure, are the main cause of this impact.

Our impact mainly stems from the electronic waste created by the hardware needed to maintain WithSecure's systems, i.e., the hardware used internally, but also the hardware needed by services WithSecure uses, such as cloud computing.

Carbon footprint and climate policy

In 2022, we calculated our carbon footprint for the first time as 4960 tons of CO2e Our 2022 calculation method was partly adjusted in 2023 in collaboration with external sustainability advisors. The adjusted method includes more spend-based emissions in Category 1 – Goods and services. Intangible purchases, such as software licenses, non-mandatory insurances, and other immaterial services have been included in the 2022 calculation. Estimate for heating was added to the 2022 baseline. After these adjustments, the revised carbon footprint for 2022 is 15,935 tons of CO2e. In addition, the upstream leased assets (Cat 8) are now presented as Scope 2 emissions, instead of Scope 3.

Total emissions for 2023 were 11,645 tons of CO2e, Corresponding to the annual emissions of 2531 typical petrol passenger cars. The calculations are conducted based on the Greenhouse Gas (GHG) Protocol which is a widely used guideline in greenhouse gas emissions accounting.

As we are a software and service company and do not manufacture physical products, our carbon footprint consists primarily of indirect emissions. Most of our emissions were identified as Scope 3 (indirect, others) emissions. Our upstream leased assets were identified as Scope 2 (indirect, purchased electricity, steam, heating, and cooling) emissions in 2023, and we did not identify any Scope 1 emissions (from our own offices, vehicles, and fugitive emissions).

Scope 2 emissions were 564 tons of CO2e (5 % of total carbon emissions). Scope 2 emissions include the energy consumption of our offices. Heating emissions have been estimated for offices in Finland, Sweden, Denmark and Poland. In these countries district heating has a significant share of the total heat market. Cooling of the offices is included in the electricity consumption.

Scope 3 emissions were 11,081 tons of CO2e (95 % of total carbon emissions). Four categories were identified as Scope 3 indirect emissions. These categories are Category 1 – Goods and services, Category 5 – waste emissions, Category 6 – business travel (flights), and Category 7 – employee commuting. The content and calculation methods of each category are briefly explained below.

Our carbon footprint does not include an estimate for customer device energy use (Category 11 – Use of sold products), due to the significant uncertainty related to the calculation assumptions. However, as part of our sustainability initiatives, our intention is to provide accurate information about the endpoint energy consumption of our software (see section Safer and greener digital world for more details). When reliable measurements become available, we will consider adding Category 11 to our carbon footprint.

	2022	2023
GHG emissions by full-time employee (tCO2e/FTE)	12,3	10,7
GHG emissions (tCO2e/million eur)	118,3	81,5

Category 1 – Goods and services

Goods and Services is the largest emission category for WithSecure, as 79% of our total emissions were from Goods and services. Cloud data processing emissions are based on the actual usage related footprint, as collected directly from the service providers. In the absence of such activity-based data for other purchases, we have used the GHG Protocol's spend-based method to calculate the emissions from goods and services. We applied an emission factor (sourced from Exiobase3) for the collected economic value of goods and services purchased. The spend-based method is based on estimated averages, and therefore includes significant uncertainty regarding data accuracy. However, our purpose is to include the full inventory of emissions in the footprint calculation.

Category 5 – Waste emissions

0,15% of our total emissions consist of waste emissions. We used GHG Protocol's average-data method in our calculations. First, we determined the average annual waste produced per employee and then calculated the amount of waste by estimated treatment method. Landfill and combustion were the treatment methods included in the calculations. The applicable emission factor by country (sourced from DEFRA) was used for each waste amount by waste treatment type.

Category 6 – Business travel (flights)

Business travel (flights) amount to 11% of our total emissions. We used GHG Protocol's distance-based method to calculate the emissions from flights. Applicable emission factors (sourced from DEFRA) were used based on the flight type, distance, and cabin class. We collected the data from internal travel data and third-party data provided by travel agencies. The category only includes the flights booked for the year 2023. The same cut-off method has been consistently applied on the previous year. Other business travel expenses, such as train tickets and hotel expenses, are included in Category 1.

In 2022, we used the applicable emission factors from DEFRA and EPA-US. For 2023, all flights were calculated using DEFRA emission factors. The change of calculation method causes part of the increase from 2022 to 2023. Most of the increase in flight emissions from 2022 to 2023 is caused by the increasing travelling after the pandemic. First half of 2022 was impacted by travel restrictions.

Category 7 – Employee commuting

4% of our carbon footprint stem from the employee commuting category. GHG Protocol's distance-based method was used in the calculations per employee. We determined the travel method (car, train, bus, cycling, and walking) and used the applicable emission factor (sourced from DEFRA) in the calculations. The average distance to work, estimated office days per week and the estimated split of travel method per country were determined. The calculations included the bicycle, car, and public transportation benefits, as well as estimates of travel mode per country.

Scope 2 – Purchased electricity, heating, and cooling

The emissions for energy consumption of our offices were calculated for all WithSecure's offices. 5% of our carbon footprint stems from energy consumption. We followed GHG protocol, the method included the electricity consumption by location and the appropriate emission factor. The emission factor represents the carbon intensity of the electricity consumption in the location. We used the average consumption of our offices per square meter to estimate the consumption in locations where electricity consumption data was not available. The office electricity consumption corresponds with WithSecure's proportion of each office, when WithSecure shares office space with external parties. Heating consumption was included in the energy consumption of the offices which are in the countries where district heating is common. These countries are Finland, Sweden, Denmark and Poland. We used statical data to estimate the heating consumption and calculated the consumption in cubic meters. Cooling of the offices is included in the electricity consumption.

WithSecure climate policy

The WithSecure carbon footprint is largely composed of indirect emissions. Majority of it is driven by the purchases of goods and services that can be only indirectly impacted by us. Reducing our footprint will require significant footprint removals from our supply chain that in turn would require innovations and new technologies. We are open and favorable for such developments but want to avoid empty promises.

We will continue to follow up the emissions (both absolute and relative) according to the GHG Protocol and to introduce measures of improving visibility on the activitybased carbon footprint of our largest vendors.

As our first informal target, we commit to reducing the carbon footprint to 75 tons of CO2e per million EUR of revenue. This will allow the company growth but without an increase to the carbon footprint. In addition, our target is to maintain the flight emissions at the level of year 2023.

During 2024, as part of our climate work, we will assess the possibility of setting up formally approved targets.

EU Taxonomy

WithSecure has performed an analysis of the EU Taxonomy Regulation (2020/852), Commission Delegated Regulation (2021/2139) on Taxonomy screening criteria, Commission Delegated Regulation (2021/2178) on Taxonomy disclosures and other related guidance from the European Commission, on reporting the activities that qualify as contributing substantially to climate change mitigation or climate change adaptation, i.e., being taxonomy aligned.

In 2023, a delegated act for economic activities was published by the EU, and new objectives that significantly contribute to the objectives of climate change mitigation and adaptation were added to the list. The EU Taxonomy develops constantly and WithSecure closely follows the new information of taxonomy reporting requirements. After reviewing the new objectives, we have not identified any significant changes impacting WithSecure's analysis of EU taxonomy.

The analysis has been performed in collaboration between the WithSecure product team, financial controlling and sustainability team and an external sustainability consultant.

