Sustainability report

Reporting period: 1.1.2023-31.12.2023

Risk policy GOV-5 (Responsibility: Board of Directors)

Risk is "the possibility of an event that affects the company's operations either positively or negatively" "risk of a positive event for the company = business opportunity"
The risk policy covers environmental, social and administrative risk areas. In addition, the policy takes into account separate, precise risk management instructions for business operations. The risk assessment must include different areas: administration, business, environment, social (personnel and other stakeholders), occupational health and safety, environment, climate change.

In addition, the policy takes into account separate, precise risk management instructions for business operations. The risk policy with its attachments includes the following policies: continuity management, production risk policy, production risk mandate, crisis management rules and instructions, REMIT Compliance - insider information, cyber security, authorizations and information security risk management, environmental risks, social risks, administrative risks.

During the processes, risks are assessed in different areas and efforts are made to prevent and manage them in the best possible way, both in our own operations and in partner management. Monitoring regulations and guidelines is part of process management. Similarly, reporting observations and deviations, identifying development targets and implementing development.

Risk management is the management of identified risks by various means, such as eliminating or reducing the risk. The risk policy and its different areas cover the method description of risk management. The risk policy identifies the risks of different business activities and describes the tasks and processes related to risk detection, prevention, corrective measures and opportunities. In addition, measurement and scheduling and the quality classification of risks are defined. The risk policy includes a procedure to achieve the desired state. Internal control is management that ensures the correct operation and legality of people and processes. The risk management policy guides internal control and risk management. Risk management is the responsibility of the group's board. Risks are discussed regularly twice a year by the group's board, or more often if necessary. Risks are analyzed and updated by business function, and the joint management team of the business functions reviewed the update before the board meeting. The risk policy is described in a separate document.

The company's stakeholders and risk perspective

The company's operations and the achievement of its goals are essentially influenced by the success of the operations between the company and various stakeholders. The risks of the company's operations can be viewed from the point of view of jeopardizing stakeholder relations.

The risks related to different stakeholder relationships are discussed in more detail in the risk management information.

Covered areas that cover value chains and Loiste companies:

• Management, Administration (Governance)
• Owners
• Occupational health and safety and social welfare
• Economy
• Information management and cyber security
• Other business-specific risks

Responsibilities in risk management

The responsibilities of risk management lie with the management of the business operations and the board of directors. Operational working groups assess risks, essentialities and the operating environment and report forward in the organizations. Every employee in the organization is responsible for risk management. Every employee is obliged to inform about the risks they perceive, which endanger the achievement of the goals set for the company or the well-being of the personnel and the environment. The obligation to inform at least the supervisor is not limited to the group's internal business or company boundaries. Observed risks must be brought to the attention of business management without delay. In these respects, risk assessment is carried out in the management team of the business operations and/or the group. The documentation related to these is attached as an appendix to the minutes of the management groups.

The group has the following forums and responsible persons that you can contact and bring up points of view that you hope to take a stand on or address:

I Risks related to the environment : Environment and Energy Efficiency Committee
• chaired by the Production Manager
• meeting four times a year and representatives from all businesses and an external evaluator
• tasked with coordinating the group's environmental issues and assessing risks related to the group's environment

II E-commerce risks: E-commerce group
• business manager as chairman
• the aim is to organize the meeting weekly, at least once a month
• tasked with coordinating risk management related to electricity trade in accordance with the risk management policy issued by the government
• the group reports to the board through the CEO

III Social risks related to the well-being of personnel and stakeholders: TTT committee management team
• preparatory responsibility of the occupational health and safety manager
• representatives from all businesses and an external evaluator
• tasked with coordinating statutory and other matters related to personnel and personnel welfare
• The TTT committee reports to the management team, the authorities, the managing director and the staff according to the issues to be discussed

IV Communication and corporate image, governance risk
• the group's management team

V Business risks, administrative risk: management team
• as chairman, CEO
• representatives from each business
• tasked with systematic and goal-oriented development of risk management and increasing the organization's knowledge of business-related uncertainties and limiting uncertainties, for example coordination of measures based on risk mapping, updating the company's insurance coverage and insurance-related events

VI Data security
• the group's information management manager, who reports to the CEO

VII Properties
• the person in charge of the group's properties, who reports to the CEO

VIII Contracts, supplier management
• business managers and contract managers
• law firms used by the group

IX Risks related to changes in the business environment: The Group's management team
• business function managers are responsible for developing business functions and reacting to perceived risks
• the group's management team is responsible for business development in accordance with the goals set by the owners
• the group's management team is chaired by the CEO, who reports to the board

Risk aspects of processes

In a process-based organization, the primary responsibility for considering the risk management aspects of the process rests with the process owner.

