Dovalue

Environmental & Social Information • Mar 29, 2024

Consolidated Non-Financial Statement Pursuant to Italian Legislative Decree 254/2016

At 31 December 2023

doValue S.p.A. formerly doBank S.p.A. Viale dell'Agricoltura, 7 – 37135 Verona (VR)

T: +39 800 44 33 94 - F: +39 0458764831 - Tax Code 00390840239 and VAT No. 02659940239 - Share Capital € 41,280,000 fully paid up. Email: infodvl@dovalue.it - dovalue.pec@actaliscertymail.it - Website: www.dovalue.it

	MESSAGE TO STAKEHOLDERS FROM THE CEO	5
	1 THE DOVALUE GROUP	8
	1.1 DOVALUE: A STORY OF GROWTH AND DIVERSIFICATION
	1.2 THE DEVELOPMENT OF A SUSTAINABLE FINANCIAL SYSTEM:
	PURPOSE, VISION, MISSION AND STRATEGY OF THE GROUP
	1.3 OPERATING MODEL AND VALUE CREATION 1.4 LEGAL STATUS AND SHAREHOLDER STRUCTURE
	2 SUSTAINABLE VALUE	20
	2.1 THE SUSTAINABILITY STRATEGY
	2.2. MATERIALITY ANALYSIS
	2.3. DIALOGUE WITH STAKEHOLDERS 2.4. EVOLUTIONARY TRAJECTORIES AND PROSPECTIVE VISION
	3 DOVALUE GROUP GOVERNANCE	36
	3.1 ETHICS AND BUSINESS INTEGRITY
	3.2 GOVERNANCE AND RISK MANAGEMENT
	4 VALUE FOR EMPLOYEES	66
	4.1 CONTENTS DOVALUE AND ITS PEOPLE
	4.2 PROTECTION OF DIVERSITY AND RESPECT FOR HUMAN RIGHTS
	4.3 TRAINING, SKILLS DEVELOPMENT AND ENHANCEMENT OF TALENTS
	4.4 EMPLOYEE WELL-BEING 4.5 INDUSTRIAL RELATIONS AND TRADE UNION RELATIONS
	4.6 WORKPLACE HEALTH AND SAFETY
S	5 THE DOVALUE GROUP'S BUSINESS RESPONSIBILITY
	5.1 TRANSPARENCY, FAIRNESS AND RESPONSIBILITY IN THE PROVISION OF SERVICES	100
	5.2 PRIVACY, DATA SECURITY AND DIGITAL INNOVATION
T	5.3 MONITORING THE LEVEL OF CUSTOMER SATISFACTION
	5.4 SUSTAINABLE MANAGEMENT OF THE SUPPLY CHAIN 5.5 GENERATED, DISTRIBUTED AND RETAINED ECONOMIC VALUE
	5.6 DOVALUE AND THE TERRITORY: THE GROUP STRATEGY AND LOCAL INITIATIVES
N	6 ENVIRONMENTAL VALUE	122
	6.1 CONSUMPTION OF MATERIALS
	6.2 ENERGY CONSUMPTION AND GREENHOUSE GAS EMISSIONS 6.3 WASTE PRODUCTION AND DISPOSAL
	6.4 ENVIRONMENTAL PROJECTS AND INITIATIVES
E
T	METHODOLOGICAL NOTE GRI	134
	GRI CONTENT INDEX	138
	7 APPENDIX - ADDITIONAL REQUIREMENTS ESTABLISHED IN	148
N	SPANISH LAW 11/2018 OF 28 DECEMBER, AMENDING THE SPANISH CÓDIGO DE COMERCIO (COMMERCIAL CODE)
	1 DOVALUE SPAIN AND SUBSIDIARIES
	2 STAFF
	3 SOCIAL ISSUES AND SUSTAINABLE DEVELOPMENT
	4 ENVIRONMENT
O	8 INDEX OF ADDITIONAL CONTENTS PROVIDED FOR BY LEY 11/2018	164
	9 APPENDIX – DISCLOSURE IN ACCORDANCE WITH THE	172
	EU TAXONOMY
C	REPORT OF THE INDEPENDENT AUDITORS	184

The Group continues to integrate ESG issues into its business strategy and act responsibly to promote sustainable value creation over the medium/long term in the interest of all Stakeholders.

Messagge to Stakeholder from the CEO

Dear Stakeholders,

We present to you the seventh Consolidated Non-Financial Statement that shows how the Group, in a challenging year for the non-performing loan management industry, characterised by a market environment with low new business volumes and collection pressures, has proven its resilience by achieving EUR 11 billion of new GBV in 2023, continuing the path of integrating ESG principles into corporate and business processes.

The leading ESG rating agencies have recognised doValue's best practices: MSCI, Sustainalytics and Moody's have raised their ratings for the Group, which again this year ranks among the leading companies in sustainability. The stars of this success story are the people's commitment and the trust of the stakeholders, with whom the Group continues to develop a relationship based on constant and proactive dialogue.

The achievement of the goals of the 2021-2023 Sustainability Plan confirms the concrete commitment to actively contribute to a more inclusive and sustainable future, in line with the SDGs - Sustainable Development Goals - of the United Nations 2030 Agenda.

In 2023, doValue joined the UN Global Compact to support the promotion of the UN's ten principles in daily actions, in line with the SDGs - Sustainable Development Goals - and the guidelines expressed in the Group's Code of Ethics and Charter of Values, and the D&I Policy issued during the year.

Aware of the social responsibility of our activity, in the interest of the community and in alignment with our Purpose, we are dedicated to fostering financial inclusion. We achieve this by developing new services like "Re-performing," which enables debtors to regain performing status by creating flexible repayment plans tailored to their financial circumstances.

In continuity with the projects launched in previous years, during 2023 we continued the efforts to strengthen the Internal Control and Regulatory System, concluding the updating of the Organisation, Management and Control Models pursuant to Italian Legislative Decree 231/2001 and the Group's Code of Ethics.

In the area of Anti-Corruption, the process launched in 2020 to implement a Group anti-corruption management system has been formalised through the update of the Anti-Corruption Policy. This policy aligns with the ISO 37001 standard and incorporates the latest advancements in the system.

Also, in the environmental field, the Group continues to strive to reduce the impact generated by its business activities by adopting policies aimed at improving material consumption and the management of natural resources and waste. The results were confirmed by doValue's recognition as one of Corriere Della Sera's top 50 'Most Climate-Conscious Companies' for the ratio of CO2 emissions to turnover.

doValue will continue its sustainability journey with commitment and responsibility along the strategic lines of the 2024-26 Business Plan, which will be presented on 21 March 2024 at the Capital Markets Day, to meet the expectations of stakeholders and to contribute to the development of a more sustainable economy.

Manuela Franchi CEO doValue S.p.A.

€116 billion

99%

60,500

Permanent contracts

Luiss Business School Università Bocconi

4,825 mq Forests protected in Madagascar thanks

of materials used comes from renewable processes or sources

93%

@xia Financial Literacy Program

to the Zero Impact® Web Project

Number of training hours provided

● AISM

Gross Book Value - Portfolio managed

Highlights 2023

of materials used comes from renewable processes or sources

7

Renewable energy of the total

energy consumed

THE DOVALUE GROUP

doValue: a story of growth diversification 1.1

COMPOSITION OF THE GROUP

doValue: a story of growth

diversification

With over 20 years of experience and roughly €116 billion in assets under management, the doValue Group is the leading operator in Southern Europe in managing credit and real estate portfolios emerging from nonperforming loans.

The doValue Group offers its customers, whether they are banks or investors, management services for portfolios of non-performing loans (NPLs), unlikely-topay (UTP) loans, overdue loans (early arrears) and inbonis (performing) loans. The doValue Group is also active in managing and developing real estate assets arising from the non-performing (Real Estate Owned - REO) loan management activity. In addition, the doValue Group offers a wide range of ancillary services (master legal services, due diligence services, data management services and master servicing activities).

The doValue Group's shares have been listed on Euronext Milan since 2017. In 2022, it was also admitted to Euronext Milan's STAR segment.

The following chart shows the structure of the Group as of 31 December 2023 and reflects doValue's organic and external growth and diversification over its 20 years of operations. The chart also reflects the rebranding by Altamira Asset Management, which was completed in February 2023, changing its name from Altamira Asset Management S.A. to doValue Spain Servicing S.A. (hereinafter also "doValue Spain").

Further information regarding the composition of the Group can be found in the 2023 Consolidated Annual Financial Report.

— The development of a sustainable financial system: Group Purpose, Vision, Mission and Strategy 1.2

The doValue Group plays a crucial role in the sustainable development of the financial system, contributing to the stability of the economic system by promoting financial inclusion.

Managing non-performing loans is crucial for stimulating economic growth, ensuring a more efficient and fair distribution of resources within the company, and facilitating the reintegration of debtor customers into the economic and financial system. The Group is dedicated to supporting the growth of the economic systems of the countries it operates in by promoting the sustainable development of the financial system. It commits to principles of transparency, independence, and integrity towards all stakeholders, while embodying professional and ethical conduct to support this growth In serving community interests, doValue focuses on finding solutions that favour out-of-court agreements with debtor customers, steering clear of lengthy and costly judicial processes. This approach facilitates the reintegration of these customers into the economy as active participants.

doValue provides best-in-class services in managing credit portfolios and real estate assets, aiding its customers in achieving their objectives of reclaiming value. Meanwhile, customers maintain their relationships with debtors and address their needs through the optimal recovery strategy identified by doValue. This approach ensures high satisfaction levels by regularly monitoring the quality service standards agreed upon in contracts.

Sustainability plays a key role in the real estate sector and in mortgage lending in particular. doValue has developed a new service: Re-performing Loans to bring debtor customers back to creditworthiness. A Re-Performing Loan is a loan that, previously classified as Non-Performing, returns to performing status because the debtor customer has resumed compliance with a new payment plan

agreed upon. This credit management strategy entails modifying the loan terms in agreement with the creditor to make them more sustainable for the debtor customer, considering their current and actual ability to pay. Through careful analysis and after discussing the debtor customer's financial situation, we can create flexible repayment plans, adjust interest rates, recalculate instalments, and extend the loan duration (up to 40 years) to facilitate the debt payment without compromising the customer's financial sustainability. These solutions not only provide greater opportunity to understand and address the needs of the debtor customer but also facilitate their quicker reintegration into the financial system, ensuring an inclusive and sustainable approach. Furthermore, this strategy safeguards the value of debtors' real estate assets, enabling them to keep their properties and mitigate the risk of substantial losses. It also serves creditors' interests by allowing them to classify the claim as 'reperformed', which leads to lower capital absorption. In this context, however, it is essential to prevent moral hazard for debtors: to this end, doValue encourages

responsible behaviour by debtors. This strategy emphasises the importance of balancing responsibility and sustainability, catalysing sustainable and lasting economic recovery for all actors.

In carrying out its activities, doValue uses a selected and qualified external network comprising external professionals and credit recovery companies. These companies constantly dialogue with the debtor customer to identify the most appropriate and sustainable solution and evaluate their financial situation.

Thus the External Network is crucial not only in recovery activities but primarily in establishing a trust-based relationship with debtors, underpinned by transparency, reliability, and fairness. Their professionalism adds significant value to the Group's services' quality and helps build a sustainable credit market.

As evidence of the importance of their activities and the attention that doValue has reserved for the External Network since 2020, the Group constantly monitors the work of External Professionals or Debt Collection Companies. This activity includes distributing a questionnaire to debtors who have interacted with the External Network, aiming to assess the quality of assignment management and the behavioural reliability and consistency of the External Networks (refer to the following section and section 5.4, Sustainable management of the supply chain).

The doValue Group Charter of Values

The doValue Group considers it vital to cultivate a trust-based relationship with its stakeholders through continuous and proactive dialogue, which is a cornerstone in fostering the development of a sustainable credit market.

In 2022, doValue outlined the principles of its Charter of Values and revised its Code of Conduct for the External Network to align with the high-quality standards set in the Group's Code of Ethics.

The Charter of Values, alongside the Group's Code of Ethics, embodies the company's value heritage, striving to foster a business management model that emphasizes sustainability. Through this approach, doValue plays a pivotal role in preserving the equilibrium of the economic system and promoting financial inclusion.

Managing non-performing loans is crucial for stimulating economic growth, ensuring a more efficient and fair distribution of resources within the company, and facilitating the reintegration of debtor customers into the economic and financial system. The Group is dedicated to supporting the growth of the economic systems of the countries in which it operates by promoting the sustainable development of the financial system. It commits to principles of transparency, independence, and integrity towards all stakeholders while embodying professional and ethical conduct to support this growth.

• Dialogue: essential for building a constructive relationship, doValue constantly engages in continuous dialogue with its Stakeholders to understand their needs and implement targeted initiatives;

• • Transparency: the principal value underpinning the trust-based relationship with all stakeholders, guiding both behaviours and communication.
• • Fairness: guides doValue's activities and professional relationships to protect the Group's Stakeholders based on the principles of honesty and integrity;
• • Respect: doValue recognises the value of its interlocutors and, for this reason, adopts constructive practices and actions to achieve a sustainable solution for its Stakeholders;
• • Involvement: constant dialogue strengthens the chain of value and trust and is essential for meeting the needs of stakeholders and enhancing relationship quality.

Aligned with its Sustainability Plan, the Charter of Values marks a further step in doValue's journey since 2016 towards contributing actively to a more inclusive and sustainable future, in line with the United Nations Agenda 2030 Sustainable Development Goals (SDGs).

doValue's vision is to lead the evolution of the servicing sector, investing in technology while strengthening strategic relationships with customers and expanding its target market.

The Group's Mission is to provide best-in-class services in managing credit portfolios and real estate assets by adopting a sustainable, distinctive, professional, conciliating and ethical approach to debtor customers. In recent years, DoValue has further solidified its trust-based relationship with stakeholders through an innovative and sustainable management model. This is achieved through continuous and proactive dialogue to pinpoint the environmental, social, and governance (ESG) priorities most relevant to the Group.

With over 20 years of experience and roughly €116 billion in assets under management, the doValue Group is the leading operator in Southern Europe in managing credit and real estate portfolios emerging from nonperforming loans.

doValue operates in five countries—Italy, Greece, Spain, Portugal, and Cyprus—with a workforce of 2,862 employees.

In May 2022, doValue was officially approved to trade its ordinary shares on the Euronext STAR Milan segment of the Euronext Milan market. This segment is reserved for companies that demonstrate outstanding transparency, communication, liquidity, and corporate governance standards—criteria fully satisfied by doValue.

The Group boasts the highest Servicer Ratings in the Italian market, as assigned by the international agencies S&P and Fitch Ratings: as Special Servicer, in January 2024, Fitch Ratings confirmed the rating "RSS1-/CSS1" and Standard & Poor's assigned the rating "Strong" in February 2022.

The doValue ESG framework is currently rated by: MSCI ESG Ratings (rated "AAA") and Sustainalytics (rated "low risk") and Moody's (with a rated 'Robust').. For more information, please refer to the next paragraph.

The Group's current structure mirrors each company's focus on specific business areas or geographic markets, reflecting the growth and internationalisation strategy pursued in recent years through organic development and M&A opportunities.

The 2022-2024 Business Plan confirms doValue as a pivotal player in the credit servicing sector in Southern Europe, boasting an efficient, independent, and capitallight business model.

The Group boasts the highest Servicer Ratings on the Italian market, as assigned by the international agencies S&P and Fitch Ratings.

This business model is distinguished by several key strengths, including its simplicity, the long-term predictability of revenues and EBITDA, and the ability to offer substantial diversification to banks and investors in the non-performing loan sector terms of products and geographical areas.

The 2022-2024 doValue Business Plan is based on five strategic pillars: Grow, Enhance, Transform, Innovate, and Care.

The strategic evolution of doValue will drive the credit servicing industry in the coming years through investments in technology and the strengthening of strategic and long-term partnerships with banks and investors in the broader market.

The level of diversification achieved by doValue over the years allows the Group to operate across the entire credit value chain. 13 doValue's long experience, both nationally and internationally, has allowed it to build a vast and widespread information asset which leads to a solid and sustainable competitive advantage. This information is collected through credit management activities both directly and through the asset managers, the companies and divisions dealing with ancillary products, both indirectly through the external network of 515 lawyers and 145 professionals established as of 31 December 2023,with proven experience in their respective sectors of operation, and around 30 debt collection companies.

The network offers comprehensive coverage throughout Italy, with the doValue Group operating in all 140 Italian courts. This extensive presence enables the Group to gain a deep understanding of judicial process timelines, local real estate market dynamics, and other critical market factors essential for an effective loan collection process.

— Operating model and value creation 1.3

Diversification by asset class, geographical area and contract type, as well as forward flow arrangements and the long-term nature of contracts, help protect the Group from any downturns that could affect one of its main markets.

Presence in Europe: assets under management (Gross Book Value) by Country

The doValue Group offers management services for portfolios of non-performing loans (NPLs), unlikelyto-pay (UTP) loans, overdue loans (early arrears), and performing (in-bonis) loans to its customers, including banks and investors. The doValue Group also manages and develops real estate resulting from non-performing loan (real estate owned - REO) management activities. The activities of doValue are remunerated through long-term contracts based on a commission structure. This includes a fixed commission tied to the assets under management and on the other hand, a variable commission linked to the result of servicing activities, such as collections from NPL credits or from the sale of real estate owned by customers or from the number of real estate and business information services provided.

The Group provides services in the following categories:

• NPL Servicing: the administration, management and recovery of loans utilising in court and outof-court recovery processes for and on behalf of

third parties for portfolios mainly consisting in non-performing loans. In the area of NPL Servicing, doValue is focused on corporate bank loans that are of medium-large size and have a high proportion of collateral guarantees;

Operating model

and value creation

• • Real Estate Servicing Real estate asset management activities on behalf of and under mandate from third parties, including: (1) collateral guarantee management, i.e., the development and sale, directly or through intermediaries, of real estate assets owned by customers, initially pledged as collateral for bank loans, (2) Real estate development, i.e., the analysis, implementation and marketing of real estate development projects involving assets owned by clients, and (3) Property management, i.e., the oversight, management and maintenance of customers' real estate assets to maximise profitability through sale or lease;
• • UTP Servicing Administration, management and restructuring activities of loans classified as "unlikely to pay", on behalf and by mandate of third parties to encourage their transition to "performing" status; this activity is carried out primarily by the doNext subsidiaries regulated pursuant to art. 106 TUB (financial intermediary) and doValue Greece, pursuant to the Greek law 4354/2015 (NPL Servicer under the license and supervision of the Bank of Greece);
• • Early Arrears and performing loan servicing Management activity of performing loans or loans less than 90 days overdue, not yet classified as nonperforming, on behalf and by mandate of third party Ancillary services;
• • Ancillary services of various kinds, including: (1) Due Diligence, i.e., data collection and organisation services within data room environments, advisory services for analysing and evaluating receivables, and the preparation of business plans for Collection and Recovery activities, (2) Master Servicing and Structuring, i.e., administrative, accounting, cash management and reporting services in support of receivables securitisation vehicles (2) Master Servicing and Structuring, i.e., administrative, accounting, cash management and reporting services in support of receivables securitisation vehicles, structuring services for securitisation transactions, in addition to acting as "mandated party" in securitisation transactions, and (3) Master Legal, i.e., activities relating to the management of legal proceedings at all levels concerning

receivables, mainly non-performing receivables, managed by doValue on behalf of third parties.

