Trifork

Switzerland|IT Consulting & Other Services|FY2024|Auditor: EY Godkendt Revisionspartnerselskab|View original report →

ESRS 2General Disclosures

GOV-1The role of the administrative, management and supervisory bodies
Reported

Trifork's sustainability governance rests with the Board of Directors and Executive Management. The Board holds ultimate responsibility for overseeing progress on sustainability ambitions and targets. The Audit & Risk Committee, a sub-committee of the Board, monitors impacts, risks, and opportunities across environmental, social, and governance areas, and in 2024 increased its meeting frequency to add a dedicated sustainability session and reviewed and approved the Double Materiality Assessment. The Nomination & Remuneration Committee integrates sustainability into the Remuneration Policy and helps ensure diversity and the right competencies. The CFO oversees sustainability within Executive Management, with operational leadership from the ESG Manager, supported by Group Finance and Group Legal. The Board conducts an annual evaluation of competencies, diversity, knowledge, and experience. This year's evaluation concluded that all board members possess the relevant skills for Trifork's identified material IROs, and that the Board and Executive Management have sufficient sustainability expertise. Member expertise is disclosed in the Board and Executive Management CVs in the Corporate Governance section.

GOV-2Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies
Reported

The Audit & Risk Committee established a new annual ordinary meeting in Q3 to identify, review, and discuss material impacts, risks, and opportunities related to sustainability. In this session the committee follows up on sustainability frameworks and discusses policies, actions, metrics, and targets. The first such meeting took place in 2024, when the committee reviewed and approved the Double Materiality Assessment with input from the ESG team and Group Finance. The committee receives updates on IRO progress at every other ordinary meeting, held five times a year, in addition to the dedicated sustainability meeting. These updates cover annual reporting, IRO identification from the DMA, internal due diligence, and reporting requirements. In 2024 the committee was informed about the DMA, its outcomes, and how Trifork tracks actions to prevent, mitigate, or remediate identified impacts alongside financial risks. The Committee updates the Board after each meeting, and the Board holds an annual strategy seminar. It has not yet been possible to address any IROs because 2024 was the first year of identification; they will be addressed in 2025.

GOV-2(was GOV-3)Integration of sustainability-related performance in incentive schemes
Reported

Trifork operates with two bodies, the Board of Directors and Executive Management, and includes sustainability-related performance in the incentive schemes for Executive Management. A total of 10% of Executive Management's variable remuneration relates to performance on specific sustainability targets. The sustainability-related targets for financial year 2024 were a successful adoption and implementation of the CSRD, specifically the successful passing of the limited assurance audit of the 2024 CSRD reporting, as well as all revenue generated being in line with the Trifork Group CSR Policy. Targets are set and assessed by the Board of Directors following recommendations from the Nomination & Remuneration Committee, which may decide to partially remunerate if targets are partly met. Because these incentives are integrated into variable remuneration, they form part of both short-term and long-term incentives under the Remuneration Policy. The Nomination & Remuneration Committee continuously assesses whether the Remuneration Policy supports short- and long-term objectives, at least annually, in compliance with the Danish Companies Act sections 139(2) and 139 B(4).

GOV-3(was GOV-4)Statement on due diligence
Reported

Trifork provides a due diligence statement in the form of a mapping table showing how it applies the core elements of due diligence and where each is presented in the sustainability statements, with page references. The five core elements covered are: embedding due diligence in governance, strategy, and business model; engaging with affected stakeholders in all key steps; identifying and assessing adverse impacts; taking actions to address those adverse impacts; and tracking the effectiveness of these efforts and communicating. Each element is cross-referenced to the relevant disclosures, including GOV-1 management responsibilities and oversight of IROs, GOV-2, GOV-3, SBM-2 stakeholder interests, SBM-3 DMA outcome, IRO-1 DMA process, MDR-P policy overview, and topical disclosures such as E1-3 to E1-6, S1-4, S1-5, S1-9, S1-14, S1-17, S4-4, S4-5, G1-3, and G1-4.