The risk aspects of the processes are the same as the aspects related to the company's stakeholder balance. These aspects mentioned above can be further divided into more specific aspects in process risk management.

Perspectives on process risks are:

• ensuring the adequacy of information flow within the process and between processes at the interface
• information security aspects of business activities, risks related to subcontracting and partnerships, such as information security, key person and contract risks, image risks in all operations; whether the solutions made support the desired corporate image
• personnel competence risks; is the right kind and sufficiently in-depth knowledge resource available
• staff development ability; does the human resources have the ability to develop to meet the skills needs of the future
• are there "dangerous work combinations" in the processes, i.e. the tasks of making and monitoring are held by the same person
• alternate arrangements; is critical information in the process undocumented by only one person without a backup arrangement
• changes in the operating environment; is the process being developed to meet the challenges of yesterday and not of the future, how to ensure timely detection of changes in the business environment
• functionality of the devices; is the reliability of process-critical devices or communication connections sufficient
• cyber security in own business and for stakeholders
• if, from the point of view of the process, financial uncertainties cannot be reduced to a reasonable level by operational means, can the risks be insured or protected otherwise

Loiste Group - Sustainable development strategy

Loiste Group's board has outlined and approved a sustainable development strategy/policy. The strategy defines the target state and methods of community commitment to ESG principles. By committing to ESG standards and principles, our company publicly demonstrates its commitment to ESG and zero emissions. In this work, we use the standards of the organization's processes and the reference frameworks required by the EU Directives, which are generally accepted, and which impose obligations on us to comply with the regulations. Our goal is to be carbon neutral in our own operations by the end of 2026.

We are committed to supporting Finland becoming carbon neutral by 2035. We are also involved in investing in wind power and building it. We enable our customers' green transition by developing the electricity network in accordance with changing needs. We are committed to preventing both the environmental risks of our own operations and the risks brought by climate change. We participate in such social projects where we can influence and where we can use our expertise for the benefit of the climate. We also require concrete actions from our partners to achieve a CO2-free Finland and responsible operation of the value chain in accordance with ESRS standards.

Lines:

• We are committed to preventing both the environmental risks of our own operations and the risks brought by climate change. We are a responsible reformer of the energy infrastructure and follow the principles of environmental, social and administrative responsibility.
• We are involved towards a low-carbon and resource-efficient society by promoting the introduction of renewable and innovative forms of energy production and storage.
• Our climate commitment: Regarding the climate change strategy, we are committed to supporting Finland becoming carbon neutral by 2035
• Our goal is to be carbon neutral in our own operations by 2026.
• We are also involved in investing in wind power and building it.
• We are committed to preventing environmental risks and risks brought by climate change.
• We are committed to the UN climate agreement, EU Taxonomy directives, OECD standards, CSRD directives and other ESG requirements/imposed by sustainable development
• We participate in social projects where we can influence and where we can use our expertise for the benefit of the climate. We enable our customers' green transition by developing the electricity network in accordance with changing needs.
• We also require concrete actions from our partners to achieve a CO2-free Finland and responsible operation of the value chain in accordance with ESRS standards.
• Loiste companies require that companies providing Loiste services take care of the following areas:
• Matters related to responsibility, good governance, quality of operations, environmental impact and occupational health/safety for employees, respect for human rights, fight against corruption and bribery.
• We take into account the requirements of sustainable development and "green financing" in the plans for new investments
• Certification of structures and services in accordance with ESG (Environment, Social and Governance) requirements
• We enable our customers' green transition by developing the electricity network in accordance with changing needs.