Cyber security software, while supporting a wide range of activities in becoming digital and therefore reducing the need of physical materials and transportations of goods and people, as well as reducing the incremental cost of cybercrime to the society, is not an activity addressed by the current climate change mitigation and climate change adaptation taxonomy, hence it is not taxonomy eligible.

According to the European Commission, the purpose of the current Taxonomy Climate Delegated Act is to include the sectors producing the largest emissions. As a company operating in a low-emission sector, WithSecure business activities are not listed in the current EU Taxonomy, and therefore they are not considered to be taxonomy eligible.

We will closely follow the further developments of the taxonomy reporting requirements and complete the assessments when new legislation is published or when new information regarding its application becomes available. New activities, with new environmental targets in future versions of the taxonomy might be more relevant for WithSecure and trigger a need of re-assessing both eligibility and alignment.

Taxonomy-eligible turnover

Taxonomy-eligible turnover is defined as the proportion of net turnover derived from products or services, including intangibles, associated with Taxonomy- eligible economic activities.

Based on the analysis of the current economic activities listed in taxonomy, WithSecure business activities belong to Activity 8.2 Computer programming, consultancy and related activities (NACE J 62) of the Commission Delegated Regulation (2021/2139). Within the Taxonomy, Activity 8.2 is not defined as enabling, which following the definition of turnover in Annex I of the Commission Delegated Regulation (2021/2178), cannot

Total (A + B) 142,8 100%

be defined as eligible or aligned. Additionally, Activity 8.2 is defined within the Taxonomy as an 'adapted' activity, which according to the technical screening criteria cannot be considered eligible unless the reporting entity can demonstrate that a climate risk and vulnerability assessment has been performed and that an expenditure plan has been set up to implement adaptation solutions that reduce the activity's most significant physical climate risks as set out in Appendix A to Annex II of the Delegated Regulation (2021/2139). As a result, WithSecure reports 0% of eligible its revenue to be taxonomy eligible and therefore no technical screening criteria apply, meaning the revenue cannot be taxonomy aligned.

				Substantial contribution criteria				DNSH criteria
Economic activities (1)	Code(s) (2)	R U E M Absolute turnover (3)	% Proportion of turnover (4)	% mitigation (5) mate change Cli	% mate change adaptation (6) Cli	% marine resources (7) Water and	% my (8) Circular econo	% Pollution (9)	% ms (10) Biodiversity and ecosyste	Y/N mitigation (11) mate change Cli	Y/N mate change adaptation (12) Cli	Y/N marine resources (13) Water and	Y/N my (14) Circular econo	Y/N Pollution (15)	Y/N ms (16) Biodiversity and ecosyste	Y/N m safeguards (17) mu Mini	my-aligned proportion of turnover, year 2023 (18) Taxono	my - aligned proportion of turnover, year 2022 (19) Taxono Percent	Category (enabling activity or) Percent (20) E	Category '(transitional activity)' (21) T
A. Taxonomy-eligible activities
Turnover of environmentally sustai nable activities (Taxonomy-aligned) (A.1)		0	0 %	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	0%	n.a.	n.a.	n.a.
Turnover of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)		0	0%
Total (A.1 + A.2)		0	0%														%		%
B. Taxonomy-non-eligible activities
Turnover of Taxonmy-non-eligible activities (B)		142,8	100%														Table - Proportion of turnover from products or services associated
																	with Taxonomy-aligned economic activities - disclosure covering year 2023

Operating expenses

The Operating expenses (6,29 MEUR) included in the taxonomy assessment are defined as direct non-capitalised costs that relate to research and development, building renovation measures, short-term lease, maintenance and repair, and any other direct expenditures relating to the day-to-day servicing of assets of property, plant and equipment by the undertaking or third party to whom activities are outsourced that are necessary to ensure the continued and effective functioning of such assets (2021/2178).

In the WithSecure calculation, operating expenses related to rental of premises (including depreciations for leased premises accounted for under IFRS 16 standard), maintenance of premises as well as other expenses related to the functioning of the leased and owned property, plant and equipment.

WithSecure has transitioned to third-party cloud platforms of Amazon Web Services (AWS) and Microsoft Azure for majority of its operations. Cloud hosting costs are not included in the Operating expense subject to taxonomy assessment.

					Substantial contribution criteria						DNSH criteria
Economic activities (1)	Code(s) (2)	R U E M OpEx (3) Absolute	% OpEx (4) Proportion of	% mitigation (5) mate change Cli	% mate change adaptation (6) Cli	% marine resources (7) Water and	% my (8) Circular econo	% Pollution (9)	% ms (10) Biodiversity and ecosyste	Y/N mitigation (11) mate change Cli	Y/N mate change adaptation (12) Cli	Y/N marine resources (13) Water and	Y/N my (14) Circular econo	Y/N Pollution (15)	Y/N ms (16) Biodiversity and ecosyste	Y/N m safeguards (17) mu Mini	my-aligned proportion of OpEx, year 2023 (18) Taxono	my - aligned proportion OpEx, year 2022 (19) Taxono of	Category (enabling activity or) (20) E	Category '(transitional activity)' (21) T
A. Taxonomy-eligible activities
OpEx of environmentally sustai nable activities (Taxonomy-aligned) (A.1)		0	0 %	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	0%	n.a.
OpEx of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)		0	0%
Total (A.1 + A.2)		0	0%														%		%
B. Taxonomy-non-eligible activities
Turnover of Taxonmy-non-eligible activities (B)		6,29	100%
Total (A + B)		6,29	100%																	Table - Proportion of OpEx from products or services associated with

Capital expenses

The Capital expenses included in the taxonomy assessment are defined as additions to tangible and intangible assets during the financial year considered before depreciation, amortisation and any re-measurements, including those resulting from revaluations and impairments, for the relevant financial year and excluding fair value changes (2021/2178).

WithSecure capital expenses (5,17 MEUR) include capitalizations of long-term IT projects and development expenditure on new products or product versions with significant new features , according to IAS 38 accounting standard.

A minor part of capital expenses relates to capitalization of employee laptops and other hardware, as well as office renovation expenses.

According to the Delegated Regulation (2021/2178), the capital expenses to be considered as eligible must be any of the following:

(a) related to assets or processes associated with Taxonomy-aligned economic activities, including training and other human resources adaptation needs, and direct non-capitalised costs that represent research and development;

	Substantial contribution criteria								DNSH criteria
Economic activities (1)	Code(s) (2)	R U E M CapEx (3) Absolute	% CapEx (4) Proportion of	% mitigation (5) mate change Cli	% mate change adaptation (6) Cli	% marine resources (7) Water and	% my (8) Circular econo	% Pollution (9)	% ms (10) Biodiversity and ecosyste	Y/N mitigation (11) mate change Cli	Y/N mate change adaptation (12) Cli	Y/N marine resources (13) Water and	Y/N my (14) Circular econo	Y/N Pollution (15)	Y/N ms (16) Biodiversity and ecosyste	Y/N m safeguards (17) mu Mini	my-aligned proportion of CapEx, year 2023 (18) Taxono	my - aligned proportion CapEx, year 2022 (19) Taxono of	Category (enabling activity or) (20) E	Category '(transitional activity)' (21) T
A. Taxonomy-eligible activities
CapEx of environmentally sustai nable activities (Taxonomy-aligned) (A.1)		0	0 %	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	n.a.	%	n.a.
CapEx of Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)		0	0%
Total (A.1 + A.2)		0	0%														%		%
B. Taxonomy-non-eligible activities
Turnover of Taxonmy-non-eligible activities (B)		5,17	100%																	Table - Proportion of CapEx from products or services associated with
Total (A + B)		5,17	100%	Taxonomy-aligned economic activities - disclosure covering year 2023

(c) related to the purchase of output from Taxonomy-aligned economic activities and to individual measures enabling the target activities to become low-carbon or to lead to greenhouse gas reductions as well as individual building renovation measures as identified in the delegated acts adopted pursuant to Article 10(3), Article 11(3), Article 12(2), Article 13(2), Article 14(2) or Article 15(2) of Regulation (EU) 2020/852 and provided that such measures are implemented and operational within 18 months.

