Tietoevry

Board of Directors

It is the general obligation of Tietoevry's Board of Directors to safeguard the interests of the company and its shareholders.

Composition and election

According to Tietoevry's Articles of Association, the Board of Directors elected by the shareholders shall consist of no fewer than six and no more than twelve members. Each Board member serves a one-year term, which expires at the closing of the first AGM following their election.

The company has defined as the objective that, in addition to professional competence, Tietoevry's Board members shall be diverse in terms of gender, occupational, and professional backgrounds. Furthermore, the Board as a whole shall possess sufficient knowledge of and competence in, inter alia, the company's field of business and markets, as well as environmental, social, and governance matters.

Tasks

The main duties and working principles of the Board have been defined in a written charter. Additionally, the work of the Board is based on an annual action plan.

More specifically, the Board: • approves the company's values, strategy and organizational structure • defines the company's dividend policy • approves the company's annual plan and budget and supervises their implementation • monitors management succession, appoints and discharges the President and CEO • decides on the President and CEO's compensation, sets annual targets and evaluates their accomplishment • decides on the compensation of the President and CEO's immediate subordinates • addresses the major risks and their management at least once a year • reviews and approves interim reports, annual reports and consolidated financial statements and sustainability statements • reviews and approves the company's key policies • is accountable for guiding the organization's strategy on environmental, social and governance (ESG) topics • meets the company's auditors at least once a year without the company's management • appoints the members and Chairpersons of the Board's committees and defines their charters • reviews assessments of its committees as well as the President and CEO • evaluates its own activities.

The Board has scheduled meetings every one to two months. Besides the Board members, the meetings are attended by the President and CEO, Chief Financial Officer (CFO) and General Counsel, who acts as secretary of the meetings.

2024

• The Board convened 16 times in 2024 and the average attendance was 98.5%. • The Board had seven sessions during the convened Board meetings without the management present. • The auditors were present at one convened Board meeting. • The Board met the auditors once without the presence of the management.

Audit and Risk Committee

The committee convenes regularly at least four times a year and meets the company's auditors, also without the company's management present. The Chairperson of the committee reports to the Board. The main tasks of the committee are to:

• review and supervise internal control – particularly the financial reporting process – and risk management • discuss and review the interim and annual reports, sustainability statements and the consolidated financial statements, including non-financial information • assess compliance with legislation, official regulations and the company's Code of Conduct • evaluate the sufficiency of internal control and the internal audit • examine, assess and approve the internal audit plan • assess the appropriate coverage of risk management and monitor the efficiency of risk management • review significant risks and unusual business events

2024

• The committee convened seven times in 2024 and attendance was 100%. • In addition to its regular agenda, the committee followed up progress of operational KPIs in the end-to-end businesses as well as development in cybersecurity and privacy matters. Additionally, the committee monitored the implementation of sustainability reporting as a new matter.

Sustainability Oversight

Sustainability is a core part of Tietoevry's operations, guided by the Corporate Sustainability Reporting Directive (CSRD) and European Sustainability Reporting Standards (ESRS). This integration is fostering collaboration across functions, helping us to identify gaps and drive continuous improvements.

Tietoevry's Board of Directors and the Audit and Risk Committee actively oversee our sustainability strategy. These governing bodies scrutinize, challenge and contribute to our initiatives, fostering both ambition and accountability.

Integration of ESG in Incentive Plans

As part of the strategy, Tietoevry has made a long-term commitment to sustainability by increasing the focus on Environmental, Social and Governance (ESG) aspects. ESG measures were introduced in the Long-term incentive Plan 2022–2024 and have been continued since, i.e. in the plans that were implemented in 2023 and 2024 and will also be continued in the LTI 2025–2027 plan. We stay committed to our ESG agenda and continue the measures being CO2 emission reduction and female recruits, both measures with an increased weighting compared to when they were introduced. The target levels, as disclosed below, are based on the long-term ambitions of the company and support the execution of the strategy.

Long-term Incentive Plans Performance Criteria:

LTI 2022–2024: • ESG: CO2 emission (5%) - Target: 72% reduction from 2020 baseline by the end of 2024 • ESG: Female recruits (5%) - Target: 35% by end of 2024

LTI 2023–2025: • ESG: CO2 emission (10%) - Target: 87% reduction from 2020 baseline by the end of 2025 • ESG: Female recruits (10%) - Target: 37% by end of 2025

LTI 2024–2026: • ESG: CO2 emission (10%) - Target: 90% reduction from 2020 baseline by the end of 2026 • ESG: Female recruits (10%) - Target: 38% by end of 2026

LTI 2025–2027: • ESG: CO2 emission (10%) - Target: 40% reduction from 2024 baseline by the end of 2027 • ESG: Female recruits (10%) - Target: 39% by end of 2027

Internal control and risk management

Tietoevry is committed to upholding a strong internal control environment and managing risks effectively to ensure the integrity of its financial reporting, protect its assets, and achieve strategic goals.