The company's strategy is updated annually and its most important priority areas are regularly reviewed as part of the sustainable development strategy. Action plans related to these are checked, updated and monitoring is done in business processes regularly. The group's board is responsible for its strategy. The CEO is responsible for the preparation of the strategy and its implementation, and the CEO, in turn, delegates the responsibility for planning the business strategy to the business managers. The CEO prepares the strategy and implements it together with the group's management team. The organization's staff is involved in the preparation of the strategy. The implementation of the strategy is reviewed regularly with the entire staff. A schedule is drawn up for the measures included in the strategy and responsible persons are named for them. The units' business plans are part of the strategy. The implementation of the strategy is guided and measures are prioritized in the monthly meetings of the group's management team. The responsible persons keep the strategy control monitoring tools up to date.

The sustainable development strategy/policy includes the following topics related to the environment, for which we develop and improve our operations and reduce the risks caused by our operations:

• Air pollution: our operations will be made emission-free in accordance with the goal
• Biodiversity and habitat: we protect habitats and biodiversity in the areas where we operate
• Contaminated land: we do not pollute the soil and we protect our equipment from soil emissions
• Energy: we operate energy efficiently and require energy efficiency from our equipment and suppliers
• Greenhouse gas emissions: our operations will be changed to carbon neutral in accordance with the goal
• Dangerous substances: we minimize the use of dangerous substances as far as possible and take care of monitoring the equipment
• Light pollution: our operation does not cause light pollution
• Material procurement and resource efficiency: in our procurement policy, we include procurement and circular economy
• Net zero: our goal is to be net zero for all emissions
• Noise pollution: our activities do not cause noise and noise during construction is scheduled during waking hours
• Physical risk: our areas are protected and access to outsiders is prevented, we require employees to protect themselves appropriately
• Waste: we minimize the amount of waste and take care of proper sorting and delivery for further utilization of waste
• Water outflow/discharge: we reduce water consumption
• Water inflows/outflows: we reduce water consumption

Purpose

In this procurement policy, procurement means buying and renting goods and services (including leasing purchases) from companies outside the group. The procurement policy is applied in all Loiste companies.

Approved: Board meeting on 14 November 2023, review annually if necessary.

Procurement objectives

Responsibility reporting must cover the value chain formed by the entire operation. The value chain is used to identify, evaluate and manage environmental, social and governance risks and opportunities related to the company's operations. The value chain includes all activities affecting the creation of a product or service, and they are produced by suppliers and other stakeholders of the company (raw material procurement / product (service) design to delivery or production and finally to disposal). By analyzing the value chain, companies can identify areas where they can reduce their environmental impact, improve employee working conditions and improve overall sustainability performance.

Loiste companies cooperate responsibly with various parties and suppliers. Our supplier relations are based on mutual agreements signed by the contracting parties, the principles and ethical rules of Loistee's responsibility program. The selection of suppliers is based on our procurement policy, in addition to which we define the cooperation principles, rules and supplier evaluation methods in this procurement manual (Loiste companies_Purchase policy). Agreements and practice models must agree on the scope and content of the activity. If the supplier does not comply with the contract terms, Loiste's rules or causes damage to Loiste, the contract can be terminated. If the contract rules are not up to date, they must be negotiated and updated. The customer and invoice handlers follow Loiste's customer guidelines and processing principles according to the value of the order. (instructions for accepting orders and invoices).

We expect our suppliers to share the same responsible world of values. We demonstrate our responsibility by taking into account and fulfilling the essential aspects of our operations in accordance with the responsibility program (environmental, social and administrative).

Suppliers are evaluated annually based on the list of suppliers defined by Loiste at any given time.

The goal is safe, sustainable, reliable and cost-effective procurement of products and services, taking into account their entire life cycle and the functionality of the group's and its customers' operating processes. In procurement, the group's existing policies are taken into account, e.g. regarding sustainable development, infrastructure, information systems, counterparty risk and reporting (CSRD/Corporate Sustainability Reporting Directive and ESRS/European Sustainability Reporting Standards). The object, product or service to be acquired must meet the requirements of the legislation. In our procurement processes, we consider responsibility from the environmental, social, economic and administrative areas. In procurement, we comply with the Procurement Act for Special Sectors, good governance and we demand the same from our partners. Risks related to acquisitions are assessed as part of business risk management. We require our partners and suppliers to commit to the principles of sustainable development and continuous improvement.

