Tietoevry

Board of Directors

It is the general obligation of Tietoevry's Board of Directors to safeguard the interests of the company and its shareholders.

Composition and election

According to Tietoevry's Articles of Association, the Board of Directors elected by the shareholders shall consist of no fewer than six and no more than twelve members. Each Board member serves a one-year term, which expires at the closing of the first AGM following their election.

The company has defined as the objective that, in addition to professional competence, Tietoevry's Board members shall be diverse in terms of gender, occupational, and professional backgrounds. Furthermore, the Board as a whole shall possess sufficient knowledge of and competence in, inter alia, the company's field of business and markets, as well as environmental, social, and governance matters.

Tasks

The main duties and working principles of the Board have been defined in a written charter. Additionally, the work of the Board is based on an annual action plan.

More specifically, the Board: • approves the company's values, strategy and organizational structure • defines the company's dividend policy • approves the company's annual plan and budget and supervises their implementation • monitors management succession, appoints and discharges the President and CEO • decides on the President and CEO's compensation, sets annual targets and evaluates their accomplishment • decides on the compensation of the President and CEO's immediate subordinates • addresses the major risks and their management at least once a year • reviews and approves interim reports, annual reports and consolidated financial statements and sustainability statements • reviews and approves the company's key policies • is accountable for guiding the organization's strategy on environmental, social and governance (ESG) topics • meets the company's auditors at least once a year without the company's management • appoints the members and Chairpersons of the Board's committees and defines their charters • reviews assessments of its committees as well as the President and CEO • evaluates its own activities.

The Board has scheduled meetings every one to two months. Besides the Board members, the meetings are attended by the President and CEO, Chief Financial Officer (CFO) and General Counsel, who acts as secretary of the meetings.

2024

• The Board convened 16 times in 2024 and the average attendance was 98.5%. • The Board had seven sessions during the convened Board meetings without the management present. • The auditors were present at one convened Board meeting. • The Board met the auditors once without the presence of the management.

Audit and Risk Committee

The committee convenes regularly at least four times a year and meets the company's auditors, also without the company's management present. The Chairperson of the committee reports to the Board. The main tasks of the committee are to:

• review and supervise internal control – particularly the financial reporting process – and risk management • discuss and review the interim and annual reports, sustainability statements and the consolidated financial statements, including non-financial information • assess compliance with legislation, official regulations and the company's Code of Conduct • evaluate the sufficiency of internal control and the internal audit • examine, assess and approve the internal audit plan • assess the appropriate coverage of risk management and monitor the efficiency of risk management • review significant risks and unusual business events

2024

• The committee convened seven times in 2024 and attendance was 100%. • In addition to its regular agenda, the committee followed up progress of operational KPIs in the end-to-end businesses as well as development in cybersecurity and privacy matters. Additionally, the committee monitored the implementation of sustainability reporting as a new matter.

Sustainability Oversight

Sustainability is a core part of Tietoevry's operations, guided by the Corporate Sustainability Reporting Directive (CSRD) and European Sustainability Reporting Standards (ESRS). This integration is fostering collaboration across functions, helping us to identify gaps and drive continuous improvements.

Tietoevry's Board of Directors and the Audit and Risk Committee actively oversee our sustainability strategy. These governing bodies scrutinize, challenge and contribute to our initiatives, fostering both ambition and accountability.

Integration of ESG in Incentive Plans

As part of the strategy, Tietoevry has made a long-term commitment to sustainability by increasing the focus on Environmental, Social and Governance (ESG) aspects. ESG measures were introduced in the Long-term incentive Plan 2022–2024 and have been continued since, i.e. in the plans that were implemented in 2023 and 2024 and will also be continued in the LTI 2025–2027 plan. We stay committed to our ESG agenda and continue the measures being CO2 emission reduction and female recruits, both measures with an increased weighting compared to when they were introduced. The target levels, as disclosed below, are based on the long-term ambitions of the company and support the execution of the strategy.

Long-term Incentive Plans Performance Criteria:

LTI 2022–2024: • ESG: CO2 emission (5%) - Target: 72% reduction from 2020 baseline by the end of 2024 • ESG: Female recruits (5%) - Target: 35% by end of 2024

LTI 2023–2025: • ESG: CO2 emission (10%) - Target: 87% reduction from 2020 baseline by the end of 2025 • ESG: Female recruits (10%) - Target: 37% by end of 2025

LTI 2024–2026: • ESG: CO2 emission (10%) - Target: 90% reduction from 2020 baseline by the end of 2026 • ESG: Female recruits (10%) - Target: 38% by end of 2026

LTI 2025–2027: • ESG: CO2 emission (10%) - Target: 40% reduction from 2024 baseline by the end of 2027 • ESG: Female recruits (10%) - Target: 39% by end of 2027

Internal control and risk management

Tietoevry is committed to upholding a strong internal control environment and managing risks effectively to ensure the integrity of its financial reporting, protect its assets, and achieve strategic goals.

Our internal control framework supports strategic execution and ensures regulatory compliance. It is built on key components such as the risk management framework, financial control, internal audit, and supporting policies and processes.

The aim of Tietoevry's internal control framework is to ensure that operations are efficient and aligned with strategic objectives. It is designed to guarantee accurate, reliable, complete, and timely financial reporting and management information.

This framework promotes ethical values, good corporate governance, and sound risk management practices. Internal control and risk management activities are integrated into Tietoevry's management practices and business planning processes.

Risk management framework

Tietoevry employs a systematic approach to risk management to enhance the efficiency, control, profitability, sustainability, and continuity of business operations. This involves a comprehensive process of assessing, identifying, evaluating, and analysing risks that could impact business objectives, and also people and the environment from ESG perspective. By implementing appropriate risk treatment actions, the impact and likelihood of risks are minimized.

The risk management framework comprises the risk management organization, along with related policies, processes, tools, and standardized practices. This organization is responsible for developing and maintaining the framework, which includes risk reporting, governance, and monitoring of risk exposures across strategic, financial, operational, compliance, and personnel areas.

The risk management organization consists of the Corporate Risk Management unit, nominated Risk Managers and Business Continuity Managers in the businesses and key stakeholders in functions. A group-wide Risk and Resilience Forum (for Risk and Continuity activities) has been established for information sharing, setting the direction of risk and continuity management, as well as crisis management, collaboration between units and reviewing steering documents.

Tietoevry has also specified its compliance management system, including the compliance organization, steering model, and annual plan for compliance-related activities. The Group Compliance Officer is responsible for maintaining the whistleblowing channel and coordinating investigations as well as ensuring the effectiveness and functionality of the governance model for compliance work.

Financial control

The purpose of internal control over financial reporting is to ensure the correctness of financial reporting, including interim and annual reports and the compliance of financial reporting with regulatory requirements. The ARC has the oversight role in Tietoevry's external financial reporting.

Internal audit

The purpose of Tietoevry's internal audit function is to provide independent, objective assurance and advisory services designed to add value and improve Tietoevry's operations. The internal audit functionally reports to the ARC and administratively to the Chief Financial Officer (CFO).

Core services aim at assessing and assuring the adequacy and effectiveness of risk management and internal control within Tietoevry. Assurance and advice is delivered via data-driven business partnering, enabling digital end-to-end assurance and assurance by design.

Strategy, Business Model and Value Chain

About Tietoevry

We are a leading technology company with a strong Nordic heritage and global capabilities. Specializing in cloud, data and software, we serve thousands of enterprise and public-sector customers in approximately 90 countries. The company's shares are listed on the NASDAQ exchange in Helsinki and Stockholm, as well as on Oslo Børs.

Our specialized end-to-end businesses create business transformation in the era of data, cloud, automation and AI.

Tietoevry Create provides design, data and digital engineering services to customers all over the world across a wide range of industries including manufacturing, telecom, healthcare, financial services and the public sector. Combining local expertise with the technical skills of a large global team, Tietoevry Create builds tailored digital solutions that align with its customers' business objectives and maximize their value.

Tietoevry Care provides health and social care software in the Nordics. The business is modernizing the health and social care sector with modular, open and interoperable Lifecare software. Through a data-driven approach, Tietoevry Care ensures a smoother and more personalized care experience for everyone.

Tietoevry Banking provides financial Software-as-a-Service solutions for the Nordics and beyond. The business is modernizing banks with the low-risk implementation of market leading software for cards, transaction banking, credit & lending, financial crime prevention and wealth management, as well as a modular Banking-as-a-Platform solution.

Tietoevry Industry offers a high performing portfolio of modern software products. With deep industrial knowledge, the business delivers customer-centric and data-driven software solutions to specialized segments and niche markets in both the private and public sectors.

Tietoevry Tech Services is a transformation and managed services provider, focusing on Nordic-based private and public customers across various industries. With its cutting-edge digital solutions – including applications, multi-cloud, data and AI, and security services – the global team helps businesses thrive and keeps Nordic societies running.