GOV-4(was GOV-5)Risk management and internal controls over sustainability reporting
Reported

Trifork has reported selected ESG metrics since 2022, and with the first year of CSRD implementation in 2024 it significantly expanded and refined its internal control systems to cover the full scope of sustainability reporting. The control approach is aligned with the financial reporting processes to ensure robustness and reliability, supported by a wider range of internal controls and tailored training for relevant personnel. Risks are evaluated on an ongoing basis regarding data accuracy and completeness, in close collaboration with internal data owners, financial controllers, the ESG Team, and external auditors. The main identified risks concern value chain data and data from leased locations such as offices and data centers, where Trifork is not the owner of the data, plus increased complexity from the expanded CSRD scope. These are mitigated through guidance to data owners, control systems established by Group Finance and the ESG team, standardized reporting templates, internal training, and best practices. Findings, including assurance observations, are reported to the Audit & Risk Committee during year-end audits.

SBM-1Strategy, business model and value chain
Reported

Trifork delivers next-generation IT services, products, and platforms to corporate and public customers, helping organizations leverage new technologies by building, maintaining, operating, and protecting customized software solutions across six business areas: Digital Health, Fintech, Smart Building, Smart Enterprise, Cloud Operations, and Cyber Protection. It operates in 15 countries, primarily in Europe, as well as the U.S., Oman, and Australia. The value chain covers all activities from sourcing to service delivery. Trifork does not produce or distribute physical products, but its upstream includes suppliers of hardware and software relying on raw materials, manufacturing, and transport; own operations cover developing and operating IT solutions; and downstream covers service delivery to customers and end-users, with data center providers playing an important role. No material risks related to dependency on natural resources were identified, but dependency on human resources, such as attracting and retaining qualified personnel, was assessed. Sustainability is embedded in the strategy, though a dedicated ESG strategy is not yet developed. Targets include a 70% Scope 1 and 2 emissions reduction and 100% renewable electricity in own operations by 2030, plus diversity targets.

SBM-2Interests and views of stakeholders
Reported

Trifork engages continuously with stakeholders, both formally and informally, to gather insights into their expectations, concerns, and priorities, and this input feeds into the double materiality assessment. Its first DMA was completed through direct interactions with stakeholder groups or through internal subject-matter experts acting as proxies. The key stakeholder groups are partners and customers, employees, suppliers, authorities, and investors. A table sets out how engagement is organized, its purpose, and outcomes: for example, customer NPS and ESG requests from customers leading to product and service improvements; annual employee surveys and workplace assessments leading to policy updates such as DEI; very limited supplier engagement leading to a responsible suppliers target; regulatory monitoring with authorities; and ESG ratings, regular reporting, investor calls, road shows, and capital markets days with investors. Relevant teams such as sales and marketing and the ESG team assess and act on feedback. The Audit & Risk Committee is regularly updated on key findings, and the Board receives annual updates from Executive Management. The results were found to align with Trifork's current strategy and business model.

SBM-3Material impacts, risks and opportunities and their interaction with strategy and business model
Reported

In its 2024 double materiality assessment, Trifork identified 18 IROs material to the company. IROs related to Own workforce (S1), Consumers and end-users (S4), and Business conduct (G1), including entity-specific topics, are found double material, while Climate change (E1) is found impact material. Overall, the material IROs relate to the core activities of Trifork's business model and are primarily close to its own operations, affecting or affected by customers and end-users, employees, offices, and data center activities. Because of this close connection, most IROs are managed on an ongoing basis within operations, while value chain IROs are influenced mainly through strengthening policies and procedures with suppliers and business partners. Environmental impacts arise from resource consumption and GHG emissions with global consequences; social impacts stem from systemic industry challenges and Trifork's teal organization model; governance impacts arise from business conduct and corporate culture. The topics E2 Pollution, E3 Water and marine resources, E4 Biodiversity and ecosystems, E5 Circular economy, S2 Workers in the value chain, and S3 Affected communities were found immaterial. Trifork assesses its strategy resilience as high across short-, medium-, and long-term horizons.

