Innofactor Oyj : Corporate Governance Statement 2023

Introduction

Innofactor Plc is a Finnish public limited company which, in its decision-making and administration, complies with the Finnish Companies Act, other regulations concerning public companies, and the company's Articles of Association.

Innofactor Plc complies with the Finnish Corporate Governance Code 2020 for listed companies, which took effect on January 1, 2020, and is published by the Securities Market Association. The Corporate Governance Code is publicly available on the web site of the Securities Market Association at www.cgfinland.fi.

This Corporate Governance Statement is published separate from the Annual Report.

In the financial period that ended on December 31, 2023, the company complied with the Corporate Governance Code 2020 published by the Securities Market Association without any exceptions.

Internal Control

Risk Management

Internal Controls

General Meeting

Board of Directors

Remuneration Committee

CEO

Executive Board

External Control

Auditor

Innofactor's Corporate Governance Structure

Innofactor's corporate governance structure is described below. Innofactor's highest governing body is the General Meeting in which the shareholders can exercise their right to vote. The General Meeting selects the company's Board of Directors and Auditor. Innofactor's Board of Directors appoints the CEO, whose task it is to manage and monitor the

company's daily business operations in accordance with the instructions and orders given by the Board of Directors. Innofactor's Board of Directors appoints the company's Executive Board.

Board of Directors

Duties and Operation of the Board of Directors In accordance with the Articles of Association, Innofactor has a Board of Directors, which comprises at a minimum of four and at a maximum of eight members.

Duties of the Board of Directors and its members are based on the Companies Act and the Articles of Association. The Board of Directors has general

authority over matters, which are not reserved by the Companies Act or Articles of Association to other corporate governing bodies. The Board of Directors has drawn up a written charter, which defines the main duties and working principles of the Board of Directors. The Board of Directors is responsible for the effective organizing of the company and the monitoring of the management of the company in accordance with the best interests of the shareholders.

The main responsibilities of the Board of Directors are as follows:

• Being responsible for the management and proper arrangement of the operation of the company.
• Defining the company's operational tasks and values and approving the company's strategic goals.
• Monitoring the implementation of the operational plan and controlling the company and the efficiency of its management.
• Deciding on major investments, acquisitions, and buying and selling of property.
• Being responsible for proper supervision of the book-keeping and controlling the financial matters of the company.
• Confirming the budget.
• Appointing the CEO (and their deputy) or ending their term.
• Monitoring the CEO's work and ensuring that the company's management system works.
• Appointing the Executive Board members and deciding on their fees.
• Reviewing and approving interim reports, financial statements and corporate reviews.
• Accepting the company's principles of risk management.
• Taking care of the tasks defined for the appointment and auditing committee.

The Board of Directors assesses its operations and working methods annually. In the self-evaluation, an external consultant is used when necessary. The results of the self-evaluation are discussed in a meeting of the Board of Directors.

The Board of Directors convened 16 times in 2023.

The Remuneration Committee

of the Board of Directors

Innofactor's Board of Directors has a Remuneration Committee, whose task is to prepare for the Board of Directors the issues concerning the remuneration of the CEO and management. According to the charter, the Remuneration Committee makes proposals to the Board of Directors regarding the remunerations of the company's CEO and other executives of the Group as well as on the principles and practices of the employee remunerations. The Remuneration Committee observes and evaluates the competitiveness of the incentive and compensation plans of the Group.

The Committee prepares the following matters for the Board of Directors' decision-making:

• The remuneration policy and remuneration report for the company's governing bodies
• Innofactor Plc's CEO's salary, pension terms and conditions, benefits, and other key terms and conditions of the CEO contract
• other Group executives' salary, pension terms and conditions as well as benefits, including the management's remuneration scheme
• share-basedremuneration schemes
• principles and practices of the employee remunerations.

In 2023, the members of the Remuneration Committee were Anna Lindén (Chairman), Risto Linturi and Heikki Nikku. The Remuneration Committee convened three times in 2023 with all members present.

Board of Directors's Diversity Principles

In accordance with the Securities Market Association's Corporate Governance Code, the composition of the Board of Directors needs to take into consideration the requirements set by the company's operation and the company's developmental stage. A person elected as a Board member must have proper qualifications for the task and must be able to use an adequate amount of time for performing the task. The number of Board members and the composition of the Board of Directors must enable efficient performing of the Board of Directors' tasks. The Board of Directors must include members from both genders.

Evaluation of the Independence

of the Board Members

The majority of the Board members must be independent of the company. At least two Board members who are independent of the company must also be independent of the significant shareholders of the company. The Board of Directors assesses the independence of its members annually. The assessment of independence is based on an individual total assessment in which are considered the information provided by the member and issues concerning independence listed in the Corporate Governance Code for Finnish listed companies. Of the Board members, the ones independent of the company and its significant shareholders are Anna Lindén, Risto Linturi and Heikki Nikku. As the CEO and a significant shareholder (ownership 15,83 %), Sami Ensio is neither independent of the company nor of its significant shareholders.

The CEO is responsible for the day-to-day management of the company, which consists of managing and controlling the company's business in accordance with instructions and decisions issued by the Board of Directors.

The CEO may not carry out unusual or extensive actions without the specific approval of the Board of Directors, except in situations in which not carrying out the action would cause essential damage to the operations of the company and the approval of the Board of Directors cannot be obtained in time. The Board of Directors must be immediately notified of such actions for which there was no time to wait for the Board's approval.