Research work relates to developing the current activities that are considered as non-eligible for taxonomy reporting (see paragraph Taxonomy-eligible turnover above). Taxonomy eligibility of WithSecure capital expense is therefore 0%

Sustainability governance in WithSecure

WithSecure established governance principles for its sustainability program in 2022. In 2023, the Sustainability policy was approved as the basis of our sustainability work. Link to the policy can be found in the Doing the right thing section of this report.

WithSecure's Board of Directors approves the program-level priorities and objectives regarding sustainability. Both the non-financial information included in the Board of Directors' report and the separate Sustainability report are approved by the Board of Directors, as part of the Annual report approvals. The Boards' Audit Committee reviews the progress and key results of the program.

The Global Leadership Team (GLT) is responsible for the implementation of the strategy, including sustainability. WithSecure's Chief Financial Officer (CFO) oversees the sustainability coordination and ensures that the program is appropriately resourced and working on the right areas, supporting the program's priorities. Each program topic has a "home team" which executes the program as part of their other work. The GLT owner of each home team is responsible for achieving their area's sustainability objectives. Any sustainability-specific topics are the CFO's responsibility.

The home teams are represented in a cross-functional sustainability team, which regularly reviews the program's progress and plans sustainability-specific activities. The investor relations director, who reports to the CFO, coordinates the work of the team.

WithSecure's target is to continue implementing the sustainability program in the company's activities, increasing awareness, and enabling full compliance with the Corporate Sustainability Reporting Directive of the European Union and the related standards, when they become applicable.

WithSecure's Corporate Governance Statement 2023	129
Corporate Governance at WithSecure	129
Governing bodies	129
Internal control and risk management	134
Risk Management	134
Internal Control	134
Internal audit	134
Related party transactions	135
Insider management	135
Auditors	135
Board of Directors	135
Global Leadership Team	139

WithSecure's Corporate Governance Statement 2023

Corporate Governance at WithSecure

WithSecure's corporate governance practices are based on applicable Finnish laws, the rules of Helsinki Stock Exchange (NASDAQ Helsinki Oy) and the regulations and guidelines of Finnish Financial Supervisory Authority as well as the company's Articles of Association. This statement has been prepared in accordance with the Finnish Corporate Governance Code 2020 (publicly available at http:// cgfinland.fi/en/) issued by the Securities Market Association of Finland.

Up-to-date information about WithSecure's governance is available on the company's website at https://www.withsecure.com/en/about-us/investor-relations.

Governing bodies

WithSecure's highest decision-making body is the General Meeting of Shareholders which elects the members of the Board of Directors. The Board of Directors is responsible for the administration of WithSecure and appropriate organization of its operations. The Board of Directors appoints the CEO. The CEO, assisted by the Global Leadership Team, is responsible for managing the company's business and implementing its strategic and operational targets.

General Meeting of Shareholders

Under the Limited Liability Companies Act, shareholders exercise their decisionmaking power at the General Meeting.

The General Meeting is normally held once a year as an Annual General Meeting (AGM). The AGM decides on matters stipulated by the Articles of Association and the Limited Liability Companies Act, including:

adoption of the Financial Statements
distribution of profit for the year
discharging the members of the Board of Directors and the CEO from liability
election of members of the Board and the decision on the remuneration of the Board members
approval of the Remuneration Policy and the Remuneration Report
election of the auditor and the decision on the auditor's remuneration
other proposals submitted to General Meeting

Each share carries one vote in the General Meeting.

A shareholder may propose items to be included on the agenda provided they are within the authority of the meeting, and the Board of Directors has received the request in advance in accordance with the set schedule. The invitation to the AGM is published as a stock exchange release and is made available on the company's website.

2023

The AGM was held on 21 March 2023.

The meeting was held as a hybrid meeting, so that shareholders were able to exercise their shareholder rights fully during the meeting either via remote connection or at the meeting venue at the address Töölönlahdenkatu 2, 00100 Helsinki, Finland (event venue Eliel, Sanomatalo). Shareholders were also able to exercise their voting rights by voting in advance.

The resolutions and the meeting minutes of the AGM are available on WithSecure's website.

Board of Directors

The Board of Directors is responsible for the administration of WithSecure and appropriate organization of its operations. The Board's operations, responsibilities and duties are based on the Finnish Limited Liability Companies Act and other applicable legislation and are supplemented by the Board Charter. These cover the following main areas:

approving the strategy of WithSecure, overseeing its operations and annual budgets
appointing and dismissing the CEO
approving any major investments, acquisitions, changes in corporate structure or other matters that are significant or far-reaching
ensuring that the supervision of the company's accounting and financial management is duly organized
ensuring that internal control and risk management systems are in place
approving personnel policies and rewards systems
preparing matters to be handled at the General Meeting

The Board of Directors meets as frequently as necessary and, according to the Board Charter, at least five times during its term. The Board of Directors has quorum when more than half of the members are present. An annual self-assessment is carried out by the Board to evaluate its operations. The Board of Directors primarily strives at unanimous decisions. If a decision cannot be made unanimously, the decision will be made by voting and with single majority. If the votes are even, the Chair's vote is decisive.

In accordance with WithSecure's Articles of Association, the Board of Directors comprises three to seven members who are elected at the Annual General Meeting for a term of office that extends to the subsequent AGM. The Board of Directors represents all shareholders.

Diversity is an essential part of WithSecure's success. According to Diversity Principles established by the Board of Directors, an optimal mix of diverse backgrounds, expertise and experience strengthens the Board's performance and promotes creation of long-term shareholder value. The Diversity Principles of the Board of Directors aim to strive towards appropriately balanced gender distribution.

To create openness, one member of the Board of Directors is elected from among WithSecure's personnel. An election is arranged annually for WithSecure personnel and each permanent WithSecure employee is eligible to stand as a candidate. The Personnel Committee interviews three persons who have obtained the highest number of votes in the elections, and chooses a candidate from amongst them to be proposed for election as a member of the Board by the Annual General Meeting. Camilla Perselli was appointed to the Board of Directors through this process in 2023.

The majority of Board members are independent from the company and from its major shareholders. For a detailed description of the members of the Board of Directors and their shareholdings see the end of this statement.

2023

In 2023 the Board of Directors convened 15 times, Audit Committee 6 times and Personnel Committee 5 times.