Specialization-based strategy for greater value to all stakeholders

Tietoevry's strategy aims to capture cloud-native and AI-enabled market opportunities through specialized software, digital engineering and managed services businesses. Each business aims to be among the best in the market. Specialization drives a best-in-class customer proposition and attracts talent.

From 2022, after a long period of operating as an integrated IT company, we have established specialization as our foundation for competitiveness and value creation to our stakeholders. This specialization is delivered through our five distinct businesses.

In our view, the software and digital engineering businesses provide the strongest potential for value creation.

Interests and views of stakeholders

Overview

The company aims to develop its business operations, products and services that contribute to innovation, sustainability, compliance and stakeholder value. Through continuous engagement and open dialogue, Tietoevry adapts its operations to meet the evolving needs of its stakeholders.

Tietoevry's stakeholder engagement spans a wide spectrum of affected stakeholders and users of the company's Sustainability Statement, such as employees and other personnel, customers and end-users, investors and shareholders, suppliers, business partners, potential employees and students. These stakeholders are directly and indirectly affected by Tietoevry's operations and activities.

Governance

The Board oversees the company's ESG practices, while Group Sustainability in collaboration with relevant company functions, manages and coordinates stakeholder dialogue.

Key Stakeholder Groups and Engagement

The table below presents a summary of Tietoevry's key stakeholders, type of engagement, key topics and outcomes of engagement.

Integration into Strategy and Business Model

Dialogue with stakeholders informs Tietoevry's action plans for managing impacts, risks and opportunities. Stakeholder perspectives are incorporated into sustainability reporting and management reports at Tietoevry, offering feedback on the company's overall business performance.

In response to employee feedback, the company has increased transparency around skills and staffing, enhanced support mechanisms for remote working, and revitalized its learning platforms. Customer feedback has driven a renewed emphasis on the quality of service delivery, fostering a more customer-centric culture and enhancing communication methods.

To keep investors and shareholders informed, Tietoevry provides regular updates on its overall business performance, objectives and key initiatives. Collaborations with suppliers and business partners are aligned to focus on shared innovation and business objectives including sustainability. In efforts to attract potential employees and students, Tietoevry has refined its digital outreach and incorporated innovative technologies into its recruitment processes.

Tietoevry periodically reviews its strategy in order to be competitive in the market and create value for all its stakeholders, including customers, employees, investors and society at large. The strategy review involves defining the markets, product/services portfolio choices, capability needs, operating model and financial outcomes. The strategy is operationalized through yearly operating plans with specific operational and financial objectives. Actions towards these objectives are reviewed regularly to ensure value creation for all stakeholders.

Ongoing Engagement

Tietoevry's approach to stakeholder engagement extends beyond the periodic conduct or validation of the double materiality assessment. The company is committed to maintaining an ongoing dialogue with stakeholders throughout the year, ensuring that their insights continually inform and align with Tietoevry's objectives. This consistent engagement is a cornerstone of the company's efforts to foster a culture of continuous improvement and responsiveness to stakeholder needs and aspirations.

Material impacts, risks and opportunities and their interaction with strategy and business model

Overview of material IROs

Tietoevry's material impacts, risks and opportunities (IRO) have been assessed throughout Tietoevry's value chain, including own operations, all value chain workers, and consumers and end-users. The material risks and opportunities are predominantly rooted in its own operational activities, while the material impacts exert influence throughout its value chain. The negative impacts are typically situated upstream or within the company's direct operations. Conversely, the positive impacts are often observed downstream, as well as within the company's internal operations. The company's material impacts, risks and opportunities do not interact with its strategy.

Full list of material IROs

Negative impacts and context at Tietoevry

• Climate change mitigation and energy (entire value chain): Energy consumption from Tietoevry's own operations and value chain contributes negatively to carbon emissions. Demand for digital services is growing and as a result energy use will increase, potentially resulting in higher GHG emissions and resource depletion

• Diversity and gender equality and equal pay for work of equal value, own workforce (own operations): Unconscious bias in recruitment, promotion and retention, disparities in access to professional development and training, gaps in pay equity between genders and in minority groups

• Collective bargaining, freedom of association and social dialogue, own workforce and workers in the value chain (own operations, upstream): Operations across multiple countries with different labour laws, regulations and practices. Some employees may face barriers to forming or joining unions. Dependence on global suppliers located in areas with weaker labour regulations also poses a risk of negative impact on collective bargaining and freedom of association

• Corruption and bribery incidents (entire value chain): As a listed company with global presence and offerings, Tietoevry is exposed to corruption and bribery risks in own operations. Such incidents may result in material negative impacts for individuals, legal entities, and societies that the company operates in. Tietoevry is subject to various anti-corruption legislation which extend responsibility to interactions in the entire value chain

• AI (entire value chain): Biases and discrimination, privacy concerns and ethical dilemmas, such as decision-making in critical scenarios. Automation can result in job displacement, causing social disruption, while training AI models requires significant energy and water, increasing carbon emissions

• Cybersecurity (own operations, downstream): Potential data breaches that lead to individual financial losses, damage to persons' reputations, regulatory fines and reputational damage. Disruption of services can cause negative impacts for customers, their customers and society as a whole

Positive impacts and context at Tietoevry

• Corporate culture (own operations), protection of whistleblowers and corruption and bribery prevention (entire value chain): Leadership commitment to ethical values, protection of whistleblowers to ensure anonymity, compliance programmes to prevent corruption and bribery, as well as audits to ensure adherence to anti-corruption policies, all contribute to a positive corporate culture supporting employee engagement and innovation

• Secure employment, work-life balance and working time, own workforce (own operations): Career advancement, including reskilling and upskilling, enabling employees to stay employable. Flexible arrangements like remote work and flexible hours, enabling effective time management while maintaining productivity

• Privacy for customers and end-users (downstream): Strict data protection measures and compliance with regulation, e.g. GDPR, as well as transparency about data collection and usage practices enhance customer loyalty and satisfaction

• Responsible AI (own operations, downstream): Clear ethical guidelines and training that prioritize and support human rights, diversity, fairness and transparency, and which foster trust and accountability in the development and deployment of AI technologies

Risks and context at Tietoevry

• Energy (own operations): The energy-intensive nature of data centres and cloud infrastructure, energy price volatility, supply chain disruptions and regulatory changes in own operations and supply chain

• Data privacy and cybersecurity (own operations, downstream): Management of critical IT infrastructure and sensitive data, compliance with data privacy regulations

• Gender equality and equal pay for work of equal value, own workforce (own operations): Under-representation of female employees in the industry and the company and its leadership, disparities in compensation

Opportunities and context at Tietoevry

• Climate mitigation (own operations, downstream), climate adaptation (own operations, downstream), circular economy (own operations, downstream): Offerings contributing to reduced GHG emissions and waste, circularity of hardware and software assets

• Working conditions, own workforce (own workforce): Promotion of secure employment, healthy working time and work-life balance reducing costs related to recruitment and retention

• Cybersecurity (own operations, downstream): Providing robust data protection protocols, cyber threat mitigation practices and the ability to adapt to new types of digital threats

• Responsible AI (own operations, downstream): Ethical AI practices and AI-driven products and services addressing societal challenges attract customers and enhance trust

Material IROs table by ESRS topic

Time horizons

The double materiality process has been informed by the requirements of ESRS and the time horizons used have been aligned with these standards. However, for the first year of reporting according to the CSRD/ESRS, Tietoevry has applied one time horizon (0-5 years) when assessing potential negative and positive impacts, and opportunities and risks. This decision reflects the company's existing practices, as longer time horizons have not been commonly used in financial or operational planning. However, in the assessment of climate-related risks and opportunities, the company also considered the time horizons outlined in its Task Force on Climate-related Financial Disclosures (TCFD) analysis: short-term (0–2 years), medium-term (2–7 years), and long-term (7–30 years).

When revisiting the double materiality assessment during the 2025 financial year, Tietoevry will ensure further alignment with ESRS requirements related to time horizons and will expand to a more forward-looking approach.

Resilience in strategy and business model

Tietoevry's resilience and competitiveness are derived from adapting to fast-paced technological advancements, addressing cybersecurity and environmental risks, and positioning the company to leverage opportunities in digital transformation and sustainability. To address shifts in customer expectations, the company's strategy emphasizes continuous innovation in key areas like cloud services, AI and automation.

Tietoevry aims to continuously adapt to emerging sustainability regulations and stakeholder expectations. The company has several practices to mitigate and manage material impacts and risks. As a technology company, Tietoevry faces significant risks related to cybersecurity and data privacy. By having robust data protection protocols, cyber threat mitigation practices and the ability to adapt to new types of digital threats, Tietoevry ensures resilience in these areas. Resilience in relation to energy consumption is also a critical consideration, given the rising energy demands of data centres, computing infrastructure and the shift to cloud-based services. Actions taken by Tietoevry include energy-efficient solutions and measures, including the use of renewable energy to reduce its carbon footprints. Tietoevry also adapts itself to changing regulation, e.g. by ensuring compliance with existing and upcoming data protection laws, environmental standards, labour laws and sustainability legislation.