The Group will continue to lead the evolution of the credit servicing industry with investments in technology and rationalisation, forging long-term strategic partnerships with banks and investors on a broader target market to create value for all stakeholders. Servicer and ESG ratings from leading international agencies confirm the group's commitment to the financial system's stability and sustainability.

doValue and Italfondiario, in their capacity as Special Servicers, have received the following ratings, confirmed in January 2024: "RSS1-/CSS1-" by Fitch Ratings and "Strong" by Standard & Poor's, which are the highest ratings assigned to Italian operators in the sector. They have been assigned to doValue and Italfondiario since 2008, before any other operator in this sector in Italy.

In February 2022, doNext, in its role as Master Servicer, was awarded an MS2+ rating by Fitch Ratings. This rating signifies a high level of performance in overall servicing capability.

In July 2020, doValue received the Corporate credit rating BB with Stable outlook from Standard & Poor's and Fitch. Both agencies have since confirmed this rating for doValue's senior bonds of €265.0 million and €300.0 million, maturing in 2025 and 2026, respectively. The rating was confirmed in June 2023 by both Fitch and Standard & Poor's, each maintaining a 'Stable' outlook.

In the ESG domain, Sustainalytics upgraded the Group's score in the ESG Risk Rating from "Medium Risk" to "Low Risk" in October 2023, reflecting the consistent improvement trajectory the Company has followed since receiving its initial rating in October 2020. In February 2023, MSCI ESG Rating increased the rating from 'AA' to 'AAA', confirming doValue's dedicated and consistent effort to uphold high quality standards and act responsibly to promote the creation of sustainable value over the medium/long term in the interest of all Stakeholders.

doValue is also currently rated by Moody's, which in July 2023 upgraded the Group's ESG rating from 'Limited' to 'Robust'.

At 31 December 2023, the capital amounts to €41,280,000.00, divided into 80,000,000 shares indivisible and nominal - with no indication of nominal value Composition of doValue's share capital as at 31 December 2023.

— 1.4 Legal status and shareholders

The share capital of doValue consists entirely of ordinary shares traded on the MTA, now Euronext Milan, on the Euronext STAR Milan segment.

At 31 December 2023, the capital amounts to €41,280,000.00, divided into 80,000,000 shares indivisible and nominal - with no indication of nominal value.

Composition of doValue's share capital at 31 December 2023:

Indirect shareholder	Shareholders	Number of shares	Share Held	Total number of shares	Total share held
	AVIO S.a.r.l. (*)	20,040,000	25.05%
Softbank Group Corp.	22,614,211 Altri investitori riconducibili 2,574,211 3.22% a Softbank Group Corp. (*)		28.27%
Bain Capital Credit Member, LLC	Sankaty European Investments S.a.r.l. (**)	10,863,638	13.58%	10,863,638	13.58%
	Jupiter Asset Management Ltd (***)	5,237,481	6.55%	5,237,481	6.55%
Schroders Plc	Schroder Investment Management Limited (****)	3,923,651	4.90%	3,923,651	4.90%
	Global Alpha Capital Management Ltd (*)	3,861,053	4.83%	3,861,053	4.83%
	doValue (Treasury shares)	1,494,630	1.87%	1,494,630	1.87
	Other Shareholders	32,024,948	40.0%	32,024,948	40.0%
	TOTAL	80,000,000	100.00%	80,000,000	100.00%

(*) Shareholders attributable to Softbank Group Corp., as resulting from the communication dated 15 December 2021

(**) Shareholders attributable to Bain Capital Credit Member LLC, as resulting from the communication dated 13 July 2021

(***) Owner shareholder, as resulting from the communication Form 120A dated 16 June 2021

(****) Shareholders attributable to Schroders PLC, as resulting from the Form 120A communication of 7 November 2023

(*****) Owner shareholder, as resulting from the Form 120A communication of 9 June 2023

doValue is not subject to management and coordination activities pursuant to Article 2497 et seq. of the Italian Civil Code.

Accordingly, the strategic and management policies of doValue and all of its activities, stem from the independent decision-making of its corporate bodies.

Legal status and shareholders

SUSTAINABLE VALUE

— 2.1 The sustainability strategy

Economic, social and governance sustainability characterises the doValue Group's international growth, actively committed to developing a culture shared with all stakeholders.

The 2021-2023 Sustainability Plan is a fundamental stage of a path started in 2016 to integrate the ESG issues in doValue's business strategy and generate long-term sustainable value for all its Stakeholders: shareholders, investors, employees, customers, suppliers, the External Network and local communities.

THE PATH TO SUSTAINABLE GROWTH

The publication of the First Consolidated Non-Financial Statement (NFS) marks the start of the process of sustainability and disclosure of nonfinancial information.

Implemented the operational guidelines for the preparation of the Consolidated Non-Financial Statement in a dedicated Policy that sets out the governance of the document preparation process.

The third NFS from regulatory compliance reporting takes on a strategic nature in monitoring non-financial risks and opportunities and integrates Altamira Asset Management S.A. with its subsidiaries in Portugal, Cyprus and Greece. Communication & Sustainability takes over the drafting of the document.

In the fourth NFS the reporting framework is extended to include doValue Greece. An ongoing dialogue with the main ESG rating agencies - MSCI, Sustainalytics and Vigeo Eiris - has been launched, which has led to an improvement in the Sustainable positioning.

The Group encourages active dialogue and listening with its stakeholders through a variety of channels - necessary elements for defining its business strategies and creating shared long-term value. Defined the Sustainability Plan and Policy.

Defined the Purpose of the Group. Obtained the UNI ISO 37001:16 certification, the first international standard related to anti-corruption management systems. Defined the principles of the Charter of Values and updated the Code of Ethics of the External Network. Reached all the 2022 targets defined in the Sustainability Plan. Upgrade by Sustainalytics from "Medium Risk" to "Low Risk".

MSCI ESG Ratings has increased the ESG rating of doValue from the "AA" level to the "AAA" level. Improved Moody's Analytics rating from Limited to Robust. doValue was assessed by Sustainalytics to be at "Low risk" of experiencing material financial impacts from ESG factors. Defined a Group Diversity & Inclusion Policy.

You can find the full version of the Sustainability Plan and the targets achieved on the doValue Group website in the ESG Section.

The new Sustainability targets will be included in the next 2024-26 Business Plan which will be presented on 21 March 2024, on Capital Markets Day.

The Group's Sustainability Policy

The integration of sustainability into the corporate regulatory system has led to the definition of the doValue Group Sustainability Policy, which provides the Guiding Principles for the social and environmental areas identified as priorities to promote a corporate culture oriented towards sustainable development.

A shared, concrete commitment among all companies to enhance the integration of environmental, social, and governance factors into the Group's core activities.

The Sustainability Policy, applicable across all Group companies, aligns with the Code of Ethics, Organisational, Management, and Control Models in compliance with Italian Legislative Decree 231/2001 and other Board-approved policies and procedures. Targeted at corporate bodies, employees, collaborators, and all associated with the Group's daily operations, the Policy mandates adherence to its Guiding Principles, rooted in the Sustainability Plan's three core pillars.

Sustainable Governance

doValue has developed a governance structure to embed sustainability deeper into its business framework, facilitating coordination among entities overseeing and managing sustainability concerns.

The Communication & Sustainability department plays a crucial role in identifying sustainability-related risks and areas for improvement in collaboration with relevant departments, thereby fostering long-term value creation. It proposes the sustainability strategy and Plan and prepares the Consolidated Non-Financial Statement, disseminating the company's culture of sustainability. Lastly, it promotes dialogue with stakeholders and works alongside the Investor Relations department to satisfy ESG rating agencies' criteria and cater to the needs of Socially Responsible Investors (SRI).

Il ConsThe Board of Directors examines and approves:

• the content of the Group's Consolidated Non-Financial Statement pursuant to Italian Legislative Decree 254/2016, including the materiality analysis and related stakeholder engagement activities;
• the guidelines of the Sustainability Plan and the Company's policies regarding human rights and business
• ethics and integrity, diversity and inclusion, as well as the policies for incorporating environmental, social, and governance (ESG) considerations into the business model, along with the initiatives pursued by the Company to tackle climate change issues and the associated reporting;
• in the area of risk governance and the system of internal controls of the company and its subsidiaries, as well as sustainability initiatives and activities aimed at generating shared value for all stakeholders and promoting a sustainability culture in all countries where the Group operates.
• the profit and non-profit strategy, as well as the company's sustainable finance initiatives

Risks, Related Party Transactions and Sustainability Committee

In late 2021, the Board approved the Regulations of the Risk, Related Party Transactions, and Sustainability Committee. This Committee supports the Board by offering proactive and advisory insights on processes and activities that bolster doValue's sustainable development across its value chain, targeting long-term success.

The Identity & Communication Committee aims to develop the Group's Brand Identity, Communication and Sustainability strategies.

ESG Rating

Reaffirming the Group's dedication to adopting best practices for its Stakeholders, doValue achieved an ESG Rating of 18.8 in October 2023, categorised as "Low Risk" according to the Sustainalytics scale. Consequently, it was evaluated as a "Low risk" company regarding its exposure to substantial financial impacts driven by ESG factors. This achievement aligns with the consistent path of improvement doValue has pursued since receiving its initial rating from Sustainalytics in October 2020.

The recognition received from Sustainalytics confirms doValue's strong and constant commitment to adopting high quality standards and acting responsibly, aiming to foster sustainable medium to long-term value for the benefit of all Stakeholders.

The doValue ESG Framework is also rated by MSCI ESG Ratings, which assigned a 'AAA' rating in February 2023, up from 'AA' in 2022, reflecting the performance and growth level of the doValue Group.

doValue is also currently rated by Moody's, which in July 2023 upgraded the Group's ESG rating from 'Limited' to 'Robust'.

— 2.2 The Materiality Analysis

The concept of material topics according to the 2021 GRI Standards

"[…] The process of determining material topics is based on constant identification and assessment of the impacts that the company produces. The identification and constant assessment of impacts entail the involvement of the main stakeholders and experts. They are carried out independently from the sustainability reporting procedure. [...]"

Materiality analysis is a process designed to assess a company or organisation's economic, social, and environmental impacts. It aids in identifying priority issues for stakeholders and shaping sustainable development strategies.

The materiality analysis underpins the formulation of the Consolidated Non-Financial Statement's contents, emphasising the most interesting aspects.

The Group's Materiality Analysis

In light of the current context and the numerous regulatory changes regarding sustainability¹ , the doValue Group has deemed updating the materiality analysis not a priority for this year, considering that the Group's business activities and value chain have not undergone significant changes that would make it necessary to update the material topics. This decision, endorsed by the Risk, Related Party Transactions and Sustainability Committee, underscores the organisation's readiness to address and manage changes, including imminent regulatory and methodological shifts (CSRD, ESRS, dual materiality), in a timely, clear and structured way, adopting a forward-looking and strategic perspective that aligns with stakeholder expectations.

The table below displays a list of material issues and their associated impacts, in order of significance, divided into the areas referred to in Italian Legislative Decree 254/2016. The interconnections with the 17 Sustainable Development Goals of the 2030 Agenda are also highlighted.

Material topics	Topic description	Impacts description	Impacts SDGs	Reference spheres pursuant to Italian Legislative Decree 254/2016	2023 NFS Chapter
Cybersecurity and protection of privacy	Ensure professional management of sensitive and personal data by using advanced procedures, tools and technologies.	Vulnerable digital infrastructure, ineffective protection of sensitive customer data and increased exposure to data breaches. Allocation of resources for the adoption or updating of structured data loss prevention systems and for employee training on cybersecurity to reduce exposure to the risk of loss of sensitive data.	SDG 9	- Social - Staff	Privacy, data security and digital innovation
Innovation and digital strategy	Guarantee customer privacy and develop innovative processes in the provision of services, to ensure an effective IT security management system, efficient use of information assets and the protection of transaction security and business continuity.	Increase in investments in technological innovation and development of employees' digital skills with tangible benefits in terms of organisational efficiency and customer satisfaction. Failure to develop employee skills relating to new digital tools and the consequent impoverishment of the Group'sproductivity and competitive positioning.	SDG 9	- Social - Staff - Environment	Privacy, data security and digital innovation Transparency, fairness and responsibility in the provision of services
Responsibility in the provision of services	Deliver services based on principles of honesty, fairness, transparency, and collaboration to maintain a robust relationship with customers and partners, thereby contributing to the stability of the credit system.	Inadequate levels of security and ineffective supervision of external outsourcers, with consequent compromise of the solidity of the Group's information assets and exposure to risks deriving from the improper use of privileged information or the disclosure of false and misleading data. Adoption of an internal regulatory framework to protect the privacy and confidentiality of information and safeguard corporate reputation, and address information asymmetries in the market.t.	SDGs 8 - 9	- Social - Fight against bribery and corruption	Vision, mission, purpose and strategy Transparency, fairness and responsibility in the provision of services
Training and development of skills and upgrading of talents	Training, enhancement and development of talents through the carrying out of activities and programmes dedicated to growing professional skills and encouraging paths of development.	Adoption of a structured system of performance evaluations and personalised training programs aimed at enhancing and developing employees' skills. Inadequate and careless management of human capital, loss of talent and increase in exit turnover with negative effects also on the reputation of the company.	SDGs 4-8-10	- Staff	Training and development of skills Enhancement of talents Remuneration policies

Material topics	Topic description	Impacts description	Impacts SDGs	Reference spheres pursuant to Italian Legislative Decree 254/2016	2023 NFS Chapter
Anti-corruption policies and procedures	Implement activities aimed at preventing and monitoring corruption in all its forms, by promoting continuous internal training and awareness activities.	The failure or absence of adopting and implementing anti-corruption policies and/or procedures could re-sult in reputational damage to the company, with lasting and negative impacts on all parties involved. Dissemination of a solid corporate culture regarding anti-corruption through adequate communication and training activities and the con-sequent increase in stakeholder awareness of the topic.	SDG 16	- Fight against bribery and corruption	Model 231 and whistleblowing Anti- corruption and Anti-money laundering policies and procedures
Economic balance and financial inclusion	Contribute to safeguarding the economic equilibrium in the operational context by ensuring the efficient management of credit recovery, listening to debtor customers and collaboration with its Partners.	Failure to adopt conciliatory approaches and resolution strategies aimed at customer satisfaction. This hinders debt collection actions, negatively affecting the banking credit system and investor relations. Adoption of policies and strategies based on the principles of ethics, dialogue and transparency, and the development of financial education activities to protect financial inclusion and the stability of the financial system.	SDG 8	- Social	The development of a sustainable financial system: Group Purpose, Vision, Mission and Strategy Dialogue with stakeholders Monitoring the level of customer satisfaction
Diversity, inclusion and equal opportunities	Encourage inclusion and promote diversities (gender, generation and different cultures) as growth and innovation factors.	Integration of the principles of diversity, equity and inclusion into the corporate culture and implementation of systems aimed at verifying compliance with non-discriminatory practices with reference to the determination of wages, also including benefits, bonuses and welfare programs. Adoption of structured measures for the prevention and management of episodes of discrimination within the organisation and the diffusion of an inclusive culture. Negligence of the Organisation in activities to promote respect for the values of equality, diversity and inclusion in all geographical areas where the Group operates.	SDGs 5-10	- Staff	doValue and its People Protecting diversity and respect for human rights

Material topics	Topic description	Impacts description	Impacts SDGs	Reference spheres pursuant to Italian Legislative Decree 254/2016	2023 NFS Chapter
Ethics, business integrity	Act in compliance with the regulations in force in the individual countries where the Group provides its services.	Insufficient monitoring of regulatory compliance and deterioration of corporate reputation and integrity with lasting and negative effects on all parties involved. Transparent and ethical business conduct, lower exposure to the risk of judicial or administrative sanctions and protection of the financial opera tors with whom the Group operates.	SDG 16	- Social	Corporate ethics and integrity Code of ethics and corporate standards
Employees' well-being	Offer employees modern tools and working models that are adaptable to meet individual personal needs and ensure a balance between private life and work life.	Provision of welfare plans and management systems aimed at the professional growth of employees and the protection of people's well-being and work-life balance. Inadequate management of human capital and widespread employee dissatisfaction, with significant negative effects on the organisation's productivity.	SDG 8-10	- Staff - Respect for human rights	doValue and its People Industrial relations and trade union relations Employee well being
Workplace health, well being and safety	Guarantee, through the creation of safe and healthy working environments the psychophysical health of all staff of the Group and of everyone who access the company facilities.	Promotion of health and safety in the workplace through control, prevention and reduction of the risk of accidents and occupational diseases. Inadequate safeguards regarding health and safety at work and greater exposure to the risk of accidents and occupational diseases with significant negative effects also on the company's reputation.	SDG 3-10	- Staff - Respect for human rights	Workplace health and safety
Economic performance, risk management and financial solidity	Foster the generation of value over the medium to long term for all stakeholders, driving innovation in the credit servicing sector through a solid system of identification, evaluation and management of risks.	Adoption of policies and procedures and adequate organisational safeguards to protect the Group's business continuity and economic performance. Missing or poor operational risk management systems with negative repercussions on the Group's performance.	SDGs 8-10	- Social	Economic value generated, retained and distributed Operating model and value creation

Material topics	Topic description	Impacts description	Impacts SDGs	Reference spheres pursuant to Italian Legislative Decree 254/2016	2023 NFS Chapter
Direct environmental impacts	Effectively manage potential environmental impacts directly deriving from the Group's activities by reducing consumption of energy and the rational use of resources.	Energy efficiency through the purchase of certified renewable energy and adopting appropriate strategies to reduce energy consumption and related costs. Procurement of renewable, recycled and certified materials with reduced environmental impact. Inadequate monitoring of environmental aspects and exposure to the risk of violation of compliance with the environmental regulations in force and emerging in the countries in which the Group operates.	SDGs 7-12	- Environment	Energy consumption and greenhouse gas emissions Consumption of materials Production and disposal of waste
Climate and environmental risk mitigation	In line with the provisions of the Paris Agreements, with emerging legislation and with renewed global sensitivity, foresee operational risks in order to mitigate climate/ environmental impacts.	Development of decarbonisation strategies along the entire value chain and reduction of Climate-changing emissions. Failure to integrate sustainability into business practices and depletion of natural resources.	SDG 13	- Environment	Environmental projects and initiatives
Sustainable supply chain management	Ensure the sharing of the company values throughout the supply chain, including the external network, by setting purchasing processes based on the evaluation and monitoring of third parties capable of measuring their social and environmental performance to ensure high levels of supply, in terms of quality and functionality.	Integration of sustainability into the processes of selecting and monitoring the performance of suppliers and the external network, and protection against disputes and sanctions. Unsustainable management of the supply chain and increase of exposure to the risk of breach of ethical and compliance requirements.	SDG 12	- Environment - Social	Sustainable management of the supply chain Transparency, fairness and responsibility in the provision of services
Commitment to local communities	Support the social develop ment of the local area and the communities where doValue operates through initiatives involving Stake-holders and that help generate long term sustainable value.	Development of initiatives to support the territories where the Group operates, aimed at fostering social, economic, and employment growth, and generating shared value. Insufficient focus on the communities where the Group operates, leading to a decrease in the value distributed, adversely affecting the social and economic development of the territory.	SDG 1-11	- Social	doValue and the territory: the Group strategy and local initiatives
Dialogue with our Stakeholders	Ensure continuous interaction and engagement with customers (the financial community, employees, communities, and debtors) to assess and monitor customer satisfaction levels regarding the products and services provided by the Group.	Adoption of transparent communication practices and promotion of activities of stakeholder involvement aimed at satisfying customer needs and expectations and improving the Group's competitiveness. Neglect of customer care with negative effects on the quality of services provided and customer satisfaction.	SDG 4-12	- Social - Staff	Dialogue with Stakeholders

The process for identifying and assessing material issues and their impacts involved high-level preliminary analyses, dedicated benchmark analysis, and referencing key non-financial reporting methodologies (e.g., GRI Standards, SASB Standards, position papers and WEF insights) and the Group's risk management assets. Specifically, the main risks associated with non-financial issues, previously identified in past reporting periods under Italian Legislative Decree 254/16, are discussed in section 3.2. Risk governance and management served as the primary input for the analysis process.