Members of the Board of Directors and the Committees

Member	Independence of the company	Independence of major shareholders		Board(Meeting attendance) Audit Committee(Meeting attendance)	Personnel Committee(Meeting attendance)
Risto Siilasmaa	Yes	No 1	Chair	-	Member
			(15/15)		(5/5)
Päivi Rekonen	Yes	Yes	Member	-	Member
			(14/15)		(5/5)
Tuomas Syrjänen	Yes	Yes	Member	-	Chair
			(15/15)		(5/5)
Keith Bannister	Yes	Yes	Member	Member	-
			(15/15)	(6/6)
Kirsi Sormunen	Yes	Yes	Member	Chair	-
			(15/15)	(6/6)
Ciaran Martin (as of 21 March 2023)	Yes	Yes	Member	Member	-
			(10/12)	(2/4)
Camilla Perselli (as of 21 March 2023)	No 2	Yes	Member	Member	-
			(12/12)	(4/4)
Pertti Ervi (until 21 March 2023)	Yes	Yes	Member	Member	-
			(3/3)	(2/2)
Tony Smith (until 21 March 2023)	No3	Yes	Member	Member	-
			(3/3)	(2/2)

1 Risto Siilasmaa is the founder of WithSecure and on 31 December 2023 owned 34.09% of WithSecure shares.

2 Camilla Perselli was elected from among WithSecure's personnel in 2023, according to the process described above.

3 Tony Smith was elected from among WithSecure's personnel in 2022, according to the process described above.

Board Committees

In 2023, the Board established two committees: Audit Committee and Personnel Committee (nomination and remuneration matters). The Board of Directors appoints from among itself the members and the Chair of the committee. Each committee must have at least three members. The Board of Directors confirms the main duties and operating principles of each committee. The duties of each committee are defined in the committee charters which are available on WithSecure's website at https://www.withsecure.com/en/about us/investor-relations.

Audit Committee

The Audit Committee reviews, instructs and evaluates risk management, internal supervision systems, IT strategy and practices, financial reporting as well as auditing of the accounts and internal auditing. The Audit Committee is neither a decision-making nor an executive body. Audit Committee also prepares a proposal for the election of auditor to the Board of Directors and regularly considers the need for a separate internal audit function. Members of the Audit Committee must have broad business knowledge, as well as sufficient expertise and experience with respect to the committee's area of responsibility and the mandatory tasks relating to auditing. The majority of members of the Audit Committee shall be independent from WithSecure and at least one member shall be independent of the company's significant shareholders. A person who participates in the day-to-day management of WithSecure group companies (for example as the managing director) cannot be appointed to the Audit Committee. The Board elects the chair and secretary of the Audit Committee. The Audit Committee calls in experts to its meetings if they are necessary for the matters to be discussed. All members of the Board of Directors may, at their discretion, attend Audit Committee meetings. Materials of the Audit Committee meetings are made available for all members of the Board of Directors.

The Audit Committee convenes at least four times a year as notified by the Chair of the Committee. Members of the Audit Committee are listed in the table above.

Personnel Committee

The Personnel Committee prepares material and instructs with issues related to the composition and compensation of the Board of Directors and remuneration of the other members of the top management of the company. The Committee assists in the preparation of Board proposals to the shareholders related to these matters, as governed by the Finnish Limited Liability Companies Act. Personnel Committee is neither a decision-making nor an executive body. Personnel Committee calls in experts to its meetings when necessary for the issues to be discussed. Materials of Personnel Committee meetings are made available for all members of the Board of Directors.

The Personnel Committee convenes at least two times a year as notified by the Chair of the Committee. Members of the Personnel Committee are listed in the table above.

President and CEO

The Board of Directors appoints and may dismiss the CEO and decides upon the CEO's remuneration and other benefits in accordance with the Remuneration Policy. The CEO is responsible for the day-to-day management of the company. The CEO's main duties include:

managing the business according to the instructions issued by the Board of Directors
presenting the matters to be handled in the Board of Directors' meetings
implementing the decisions made by the Board of Directors
other duties determined in the Limited Liability Companies Act

2023

Juhani Hintikka has been WithSecure's President and CEO since 1 November 2020.

The biographical details of the CEO including the shareholdings are specified later in this report. The remuneration of the CEO is specified in WithSecure's Remuneration Policy and Report.

Global Leadership Team

The Global Leadership Team supports the CEO in the daily operative management of the company.

2023

Current information on the WithSecure Global Leadership Team can be found on our website at https://www.withsecure.com/en/about-us/investor-relations.

For descriptions of all members of the Global Leadership Team during 2023 and their roles, respective membership periods and shareholdings, see the end of this statement.

Internal control and risk management

Risk Management

Risk management and internal control processes at WithSecure seek to ensure that risks related to the business operations of the company are properly identified, evaluated, monitored and reported in compliance with the applicable regulations.

WithSecure's Board of Directors defines the principles of risk management and internal controls which are followed within the company. The Audit Committee assists the Board in the supervision of WithSecure's risk management function. The CEO is accountable for ensuring that the risk management principles are implemented and applied constantly and consistently across the organization.

The primary goal of WithSecure's risk management principles is to empower the organization to identify and manage risks more effectively. The potential negative impact and probability of different situations arising from our business operations on the company, its customers, or its partners are monitored as part of the risk management process. Another objective of the risk management is to constantly monitor and pro-actively control the impact and/or probability of situations derived from our business operations which may have a negative impact on WithSecure, its customers, or its partners. Proactive monitoring, risk simulation and stress testing also allows building strategic resilience in the company and its business operations. Risk management may also be utilized to identify opportunities for benefit.

WithSecure promotes continuous risk evaluation by the company's personnel. The relevant operational risks identified through the risk management process are regularly reviewed by the CEO and Global Leadership Team and the company's statutory auditor. Risk Management is an integrated part of WithSecure's governance and management, and the risk management process is aligned with the ISO-31000 standard. The Audit Committee regularly conducts a review of top operational risks and evaluates the effectiveness of the risk management system.

Internal Control

Internal Control, supported by Risk Management, is an important element of WithSecure's management system. The Board of Directors is responsible for ensuring that the operating principles for internal control have been defined, and that the company monitors the functioning of internal control.

WithSecure has defined its objectives for internal control based on the globally applied principles. Internal control consists of e.g. policies, processes, procedures as well as control and monitoring activities. Internal Control is designed to provide reasonable assurance regarding the achievement of WithSecure's objectives in following categories:

Effectiveness, efficiency and transparency of operations on all levels in accordance with the WithSecure strategy
Reporting, including financial and non-financial, external and internal, to the Board, management, shareholders and stakeholders being complete, reliable, relevant and timely
Compliance with applicable laws, regulations and WithSecure policies and instructions

WithSecure's Internal Control Operating Principles define the roles, design and practices of internal control. The principles provide guidance on how internal control is implemented at different levels, systems and amongst employees and outsourced functions. Internal control over financial reporting consists of risk identification and assessment, processes and internal control points and internal control monitoring and reporting.

Internal audit

Audit Committee considers the need for and appropriateness of a separate Internal Audit function on a regular basis. To date, the Audit Committee has concluded that, due to the size, organizational structure and largely centrally controlled financial management of the company, a separate Internal Audit function is not necessary.

In the absence of an Internal Audit function, attention is paid to periodical review of the written guidelines and policies concerning accounting, reporting, documentation, authorization, risk management, internal control and other relevant matters in all departments. Related controls are also tested annually. The guidelines and policies are coordinated by the company's finance department with active involvement by the legal department.

The absence of a separate Internal Audit function is considered when defining the scope of the company's external audit. Where necessary, the Internal Audit services will be purchased from an external service provider.

To facilitate transparency and exchange of information on Internal Audit related matters, the financial management team has frequent meetings with the auditors. The Audit Committee also meets regularly with the auditors.