With the increasing demand for digitalization across sectors, Tietoevry is positioned to take advantage of the growing need for IT services, AI-based solutions, cloud infrastructure and automation technologies. Tietoevry can leverage its sustainability efforts by also helping customers to achieve their own ESG goals through some of Tietoevry's digital solutions.

Current and anticipated effects on business model, value chain and strategy

Tietoevry's response to the material impacts has led to several considerations in its business model and strategy:

• Sustainability embedded into operations: The company has integrated ESG factors into its core business processes, governance structures and supply chain management. This includes adopting responsible sourcing practices and partnering with suppliers committed to similar sustainability goals

• Energy transition in operations: Tietoevry has committed to reducing its energy consumption and carbon footprint in own operations by continuing the transition to 100% renewable energy for its data centres and offices. This move not only reduces environmental risks, but also presents an opportunity to attract sustainability-focused clients and partners

• Investments in innovation for sustainability: The company is increasing its investments in developing new products and services. Due to their technology intensity, these services can potentially support the ESG agenda of the industry and customers. For instance, cloud solutions and AI-driven systems are being designed to optimize energy use, reduce waste and enable businesses/clients to achieve their sustainability targets

• Future outlook: Looking forward, Tietoevry plans to continue to adapt to global sustainability standards, while also anticipating new opportunities arising from emerging technologies like AI. These innovations will drive further improvements in operational efficiency and the customer experience, while helping mitigate risks associated with climate change, regulatory shifts and social transformation

Current financial effects of material risks and opportunities

The current financial effects of material risks and opportunities on financial performance have been assessed based on their estimated impact on revenue and costs. Risks and opportunities are not deemed to have a material impact on the company's financial position, nor does the company see significant risks of material adjustments to the carrying amounts within the next annual reporting period.

Description of the process to identify and assess material impacts, risks and opportunities

Overview of the double materiality assessment process

Tietoevry's double materiality assessment included creating an overview of activities, business relationships and affected stakeholders, along with a background analysis covering industry context, business activities, sustainability frameworks, legislation and peer reviews. The assessment covered the full value chain, including all employees and workers. Special attention is given to workforce segments that may face higher risks, including vulnerable groups.

Step-by-step methodology

The double materiality analysis as a whole included:

1. Stakeholder interviews and a review of the existing materiality assessment
2. Impact materiality assessment
3. Financial materiality assessment

The assessment was conducted separately for each of Tietoevry's five specialized end-to-end businesses, including resources from Business Development and Strategy, Human Resources, Finance, Risk, Sustainability, Operational Excellence and CBS.

Inputs to the assessment

Key inputs used in the process:

Data sources:

• Carbon dioxide equivalent (CO₂e) emissions data
• TCFD analysis
• Human rights risk assessments
• Diversity metrics
• Health and safety data
• ESG risks from Tietoevry's governance, risk, and compliance (GRC) platform
• Geographic risk assessments
• SASB materiality matrix

Sector benchmarks and guidance:

• ESRS requirements, particularly ESRS 1
• EFRAG guidance on the double materiality process
• Industry context and peer reviews
• Sector averages and estimates filled data gaps in the materiality process

Value chain mapping: Geographic risk assessments and the SASB materiality matrix helped identify value chain risks, considering upstream partners' locations and spending. Sector averages and estimates filled data gaps in the materiality process.

Stakeholder consultation: Internal and external stakeholder consultations were conducted, including:

• Stakeholder interviews
• Consultation with internal and external stakeholders such as experts from the company's circularity service providers
• Resources from Business Development and Strategy, Human Resources, Finance, Risk, Sustainability, Operational Excellence and CBS participated in the assessment

Scoring criteria

Impact materiality:

• Actual negative impacts: Materiality based on severity
• Potential negative impacts: Both severity and likelihood were considered
• Actual positive impacts: Evaluated by scale and scope, including likelihood of future benefits
• For impacts deemed "actual", likelihood was automatically set to the highest probability

Financial materiality: Assessed by:

• Potential financial impacts, such as changes in assets and/or liabilities
• Changes in profit or loss
• Company reputation
• Likelihood

Scoring parameters followed the ESRS and guidance on the double materiality process from EFRAG.

Threshold for materiality

Materiality thresholds were established through collaboration between each business and Group Sustainability, with final results for Tietoevry Group weighted by FY2022 revenue. Separate thresholds were applied across categories (actual positive, actual negative, potential positive, potential negative, risks and opportunities) to ensure relevance. A principle of reasonableness was applied to qualitative thresholds, ensuring accuracy based on available data.

Frequency and last review

The last modification to the double materiality assessment occurred during the second half of the reporting year, with ESRS 2 as the guiding framework, ensuring that Tietoevry considered the effects of the criminal ransomware attack in one of Tietoevry's data centers in Sweden.

To maintain alignment with evolving sustainability practices and standards, Tietoevry is committed to revising the double materiality assessment regularly to ensure it remains relevant and accurate. The next scheduled review is set for Q2 2025.

Use of value chain mapping

The assessment covered the entire value chain, including:

• All employees and workers in own operations
• Upstream value chain partners (locations and spending patterns)
• Downstream value chain
• All value chain workers
• Consumers and end-users

Geographic risk assessments and the SASB materiality matrix helped identify value chain risks, considering upstream partners' locations and spending.

Time horizons

For the financial year 2024, Tietoevry has applied the time horizon 0-5 years for all impacts, risks and opportunities during the assessment. This decision reflects the company's existing practices, as longer time horizons have not been commonly used in financial or operational planning.

However, in the assessment of climate-related risks and opportunities, the company also considered the time horizons outlined in its TCFD analysis:

• Short-term (0–2 years)
• Medium-term (2–7 years)
• Long-term (7–30 years)

When revisiting the double materiality assessment during the 2025 financial year, Tietoevry will ensure further alignment with ESRS requirements related to time horizons and will expand to a more forward-looking approach.

Climate-specific assessment methodology

For climate-related impacts, risks and opportunities, the company considered:

Scenarios used:

• IEA Net Zero Emissions (NZE) 2050: Net-zero transition scenario
• RCP 8.5: High emissions scenario with over 4°C global temperature rise
• RCP 4.5: Middle-path scenario with global warming stabilizing between 2°C and 3°C

Physical climate-related risks identified in Tietoevry's operating countries were assessed using the INFORM Risk Assessment model, using RCPs and Shared Socioeconomic Pathways (SSPs) projections to evaluate hazards, vulnerability and a country's ability to cope with crises. The projections forecast climate risks up to 2050 and 2080.

Quality assurance and governance

Internal controls and subject-matter verification, supported by stakeholder engagement, ensured reliability in Tietoevry's sustainability reporting. The result of the company's double materiality assessment, aligning with ESRS requirements, was reviewed by the ARC of the Board.

Pollution-specific assessment

Tietoevry's business activities were assessed as part of the company's double materiality assessment, but not at the level of specific sites. Pollution of soil, pollution of living organisms and food resources, substances of concern and substances of very high concern were considered non-material due to the nature of Tietoevry's operations. However, pollution of air was evaluated as a potential material topic, primarily due to diesel use for backup generators and testing in data centres, as well as value chain activities.

Water and marine resources assessment

Tietoevry evaluated impacts, risks, and opportunities related to water and marine resources using both internal and external expertise, focusing on its own operations and value chain. Water consumption in own operations is limited – mainly for employee offices, cooling, and excess heat transfer to district heating networks. Water use at major sites is regularly monitored.

Biodiversity and ecosystems assessment

Impact on the state of species and impact on the extent and conditions of ecosystems were not considered material for Tietoevry to assess, given the nature of the company's operations in combination with the result of the background analysis. However, direct impact drivers of biodiversity loss were assessed on a sub-topic level.

Circular economy assessment

In terms of circular economy, Tietoevry screened its business activities and current solutions available in the market, as well as conducted a literature review. Consultation was carried out with internal and external stakeholders, such as experts from the company's circularity service providers.

Integration with risk management

Tietoevry employs a systematic approach to risk management to enhance the efficiency, control, profitability, sustainability, and continuity of business operations. ESG impacts and risks, including those identified in the company's double materiality assessment, are an integral part of the risk matrix. These are prioritized based on their potential impact on people and the planet, including regulatory compliance, but also potential impacts on the company's financial performance and status.

Mapping interconnections between impacts and financial risks/opportunities

In the process of identifying and assessing impacts, risks and opportunities in the ESG context, Tietoevry has sought to understand the associated interconnections. This involves a mapping of how the company's impacts and dependencies translate into potential risks and opportunities, both financial and reputational. Tietoevry's approach to mapping these connections is iterative and adaptive, ensuring that as new information emerges and the business landscape evolves, the company can refine its understanding of how impacts and dependencies affect its risk profile and the opportunities available.