The matrix visually depicts the analysis's outcome, offering an instant, effective, and easily understandable representation of the Group's priorities. These were determined through stakeholder engagement activities in 2022 involving the Board of Directors, top management, customers, employees, key suppliers, the External Network, and a sample of key investors.

DOVALUE GROUP– MATERIALITY MATRIX 2023

The topics that emerged as highly relevant in the latest materiality analysis update, consistently aligning with the Group's current priorities, include: Business Ethics and Integrity; Diversity, Inclusion, and Equal Opportunity; Training, Skills Development, and Talent Development; Responsibility in Service Delivery; Anti-Corruption Policies and Procedures; and Economic Performance, Risk Management, and Financial Stability of the Group. While slightly less emphasised but still notably significant, topics within the economic and strategic domain, such as Innovation and Digital Strategy, and within the social realm, including Cybersecurity and Privacy Protection, Workplace Health and Safety, Stakeholder Engagement, and Employee Well-being, are also important.

In absolute terms, the Group places high importance on topics related to its People and those associated with transparency and anti-corruption. However, environmental issues also receive attention, albeit to a lesser extent due to their limited impacts, aligning with doValue's business priorities.

— 2.3 Dialogue with Stakeholders

Financial community - market

doValue recognises the essential role that dialogue with shareholders, institutional investors, and other key stakeholders plays in the Company's sustainable success. The development and retention of ongoing, constructive dialogue inspires the company's work and stakeholder engagement strategy and yields mutual benefits aimed at building solid, enduring relationships. Governed by rules and procedures for disclosing inside information, this engagement is dedicated to embracing the finest professional practices and is marked by the principles of transparency, promptness, and completeness of information.

Beyond posting key strategic and financial information on the company website, Investor Relations activities encompass continuous interactions with analysts and investors. In 2021, the Company formalised the Engagement Policy, detailing the roles, responsibilities, methods, and forms of dialogue with the Market. In 2023, in continuity with the previous year, doValue's Top Management conducted over 150 meetings with investors at the Italian offices in Rome and Milan and through more than 20 virtual and in-person roadshows and conferences. These events saw participation from investors across major global financial centres, reflecting the high international profile of doValue's shareholders.

Furthermore, as of 31 December 2023, doValue sustains continuous relationships with nine brokers who regularly publish research and analyses on the company Specifically, eight brokers monitor doValue from the perspective of equity investors, while the remaining one focuses on the company from the viewpoint of credit investors, offering a varied perspective on the Group's performance and developments.

In alignment with doValue's international expansion strategy, investors closely observe the medium-term growth prospects for the Servicing sector. This includes doValue's success in integrating acquisitions, its broader internationalisation efforts, the profitability and cash flow growth profile, and additional opportunities for consolidation and diversification.

As previously noted, concerning Stakeholder Engagement activities, a panel of eight investors evaluated the importance of material topics for the first time in 2022 using a dedicated survey.

The Group's investor Relator engaged the reference shareholders to collect their viewpoints, which contributed to prioritising the material topics and building the new matrix² .

Customers

The continuous monitoring of service standards involves constant and systematic interaction with customers (banks and investors). In this category, the doValue Group's main customers are UniCredit, Fortress, the Eurobank Group, the Santander Group, the Central Bank of Cyprus, and multiple securitisation vehicles.

The Group's main contracts provide for compliance with predefined quality standards and service levels.

Specifically, the securitisation transactions include strict clauses for performance monitoring and disclosure to investors, rating agencies, and Group customers.

Thus, quantitative key quality indicators (KQI) are regularly monitored to measure compliance with the stipulated service standards. These encompass performance indicators related to expected collection targets, movement of positions in terms of payment collection, and the timely transmission of data streams.

The Group considers monitoring customer satisfaction essential and, as such, shares the Customer Satisfaction Survey with them, typically on an annual basis.

The survey generally involves banks, investors, and Special Purpose Vehicles in evaluating customer satisfaction. It addresses customer needs and converts qualitative and quantitative feedback into ongoing actions to improve services and relationships.

The Survey results allow for continuous improvement and raise the quality level of the relationship, responding to customer needs and increasing satisfaction by carefully monitoring the services offered. These insights are particularly valuable given the diverse customer base across various entities. Hence, interaction monitoring occurs not solely at a centralised level but also through dedicated and continuous activities at the local level.

Please refer to section 5.3 for details of the findings. Monitoring the level of customer satisfaction.

² Please refer to section 2.2 The Materiality Analysis for more details.

Employees

The Group's constant commitment to dialogue and listening to People continues through communication tools and initiatives already launched, such as:

• Group Town Hall Meeting and local meetings: biannual meeting between CMI and company staff aimed at providing a timely update on the doValue Group's strategy, on the projects being implemented and on the priority activities and company vision;
• Quarterly People Meetings held by the HR function, encompassing the Corporate and Business perimeters. These meetings are tailored for department heads, communicating updates on People projects and activities and gathering specific needs and suggestions.
• Structured discussions integrated into the annual skills assessment process, facilitated by semiannual meetings between management and the personnel involved.
• Company newsletter, edited by the Communication & Sustainability department, to share company activities, initiatives, projects and events. It also features columns covering diverse topics such as sustainability, human resources, group-wide projects, and business updates.
• Regular meetings between the 4 People Partners and managers/resources are a constant and effective channel for listening and dialogue. They act as a corporate reference point, facilitating communication with the HR function and supporting staff in managing HR processes.
• HR communications by email via DEM (summary graphic communications) to ensure widespread dissemination of information and the sending of call-to-actions to corporate projects (surveys, performance appraisals, joining projects, etc.).

In addition to this, in 2023, new communication initiatives were introduced to facilitate direct contact with individuals and foster active listening:

• Breakfast with Managers: 1-hour face-to-face meetings at various company locations offering the opportunity to enjoy breakfast together and engage in direct interaction;
• In Your Shoes: colleagues from different teams participate in 1:1 coaching sessions, where they exchange expertise by taking on each other's roles within the company as Taker and Giver.
• Buddy Program: 1:1 coaching for new hires by colleagues who have applied to take on the role

of Buddy, an informal guide in the first months of joining the company to facilitate their integration;

• Kids in the Office: an initiative open to children of employees aged between 7 and 12, at doValue's main offices, with entertainment and a theatrical performance on doValue Values;
• Did You Know? The People team is conducting an email communication campaign to update all employees on events and news involving doValue People.

In addition, continuing from previous years, the People Engagement Survey project took place in 2023. Now in its third year, the project aims to gather and potentially implement employee suggestions on various company aspects, encompassing communication, management, branding, smart working, and more. During 2023, the six initiatives outlined in the 2023 Action Plan were executed via focus groups comprising colleagues from different company areas who participated voluntarily in the project. For the first time, several structured Action Plans were implemented, coordinated by sector managers with support from Managers to initiate specific initiatives tailored to address areas for improvement identified at the individual team level. These initiatives aim to enhance engagement within each perimeter. The Survey was launched with the support of the new provider, Great Place to Work, which offers access to solid international benchmarks and global indices and offers the opportunity to be certified as a Great Place to Work.

In addition, communication initiatives were implemented to update on business developments, especially regarding new contracts, and inform on the Group's mission, vision and values.

Collaboration with trade unions

doValue encourages employee interaction with trade unions, based on the principles of transparency, independence and integrity. Relations with trade unions are based on constructive dialogue, without any discrimination or difference in treatment, and aim to implement appropriate and, where possible, cooperative union relations. Special analysis committees are being established to strengthen relations between the company and employee representatives. These committees will aim to identify the best solutions for standardising the treatment of all employees in terms of professional development, health policies, and work-

life balance. Employee membership in political parties is unrelated to their company role.

Finally, the Training Committee, established through direct collaboration between People and the trade unions, continued its activities in 2023. It collaborates on the design and implementation of corporate training, agreeing on objectives and criteria for developing training sessions aimed at staff development and professional growth. For more detailed information on personnel management, please refer to Chapter 4, Value for Employees.

The community and debtors

Aware of the social responsibility of its activity, doValue supports the sustainable development of the financial system in the community's interest by seeking solutions to pursue the best management strategy. It promotes greater financial inclusion by enabling debtors to play an economically active role again.

For out-of-court proceedings, doValue uses the External Network, made up of external professionals and debt collection companies who are in constant dialogue with the debtor customer to identify the most appropriate and sustainable solution, evaluating the debtor's financial situation.

doValue further strengthened its role as an opinion leader during 2023, consolidating its presence at key public opportunities for discussion also to gain visibility on market sentiment and orientation concerning issues of interest to the company and/or specific potential transactions.

External Network

Dialogue with the External Network, External Consultant network and External Lawyers network is fundamental to the success of the activities outsourced by the Group.

The Group's External Networks Function is central to defining and implementing work practices that promote clear, everyday dialogue with these Stakeholders.

The doValue External Network has been carefully selected over the years and comprises professionals with many years of experience in their respective fields. All the professionals are registered in professional registers (Tulps agents, direct and indirect licence, Accountants, Lawyers and Debt Collection Companies).

Membership of professional associations requires professionals to undergo mandatory training to maintain continuous and up-to-date professional competence. This ensures the quality and efficiency of their services. External professionals seeking to collaborate with doValue must adhere to high-quality standards and comply with a checklist of security measures, including privacy and data protection protocols. This ensures an appropriate level of security to safeguard the Group's information assets.

In 2022, doValue established the principles of its Charter of Values and revised its Code of Conduct for the External Network to align with the high-quality standards outlined in the Group Code of Ethics. Through this, the External Network pledges to uphold the Group's behavioural and ethical guidelines.

The main communication channel is a Management System within which all actors, both internal and external, involved in the recovery process operate and interact. The other engagement methods include ordinary and electronic correspondence, conference calls, web meetings, and face-to-face meetings. Conversations with the External Network involve monitoring and assessing their performance and discussing the approach to handling debtor counterparties in specific situations, such as pandemics, areas affected by seismic events, or regulatory changes. These discussions are essential for addressing the social dimension of the impact of the Group's services.

In turn, the External Network constructively participates in the dialogue by sharing information regarding any system anomalies, new ordinary or transitional legal provisions and any other information that may be of mutual interest in the context of the service provided. The organisation evaluates requests and intervenes where deemed helpful or necessary.

For more detailed information on the Group's relationship with External Network professionals, see Section 5.1 Transparency, Fairness and Accountability in Service Delivery.

Suppliers

During negotiation activities, the Group Procurement function maintains an ongoing dialogue with key suppliers for technical-commercial evaluations related to each job order and required external supply activity. Based on mutual needs, this approach aims for a win-win outcome for both parties. Depending on the complexity of the engagement, focus groups and product demos may be organised with suppliers and the requesting department, particularly if the departmentneeds the supplier's support to define the subject of the engagement in detail. For the quantitative data that best help to understand the transversality of the engagement activities and the analysis of the Procurement function, please refer to par. 5.4. Sustainable management of the supply chain.

The procurement department always shares the sourcing strategy for each engagement by preparing a specific document. In the case of tenders, this document defines and details the time frame, award criteria, technical criteria to evaluate and related scores, and, more generally, any element that may be useful for understanding the Group's requirements.

In 2023, the campaign to evaluate the performance of suppliers on specific contracts continued both for the Italian sector and at the Group level. This request, filled in directly by the contract managers themselves, constituted a further engagement with Stakeholders. Please refer to section

5.4. Sustainable management of the supply chain for further details.

Dialogue with the External Network, External Consultant network and External Lawyers network is fundamental to the success of the activities outsourced by the Group.

— 2.4 Evolutionary trajectories and prospective vision

environment for sustainability reflects the EU regulator's desire to maintain a leading role in the global transition to a sustainable economy. Europe is actively developing a more sustainable economic and financial system to foster corporate awareness and responsibility for their environmental impact. The goal is to achieve climate neutrality by 2050, supported by structural measures linked to the Green Deal and presenting the Roadmap for Sustainable Finance by the European Banking Authority. The new European Directive

No. 2022/2464 regarding the Corporate Sustainability Reporting Directive (CSRD), published in the EU Official Journal on 16 December 2022 and entered into force in its final wording on 5 January 2023, is part of the broader European Green Deal.

The doValue Group, as an organisation already subject to the reporting obligation of non-financial disclosure under Italian Legislative Decree 254/2016, meets the obligations arising from the new Directive already from the fiscal year 2024 and will publish the new sustainability disclosure in early 2025.

The CSRD represents a challenge for the doValue Group but also an opportunity that will allow it to innovate ESG performance and strengthen the integrated process of the Sustainability strategy. In response, in this reporting year, the Group has initiated a phased approach towards compliance with the Directive's provisions, demonstrating its dedication to stakeholders by ensuring transparency and accountability in business management. This commitment aims to support the balance of the economic system and promote financial inclusion.

The CSRD represents a significant evolution in sustainability reporting, encompassing enhanced communication, detailed disclosure requirements, and increased relevance of non-financial information. Indeed, the Directive seeks to advance sustainability reporting by aligning the significance of ESG (Environmental, Social, Governance) outcomes with traditional

statutory financial statements and acknowledging their inherent connection. For this reason, starting from the next fiscal year, the doValue Group's sustainability statement under the CSRD will be incorporated into the Management Report, ensuring greater integration between financial and non-financial information.

The CSRD also introduces the concept of "double materiality" combining two dimensions of investigation of the issues to be reported in the disclosure: the relevance of the impact (impact materiality) and the (financial materiality). The impact materiality dimension, introduced by the GRI Standards in 2021, involves identifying and assessing the company's material impacts. These impacts, whether negative or positive, actual or potential, on people or the environment in the short, medium, or long term, led the doValue Group to identify material issues in the previous reporting year³ .

Regarding reporting and minimum disclosure requirements, the CSRD introduces the assessment of financial relevance. According to this, a sustainability issue will be considered financially relevant if it entails, or can reasonably be expected to entail, significant financial effects on the company. This occurs when a sustainability issue gives rise to risks or opportunities that have - or can reasonably be expected to have - a significant influence on the development of the company, on its financial situation, on the economic result, on financial flows, on access to financing or the

cost of capital in the short, medium- or long-term"⁴

.

Thus, the doValue Group will need to provide information on the impact of its activities on the environment and society, (impact materiality), and information on the influence of external factors on corporate development and performance, (financial materiality). To this end, doValue has already begun integrating ESG risks within Enterprise Risk Management to bolster existing management systems and align the organisation's practices with the evolving regulatory framework, seizing the challenges introduced by the Directive as an opportunity for improvement.

To date, the doValue Group has communicated its ESG performance using the GRI Standards, which serve as the primary methodological reference for

³ For more details, see Section 2.2 Materiality Analysis.

⁴ See European Sustainability Reporting Standards (ESRS), pp. 7-9.

sustainability reporting internationally. However, as mentioned earlier, the CSRD also advances reporting methods by introducing the European Sustainability Reporting Standards (ESRS). This single EU-wide reporting standard will ensure greater consistency and comparability of European sustainability disclosures.

A further significant step will be the inclusion of intangible assets in the disclosure. This expansion encompasses intellectual, human, social and relational capital, recognising the centrality of these elements in the overall assessment of corporate performance.

Furthermore, companies will be required to implement digital tagging of reported information, extending the use of the ESEF format to the ESG context and thus ensuring data accessibility and comparability.

The evolving trajectories described above underscore the imperative for accountability and transparency in corporate sustainable practices. In this context, the doValue Group, aware of its role in fostering a sustainable financial system, embraces these changes by pledging to promptly address the challenges and opportunities presented by the European Directive.

DOVALUE GROUP GOVERNANCE

— 3.1 Ethics and business integrity

3.1.1 Corporate Governance

doValue's corporate governance system5 which is aligned with the provisions of the Corporate Governance Code of the Italian Stock Exchange and recognised by the main ESG Rating Agencies as best practice in the sector, has the objective of contributing to the achievement of sustainable success, maximising value for Stakeholders, ensuring the highest levels of transparency and integrity in the conduct of business activities and monitoring the company risk control system.

doValue employs a traditional administration and control model centred on the Board of Directors, which consists of ten members, and the Board of Auditors,

which consists of three members (along with two alternate auditors). The shareholders' meeting appoints these bodies.

Regarding the current Board of Directors composition, after Andrea Mangoni's resignation on 27th April 2023, Manuela Franchi was co-opted as interim CEO. Her role was unanimously confirmed by the Board of Directors on 3rd August 2023.

Also, after Director Emanuela Da Rin's resignation on 14 June 2023, the Board of Directors appointed the new Director, Elena Lieskovska, on 15 June 2023.

The doValue Group has regulated the diversity criteria and policies for the composition of the Board of Directors. This is outlined in the document "Policy on the Composition of Corporate Bodies of the doValue Group," which the Board of Directors approved on 25th February 2021. The Policy requires an appropriate diversification of skills, experience, age, gender, geographical origin and international outlook. The composition of the current Board of Directors adheres to legal requirements on gender balance, as stipulated by relevant laws and regulations, including Article 147-ter, paragraph 1-ter of the Consolidated Law on Finance, and Law no. 160 of 27 December 2019.

Complying with current regulations for listed companies and in line with Corporate Governance Code recommendations, the Board of Directors assumes a central role in the Company's governance.

Under the Articles of Association and its regulations, the Board of Directors:

• a) defines the nature and level of risk compatible with the Company's strategic objectives, including in its assessments all risks that may be relevant to the medium- to long-term sustainability of its business;
• b) assesses the adequacy of the organisational, administrative and accounting structure of the company and its strategically important subsidiaries, with particular reference to the internal control and risk management system;
• c) decide on the Company's strategic directions and continuously verify their implementation;
• d) verifies the consistency of the remuneration and incentive systems with the company's corporate objectives and values to attract, retain and motivate people with the professional qualities required to manage the company successfully;
• e) appoints and revokes the Head of the Internal Audit department, the AML Manager and the Financial Reporting Officer after consulting with the Board of Statutory Auditors;
• f) appoints and revokes the Head of the Internal Control Department - as well as the heads of structures reporting directly to the Chief Executive Officer -, the Data Protection Officer, and the Supervisory Body pursuant to Italian Legislative Decree 231/01 and, in the latter's case, establishing the compensation;
• g) regarding ICT matters, it approves: (i) the development strategies for the information system and the reference model for the system architecture;
  • (ii) the IT security policy;

(iii) the organisational and methodological framework for analysing cyber risk;

(iv) the company documents required by law for the management and control of the information system; the Board of Directors is informed, at least annually, about the adequacy of the services provided and the support of these services for the evolution of company operations concerning the costs incurred, and promptly in the event of serious problems for the company's activity, resulting from accidents and malfunctions of the information system;

h) defines the criteria for identifying the most significant transactions to be subjected to preventive scrutiny by the Risks and Related Party Transactions and Sustainability Committee. It also makes decisions on transactions with related parties according to the procedures adopted in this regard.

For more details, please refer to the Report on Corporate Governance and Ownership Structure 2023. 5

Furthermore, recognising the increasing strategic importance of Sustainability at doValue, the Board of Directors approved the Regulations of the Risk, Related Party Transactions, and Sustainability Committee in 2021. This committee plays a proactive and consultative role in processes and activities that contribute to the Group's sustainable development along the value chain.

The Board of Directors also includes the Appointments and Remuneration Committee.

3.1.2 Code of Ethics and internal regulations The doValue Group is firmly committed to maintaining the highest ethical and moral standards in its business activities. The diffusion of corporate culture and values aimed at supporting the entire Group's respect for ethical behaviour and existing legislation has a fundamental role in all the countries where doValue is present.