The main responsibilities of the CEO are:

• to be responsible for the day-to-day management of the company;
• to approve business plans and performance objectives and control their implementation;
• to actively protect the company's interests;

• to ensure the effective functioning of the Board of Directors and to ensure that the members of the Board of Directors receive proper and adequate information;
• to see to it that the accounting and book- keeping of the company complies with the law and that the financial matters are being handled in a reliable manner;
• to report accurately and precisely following the instructions given by the Board of Directors;
• to implement decisions made by the Board of
  Directors and the General Meeting; and
• to ensure on their part that the company respects its legal obligations and regulations.

Sami Ensio has been the CEO of Innofactor Plc since 2010. He is also a Board member.

The company has an Executive Board, which is appointed by the Board of Directors.

The Executive Board is responsible for the following tasks among others:

• Preparing matters for the Board of Directors
• Making business decisions of a significant nature
• Monitoring the financial situation and reporting to the Board of Directors
• Handling critical sales, projects and customer relationships
• Ensuring adequate personnel resources and operating premises
• Ordering customer and workplace surveys, analyzing them and making proposals for actions
• Making decisions concerning the quality system and processes
• Making decisions concerning the details of the organization
• Ensuring data security

Executive Board Members in 2023

* Until October 7, 2023.

Internal Control

It is the duty of the Innofactor's Board of Directors to ensure that the monitoring of the Group's bookkeeping and financial control have been properly arranged. The internal control in the Group is implemented by the Board of Directors together with the CEO. Internal control is based on procedures and reporting, which are implemented on different levels of the subsidiaries' organizations. For control purposes, there is a reporting system, which is used for producing information concerning the Group's business operations and subsidiaries. The reporting system is used for trying to ensure the legality of the company's operations, compliance with regulations and reliability of financial reporting.

Innofactor has no separately organized internal audit. The need for separate internal audit organization is assessed on regular intervals. In the current scope of the company's business operations, the tasks of internal control can be performed with the help of the company's legal and financial management.

Internal Control and Risk Management

General Description of the Risk Management Innofactor's operations, finances and shares involve risks that may be significant for the company and its share value. These risks are assessed by Innofactor's Board of Directors four times a year as part of the strategy and business planning process. The risks are published in their entirety in the Financial Statement and in the Annual Report of the Board of Directors. Innofactor's General Counsel is responsible for the Company's risk management process.

Innofactor's internal risk management process defines

the goals, principles, procedures, organization and responsibilities of risk management. Risks are identified, assessed, managed, monitored and reported in the Group systematically, as part of the business operations, on the group, company and unit levels in all operating countries. Business goals and possibilities are a basis for identifying risks. Identified risks are prioritized by assessing the effects of the risks in euros and the probability of the realization of the risks. Persons responsible for the risk management actions are named, and it is their responsibility to take care of planning, implementation and monitoring. The risk management process also defines the reporting of risks within the Group.

Internal control is performed by making risk analyses and conducting risk management and control discussions with the group and business area management. External auditors' findings and reports are utilized for the control. Significant findings are reported to the Board of Directors immediately or in the next meeting, depending on the urgency of the issue.

Insider Management

Innofactor complies with the EU Market Abuse Regulation (MAR), rules and guidelines of the Financial Supervisory Authority, and the insider regulations published by Nasdaq Helsinki Oy. The coordination and control of insider issues are the responsibility of the Innofactor's General Counsel.

Innofactor maintains a list, as required by the MAR, of the persons in the company's management who are required to inform the company and the Financial Supervisory Authority of any transactions they have made on the financial instruments issued by the company. The company's list of persons, who the MAR obligates to disclose any transactions, includes the members of the Board of Directors, the CEO, and the members of the Group's Executive Board. According to MAR, also persons closely associated to these persons are included in the company's list of persons with the obligation to disclose. The persons discharging managerial responsibilities may not trade in financial instruments issued by the company during a 30-day closed window preceding the publishing of an interim report or financial report, or during an insider project.

The company maintains insider lists for each contract-specific or transaction-specific insider information. Persons on the insider list may not trade financial instruments issued by the company during the project in question.

The company maintains a list of persons, who have regular access to the company's unpublished financial information based on their position or tasks. Each recipient of financial information is notified in writing about their position. The persons on this list may not

trade financial instruments issued by the company during the 30-day closed window preceding the publishing of an interim report or financial report.

The company's management must time their trading on financial instruments issued by the company in such a manner that it does not diminish general trust to the market. It is recommended that the persons in the company's management only make long-term investments in financial instruments issued by the company.

Innofactor has a notification channel for reporting suspected market abuse.

Principles Concerning Related Parties

Innofactor has defined the principles concerning the company's related parties in an internal process for related party actions. The company's financial administration maintains a list of the company's related parties. The company sends an annual query to the company's key management persons, as defined in IAS 24, about the natural and legal persons which are their related parties. The company's financial administration defines Innofactor's related parties, when the status as a related party is not due to the IAS related party definition concerning persons.

The decision-making authorizations defined by the company take into consideration legal transactions made with the company's related parties. Related party transactions are reported to the Innofactor's CFO who, together with the General Counsel, assesses the terms and nature of the related party transaction.

The CFO reports to the Innofactor's Board of Directors on any related party transactions, which are not ordinary business or are not implemented under arm's length terms. Innofactor's Board of Directors decides on any contracts or legal transactions with related parties, which do not belong to the company's ordinary business or are not implemented under arm's length terms.

Auditor and Auditor's Fees

The Annual General Meeting of Innofactor Plc on March 31, 2023, elected Authorised Public Accounting Firm Ernst & Young Oy as the auditor of the company for the financial period of January 1-December 31, 2023. The principal accountant is Juha Hilmola, APA.

The Annual General Meeting decided to pay the auditing fees according to the invoicing. In 2023, the auditor was paid a total of EUR 152 thousand in fees.

In 2023, the auditor was paid a total of EUR

18 thousand in fees for services not related to auditing.