Transition plan for climate change mitigation

Scope and alignment

Tietoevry has established a high-level climate transition plan (CTP) approved by the Sustainability Steering Group. The CTP is focusing on climate change mitigation actions within its own operations and across the value chain. The CTP is aligned with Tietoevry's strategy that is further described in SBM-1 and SBM-3.

Tietoevry has set science-based emission reduction targets covering all scopes. The SBT validation team has classified the company's scope 1 and 2 targets and has determined that the targets are in line with a 1.5°C trajectory. These targets are set through 2026, with the exception of the company's business travel target, which is extended to 2030. The targets meet the SBTi's latest guidelines (version 4.2).

Target year for net zero / carbon neutral

Tietoevry is targeting net zero emissions in its own operations by 2026. This will be achieved by reducing scope 1 and 2 emissions by 90%, with any residual emissions addressed annually through the purchase of high-quality carbon removal solutions.

During 2024 Tietoevry committed to establish a net zero target across the value chain aligned with SBTi's requirements.

Scope 1, 2, 3 reduction milestones with baseline years

In the CTP, Tietoevry is committed to reducing its absolute scope 1 and 2 GHG emissions by 90% by 2026 from the 2020 base year. The company is also committed to sourcing 100% renewable electricity by 2026 (up from 80% in 2020).

Additionally, the company aims to cut its scope 3 GHG emissions from business travel by 47% per full-time employee by 2030, using 2019 as the base year.

Tietoevry's supplier engagement target: 70% of suppliers having SBTs by 2026, aims to align emission reductions with the 1.5°C trajectory in the supply chain.

Key decarbonization levers

Energy:

• Use of renewable energy (committed to sourcing 100% renewable electricity by 2026)
• Improving energy efficiency by optimizing office spaces, consolidating data centres and choosing energy-efficient devices

Process and infrastructure:

• Consolidating operations to a selected number of co-located data centres with excellent energy efficiency, a low-carbon footprint and circular economy practices
• Optimizing work spaces, conducting energy inspections, renewing electrical devices
• Adjustments to building automation systems, optimizing lighting in offices based on usage

Business operations:

• Business travel-related emissions mitigated by enabling remote working and the use of virtual conference technologies, as well as by improving instructions and guidelines

Supply chain:

• Active engagement with the company's biggest suppliers
• Encouraging suppliers to set Science Based GHG reduction targets
• All new and renewed material suppliers must accept Tietoevry's Supplier Code of Conduct, including environmental and climate topics
• Climate-related targets and performance included as part of supplier selection criteria

Product and services:

• Adopting circular economy practices
• In the downstream value chain, Tietoevry can help customers reduce their emissions by using the company's products and services

Locked-in emissions and stranded asset analysis

Tietoevry's locked-in GHG emissions primarily arise from its energy-intensive infrastructure, long equipment lifecycles and reliance on non-renewable energy sources. Data centres constitute a significant source of locked-in emissions, consuming large amounts of energy and often being built with lifespans of up to 20 years. This extended lifespan, coupled with reliance on fossil fuel-based electricity from backup diesel generators, can result in long-term emissions.

Tietoevry's screening against the EU Taxonomy Regulation requirements identified a particular locked-in emission related to the global warming potential (GWP) of refrigerants used in the cooling systems of data centres. While alternatives to these refrigerants are limited, Tietoevry plans to gradually adopt solutions that comply with the required GWP limits.

Furthermore, some locked-in emissions are tied to facility infrastructure in regions that are still heavily reliant on fossil fuels. As a result, Tietoevry is focusing on mitigating these emissions by gradually aligning its operations with more sustainable solutions and investing in upgrades where feasible.

Reducing locked-in emissions will require an incremental shift to renewable energy, upgrading existing infrastructure and minimizing air travel by promoting digital alternatives like virtual meetings.

In the upstream value chain, the production of devices such as smartphones, laptops and servers contributes to high carbon emissions. This is mainly due to the energy-intensive extraction and processing of raw materials, such as rare earth metals, as well as the manufacturing processes involved.

CapEx / investment commitments

Tietoevry is not excluded from the EU Paris aligned benchmarks. Tietoevry did not recognize any significant operational or capital expenditure in related to the transition plan in 2024.

Use of carbon credits / removals

Any residual emissions (after 90% reduction in scope 1 and 2 by 2026) will be addressed annually through the purchase of high-quality carbon removal solutions.

Next steps

As part of Tietoevry's ongoing commitment to sustainability, the next steps in the climate transition journey include:

• Specifying the CTP to outline an actionable roadmap for achieving the company's climate goals
• Enhancing the accuracy of value chain-related GHG data to ensure more precise measurement and management of emissions across scope 3
• Establishing a Net Zero Target, aligned with the latest scientific guidance

Policies related to climate change mitigation and adaptation

Tietoevry addresses climate change mitigation and adaptation through three primary policies that establish fundamental principles and commitments.

Environmental Policy

Scope:

• Applies to all Tietoevry companies and employees globally
• Applies to companies under Tietoevry's control

Governance:

• Approved by: Sustainability Steering Group (for the Climate Transition Plan aligned with this policy)
• Implementation responsibility: Chief Sustainability Officer
• Review process: Annual review including stakeholder interest consideration through benchmarking, stakeholder interviews, and active dialogue with experts

Key content and principles:

• Ensuring compliance with applicable environmental laws and regulations
• Pollution prevention
• Promoting environmental awareness
• Contributing to the development of sustainable societies and businesses in collaboration with relevant stakeholders
• Leadership commitment
• Enhanced process approach
• Protection of environment
• Active engagement
• Striving for continuous improvement
• Climate actions, use of renewable energy and energy efficiency
• Circularity and actions to increase positive impact

Alignment with international standards:

• United Nations (UN) Global Compact
• UN Sustainable Development Goals
• ISO 14001 Environmental Management System (EMS)
• Science Based Targets (SBT)

Public availability:

• Publicly available (specific URL not provided in excerpts)

Monitoring and implementation:

• All employees complete mandatory e-learning module in Tietoevry Essentials
• All offices and data centres operate under the company's global EMS, which is ISO 14001 certified and annually externally audited
• Global Environment Team coordinates and supports implementation and continual improvement of the EMS
• Performance tracking against policy commitments through internal processes and reporting
• Implementation responsibility lies with the five specialized businesses

Code of Conduct

Scope:

• Applicable to all employees, Board members, subcontractors, and representatives globally
• Covers all Tietoevry companies

Governance:

• Approved by: CEO and Chief Financial Officer
• Support for adherence: HR and Group Compliance teams
• Review process: Revised annually based on benchmarking, stakeholder consultation, and union engagement

Key content and principles:

• Environmental and climate-related commitments (as part of broader ethical standards)
• Climate topics covered in relation to operations and supplier engagement

Alignment with international standards:

• UN Guiding Principles on Business and Human Rights
• OECD Guidelines for Multinational Enterprises
• UN Global Compact

Monitoring and implementation:

• All employees agree to the Code upon joining the company
• Employees complete annual e-learning course

Supplier Code of Conduct

Scope:

• All new and renewed material suppliers must accept the Supplier Code of Conduct
• Applies to upstream value chain

Key content and principles:

• Includes environmental and climate topics
• Requirements for supplier engagement on climate and environmental matters
• All hardware suppliers and service providers required to have relevant environmental certifications (ISO 14001 or equivalent)

Monitoring and implementation:

• Regular engagement with hardware suppliers to understand sustainability aspects
• Compliance required for all new and renewed material suppliers
• Supplier engagement target: 70% of suppliers having Science Based Targets by 2026

Actions and resources in relation to climate change policies

Tietoevry's main decarbonization levers include the use of renewable energy, energy and material efficiency, consolidation and optimization efforts, and engagement with suppliers. By using these levers, Tietoevry has achieved emission reductions over time and through this the company has contributed to climate change mitigation.

Data centre consolidation project in the Nordics

Description: Consolidation of operations to a selected number of co-located data centres with excellent energy efficiency, a low-carbon footprint and circular economy practices. Implementation of modern technology and infrastructure bringing benefits such as energy efficiency. In some locations, technology allows the energy produced by the data centres to feed nearby district heating networks to warm households.

Scope: Own operations (data centres)

Time horizon: Started in 2021, expected to continue into 2026

Status: Proceeded according to plan during 2024

Use of renewable electricity

Description: Continued using renewable electricity in all data centres and most offices, with commitment to continue in 2025. During 2024, Tietoevry increased the use of renewable energy in its smaller offices in Europe, which was the main contributor of GHG emission reductions in scope 2.

Scope: Own operations (data centres and offices)

Target linkage: Supports SBT of 100% renewable electricity in own operations by 2026 (99% achieved in 2024)

Energy efficiency improvements in offices

Description: Optimizing work spaces, conducting energy inspections, renewing electrical devices, sharing energy-saving tips with employees, adjustments to building automation systems, and optimizing lighting in offices based on usage. In 2024, Tietoevry's operations in Riga were moved to a new A-class energy efficient and BREEAM-certified office space.