WithSecure provides an effective, objective, confidential and secure Whistleblowing Channel which allows both WithSecure employees and other stakeholders to express their concerns or suspicions openly and safely. The Whistleblowing Channel is available to all stakeholders 24/7. It is maintained by impartial and independent service provider to ensure objective and timely handling of reports.

Related party transactions

The Audit Committee defines the principles for monitoring and assessing WithSecure's related party transactions. The definition of the related parties is based on IAS 24 standard. WithSecure collects information about its related parties on regular basis. The Board of Directors decides on related party transactions that are not conducted in the ordinary course of business of the company or are not implemented under arm's-length terms. Related party transactions are disclosed as part of financial statements according to the applicable legislation.

Insider management

WithSecure complies with the applicable legislation, including EU Market Abuse Regulation (MAR), the regulations of the Finnish Financial Supervisory Authority as well as Nasdaq Helsinki's Guidelines for Insiders. WithSecure has established its own insider policy to complement the regulation and guidelines above.

WithSecure maintains a list of all persons who have regular access to company's financial data. Due to the sensitive nature of financial information, persons having access to financial information before publication of an interim financial report or a year-end report shall be subject to a thirty (30) day trading restriction prior to publication of such report.

In addition, WithSecure maintains a project-specific insider list of any projects and events which, if realized, would be likely to have a significant effect on the value of WithSecure's shares or other financial instruments, and which have been subject to delaying of disclosure in accordance with MAR.

WithSecure has decided not to include any persons as permanent insiders. All persons with inside information regarding a project will be included in the project specific insider list.

Persons discharging managerial responsibilities comprise the Board of Directors, the CEO and other members of the Global Leadership Team. These persons have a duty to notify WithSecure and the Finnish Financial Supervisory Authority of every transaction in their own account relating to Financial Instruments of WithSecure within three business days. The company publishes these notifications as a stock exchange release, as specified by MAR. All releases published on managers' transactions are available on the company's website.

Auditors

The auditor is elected by the Annual General Meeting for a term of service ending at the close of the next Annual General Meeting. The auditor is responsible for auditing the consolidated and parent company financial statements and accounting. The auditor reports to the Board of Directors or the Audit Committee at least once a year.

2023

WithSecure has been audited by PricewaterhouseCoopers with Jukka Karinen, Authorized Public Accountant, as the responsible auditor.

WithSecure paid the auditor EUR 210,000 in audit fees (2022: EUR 169,000), and EUR 22,000 (2022: EUR 2,302,000) for non-audit services.

Board of Directors

In this section are the biographies of the Members of the Board of Directors during 2023.

Risto Siilasmaa Päivi Rekonen

Main employment history:

Founder, President and CEO, Member of the Board, WithSecure, 1988–2006 Chair of the Board 2012–2020, Member of the Board 2008–2012, Interim CEO 2013–2014, Nokia Corporation Chair of the Board, Elisa Corporation, 2008–2012 Chair of the Board 2016–2018, Vice-Chair of the Board 2007–2010 and 2013–2015, Member of the Board 2007–2019, The Federation of Finnish Technology Industries Vice Chair of the Board 2017-2018, Member of the Board 2007-2010 and 2013-2016, Confederation of Finnish Industries EK

Chair of the Working Group, The Future of the Finnish General Conscription System, The Finnish Ministry of Defence, 2009–2010

Current board memberships and public duties:

Member of the Board, CybExer Technologies, 2022– Founder and Member of the Board, F-Secure Corporation, 2022– Member of the Board, Futurice Oy, 2018– Member of the Board, Pixieray Oy, 2021– Member of the Board, Quanscient Oy, 2022– Chair of the Board, Upright Oy, 2022- Chair, Technology Advisory Board appointed by the Finnish Government, 2020– Senior Advisor, Boston Consulting Group, 2020– Member, Komatsu International Advisory Board, 2020– Member, International Advisory Board of IESE, 2019– Member, Global Tech Panel, an initiative of EU High Representative for foreign affairs and security policy, 2018– Founding Partner, Chair of the Board, First Fellow Partners, 2016–

Member of the Board since 2017

Main employment history:

Independent strategy advisor and professional board member, 2018– Managing Director, Group Technology, UBS, 2014–2018 Senior Vice President, Global Head of Digital Strategy, Adecco Group, 2011–2012 Head of IT, Credit Suisse, 2007–2009 Various leadership positions, Cisco Systems, 1998–2007 Various leadership positions, Nokia Corporation, 1990–1998

Current board memberships and public duties:

Member of the Board, Wipro Ltd, 2022– Chair of the Board, Amina Bank AG (formerly SEBA Bank AG), 2020– Member of the Board, Konecranes Corporation, 2018–

Keith Bannister

Member of the Board since 2020 Born 1966, B.Sc. (Hons) (Mathematics and Computer Science) Chartered Accountant (Fellow of ICAEW) Non-Executive Director – FT Advanced Professional Diploma

Main employment history: Senior Partner, KPMG LLP, 2000–2018 Various UK leadership positions, KPMG LLP, London UK, 1987–2018

Current board memberships and public duties: Member of the Board of Governors, Bridewell Royal Hospital, 2020–

Kirsi Sormunen

Member of the Board since 2022 Chair of the Audit Committee Born 1957, M.Sc. (Economics)

Main employment history:

Member of the Board, DNA Plc, 2014–2021 Member of the Board, VR Group, 2017–2020 Member of the Board, Sitra, 2013–2020 Member of the Board, Neste Corporation, 2013–2017 Vice President, CSR/Sustainability/CSO, Nokia Corporation, 2004–2014 Various leadership positions in F&C, Nokia Corporation, 1993–2004

Current board memberships and public duties:

Member of the Board, Spinnova Plc, 2023– Member of the Board, Exel Composites, 2020– Senior Advisor, DIF / Directors Institute of Finland, 2016–

Tuomas Syrjänen

Member of the Board since 2019 Chair of the Personnel Committee Born 1976, M.Sc. (Engineering)

Main employment history:

Data & AI Renewal, Futurice Oy, 2019– CEO, Futurice Oy, 2008–2018 Head of Business Unit, Futurice Oy, 2003–2008 Business Development, Futurice Oy, 2001–2002

Current board memberships and public duties:

Chair of the Board of Directors, Flow Technologies Oy, 2022– Member of the Board, Vaisala Corporation, 2019– Member of the Board, Futurice Oy, 2018– Member of the Board, Taaleri Corporation, 2017–

Ciaran Martin

Member of the Board since 2023 Born 1974, MA, History

Main employment history:

Professor of Practice, Blavatnik School of Government, University of Oxford, 2020– Founding Chief Executive of the UK National Cyber Security Centre and Board Member of GCHQ, 2014–2020 Director of Constitutional Policy, UK Government, 2011–2014 Director of Security and Intelligence Policy, UK Government, 2008–2011 Chief of Staff to the Head of the UK Civil Service and HM Treasury, 2002–2008 Public spending roles, HM Treasury and National Audit Office UK, 1997–2005

Current board memberships and public duties:

Managing Director, Paladin Capital (United States) Director of SANS CISO Network and Events Advisory Board, CyberCX (Australia) Advisory Board, Garrison Technologies (UK) Advisory Board, RedSift (UK) Non-Executive Director, Our Future Health (UK, medical research charity)

Camilla Perselli

Member of the Board since 2023 Born 1988, B.Sc. (Hons), Pharmacology

Main employment history:

Global Account Director & Head of UK Client Management, WithSecure, 2023– Global Account Director & Team Lead, WithSecure, 2022–2023 Account Director, MWR / WithSecure, 2018–2022 Relationship Manager, Criticaleye, 2015–2018 Senior Conference Producer, Informa, 2012–2015 Conference Producer, Informa, 2011–2012

Non-current members

Pertti Ervi

Board member from 2003 until March 2023

Tony Smith

Board member from 2022 until March 2023

	31 December 2023	31 December 2022
Risto Siilasmaa	60,038,063	60,017,365
	36,374	26,543
	41,637	29,218
	22,103	12,272
	15,952	3,533
Ciaran Martin	9,831	-
Camilla Perselli	3,277	-

108

Global Leadership Team

In this section are the biographies of all the members of the Global Leadership Team during 2023.

