Transparency Act Declaration 2023

Evidi will carry out due diligence assessments every year in accordance with the Transparency Act and publish an account of the assessments. The purpose of the Transparency Act is to promote business respect for basic human rights and decent working conditions.

The objective of this statement is to communicate our efforts regarding due diligence assessments and compliance with the law. Due diligence assessment refers to the process in which we identify, prevent, mitigate, remedy, and account for how we manage existing and potential negative impacts of our operations and supply chain. The work of due diligence assessments is an ongoing process, and our objective at Evidi is to achieve genuine improvement for people within our own organization and supply chain.

The report explains the measures that have been assessed and implemented to mitigate any negative consequences in relation to basic human rights and decent working conditions derived from the group's activities.

Evidi is a leading provider of IT solutions and services with a strong focus on Microsoft technologies. With their holistic expertise in advisory services, change management, development, implementation, and maintenance of critical IT solutions, they offer a comprehensive range of solutions to meet the diverse needs of their clients.

Their expertise extends to both physical and cloud-based infrastructure, enabling them to design and deploy robust IT environments that align with their clients' business objectives. Evidi specializes in implementing and optimizing critical business applications such as ERP (Enterprise Resource Planning) and CRM (Customer Relationship Management), ensuring efficient and streamlined operations.

Evidi also excels in data and integration platforms, facilitating seamless data flow and integration across systems. They have deep knowledge and experience in data modeling and analysis, helping businesses derive valuable insights from their data assets and make informed decisions.

With a strong focus on Microsoft technologies, Evidi is at the forefront of leveraging the capabilities of Microsoft's ecosystem. They have extensive experience in implementing and managing Microsoft-based solutions, utilizing tools such as Azure, Office 365, Dynamics 365, and SharePoint, among others.

Evidi's ownership structure is unique, with 60% of the company owned by its employees, fostering a strong sense of commitment and engagement within the organization. They also collaborate closely with Credo Partners, a Norwegian investment company known for its expertise in scaling up businesses. This partnership ensures a solid foundation for growth and innovation.

As a testament to their success, Evidi achieved aggregated revenues of MNOK 525 in 2022, highlighting their strong market presence and the trust placed in their solutions and services.

Evidi is organized as a group with currently three daughter companies in Norway and one in Denmark. This report cover the assessment of all those companies.

The Evidi Group has recently also acquired two companies: Dynamic Elements in Norway and Cloud Agility in Denmark. Both companies have development subsidiaries in India and will in 2023 be governed as separate entities with separate financial reporting and some specifics shared customer’s projects and services with the Group. These companies will, in accordance with a corporate company assessment process, be embedded more holistically into the Group and its transparency reporting for 2023. These companies will be labeled as PoweredbyEvidi.

The group has a significant presence with currently 410 employees spread across multiple offices in Oslo, Asker, Bergen, Halden, Sandnes, Sarpsborg, Stavanger, Tønsberg, Copenhagen, Odense, Aarhus, and Ahmedabad and Hyderabad, India. This widespread presence allows them to serve clients across different regions effectively and provide localized support and services. Currently the group is operating mostly in Norway with a clear ambition also to serve the Danish and Swedish markets.

Overall, Evidi stands out as a comprehensive and trusted provider of IT solutions and services, offering a wide range of expertise in Microsoft technologies and empowering businesses to achieve their digital transformation goals.

Evidi wants to contribute positively to promoting respect for human rights and employee rights. We work systematically to incorporate the human rights aspect into our operations and towards our partners. We do this, among other things, by giving our employees decent wages and regulated working hours. We do not accept any violation of basic human rights internally or externally. We work to uncover whether Evidi contributes to potential violations of human rights and decent working conditions, and we exercise a high degree of caution when we have operations or business partners in areas where human rights and worker rights are weaker. In cases where deviations are discovered, we will work actively to rectify them.

Through dialogue with the supplier/collaboration partner, measures will be implemented on a trial basis and then followed up. In the case of serious deviations, it will be reported to the Norwegian Consumer Protection Authority.

The CEO has the ultimate responsibility for ensuring that the law is met and delegates mandates to the relevant executive employees. The CIO is responsible for practical implementation and coordination, including identification of risks/deviations, measures, and follow-up of effects. If appropriate, this responsibility is delegated to the nearest professional/supplier manager. The purchasing and sustainability manager is nevertheless responsible for receiving, archiving, and following up on updated reports. Responsibility, mandate, and guidelines are anchored in the board.

Clear expectations have been created from the group management and the board, as well as a clear placement of responsibility within the business, for the implementation of the various aspects of the due diligence assessments. This statement has been prepared in accordance with the Transparency Act, the UN's guiding principles for business and human rights, and the OECD's model for due diligence assessments for responsible business.

Evidi practice a zero tolerance when it comes to child labor, sexual harassment, forced labor, occupational health and safety violations of workers' rights, compliance with the minimum wage, property, and minority rights.

Relevant conditions for due diligence assessment are related to the group's operations, business models, position in the supply chain and type of product and services. The work with human rights and decent working conditions at Evidi is a continuous process and incorporated into the overall business operations.