Scope: Own operations (offices globally)

Time horizon: Ongoing during 2024, will continue in 2025

ISO 14001 certified Environmental Management System (EMS)

Description: All offices and data centres operate under the company's global EMS, which is ISO 14001 certified and annually externally audited. The Global Environment Team coordinates and supports the implementation and continual improvement of the EMS.

Non-financial resources: Global Environment Team comprising environmental managers from various operating countries, led by the global EMS manager

Responsibility: Five specialized businesses responsible for implementing principles outlined in Environmental Policy

Business travel and commuting initiatives

Description: Strengthening implementation of Tietoevry's Travel Rule, which recommends choosing environmentally friendly options such as train travel over flying. In 2024, Tietoevry conducted a company-wide employee commuting survey to enhance awareness about commuting habits and improvement opportunities, as well as to support GHG emission calculations in scope 3.

Target linkage: Supports SBT to reduce business travel emissions 47% per FTE by 2030 (73% of baseline achieved in 2024, meaning emissions need further reduction)

Supplier engagement for scope 3 reduction

Description: Emissions mitigation through supplier compliance with SBTs, alignment with Tietoevry's Supplier Code of Conduct, and direct engagement with the biggest suppliers.

Scope: Upstream value chain (Purchased goods and services, Capital goods)

Target linkage: Supports SBT to increase to 70% the share of suppliers (measured by emissions from Purchased goods and services) that have established SBTs (baseline 27% from 2022)

Climate change adaptation and resilience solutions

Description: Development and expansion of products and services to support customers in climate change adaptation, helping other industries adapt to climate change. By having expertise in cloud-based solutions and analytics capabilities, Tietoevry could work with partners and customers to develop solutions for climate change adaptation and resilience.

Scope: Downstream value chain (services to customers)

Type: Business opportunity

R&D investments in cutting-edge technologies

Description: R&D investments targeted towards cutting-edge technologies including cloud computing, AI and automation to ensure Tietoevry remains agile, competitive and responsive to global market demands while balancing supply and demand.

Scope: Own operations

Financial and operational resources

Capex/Opex: Tietoevry's action plan for the material IROs did not require any significant operational expenditure (Opex) or capital expenditure (Capex) for the financial year 2024. The company is unable to specify the achieved and expected GHG emission reductions per action. Tietoevry's ability to implement actions depend on the availability and allocation of resources, but due to the sensitivity of this strategic information, the company does not disclose the extent of the dependence.

Targets related to climate change mitigation and adaptation

Overview

Tietoevry has set science-based emission reduction targets covering all scopes, validated by the Science Based Targets initiative (SBTi). The scope 1 and 2 targets are classified as aligned with a 1.5°C trajectory. All targets are aligned with Tietoevry's Environmental Policy.

Climate Change Mitigation, Adaptation and Energy Targets

Additional Target Information

Net Zero Commitment:

• Tietoevry is aiming to achieve net zero in own operations by 2026 (90% reduction in scope 1 and 2, with residual emissions addressed through high-quality carbon removal solutions)
• In 2024, Tietoevry committed to establishing a net zero target across the value chain aligned with SBTi requirements (in development)

Decarbonization Levers:

• Renewable energy usage
• Energy and material efficiency improvements
• Consolidation and optimization efforts (offices, data centres)
• Circular economy practices
• Supplier engagement with SBTs
• Remote working and virtual conference technologies

Scope and Exclusions:

• Scope 1 and 2 targets: All entities within Tietoevry Group included
• Supplier SBT and scope 3 Purchased goods and services: Excludes Avega, Bekk, EVRY India, and Infopulse units in Brazil, Bulgaria, Germany, Poland, and Ukraine (estimated <3% of total emissions)
• Business travel target baseline: 2019 data when business travel represented 8% of scope 3; declined to 4% by 2024

Target Methodology:

• Targets set through scenario analysis and internal/external stakeholder engagement
• Validated by SBTi (latest guidelines version 4.2)
• No milestones or interim targets set
• Not validated by external bodies except assurance providers
• No quantification of expected decarbonization levers' contribution to targets

Progress Notes:

• 2024: Achieved 87% reduction in scope 1 and 2 emissions (on track for 90% by 2026)
• 2024: 99% renewable electricity maintained
• 2024: Business travel emissions reduction at 73% (lower than 2023, indicating slight increase in travel)
• 2024: Supplier SBT engagement at 46% (meaningful progress from 29% in 2023)
• 2024: Environmental training completion at 97%

Energy consumption and mix

Tietoevry reports energy consumption and mix for 2024 in accordance with ESRS E1-5.

Energy consumption disaggregated by source

Methodology and scope

Energy consumption in own operations (scope 1 and 2) decreased by 16% from the previous year (99,932 MWh in 2023 to 83,546 MWh in 2024). The main reason is the company's data centre consolidation programme and transfer to modern technology co-location facilities.

The GHG Protocol Standard was used when accounting for emissions. Scope 1 and 2 reporting boundary covers all Tietoevry companies and subsidiaries. Electricity emission factors are based on national gross electricity production mixes (annual statistics) from the International Energy Agency's statistics (IEA stat 2024). Emission factors per fuel type are based on assumptions in the IEA methodological framework. Factors for district heating/cooling are either based on actual (local) production mixes, or average IEA statistics.

Scope 2 market-based calculations are determined by purchased Guarantees of Origin (GoO)/Renewable Energy Certificates (REC). During 2024 Tietoevry purchased bundled (45%) and unbundled (29%) Energy Attribute Certificates (EACs), in the form of GoOs and RECs which in total covered 73% of scope 2. Purchased renewable district-heating and cooling products are counted as zero emissions, according to the scope 2 market-based method.

Renewable electricity share across offices and owned data centres was 99% in 2024.

Gross Scopes 1, 2, 3 and Total GHG emissions

Scope 1 GHG emissions

Scope 2 GHG emissions

Scope 3 GHG emissions

¹ Comparative value of Capital goods is included in Purchased goods and services in 2023.

Total GHG emissions

GHG intensity per net revenue

Scope and methodology notes:

• Scope 1 and 2: All entities within the Tietoevry Group are included. Emissions reported as CO2 equivalents (CO2e). Electricity emission factors based on national gross electricity production mixes (IEA stat 2024). District heating/cooling factors based on actual (local) production mixes or average IEA statistics. Scope 2 market-based calculations determined by purchased Guarantees of Origin (GoO)/Renewable Energy Certificates (REC). During 2024, Tietoevry purchased bundled (45%) and unbundled (29%) Energy Attribute Certificates (EACs), in the form of GoOs and RECs which in total covered 73% of scope 2. European residual mix emission factors from AIB 2024 and European Residual Mixes 2024. Country-specific IEA emission factors used for non-EU countries. Base year: 2020.

• Scope 3 categories deemed non-material: 4. Upstream transportation and distribution (included within Purchased goods and services), 9. Downstream transportation and distribution (included within Purchased goods and services), 10. Processing of sold products, 13. Downstream leased assets, 14. Franchises, 15. Investments.

• Scope 3 category 1 and 2 (Purchased goods and services & Capital goods): Company-wide spend data used to identify purchase categories. Emission factors from Environmental Protection Agency (EPA) 2020, based on input-output model. Does not cover Avega, Bekk, EVRY India, and Infopulse units in Brazil, Bulgaria, Germany, Poland, and Ukraine. Estimated impact of exclusions accounts for less than 3% of total emissions. These categories were previously reported combined as "Purchased goods and services" and are now separated in 2024.

• Scope 3 category 3 (Fuel and energy-related activities): Emissions calculated by accounting for upstream activities, including extraction, production, and transportation of fuels, as well as transmission and distribution losses. Emission factors from IEA 2024 database.

• Scope 3 category 5 (Waste): Activity data provided by waste management supplier or property manager. Waste type-specific and waste treatment-specific emission factors (DEFRA 2024). Does not cover Avega and Infopulse units in Brazil, Bulgaria, Germany and Poland.

• Scope 3 category 6 (Business travel): Emission factors in kgCO2e per kilometre or passenger kilometre. Air travel emissions reported by Tietoevry's travel agency. Mileage allowance (car) using DEFRA 2024 emission factors. Does not cover Avega and Bekk. Base year: 2019.

• Scope 3 category 7 (Employee commuting): Based on actual commuting and working from home. Home office emissions calculated based on FTEs, working hours, and electricity consumption estimates (10W lighting + 140W electricity). Country-specific emission factors (IEA 2024 for homeworking, DEFRA 2024 or local factors for transport modes). Global employee commuting survey conducted in September 2024 by external service provider.

• Scope 3 category 8 (Upstream leased assets): Scope 1 and scope 2 emissions (market-based) from outsourced data centres. Emission factors from DEFRA 2024 (scope 1), AIB 2024 and European Residual Mixes 2024 (scope 2). GWP 100 years from IPCC sixth assessment report.