IRO-1Description of the processes to identify and assess material impacts, risks and opportunities
Reported

During 2024 Trifork finalized its first double materiality assessment, prepared with reference to the final July 2023 ESRS standards, and will revisit it annually. The scope covers the entire value chain, upstream and downstream, plus internal operations. All ESRS topics were considered, producing a gross list of topics, sub-topics, and sub-sub-topics, plus a separate assessment of entity-specific IROs. Stakeholders were engaged through external stakeholders and internal subject-matter experts acting as proxies. The DMA captures two dimensions: impact materiality (inside-out), assessing scale, scope, irremediability, and likelihood; and financial materiality (outside-in), assessing the significance and likelihood of risks and opportunities. A conservative first-year approach focused on negative impacts. Impact scoring was carried out by the ESG team; risk scoring by Group Finance using the Enterprise Risk Management tool, based on the magnitude of financial effects on EBITDA and likelihood, scored from insignificant to catastrophic. Internally developed thresholds were applied, and impacts or risks scored moderate or higher are deemed material. The process followed five steps: scoping, identification, assessing and threshold setting, internal reviews, and approval by the Audit & Risk Committee, with the long list also approved by the CFO.

IRO-2Disclosure requirements in ESRS covered by the undertaking's sustainability statement
Reported

Trifork provides a Disclosure Overview listing the ESRS disclosure requirements covered by its sustainability statements, the section, page, and any incorporation by reference, following the DMA and mapping of all material information applicable to Trifork. The index covers ESRS 2 general disclosures (BP-1, BP-2, GOV-1 through GOV-5, SBM-1 through SBM-3, IRO-1, IRO-2), with certain GOV-1 content incorporated by reference from the Corporate Governance section on pages 49-54. Material topical standards covered are ESRS E1 Climate change, S1 Own workforce, S4 Consumers and end-users, and G1 Business Conduct, plus an entity-specific ES section on Information security. The topics E2, E3, E4, E5, S2, and S3 were found immaterial through the DMA and their disclosure requirements are not reported. Several data points are covered under phase-in provisions, including E1-9, S1-7, S1-11, S1-13, and S1-15. Data points located outside the sustainability statements are marked with datapoint numbers and are subject to limited assurance.

E1Climate Change

E1-1Transition plan for climate change mitigation
Reported

Trifork states its business and strategy are not significantly impacted by climate change but that it remains proactive on emission reductions. It has not yet formalized a detailed transition plan and has no short-term intention to align Trifork activities with the EU Taxonomy. Its commitment to the Science Based Targets initiative (SBTi) reflects dedication to the Paris Agreement, and initial calculations suggest it can align with SBTi's 1.5 degrees Celsius goal. Because there is no sectoral decarbonization pathway for software, Trifork screened the economy-wide scenario. Decarbonization levers include phasing out petrol and diesel cars for a low-carbon electric and hybrid fleet before 2030, sourcing renewable electricity, heat and cooling for Scope 2 (terminating leases where landlords will not shift), and working with the value chain on Scope 3 by moving from spend-based data to supplier-specific data and selecting suppliers with reduction targets. Trifork confirms no locked-in GHG emissions and intends to implement a Climate Transition Plan when CSDDD applies in 2029.

E1-4(was E1-2)Policies related to climate change mitigation and adaptation
Reported

Trifork reports that it has an established CSR policy setting principles and procedures for climate change mitigation, reflecting its sustainability commitment and guiding decision-making in line with environmental ambitions and material climate IROs. The CSR policy focuses on key areas including minimising the climate footprint for customers through software solutions, reducing CO2 emissions across operations, prioritising renewable energy for offices and data centres, supporting remote work to cut transport emissions, and transitioning to a low-carbon fleet with electric and hybrid models. For further details on key contents, scope, accountability, and availability of related policies, Trifork refers readers to the Policy overview in its General Disclosures section.

E1-5(was E1-3)Actions and resources in relation to climate change policies
Reported

Trifork describes actions taken in 2024 to lower CO2 emissions across all three GHG Protocol scopes, noting that before 2024 it had no expectations to reduce emissions. Key Scope 1 actions involve electrifying the car fleet as lease contracts end (a fuel-switching lever): electric or hybrid vehicles rose from 53% of the fleet in 2023 to 59% in 2024, with a 100% electric or hybrid fleet targeted by end of 2029. For energy, 73.6% comes from renewable sources, with Trifork aiming for 100% renewable electricity through energy efficiency and higher renewable use, though it depends partly on office landlords. For Scope 3, actions focus on improved data quality, with 90% of Scope 3 emissions calculated using the spend-based approach; lever types are product/service change and supply-chain decarbonization. Trifork believes it has allocated sufficient human resources and capital to fulfil these actions.

