PricewaterhouseCoopers Polska spółka z ograniczoną odpowiedzialnością Audyt sp. k. , ul. Polna 11, 00-633 Warsaw, Poland, T: +48 (22) 746 4000, F:+48 (22) 742 4040 ,

www.pwc.pl

PricewaterhouseCoopers Polska spółka z ograniczoną odpowiedzialnością Audyt sp. k. is entered into the National Court Register maintained by the District Court for the Capital City of Warsaw, under KRS number 0000741448, NIP 113-23-99-979. The seat of the Company is in Warsaw at Polna 11.

Independent Registered Auditor’s Report

To the General Shareholders’ Meeting and the Supervisory Board of XTB S.A.

Report on the audit of consolidated financial statements

Our opinion

In our opinion, the attached annual consolidated financial statements:

• give a true and fair view of the consolidated financial position of XTB S.A. (the “ Parent Company”) and its subsidiaries (together the “Group”) as at 31 December 2023 and the Company’s consolidated financial performance and the consolidated cash flows for the year then ended in accordance with the applicable International Financial Reporting Standards as adopted by the European Union and the adopted accounting policies;

• comply in terms of form and content with the laws applicable to the Group and the Parent Company’s Articles of Association;

Our opinion is consistent with our additional report to the Audit Committee issued on the date of this report.

What we have audited

We have audited the annual consolidated financial statements of XTB S.A. Group which comprise:

• the consolidated statement of financial position as at 31 December 2023;

and the following prepared for the financial year then ended 2023:

• the consolidated statement of profit or loss and other comprehensive income;

• the consolidated statement of changes in equity;

• the consolidated cash flow statement; and

• the notes comprising a description of the adopted accounting policies and other explanatory information.

Basis for opinion

We conducted our audit in accordance with the National Standards on Auditing as adopted by the resolution of the National Council of Statutory Auditors and the resolution of the Council of the Polish Audit Supervision Agency (“NSA”) and pursuant to the Law of 11 May 2017 on Registered Auditors, Registered Audit Companies and Public Oversight (the “Law on Registered Auditors”) and the Regulation (EU) No. 537/2014 of 16 April 2014 on specific requirements regarding the statutory audit

of public-interest entities (the “EU Regulation”). Our responsibilities under NSA are further described in the Auditor’s responsibilities for the audit of the consolidated financial statements section of our report.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Independence

We are independent of the Group in accordance with the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants (IESBA Code) as adopted by resolution of the National Council of Statutory Auditors and other ethical requirements that are relevant to our audit of the consolidated financial statements in Poland. We have fulfilled our other ethical responsibilities in accordance with these requirements and the IESBA Code. During the audit, the key registered auditor and the registered audit firm remained independent of the Group in accordance with the independence requirements set out in the Act on Registered Auditors and in the EU Regulation

Our audit approach

Overview

• The overall materiality threshold adopted for the purposes of our audit was set at PLN 47,800 thousand, which represents approximately 5% of the profit before tax.

• We have audited the annual consolidated financial statements of the Group for the period 31 December 2023.

• The scope of our audit covered 100% of the sum of total assets of all the consolidated Group companies before consolidation eliminations.

• Valuation of financial assets and liabilities and recognition of result on operations on financial instruments.

Materiality

Group scoping

Key audit matters

3

As part of designing our audit, we determined materiality and assessed the risks of material misstatement in the consolidated financial statements. In particular, we considered where the Parent Company’s Management Board made subjective judgements; for example, in respect of significant accounting estimates that involved making assumptions and considering future events that are inherently uncertain. As in all of our audits we also addressed the risk of management override of internal controls, including among other matters, consideration of whether there was evidence of bias that represented a risk of material misstatement due to fraud.

We tailored the scope of our audit in order to perform sufficient work to enable us to provide an opinion on the consolidated financial statements as a whole, taking into account the structure of the Group, the accounting processes and controls, and the industry in which the Group operates.

Materiality

The scope of our audit was influenced by our application of materiality. An audit is designed to obtain reasonable assurance whether the consolidated financial statements are free from material misstatement. Misstatements may arise due to fraud or error. They are considered material if, individually or in aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the consolidated financial statements.

Based on our professional judgement, we determined certain quantitative thresholds for materiality, including the overall materiality for the consolidated financial statements as a whole, as set out in the table below. These, together with qualitative considerations, helped us to determine the scope of our audit and the nature, timing and extent of our audit procedures and to evaluate the effect of misstatements, if any, both individually and in aggregate on the consolidated financial statements as a whole.

