Publication of Annual Report and Notice of AGM

The Group's financial performance is closely linked to global travel demand, which is influenced by macroeconomic factors including economic activity, employment, inflation, interest rates, currency movements, and consumer access to credit. Travel services are enabled by the freedom of movement of people nationally and internationally without prohibitive restrictions. Moreover, it is supported by affordable air, ferry and train fares at significant scale, and similarly good access to affordable accommodation.

Shifts in travel preferences, such as toward lower-cost destinations, may reduce average booking values and constrain revenue growth. Increasing macroeconomic volatility heightens uncertainty and the risk of adverse impacts on financial performance.

The Board and management monitor key economic, market, and trading indicators to assess risks and implement mitigating actions where needed. The Group's globally diversified customer base and destination footprint help offset regional downturns, with 50-60% of bookings in Europe and the remainder spread worldwide.

Consumer prioritisation of travel and leisure spending may partially mitigate macroeconomic headwinds, while operational flexibility allows the Group to adjust costs and conserve cash if global demand declines materially.

The difficulty in predicting an increasingly volatile macroeconomic environment increases the risk of impacts to the Group.

As a technology-driven e-commerce business, the Group relies on advanced software and infrastructure, exposing it to data security risks. Protecting customer information, proprietary data, and platform integrity is critical. The Group's hybrid workforce, global contractors, and evolving social strategy increase complexity, while rapid technological change and gaps in regulation can complicate compliance with laws such as GDPR.

The Group's hybrid workforce, global contractors, and evolving social strategy increase complexity, while rapid technological change and gaps in regulation can complicate compliance with laws such as GDPR.

Data protection is a core priority, supported by a comprehensive privacy, security, and compliance programme. Supplier onboarding requires rigorous review of data protection and IT security controls. The Group adheres to leading industry standards, maintains PCI compliance, and implements a GDPR-aligned data protection framework overseen by a Data Protection Officer and employee champions.

Hybrid work risks are managed through access controls, single sign-on, and multi-factor authentication. Expert cloud and security providers support operations, and new social and product developments are implemented using privacy-by-design principles and a risk-based approach. Regular employee training and proactive threat monitoring ensure compliance while supporting business growth and innovation.

The Group faces ongoing cyber threats that could compromise system integrity, data security, and customer trust. Increasingly sophisticated attacks, coupled with cloud migration and third-party vendor reliance, elevate the risk of data breaches, operational disruption, or reputational damage. Insurer coverage may be constrained in the event of incidents.

The Group invests significant resources to strengthen cyber resilience, with a comprehensive programme addressing internal and third-party risks. Procurement processes ensure new vendors meet security standards, while monitoring tools provide real-time threat detection and response.

Policies, procedures, and training are continually updated to reflect evolving threats and regulatory requirements. Mandatory employee cybersecurity awareness and cloud-specific skills development courses underpin operational security. Multi-factor authentication and access controls enhance system protection and attack resilience.

AI technology is evolving rapidly, presenting both opportunities and risks across the Group's operations.

Generative AI tools such as search assistants, OS-level copilots and super-apps can impact how customers plan their trips. "Zero-click" journeys may bypass OTAs entirely, impacting the Groups revenue and profitability.

Cybersecurity threats include AI-enabled attacks, such as social engineering or algorithmic exploitation. The adoption of AI-enabled tools by third-party vendors introduces risks of compromised integrity, security vulnerabilities, or non-compliance with data privacy regulations. Compliance risks include failure to meet obligations under the AI Act or GDPR, exposing the Group to regulatory penalties or reputational harm.

AI adoption may also create operational risks from biases, misuse, or over-reliance on AI-driven decisions, potentially affecting product safety, customer trust, or competitive positioning. Proprietary data used in AI models introduces confidentiality, integrity, and availability risks. Regulatory obligations, including under the EU AI Act and GDPR, create exposure to potential penalties or reputational harm.

The Group have an AI governance framework in place.

While the Group is monitoring developments of generative AI closely, Hostelworld's strategy is focused on social human connection and experiences which cannot be replicated easily.

Hostelworld prioritises cyber and data security in mitigating AI risks. AI tools are confined to secure environments to ensure its integrity, as well as encryption and monitoring controls.

Tailored employee training on ethical and regulatory considerations of AI has been rolled out, and the procurement process ensures supplier features meet prerequisite confidentiality, integrity, and availability standards.

Management and the Board closely monitor developments in AI product offerings. Potential AI impacts are considered in deriving and implementing the Group's strategy.

AI features are deployed using a phased rollout approach, controlled "safe to fail" experiments, and manual oversight to ensure responsible use. Human intervention remains central.

The pace of change in AI is fast, and it has a wide range of areas in which it can impact the Group. Careful management focus is required to ensure appropriate monitoring and mitigation is in place.