E1-6(was E1-4)Targets related to climate change mitigation and adaptation
Reported

Trifork states it does not yet have GHG reduction targets aligned with ESRS requirements and therefore does not report Scope 1, 2, and 3 targets. However, it has committed to set targets under the Science Based Targets initiative, currently awaiting submission for SBTi verification, to be disclosed once approved. As shared at its Capital Markets Day in May 2024, Trifork expects a 70% reduction in Scope 1 and 2 emissions by 2030, 100% renewable electricity in own operations by 2030, and 70% of suppliers to have set science-based targets within two years of Trifork's SBTi target approval. It expects to choose 2023 as the baseline year, viewing it as more representative than 2022. Targets will align with SBTi and limiting global warming to 1.5 degrees Celsius, cover the entire Group, and account for future employee growth. Scope 1 reductions come from fleet electrification and Scope 2 from a shift to renewable energy.

E1-7(was E1-5)Energy consumption and mix
Reported

Trifork reports that 73.6% of total energy consumption comes from renewable sources in 2024 (up from 67.4% in 2023), primarily electricity in office spaces and data centers, with the remaining 26.4% from non-renewable fossil sources. Total energy consumption was 5,754,759 thousand MWh in 2024 versus 4,605,915 in 2023. Fossil-source consumption totalled 1,487,386, of which purchased electricity, heat, steam or cooling from fossil sources was 1,475,030 and crude oil and petroleum products 12,356. Renewable-source consumption totalled 4,237,925, including 4,135,649 purchased and 102,276 self-generated. Nuclear-source consumption was 29,448 (not separated for 2023). Renewable energy relates to documented office and data center heating and electricity, for example via purchase of RECs, while non-renewable relates to car-fleet fuel, district heating, some office electricity, and cooling, using DEFRA/DECC 2024 fuel conversion factors. Trifork states it does not operate in high climate impact sectors. Note: reported MWh unit magnitudes appear internally inconsistent.

E1-8(was E1-6)Gross Scopes 1, 2, 3 and Total GHG emissions
Reported

Trifork reports GHG emissions per the Greenhouse Gas Protocol using the Financial Control Approach, having reported Scope 1 and 2 since 2021, Scope 3 since 2022, and assessing all Scope 3 categories by 2024. For 2024 it discloses gross Scope 1 of 117 tCO2e (down 6% from 124 in 2023), gross location-based Scope 2 of 1,486 tCO2e and market-based Scope 2 of 412 tCO2e, and total gross Scope 3 of 9,643 tCO2e (up 11%). Total GHG emissions were 11,239 tCO2e location-based and 10,166 tCO2e market-based. Scope 3 category 1 purchased goods and services was 6,590 tCO2e, capital goods 890, business travel 1,175, employee commuting 380, fuel and energy-related activities 278, investments 320, and waste 10. Location-based intensity was 54.6 tCO2e per EUR million net revenue. Several immaterial Scope 3 categories were excluded, none of the Scope 3 figures used primary data, and 2023 Scope 2 was restated upward for improved data quality.

E1-9(was E1-7)GHG removals and GHG mitigation projects financed through carbon credits
Reported

Trifork reports that the Group did not make any initiatives or efforts during 2024 to remove greenhouse gases from the atmosphere, for example via carbon removal projects, neither in its own operations nor in its value chain. In its targets disclosure, Trifork further states it does not expect to use any carbon credits to achieve its expected Scope 3 GHG reductions, relying instead on instruments such as material efficiency, consumption reduction, and energy efficiency in the value chain. Accordingly, Trifork discloses no GHG removals and no GHG mitigation projects financed through carbon credits.

E1-10(was E1-8)Internal carbon pricing
Reported

Trifork reports that it is currently not applying any internal carbon pricing schemes. It states it is committed to supporting climate-friendly decisions and will continuously assess the need for internal carbon pricing schemes going forward. This is reinforced in its targets disclosure, where Trifork confirms it does not expect to use any internal carbon pricing schemes to achieve its expected GHG reductions. In summary, Trifork does not operate an internal carbon price.