Overall Group materiality

PLN 47,800 thousand (46,400 thousand PLN in 2022)

How we determined it

approximately 5% of profit before tax

Rationale for the materiality benchmark applied

We adopted profit before tax as the basis for determining materiality because we believe this measure is commonly used to evaluate the Group’s operations by users of financial statements and is a generally accepted benchmark.

We applied materiality at 5% because, based on our professional judgement, it is consistent with the level of quantitative materiality used in the examination of profit-oriented entities in the brokerage industry.

We agreed with the Audit Committee of the Parent Company that we would report to them misstatements of the consolidated financial statements identified during our audit above PLN 2,390 thousand, as well as misstatements below that amount that, in our view, warranted reporting for qualitative reasons.

4

Key audit matters

Key audit matters are those matters that, in our professional judgement, were of most significance in our audit of the consolidated financial statements of the current period. They include the most significant identified risks of material misstatements, including the identified risks of material misstatement resulting from fraud. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our opinion thereon. We do not provide a separate opinion on these matters.

Key audit matter

How our audit addressed the key audit matter

Valuation of financial assets and liabilities and recognition of result on operations on financial instruments

The result on operations on financial instruments for the year ended 31 December 2023 amounted to PLN 1,574,491 thousand and constituted the most important item in the consolidated statement of comprehensive income of the Group. The value of financial assets at fair value through profit or loss and financial liabilities held for trading at 31 December 2023, amounted to PLN 903,255 thousand and PLN 110,358 thousand respectively.

The result of operations on financial instruments of the Group consists of realised and unrealised gains or losses and costs related to trading in financial instruments.

The customer transaction process and valuation of derivative financial instruments is massive and includes large amount of market data necessary for valuation.

Given the above, this area requires significant effort and expertise in financial instruments and the use of information systems, which is why we have identified it as a key research matter.

Information regarding accounting policies, as well as quantitative disclosures regarding the result on operations on financial instruments,

As part of our audit procedures we updated our understanding of the Group’s policies and procedures for entering into transactions and valuing financial instruments and recognising the result thereof.

We analysed the design and verified the effectiveness of the control mechanisms implemented by the Group in this area, including the process of concluding transactions with customers, the valuation process, as well as the risk management process, including limits on open positions.

With respect to the IT systems through which transactions are executed and financial instruments are valued, we updated our understanding and assessment of internal controls including, change management and access control to systems that process customer related transaction data.

On selected transactions’ populations, we performed independent valuation of financial instruments and verified the correctness of recognising the accounting data at the balance sheet date. Furthermore, with regard to the result on financial instruments, we performed detailed tests, including independent recalculation of the result on a sample, as well as reconciliation of selected transactions to source documentation and tests of system reports on transactions on financial instruments. In addition, we conducted an analysis of customer complaints and claims.

Furthermore, we assessed the adequacy and completeness of the disclosures concerning the result

5

financial assets at fair value through profit and loss and financial liabilities held for trading are described in notes 4.4, 4.11, 5.1, 15 and 21 of the consolidated financial statement.

on financial instruments, financial assets at fair value through profit or loss and financial liabilities held for trading in the consolidated financial statement in accordance with the accounting standards applicable to the Group.

Responsibility of the Management and Supervisory Board for the consolidated financial statements

The Management Board of the Parent Company is responsible for the preparation, of the annual consolidated financial statements that give a true and fair view of the Group’s financial position and results of operations, in accordance with International Financial Reporting Standards as adopted by the European Union, the adopted accounting policies, the applicable laws and the Parent Company’s Articles of Association, and for such internal control as the Management Board determines is necessary to enable the preparation of consolidated financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the consolidated financial statements, the Parent Company’s Management Board is responsible for assessing the Group’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the Management Board either intends to liquidate the Group or to cease operations, or has no realistic alternative but to do so.

The Parent Company’s Management Board and members of the Supervisory Board are obliged to ensure that the consolidated financial statements comply with the requirements specified in the Accounting Act of 29 September 1994 (“the Accounting Law”). Members of the Supervisory Board are responsible for overseeing the financial reporting process.

Auditor’s responsibility for the audit of the consolidated financial statements

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with the NSA will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in aggregate, they could reasonably be expected to influence economic decisions of users taken on the basis of these consolidated financial statements.