The Group operates in a highly competitive global travel market, where competitors, including large incumbents and disruptive new entrants, can influence pricing, inventory access, and customer acquisition. Competitors willing to operate at a loss or invest heavily in technology may challenge the Group's market share and growth.

Competition may also impact supplier relationships, including exclusive supply agreements, and evolving regulations such as the Digital Markets Act may alter market dynamics. Changes in technology, including AI, and shifts in customer preferences - such as increased demand for private rooms or experiential travel - can influence acquisition costs, demand, and the relevance of the Group's offering.

The Group continuously monitors market share, hostel coverage, and competitor activity to guide acquisition, retention, and pricing strategies. The Group's strategy focuses on leveraging its unique market position of having a social offering through targeted customer acquisition and optimising the profitability of existing customer cohorts, emphasising customer lifetime value/customer acquisition cost.

There is a continued focus on improving platform flexibility, enhancing customer experience, and global expansion. Delivering advanced technology solutions can help the Group to diversify from exclusive OTA reliance to a broader experiential travel offering.

Strategic partnerships and commercial agreements secure inventory and competitive rates, while leveraging the Group's proprietary tools-such as the "Solo System" and social cues-to maintain supplier loyalty.

The Group explores AI and new distribution channels for customer acquisition and remains adaptable to market changes.

The Group continues to pursue an ambitious growth strategy to deliver attractive sustainable returns for shareholders. Delivering this strategy requires strong leadership, employee engagement, investment and governance.

The Group operates in an intensely competitive global environment and there is a risk of loss in market share to competitors or markets generally not performing in line with expected growth.

In 2025, the Group acquired OccasionGenius Inc. and is integrating its event discovery platform into the existing social and accommodation offering. This creates opportunities to strengthen engagement and diversify revenue streams. Effective integration is critical to realise the intended strategic and financial benefits.

The Executive Leadership Team maintains clear accountability for delivering strategic objectives, with regular monitoring of operational and financial performance against targets.

Competitor activity and market trends are closely tracked, allowing timely responses to changes in the external environment. Investment in the Group's social platform and ongoing partnership development with hostels supports differentiation and market positioning.

Dedicated resources, including management oversight and cross-functional teams, are focused on the seamless integration of OccasionGenius Inc. and the execution of the broader strategic plan, ensuring alignment with the growth ambitions presented at the last Capital Markets Day.

A significant proportion of the Group's website traffic originates from search engines, through both paid and organic channels. Visibility and customer acquisition are therefore highly dependent on search engine optimisation and search engine marketing.

Search engine algorithms, like Google's, constantly change, affecting our placement and costs. AI-powered platforms are further influencing search results, making algorithm management and optimisation crucial for our marketing strategy and efficiency.

In addition, the Group is dependent on a small number of traffic sources, subject to margin pressure from escalating bidding competition with other, larger OTAs, and there is a new risk of zero-click AI search reducing traffic volumes.

The Group invests in skilled personnel for paid and non-paid searches. In-house expertise and technology adapt to algorithm changes.

The search marketing team collaborates with Google, gaining search traffic efficiency insights. Participation in alpha and beta tests give the Group first mover advantage with new functionality that can help drive efficiency.

Skill enhancement through third-party vendors complements in-house capabilities for search engine optimisation.

Rapid technological change is transforming how customers research, book, and experience travel, driven by innovations such as AI, mobile applications, meta-search platforms, social communities, and digital advertising. Failure to keep pace with these developments risks the Group becoming less relevant to modern travellers.

Technology obsolescence and the introduction of new products or features also increase exposure to operational and cybersecurity risks if controls do not evolve alongside the platform. Continuous innovation is therefore critical to maintain competitiveness, user engagement, and secure service delivery.

The Group monitors emerging technology trends and customer behaviours to guide platform development and product strategy. Significant investment is directed to research, product innovation, and collaboration with peer companies and partners across the travel sector.

Partnerships are leveraged to ensure delivery of advanced, best-in-class technology solutions for customers and hostel partners. Following completion of the core platform modernisation, the Group now focuses on continuous enhancement and optimisation to maintain functionality, security, and operational efficiency.

The Group relies on attracting and retaining skilled, committed, and motivated employees for strategic success.

The Group is dependent on key roles throughout all functions of the business to drive innovation, ensure efficiency and deliver on the Group's strategy. These tend to be specialist roles where competition for talent is high.

Failure to recruit or retain appropriately skilled employees, or to maintain competitive reward and development offerings, may lead to increased attrition, loss of institutional knowledge, and reduced capacity to deliver the Group's objectives.

The Group undertakes regular external salary benchmarking to ensure its reward offering remains competitive and aligned with market standards. People policies and practices are reviewed and updated on an ongoing basis to reflect employee needs and evolving ways of working.

The Group operates from three global offices and maintains flexibility in workforce location to access broader talent pools. Workforce engagement is supported through the oversight of a designated Non-Executive Director, in line with the 2024 UK Corporate Governance Code.