A routine has been established to ensure that our operations meet requirements to carry out and report on due diligence assessments, as well as safeguard the information obligations in the law. Furthermore, a Whistle Blowing function and routin has been implemented on the Evidi Intranet.

In the following, Evidi will explain which risks for negative consequences for human rights and decent working conditions that have been uncovered through the group’s due diligence assessments.

In 2022, Evidi started work on mapping and identifying risks related to human rights and decent working conditions. Our services are based on Microsoft's technology solutions, and we mainly use Nordic and or recognized companies as our suppliers. The main part of our services and revenue is generated from or by our own employees. Such operations are considered to have a low risk regarding responsible business, as Nordics companies are considered "safer" when it comes to adhering to the Transparency Act.

However, Evidi is aware that breaches can occur in the Nordics, so we have implemented measures to preserve and include partners who share our view of social responsibility. We are aware of the risks our line of business can be exposed to when operations -and development activities are executed in or sourced to so-called low-cost countries. This risk awareness is prioritized, and we are in the process of implementing a CRM solution for supplier engagements and procurements. Short term action is to secure that our Supplier checklists on compliance to e.g. the Transparency Act is fulfilled.

Risk categorizations and assessments
We work with many suppliers, customers, and other partners and together with our employees it makes up our overall value chain. We have defined and categorized our value chain into 4 main groups where we in total for this year assessment have chosen 10 different categories for Evidi’s due diligence assessment.

Suppliers, who supply goods or services we need in daily operations. From 2023, as part of our supplier contractual set of agreements, all regular suppliers must sign the document Suppliers Code of Conduct which captures provisions from, among other things, The Transparency Act. Our direct suppliers are subject to Evidi’s regular due diligence measures.

Sub-Suppliers: are addressed in Evidi's Supplier Code of Conduct, where requirements are set for suppliers to ensure that all parts of their value chains meet international requirements for decent working conditions and that there are no violations of human rights.

Customers: Evidi will strive to ensure that all agreements and sales are made with and for companies and other clients that adhere to the Transparency Act and or Evidi ethical guidelines. We will do this through continuous dialogues and close relationships with all main partners and clients. The customers are part of our value chain, but risk is not assessed systematically according to The Transparency Act as they are not part of the supply chain.

Evidi Employee: Approximately 80% of our employees is located and work in Norway, whereas 8% are working out of Denmark and 12% in Ahmadabad (Dynamics Elements) and Hyberabad (Cloud Agility) in India. For the reporting year 2022 approximately 90% of our employees where located in Norway.

The Nordics is known for high compliance to the human rights whilst our subsidiaries in India through newly acquired companies Dynamics Elements and Cloud Agility have high focus and routines based on the UN Guidelines on Business and Human Rights.

Evidi collaborate with a small range of institutions/organizations, such as the Oda Network for women in Tech and the Oslo Business Forum who work for empowering leaders to change the world. Basic Human rights and decent working conditions is at the core of this partnerships. However, those partnership is not part of our assessments, nevertheless all our engagements and partnerships, undergo a screening process with responsible managers in, for example, security, sales, or R&D departments.

Suppliers and sub-Suppliers
We identify our suppliers with usage of our accounting data. During 2023 all our supplier’s data and interactions will, similar as our customers already are, be migrated into our CRM solution for Marketing, Sales, and Procurement. This digitalization will ensure a higher quality and real time assessment of our value chain and more targeted mitigation actions.

With respect to potential human rights risks in relation to sub-suppliers, prior to entering an agreement we request relevant information from the supplier with an aim to identify any such risk further down the supply chain. Through contract regulations and on-going dialogue, we set out expectations to the supplier's efforts on human rights towards sub-suppliers.

The locations of the group’s daughter companies are decentralized and will in 2023 mostly be operated as separated entities with a group facilitated Common Transformation Project running. This project main objective is to harmonize and consolidate the system -and structural capital cross all companies.

Until all operational entities are on the same platform and comply to the same governing policies and processes, we are aware of the challenge we are facing in having an overview of all suppliers, especially indirect suppliers that are used in different daughter companies and geographical locations. This could pose a risk with respect to awareness of breaches in the entire value chain. Mitigation action is defined.

Evidi supplies services for migration to - and management of - cloud platforms, as well as use of cloud platforms in the development and management of our SaaS products. These services and products essentially use the Microsoft Azure international cloud platform as the provider. Microsoft is a valid supplier and contributor to our service offerings and our risk assessment is set to low in total. However, the geo-related risk aspect we assess to a medium level.

In general, there are comprehensive documentation on large corporation such as Microsoft (MSFT) who every now and then unknowingly use subcontractors or components in their downstream value chain that not sufficiently comply with the requirements related to pay and working conditions in particular, freedom of association and monitoring of the employees.

Evidi is aware of this risk and on regular basis monitor how the Norges Bank Investment Management (NBIM) exercise their ownership. NBIM hold an ownership of 1,3% in MSFT

which value is estimated to approximately 200 BNOK January 1, 2023. For Evidi NBIM’s ownership and voting positions offer a good clue to whether Evidi’s evaluation is within a right risk range.