• Scope 3 category 11 (Use of sold products): Energy consumption of sold products calculated using product sales data across countries. Products grouped into broader categories. Estimated product lifetime and average annual energy consumption in kWh determined from multiple reliable sources. Total energy consumption calculated by multiplying annual average kWh by product lifespan and number of units sold.

• General scope 3 notes: Share of emissions in value chain calculated using primary data from suppliers or value chain partners is less than 5%; remaining share is estimation-based. GWP of factors used is 100 years from IPCC sixth assessment report.

Biogenic CO2 emissions

Not disclosed.

Regulated emissions (EU ETS)

0% of Scope 1 GHG emissions from regulated emission trading schemes.

GHG removals and mitigation projects financed through carbon credits (E1-7)

Tietoevry cancelled carbon credits corresponding to 1,280 metric tonnes of CO2eq for voluntary offsets of its own GHG emissions related to operations in Norway in 2024. 100% of these carbon reduction credits were purchased from two Gold Standard programme projects in India (renewable energy projects: wind power generation and solar power generation). These projects qualify as corresponding adjustment under Article 6 of the Paris Agreement. All credits issued after annual monitoring and verification; 10% of all credits pooled into buffer account. No adjustments issued for these carbon credits. No removal project credits were purchased in 2024.

Internal carbon pricing (E1-8)

Tietoevry does not have internal carbon pricing.

Anticipated financial effects from material physical and transition risks and potential climate-related opportunities

Phase-in exemption applied

Tietoevry has applied the phase-in exemption for ESRS E1-9 and has not reported the following datapoints for FY2024:

• Exposure of the benchmark portfolio to climate-related physical risks (paragraph 66) - Phase-in, not reported for FY2024

• Disaggregation of monetary amounts by acute and chronic physical risk (paragraph 66(a)) and Location of significant assets at material physical risk (paragraph 66(c)) - Phase-in, not reported for FY2024

• Breakdown of the carrying value of its real estate assets by energy-efficiency classes (paragraph 67(c)) - Phase-in, not reported for FY2024

• Degree of exposure of the portfolio to climate related opportunities (paragraph 69) - Phase-in, not reported for FY2024

Circular Economy in Sustainability Pledge

Within our Climate action pillar, we:

Drive the development towards a circular economy in own operations and through solutions and services

Some recent accomplishments include adopting circular economy practices as part of our commitment to climate action by continuously reducing greenhouse gas (GHG) emissions and adopting circular economy practices.

Our key focus areas include energy management, carbon emissions, and circularity.

Policies related to own workforce

Tietoevry has established several policies that address impacts, risks, and opportunities related to its own workforce:

Human Rights Policy

• Scope: All individuals affected by the company's business operations and partnerships, both in its own operations and throughout its value chain. Covers all regions where the company operates.
• Key content: Aligned with the United Nations Guiding Principles on Business and Human Rights, OECD Guidelines for Multinational Enterprises, and United Nations Global Compact. Outlines the company's approach to safeguarding human rights including accountability for human rights across the value chain, regular human rights due diligence, performance tracking, communication of progress, and robust mechanisms for grievance and remediation.
• Approval and oversight: Formally approved by Tietoevry's CEO. The Group Executive Management team is accountable for successful implementation.
• Public availability: Communicated both internally and externally. Internal training materials and interactive information sessions keep employees informed.
• Link to international standards: Aligned with UN Guiding Principles on Business and Human Rights, OECD Guidelines for Multinational Enterprises, and UN Global Compact (to which Tietoevry is a signatory).
• Monitoring: Performance against policy commitments is regularly reviewed and reported as part of corporate governance practices. Appropriate mechanisms and processes monitor compliance with international standards and norms mentioned.

Code of Conduct

• Scope: Applies to all employees, Board members, subcontractors, and representatives globally, across all employment aspects and in relationships with suppliers, customers, and partners.
• Key content: Outlines ethical commitments regarding workforce and operations. Aligned with UN Guiding Principles on Business and Human Rights, OECD Guidelines, and UN Global Compact. Includes commitments to freedom of association, health and safety, fair employment, compliance with working hours laws, promotion of work-life balance, and strong non-discrimination policy (prohibiting discrimination on gender, identity, nationality, religion, race, age, disability, marital status, sexual orientation, political views, or union membership). Prioritizes health and safety, aiming to prevent workplace hazards, accidents, and occupational diseases. Mandates zero tolerance for bullying, harassment, violence, forced labour, compulsory labour, child labour, and trafficking of human beings.
• Approval and oversight: Approved by the CEO. The Chief Financial Officer is responsible for implementation. HR and Group Compliance teams support adherence.
• Public availability: All employees agree to the Code upon joining and complete an annual e-learning course. Available on the company's intranet and website.
• Link to international standards: Aligned with UN Guiding Principles on Business and Human Rights, OECD MNE Guidelines, and ILO Conventions (addresses prohibition of forced and child labour, freedom of association, and collective bargaining rights).
• Monitoring: Revised annually based on benchmarking, stakeholder consultation, and union engagement to align with best practices. Includes e-learning modules on diversity, equity and inclusion. Mechanisms for grievance and remediation handle cases of harassment and discrimination. Whistleblowing channel allows anonymous reporting, with reports logged and independently followed up by the Whistleblowing Unit. Reports of severe or sensitive character reviewed by the Escalation Committee.

Health and Safety Policy

• Scope: All employees globally.
• Key content: Focuses on promoting both physical and mental health by maintaining a safe and healthy work environment. Includes measures to identify and minimize workplace hazards, provide necessary training, and ensure emergency preparedness. Emphasizes compliance with relevant health and safety laws, regulations, and standards.
• Approval and oversight: Approved by the Head of HR. The Head of Workplace Innovation & Facilities oversees implementation.
• Monitoring: All incidents, risks, and compliance issues related to health and safety are reported through the company's risk management system. Employees encouraged to actively contribute by reporting hazards and incidents.

Human Resource Policy

• Scope: All Tietoevry operations.
• Key content: Developed during 2024. Further underlining the company's commitments to gender equality. Sets the foundation for remediation approach.
• Approval and oversight: Developed by the HR function led by the Head of HR.
• Monitoring: The completion of Code of Conduct training, which includes e-learning modules about diversity, equity and inclusion (DEI), continued to be mandatory for all employees during the year.

Taking action on material impacts on own workforce

Overview

Tietoevry's approach to addressing material impacts on its workforce, managing key risks, and pursuing significant opportunities is grounded in its sustainability due diligence framework. This framework includes processes to identify, mitigate, and remediate both actual and potential negative impacts on employees. The framework is reinforced by regular management training programmes that enhance awareness and equip leaders with the skills needed to navigate workforce challenges.

The scope of key actions includes all countries and geographical areas where Tietoevry operates.

Actions on Gender Equality and Equal Pay

Key actions during 2024:

• Development of a new Human Resource Policy, further underlining the company's commitments to gender equality
• Development of new mandatory training on diversity, equity, and inclusion (DEI) for managers
• Re-establishment of the Women@Tietoevry employee resource group (ERG) in Sweden and Norway
• Launch of external campaigns to attract female tech talent
• Strengthened cooperation with female tech networks in the Nordics, including Women in Tech Stockholm, Helsinki, and ODA Nettverk in Norway
• Conducted global pay gap analysis to identify and address disparities, with specific efforts focused on the gender pay gap, including:
  • Adjustments of flagged salaries during the annual salary review process
  • Refinement of job structures and improvement of data quality for future evaluations
• Development and implementation of new targets related to gender equality, equal pay and diversity to improve tracking of performance
• Continued mandatory Code of Conduct e-learning, which includes modules about DEI, for all employees

Long-term activities (initiated before 2024, continuing):

• Diversity-focused recruitment
• Improved internal reporting on gender balance figures
• Diversity succession planning
• Long-term incentive plans, including the target of increasing the share of female recruits

Planned actions for 2025:

• Continue policy development and reviews in relation to DEI
• Develop additional training for all employees and managers to increase awareness around diversity and inclusion
• Gender pay gap analysis will be a standard part of annual assessments
• Establish additional ERGs

Expected outcomes:

Positive impact on gender equality and equal pay topics, while also mitigating risks related to gender equality. Financial opportunities by enhancing the company's attractiveness as an employer, improving employee retention, increasing productivity and lowering recruitment-related costs.

Commitment:

Tietoevry remains committed to its aspiration to reach a gender split of 49/49 within the overall workforce over time. In 2024, the aspiration was reformulated to also include those who identify outside of the binary, and to create a workforce that reflects the diversity of the communities it serves.