Our internal control framework supports strategic execution and ensures regulatory compliance. It is built on key components such as the risk management framework, financial control, internal audit, and supporting policies and processes.

The aim of Tietoevry's internal control framework is to ensure that operations are efficient and aligned with strategic objectives. It is designed to guarantee accurate, reliable, complete, and timely financial reporting and management information.

This framework promotes ethical values, good corporate governance, and sound risk management practices. Internal control and risk management activities are integrated into Tietoevry's management practices and business planning processes.

Risk management framework

Tietoevry employs a systematic approach to risk management to enhance the efficiency, control, profitability, sustainability, and continuity of business operations. This involves a comprehensive process of assessing, identifying, evaluating, and analysing risks that could impact business objectives, and also people and the environment from ESG perspective. By implementing appropriate risk treatment actions, the impact and likelihood of risks are minimized.

The risk management framework comprises the risk management organization, along with related policies, processes, tools, and standardized practices. This organization is responsible for developing and maintaining the framework, which includes risk reporting, governance, and monitoring of risk exposures across strategic, financial, operational, compliance, and personnel areas.

The risk management organization consists of the Corporate Risk Management unit, nominated Risk Managers and Business Continuity Managers in the businesses and key stakeholders in functions. A group-wide Risk and Resilience Forum (for Risk and Continuity activities) has been established for information sharing, setting the direction of risk and continuity management, as well as crisis management, collaboration between units and reviewing steering documents.

Tietoevry has also specified its compliance management system, including the compliance organization, steering model, and annual plan for compliance-related activities. The Group Compliance Officer is responsible for maintaining the whistleblowing channel and coordinating investigations as well as ensuring the effectiveness and functionality of the governance model for compliance work.

Financial control

The purpose of internal control over financial reporting is to ensure the correctness of financial reporting, including interim and annual reports and the compliance of financial reporting with regulatory requirements. The ARC has the oversight role in Tietoevry's external financial reporting.

Internal audit

The purpose of Tietoevry's internal audit function is to provide independent, objective assurance and advisory services designed to add value and improve Tietoevry's operations. The internal audit functionally reports to the ARC and administratively to the Chief Financial Officer (CFO).

Core services aim at assessing and assuring the adequacy and effectiveness of risk management and internal control within Tietoevry. Assurance and advice is delivered via data-driven business partnering, enabling digital end-to-end assurance and assurance by design.

Strategy, Business Model and Value Chain

About Tietoevry

We are a leading technology company with a strong Nordic heritage and global capabilities. Specializing in cloud, data and software, we serve thousands of enterprise and public-sector customers in approximately 90 countries. The company's shares are listed on the NASDAQ exchange in Helsinki and Stockholm, as well as on Oslo Børs.

Our specialized end-to-end businesses create business transformation in the era of data, cloud, automation and AI.

Tietoevry Create provides design, data and digital engineering services to customers all over the world across a wide range of industries including manufacturing, telecom, healthcare, financial services and the public sector. Combining local expertise with the technical skills of a large global team, Tietoevry Create builds tailored digital solutions that align with its customers' business objectives and maximize their value.

Tietoevry Care provides health and social care software in the Nordics. The business is modernizing the health and social care sector with modular, open and interoperable Lifecare software. Through a data-driven approach, Tietoevry Care ensures a smoother and more personalized care experience for everyone.

Tietoevry Banking provides financial Software-as-a-Service solutions for the Nordics and beyond. The business is modernizing banks with the low-risk implementation of market leading software for cards, transaction banking, credit & lending, financial crime prevention and wealth management, as well as a modular Banking-as-a-Platform solution.

Tietoevry Industry offers a high performing portfolio of modern software products. With deep industrial knowledge, the business delivers customer-centric and data-driven software solutions to specialized segments and niche markets in both the private and public sectors.

Tietoevry Tech Services is a transformation and managed services provider, focusing on Nordic-based private and public customers across various industries. With its cutting-edge digital solutions – including applications, multi-cloud, data and AI, and security services – the global team helps businesses thrive and keeps Nordic societies running.