In continuity with the projects launched in previous years, during 2023 the Group continued working to strengthen the Internal Control System and its regulatory system. Following the reorganisation process initiated at the end of 2020, the Board of Directors of doValue S.p.A. approved the updated Code of Ethics, applicable across the entire Group. Concurrently, the process of reviewing and updating the organisation's management and control models began, aligning with Italian Legislative Decree 231/2001 ("Model 231") regulatory framework.

Since 2021, the foreign subsidiaries have adopted the Group's Code of Ethics, incorporating its general reference principles into their own regulatory system. Consequently, in the same year, an analysis of the local regulations and the regulatory corpus of the various Legal Entities was started to verify the need/opportunity for modifying them. At the conclusion of this project, the local Codes of Ethics and the Codes of Conduct of the foreign subsidiaries were revised and integrated, and are aligned across the entire Group perimeter, while maintaining the specificities of the various LEs in terms of compliance with the regulations applicable in the reference jurisdictions.

In May 2023, the update of the Organisation, Management and Control Models under Italian Legislative Decree 231/2001 of the three companies within the Italian perimeter (doValue, doNext and doData) and the Code of Ethics of the doValue Group concluded.

This update was initiated to ensure the full compliance of the Models with the current perimeter of predicate offences, in view of:

(i) the introduction of new predicate offences and the changes made to the cases already included in the framework under Italian Legislative Decree 231/2001, as well as

(ii) changes to the companies' organisational structures starting from the last update of the Models, which was in December 2020.

In alignment with the new Model 231, the Group has updated its Code of Ethics. This revised code outlines the ethical principles, duties, and responsibilities the Group commits to in pursuing its corporate goals. It applies to all Recipients — everyone within and outside the Group involved in carrying out its activities through contractual agreements. Specifically, doValue and its subsidiaries ensure that their business partners' ethical principles align with those outlined in the Code of Ethics, fostering the development of a shared ethical culture.

The companies pledge to promote the Code of Ethics, aiming to cultivate an understanding of ethical values and the importance of complying with the Code. Individuals are informed about the Code's provisions, initially through a specific communication and a mandatory review upon hiring, and later through ongoing internal updates during initial approvals and any subsequent updates. Each company within the Group is responsible for promoting and executing a comprehensive training and awareness programme. This programme focuses on the Code of Ethics and the procedures and internal controls essential for effective implementation.

The Code of Ethics is an essential element of Model 231, whose control and behaviour principles are formalised in line with its content. The aforementioned documents are available on the company intranet "Rules" or the Institutional Site.

doValue Spain and its subsidiaries, in addition to adopting the Group's Code of Ethics, regularly update their Code of Conduct, which outlines the core principles of its business operations. These include adherence to legality, objectivity, and integrity; respect for human rights in alignment with the Universal

Declaration of Human Rights) and respect for the environment and urban balance. All employees are required to know the Code of Conduct, respect it , collaborate in its implementation, and report any infringement cases.

The Code of Conduct is accessible to employees via the company intranet, alongside other documents and policies designed to promote best business practices. These include the Compliance Policy, which seeks to prevent criminal behaviour; the Global Policy on conflicts

of interest and transactions with related parties; guidelines on the free gifts policy, anti-money laundering prevention measures, procedures for supplier approval and contractualisation; the Policy on the correct use of information systems; and informative notes concerning GDPR compliance.

Regarding doValue Greece, the Company has adopted the Code of Professional Conduct & Ethics, which, in line with the Group Code of Ethics, spreads its culture and values, supporting ethical conduct by the entire Organisation. doValue Greece has also adopted several policies, procedures, guidelines, and frameworks at the local level, including the Related Party Procedure, the Ethical Compliance Hotline Procedure, the Donations and Sponsorships Procedure, and the Disciplinary System approved by the Ethics Committees in 2023.

The Code of Professional Conduct & Ethics, together with the rules mentioned above, is made accessible internally via website and all employees have formally read it. Furthermore, acceptance of the local Code of Conduct, together with the policies for the prevention of risks of conflict of interest, is mandatory for all of doValue Greece's commercial partners (suppliers, external collaborators, etc.) upon establishing their respective relationships. To this end, the Company has introduced a Vendor Management Framework. This framework seeks to harmonise the Organisation's procurement and outsourcing policies through due diligence activities and evaluation processes while mitigating third-party risk.

Lastly, doValue Greece has set up an Ethics Committee

tasked with adjudicating violations of the Code of Conduct and managing conflicts of interest. The Committee is chaired by the Executive Chairman of the Board of Directors of doValue Greece, while the voting members are the top management without P&L responsibility, except the CEO. The Committee's composition ensures the independence and objectivity of decisions. The Ethics Committee forwards relevant issues to the BoD or the Executive Committee quarterly or whenever necessary.

In confirmation of the effectiveness of the measures in place to uphold ethics and integrity, it's noteworthy that, once again, in 2023,, the Group was neither engaged in significant legal disputes nor faced penalties for anti-competitive actions, antitrust, or monopolistic practices. The Group incurred minor fines totalling 625,000 euros, levied by the GSCA, the Greek authority for consumer protection. These fines were attributed to doValue Greece for eleven minor infringements primarily resulting from erroneous system entries, impacting compliance with L. 3759/09.

The Group's Code of Ethics has been adopted by all Legal Entities and expressed in their local Codes of Ethics.

3.1.3 Remuneration Policy

doValue implements a Group Remuneration Policy The Shareholders' Meeting approved the plan in 2022, which is valid for the period 2022-2024, in line with the current Business Plan's time horizon.

The policy aims to reward sustainable performance

at all levels and promote a "single Group culture," strengthening employee loyalty, attraction and involvement. doValue has established a Group Total Reward model that includes all staff members to value the contributions of every employee and consider their respective working conditions:

The Remuneration Policy satisfies the Borsa Italiana Corporate Governance Code, complies with the Issuers' Regulation published by Consob in December 2020, and is in line with the remuneration recommendations of the Corporate Governance Code of the "Corporate Governance Committee" of listed companies.

The remuneration system also aligns with the actual results, capital, and liquidity levels of the company. It aims to prevent distortions that might encourage

recipients to violate regulations or undertake excessive risk-taking on behalf of the Group.

The remuneration policy aligns with the Leadership Model defined by doValue, designed to foster engagement, commitment, and an entrepreneurial attitude among all employees based on the following dimensions or behaviours.

Focused on innovative solutions. Always one step ahead. Result-focused objectives. Careful listening to achieve a full understanding of the task and identify sustainable solutions.

Professional behaviour aimed at building trust and credibility with customers, shareholders, partners, colleagues and generally in the economy and society.

EFFECTIVENESS RESPONSIBILITY COLLABORATION LEADERSHIP

Creating an inclusive environment that promotes an open dialogue valuing every opinion. Promoting team spirit. Personal commitment and commitment to others.

Inspiring and motivating the team to achieve great results, acting as a role model and being responsible for your actions and the team's.

Internal policies and processes aim to reinforce the mission, vision, and values that drive performance and promote the achievement of business objectives in line with doValue's purpose.

The Remuneration Policy for Directors, Executives with Strategic Responsibilities, and Members of the Control Board has been finalised and is available on the Company's website. It meets market demands and adheres to the latest regulatory standards, in line with the Shareholders' Rights Directive (SRD II), specifically

• Articles 123-ter and 114-bis of the Consolidated Law on Finance, respectively "Report on the Remuneration Policy and remuneration paid" and "Disclosure to the market regarding the Allocation of Financial Instruments to Corporate Officers, Employees and Collaborators";
• with Consob Regulation No. 11971/1999 (the socalled Issuers' Regulations), updated in December 2020;
• with the Code of Conduct of the "Corporate Governance Committee" (updated in January 2020), as a further measure to strengthen governance and align with best practices.

The Policy lists principles and standards of behaviour that are extended, where applicable, to all the Legal Entities of the Group, hereinafter also abbreviated to "LEs", for the purpose of designing, implementing and monitoring the respective practices, plans and compensation programs.

Specific internal procedures regulate the incentive systems for non-executive staff, consistent with the provisions of the Policy and more generally, with the Business Plan.

Objectives and Principles

The Remuneration Policy is closely linked to the Business Plan, further strengthening alignment with long-term objectives in the interest of all Stakeholders:

• the long-term incentive plan is confirmed as an "integrating" component of the reward proposal for the three years;
• a stronger alignment with ESG priorities has been established, consistent with the sustainability ambition outlined in the strategic plan, focusing on employees, customers, and overall reputation. Employee satisfaction and engagement, especially regarding ESG-related aspects, are incorporated into the final metrics of both the STI and the LTI. Other metrics linked to improvement of the ESG indices have been introduced in the LTI plan.

Additionally, a strategy to engage investors has been devised, focused on enhancing alignment with stakeholders. This includes active dialogues designed to clarify strategic issues and address findings related to the remuneration framework.

The Structure of the Remuneration System

The remuneration strategy provides a package that includes a fixed component, a variable component, and benefits. Its structure aims to maintain a proper balance among these elements, each tailored to effectively attract talent and motivate and retain employees.

The fixed component remunerates the assigned role and responsibilities, considering the required experience and skills.

The variable component remunerates the results achieved, with a focus on both the WHAT, which measures Objectives and Priorities, and the HOW, which measures Skills and Behaviours originating from the Group's values, directly linking remuneration and performance in the medium- and long-term to strengthen the coherence between the interests of shareholders and those of management.

The structure of the incentive plans defines the entry gates, which also guarantee the sustainability of the Group's incentive systems. Malus and clawback mechanisms are also included in the variable annual and deferred incentive systems. The remuneration package includes a welfare and benefits system aimed at ensuring the well-being of employees both during their working life and later retirement, in line with market practices.

Remuneration of Key Management Personnel

Key Management Personnel have access to different forms of incentives:

• The annual short-term incentive plan (STI), focused on achieving yearly results through both financial and non-financial objectives aims to align with doValue's culture and values, incorporating ESG aspects within the Group;
• The long-term incentive plan (LTI) aims to ensure long-term alignment of participants, attract and retain individuals crucial to the Group's sustained success, and foster the "One-Group Culture".

The STI plan is based on a balanced scorecard considering key financial and non-financial performance indicators. In this context, the ESG aspect (environmental, sustainability and governance aspects) accounts for 10% of the quantitative component.

The LTI (Long Term Incentive) Plan envisages an annual grant ("rolling" plan) based entirely on the doValue shares ("Performance shares"), aiming to:

• incentivising the achievement of essential strategic performances and the generation of value, encouraging the alignment of the beneficiaries with the long-term interests of shareholders and the stakeholders in general;
• promoting the "One-Group culture";
• encouraging the commitment to attract, involve and retain doValue collaborators as a strategic asset for the Group.

Within the framework of Long-Term Incentive (LTI) remuneration, the significance of the environmental, social, and governance (ESG) impact component has been enhanced, now constituting 10% of the total—an increase of 5% compared to the previous reporting year's remuneration policy.

The MBO guidelines introduced in the Remuneration Policy for Key Management Personnel were passed on to the rest of the organisation, including the ESG objective with a 10% weight of the WHAT for all managerial positions.

Process governance

The process for defining, adopting, and implementing the Remuneration Policy considers the delegations from various corporate bodies and the corporate functions involved. It also aims to ensure that each delegated corporate body or function fully exercises the responsibilities defined by external regulations, statutes or internal regulations.

The policy has been updated to reflect changes in the market, strategies, and risk profile. For further details, please refer to the 202 2-2024 Remuneration Policy and the related 2023 Report, available on the corporate website in the Governance – Remuneration section.

3.1.4 Model 231 and Whistleblowing

doValue and all Italian companies have for some time adopted and keep their organisation, management and control models updated pursuant to Italian Legislative Decree 231/2001 (hereinafter "231 Models").

In implementation of the provisions of Italian Legislative Decree 231/2001 and in line with statutory requirements, the Board of Directors appoints the Supervisory Body ("SB"), charged with overseeing the operation and compliance of Model 231 and ensuring its up-to-dateness. The Supervisory Body, which operates continuously, supervises the functioning of and compliance with 231 Models, evaluates the implementation of preventive measures, and regularly reports its findings to the Board of Directors and the Board of Statutory Auditors.

Consistent with the principles of Italian Legislative Decree 231/2001, for the Italian perimeter, the Group's 231 Models include multiple channels for reporting violations, as stipulated within the currently enforced Policies and Procedures.

Anyone who becomes aware of violations or situations that may not align with the principles set out in the Code of Ethics (or with the system of procedures and internal controls facilitating its actual implementation) must promptly report to the Supervisory Body, where relevant, or the local body or function tasked with oversight, in line with the described Policies and Procedures.

In December 2023, the Group issued its Whistleblowing Policy, in compliance with EU Directive 2019/1937 on

"the protection of people who report violations of Union law and containing provisions regarding the protection of people who report violations of national regulatory provisions", as transposed into Italian law by Legislative Decree 24/2023. Specifically, in compliance with the provisions of the Decree, the Policy governs:

• the essential features that each Legal Entity must ensure in the execution of the Internal Reporting process include:
  • i) Reporting Channels to activate,
  • ii) definition of Roles and Responsibilities;
  • iii) management times for the Reports,

iv) prohibition of behaviour, even only potentially retaliatory and/or discriminatory;

• the required information relating to the External Reporting Channel - as regulated at the national level by each Public Authority - and to Public Disclosure;
• the necessity to implement a proportionate and deterrent sanctioning system against individuals who obstruct or attempt to obstruct reporting, retaliate against whistleblowers or breach the confidentiality obligation concerning the identities of those involved in the reporting process;
• the measures that must be observed regarding the protection of privacy and the confidentiality of personal data, including, such as enacting a privacy policy and assessing technical and organisational security strategies for using a Digital Communication Channel;
• training and awareness activities to deliver both at the local and Group level;
• the flow of information to be produced periodically and/or per event both towards the Parent Company and towards the Local Bodies.

The Reporting Channel applies to relevant Violations pursuant to Italian Legislative Decree 24/2023 or violations of national or European Union regulatory provisions that harm the public interest or the integrity of the Company that the Whistleblower has become aware of in the work context, including violations of the Code of Ethics.

The value process for managing Internal Reports involves the designation of specific roles tasked with handling these reports in various capacities to fulfil the activities outlined in Article 5 of Italian Legislative Decree 24/2023. Report handling is conducted following the Whistleblowing procedures adopted by each Group company. The contents of the procedure are entirely shared with all internal and external recipients through various corporate communication channels. In the reporting management process, doValue guarantees total confidentiality, protection of the rights of the reporting party and the reported party and maximum protection from any possible retaliatory or discriminatory behaviour resulting from the reporting.

Regarding the Italian perimeter, the Procedure "Use and management of the violation reporting channel ("Whistleblowing")", updated on 13 July 2023, regulates the reporting channels in detail.

The procedure applies to: violations that occur during the performance of work activities or that may impact them, activities that could cause harm or detriment to the Group, and that derive from behaviour, including illicit, improper, or unethical actions or omissions that contravene legal and regulatory provisions or fail to adhere to internal regulations.

Specifically, reports are deemed relevant if they pertain to violations within these primary regulatory domains:

• Group Code of Ethics;
• relevant conduct pursuant to Legislative Decree 231/2001 and failure to comply with Model 231, unchanged as already regulated in the Model itself;
• Anti-corruption legislation;
• regulations on workers' health and safety;
• Code of Conduct and regulations applicable to listed companies;
• anti-money laundering and anti-terrorism;

• Market Abuse;
• other external regulations periodically identified as relevant for the implementation of the procedure.

Concerning the Italian perimeter Internal Reports to the Company can be made through the following channels:

1) Digital Reporting Channel - through a reporting software application used by companies within Italy, accessible from the websites of doValue S.p.A., doNext S.p.A., and doData Srl., which guarantees ease of use, anonymity, confidentiality, privacy, and accessibility.

2) Ordinary Mail - send to the registered office addresses of each company in Italy, addressed to the Whistleblowing Channel Manager, in a sealed envelope marked "Confidential Whistleblowing" on the exterior.

3) Email – send to email addresses

that are specially prepared and confidential;

4) Oral report, or rather a meeting initiated by the Whistleblower with the appropriate personnel, documented through a written report after obtaining consent, which is then verified and confirmed by the Whistleblower's own handwritten signature."

Training also plays a crucial role in these areas for doValue. Within the Group's training plan coordinated by the People function, the Company commits to offering and continually updating mandatory training on Model 231 and Whistleblowing for all employees. This training aims to clarify the specific procedures to be adhered to and the potential repercussions of inappropriate conduct.

In this context, during the update of Model 231, the company conducted targeted training in Whistleblowing for individuals responsible for handling Whistleblowing Reports in various capacities. Adequate training of the Reporting Managers, as well as the Internal Recipients of the reference Policy, is carried out regularly according to needs and constitutes an essential element to guarantee its effective implementation.

The foreign subsidiaries also have specific channels for reporting violations.

doValue Spain has put in place appropriate measures to assist in reporting alleged wrongdoing through a Whistleblower hotline and a protocol.

These measures are also mentioned in the company's regulatory system.

The Whistleblower hotline, which includes both physical and digital channels, is a direct and confidential tool available to employees. Specific communications in the common areas of the offices inform employees of the hotline's presence. The Whistleblower hotline protocol instead regulates the procedures to follow in the event of receiving reports on illicit actions and provides clear and transparent instructions about the activities to be carried out, ensuring the confidentiality of the information received at all times.

Also doValue Greece encourages staff and co-workers to contribute to the continuous improvement of ethics and organisational integrity and to report incidents of unethical and illegal behaviour inside and outside the organisation through the maintenance of the Whistleblowing system. In this regard, following the publication of Local Law 4990, which transposes the European Directive on Whistleblowing (Directive no. 2019/1937), in 2023 the existing Whistleblowing Policy was subject to revision, which is awaiting approval by the Board of Directors, and a person responsible for monitoring and managing reports has been appointed (RRMO -Reporting Receiving and Monitoring Officer), in compliance with local law and the European Directive.

Questions or reports can be submitted through the following methods:

• a. Contact the RRMO
• b. email: EthicsHotline@dovaluegreece.gr

c. Call the dedicated telephone line and speak directly to the AMO or leave a message on the answering machine, available 24 hours a day, seven days a week, all year round.

d. Send a letter for the attention of the RRMO.

These procedures are also made known to External Stakeholders, who, for various reasons, might become aware of corrupt behaviour or potential conflicts of interest. This awareness is facilitated by relevant information available on the Company's website.

It is also important to note that from 2024, per local law, submitting reports via a dedicated online platform currently under development will be possible.

3.1.5 Anti-corruption

To combat all forms of active and passive corruption, doValue has established a management system that adheres to the ISO 37001:2016 international standard.

In 2022, doValue UNI ISO 37001:16 Certification, the first international standard for anti-corruption management systems. This milestone underscores doValue's unwavering dedication and commitment to combat all forms of corruption. In 2023, during the annual audit, the continuation of compliance with the ISO 37001:2016 certification requirements was confirmed.

The certification bolsters doValue's efforts to advocate policies that adhere to legal and ethical standards to prevent corruption and ensure transparency in domestic and international business engagements. It enhances the efficacy of anti-corruption tools and integrates with the company's frameworks, including the Organisation, Management, and Control Model in accordance with Legislative Decree 231/01. Within its corruption prevention management system, doValue has implemented an Anti-Corruption Policy that aligns with the ISO 37001:2016e standard. This policy was updated in December 2023 to reflect the system's latest advancements. The Policy outlines the commitments and objectives made to guide the evaluation, monitoring, and reporting of corruption risks in transactions conducted by the company with its business partners, third parties (including Group companies subject to the policy), and internal stakeholders. The Policy is supported by various procedures to ensure the proper application of the system. This includes the "Procedure for the implementation of the Management System for the prevention of corruption pursuant to the ISO 37001:2016 Standard," which was updated in 2023. Currently, this applies solely to doValue S.p.A., the recipient of the Certification.