The scope of the audit does not include an assurance on the Group’s future profitability nor the efficiency and effectiveness of the Parent Company’s Management Board conducting its affairs, now or in future.

As part of an audit in accordance with NSA, we exercise professional judgement and maintain professional scepticism throughout the audit. We also:

• identify and assess the risks of material misstatement of the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from

6

error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control;

• obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Group’s internal control;

• evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the Parent Company’s Management Board;

• conclude on the appropriateness of the Parent Company’s Management Board’s use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Group’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor’s report to the related disclosures in the consolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report. However, future events or conditions may cause the Group to cease to continue as a going concern;

• evaluate the overall presentation, structure and content of the consolidated financial statements, including the disclosures, and whether the consolidated financial statements represent the underlying transactions and events in a manner that achieves fair presentation;

• obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the Group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the Group audit. We remain solely responsible for our audit opinion.

We communicate with the Audit Committee regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide the Audit Committee with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, actions taken to eliminate threats or safeguards applied.

From the matters communicated to the Audit Committee, we determine those matters that were of most significance in the audit of the consolidated financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor’s report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication.

Other information, including the report on the operations

Other information

Other information comprises:

7

• Managements report on the Company’s and Group’s operations for the financial year ended 31 December 2023 (“the Report on the operations”) and the corporate governance statement which is a separate part of the Report on the operations,

• a separate report on non-financial information;

• the Annual Report for the financial year ended 31 December 2023 (“the Annual Report”).

(together “Other Information”)

Other information does not include the financial statements and our auditor’s report thereon.

We obtained the Annual Report before the date of this audit report, except for the Statement of the Supervisory Board:

a) regarding the appointment, composition and functioning of the Audit Committee, referred to in Art. 70 sec. 1 point 8 of the Regulation of the Minister of Finance from 29 March 2018 in regards to current and periodic information provided by issuers of securities and the conditions for recognising as equivalent information by the law of a non-member state (‘’Regulation on current information”)

and

b) in the scope of assessment with justification, regarding the report on activity of the issuer and the financial statement in terms of their compliance with bookkeeping, documentation and facts referred to in Art. 70 sec. 1 point 14 of the Regulation on current information.

which will be available after this date.

Responsibility of the Management and Supervisory Board

The Management Board of the Parent Company is responsible for the preparation of the Other Information in accordance with the law.

The Parent Company’s Management Board and the members of the Supervisory Board are obliged to ensure that the Report on the operations of the Group including its separate parts and a separate report on non-financial information comply with the requirements of the Accounting Law.

Registered auditor’s responsibility

Our opinion on the consolidated financial statements does not cover the Other Information.

In connection with our audit of the consolidated financial statements, our responsibility under NSA is to read the Other Information and, in doing so, consider whether the Other Information is materially inconsistent with the information in the consolidated financial statements, our knowledge obtained in our audit, or otherwise appears to be materially misstated. If, based on the work performed, we identified a material misstatement in the Other Information, we are obliged to inform about it in our audit report. In accordance with the requirements of the Law on the Registered Auditors, we are also obliged to issue an opinion on whether the Report on the operations has been prepared in accordance with the law and is consistent with information included in annual consolidated financial statements.

Moreover, we are obliged to issue an opinion on whether the Group provided the required information in its corporate governance statement and to inform whether the Group prepared a separate report on non-financial information.

8

In addition, we are required to audit the financial information included in the Report on the operations in accordance with the scope described in this audit report and the requirements of the Financial Instruments Trading Act of July 29, 2005 (the “Trading Act”).

Statement on the Other information

We declare, based on the knowledge of the Group and its environment obtained during our audit, that we have not identified any material misstatements in the Report on the operations of the Group and the remaining Other information which we obtained before the date of this audit report.

Opinion on the Report on the operations

Based on the work we carried out during our audit, in our opinion, the Report on the operations of the Group:

• has been prepared in accordance with the requirements of Article 49 of the Accounting Act and para. 71 of the Regulation of the Minister of Finance dated 29 March 2018 on current and periodical information submitted by issuers of securities and conditions for considering as equivalent the information required under the legislation of a non-Member State (“Regulation on current information”) and art. 110w point 1 of the Trading Act.

• is consistent with the information in the consolidated financial statements.