Specialization-based strategy for greater value to all stakeholders

Tietoevry's strategy aims to capture cloud-native and AI-enabled market opportunities through specialized software, digital engineering and managed services businesses. Each business aims to be among the best in the market. Specialization drives a best-in-class customer proposition and attracts talent.

From 2022, after a long period of operating as an integrated IT company, we have established specialization as our foundation for competitiveness and value creation to our stakeholders. This specialization is delivered through our five distinct businesses.

In our view, the software and digital engineering businesses provide the strongest potential for value creation.

GHG Emissions Performance

87% reduction in GHG emissions in own operations (scope 1 & 2) since 2020.

ESG targets embedded in long-term incentive plans include: • CO2 emission reduction targets with specific percentage reductions from 2020 baseline:

• LTI 2022-2024: 72% reduction by end of 2024
• LTI 2023-2025: 87% reduction by end of 2025
• LTI 2024-2026: 90% reduction by end of 2026
• LTI 2025-2027: 40% reduction from 2024 baseline by end of 2027

Circular Economy in Sustainability Pledge

Within our Climate action pillar, we:

Drive the development towards a circular economy in own operations and through solutions and services

Some recent accomplishments include adopting circular economy practices as part of our commitment to climate action by continuously reducing greenhouse gas (GHG) emissions and adopting circular economy practices.

Our key focus areas include energy management, carbon emissions, and circularity.

Personnel

PERSONNEL: 22 941

NUMBER OF OPERATING COUNTRIES: ~90

Personnel on average: 23 593 (2024), 24 181 (2023) Personnel on 31 Dec: 22 941 (2024), 24 159 (2023), 24 320 (2022), 24 389 (2021), 23 632 (2020)

Diversity Metrics

NEW FEMALE HIRES: 34%

ESG measures in long-term incentive plans include female recruits targets: • LTI 2022-2024: Target 35% by end of 2024 • LTI 2023-2025: Target 37% by end of 2025 • LTI 2024-2026: Target 38% by end of 2026 • LTI 2025-2027: Target 39% by end of 2027

Diversity and Inclusion Commitment:

We are committed to achieving a 90% reduction in our GHG emissions by 2026, based on 2020 levels, and increasing the share of underrepresented genders in leadership positions to 30% by 2030, while fostering a culture of diversity, equity and inclusion.

Board Diversity:

Three out of nine members elected by the AGM during 2024 were female. Gender diversity is continuously on the SNB's agenda. The company will ensure that diversity principles will be updated to reflect the requirement to achieve the balanced representation of women and men on the Board no later than 30 June 2026.

Training and Skills Development

EMPLOYEES TRAINED IN RESPONSIBLE AI: 97%

97% of our employees – 23 199 individuals – were trained in Responsible AI.

During 2024, our annual training for employees included a new module on Responsible AI. We remain committed to keeping ourselves at the forefront of technology adoption, also with respect to our responsible approach.

Technology and Professional Development:

Beyond the value that technologies such as AI bring to people, businesses and societies, technology development also fuels continuous learning and professional growth for Tietoevry employees. We encourage our people to embrace these opportunities.

Tietoevry continued to actively invest and promote reskilling towards new technologies of cloud, data and AI.

Business Ethics and Corporate Culture

Ethical Conduct Pillar:

Uphold the highest ethical standards in every facet of our business: • Ensure responsible solutions, protect privacy and safeguard solid cybersecurity across all operations • Foster responsible use of AI

Code of Conduct and Ethics:

The Audit and Risk Committee assesses compliance with legislation, official regulations and the company's Code of Conduct.

Values and Culture:

We strongly rely on our core values of openness, trust and diversity at all times. As a concrete example, we continue to leverage the flexible hybrid ways of working co-created with our employees in 2021.

Responsible AI:

We also take highly seriously the ethical considerations embedded in the development and utilization of technology, including AI. During 2024, our annual training for employees included a new module on Responsible AI. We remain committed to keeping ourselves at the forefront of technology adoption, also with respect to our responsible approach.

Foster responsible use of AI is a key commitment under our Ethical conduct pillar.

Compliance and Anti-corruption

Tietoevry has also specified its compliance management system, including the compliance organization, steering model, and annual plan for compliance-related activities. The Group Compliance Officer is responsible for maintaining the whistleblowing channel and coordinating investigations as well as ensuring the effectiveness and functionality of the governance model for compliance work.

Governance of risk and compliance:

At Tietoevry, governance, risk, and compliance (GRC) are closely linked and consistently defined corporate policies and rules with proper controls.

The Audit and Risk Committee assesses compliance with legislation, official regulations and the company's Code of Conduct.