Juhani Hintikka

Born 1966, M.Sc. (Engineering) Member of the Global Leadership Team since 2020

Christine Bejerasco

Born 1982, B.Sc. (Computer Science) Member of the Global Leadership Team since 2021

Main employment history: President and CEO, WithSecure, 2020– Investor, advisor, 2018–2020 President and CEO, Comptel Corporation, 2011–2017 Various leadership positions, Nokia Corporation, 1999–2010 Various leadership positions, Konecranes Corporation, 1993–1999

Current board memberships and public duties:

Member of the Board, Technology Industries of Finland, 2022– Member of the Board, The European Cyber Security Organisation (ECSO), 2021– Member of the Board, Finnish Information Security Cluster – FISC ry (FISC), 2021– Main employment history: CISO, WithSecure, 2023– CTO, WithSecure, 2021–2022 Vice President, Tactical Defense Unit, WithSecure, 2019–2021 Various technical & leadership roles, WithSecure, 2008–2019

Malware Researcher, PC Tools, 2006–2008 Various threat analysis positions, Trend Micro, 2003–2006

109

Charlotte Guillou

Born 1978, M.A. (Adult Education) Member of the Global Leadership Team since 2021

Tom Jansson

Born 1968, M.Sc. (Econ.) Member of the Global Leadership Team since 2021

Main employment history:

Various leadership positions in human resources, OP Financial Group, 2018–2021 HR & Change Lead for Finance, KONE Corporation, 2018 Country Manager North, Scan-Horse A/S, 2017–2018 Various leadership positions in human resources, Fiskars Group, 2013–2017 Various leadership positions in human resources, Nokia Corporation, 2007–2012 Management Consultant, Deloitte Finland, 2004–2007 HRD Consultant, Psykologitoimisto Cresco, 2000–2003

Main employment history:

CFO, WithSecure, 2021– CFO, Posti Group Corporation, 2018–2021 CFO, Comptel Corporation, 2013–2017 Various leadership & finance positions, Tellabs Inc., 1994–2013

Antti Koskela

Born 1971, M.Sc. (Electrical Engineering) Member of the Global Leadership Team since 2021

Scott Reininga

Executive Vice President, Global Consulting Born 1971, M.Sc. (Management) Member of the Global Leadership Team since 2022

Main employment history:

CPO, WithSecure, 2021–

Vice President, Business Development, Elisa Corporation, 2020–2021 CDO and Vice President, Nokia Software, 2018–2020 CTO and Executive Vice President, Comptel Corporation, 2011–2017 Various leadership positions, Nokia Siemens Networks, 2007–2011 Various leadership positions, Nokia Networks, 1999–2007

Current board memberships:

Member of the Board, QPR Software Corporation, 2021–

Main employment history: EVP, Global Consulting, WithSecure, 2024– EVP, Solutions, WithSecure, 2022–2023 Vice President Global Consulting, Secureworks, 2014–2022 Director of Operations, Secureworks, 2012–2014 Director of Operations, EMEA, Dell Technologies 2010–2012 Various leadership positions, Dell Technologies 2003–2010

New members in Global Leadership Team after period-end

Lasse Gerdt

Born 1974, M.Sc. (Telecommunications and Management) Chief Customer Officer Member of the Leadership Team since 2024

Main employment history:

Head of Cloud/Azure Sales, Enterprise and Public Sector, Microsoft (Netherlands), 2022–2023 Director, Azure Sales, Global and Strategic Accounts, Microsoft (Netherlands), 2019–2021 Head of Strategic and Global Alliances, Amazon Web Services, EMEA HQ (Luxembourg), 2015–2019 Various leadership positions for Channel and SaaS Sales and Business Development, Microsoft (Finland), 2010–2014 Global Account Executive, Nokia, Microsoft (Finland) 2007–2010 VP Sales and Marketing, Cidercone Oy (Finland), 2002–2007 Global Accounts and Solution Sales Manager, Compaq Computer, 1998–2002

Current board memberships and public duties:

Member of Advisory Board, Knights of the Mannerheim Cross Foundation Member of Advisory Board, DeliwiAI

Tiina Sarhimaa

Born 1976, LL.M. Member of the Global Leadership Team since 2021

Main employment history:

CLO, WithSecure, 2021– Vice President, General Counsel, WithSecure, 2018–2021 Director, Legal and Compliance, Nokia Corporation, 2017–2018 General Counsel, Head of Legal, Comptel Corporation, 2015–2017 Legal Counsel, Comptel Corporation, 2004–2015 Legal Counsel, Hex Corporation, 2002–2003

Ari Vänttinen

Born 1969, M.Sc. (Economics and Business Administration) Member of the Global Leadership Team since 2021

Main employment history:

CMO, WithSecure, 2021– CEO and Founder, CMOwashere Oy, 2018–2020 CMO, Comptel Corporation, 2014–2018 Senior Director, Marketing, McAfee Corporation, 2014 Vice President, Marketing, Stonesoft Corporation, 2010–2013 Senior Executive Consultant, Talent Vectia Oy, 2007–2010 Global Marketing Manager, Nokia Corporation, 2004–2007

110

Changes in Global Leadership Team composition

In December, Chief Technology Officer Tim Orchard announced that he will leave the company. CTO role will be included in the Chief Product Officer role going forward. In October 2023, WithSecure announced strategy changes which impact the operating model of the company. Cyber security consulting will operate as a separate business unit, led by Scott Reininga. Other parts of the Solutions business unit will be transferred to other units of the company. All changes became applicable on 1 January 2024.

At the end of the year, the composition of the Global Leadership Team was the following: Juhani Hintikka (President and CEO, acting CCO), Christine Bejerasco (CISO), Charlotte Guillou (Chief People Officer), Tom Jansson (Chief Financial Officer), Antti Koskela (CPO), Tim Orchard (CTO), Scott Reininga (EVP, Solutions, became EVP, Consulting on 1 January 2024), Tiina Sarhimaa (CLO) and Ari Vänttinen (CMO).