The corruption prevention management system has been integrated into the broader corporate management framework, designed with consideration for aspects of Group governance, compliance, risk management, and internal control with reference to international guidelines and best practices. The doValue Anti-Corruption Policy is accessible on the Company's Institutional Website and is disseminated to Internal and External Stakeholders through dedicated communication channels, as outlined in a specific operating procedure. The Group also monitors corruption risks via the risk detection and control system established within the framework of managing Model

231, which, as noted, has undergone analysis, updates, and expansion across the Group.

To enhance risk management efficiency and strengthen control system integration, doValue has merged the 231 risk assessment framework with the anti-corruption risk assessment framework. The control system has also been updated by introducing anti-corruption Key Risk Indicators, following a logic of synergy and rationalisation. Within the Organisation, constant awareness of the contents of the Corruption Prevention Policy is implemented mainly through training on the management system for preventing corruption and the 231 Organisational Model. During 2023, as anticipated, following the update of the 231 Models, integrated training in the 231, anti-corruption and whistleblowing area was provided to the staff of the doValue Group operating in the Italian perimeter. Learning tests were used to assess the effectiveness of the training process. doValue also coordinated the delivery of Anti-corruption and Code of Ethics training for foreign legal Entities at the group level. For details on the consolidated perimeter, please refer to the table format provided separately. Additionally, doValue Spain must adhere to the Group Anti-Corruption Policy and a Criminal Risk Prevention Model. It also has an effective control system for corruption risks, compliant with the regulatory mandates of Organic Law 1/2015 of 30 March, Circular 1/2016 of the Attorney General's Office, and specific national or international standards, including ISO 19600 for compliance management systems, ISO 37001, and the UNE 19601 and UNE 165019 standards for criminal compliance management systems. The Model encompasses a variety of offences including corruption, money laundering, and terrorism financing, assessed through a validated risk management methodology underpinned by ongoing control mechanisms. An Annual Monitoring and Follow-up Plan oversees the Model's effectiveness, delineating the requisite controls to prevent and mitigate risks.

In 2023, as part of the group initiative on anti-corruption support activities, the Cypriot company conducted a risk analysis to improve the relevant Framework.

doValue Greece is also included under the Group Policy and adheres to the anti-corruption provisions stipulated in the applicable national laws. The company then integrates the Group policy with the local Fraud Risk Management Policy & Governance policies (Antifraud Policy) and the Whistleblowing mechanism, vital in combating active and passive corruption. In particular, the Anti-Corruption Policy also references the correct management of relationships with the Public Administration to avoid corrupt practices.

The employees and business partners of doValue Greece are informed of the company's anti-corruption policies and procedures through the Group's Code of Conduct and Code of Ethics. In addition, as required by the company's outsourcing policy, during both the on-boarding phase and during the partner's annual evaluation, issues concerning corporate integrity are taken into account. A corruption risk assessment was conducted for both doValue Greece and doValue Greece RES.

Communication and training on anti corruption policies and procedures	People who received communication on anti-corruption policies and procedures in 2023		People who received training on anti corruption policies and procedures in 2023
	Number	Percentage of total	Number	Percentage of total
Italy
Business partners (suppliers, external lawyers)	0	0%	0	0%
Members of corporate bodies	0	0%	0	0%
Employees	943	100%	800	85%
of which Top management	43	100%	22	51%
of which Middle management	128	100%	113	88%
of which Staff	772	100%	665	86%
Greece
Business partners (suppliers, external lawyers)	96	100%	0	0%
Members of corporate bodies	0	0%	0	0%
Employees	959	100%	0	0%
of which Top management	18	100%	0	0%
of which Middle management	205	100%	0	0%
of which Staff	736	100%	0	0%
doValue Spain and subsidiaries (Spain – Cyprus – Portugal)6
Business partners (suppliers, external lawyers)	61	0%	0	0%
Members of corporate bodies	7	100%	0	0%
Employees	960	41%	393	41%
of which Top management	58	12%	7	12%
of which Middle management	345	33%	114	33%
of which Staff	557	49%	272	49%

In 2023, with reference to doValue Spain and subsidiaries, only Cyprus provided training to employees on anti-corruption policies and procedures. 6

During 2023, no corruption cases emerged on the consolidated perimeter, in continuity with previous reporting years.

doValue implemented a Group corruption management system, formalised with an Anti-Corruption Policy drawn up under standard UNI ISO 37001:2016.

3.1.6 Anti-money laundering

The doValue Group has an Anti-Money Laundering Policy that formalises choices defined within the AML/ CFT (Anti-Money Laundering/Countering the Financing of Terrorism) context regarding organisational structures (adoption of the decentralised model), internal procedures and controls, adequate verification (e.g., measures to adopt in practice for enhanced or simplified due diligence), data retention, and reporting of suspicious transactions.

Every legal entity has officially adopted this policy. Guided by its principles and adhering to relevant local regulations, they have established specific procedures. These include operational instructions to ensure compliance with local anti-money laundering and counter-financing of terrorism (AML/CFT) laws. Moreover, each entity has developed specific procedures in accordance with local laws. These procedures detail the operational steps necessary to meet the requirements of local AML/

CFT legislation. These documents, which are available and easily accessible to all personnel involved in antimoney laundering processes are updated locally by the respective AML Functions.

Regarding the software applications deployed for managing anti-money laundering responsibilities within the perimeter of the "doTransformation" project, the technical-functional analysis activities continued in 2023. Currently, the maintenance of the HAWK application is planned for Italian Legal Entities (further details provided below). Adopting the SIRON application, presently utilised in Greece, is also anticipated for all foreign Legal Entities.

Finally, to mitigate the risk of money laundering/terrorist financing, the involvement of the Control Bodies and, concerning the roles and responsibilities of the same, the doValue Group, in line with the provisions of the Provision issued by the Bank of Italy regarding organisation,

procedures and internal controls ("Provisions regarding organisation, procedures and internal controls aimed at preventing the use of intermediaries for the purposes of money laundering and terrorist financing"), has formalised within the Group Anti-Money Laundering Policy currently in force the responsibilities relating to:

• Board of Directors as Supervisory Body;
• Board of Statutory Auditors as Control Body;
• Supervisory Body;
• Chief Executive Officer as Management Body.

Specifically, the Corporate Bodies are required to act per their respective competencies and responsibilities, as follows:

• define company policies consistent with antimoney laundering principles and rules;
• adopt policy lines suitable for preserving the integrity of the company;
• implement appropriate organisational and operational measures to avoid the risk of money laundering;
• carry out checks on compliance with the legislation and on adequate risk control.

The Company's regulatory framework clearly defines the tasks and responsibilities of the Corporate Bodies. Given these responsibilities, the AML Function of the Parent Company is required to report periodically to the Corporate Bodies. This reporting must adhere to the information flows outlined in the AML Function and Internal Control System Regulations.

Within the framework of their corporate management processes and adhering to the mandates of prevailing legislation, the Italian companies of the Group have implemented measures designed to ensure comprehensive customer knowledge, the traceability of financial transactions, and the detection of suspicious activities. These measures are tailored to the distinct activities and operations conducted by doValue, acting as a Special Servicer in securitisation transactions, and doNext, serving as a financial intermediary and Master Servicer in securitisation transactions, as well as in the management of NPL/UTPs, and performing positions.

Across all the above obligations, the framework includes three levels of controls on processes aimed at preventing and countering the risk of money laundering

and terrorism financing.

The risk management is inspired by the principles of:

• proportionality, understood as the application of regulatory provisions tailored to the nature of the activity carried out, the types of services offered, the operational complexity, and the overall size of the Group and its companies;
• independence, understood as the direct access of the single Functions to the Strategic Supervisory Body and the Control Body. Independence is established through the mandate by which the Board of Directors, after consulting with the Board of Statutory Auditors, resolves to create the Anti-Money Laundering (AML) Function. This includes defining its role, scope, responsibilities, and prerogatives within the Company Regulations.
• authority, understood as the free access of the Manager of the AML Department and its representatives to all company activities, as well as any information relevant to performing its duties, including through direct contact with employees;
• autonomy and adequacy of resources refer to the provision of human, technical, and financial resources, whether direct or indirect, that are appropriate for preventing undue influence over the operational structure. This takes into account the operational, dimensional, and organizational complexity of the intermediary, as well as the nature of the activities conducted;
• dissemination, understood as expanding the perimeter regarding the risk of money laundering and terrorism financing.

For the year 2023, in con the Board of Directors approved a specific anti-money laundering training plan to be made available to all personnel within business structures who are significantly involved in the management processes of money laundering and terrorist financing risks. The training activities outlined in this plan were delivered following the established schedule. The course mainly concerned the fulfilment of customer due diligence obligations and the reporting of suspicious transactions.

Thanks to the coordination activities carried out by the Group AML Department, the following objectives were achieved to ensure the strengthening of the AML framework throughout the Group:

• full implementation of common minimum

standards for managing money laundering risk, theirformalisation within the Group's AML policy, and the execution of local policies and procedures to guarantee that their contents align with the Group document;

• application, with the support of the local AML Departments, of a common and consolidated Group-wide process for the self-assessment of money laundering risk exposure;
• consolidation, with the support of the local AML Departments, of the reporting framework for the benefit of the Parent Company's Corporate Bodies to allow them to exercise their task of governing and supervising AML issues throughout the Group effectively.

In this context, the primary aim to strengthen AML controls at the Group level further is the implementation of a common repository of all relevant information for AML purposes, overcoming the obstacles currently posed by the coexistence of different supporting IT systems at a local level.

In this regard, at the Italian level, the results obtained in the reference period in 2022, were consolidated in terms of underlying operational processes with the completion of the following projects in the AML/CFT area:

• the doVAMS project, aimed at unifying, at an Italian level, the various management applications currently in use, which support the Management structures in certain phases of adequate verification and collection of the relevant documentation. In particular, the project activities for migrating from the IFAMS system to the HAWK system were concluded in October 2023, and the project activities for migrating from the GIANOS system to the HAWK system were finalised in December 2023. As of 1 January 2024, the companies within the Italian perimeter subject to Anti-Money Laundering (AML) obligations are now utilising a unified application (HAWK), except for specific portfolios that are currently in the process of migration.
• • development of an AML dashboard for managing accounting and reconciliation tasks for collections, data entry in the accounting systems and in the HAWK application, and level one control activities in the AML domain. This was achieved in collaboration with the company Dock, our outsourced provider for

IT/Backoffice services. .

doValue Spain, in addition to adopting the Group Policies on the matter, provides specific measures to prevent money laundering and the financing of terrorist activities ("Controls on Financing of Terrorism", FT) going even beyond the requirements set out in Article 2.1 b) of Law 10/2010 of 28 April. In fact, the company has implemented an "Anti-money Laundering and Terrorism Financing Prevention Area" for both RED (Financial assets) and for REO (Real-estate assets) activities. Specifically, a manual has been adopted that outlines its AML/CFT Model. This manual governs the procedures for due diligence, information handling, document preservation, internal control, risk assessment and management, legal compliance, and communication.

doValue Spain. Therefore, also the Company doValue Portugal Unip. Lda. doValue Spain. In Cyprus, AML compliance is managed through a specific Anti-Money Laundering Manual and related supporting procedures, and specific screening, monitoring and reporting tools. In 2023, the AML Manual was updated, and updated procedures/instructions issued for frontline staff.

As regards doValue Greece, in 2023, the process of refining the AML reference framework continued through. Specifically, the Company conducted a risk assessment on the implemented E-KYC process, identifying several areas where further enhancements could be made to improve the accuracy and reliability of the verification process. The Company also reviewed the existing AML monitoring system to ensure constant compliance with the relevant legislation. To achieve this, a monthly report is generated and distributed to top management. This report gathers all necessary documentation to monitor transactions during the month. The review of the system led to the implementation of second-level controls to improve AML control within the organisation. The Company also ensures the delivery of specific training courses for employees in supervisory roles within key functions, beyond the annual training provided to the entire workforce. In this regard, a new AML training program dedicated to Small Business Loans Unit staff was launched in 2023.

In addition to what has already been mentioned in the Code of Conduct, to prevent and manage AML/CFT

risks, doValue Greece has formalised various policies and guidelines. Many of these were revised during 2023, including the "Guidelines for the handling of unusual transactions by front-line teams," which set predefined criteria for identifying cases that require AML/CFT team review. Other revisions include the "Debtors' data modification procedure" and various manuals for utilising specific frameworks.

Lastly, doValue Greece has also established a High AML/CFT Risk Committee to evaluate debtor customers (whose management is on behalf of and by mandate of third parties) - excluding the Eurobank portfolio - which have been classified as high risk, according to what is provided for by the

AML/CFT policy in implementation of the current legislation. The Committee is chaired by the Head of the Regulatory & Business Compliance, AML/CFTFunction.

— 3.2 Governance and risk management

3.2.1 The Enterprise Risk Management Function The doValue Group has adopted an internal control and risk management system aimed at constantly monitoring the main risks associated with its activities to be able to guarantee sound and prudent business management consistent with the performance objectives and safeguarding the established corporate assets, as well as in line with the relevant regulations and best practices.

These objectives of the internal control system are pursued through adopting a set of instruments, organisational structures, standards and internal rules to support the process of identification, measurement, management and monitoring of company risks to contribute to the Group's sustainable success. Its functioning is based on control bodies and functions, information flows, methods of involvement between the involved subjects, and Group governance mechanisms.

The primary responsibility for completeness, adequacy, functionality and reliability lies with the Governance Bodies, and in particular with the Board of Directors, which is responsible for the strategic planning, management, evaluation and monitoring of the overall Internal Control System. In particular, the CEO of the Parent Company serves as a Director responsible for supervising the functionalities of the internal controls and risk management system, pursuant to the Corporate Governance Code of the Italian Stock Exchange. The Board of Statutory Auditors' task is instead to ensure the completeness, adequacy, and functionality of the system, the suitability of the company functions involved, the correct performance of the tasks, and the adequate coordination of the same, as well as to promote any corrective interventions.

In line with the reference best practices, the internal control system aimed at managing risks is divided into various levels:

• the first level controls, aimed at ensuring that operations are carried out correctly, are the responsibility of the corporate business functions which, in the context of daily operations, are called upon to identify, measure, monitor and mitigate the risks deriving from company activity, in compliance the risk management process and the applicable internal procedures;

• the second level controls have the objective of ensuring the correct implementation of the risk management process, verifying compliance with the limits assigned to the various operational functions, checking the consistency at the operational level of the individual production areas with the riskperformance objectives assigned, and ensuring the compliance of company operations with regulations, including those of self-regulation;
• the third level controls are aimed at periodically evaluating the completeness, functionality, adequacy and reliability of the internal control system in terms of efficiency and effectiveness, in relation to the nature and intensity of the risks of the company needs, also identifying any violations of the organisational measures adopted by the Group. Within the Internal Control and Risk Management System, the Internal Audit Functions established at doValue and the main subsidiaries are assigned the direct management of internal audit activities, with a view to third level control, without prejudice to the skills and responsibilities of the respective corporate bodies.

Furthermore, over the last few years the review activities of the internal control system have accompanied the Group's international growth, organisational evolution and integration process. The Group's organisational structure underwent a comprehensive review to bolster its international growth. This resulted in the reorganisation of operations into cohesive geographical sectors and the creation of central Group functions. These functions are tasked with the cross-functional coordination of activities, such as formulating and executing business development strategies and managing corporate processes, ensuring they align with the Group's strategic goals.

Furthermore, the Internal Audit Function serves an executive control role on behalf of the Group's 231 Supervisory Bodies. It ensures, within its audit remit and in relation to processes with "231/2001 relevance", the comprehensiveness of 231 controls, the effectiveness of their design, and their it also provides these Bodies

with specialised reports detailing the outcomes of its audits, any challenges identified, and the corrective action plan defined by Management. To this end, as part of the annual audit intervention planning, a specific is prepared (following a risk-based approach), submitted to the Supervisory Bodies and subject to the approval of the overall annual audit plan by the Board of Directors. Finally, in fulfilling its mission, the Internal Audit Function also carries out IT Audit activities aimed at reviewing and evaluating the adequacy of the management processes of the IT systems, infrastructures, and IT architectures to support company operations, as well as the processes of governance and management of IT security aimed at guaranteeing data integrity.

To this end, with the present organisational model, from the end of 2023, the Group has established the Group IT Internal Audit Function within the Group Internal Audit Function. Its mission is to ensure comprehensive IT Audit coverage. This encompasses centralised Group oversight of critical areas and supports IT operations linked to the execution of specific operational duties by each Legal Entity under the umbrella of their respective annual and triennial Audit Plans

With reference to 2023, the 231 audit plan provided for the execution of numerous audit tasks, including:

• 2022 Remuneration Policies;
• Transactions with Related Parties 2022 Verification of Excluded Transactions of the doValue Group;
• Complaint Management for the doValue Group in Italy;
• Collection management and related obligations
• AML;
• Management of Statements and Governance of Usury Risk – Country Italy;
• Evaluation of New Portfolios doValue processes of Due Diligence;
• doNext Servicing Process;
• doValue Group IT Governance
• doValue GroupIT Security Management;
• Management of IT Service Providers for the doValue
• Group in Italy;
• Compliance Control Campaigns regarding i) Business Continuity Management & Disaster Recovery Testing and ii) Environmental Law.

Within the context of the corporate processes and with specific reference to the structure of the departments that contribute to the functioning of the internal control and risk management system, the significant interventions carried out over time concerned the formation of the following Group functions responsible for guaranteeing cross-company coordination of the local control activities in the areas of their competence:

• • Control Office Group , reporting hierarchically to the doValue Board of Directors, is responsible for the coordination, for the areas of its competence, of control activities aimed at ensuring a constant and independent evaluation of the overall system of internal controls and risk management, giving periodic information to the Corporate Bodies, as well as ensuring the adoption of homogeneous methodological approaches and operating models by the Group's Internal Audit and Anti-money Laundering functions in compliance with the requirements of independence and autonomy established by local regulations;
• • Internal Audit Group, reporting hierarchically to the Chief Group Control Officer, is responsible for defining a shared methodology for carrying out internal audit activities, identifying common tools for performing controls, structuring a common reporting system for the bodies and the management of the various Group components and ensuring its adoption by the various local Internal Audit functions that functionally report to it;
• • AML Group, reporting hierarchically to the Chief Group Control Officer, is responsible for issuing Group guidelines and policies on the prevention of money laundering risk and for developing a common methodological approach to manage the same, as well as a common reporting for the Bodies and Management of the different Group components, supervising its adoption by the various Anti-money Laundering functions established at the local level that functionally report to it;
• • Compliance & Global DPO, reporting hierarchically to the Group General Counsel. It develops a uniform compliance framework at Group level to ensure compliance with regulations within the relative perimeter (e.g., Market Abuse, Related Parties, Consob Regulations, Anti-corruption, Privacy) through the definition of common guidelines and policies, regulatory monitoring and implementing the interventions to ensure compliance with applicable regulations, as well as introducing specific intra-group information flows. As Global DPO, it defines the Group's organisational data protection model and a common framework of DPO controls, coordinates data protection activities, the reception of information flows from the local DPOs and, consequently, of reporting to the doValue Board

of Directors. Limited to any processing carried out at the corporate level, the Global DPO also carries out control tasks of the data processing activities as a point of contact with the Authority and the interested parties involved in the processing activities, and for information and consultancy.