The group will, as far as possible, use services from suppliers who are in Norway and/or in the rest of Europe.

Regarding the subcontractors the group uses to expand competence and capacity in assignments, the assessment is that they pose a low risk. The companies we currently use for such expansion is originated in the Nordics and are highly trained personnel in an orderly and transparent Nordic labor market. When it comes to subcontractors to our Indian subsidiary, we will assess the routines for hired help and strive to ensure compliance with the UN Guidelines.

Evidi Employees
Evidi is mainly a provider of IT solutions and services with Microsoft technologies at its core. The group delivers a wide range of services which primarily are competence work mostly carried out in own or on our customer's premises in Norway or Denmark. The Nordic countries is known for its low risk of violations of human rights and high decent working conditions. Our assessment is in line with that statement, and we see none or low risk of violations of human rights and decent working conditions related to our employees in the Nordics. When it comes to our recent company acquisitions, our employee’s origination and working locations now also include India which is in a geo-risk zone assessed as medium. We have defined some short- and long-term actions to ensure good compliance with the UN Guidelines.

Equality and discrimination
An ESG risk assessment has been carried out regarding areas related to environmental and equality/discrimination. The assessments states that Evidi has no cases of risk of environmental damages, nor is there a risk of a breach of provisions in the Equality and Discrimination Act so that it might be affected by the Transparency Act. However, some awareness actions are initiated, and progress are good.

Mapping and risk classification have not identified actual negative consequences or significant risks of negative impact on human rights through the overall risk assessment.

Evidi states that the group operates in an industry and at locations where there is a low risk of when it comes to violations of privacy, business conduct, HSE, human rights and working conditions. Evidi also considers that our subcontractors used in assignments pose equally a low risk for the same reasons.

We work closely with our main direct suppliers. In some cases, we are considered a small and insignificant partner or a customer, in other cases, we make up a significant part of the supplier's turnover. In many contexts, this will be decisive for the real impact we can have through introduced measures.

Certain acquisitions consist of many components. Products may therefore contain (smaller) parts that have been produced in countries that are categorized as problematic in terms of country risk according to Transparency International. In such cases, our opportunities for insight and influence are very limited.

To limit the risk of "unknown" suppliers due to decentralization, all our suppliers must be registered by the end of 2023 and the relationship must be managed through our CRM solution for sales and procurement. Routines will be established so that all suppliers used by Evidi, or subsidiaries recognize our Suppliers Code of Conduct and at least annually answer the Evidi Supplier Transparency questionnaire on how they comply with the Transparency Act or similar international Guidelines. In this way, we will ensure that due diligence assessments are carried out by each individual supplier, and we establish routines that ensure proper compliance with our guidelines.

When it comes to international cloud service providers and potential violation of human rights and working conditions, we consider being at a medium geo-risks level. If we include of procuring of mobile phones, portables computers and computer monitors etc, it’s unfortunately common knowledge that some of those tools are produced in areas which pose a high risk to human rights and working conditions. In accordance with our group's procedures, we will continue to strive to procure from providers which can document compliance to human rights and decent working conditions.

For our new Indian employees, our assessment conclude that they operate in accordance with UN practice for human rights and decent working conditions. However, we have stated the risk to medium level and actions are defined to ensure continuous good compliance. We will ensure that all our responsible managers and relevant subject matter experts are trained in International Transparency Guidelines. Furthermore, that our Indian employees equally are trained on their rights and that we together ensure needed actions to mitigate any potential breaches.

Short term actions have been initiated and we will also assess the possibility to implement an exchange/short term expatriation program with an objective to educate and understand our differences and mutual needs as well as facilitate diversity and creativity cross countries and cultures.

Suppliers of Evidi for direct and regular deliveries are evaluated annually. Primarily via answering the Evidi Supplier Transparency questionnaire. This form includes provisions in the Transparency Act in addition to certain industry-specific topics. In cases where the supplier is unsure of their answers, we engage in a dialogue to find out the facts. In cases where we ourselves discover deviations or receive observations/ reports about deviations/violations, the supplier is contacted so that we are ensured closer insight. Problematic conditions are discussed before agreed measures are established with a deadline for rectification.

Responsible operations and compliance with activity -and reporting obligations are rooted in the entire group, from the management to each individual employee. By using responsible practices when using foreign labor and when using suppliers in addition to facilitating free trade unions, the risk of violations of basic human rights and decent working conditions is

considerably reduced. There has been no need for recovery cases in the reporting year. As of today, we consider Evidi to be a relatively safe company with no major risk of violations of basic human rights or decent working conditions. We will continue to have a strong focus on responsible business. The experience we gain from the work with risk assessments is used to improve processes and results in the future.

Evidi Code of Conduct; to be published. OECD’s Guidelines for responsible business conduct; https://one.oecd.org/document/DAF/INV/ICD(2023)2/FINAL/en/pdfUN Guiding Principles for Business and Human rights; guidingprinciplesbusinesshr_en.pdf (ohchr.org)ILO’s 4 main conventions for human rights; https://www.fn.no/om-fn/avtaler/arbeidsliv/ilo-konvensjoner