When procuring security-critical services, the requirements set for the availability of the services must be taken into account.

Operating models, information systems, operational processes and best practices of the group's various units are shared, utilized and developed together whenever possible. Companies supplying Loiste with services or products, as well as the products and services, are evaluated in the bidding phase, and supplier audits are carried out during the contractual relationship. The goals for evaluating and auditing suppliers come from Loiste's responsibility program and the requirements for products and services.
Regular meetings are organized with the supplier, in which the matters to be reported regarding the operation in accordance with the rules, the feedback and development targets are reviewed, taking into account the environmental, social and administrative perspective in accordance with the responsibility program.

Principles of procurement

Procurement strategy

The business units determine the procurement strategy that best supports the business goals at any given time, which follows the procurement principles described in the procurement policy and the procurement manual.

Competition

Bidding is organized in the most appropriate way chosen based on the scope, value, quality and market situation of the procurement.

In order to ensure the success of the procurement, procurement technical, legal or other expert assistance is used to the extent necessary to support the procurement. The responsibility for the procurement and its success rests with the business management.

Active market dialogue ensures the development of the regional service market, ensures the correct timing of tenders and secures sufficient supply for future tenders.

The competition must be fair and non-discriminatory towards bidders, and the selection must be based on as objective selection criteria as possible. In all individual purchases over 10,000 euros, at least two offers must be requested, if one is available. The selected supplier must meet Loiste companies' Credit Risk Policy requirements.

Purchase

In purchasing, the framework contract arrangement that is in effect is used primarily. The approval takes place based on the liability limits according to Loistee's management model and the so-called according to the four-eye principle. The exception is the works ordered for acute fault correction with a framework contract in accordance with the Corporate Governance guidelines, including parts. Expense invoices are checked by the customer and approved by the person with approval authority.

Compliance with legislation

In all our activities, we comply with Loiste Group's good governance and ethical rules, national legislation and official regulations, as well as national and international agreements. We also demand this from our suppliers. The procurement must not involve bribery on the part of the buying or supplying party, nor hospitality or gifts that could influence decision-making.

District heating and electricity grid businesses are covered by the Special Sectors Procurement Act.

Agreements

Particular care must be taken when drawing up contracts and Loiste's interests are fulfilled even in the event of discontinuity and conflict. Comprehensive agreements and the additional documents attached to them ensure a mutual understanding of the responsibilities and obligations of the procurement target.

Any disputes between the parties will be resolved in accordance with the Corporate Governance guidelines.

Payment installments must be in balance with the performance received. In long-term procurements and deliveries in accordance with the Corporate Governance guidelines, the supplier is asked for a working time and guarantee period guarantee. For the warranty period of delivery, the supplier must provide a warranty period guarantee. In the case of deliveries of several postal items, efforts must be made to transfer ownership of the partial delivery in question to the customer.

The procurement contract must include sufficient insurance coverage that covers all general and product liability risks. Upon request, the Supplier must deliver the relevant insurance certificates to the Buyer.

The payment period used in the contracts is defined in the more detailed procurement instructions.

Agreements must be made in writing. The contract must always include delivery terms. The scope of the matter to be negotiated determines what type of contract entity is used. With the supplier, you can prepare:

1. Framework agreement
a. Framework agreement
b. Delivery contract
c. Service agreement
d. General terms and conditions
e. Special contract terms
f. Other annexes to the contract

2. Procurement agreement

3. Delivery contract

4. Loistin's General Terms and Conditions of Delivery

Contracts are reviewed, and legal services can be used to assist in the review.
Larger contracts are usually reviewed by lawyers. Particular care must be taken when drawing up contracts and Loiste's interests are fulfilled even in the event of discontinuity and conflict. Comprehensive agreements and the additional documents attached to them ensure a mutual understanding of the responsibilities and obligations of the procurement target.

Any disputes between the parties will primarily be resolved in the District Court. If the value of the contract is over EUR 1 million, arbitration can also be used.