• • Enterprise Risk Management Group, with hierarchical reporting to the General Manager Corporate Functions within the Group Organisation & Enterprise Risk Management function is tasked with defining guidelines and identifying and monitoring, in partnership with the various risk owner functions both at the Group level and at the level of individual companies belonging to the Group, the trend of the risks to which the Group is exposed in terms of strategic, operational, reputational, legal and financial risks, including the definition of mitigation actions. In this context, ERM makes use of suitable methodological approaches, procedures and tools and guarantees appropriate information both towards the Management and the Corporate Bodies;
• • Administration & Internal Control for Financial Report Group, reporting hierarchically to the Group Finance Function, within which the Internal Control for Financial Report structure operates. It supports the Financial Reporting Officer pursuant to Italian Law 262/2005 in fulfilling their responsibilities regarding the issuer and to all the Group companies included in the consolidation.

Also thanks to the greater solidity guaranteed by this evolution of the internal structure, the activities of the Internal Audit Functions set up within the Group have been aimed at periodically assessing the completeness, functionality, adequacy and reliability in terms of efficiency and efficacy of the internal controls and risk management system, including those on the information system (ICT audit).

To fulfil its tasks and responsibilities, Internal Audit deals with:

• ensuring constant and independent surveillance of the regular performance of company operations and processes, to prevent or detect the onset of behaviours or situations that are anomalous and risky;
• periodically assessing the completeness, adequacy, functioning and reliability of the organisational structure and the other components of the internal controls system;
• carrying out the controls (level three), including

through on premises checks, regarding the regular performance of the company operations and the evolution of the risks, including the outsourced activities, in addition to identifying any violations of the procedures and the regulations;

• monitoring compliance with the regulations of the activities of all company levels, both by carrying out compliance audit tasks and by means of specific periodic compliance check campaigns;
• checking the correct and accurate exercise of the delegated powers and the full and correct use of the available information within the sphere of the various company activities;
• checking the suitability and correct functioning of the processes and the methods for assessing the business activities, in particular the financial instruments;
• verifying the adequacy of second level control functions, where established in compliance with the applicable regulatory framework (for example, for doNext) and the related risk identification, measurement and control processes;
• checking the suitability, overall reliability and security of the IT system as well as the operational continuity plan and the related updating process, ensuring assessments on the main technological risks which can be identified and on the overall management of the IT risk;
• checking the regularity of the various applications, infrastructures and management processes of the Group, including any outsourced components, through assessments (including operational continuity plans) of third-party suppliers and critical suppliers, annually preparing the report on the important operational functions outsourced by the subsidiary doNext;
• carrying out ad hoc interventions upon the specific request of the Company Bodies and/or the external/ Supervisory Authorities, and assessment duties also with regard to specific irregularities;
• monitoring the effective implementation of the action plans and checking the removal of the detected anomalies;
• participate, where necessary, in company working groups on project topics (e.g. new products, channels, systems, processes, etc.) also to point out useful elements for the correct design of the controls system;
• seeing to the adoption, in collaboration with the other control units, of initiatives aimed at facilitating the coordination and exchange of information so as to ensure an overall and integrated view of the

internal controls system;

• ensuring support for senior company management when furthering and divulging a suitable and sound culture of the controls within the Group;
• ensuring prompt and systematic disclosure to the company governance bodies on the state of the controls system and the results of the activities carried out.

Finally, in line with the specific requirements of Italian legislation, the Function established at the Parent Company has the task of:

• preparing an annual report on the revision of the ICAAP process (Internal Capital Adequacy Assessment Process) of the supervised subsidiary doNext;
• verifying, for the Servicing activities, the adequacy and the functionality of the process for managing and monitoring the performance of the securitised assets, as well as that for checking the compliance of the transaction with the law and the prospectus.

In addition to this, the Function plays an executive control role in favour of the Group's 231 Supervisory Bodies, verifying, within the scope of its audit activities and with reference to the processes having "231/2001 relevance":

• the completeness of the 231 controls and the effectiveness of the design
• the relative adequacy and functionality

providing ad hoc reporting to the same Bodies of the results of the activities carried out, the critical issues encountered and the action plan defined by Management. To this end, as part of the annual audit intervention planning, a specific 231 verification and audit plan is prepared (following a risk-based approach), submitted to the Supervisory Bodies and subject to the approval of the overall annual audit plan by the Board of Directors.

The structure of the other functions within the Group that are responsible for managing the main corporate risks is directly influenced by the structure of the business processes implemented in the different companies that comprise it , by the nature and relevance of the associated risks and the presence of specific regulatory requirements on risk governance.

The Enterprise Risk Management (ERM) function was established in 2022 as part of the Group Organisation & Enterprise Risk Management function, in consideration of the need to ensure coordination in the management of strategic, operational, reputational, legal and financial risks to which the Group's activities are exposed. The Operational Risk Management structure of doValue has merged within ERM and has maintained a position of Focal Point/Responsible for the Risk Management Activities of the Country Italy with specific reference to the management and monitoring of local operational risks.

In this context, the Enterprise Risk Management function is assigned the following main responsibilities for the entire perimeter of the Group:

• ensure integrated risk management, serving as a catalyst for the Group's growth and development by identifying and mitigating potential risks that could affect the Group;
• ensure the adoption of the "Risk-Informed ERM" approach to furnish Management and Corporate Bodies (Board of Auditors, Risk Committee, Board of Directors) with critical information that aids the corporate decision-making and management process;
• ensure, in line with second-level control principles, integrated monitoring at the Group level of the following primary risk categories:
  • External Risks
  • Operational risks
  • Strategic and financial risks
  • Reputational risks
  • Legal risks
• defining a methodological framework at Group level to identify, assess, measure and monitor risks;
• • defining strategies, policies and processes at Group level;
• supporting the determination of the acceptable level of risk (risk appetite) and risk tolerance concerning the predefined strategic objectives and analysing the related deviations;
• ensuring the monitoring, analysis and reporting of the evolution of risks and the related mitigation actions at the Group level, consistent and in compliance with the thresholds defined in partnership with the risk owner functions;
• supporting, also in partnership with the Group Finance Function, the evaluation of strategic options (e.g. investments, new markets, new products/ services, new partnerships, etc.);
• carrying out, in collaboration with the Group Finance and Group Legal Function, monitoring of the provisions for the risk funds recorded in the Group Financial Statements.

During 2023, the Enterprise Risk Management Function guaranteed the production and sharing of the Dashboard of Group risks on a quarterly basis with Top Management and with the Board of Statutory Auditors and the Risk Committee. The Dashboard was also brought to the attention of the Board of Directors on a biannual basis in accordance with the governance mechanism defined during the deployment phase of the ERM function.

ERM also conducted a first initiative at the Group level of Risk Assessment on operational risks which, on the basis of a common methodology defined at the Group level and shared with the local Risk Management functions, saw each of the main Group companies identify analysis perimeters, carry out Risk Assessment activities and issue specific reports at the end of the same to the Risk Owner functions and Top Management, with particular focus on the risks encountered and the related mitigation actions identified for the purposes of incremental and optimal management of the operational risks.

The configuration of functions within the doValue Group in Italy, specifically at the parent company and the Italian supervised subsidiary (doNext), clearly illustrates the unique characteristics defining the organisational positioning and objectives of the entities responsible for managing the primary corporate risks across the Group's various components.

In synergy with the evolution of the European legislative and regulatory context, the doValue Group has formalised the management of business risks through the Group Enterprise Risk Management Framework Policy, as an essential component for the development and maintenance of solid ERM practices.

The ERM Framework clearly places the risk management process at the centre of the value chain between the mission, the vision and the core values of the Organisation and its performance. Risk management is therefore an integral part of the definition of development, strategy and processes, also with reference to subsidiaries which are required to adopt the principles of the Policy in managing their business risks.

The ERM framework comprises four main phases: the first phase is the identification of risks.

This stage involves identifying events that might negatively affect the achievement of the objectives. The world of risks potentially applicable to doValue was divided into different categories, with the identification of specific KRI indicators for the Group companies shared with the local risk Functions. This list is subject to regular updating based on the changes in the companies' processes/risks.

Risk assessment consists of measuring and prioritising risks, in order to manage risk levels within defined tolerance thresholds, measuring the probability of occurrence of the negative event and its impact. The measurement approaches used at doValue differ according to the different types of risk categories and may be qualitative (for example, for monitoring reputational risk) or quantitative (for example, for financial and operational risks). ERM carries out the risk assessment phase with the support of the Local Risk and/or Risk Owner as a local or group function, based on the risk categories, the relevant KRIs and using the Risk Assessment Matrix as a reference. This matrix is periodically adopted at the Group level, or through the application of a qualitative scale in accordance with the Matrix mentioned above.

In the risk response/treatment phase, the risks that emerged during the previous stage are highlighted and decisions are defined on the actions to be taken to mitigate the risks and bring them back within predefined thresholds.

In collaboration with the Risk Owner, ERM identifies strategies for reducing/mitigating, transferring, or avoiding risks deemed "unacceptable." The mitigation actions are meticulously tracked and specified concerning ownership and the deadline for resolution.

Finally, in the last phase of risk monitoring and reporting, relevant information is periodically identified, acquired and communicated in a form and with timing that allows those responsible to carry out their activities. The ERM function collects and shows the main identified risks, and the vulnerabilities found, their trends and their developments on the ERM Tableau de Bord in order to ensure the awareness of the Corporate Bodies, which are periodically informed. More specifically, the ERM Tableau de Bord is shared each quarter with the CEO and the Committees and every six months with the Board of Directors of doValue. Its contents may change based on the Company's developments.

In response to the necessity to adhere to specific local regulatory mandates, the Risk Management Organisational Unit is situated within the Risk Management, Compliance & AML Function of the supervised subsidiary doNext. This function is tasked with the prevention, monitoring, and management.

The structure also provides an integrated view of the risk environment and capital and organisational adequacy, coordinating the activities of implementation of doNext's ICAAP capital adequacy self-assessment process (seeing to the related formalisation in the annual ICAAP Report) and monitoring the performance of the securitised assets by examination of the collection activity and of the cash and payment services at least every six months.

As for the management of legal non-compliance risk, the framework adopted by the Group consists mainly of the following activities:

• monitoring of the external regulations applicable
• to its different components;
• advising and supporting the operational and business structures in the evaluation of the interventions necessary to continuously ensure compliance with the requirements in force from time to time;
• supporting staff training to ensure the spread of a business culture marked by the principles of honesty, correctness and compliance with company regulations;
• the provision of suitable information flows, in relation to the activities carried out regarding the management of the non-compliance risk.

This non-compliance risk management framework is completed, with reference to each Group company, with specific compliance controls required by national regulations or by the characteristics of the company's core business.

Regarding the control of the risk of money laundering and terrorist financing, several Anti-Money Laundering Functions have been set up at the parent company and subsidiaries. Within this framework, the Parent Company's Anti-Money Laundering Function is tasked with establishing uniform standards for managing money laundering risks and overseeing their consistent implementation across the Group's various entities in compliance with the requirements for the governance of such risks defined within the directives. community. This role also includes conducting the annual selfassessment of the risks of money laundering and terrorist financing with the contribution of other local functions.

Finally, it is useful to provide an overview here dedicated to the two main risk KPIs monitored from the NPL Management area in daily activities relating to the mortgage renewal and credit prescription management processes.

Mortgage renewal

The process underway ensures continuous monitoring of the validity deadlines of the mortgage guarantees backing the loans under management, whether under mandate and/or owned. Starting from the 8th month before the maturity date - assumed or effective - of the mortgages, specific Agenda Items are generated every month, through which the dedicated staff is activated to verify the existence of mortgage guarantees about to expire and the resulting obligations for renewal if the conditions exist. In the event that these Alerts are not responded to, the process involves an information escalation , with an expansion of the recipients of the monthly VdA.

This alert system first points - as long as there is no mortgage file on the position - to the assumed 20-year maturity date, calculated in connection with different time events, including the date the party is reclassified as non-performing, the finalisation date of the collateral guarantee and the date the mortgage is opened.

The agendas must be fully processed by the dedicated personnel from month to month, first of all checking whether or not the mortgage is present and, if it is, linking to it the property under encumbrance, to the mortgage Guarantee, if present, and to the guaranteed relationship.

This registration of mortgages on positions with mortgage relationships is also monitored through additional internal reporting; standardisation of these records by uploading the mortgage sheet duly implemented ensures that the mortgage maturity monitoring process relies on the effective registration date, hence generating the alerts starting from, as initially stated, the eighth month prior to maturity of the 20-year period.

The processing of the VDA is automatically triggered by specific events. For instance, this could include status changes related to renewals, alterations in the dates of stipulation, registration, renewal, or the registration of a new mortgage.

Any exclusions from monitoring, for example, for fully foreclosed or cancelled mortgages, are managed at the individual mortgage level for a maximum level of control and granularity.

Limitation management

The process of interrupting the limitation periods in EPC is aimed at monitoring and mitigating the risk of credit limitation in doValue's activity, and is operationally based on the support of the automatic WorkFlow for the mass sending of registered letters, which is integrated and completed with the manual intervention of the AM/ RP.

For this purpose, specific monitoring reports allows the various process steps to be followed, promptly reporting critical situations or those that cause a stop in the planned process.

For all practices included in the limitation management process, at the time of conferral there is

a credit limitation date at the time of assignment based on various parameters. Furthermore, when significant predetermined events occur daily, the management system automatically generates proposals to change the limitation date.

Starting from the 12th month before the limitation date calculated by the system and/or updated during management, the files are classified in specific families that activate the relevant processes to send letters automatically or, if necessary, of direct intervention by Management (through the specific functions and strategies contemplated by the management system), as well as the envisaged second level controls.

3.2.2 Main risks linked to non-financial issues With specific reference to non-financial risks, doValue's Risks, Transactons with Related Parties and Sustainability Committee is assigned the task of examining and supervising the Group's CNFS.

The Committee serves a consultative, investigative, and proactive role in assisting the Board of Directors with:

• the Group's risk governance and internal control system
• sustainability for initiatives and activities aiming to create shared value for all stakeholders and spreading a culture of Sustainability in all countries where the Group operates.

The main responsibilities include the following:

• supporting the Board of Directors' assessments and decisions concerning the management of risks, generated or incurred, related to social and environmental issues arising from the company's activities, services or business relationships, including supply and subcontracting chains;
• promoting the dissemination of the culture of Sustainability to all of its Stakeholders (investors, shareholders, employees, customers, External Network and suppliers);
• examining the profit and non-profit strategy, as well as the company's sustainable finance initiatives;
• examining the guidelines of the Sustainability Plan and the company policies on human rights, business

ethics and integrity, diversity and inclusion, the policies for integrating environmental, social and governance issues into the business model, and the initiatives undertaken by the company to address climate change issues and related reporting;

• examining and supervising the guidelines, objectives, and consequent sustainability processes, the sustainability reporting submitted annually to the Board of Directors, or the Group's non-financial reporting pursuant to Italian Legislative Decree 254/2016, including the Materiality Analysis and the related stakeholder engagement activities, assessing their completeness and reliability based on the requirements of Italian Legislative Decree 254/2016.

In the table on the next page, for each topic that emerged as material for the doValue Group and its Stakeholders⁷ , a summary of the associated risks and the related safeguards and management methods is reported⁸ ; hence, the statement should not be viewed as a comprehensive depiction of all risks the Group examines in its operations. Instead, it's a synopsis of key risk areas designed to contextualize the monitoring and control activities for which details are provided across various sections of the CNFS.

More information on the process of identifying material topics can be found in par. 2.2 Materiality Analysis. 7

As described extensively in par. 2.2 Materiality Analysis: the doValue Group did not consider updating the materiality analysis a priority this year; 8

therefore, the risks associated with material topics remain unchanged from 2022.

Material topics	Associated risks	Risk management method and protections
- Innovation and digital strategy - Cybersecurity and protection of privacy	- (Privacy) Risk of facing sanctions from the Guarantor and liability for damages arising from the processing of personal data that adversely affects the rights and freedoms of the individuals concerned. - (IT security) An inadequate level of IT security management could undermine the completeness, integrity and confidentiality of data, essential aspects for managing the Group's core activities, resulting in risky situations with operational impacts on both the business and the Stakeholders.	- (Privacy) doValue has introduced a privacy risk management framework across the Group to secure and protect the personal data handled by all its employees and collaborators. This approach is risk based, aligning with the GDPR and local regulatory requirements, and meets the expectations of all stakeholders, including investors, principals, company representatives, and data subjects. Annual training Programmes allow doValue to ensure the dissemination of a privacy culture and awareness.
		- (IT security) The Group adopts all necessary precautions to minimise risks associated with the services provided, implementing and adopting the highest security standards. It also examines the market to identify suitable protection tools in its technological infrastructure, ensuring the confidentiality, integrity, and availability of its corporate information assets. The guidelines relating to logical security are formalised within a document framework that provides the instructions, methodologies and management standards to all the companies of the Group. The framework is aligned with the best quality and compliance requirements in relation to the different operational areas and sources of risk: • Information Security (ISO/IEC 2700x); • Operational Continuity (ISO 27031:2011 and ISO 22301:2012); • GDPR - New European Privacy Regulation; • Directive 285 - Bankit; • NIS - Directive 2016/1148 on the security of networks and information systems.
- Responsibility in the provision of services	- This pertains to situations where investors in doValue shares or other debt instruments issued by doValue face adverse outcomes due to the actions of other subjects who have: • used inside information that is not accessible to the public for their own benefit or that of others; • disclosed false and misleading information; • manipulated the mechanism for determining the price of financial instruments. - Operational risks linked to the possible interruption of operations and to the impossibility of ensuring the continuity and operation of the supporting IT systems. - Failure to manage external outsourcers according to criteria aimed at minimising the operational risks that could arise from exchanging information with parties outside the companies entrusted with operational tasks. - Risk of inefficiency in actions for the recovery of non performing loans and non-compliance of debtors subject to recovery actions.	- doValue has adopted an internal regulatory framework consistent with Community and national legislation, to regulate (i) the process for identifying, managing, and processing relevant and privileged information about the company, and (ii) the processes and practices to be followed for communicating insider information, both internally and externally. The internal procedures ensure adherence to privacy and confidentiality requirements for relevant information and Inside Information, aiming to prevent unauthorised disclosure of documents and information regarding the company and/or its subsidiaries can take place in a selective manner, i.e. in untimely, incomplete or inadequate form or, in any case, such as to cause information asymmetries on the market. - Business Continuity activities are regulated by the Business Continuity Management Policy, updated in March 2021. This policy outlines the methodology for implementing countermeasures to manage possible emergency situations.

Material topics	Associated risks	Risk management method and protections
		Operational documents and specifically the annually approved Business Continuity Plan implement the provisions of the Policy. The Plan details the contingency measures to be adopted in various crisis scenarios, including the activation of the Disaster Recovery Plan in the event of IT unavailability. The adopted approach is grounded in identifying critical business processes via Business Impact Analysis (BIA) and defines, for each of these, organisational safeguards and emergency measures commensurate with the level of risk. Tested annually, the plans are subject to continuous improvement to maximise the effectiveness when faced with unexpected situations. - For its outsourced activities, doValue manages the outsourcers according to the principles defined by the Policy and by the "Outsourcing Policy" Operating Instruction. All outsourcers and sub outsourcers must complete and comply with a checklist of security measures which provides for logical and perimeter security measures, to ensure an overall level of security adequate to protect the Group's information assets. Moreover, doValue adopts a monitoring and continuous improvement process for outsourcers' performance and security levels, enforced through the establishment and oversight of specific Service Level Agreements (SLAs) and KPIs received and validated periodically depending on what is contracted with the specific supplier. The Group has an automated tool for Contract Management and Vendor Management to constantly monitor third parties. Definition of strategies aimed at customer satisfaction through conciliatory approaches towards customer banks and investors. Regarding the management of the external network, one of the initiatives implemented involves subsequent contact with the debtors to verify the "quality" of the interactions conducted by external professionals and debt collection agencies.
- Training, skills development and enhancing talents	Staff training and skills development address operational risks related to the completion of activities.	Through specific procedures, the Group annually identifies the training needs of its people and offers training plans consistent with the role held and organisational functions. The training provided relates to a wide variety of topics, including: • regulatory updates; • strengthening of soft skills; • technical-professional updating; • managerial training. Structured processes also govern the performance appraisal process of Group personnel, regulated by collective bargaining agreements at the Italian level.