Non-current members

Juha Kivikoski

Tim Orchard

WithSecure shares owned by the members of the Global Leadership Team

Executive team	31 December 2023	31 December 2022
Juhani Hintikka	612,670	612,670
Tom Jansson	61,267	61,267
Christine Bejerasco	90,517	70,485
Ari Vänttinen	61,267	61,267
Antti Koskela	63,767	63,767
Tiina Sarhimaa	77,583	57,551
Charlotte Guillou	61,267	61,267
Scott Reininga	73,621	73,621

Letter of the Chair of the Personnel Committee	145
Remuneration of the Executives	146
Remuneration of the Board of Directors	147
Remuneration of the President and CEO	148
President and CEO Pay mix 2023	148
Short-term incentive (STI)	149
Long-term incentive (LTI)	150
The President and CEO - current LTI Plans	150
Key terms of service of the President and CEO	151

Letter of the Chair of the Personnel Committee

Dear Shareholders,

On behalf of WithSecure's Personnel Committee, I am pleased to share the Remuneration report for 2023. The report presents remuneration paid in 2023 to the Board members and the President and CEO in line with the Remuneration Policy approved at the Annual General Meeting 2022. WithSecure Remuneration Policy and the Remuneration Report comply with the EU Shareholder Rights Directive (SHRD) and Finnish Corporate Governance Code 2020.

The purpose of the Personnel Committee is to ensure that the variety of remuneration programs and elements reinforce the execution of the business strategy, support paying for performance and ensure that the remuneration is designed to be competitive in comparison to relevant peer groups. The other focus areas of our personnel Committee are the organization culture and value development, and talent development.

The remuneration principles in WithSecure have been defined so that the remuneration programs promote the business objectives and long-term shareholder value creation as well as long-term profitability of the company. For the President and the CEO this means that a significant part of the remuneration is based on performance. If targets are met, the short- and long-term incentives comprise 57% of the total remuneration of the President and the CEO, as defined in the Remuneration Policy. In 2023, the short-term incentive plans were tied to the company's revenue and profitability and the ongoing performance based long-term incentive plans to increasing the total shareholder value.

In 2023, WithSecure revenue was impacted by the economic slowdown and increasing competition in the cyber security market. The revenue growth was not in line with the original expectations, and we lowered the 2023 guidance in the beginning of the third quarter. At the end of the year, the total revenue growth from the previous year was 6%. Our profitability improved from the previous year and in the last quarter, a positive Adjusted EBITDA of EUR 0.2 million was reached for the first time since the demerger of the consumer business in 2022. Despite the positive profitability development and revenue growth, we did not meet our ambitious financial targets of our shortterm incentive plan.

Looking ahead to 2024, our well-established remuneration principles will remain the same as in 2023. We have gone through a large transformation of our strategy, structure, and financials and will continue to drive profitable growth as well as the positive development of the shareholder value. To support our growth journey, we continued the Employee Share Savings Plan for a new plan period. The aim of this long-term incentive plan is to increase the alignment of shareholders and our people and to offer an attractive opportunity to benefit from the company's success to all employees.

Engaged and competent people are imperative to our success and our purpose is to create a place of work where colleagues can thrive both personally and professionally to drive the success of our business. We offer our people an inclusive, flexible and caring workplace built on our values. We continue to invest in the development of our people with the aim to offer equal and inspiring opportunities to learn and grow.

We are positively looking into 2024 and our focus is on building the growth mindset and experimentation culture and driving towards further growth and profitability.

Chair of the Personnel Committee

Tuomas Syrjänen

Remuneration of the Executives

The development of WithSecure's executive compensation in 2019─2023 is described in the table below. The remuneration of the Board of Directors has stayed on the same level since 2018. The total remuneration of the President and CEO has varied year by year as a significant part of the remuneration is tied to the company's financial performance.

Average annual remuneration (EUR)	2019	2020	2021	2022	2023
President and CEO 1	466,780	482,863	375,327	555,519	509,923
Chair of the Board	80,000	80,000	80,519	80,000	80,000
Other Board Members 2	40,500	40,000	44,508	44,000	43,800
3 Average employee	62,650	61,832	67,443	4 74,158	82,797
Revenue, EUR million 5	217	220	130	135	143
Adjusted EBITDA, EUR million 5	23	36	-11	-23	-16

1 Remuneration paid during the financial year, including the base salary as well as short- and long-term incentives.

2 Average remunerations paid to the Board Members, excluding the employee representative.

3 Total wages and salaries of the calendar year / average headcount during the year in all countries. Numbers until 2020 include the consumer security (F-Secure). 2021 and 2022 are restated to include only WithSecure.

4 The change in the average salary by employee is impacted by the structural changes of the company during the year.

5 Numbers until 2020 include the consumer security (F-Secure). 2021 and 2022 are restated to include only WithSecure.

Share price development of WithSecure and indices

Remuneration of the Board of Directors

The Annual General Meeting decided on March 21, 2023 that the Board of Directors is paid fixed annual compensation for the term ending at the end of the next Annual General Meeting. The annual fee for the Chairman of the Board is EUR 80,000, for the Committee Chairs EUR 48,000, for Members of the Board EUR 38,000, and for a Board Member belonging to the personnel of the company EUR 12,667.

The Annual General Meeting decided that approximately 40% of the annual remuneration is paid in WithSecure's shares repurchased from the market. There are no special terms or conditions associated with owning the shares received as remuneration. The company will pay any applicable transfer tax arising from remuneration paid in shares.

For the Members of the Board of Directors, changes in the holdings of the company shares and rewards paid in shares are reported according to the Market Abuse Regulation. Related stock exchange releases are available on the company's website.

A separate meeting fee of EUR 1,000 is paid to the Board members travelling from another country to an on-site meeting within the European continent. If intercontinental travel is required, the fee is EUR 2,000.

The travel expenses and other costs directly related to the Board work of the members of the Board of Directors are paid in accordance with the company's compensation policy in force at any given time. In addition, the Chairman of the Board of Directors is offered assistant and administrative services.

Member	Annual fee paid in cash, EUR	Annual fee paid in shares, EUR	Annual fee paid in shares, pcs	Meeting fees paid, EUR 1	Total, EUR
Risto Siilasmaa	49,268	30,732	20,698	-	80,000
Kirsi Sormunen	29,560	18,440	12,419	-	48,000
Tuomas Syrjänen	29,560	18,440	12,419	-	48,000
Päivi Rekonen	23,403	14,597	9,831	3,000	41,000
Keith Bannister	23,403	14,597	9,831	3,000	41,000
Ciaran Martin	23,403	14,597	9,831	3,000	41,000
Camilla Perselli	7,801	4,866	3,277	-	12,667
Tony Smith 2	-	-	-	-	-
Pertti Ervi 2	-	-	-	1,000	1,000
Total	186,398	116,269	78,306	10,000	312,667

Paid remuneration in 2023

1 Meeting fees paid based on international travel.

2 Member until 21.3.2023 – no annual fee payments in 2023

Remuneration of the President and CEO

The remuneration of the President and CEO is decided by the Board of Directors. The main components of the President and CEO's total remuneration are base salary and short- and long-term incentives. Salaries and financial benefits paid in 2023 are described below:

	Payments done in 2023
Base salary, Including fringe benefits	EUR 350,244
Pension/Other financial benefits	- 1
Short-term incentives (STI)	EUR 159,679 2
Long-term incentive (LTI) EUR/shares	- / -
Total	EUR 509,923

1 As a resident in Finland, the President and CEO is covered by the statutory state pension arrangement in Finland (TyEL). During 2023, the statutory contributions equal to 60,276 EUR were made. No supplementary pension arrangements were offered.

2 The amount paid to the President and CEO's pension fund; the actual STI reward amount multiplied by 1,1 as decided by the BoD

President and CEO Pay mix 2023

Short-term incentive (STI)

The target STI reward for the President and CEO is 50% of annual base salary, maximum reward being two times the target. The STI reward for the President and CEO can be paid partly or fully to a pension fund. The Board of Directors decides annually on the contribution to the fund. As the contribution to the pension fund is not subject to social or other employer costs, the reward paid to the pension fund is multiplied by 1.1.