Payment installments must be in balance with the performance received. In long-term procurements and deliveries of more than 500,000 euros in terms of delivery time, the supplier is asked to deposit 5% during the working period and 1.5% during the warranty period. For the warranty period of delivery, the supplier must provide a warranty period guarantee. In the case of deliveries of several postal items, efforts must be made to transfer ownership of the partial delivery in question to the customer.

The procurement contract must include sufficient insurance coverage that covers all general and product liability risks. Upon request, the Supplier must deliver the relevant insurance certificates to the Buyer.

The payment period used for contracts is 30 days net, unless otherwise agreed separately and for compelling reasons.

Supplier management

Systematic supplier management ensures the realization of the principles of continuous improvement of operations and ensures the best solution for each procurement item from the point of view of the whole. The business units are responsible for the classification of the suppliers they use in accordance with the supplier management principles described in the procurement manual. A supplier list is maintained in the financial system for those suppliers with whom there is a framework or annual contract or from whom we buy repeatedly every year.

As part of supplier management, suppliers are evaluated in the bidding phase and during the contractual relationship. The criteria for evaluation and auditing come from the needs of the responsible business unit, compliance with the contract, and Loistee's responsibility program.

Quality requirements

Our suppliers and their products and services must meet our requirements in terms of their performance and operating methods. The key requirements must be described in procurement documents and procurement contracts. The requirements aim to comply with the general standards, guidelines and principles used in the industry.

Environmental and social responsibility issues and social responsibility

We require our suppliers to comply with national and international environmental laws and authority requirements and to act in an environmentally and socially responsible manner. If necessary, we guide suppliers in contracts or other instructions on environmental and energy efficiency requirements (e.g. energy efficiency label or certificate). The environmental requirements are derived from the legislation governing the customer's operations and the customer's environmental and energy policy.

EU Taxonomy requirements

Loiste is committed to improving the status of the following environmental aspects in its own operations, which are:
• Mitigation of climate change
• Adapting to climate change
• Protecting water (and sea) resources
• Promotion of circular economy
• Prevention of environmental pollution
• Protecting ecosystems and natural diversity.
• We need information from our suppliers on how to take into account the above aspects in their value chain and ensure positive development.
• We require that the supplier is committed to providing Loiste with proof of compliance with the environmental law and permits when requested.
• We find out from suppliers whether their activities fall within the scope of the EU taxonomy and whether their activities meet the requirements of the EU taxonomy.

Security issues

Contractors and service providers and their subcontractors working in the company's premises or on construction sites must, in addition to general occupational safety laws and regulations, comply with the provisions and instructions of the group's occupational safety guidelines. The supplier's personnel must be able to carry out security clearances and possible drug and alcohol tests, if the nature of the service requires it. Requirements must be recorded in procurement contracts.

Data protection and data security

We require our suppliers to comply with the guidelines of the cyber security center, data protection regulations and authorities, and the data protection and data security guidelines given by the customer, as well as guidelines related to cyber security and physical data security.

Confidentiality

We require a non-disclosure agreement from suppliers, if the task requires or enables access to process confidential orders, contracts and all related documents and information. Contracts must ensure that suppliers ensure that subcontractors also commit to a corresponding confidentiality obligation.

Payment

The payment must be in accordance with the agreement. Payment is never made in cash. It is paid on the basis of an invoice, which is generally sent afterwards. The customer and the invoice approver must be different persons. Payment is made to the company's official bank account.

Selection of suppliers

Procurements are usually based on offers received based on requests for tenders. When concluding the contract, we use legal expertise according to the risk based on the contract. Procurement contracts are stored in the contract database.

The organization of the competition and its scope are decided on the basis of the importance of the procurement, in compliance with the legislation.

The supplier's customer liability compliance, creditworthiness and the necessary information related to financial management are checked before the selection of a new major supplier. If necessary, a labor and warranty period guarantee is required from the supplier. During the procurement phase, it is checked that the supplier is not directly or indirectly on the banned list or subject to sanctions. (valid in new agreements on 9 April 2022 and in old agreements, continuation of implementation is prohibited on 10 October 2022
(https://eur-lex.europa.eu/legal-content/FI/TXT/PDF/?uri=CELEX:32022D0578&from=FI)

Documentation of procurement documents

Procurement contracts with attachments must be archived in Loiste's database.