Material topics	Associated risks	Risk management method and protections
- Anti-corruption policies and procedures	The doValue Group acts in areas exposed to various forms and methods of corruption risk based on activities. The main operational areas potentially at risk relate to: • specific processes related to the core business; • transverse operational areas, including gifts, donations and charities, sponsorships and partnerships, acquisition of goods and services. The negative effect is the potential consequences of sanctions (administrative or criminal) or disqualifications deriving from the establishment of a crime.	- doValue, in fulfilling its role and embracing its mission to prevent all forms of active and passive corruption, has implemented a management system that aligns with the international standard ISO 37001:2016. This process led to the adoption of a Policy for the prevention of corruption, which represents the commitments and objectives as prerequisites for the assessment, monitoring and reporting actions of the corruption risk in the operations that the company undertakes with its own Business associates, third parties (including Group Companies recipients of the policy) and internal parties.The Management System is designed to establish principles, roles and responsibilities, identifying the tools and organisational mechanisms for managing corruption risk, and regulating specific processes. These processes include the management of gifts, charities and donations, sponsorships and partnerships, and the management of third-party relationships. With respect to the Group's corporate configuration and the provisions of the standard ISO 37001, the control and management of corruption is defined as follows: the Compliance Department for the prevention of corruption is established: • at doValue, where - based on the management and coordination carried out for all Group companies - it also ensures a coordination and supervision role; as well as • at Altamira Spain and doValue Greece. Conversely, local anti-corruption contacts are provided at the other subsidiaries (doNext, doData, and the other companies under the control of Altamira and doValue Greece). A Governance structure with information flows has been designed which provides specific roles and responsibilities for the subsidiaries within the perimeter, so as to guarantee widespread leadership for the prevention of the phenomenon. The management system was based on a risk assessment activity regarding the Group's operational and transversal processes with the further objective of connecting and integrating it with the risk analysis conducted and updated for Model 231.
- Dialogue with our Stakeholders - Customer and financial sector orientation	- Risk of reaching an inadequate level of listening to the needs and expectations of customers. - Risk management method and protections,	The establishment of direct channels for customer engagement includes meetings of the business management committee, executive committee, operations committee, and sales committee, as well as follow-up and coordination meetings. Indirect engagement is facilitated through emails, calls, videoconferences, mobile applications, and reporting and claims systems.

Material topics	Associated risks	Risk management method and protections
- Diversity, Inclusion and Equal Opportunities	The generation of discriminatory behaviour in employment and occupation is considered to be a sub-level of operational risk.	The doValue Code of Ethics and those adopted by the foreign subsidiaries govern the Group values aimed at the respect of human rights and protecting diversity. These values are incorporated and reflected in the processes covered by ad hoc company departments, with particular reference to the selection process and hiring of staff, through which Equal Opportunities are guaranteed. Furthermore, the Group advocates and encourages non-discriminatory behaviour via internal communication channels. and company initiatives organised with the logic of inclusion and valuing diversity.
- Ethics, business integrity	Risk of legal or administrative sanctions, significant financial losses or reputational damage as a result of violations of mandatory (laws, regulations) or self- regulatory rules (articles of association, codes of conduct, codes of self governance).	The risk management, monitoring and assessment process of non-compliance of the Group, based on a risk-based approach, consists of the following steps: • monitoring external legislation applicable to various components the Group; • definition of the guiding principles and the methodological rules for managing non compliance risk; • annual planning of activities, risk assessment, verification activities/level II checks; • advising and supporting the operational and business structures in the evaluation of the interventions necessary to continuously ensure compliance with the requirements in force from time to time; • supporting staff training to ensure the spread of a business culture marked by the principles of honesty, correctness and compliance with company regulations; • the provision of suitable information flows in relation to the activities carried out regarding the management of the non- compliance risk. This framework is completed, for each Group company, with specific compliance safeguards required by national regulations or by the characteristics of the company's core business.
- Employees' well being - Workplace health, well-being and safety	Health and safety in the workplace and the welfare of the Group's people are considered part of its operating risk. Generated risk events relating to safety at work, such as exposure to physical factors and incorrect use of video terminals, also fall under the hypothesis of offence provided by the Model 231s of the Italian companies.	The risks related to health and safety in the workplace are monitored locally in accordance with current regulations. All the subsidiaries carry out an assessment of occupational risks, analyse the control and prevention measures in place and ensure adequate training and information activities for employees. In 2023 remote working continued to be used.

Material topics	Associated risks	Risk management method and protections
- Economic performance, risk management and financial soundness of the Group	Risk of operational and financial underperformance of the company with respect to the information disclosed to shareholders, equity and/or debt investors and the Board of Directors.	The Group follows processes and procedures suited to verify the operating and financial performance of the Parent Company. Analyses of the variances between the actual economic, financial, and asset results and the budgeted forecasts are conducted monthly. In case of significant deviations, the strategic and operational actions necessary to meet the initial targets are identified. The resulting balances, showing deltas compared to the budget and any revised forecasts, are reported quarterly to the Board of Directors. In addition, the quarterly final results are public and are communicated to investors through institutional conference calls. The Responsible Officer ensures that the audits are carried out through the procedures required by the regulator. Creation of a Group Enterprise Risk Management function tasked with coordinating the management of strategic, operational, reputational, legal, and financial risks facing the Group. This involves defining relevant guidelines and identifying monitoring criteria, alongside the publication of an ERM Framework policy.
- Direct environmental impacts	- Risk of breaching environmental laws applicable in the countries where the Group operates.	- Definition of actions focused on the containment and optimisation of environmental impacts.
- Mitigation of climate and environmental risks.	- Late replies to any more stringent regulations in the environmental sphere. - Risk of waste disposal not complying with the existing regulations for the destruction of confidential documents and electronic equipment containing sensitive data.	- Continuous monitoring of compliance with environmental legislation in force in the countries where the Group is active. - Compliance with current regulations regarding disposal of materials with confidential contents. - Evaluation of suppliers of Italian companies also based on environmental criteria, which is to be strengthened after the e-procurement platform has become fully operational and procurement procedures have been harmonised.
- Sustainable supply chain management	Risk of reputational damages attributable to the conduct of trading partners which is not in line with the ethical and compliance requirements of the Group.	- Suppliers' sharing and acceptance of the doValue Code of Ethics and the Codes of Conduct of the foreign subsidiaries. - Monitoring of the conduct of suppliers for the duration of the commercial relationship. - The processes for supplier qualification, selection, and evaluation incorporate sustainability criteria, which will be enhanced with the full operation of the e-procurement platform. Additionally, there is a harmonisation of procurement procedures aimed at centralising a series of automatic checks that are directly communicated to the relevant structures for necessary corrective actions.

Material topics	Associated risks	Risk management method and protections
- Commitment to local communities	- Offences against the Public Administration and the offence of corruption among private individuals. - Offences of organised and transnational crime. - Offences with terrorism aims and subversion of democratic order and reception, laundering and use of money, goods or utilities of illicit origin as well as self.	The Group legislation governs the management of charity, donations and partnerships towards and with bodies or associations covered by doValue's Communication & Sustainability Department. Communication & Sustainability analyses the initiatives to be proposed and carries out due diligence on counterparties according to a risk based approach, also using public info-providers. In compliance with legislation and internal policies, the Department carries out such due diligence activities in line with the indications in the Group legislation, in particular risk indicators and checklists of the aspects relating to initiatives and counterparts to analyse.

Besides the risks associated with the material topics, the Group has identified, as anticipated in the previous section, the reputational risk which underlies business activities and is associated with the transverse risks derived from other types of risk discussed above. Reputational risk can therefore be considered as risk "deriving" from other types of risk, or "level two", as it is consequent to an event mainly due to operational risks, including those relating to computing and compliance. Specifically, it may be connected to a decrease in profits or capital, attributed to a negative perception of the

Intermediary's image by customers, counterparties, shareholders, investors, or Supervisory Authorities, affecting all pertinent subjects and entities within the Group. Specific specialist controls are also provided within the company (such as DPO and ICT Governance) to mitigate exposure to reputational risk deriving from the areas of expertise.

VALUE FOR EMPLOYEES

doValue recognises the importance and value of the people who contribute every day, with commitment and dedication, to the progress of the Group's activities and the creation of medium- and long-term value.

doValue's business is closely linked to people, and therefore the enhancement and development of professionalism are strategic drivers to ensure sustainable innovation and growth. In 2023, the Group continued to invest in its people, through policies aimed at the professional development of human resources and the promotion of a continuous training offering in line with the needs of the business.

For this reason doValue ensures: adequate training, mobility in different positions, performance evaluation, processes for career advancement and meritocratic promotion, respecting equal opportunities and the needs of each individual and in line with strategic choices and organisational needs.

Constant and constructive dialogue with its people represents the main asset for carrying out daily activities, which have always been based on the principles of transparency, independence and integrity. Continuous dialogue is an important growth tool that allows potential and talent to be seized while supporting personal and professional motivation.

doValue promotes gender equality and inclusion by carrying out a series of initiatives aimed at creating a strong internal balance and a working environment that respects diversity and is non-discriminatory. The Group's commitment to diversity and equal opportunities is also reflected in its offering of part-time employment contracts, designed to provide sufficient flexibility to promote a work-life balance. Moreover, the Group's Diversity & Inclusion Council, established in 2021, undertakes various initiatives to enhance awareness of D&I matters and foster a diverse and inclusive culture that supports individual and organisational development. Particular emphasis is placed on Gender, Disability, Generation, and Multiculturalism.

— 4.1 doValue and its People

The doValue Group's workforce, as of 31 December 2023, consisted of 2,862 employees, a slight decrease compared to what was recorded in the previous reporting period (-4.8%).

Around 81% of employees are employed in business activities, while the remaining 19% are active in corporate functions. The organisation also employs 314 external collaborators, who are not employees, who mainly perform consultancy or external maintenance services, in addition to some temporary interim positions. Including these external collaborators as well, the Group's total workforce is 3,176 people.

Of the total number of employees, 72.1% hold Staff positions, 23.7% Middle Management and 4.2% hold Top Management positions. Women represent 58% of the total company population and 12.2% are employed in Top and Middle Management positions. The 30-50 age group is the most representative of the Group's workforce, being equal to 67.2%, while the age groups under 30 and over 50 include 3.4% and 29.5% of staff respectively.

Total employees by professional category		2023		2022			2021
	Women	Men	Total	Women	Men	Total	Women	Men	Total
Top Management	36	83	119	38	91	129	40	107	147
Middle Management	311	367	678	329	375	704	366	400	766
Staff	1,308	757	2,065	1,377	797	2,174	1,412	828	2,240
Total	1,655	1,207	2,862	1,744	1,263	3,007	1,818	1,335	3,153
Total employees by age
<=29 years	59	38	97	83	63	146	87	69	156
30-50 years	1,161	761	1,922	1,311	823	2,134	1,430	904	2,334
>=51 years	435	408	843	350	377	727	301	362	663
Total	1,655	1,207	2,862	1,744	1,263	3,007	1,818	1,335	3,153
Total employees by type of contract
Total number of fixed-term contracts	1,647	1,201	2,848	1,738	1,243	2,981	1,806	1,323	3,129
of which are in Italy	554	384	938	581	393	974	596	407	1.003
of which are in Greece	540	411	951	597	427	1.024	602	400	1.002
of which are in Spain	266	241	507	301	277	578	361	372	733
of which in are Portugal	35	24	59	63	37	100	59	30	89
of which in are Cyprus	252	141	393	196	109	305	188	114	302
Total number of fixed-term or temporary contracts	8	6	14	6	20	26	12	12	24
of which are in Italy	-	5	5	1	11	12	5	5	10
of which are in Greece	7	1	8	3	8	11	2	2	4
of which are in Spain	1	-	1	0	0	0	1	1	2
of which in are Portugal	-	-	-	2	1	3	4	4	8
of which in are Cyprus	-	-	-	0	0	0	0	0	0
Total	1,655	1,207	2,862	1,744	1,263	3,007	1,818	1,335	3,153
Total employees by type of employment
Full-time employment as defined by national laws	1,601	1,205	2,806	1,683	1,262	2,945	1,749	1,334	3,083
Part-time employment as defined by national laws	54	2	56	61	1	62	69	1	70
Total	1,655	1,207	2,862	1,744	1,263	3,007	1,818	1,335	3,153

In a competitive scenario in which business and consumption models are in continuous and profound transformation, the Group is aware that change, a necessary requirement to meet market challenges, must include valuing people, developing their professionalism, and implementing an appropriate talent retention programme. People are the fundamental asset and the indispensable prerequisite for the Group's competitiveness.

Total employees by professional category

Total employees by age

Total employees by type of contract

Total number of fixed-term

Total number of fixed-term or

Total employees by type of employment

Full-time employment as

Part-time employment as

contracts

2023 2022 2021

Women Men Total Women Men Total Women Men Total

1,647 1,201 2,848 1,738 1,243 2,981 1,806 1,323 3,129

Top Management 36 83 119 38 91 129 40 107 147

Middle Management 311 367 678 329 375 704 366 400 766

Staff 1,308 757 2,065 1,377 797 2,174 1,412 828 2,240

Total 1,655 1,207 2,862 1,744 1,263 3,007 1,818 1,335 3,153

<=29 years 59 38 97 83 63 146 87 69 156

30-50 years 1,161 761 1,922 1,311 823 2,134 1,430 904 2,334

=51 years 435 408 843 350 377 727 301 362 663

Total 1,655 1,207 2,862 1,744 1,263 3,007 1,818 1,335 3,153

of which are in Italy 554 384 938 581 393 974 596 407 1.003

of which are in Greece 540 411 951 597 427 1.024 602 400 1.002

of which are in Spain 266 241 507 301 277 578 361 372 733

of which in are Portugal 35 24 59 63 37 100 59 30 89

of which in are Cyprus 252 141 393 196 109 305 188 114 302

temporary contracts ^{8 6 14 6 20 26 12 12 24}

of which are in Italy - 5 5 1 11 12 5 5 10

of which are in Greece 7 1 8 3 8 11 2 2 4

of which are in Spain 1 - 1 0 0 0 1 1 2

of which in are Portugal - - - 2 1 3 4 4 8

of which in are Cyprus - - - 0 0 0 0 0 0

Total 1,655 1,207 2,862 1,744 1,263 3,007 1,818 1,335 3,153

defined by national laws 1,601 1,205 2,806 1,683 1,262 2,945 1,749 1,334 3,083

defined by national laws ^{54 2 56 61 1 62 69 1 70}

Total 1,655 1,207 2,862 1,744 1,263 3,007 1,818 1,335 3,153

doValue has formulated a Talent Retention Strategy that encompasses development and training Programmes, recruitment, succession planning, and leadership plans. The Talent Strategy and the People review process are designed to assist doValue in cultivating an organisation increasingly focused on talent development and performance enhancement.

During 2023, 272 people joined the Group, 55% were women. Those under 30 amounted to 14.7% of those hired, while the percentage stood at 70.2% for the age group between 30 and 50, increasing what is the largest segment of the company population.

The search for and recruitment of new talent is a strategic growth factor for doValue. During the year the Group continued to carry out several projects to introduce young people to the world of work by offering internships and apprenticeships in collaboration with universities and professional training institutions with which it had stipulated agreements.

By way of example, in Italy doValue has activated twelve internships with universities and training institutions, including Sapienza, Roma Tre, Catholic University of Milan, Bocconi, LUISS, LUISS Business School and Sportello Internship. In Spain, doValue Spain offers training programmes focused on the real estate sector (Promoción y Desarrollo Inmobiliario and Programme a Superior de Dirección Inmobiliaria y Financiera). doValue Cyprus also pays particular attention to the professional training of new joiners, providing specific training courses (Excel Essential Training programme, Comprehensive 3 weeks training programme for new Portfolio Onboarded employees). This year as well the Group confirms its commitment to carry forward the initiatives it has undertaken for the new generations, with a view to both attracting talent and creating added value for the community through the provision of highlevel professional training to young people entering the world of work.

As regards turnover, during 2023, 387 resources left the Group: 204 voluntary resignations (107 women and 97 men), 22 retirements (13 women and 9 men) and 161 other cases (96 women and 65 men, example contract term). The new hires and turnover rates for the entire Group in 2023 were 9.5% and 14%, respectively.

					2023
New hires No. people	<=29 years		30-50 years		>=51 years		Total		Hiring rate
	Women	Men	Women	Men	Women	Men	Women	Men	Women	Men
of which are in Italy	1	7	8	7	-	4	9	18	2%	5%
of which are in Greece	6	4	25	27	3	5	34	36	6%	9%
of which are in Cyprus	15	3	54	27	9	8	78	38	29%	16%
of which in are Portugal	-	-	-	-	-	-	-	-	-	-
of which in are Spain	1	3	22	21	6	6	29	30	12%	21%
Total	23	17	109	82	18	23	150	122	9%	10%
2023
Terminations	<=29 years			30-50 years		>=51 years		Total		Turnover
No. people	Women	Men	Women	Men	Women	Men	Women	Men	Women	Men
of which are in Italy	4	8	21	17	11	9	36	34	6%	9%

Greece 4 2 42 33 8 12 54 47 10% 11%

Cyprus 9 2 22 7 1 2 32 11 12% 5%

Portugal 1 1 23 8 6 5 30 14 86% 58%

Spain 9 6 38 41 17 18 64 65 25% 46%

Total 27 19 146 106 43 46 216 171 13% 14%

of which are in

of which are in

of which in are

of which in are

					2022
New hires		<=29 years	30-50 years		>=51 years		Total		Hiring rate
No. people	Women	Men	Women	Men	Women	Men	Women	Men	Women	Men
of which are in Italy	5	13	7	9	1	0	13	22	2%	5%
of which are in Greece	10	7	27	49	5	8	42	64	7%	15%
of which are in Spain	8	6	1	3	21	30	30	39	10%	14%
of which in are Portugal	0	0	11	4	0	0	11	4	17%	11%
of which in are Cyprus	17	9	15	9	3	0	35	18	18%	17%
Total	40	35	61	74	30	38	131	147	8%	12%
					2022
Terminations	<=29 years		30-50 years		>=51 years		Total		Turnover
No. people	Women	Men	Women	Men	Women	Men	Women	Men	Women	Men
of which are in Italy	3	3	17	11	5	5	25	19	4%	5%
of which are in Greece	0	1	64	34	9	6	73	41	12%	9%
of which are in Spain	8	9	98	79	52	23	158	111	52%	40%
of which in are Portugal	1	2	12	11	1	2	14	15	22%	39%
of which in are Cyprus	14	10	4	7	1	1	19	18	10%	17%
Total	26	25	195	142	68	37	289	204	17%	16%

					2021
New hires	<=29 years		30-50 years		>=51 years		Total		Hiring rate
No. people	Women	Men	Women	Men	Women	Men	Women	Men	Women	Men
of which are in Italy	3	15	10	17	1	0	14	32	2%	8%
of which are in Greece	1	5	28	37	4	5	33	47	5%	12%
of which are in Spain	14	13	46	54	8	12	68	79	19%	21%
of which in are Portugal	0	0	11	4	0	0	11	4	17%	12%
of which in are Cyprus	7	2	12	6	0	0	19	8	10%	7%
Total	25	35	107	118	13	17	145	170	8%	13%
2021
Terminations	<=29 years		30-50 years		>=51 years		Total		Turnover
No. people	Women	Men	Women	Men	Women	Men	Women	Men	Women	Men
of which are in Italy	4	8	18	16	13	16	35	40	6%	10%
of which are in Greece	3	4	28	31	1	1	32	36	5%	9%
of which are in Spain	6	12	54	68	11	23	71	103	20%	28%
of which in are Portugal	1	2	12	11	1	2	14	15	22%	44%
of which in are Cyprus	6	5	30	20	14	4	50	29	27%	25%

As mentioned above, overall, in 3 there was a slight decrease in the absolute number of employees in the Group, in line with trends in the sector. At the same time, at a systemic level, some regulatory instruments have facilitated leaving the world of work, generating a trend that appears to be modest for the doValue Group, which will continue to select and attract new professionals.