•

Opinion on the corporate governance statement

In our opinion, in its corporate governance statement, the Group included information set out in para. 70.6 (5) of the Regulation on current information. In addition, in our opinion, information specified in paragraph 70.6 (5)(c)–(f), (h) and (i) of the said Regulation included in the corporate governance statement are consistent with the applicable provisions of the law and with information included in the consolidated financial statements.

Information on non-financial information

In accordance with the requirements of the Act on the Registered Auditors, we confirm that the Group has prepared a separate report on non-financial information referred to in Article 55.2 of the Accounting Act as a separate section of the Report on the operations.

We have not performed any assurance work relating to the separate report on non-financial information and we do not provide any assurance with regard to it.

Report on other legal and regulatory requirements

Report on the compliance of the marking up of consolidated financial statements with the requirements of the European Single Electronic Format (“ESEF”)

In connection with the audit of consolidated financial statements we have been engaged by the Parent Company’s Management Board based on a contract for the consolidated financial statements to conduct a reasonable assurance engagement to express an opinion whether the consolidated financial statements of the Group as at and for the year ended 31 December 2023 prepared in the

single electronic format contained in the file named xtb-2023-12-31-pl.zip (the “consolidated financial statements in the ESEF format”) was marked up in accordance with the requirements in the article 4 of the Commission Delegated Regulation (EU) 2019/815 of 17 December 2018 supplementing Directive 2004/109/EC of the European Parliament and of the Council with regard to regulatory technical standards on the specification of a single electronic reporting format (the “ESEF Regulation”).

Description of a subject matter and applicable criteria

The consolidated financial statements in the ESEF format were prepared by the Parent Company’s Management Board to comply with the technical requirements regarding the specification of a single electronic reporting format and marking up, which are set out in the ESEF Regulation.

The subject matter of our assurance engagement is the compliance of the consolidated financial statements in the ESEF format with the requirements of the ESEF Regulation and the requirements of this regulation, in our view, constitute appropriate criteria to form a reasonable assurance conclusion.

Responsibility of the Management Board of the Parent Company and the Supervisory Board

The Parent Company’s Management Board is responsible for the preparation of the consolidated financial statements in the ESEF format in accordance with the technical requirements regarding the specification of a single electronic reporting format which are set out in the ESEF Regulation. This responsibility includes the selection and application of appropriate markups in iXBRL using taxonomy specified in the ESEF Regulation. The responsibility of the Management Board also includes designing, implementing and maintaining internal controls relevant for the preparation of the consolidated financial statements in the ESEF format which are free from material non-compliance with the requirements of the ESEF Regulation and their marking-up in compliance with these requirements .

Members of the Parent Company’s Supervisory Board are responsible for overseeing the financial reporting process, which also includes the preparation of the consolidated financial statements in accordance with the format that is compliant with legal requirements.

Our responsibility

Our objective was to express an opinion, based on the conducted reasonable assurance engagement, whether the consolidated financial statements prepared in the ESEF format were marked up, in all material respects, with the requirements of the ESEF Regulation.

We conducted our engagement in accordance with the National Standard on Assurance Engagements other than Audit and Review 3001pl - audit of financial statements prepared in the single electronic reporting format (“KSUA 3001pl”) and where relevant with the National Standard on Assurance Engagements 3000 (R) in the wording of the International Standard on Assurance Services 3000 (Revised) - ‘Assurance Engagements other than Audits and Reviews of Historical Financial Information’ as issued by the National Council of Statutory Auditors (“KSUA 3000(R)”). These standards require that we comply with ethical requirements, plan and perform procedures to obtain reasonable assurance whether the consolidated financial statements in the ESEF format were marked up, in all material respects, in compliance with the specified criteria.

Reasonable assurance is a high level of assurance, but it does not guarantee that the engagement performed in accordance with KSUA 3001pl and KSUA 3000 (R) will always detect the material misstatement (significant non-compliance with the requirements).

The selection of the procedures depends on the auditor's judgement, including the auditor's assessment of the risk of material misstatements, whether due to fraud or error. In performing the assessments of this risk, the auditor shall consider the internal control related to the preparation of the consolidated financial statements in the ESEF format and its marking-up in order to plan appropriate procedures to provide the auditor with sufficient evidence appropriate to the circumstances. The assessment of the functioning of the internal control system was not carried out in order to express an opinion on the effectiveness of its operation.