Actions on Work-Life Balance and Working Time

Ongoing actions:

• Promotion of healthy work-life balance including reasonable working time through:
  • Remote work options
  • Adjustable working hours
• Monitoring of overtime on a quarterly basis
• Target set in 2024: keeping overtime below 3% of normal average working hours
• Compliance of time reporting system with local labour laws, particularly in countries with defined legal overtime limits
• In locations with active union participation or work councils, overtime reporting done in collaboration with these bodies

Assessment mechanisms:

• Company-wide employee survey (conducted once in 2024) featuring workload as a key category
• Employee surveys for specific functions and business areas (conducted four times during 2024)
• Regular evaluation of work-life balance through ongoing manager-employee check-ins

Planned actions going forward:

• Continue hybrid work setup
• Continue adjustable working hours
• Continue ongoing dialogues between employees and managers

Expected outcomes:

Healthier work-life balance for employees, increased engagement, reduced burnout, and enhanced overall well-being.

Actions on Secure Employment

Ongoing actions:

• Professional development framework, emphasizing:
  • Regular development dialogues and check-ins
  • Continuous support from managers
• Employee survey includes elements evaluating goal-setting and professional growth
• Increased focus during 2024 on development dialogues to support employees in having relevant skills in a fast-paced changing industry

Planned future actions:

• Communication plans with managers
• Training programmes
• Enhanced monitoring

Expected outcomes:

Sustain Tietoevry's positive impact in secure employment while fostering further improvements. Expected outcomes include career advancement, including reskilling and upskilling, enabling employees to stay employable.

General Risk Mitigation Actions

Unified delivery models and employee development:

• Unified delivery models across locations
• Challenging roles and diverse development opportunities
• Social recognition programmes
• Training programmes
• Career pathways through job rotation
• Competitive compensation packages, including comprehensive company-wide incentive system
• Effective recruitment tools and strategies
• Talent management and competency development, including reskilling
• Employer branding initiatives
• Commitment to diversity, equity, and inclusion (DEI)

Resources Allocated

Human resources:

• Specialized teams with expertise in workforce management
• Teams responsible for developing action plans, supporting implementation, and providing compliance guidance

Non-financial resources:

• Robust platforms to support employee training
• Tools to facilitate meaningful development discussions
• Systems to conduct regular employee surveys
• Mechanisms to promote continuous feedback and engagement
• Culture of inclusivity and collaboration

Financial resources:

No significant operational (Opex) or capital (Capex) expenditures were allocated during 2024. No future financial resources (Opex or Capex) have been allocated to future action plans at this time.

Approach to Preventing Negative Impacts

Tietoevry strives to ensure its practices do not cause or contribute to material negative impacts by:

• Aligning business operations with Code of Conduct and Human Rights Policy
• Conducting regular audits and risk assessments of procurement, sales, and data use policies
• Actively engaging with stakeholders, including employees and suppliers
• Gathering feedback to address concerns
• Clear management policies to guide decision-making when tensions arise
• Continuous feedback and learning mechanisms

Targets related to own workforce

Tietoevry has established six quantified targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities concerning its own workforce. All targets except the share of female recruits use 2024 as the baseline year. The share of female recruits uses 2020 as its baseline year, with a baseline value of 27%.

Overview of targets

*Definition of leadership positions is senior managers: Job grade 15 and higher + CEO

Target scope and measurement

Scope exclusions:

• The target scope for senior manager by gender does not cover Avega, Bekk, Eye-share, EVRY India, the Infopulse units in Brazil, Germany, Poland, and Ukraine as these entities operate under a different job grade system.
• The target scope related to the diversity, equity and inclusion training does not cover Bekk, which operates fully as a portfolio company.

Measurement frequency:

• All targets are measured annually, with specific target periods outlined in the target table.
• Several key targets are monitored quarterly, including: 30% of underrepresented gender in leadership positions by 2030, 37% of female recruits by 2025, work-life balance (keeping overtime at low levels), and 90% completion rate for the annual My Growth review.
• Quarterly reports are generated both at business and Group levels.

Validation:

• Measurements of the targets are not validated by any external body except for the assurance providers.
• No milestones or interim targets have been set.

Target-setting methodology

Tietoevry's target-setting methodology combines benchmarking, legislative review, and employee needs assessment, using data from internal surveys, compliance reports, international standards, and input from employee committees. Employees and management provided essential feedback through consultations. Cross-functional teams from strategy, HR, Finance, and Sustainability contributed insights, while employee dialogues provided diverse perspectives. Final targets received approval from Group Executive Management.

Progress in 2024

Board positions: 30% of board positions were held by the underrepresented gender, showing progress towards the 33% target by 2026, with a 3-percentage point gap.

Leadership positions: 25% representation falls short of the 2030 target of 30%, highlighting the need for further efforts (though this was the first year with baseline 2024).

Female recruits: 34% achievement is below the 37% target for 2025, yet reflects a positive trend from the 27% baseline in 2020. Challenges include lower recruitment volumes and fewer graduates.

Gender pay gap: First year of company-wide assessment resulted in 3% unexplained gender pay gap, well below the 5% threshold.

Linkage to remuneration

Tietoevry introduced Environmental, Social and Governance (ESG) measures in the Long-Term Incentive (LTI) plan in 2022. A 10% weight is assigned to the SBT-approved GHG reduction target, and 10% weight is allocated to the gender diversity target aiming to increase share of female recruits.

Personnel

PERSONNEL: 22 941

NUMBER OF OPERATING COUNTRIES: ~90

Personnel on average: 23 593 (2024), 24 181 (2023) Personnel on 31 Dec: 22 941 (2024), 24 159 (2023), 24 320 (2022), 24 389 (2021), 23 632 (2020)

Characteristics of non-employees in the undertaking's own workforce

Tietoevry's double materiality assessments cover all employees, regardless of their role, location, or employment type (including full-time, part-time, and temporary workers) as well as non-employees in the workforce including self-employed people and people provided by third-party undertakings primarily engaged in employment activities.

The company evaluates impacts on specific workforce segments that may face higher risks or challenges through regular monitoring, surveys, and engagement with workforce representatives. Tietoevry's risk assessment, which is integrated into its human rights due diligence process, considers factors like gender, age, job role, and location.

Quantitative disclosure

No specific headcount, FTE figures, or breakdowns by type (contractor, agency worker, self-employed) for non-employee workers are disclosed in the sustainability statement.

Methodology

The company states that its double materiality assessment methodology includes non-employees in the workforce, but does not specify the counting methodology (headcount vs FTE) used for this population.

Collective bargaining coverage and social dialogue

Employment Terms and Conditions

Tietoevry ensures that the working conditions and terms of employment for its employees are largely determined or influenced by collective bargaining agreements, particularly within the European Economic Area (EEA).

In consideration of the working conditions and terms of employment of non-employees, Tietoevry aims for transparency and adherence to industry standards where collective bargaining agreements are applicable. While specific estimates of coverage rates for non-employees are not available, the company strives to ensure fair and equitable treatment across all its workforce segments.

The percentage of total employees covered by collective bargaining agreements during 2024 was 42%.

Social Dialogue

In relation to social dialogue, Tietoevry actively facilitates structured engagement between employees and management. Employees within the European Union (EU) are covered by a European Works Council (EWC) agreement. This agreement ensures robust representation and dialogue on matters concerning working conditions, employment terms, and other significant workplace issues.

The percentage of total employees covered by workers' representatives in the EEA during 2024 was 66%.

Coverage by Country

Methodology

Data related to collective bargaining coverage and social dialogue is collected from HR specialists in all countries of operations via a manual process. Data reported includes end-of-year headcount and percentage of employees covered by collective bargaining agreements.

Diversity Metrics

NEW FEMALE HIRES: 34%

ESG measures in long-term incentive plans include female recruits targets: • LTI 2022-2024: Target 35% by end of 2024 • LTI 2023-2025: Target 37% by end of 2025 • LTI 2024-2026: Target 38% by end of 2026 • LTI 2025-2027: Target 39% by end of 2027

Diversity and Inclusion Commitment:

We are committed to achieving a 90% reduction in our GHG emissions by 2026, based on 2020 levels, and increasing the share of underrepresented genders in leadership positions to 30% by 2030, while fostering a culture of diversity, equity and inclusion.

Board Diversity:

Three out of nine members elected by the AGM during 2024 were female. Gender diversity is continuously on the SNB's agenda. The company will ensure that diversity principles will be updated to reflect the requirement to achieve the balanced representation of women and men on the Board no later than 30 June 2026.

Training and Skills Development

EMPLOYEES TRAINED IN RESPONSIBLE AI: 97%

97% of our employees – 23 199 individuals – were trained in Responsible AI.

During 2024, our annual training for employees included a new module on Responsible AI. We remain committed to keeping ourselves at the forefront of technology adoption, also with respect to our responsible approach.

Technology and Professional Development:

Beyond the value that technologies such as AI bring to people, businesses and societies, technology development also fuels continuous learning and professional growth for Tietoevry employees. We encourage our people to embrace these opportunities.

Tietoevry continued to actively invest and promote reskilling towards new technologies of cloud, data and AI.