E1-11(was E1-9)Anticipated financial effects from material physical and transition risks and potential climate-related opportunities
Omitted

S1Own Workforce

S1-1Policies related to own workforce
Reported

Trifork describes the policies governing its workforce, all applying to every employee via onboarding and annual updates monitored by the ESG team. Executive Management or the Board oversees implementation, Business Unit Leaders handle compliance with quarterly follow-ups, and the Working Environment Committee (including worker representatives) provides a platform for discussion. Named policies include the Diversity, Equity and Inclusion Policy, the Corporate Social Responsibility Policy, the Code of Conduct (referencing the UN Guiding Principles on Business and Human Rights, the ILO Declaration and the OECD Guidelines), the Whistleblower Protocol (anonymous reporting), the Data Ethics Policy and the Information Security Policy. Trifork states it has no formal health and safety policy, relying instead on an integrated health and safety management system covering employee health insurance, regular workplace assessments (APV) and a working environment group.

S1-2Processes for engaging with own workforce and workers' representatives about impacts
Reported

Trifork explains how it engages with its workforce and workers' representatives. Overall responsibility sits with Executive Management, but as a teal organization each business unit lead carries significant responsibility for their unit's environment. A Working Environment Committee gives employees and managers a means to continuously improve the working environment, addressing concerns and bridging management and employees. Engagement runs largely through workplace assessments carried out at least every three years via employee surveys mapping four factors: physical working environment, psychosocial working environment, sickness absence and stress. All questions except the physical environment are anonymous, with answers reported in averages of at least five responses. Trifork aims for every workplace to have a working environment representative; these are volunteers reflecting workforce diversity who hold certificates from mandatory working environment education.

S1-2(was S1-3)Processes to remediate negative impacts and channels for own workforce to raise concerns
Reported

Trifork describes its processes to remediate negative impacts and channels to raise concerns. Its policies, whistleblower protocol and working environment committee provide overall remediation, though the individual business unit lead is responsible for a supportive and responsive environment, so processes vary in practice. Business unit leads attend workshops on their work environment responsibilities and may use employee surveys and individual check-ins. All employees can report concerns confidentially through the fully anonymous whistleblower scheme, detailed on the website and in the employee handbook, managed by external law firm Kromann Reumert as data processor, with reports handled jointly by the Chair of the Board and the Chief Legal Officer. Whistleblowers are protected by law against retaliation. Employees can also contact trained Working Environment Committee representatives. Sick leave and churn are analysed monthly and gender diversity quarterly.

S1-3(was S1-4)Taking action on material impacts on own workforce
Reported

Trifork sets out the actions it takes to manage workforce impacts. It has comprehensive, interlinked policies and implements targeted actions including regular workplace assessments, employee training programs and the whistleblower protocol, with the workplace committee gathering insights on potential negative impacts. Overall responsibility for a safe working environment rests with Executive Management or the Board, while each business unit lead ensures compliance; because of the teal structure the resources allocated to managing impacts differ by unit. Actions cover well-being and work-life balance (flexible and remote working arrangements, good workstations) and skill development and career growth (continuous learning, up-skilling and re-skilling through the GOTO universe, conferences, specific courses and hacker days). Trifork also engages in market dialogues and tenders to share best practices, and states it has allocated sufficient human and capital resources to fulfil its actions.

S1-4(was S1-5)Targets related to own workforce
Reported

Trifork states it currently has no specific targets for managing all the IROs related to its own workforce, but plans to evaluate priority areas and set targets based on the results of its 2024 double materiality assessment. It aims to extend the tracking of employee happiness, satisfaction and engagement to group level, and notes that workers' representatives will help set targets and track performance as this expands. Trifork does disclose gender diversity targets for under-represented genders: at least 40% on the Board of Directors, at least 20% in Executive Management, and at least 30% in other management (Executive Management plus the level below) before 2030. Progress towards these gender diversity targets is analysed every quarter, with the Board holding overall responsibility and receiving regular reporting on gender distribution across management levels.

S1-5(was S1-6)Characteristics of the undertaking's employees
Reported

Trifork discloses the characteristics of its employees. Total headcount at 31 December 2024 was 1,229, comprising 942 men and 287 women. The workforce represents 55 different nationalities. By geography, employees were: Denmark 939, Netherlands 64, Switzerland 62, UK 58, Spain 33, Poland 25, Sweden 16, US 15, Hungary 12, Oman 3, Germany 1 and Australia 1. By contract type there were 1,137 permanent employees (892 men, 245 women), 68 temporary employees (43 men, 25 women) and 24 non-guaranteed hours employees (8 men, 16 women). Headcount excludes external contractors and only the two legal genders (man/woman) are disclosed. Employee turnover for 2024 was 18.3%, with 223 employees having left; Trifork notes this was higher than historically due to unstable economic conditions that made some workforce reductions necessary.