STI Plan 2022 (payable in 2023)

The STI Plan 2022 for the President and CEO was based on WithSecure's revenue with 60% weight and adjusted EBITDA with 40% weight of total. The performance criteria for the STI Plan 2022 were originally set for the full year 2022, but due to the demerger of consumer business, the targets were set and evaluated separately for first and second half of the year. The overall achievement for first half of 2022 was 150.0% and for the second half 15,9%. The STI reward for the full year of 2022 was paid in Q1 2023.

STI Plan H1/2022	Performance Criteria	Weight	Minimum	Target	Maximum	Outcome	Performance	Achievement
	Revenue	60 %	112.6	118.6	124.6	119.6	116.7%
	Adjusted EBITDA	40 %	6.9	8.5	10.1	10.3	200.0%	150.0%

STI Plan H2/2022	Performance Criteria	Weight	Minimum	Target	Maximum	Outcome	Performance	Achievement
	Revenue	60%	68.9	72.6	76.3	69.9	26.5%
	Adjusted EBITDA	40%	-8.6	7.2	-5.8	-10.0	0.0%	15.9%

STI Plan 2023 (payable in 2024)

The STI Plan 2023 for the President and CEO was based on WithSecure's adjusted EBITDA with 60% weight and revenue with 40% weight of total. The performance criteria for the STI Plan 2023 were not met and there will be no payment based on the STI 2023.

STI Plan	Performance Criteria	Weight	Minimum	Target	Maximum	Outcome	Performance	Achievement
2023	Adjusted EBITDA	60%	-13.0	-11.0	-9.0	-16.1	0.0%	0.0%
	Revenue	40%	150.0	158.0	166.0	142.8	0.0%

Long-term incentive (LTI)

No Long-term incentive (LTI) payments were made to the President and CEO during 2023. The President and CEO participates currently in three share based long-term incentive plans.

Performance Share Plan (PSP) 2021-2023

The President and CEO was granted 202,983 shares within the PSP 2021─2023 in 2021. This grant represents the target level reward, the maximum reward being two times the target. The PSP 2021-2023 is based on WithSecure's absolute Total Shareholder Return and the outcome is calculated based on the average share price of January-February 2024. Possible payments are made in Q1 2024.

Restricted Share Plan (RSP) 2021-2023

President and CEO was granted a one-time allocation of 106,833 shares within the RSP 2021─2023 in 2021. The reward is conditional to continuous service with the company at the time of payment in Q1 2024.

Performance Matching Share Plan (PMSP) 2022-2026

The President and CEO participates in the PMSP 2022-2026 that was launched in 2022. This 4-year performance-based plan offers an opportunity to invest in WithSecure and earn shares through a matching reward. The performance criterion of the PMSP 2022-2026 is WithSecure market capitalization. The outcome is calculated in October-November 2026 and rewards are paid by the end of December 2026.

The PMSP 2022–2026 replaced two typical annual performance share plan allocations for the participants, and there were no grants made within the PSP 2022-2024 or PSP 2023-2025 for the President and CEO.

The President and CEO - current LTI Plans

Share Plan	Performance Criteria	Target reward	Maximum reward	Reward payment
Performance Share Plan 2021–2023	Absolute TSR	202,983 shares1	405,965 shares1	Q1 / 2024
Restricted Share Plan 2021–2023	Continuous employment	106,833 shares1	106,833shares1	Q1 / 2024
Performance Matching Share Plan 2022–2026	WithSecure market capitalization	3 x matching of initial investment of 612,670 shares	5.5 x matching of initial investment of 612,670 shares	Q4 / 2026

1 The shares allocated within the PSP 2021-2023 and the RSP 2021-2023 were converted from the original to match the WithSecure share after the demerger of the consumers business in 2022.

Key terms of service of the President and CEO

The contract of the President and CEO is an indefinite contract with a six-month period of notice both ways. If the company terminates the contract of employment, the President and CEO is entitled to a severance payment equivalent of six months' base salary.

The President and CEO does not have a supplementary pension plan, and the determination of his pension conforms to the standard rules specified by Finland's Employee Pension Act (TYEL). The President and CEO's retirement age is also determined by the statutory pension system and is 65 years under the applicable Finnish legislation.

Information for shareholders

Financial Calendar

During the year 2023, WithSecure Corporation will publish financial information as follows:

1. 20 April 2023: Interim Report for January–March 2023
1. 14 July 2023: Half-Year Financial Report for January–June 2023
1. 18 October 2023: Interim Report for January–September 2023

Contact information

Tom Jansson CFO WithSecure Corporation WithSecure observes at least a three-week (21 days) silent period prior to publication of financial reports, during which it refrains from engaging in discussions with capital market representatives or the media regarding WithSecure's financial position or the factors affecting it.

The Annual General Meeting is scheduled for Wednesday, 20 March 2023. The Board of Directors will convene the meeting.

Laura Viita Vice President, Controlling, investor relations and sustainability WithSecure Corporation +358 50 487 1044 [email protected]

WithSecure Corporation Tammasaarenkatu 7 P.O. Box 24, 00181 Helsinki Tel. +358 9 2520 0700 [email protected] withsecure.com/en/about-us/investor-relations

AI Terminal

WithSecure Oyj

3267_10-k_2024-02-13_c9886351-6de3-467d-8622-88979a1f1d65.pdf

WithSecure in Brief

We exist to build and sustain digital trust.

One Experience. Fully modular. Made for Co-Security.

2023 – Focusing on Elements and Cosecurity

Board of Directors' report

Market overview

Financial performance and key figures

Revenue and ARR

Cloud revenue

On-premise revenue

Cyber security consulting

Gross margin

Operating expenses

Profitability

Cash flow

Discontinued operations (in 2022)

Acquisitions and financial arrangements

Changes in the group structure

Capital structure

Research and development

Non-financial information

Organization and management

Personnel

Leadership team

Shares, Shareholders' equity, Own shares

Risks and uncertainties

Risks related to cyber security market

Market consolidation

Geopolitical risks

Environmental risks

Risks related to WithSecure operations and products

Attracting and retaining talent

Partners

Product risks

Cyber security incidents

Intellectual property rights (IPR)

Financial risks

Inflation and interest rates

Liquidity risk

Currency fluctuations

Annual General Meeting

Outlook for 2024

Bridge to 2023 Cloud revenue

Board of Directors' proposal for disposal of distributable funds

Events after period-end

Statement of comprehensive income January 1 – December 31, 2023

Statement of cash flows January 1 – December 31, 2023

Statement of changes in equity

Notes to the Financial Statements

Accounting principles for the consolidated financial statements

Basic information

Accounting principles

Principles of consolidation

Discontinued operations

Transactions in foreign currency

New and amended IFRS accounting standards that are effective for 2023

Management judgment on significant accounting principles and use of estimates

Revenue recognition

Presentation of receivables and liabilities from contracts with customers

Pensions

Leases

Group as lessee

Group as lessor

Income taxes

Business combinations

Goodwill

Intangible assets

Research and development expenditure

Intangible assets acquired in business combinations

Other intangible assets

Tangible assets

Impairment of assets

Financial instruments

Financial assets and liabilities

Financial assets at amortized cost

Financial assets at fair value through profit or loss

Financial liabilities at amortized cost