The strength of the Group's brand is critical to customer trust, acquisition, and long-term growth.

As a result of our social network strategy, we are subject to eexplicit risk of harmful user-generated content, community moderation failure and a reputational contagion from viral incidents.

Reputational risk may arise from cybersecurity incidents, poor customer experiences involving the Group's platform or hostel partners, or ineffective responses to sensitive issues such as geopolitical events or improper user behaviour. The Group could be subject to payment fraud, fake property listings, and review manipulation.

False or unsubstantiated claims relating to inclusion, engagement and diversity or sustainability may undermine credibility and stakeholder confidence.

How Hostelworld is perceived as responding to geopolitical developments and improper user actions could also affect brand integrity and the business.

The increasing use of artificial intelligence presents opportunities to enhance customer experience and operational efficiency but also introduces emerging risks relating to transparency, bias, content moderation, and misuse, which may adversely affect brand perception if not appropriately governed.

The Group focuses paid marketing activity on app promotion and product innovation, supported by brand marketing investment in owned channels and social media engagement through content creators. Customer relationship management initiatives integrate social features across the customer journey, while proactive communication addresses emotive issues like the Ukraine war.

Third-party services are engaged to monitor chat channels and there is a strict code of conduct in place to ensure appropriate content.

Reputational incidents are managed through established crisis communications and incident response plans, developed and periodically reviewed with external public relations advisors. Cybersecurity controls and crisis response arrangements are in place to mitigate the impact of potential cyber incidents.

Customer experience is supported through dedicated customer service functions and crisis management policies. In-app social features are governed by clear terms of use, codes of conduct, and automated moderation processes to address inappropriate behaviour.

An ESG Steerco oversees sustainability, mitigating risks through third parties.

Our IT and procurement policies as well as our legal frameworks are reviewed and updated regularly.

Stakeholders increasingly expect the Group to demonstrate accountability and transparency in relation to climate change and sustainability. Failure to meet these expectations through ineffective strategy, target setting, delivery, or disclosure may result in reputational damage and reduced stakeholder confidence.

Achieving climate-related commitments may also give rise to additional costs, including investment in sustainability initiatives that could impact pricing and margins.

The Group is subject to expanding sustainability-related reporting and disclosure requirements, creating a risk of perceived non-compliance or insufficient transparency. In addition, evolving customer attitudes towards travel, regulatory measures such as carbon pricing, and physical climate risks including extreme weather events may influence travel behaviour, disrupt operations, and adversely affect revenue and profitability.

The Group's climate and sustainability strategy is overseen by ESG Steering Committees (ESG Steerco) which govern climate-related actions and compliance. ESG Steerco members receive specialist training from external providers and engage third-party experts where required to support regulatory compliance, target setting, and reporting. Stakeholder engagement informs the Group's sustainability priorities, and progress against targets is reviewed and published annually.

The Group supports accommodation partners and customers in their sustainability efforts through dedicated internal resources and initiatives. While climate-related factors may affect travel patterns, the Group's globally diversified customer base and destination portfolio help to mitigate the impact of regional or destination-specific disruption.

The Group operates across multiple jurisdictions and is subject to an increasingly complex and evolving regulatory landscape. Regulatory and legal risks arise in areas including competition, licensing of accommodation and experiences, consumer protection, online trading, payments, tax, intellectual property, data protection, information security, and commercial disputes.

The Group is required to comply with a range of sector-specific and digital regulations, including payment card association rules, the EU Package Travel Directive, cookie and consent requirements under GDPR and the ePrivacy framework, and the Digital Services Act, which imposes content moderation and transparency obligations. Failure to comply may result in fines, operational restrictions, reputational damage, or legal action.

Heightened scrutiny of international data transfer mechanisms, including standard contractual clauses following the invalidation of the EU-US Privacy Shield, together with evolving global privacy regimes such as the California Privacy Rights Act, creates ongoing compliance and operational uncertainty.

New and evolving sign-up, reporting, and platform regulations, including the EU DAC7 directive, may increase administrative complexity, slow onboarding, affect property categorisation, or result in the removal of listings due to changes in local laws. Ongoing regulatory developments may increase compliance costs and constrain business flexibility.

Sustainability-related legislation increasingly requires transparent disclosure and monitoring of compliance with climate and environmental obligations.

The Group's legal team monitors evolving regulatory requirements, supported by external advisers where needed, and oversees compliance with consumer protection, listing rules, governance codes, and market abuse requirements.

Data protection, online safety, and digital regulation compliance are reviewed on an ongoing basis, with processes updated to reflect developments and evolving privacy legislation.

The Group maintains appropriate insurance coverage and continues to enhance operational processes to support compliance and customer experience.

A formal TCFD governance framework, supported by third-party monitoring, underpins climate-related disclosure requirements.