S1-6(was S1-7)Characteristics of non-employee workers
Omitted
S1-7(was S1-8)Collective bargaining coverage and social dialogue
Reported

Trifork discloses collective bargaining coverage and social dialogue. In 2024, 1.8% of employees were covered by collective bargaining agreements and 72.3% were covered by workers' representatives. Collective bargaining coverage and workplace representation (EEA only) are indicated for Denmark. Trifork states it has embedded the UN Global Compact Labour Principles (4, 5 and 6), ensuring freedom of association, collective bargaining and non-discrimination, and is committed to engaging with employee representatives where applicable. It does not have representation agreements through a European Works Council (EWC), Societas Europaea (SE) Works Council, or Societas Cooperativa Europaea (SCE) Works Council. Coverage figures are measured as headcounts of all employees at 31 December 2024.

S1-8(was S1-9)Diversity metrics
Reported

Trifork discloses diversity metrics. In top management, defined as the Board of Directors, the Executive Management and the Business Unit Leaders (the administrative and supervisory bodies plus the two levels below), there were 107 people: 85 men (79.4%) and 22 women (20.6%). The age distribution of the total workforce (headcount 1,229) was 268 employees under 30 years old, 676 aged 30 to 50, and 285 over 50. The gender distribution in top management is calculated from headcounts of women and men at 31 December 2024 divided by total top management headcount.

S1-9(was S1-10)Adequate wages
Reported

Trifork reports on adequate wages, stating it is committed to fair compensation across all operations. It evaluated its wage practices against adequate wage benchmarks using samples in six different countries, Switzerland, Denmark, Sweden, Poland, Spain and Hungary, and found that no employees are paid below national minimum requirements or applicable benchmarks. The methodology compared the lowest basic salary to the national minimum salary in each country, using national statistics and authorities' minimum salary benchmarks, or where none exists the minimum wage established by collective agreements. The lowest salary data is based on basic wage and excludes hourly paid staff, student assistants and interns.

S1-10(was S1-11)Social protection
Omitted
S1-11(was S1-12)Persons with disabilities
Omitted
S1-12(was S1-13)Training and skills development metrics
Omitted
S1-13(was S1-14)Health and safety metrics
Reported

Trifork discloses health and safety metrics for 2024. 78% of employees were covered by a health and safety management system. There were 6 work-related accidents, with a rate of work-related accidents of 2.6%, and 22 cases of recordable work-related ill health. The number of days lost to work-related injuries from work-related accidents or work-related ill health was 1,282. Trifork reports no occupational fatalities among employees or any workers operating on its sites in 2024. It states it places strong emphasis on a healthy working environment, both physical and mental, and supports initiatives encouraging an active lifestyle and sports activities. The accident rate is calculated per one million hours worked, with hours estimated from standard working hours multiplied by full-time employees, and lost days counted as calendar days.

S1-14(was S1-15)Work-life balance metrics
Omitted
S1-15(was S1-16)Compensation metrics (pay gap and total compensation)
Reported

Trifork discloses remuneration metrics for 2024. The pay gender ratio (gender pay gap) was 20.2%, and the total remuneration ratio was 1:15. Trifork explains the gender pay gap is influenced by the lack of a balanced gender distribution in the organization, which consists of a majority of men, and that the imbalance across job roles contributes to the gap; its aim for a more balanced distribution is supported by its adopted gender diversity targets. The gender pay gap is calculated from gross hourly pay (summing salary including bonus and pension divided by working hours, converted to a common currency) by comparing the average male and average female hourly pay levels. The total remuneration ratio divides the highest-earning employee's total annual salary by the median employee's total annual salary.

S1-16(was S1-17)Incidents, complaints and severe human rights impacts
Reported

Trifork discloses incidents, complaints and severe human rights impacts for 2024. There were 3 incidents of discrimination including harassment and 5 complaints raised to raise concerns. There were 0 complaints filed to National Contact Points for OECD Multinational Enterprises, 0 in fines, penalties and compensation, 0 severe human rights issues and incidents, and 0 severe human rights issues that are cases of non-respect of the UN Guiding Principles and OECD Guidelines. Data was compiled from formal sources including top management, the workers' representative and the whistleblower protocol; citing privacy regulations and sensitivity, Trifork does not disclose details of the incidents and notes that data protection concerns could result in double counts and variability in how incidents are perceived and reported. Its teal structure and whistleblower protocol are described as encouraging employees to report incidents without fear of retaliation.