Work-life balance metrics

Family-related leave entitlement and uptake

No quantitative metrics disclosed for the percentage of employees entitled to family-related leave (maternity/paternity/parental/family care) or the percentage who took such leave, broken down by gender.

Return-to-work rate after parental leave

No quantitative metrics disclosed for return-to-work rates after parental leave, broken down by gender.

Working time and overtime

Tietoevry measures work-life balance by tracking overtime hours:

Overtime as percentage of normal average working time (2024): 1%

Target: Keep overtime below 3% of average normal working hours

Methodology note: The company monitors overtime quarterly. The reliability of this metric is influenced by data availability challenges arising from variations in employment contract types and local legislative differences. Time reporting system compliance with local labour laws varies by country, particularly where legal overtime limits are defined.

Work-life balance initiatives

The company reports qualitative information about work-life balance support including:

• Hybrid work setup and remote work options
• Adjustable working hours
• Regular manager-employee check-ins to evaluate work-life balance
• Employee survey includes workload as a key category
• Work-life balance evaluated through ongoing development dialogues

No quantitative metrics are provided for the percentage of employees utilizing flexible work arrangements or other family-related leave programmes.

Compensation metrics

Pay gap

Tietoevry has undertaken a thorough analysis of employees' base pay to assess the gender pay gap, adhering to well-defined principles and rules. Assessment has included both the unadjusted pay gap, which amounted to 12% during 2024, as well as the adjusted gender pay gap, which was 3% during 2024.

The unadjusted gender pay gap is determined as the difference in average annualized full-time salary between male and female employees, expressed as a percentage of the average annualized full-time salary of male employees.

The adjusted gender pay gap evaluation framework involves assessing compensation within specific peer groups, based on country, business, and job profiles for employees in the centralized human resource management system and similar categorizations for those outside of the centralized system. This is to ensure that peer groups represent individuals performing a similar type of work in the same business and location. Furthermore, the analysis factored in several key variables, such as employee work-life experience, tenure within the company and their current role, and supervisory responsibilities.

During 2024, the first year of conducting a company-wide gender wage gap assessment, Tietoevry set itself the target of keeping the unexplained (adjusted) gender wage gap below the 5% threshold and achieved a result of 3% globally. This strong outcome highlights Tietoevry's commitment to pay equity through transparent practices, benchmarking, and structured compensation processes. As the initial assessment, it establishes a valuable baseline for future improvements.

Remuneration ratio

The total remuneration ratio at Tietoevry is determined by comparing the annual remuneration of the highest-paid individual to the median annual remuneration of other employees, excluding the highest-paid individual. During 2024, the total remuneration ratio was 34:1 (or 34%).

The total remuneration data was gathered at an individual level from the company's central human resource system, along with inputs from country HR representatives where needed (for locally administered benefits, pensions, and allowances).

Methodology

To allow for a meaningful comparison of employee remuneration across different countries, Tietoevry applied the World Bank's Purchasing Power Parity (PPP) conversion factor to all individual remuneration data. The PPP conversion factor was applied based on the employee's country of employment to determine employee total remuneration in international dollars (total remuneration in local currency/PPP conversion factor), which is then used to further determine the total remuneration ratio.

Employee data is collected via the Human Capital Management Platform (Workday) as well as through a manual process from subsidiaries not integrated in Workday. Headcount numbers are reported at the end of the reporting period. Assumptions are not used in the reporting related to metrics in S1-16.

Incidents, complaints and severe human rights impacts

Data collection methodology

Tietoevry collects data on incidents, complaints, and severe human rights impacts through the company's whistleblowing channel as well as from HR partners. Data is consolidated at the end of the year for reporting purposes. The company also reviews any complaints that might have been channelled to the National Contact Points.

Incidents and complaints (2024)

Status of cases

Severe human rights impacts

No cases of severe human rights incidents – including forced labour, human trafficking, or child labour – were reported during the year.

Fines, penalties and compensation

There were no fines, penalties or compensation for damages resulting from any of the reported cases.

Value chain workers

In 2024, Tietoevry identified two cases of potential non-compliance with the UN Guiding Principles on Business and Human Rights, ILO Declaration on Fundamental Principles and Rights at Work, or OECD Guidelines for Multinational Enterprises involving value chain workers:

1. A Norwegian supplier accused of poor working conditions, leading to an external inquiry under the Norwegian Transparency Act. The matter was investigated and resolved following dialogue with the supplier regarding compliance with Tietoevry's Supplier Code of Conduct.

2. A customer inquiry about how Tietoevry ensures respect for human rights and working conditions among its limited number of suppliers located in Israel. A risk assessment was conducted, and the situation is being monitored with further supplier dialogues planned for 2025.

Tietoevry is not aware of any severe human rights issues or incidents in its value chain reported during 2024.

Business Ethics and Corporate Culture

Ethical Conduct Pillar:

Uphold the highest ethical standards in every facet of our business: • Ensure responsible solutions, protect privacy and safeguard solid cybersecurity across all operations • Foster responsible use of AI

Code of Conduct and Ethics:

The Audit and Risk Committee assesses compliance with legislation, official regulations and the company's Code of Conduct.

Values and Culture:

We strongly rely on our core values of openness, trust and diversity at all times. As a concrete example, we continue to leverage the flexible hybrid ways of working co-created with our employees in 2021.

Responsible AI:

We also take highly seriously the ethical considerations embedded in the development and utilization of technology, including AI. During 2024, our annual training for employees included a new module on Responsible AI. We remain committed to keeping ourselves at the forefront of technology adoption, also with respect to our responsible approach.

Foster responsible use of AI is a key commitment under our Ethical conduct pillar.

Compliance and Anti-corruption

Tietoevry has also specified its compliance management system, including the compliance organization, steering model, and annual plan for compliance-related activities. The Group Compliance Officer is responsible for maintaining the whistleblowing channel and coordinating investigations as well as ensuring the effectiveness and functionality of the governance model for compliance work.

Governance of risk and compliance:

At Tietoevry, governance, risk, and compliance (GRC) are closely linked and consistently defined corporate policies and rules with proper controls.

The Audit and Risk Committee assesses compliance with legislation, official regulations and the company's Code of Conduct.

Incidents of corruption or bribery

Confirmed incidents

In 2024, Tietoevry reported zero confirmed incidents of corruption or bribery.

Convictions and fines

During 2024, Tietoevry had zero convictions for violation of anti-corruption or bribery and paid no fines as a result.

Open legal case

One alleged corruption case related to the company remained open during the year. The case was first reported in 2018 and involved a former Tietoevry employee who was convicted in Belarus for bribing a public official. This led to charges in 2020 against Tietoevry Banking Latvia SIA (formerly SIA Tieto Latvia) for lack of internal controls and tax evasion. The case is still subject to court proceedings in the Riga District Court. Tietoevry denies the charges and continues to defend its position.

Disciplinary actions

As a result of the zero confirmed incidents in 2024, there were no employees dismissed or disciplined due to corruption or bribery during the reporting year.

Contracts terminated

No information was disclosed regarding contracts with business partners terminated or not renewed due to corruption or bribery incidents in 2024.

Investigation procedures and speak-up mechanisms

Tietoevry maintains a third-party-operated whistleblowing channel that allows for anonymous submissions. The Group Compliance Officer is responsible for maintaining the whistleblowing channel and coordinating investigations. Reports are logged and independently followed-up by the Whistleblowing Unit, ensuring confidentiality and protecting whistleblowers against retaliation. Reports of a severe or sensitive character are reviewed and followed-up by the Escalation Committee, which consists of the Head of Corporate Governance and Compliance, Head of Group Legal & Compliance, Head of Internal Audit, Head of HR and Group Compliance Officer.

All reports are handled confidentially, and whistleblowers can remain anonymous. The Whistleblowing Channel can be accessed by both employees and external parties such as customers, suppliers, and business partners. Reports to the Whistleblowing Unit are addressed within four working days and are provided with follow-up updates within three months.

Allegations of corruption and bribery are always investigated in accordance with the Whistleblowing Rules. Investigation outcomes are reported to the Audit and Risk Committee (ARC) biannually, or as required by the Whistleblowing Rules.

Target

Tietoevry has set a target of zero incidents of corruption detected by the Whistleblowing Unit (new target for FY2024). The base year for this target is 2024 with a baseline value of zero. The company achieved this target in 2024 with zero incidents reported.

Payment practices

Standard contractual payment terms

The standard payment term is 30 days according to the Group's Credit Policy.

Trade receivables maturity analysis

The following table shows the maturity profile of gross trade receivables as of 31 December 2024 and 2023:

Note: At the end of 2023, the majority of trade receivables overdue over 90 days were subject to negotiation with a customer, with a corresponding entry in contract liabilities and therefore excluded from the ECL calculation. The invoices were credited in full in the first quarter of 2024.

Average expected credit loss rates

Trade receivables are non-interest bearing and are initially recognised at fair value and subsequently at amortized cost less expected credit loss allowance. Default is defined as 90 days past due or a write off event, due to inability to collect debt.