Quality management and ethical requirements

We apply the provisions of the National Standard on Quality Control 1 in the wording of the International Standard on Quality Management (PL) 1 – “Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements” as issued by the International Auditing and Assurance Standards Board and adopted by the resolution of the Council of the Polish Audit Supervision Agency. This standard requires the firm to design, implement and operate a system of quality management including policies or procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

We comply with the independence and other ethical requirements of the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants as adopted by resolution of the National Council of Statutory Auditors, which is founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour.

Summary of the work performed

Our planned and performed procedures were aimed at obtaining reasonable assurance whether the consolidated financial statements in the ESEF format were marked-up, in all material respects, in compliance with the applicable requirements. Our procedures included in particular:

• obtaining an understanding of the process of preparation of the consolidated financial statements in the ESEF format, including the process of selection and application by the Group of the XBRL tags and ensuring the compliance with the ESEF Regulation, including understanding the mechanism of the internal control system related to this process;

• reconciliation, on a selected sample, of the marked-up information contained in the consolidated financial statements in the ESEF format to the audited consolidated financial statements;

• evaluating of compliance with the technical standards regarding the specification of a single electronic reporting format, including the use of XHTML;

• evaluating the completeness of marking up the consolidated financial statements in the ESEF format using the iXBRL tags;

• evaluating the appropriateness of the use of XBRL tags selected from the taxonomy defined in the ESEF Regulation and whether the extension markups were used appropriately where no suitable element in taxonomy defined in the ESEF Regulation has been identified;

• evaluating the appropriateness of anchoring of the extension elements to the ESEF taxonomy from the ESEF regulation;

We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our conclusion.

Conclusion

In our opinion, based on the procedures performed, the consolidated financial statements in the ESEF format were marked-up, in all material respects, in compliance with the requirements of the ESEF Regulation.

Information on compliance with prudential regulations

The Management Board of the Parent Company is responsible for complying with the applicable prudential regulations set out in separate legislation, and in particular, for correct determination of the capital ratios.

The capital ratios as at 31 December 2023 have been presented in Note 35 of the consolidated financial statements.

We are obliged to inform in our report on the audit of the consolidated financial statements whether the Group has complied with the applicable prudential regulations set out in separate legislation, and in particular, whether the Group has correctly determined its capital ratios.

For the purposes of the said information, the following legal acts are understood as separate legislation: Regulation (EU) no. 2019/2033 of the European Parliament and of the Council of 27 November 2019 on prudential requirements for investment firms and amending Regulation (EU) No 1093/2010, (EU) No 575/2013, (EU) No 600/2014 and (EU) No 806/2014 (“IFR”), as well as Regulation of the Minister of Development and Finance of December 8, 2021 on the estimation of internal capital and liquid assets, the risk management system, supervisory review and evaluation, as well as the remuneration policy in a brokerage house and a small house brokerage.

It is not the purpose of an audit of the consolidated financial statements to present an opinion on compliance with the applicable prudential regulations specified in the separate legislation specified above, and in particular, on the correct determination of the capital ratios, and therefore, we do not express such an opinion.

Based on the work performed by us, we inform you that we have not identified:

• any cases of non-compliance by the Group with the applicable prudential regulations set out in separate legislation referred to above, in the period from 1 January to 31 December 2023;

• any irregularities in the determination by the Group of the capital ratios as at 31 December 2023 in accordance with the separate legislation referred to above;

which would have a material impact on the consolidated financial statements.

Statement on the provision of non-audit services

To the best of our knowledge and belief, we declare that the non-audit services we have provided to the Parent Company, its parent company and its controlled entities within the European Union are in accordance with the applicable laws and regulations in Poland and that we have not provided any non-audit services prohibited under Article 5(1) of the EU regulation and Article 136 of the Law on Registered Auditors.

The non-audit services which we have provided to the Parent Company and its controlled entities within the European Union during the audited period are disclosed in note 30 of the consolidated financial statements.

Appointment

We were first appointed to audit the annual consolidated financial statements of the Group by resolution of the Supervisory Board of the Parent Company No 45/2018 of 7 November 2018 and again by a resolution dated May 4, 2021. We have been auditing the Group’s consolidated financial statements without interruption since the financial year ended 31 December 2019

, i.e. for five consecutive years.

The Key Registered Auditor responsible for the audit on behalf of PricewaterhouseCoopers Polska spółka z ograniczoną odpowiedzialnością Audyt sp.k., a company entered on the list of Registered Audit Companies with the number 144., is Agnieszka Accordi.

Agnieszka Accordi

Key Registered Auditor

No. in the registry 11665

Warsaw, 27 March 2024