S4Consumers and End-Users

S4-1Policies related to consumers and end-users
Reported

Trifork uses the terms customers (its B2B and B2G clients) and end-users (all users of Trifork-developed software). It maintains a standalone Information Security Policy addressing privacy protection for all customers and end-users, defining a security management framework that ensures the confidentiality, integrity and availability of critical and sensitive information. Its Code of Conduct upholds fundamental human rights, treating individuals connected to its operations with decency and dignity. As a UN Global Compact member, Trifork adheres to the ten principles covering human rights, labour, environment and anti-corruption, and aligns with the UN Guiding Principles on Business and Human Rights, the ILO Declaration on Fundamental Principles and Rights at Work, and the OECD Guidelines for Multinational Enterprises. It states that in 2024 no cases of non-compliance with these principles were reported in its downstream value chain, and commits to remedial action if concerns arise.

S4-2Processes for engaging with consumers and end-users about impacts
Reported

Trifork operates primarily in a B2B and B2G context where customers manage direct interactions with end-users, but it treats end-user input as critical to its decisions. It conducts privacy risk assessments across all projects and maintains continuous dialogue on projects with ongoing agreements such as maintenance contracts. Feedback from research sessions, usability testing and co-creation workshops is integrated into design and development using the Double Diamond framework. Trifork frequently engages end-users directly through workshops, interviews and usability testing, and where direct engagement is not possible it works with customers' internal teams or credible proxies. For vulnerable or marginalized groups it collaborates with in-house experts and user representatives and applies recognized accessibility standards such as WCAG 2.2, addressing needs of groups like children or elderly users. As a 2024 example it cites the Min Graviditet pregnancy app, which complied with GDPR and WCAG 2.2 and involved expert panels and user testing.

S4-2(was S4-3)Processes to remediate negative impacts and channels for consumers and end-users to raise concerns
Reported

Trifork's approach to remedy focuses on collaborating with customers, who hold primary responsibility for the end-users of solutions such as digital health apps. Where it has caused or contributed to a material negative impact, it works with the customer on technical adjustments, solution updates or other measures, and assesses effectiveness by gathering feedback from customers and, where applicable, directly from affected end-users or their legitimate representatives. Its primary mechanism for serious concerns, including privacy protection or potential data breaches, is a whistleblower channel accessible to all, including consumers and end-users, via its website and referenced in relevant policies and customer engagements. Reports are received by the Chairperson of the Board of Directors, the Chief Legal Officer and an external legal counsel who ensures independence. The whistleblower policy guarantees protection against retaliation and maintains anonymity. No incidents were reported via the whistleblower channel in 2024.

S4-3(was S4-4)Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions
Reported

To minimize impacts and risks from data breaches, Trifork commits to delivering data-secure services and monitors effectiveness by tracking reported incidents through its whistleblower channel, following a structured investigation and resolution process in which all incidents are documented and reviewed. Planned actions include maintaining robust reporting mechanisms and upholding high quality standards in designing solutions, encompassing accessibility, privacy and security in compliance with industry regulations and best practices. Trifork operates under GDPR as a Data Processor, following instructions from Data Controllers, and in the event of a privacy breach supports Data Controllers through timely assessments, corrective actions and coordination with relevant authorities. Where both Trifork and its customers act as Data Controllers, it conducts risk assessments and informs customers of significant risks. It states it has allocated sufficient human resources and capital to fulfil these actions, and that in 2024 no privacy incidents were reported where Trifork acted as the Data Controller.

S4-4(was S4-5)Targets related to managing material negative impacts, advancing positive impacts, and managing material risks and opportunities
Reported

Trifork has not set specific targets for privacy protection concerning customers and end-users. It states it remains committed to maintaining robust data and privacy protection practices and will continue to assess the need for such targets, addressing potential privacy impacts and risks in alignment with future regulatory requirements or customer needs. It monitors data breaches and assesses risks to individuals, implementing actions to ensure appropriate protection based on the severity of each risk.