The documents and attachments must be in the possession of the Loiste companies, taking into account the storage of the documentation:
1. We save the offer and contract documentation:
• Requests for quotations
• Contracts, request for tender and decision
We save the material during service management and delivery as Service management memos in accordance with the process descriptions
• Feedback, observations and development monitoring via the Ceriffi Check channel
• Supplier evaluation and auditing through the Ceriffi Check channel

Procurement manual: Other practices to consider

In supplier management and procurement, the official guidelines for responsible operations must also be taken into account. There is a management model for managing a long-term supplier relationship. To enable feedback management, Ceriffi Check links can be distributed to suppliers.

Disqualification
If Lointe's employee participates in the selection of a supplier and has personal interests, the employee must inform his supervisor in advance. After the contract with the cooperation partner, Loistelainen may not request private services from the supplier, if the supervisor has not separately agreed to it.

In addition, to be taken into account when choosing suppliers

When choosing a supplier, attention is paid to how well the overall solution serves the needs of Loiste companies. Selection criteria include the company's professionalism, reliability, responsibility, resources and delivery price.

The supplier's creditworthiness and the necessary information related to financial management are checked before the selection of a new supplier. If necessary, a labor and warranty period guarantee is required from the supplier.
During the bidding phase, the supplier is provided with a list of the necessary information for comparability of the bids and to check that the requirements are met.

In order to ensure the quality, efficiency and responsibility of its operations, Loiste has set criteria for its suppliers, both at the company level and at the service or product level. We have set criteria for our suppliers, the fulfillment of which is monitored and measured during the supplier selection phase and during the contractual relationship.

Loiste Group is aiming for carbon neutrality by 2026 for its entire value chain. We also require carbon neutrality for our suppliers. We present our demands already at the bidding stage.

Supplier guidance and product/service criteria ensure compliance of products, components and services with Loisteen's requirements and legislative requirements. The practical implementation is documented at the project/process level.

Every year, we investigate the responsibility of our suppliers and carry out supplier evaluations. We carry out a wider supplier assessment for suppliers whose impact on business operations is significant, or whose activities involve risks in terms of managing environmental issues or other responsible business.

Loiste is committed to finding out the sustainability effects of its value chain and reports them as part of its sustainability reporting. Suppliers are part of our value chain and we need information about our suppliers and the impact of their activities.

Loiste and the entities participating in Loiste's operations show their commitment to meeting the responsibility requirements of environmental aspects, social aspects and matters related to governance in their entire value chain.

Loiste companies require that companies that provide services to Loiste report information related to responsibility, good governance, operational quality, conformity of products and services, environmental impact and occupational health/safety to employees, respect for human rights, combating corruption and bribery to Loiste during the supplier selection phase and during the validity of the contract during supplier evaluations in connection with.

To ensure that the criteria of suppliers and products and services are met, Loiste carries out supplier audits. Suppliers are required to cooperate and be transparent in connection with audits.

These operational guidelines set general requirements for suppliers regarding their responsibilities for responsible business. The supplier assures that it acts responsibly and meets the requirements in its operations.

Terms of purchase

General
This manual applies to all Loiste companies' orders and purchases from suppliers. Any different conditions do not apply, unless the customer has accepted them electronically or in writing.

The manual applies to all contracts in the following order:
• contract document
• annexes to the contract document, excluding the general and special terms and conditions
• applicable special conditions
• applicable general terms and conditions
• manual requirements
•    other terms and conditions

If the content of the documents is contradictory, the contract will be followed first and then other documents in the order of mutual validity mentioned above.

Offer, order and changes
To be valid, all orders must be placed electronically or in writing. Any change, correction or addition made to the order will only become part of the order if both parties accept it electronically or in writing. A condition must be included in the contract, according to which the contract binding the contracting parties is only created when all the contracting parties have signed the contract or when the order has otherwise been placed.

Delivery time and delay
If the delivery is delayed for a reason attributable to the Supplier, the Supplier is obliged to pay a contractual penalty equal to the value defined at the contractual stage. Payment of the contractual penalty does not limit the customer's right to claim damages under the law.
If the delivery is significantly delayed from the agreed delivery date, the customer has the right to cancel the contract in whole or in part at his own discretion and to demand compensation.