G1Business Conduct

G1-1Business conduct policies and corporate culture
Reported

Trifork roots its corporate culture in a decentralized Teal organizational model, with the Board of Directors and Executive Management setting guidelines emphasized in the Group Code of Conduct. Key policies include the Code of Conduct (foundation for most business conduct policies, overseen by Executive Management and reinforced through annual e-learning), a Data Ethics Policy on responsible use of customer data, an Anti-Bribery, Anti-Corruption and Sanctions Policy, and a Whistleblower Protocol offering a confidential, anonymous channel aligned with EU legislation for employees and external stakeholders. Whistleblower reports are assessed by an external law firm and forwarded to the Chief Legal Officer or the Chairperson of the Board, with full anonymity maintained. No incidents were reported via the whistleblower channel in 2024. Trifork asks all employees to complete Code of Conduct training annually, began tracking completion rates in 2024 aiming for 100% participation, and provides Market Abuse Regulation training due to its status as a publicly traded company.

G1-2Management of relationships with suppliers
Reported

Trifork Group has no separate policy to prevent late payments but values its business relationships and encourages fair payment terms and timely payment to business partners, negotiating contracts with payment terms in line with industry standards. It has integrated a section on suppliers into its Code of Conduct, requiring and expecting suppliers to adhere to the same standards as Trifork. Its value chain is limited given its industry, with external contractors the biggest supplier type by spending. Trifork only engages external contractors it knows and can vouch for, technically and from a sustainability perspective, but it does not have a formal pre-screening process for suppliers, which increases the risk that suppliers may not share Trifork's sustainability standards. If it becomes aware, through cooperation or the whistleblower channel, that a supplier is not adhering to its Code of Conduct, it will immediately stop the engagement.

G1-2(was G1-3)Prevention and detection of corruption and bribery
Reported

Trifork's Code of Conduct contains sections on anti-bribery and anti-corruption, and the company states it has zero tolerance for any form of bribery or corruption regardless of whether a business unit operates in a country with less strict laws. Employees, suppliers and business partners are expected to report suspected breaches through the whistleblower channel according to the Whistleblower Protocol, and investigations follow that protocol or are handled internally by the legal department. All new employees receive the Code of Conduct during onboarding, with an e-learning and online assessment, and in 2024 Trifork began monitoring completeness of e-learning. Actions to prevent and detect corruption relate to awareness of the Code of Conduct, e-learning modules and onboarding training covering anti-corruption, anti-bribery, fraud and market abuse. At-risk functions comprise Executive Management, finance functions and one identified business unit in a higher-risk country (Oman assessed as highest risk); a total of 74.4% of at-risk functions received anti-corruption and anti-bribery training in 2024.

G1-4Incidents of corruption or bribery
Reported

Trifork states that in 2024 the Group had no convictions, incidents or fines for violations of anti-corruption and anti-bribery laws, and no internally reported incidents on breaches of anti-corruption and anti-bribery procedures. It is not aware of any violations of anti-corruption and anti-bribery laws in its direct value chain or any legal proceedings against anyone in its workforce. Trifork states a clear target of zero corruption and bribery incidents. It reports training coverage figures for 2024: 74.4% of at-risk functions, 49.4% of managers, 100.0% of the administrative, management and supervisory bodies, and 34.8% of other own workers received corruption and anti-bribery training, with training required annually across these groups.

G1-5Political influence and lobbying activities
Omitted
G1-6Payment practices
Reported

Trifork states it supports fair payment terms and recognizes its responsibility to pay suppliers on time, especially smaller suppliers who rely more on timely payment. In 2024, the average payment terms from supplier invoices were 16.4 days, and it took Trifork an average of 26.9 days to pay its external suppliers including external contractors. A total of 42% of payments were aligned with the standard payment terms, and the Group was not involved in any legal proceedings related to late payments. Trifork splits suppliers into three categories: small (20 or fewer employees), medium (21 to 100 employees) and large (more than 100 employees). By category the average standard payment terms were 13.6, 19.0 and 18.1 days; actual average payment days were 26.5, 27.4 and 27.1; and the percentage of payments aligned with standard terms was 33%, 55% and 44% respectively, with zero outstanding legal proceedings due to late payments in each category.