— Protecting diversity and respect for human rights 4.2

Diversity, inclusion and respect for human rights are fundamental elements of doValue's corporate culture and pillars of its value system. In line with the Group's Code of Ethics, doValue bases its relations on the values of fairness, transparency and mutual respect, avoiding and rejecting any approach that may be discriminatory.

Attention to people is one of the Group's Sustainability Policy principles that guides doValue's sustainable growth.

This focus encompasses everyone from management to the entire company workforce: To ensure the diversity of governance bodies, the Board of Directors of the Parent Company has established and formalised diversity criteria and policies through the "Policy on the subject and composition of Corporate Bodies of the doValue Group , " which was approved by the Board of

Directors in 2021. The Policy requires an appropriate diversification of skills, experience, age, gender, geographical origin and international outlook.

doValue is committed to promoting the value of each individual and creating a work environment that is respectful, collaborative and inclusive. It is an approach aimed at promoting and integrating diversity, which translates into a constant awareness of the needs of its employees and into practical actions aimed at promoting individual and corporate well-being. The diversity of doValue's people, who come from different histories and territories, favours the sharing of experiences, in this way improving the corporate climate and creating a competitive edge for the entire Group, not only in terms of performance but also of people's greater engagement and commitment to the corporate objectives.

In 2023, the doValue Group formally joined the UN Global Compact, the initiative of the United Nations (UNGC), recognizing coherence between the ten principles supported by the United Nations with the "Global Compact", the UN Sustainable Development Goals ("Agenda 2030", to which the UNGC expressly refers), the guidelines expressed by the Code of Ethics, the Charter of Values, as well as the new Group D&I Policy.

The United Nations Global Compact is a voluntary initiative that encourages businesses worldwide to create an economic, social, and environmental framework for promoting a healthy and sustainable world economy that guarantees responsible political actions, business practices, social and civil behaviours, and consideration of future generations.

To this end, the UN Global Compact requires companies and organisations that join it to share, support, and implement within their spheres of influence a core set of principles concerning human rights, labour standards, environmental protection, and anti-corruption efforts

The ten principles of the United Nations Global Compact

The Diversity&Inclusion Committee was established in Italy in 2018 as a listening place to support people to express their potential, regardless of generation, status and the different dimensions in which diversity is expressed. The path which started locally in some Group companies has found its natural evolution in the creation of the Diversity&Inclusion Council, thanks to the voluntary participation of colleagues from different Group companies.

Today, the Group D&I Council, made up of 13 people representing different nationalities, departments, backgrounds and realities, has a clear Mission and a shared Vision

Mission: create a workplace that, by leveraging diversity, fosters an inclusive culture to support individual and organisational growth.

Vision: appreciate diversity by promoting a respectful environment in which everyone can express their authenticity, particularly concerning the issues of Gender, Disability, Generation and Multiculturality.

Valuing people, their diversity and the inclusion policies are an essential element of the People Strategy and the ESG strategy. Pursuing its objectives and following up on the path started in 2018 with the establishment of the Diversity&Inclusion Committee, doValue has formalised its commitment to diversity, inclusion and respect for human rights through the Group D&I Policy, approved by the Board of Directors in September of 2023. In particular, the Inclusion Policy, accessible on the doValue institutional website, is designed to foster a corporate

culture that transcends all forms of discrimination and historical-cultural biases. It aims to create an inclusive workplace where every form of diversity is embraced and can generate value.

Policy Principles:

• • Respect diversity: combat any form of discrimination related to gender, gender identity and/or expression, sexual orientation, marital status and family circumstances, age, ethnicity, religious beliefs, political and trade union affiliations, socioeconomic status, nationality, language, and geographical background.
• • Value differences: welcome generational diversity, ideas, opinions and perspectives as a tool for improvement thanks to the uniqueness of each person's history and experience. Value individual abilities and commit to creating an environment without prejudice in which each person can contribute to their full potential.
• • Include different abilities: create an accessible and inclusive work environment for all by providing reasonable accommodations for employees with disabilities, who can focus on their activities and see their professional contribution recognised.
• • Guarantee and promote equal opportunities: all people, regardless of gender, must have the same opportunities for growth, development and professional success.
• • Counter any form of harassment, persecution, offence and inappropriate conduct: adopt behaviours in line with this Policy by adopting appropriate language that overcomes old cultural stereotypes and clichés and is inclusive and welcoming.
• • Promote awareness of the so-called implicit prejudices (Unconscious Bias Awareness): promote paths to overcome the phenomenon of implicit prejudices, also known as unconscious bias or stereotypes, or negative perceptions - not consciously recognised or expressed - towards a group of people or individuals, with the result of producing difficulties of inclusion for these subjects.

In line with the Sustainability Plan and in synergy with the various company functions, the Group monitors the correct implementation of Diversity & Inclusion policies within the organisation. Non-compliance with the prescribed behaviours can be reported by anyone who identifies a concern, triggering an analysis and thorough investigation of the conduct to assess potential responses sanctioning measures. Where possible, reports may also be transmitted to the internal Whistleblowing channel, according to the Group and Local Policies and Procedures outlined in the company Whistleblowing regulations.

The D&I Policy is intended for the entire corporate population and all Group Stakeholders: shareholders, investors, customers, suppliers, External Network and local communities. To this end, doValue has undertaken the commitment to develop a Sustainability strategy through the promotion of the following actions:

• Awareness campaigns on Diversity & Inclusion issues aimed at employees, with the involvement of internal and external representatives of the Company, dissemination and learning of best practices and case studies of other companies.
• Training initiatives directed at all employees, aimed at promoting and guaranteeing a work environment inspired by transparent, inclusive behaviours and equal opportunities for people.
• Promotion and dissemination of the Policy to suppliers, customers and all stakeholders.
• Actively engage in associations that combat all forms of discrimination and enhance partnerships with the academic community.

Among the various training and awareness initiatives at the Group level in 2023 online sessions have been developed for specific areas of interest: #IAmRemarkable during Women's Month, Meet&Learn: Understanding and supporting LGBTQ+ employees and Meet&Learn: How to promote an inclusive society.

To better understand and embrace the principles of Diversity, Equity, and Inclusion in daily work activities, the company intranet provides a wide range of LinkedIn Learning courses and YouTube video content, as well as awareness campaigns, including Pride Month challenges and infographics to promote the International Day of Persons with Disabilities.

In this context, doValue has a Supporting Member of Valore D for several years, the first Association founded in Italy that promotes gender balance and an inclusive culture for the growth of companies. Valore D promotes the appreciation of the varied characteristics of employees, including age, gender, nationality, religion, and work experience. The aim is to establish a work environment that acknowledges the importance of Gender Diversity and cultivates an inclusive corporate culture.

In 2023, 25 doValue employees participated in various courses, accumulating approximately 132 hours of instruction and Valore D pathways.

In terms of reporting and monitoring, please note that data on the age, gender, origin, recruitment date, length of service and remuneration of the staff of the Italian companies are managed through a centralised database, from which a quarterly report relating to personnel movement data is extracted, which is presented to the Board of Directors of the Parent Company. doValue provides this reporting to ABI annually, supplemented every two years by the reporting on gender equality. doValue Spain also reiterates the importance of these values within its Code of Conduct, where it stresses the obligation to ensure the dignity of persons and the respect of their fundamental rights, also in line with what is envisaged by the Universal Declaration of Human Rights and the European Convention on Human Rights. Furthermore, in 2023 it renewed its adherence to the Diversity Charter, a charter of 10 principles that companies and institutions sign on a voluntary basis to commit to promoting the fundamental principles of equality, diversity and inclusion.

The Group's commitment to the D&I initiatives and Programmes developed across the countries where doValue is present has been recognised by various institutions that establish standards of excellence on specific SDGs and diversity issues. Notably, doValue received accolades from CEO4LIFE in the Social Impact category and was named Top Diversity Company in Spain by Intrama, affirming the Organisation's commitment to diversity and inclusion.

The countries in which the organisation carries out its activities are not considered to be at high risk for not respecting human rights, as they are subject to current laws and regulations in this area, both at a national and international level. Therefore, at the Group level, there have been no significant risks identified regarding human rights violations, nor are there substantial risks concerning child labour, forced labour, or compulsory labour among operations and suppliers9. In addition, Spain, Portugal and Cyprus incorporate the following ILO conventions in their labour legislation:

• Forced Labour Convention, 1930;
• Freedom of Association and Protection of the Right to Organise Convention, 1948;
• Right to Organise and Collective Bargaining Convention, 1949;
• Equal Remuneration Convention, 1951;
• Abolition of Forced Labour Convention, 1957;
• Discrimination (Employment and Occupation) Convention, 1958;
• Minimum Age Convention, 1973;
• Worst Forms of Child Labour Convention, 1999.

With specific reference to Diversity, within its Equality Plan doValue Spain reiterates the importance of valuing staff based on ability, skills, commitment and talent, avoiding any kind of discrimination concerning ethnicity, gender, religion, political ideas, nationality, age, sexual orientation, disability or any other characteristic. To demonstrate the importance attributed to the issue of Diversity and inclusion and to cultivate these values in the future as well, doValue Spain plans to implement a new LGTBI Plan in 2024.

42 hours of courses and Value D paths.

In Spain there is also an Equality Committee, envisaged by law and responsible for supervising all issues relating to diversity and equal opportunities, and an Equal Opportunity Plan is defined, negotiated and agreed with the Legal Representation of Workers and in compliance with Spanish Constitutional Law 3/2007. The plan provides for the effective equality of men and women and creates an inclusive workplace that promotes teamwork and values different opinions.

Still in the area of Diversity, a particularly monitored topic is that relating to the prevention of harassment, also through the Labour, Sexual and Cyber Harassment Prevention Protocol, which defines the management methods concerning any report that may arise in this area. The Protocol establishes everyone's right to receive fair, respectful, and dignified treatment that does not violate an individual's privacy and physical and moral integrity and does not result in degradation or humiliation based on criteria such as ethnicity, gender, religion, opinions, and any other condition or circumstance, including the type of working relationship. Finally, in 2023 doValue Spain introduced workshop activities with refugee groups on employment relations issues.

Similarly, doValue Greece is dedicated to guaranteeing equal opportunities for its employees, treating every staff member with fairness, meritocracy, and objectivity, from the recruitment process to subsequent phases of their tenure in the company, which includes devising a training plan. All forms of discrimination, harassment or intimidation are considered behaviours incompatible with the culture and values of the organisation, in line

To this regard, it should be noted that no human rights training for security personnel was provided in 2023, since this category of workers is not present within the organisation. 9

with the values that the Greek entities inherit as part of the doValue Group. The company encourages and promotes non-discriminatory behaviour through internal communication that follows the logic of inclusion and values diversity.

Furthermore, in September 2023 doValue Greece signed the first Collective Labour Agreement with the "Employees' Association of doValue Greece" union. This comprehensive contract Stipulating adherence to the Labour Regulations and Policy for Prevention and Countering Violence and Harassment at Work. Its goal is to uphold a safe, equitable, and inclusive work environment that aligns with the Group's values.

The Company has adopted all necessary measures to prevent and manage any episode of harassment and violence in the workplace. Specifically, the Company:

• offers its employees training courses on the subject and provides comprehensive information on addressing and managing incidents of violence and harassment in the workplace.
• informs by distributing the Procedure for managing reports and complaints;

79

• promotes a work environment where respect for human dignity, cooperation, and mutual support are fundamental values and pillars of the company's structure.
• encourages open communication between employees and their direct supervisors and colleagues in general;
• monitors the implementation of this Policy and takes measures against employees who fail to adhere to it;
• imposes the necessary and appropriate sanctions if an employee, a customer, an external party, or a supervisor engages in prohibited conduct.

Diversity, inclusion and respect for human rights are fundamental elements of doValue's corporate culture and ESG strategy.

Profiles of the members of the Board of Directors of the Parent Company	2023		2022		2021
Gender	No.	%	No.	%	No.	%
Women	5	50%	4	44%	4	44%
Men	5	50%	6	66%	6	66%
Age	No.	%	No.	%	No.	%
<=29 years	-	-	-	-	-	-
30-50 years	4	40%	3	30%	3	30%
> = 50 years	6	60%	7	70%	7	70%

Top Management Profile	2023		2022		2021
Top Management <=29 years
Gender	No.	%	No.	%	No.	%
Women	-	0.00%	-	-	1	1%
Men	-	0.00%	-	-	-	-
Total	-	-	-	-	1	1%
Top Management 30-50 years
Gender	No.	%	No.	%	No.	%
Women	26	22%	28	22%	31	21%
Men	43	36%	52	40%	68	46%
Total	69	58%	80	62%	99	67%
Executives > = 51 years
Gender	No.	%	No.	%	No.	%
Women	10	8%	10	8%	8	5
Men	40	34%	39	30%	39	27
Total	50	42%	49	38%	47	32%
Top Management Total	119	100%	129	100%	147	100%

Middle Management Profile	2023		2022		2021
Middle Management <=29 years
Gender	No.	%	No.	%	No.	%
Women	7	1%	7	1%	8	1%
Men	3	0.4%	8	1%	11	1%
Total	10	1.4%	15	2%	19	2%
Middle Management 30-50 years
Gender	No.	%	No.	%	No.	%
Women	228	34%	254	36%	286	37%
Men	246	36%	251	36%	275	36%
Total	474	70%	505	72%	561	73%
Middle Management >=51 years
Gender	No.	%	No.	%	No.	%
Women	76	11%	68	10%	72	9%
Men	118	17%	116	16%	114	15%
Total	194	28.6%	184	26%	186	24%
Top Management Total	678	100%	704	100%	766	100%

Staff Profiling	2023		2022		2021
Staff <= 29 years
Gender	No.	%	No.	%	No.	%
Women	52	3%	76	3%	78	3%
Men	35	2%	55	3%	58	3%
Total	87 4.2%		131	6%		6%
Staff 30-50 years
Gender	No.	%	No.	%	No.	%
Women	907	44%	1029	47%	1,113	50%
Men	472	23%	520	24%	561	25%
Total	1,379	66.8%	1,549	71%	1,674	75%
Staff >=51 years
Gender	No.	%	No.	%	No.	%
Women	349	17%	272	13%	221	10%
Men	250	12%	222	10%	209	9%
Total	599	29%	494	23%	430	19%
Staff Total	2,065	100%	2,174	100%	2,240	100%

The attention the Group devotes to diversity and equal opportunities also finds expression in the offering of part-time work contracts, designed to ensure that the flexibility is adequate to facilitate the reconciliation of life/work schedules. As at 31 December 2022, 2.1% of employees benefit from this type of contract; of these, women represent 98.4%.

Confirming the Group's attention to the issues of diversity and respect for human rights, as in the previous two years, no episodes of discrimination or violation of human rights were detected in 2023.

Finally, the commitment to Diversity extends to valuing resources with disabilities. doValue manages diversity under the regulations set by applicable laws regarding the hiring and inclusion of people with disabilities in the Company. For instance, doValue Spain reaffirmed its dedication through the fourth edition of the Talent School, in partnership with the Adecco Foundation, to facilitate the inclusion of employees with disabilities and promote their professional growth.

The focus on the conditions of individuals with disabilities is evidenced by numerous measures and initiatives designed to ensure universal accessibility to facilities and eliminate barriers and obstacles, whether physical or otherwise, in every work environment. For instance, we highlight the implementation of accessibility features at all our main sites, including:

• public transport available near offices;
• assigned parking spaces for disabled persons, whether employees
• or visitors;
• street-level access to buildings, with suitable entrances and halls;

• possibility of assisted movement both horizontally and vertically inside the buildings through elevators and wide corridors.

In 2022, 63 people (35 women and 28 men) employed by the Group belong to protected or vulnerable categories, equal to 2.1% of the total company population

Employees with disabilities (no.)	2023	2022	2021
Italy	63	59	51
Greece	0	0	0
Spain	3	2	2
Portugal	0	1	1
Cyprus	2	1	1
Total	68	63	55

— Training, development and enhancement of talents 4.3

For doValue, training and professional development are key elements in the growth of its people and represent an important opportunity to convey both the Group's values and strategy.

In 2023, the existing training Programmes continued. They were updated where necessary, in connection with the business needs.

In addition, the training offer was supplemented with many webinars made available to staff on the company intranet, aimed at providing helpful working tools and personal development and enriching specific skills. The courses carried out led to 60,497 hours of training provided during 2023.

In 2023, doValue offered online training (via Microsoft Teams and the Success Factors tool) and in-person training at doValue's main offices. The training offering focused both on the development of digital skills, soft skills, and managerial development to deepen understanding of work tools and support the personal and professional growth of doValue's employees.

As usual, this year a survey distributed to all company staff assessed training needs, enabling employees to share their preferences and allowing the People function to gather training requirements and suggestions. Additionally, the "Training" procedure facilitates the collection of training requests, particularly technical ones, by department managers, who annually identify their team members' needs. Finally, the Compliance function is consulted for mandatory training requirements.

Highlighting doValue's commitment to employee training, the Training Commission was established in 2022. Its role is to collaborate in the process of mapping and implementing company training, agreeing on objectives and design criteria for the training sessions

aimed at staff development and professional growth; this Commission also fulfilled its mandate during the reporting year. The planning and provision of training Programmes continued in 2023 to support the Group's Strategic Plan and the underlying business model. The primary objectives are to promote integration and optimise market leadership, ensure service quality, and improve the efficiency and efficacy of operational processes. From this viewpoint, the execution of the People Strategy was pursued to augment skills and human capital, reinforce cultural and managerial integration, develop employer branding and engagement, and foster knowledge and change. In 2023, building on efforts from previous years, the following human resources development projects were implemented:

• Changeover: Professional reconversion projects for individuals assuming new roles within the company, featuring 1:1 coaching sessions.
• Mentoring: in 2023, two editions were launched with five Mentors and five Mentees each in two six- -month courses;
• We promote mutual knowledge: four presentation sessions by Corporate functions (Communication, NPL, Finance and Organisation) open to all doValue staff;
• Online training sessions on the use of HR
• Admin tools;

During the reporting year, a series of initiatives launched by the Group were also implemented at local level. Specifically, continuing from the previous year, the fourth edition of the People Engagement Survey was launched. following the People Engagement Survey taken in 2021, a 2022 Action Plan was prepared, in which many colleagues participated on a voluntary basis through focus groups to define concrete actions and areas of interest. The implementation of the identified activities was managed by the respective owners and concluded in December 2023. The Group's values (leadership, responsibility, effectiveness, cooperation) were shared with employees by Top Management through communication and training initiatives.

Regarding the development of hard skills, the planned training courses for 2023 included technical training (IT, legal updates), managerial (focusing on middle

management), regulatory issues (Privacy, Anti-Corruption, Security Awareness, Safety), and language training (group and individual English language courses offered synchronously via an online platform).

Training courses for employees within the Group have been developed in collaboration with various universities and training institutes, including Bocconi University and People Leading People. ALBA Graduate Business School, Dynargie, Panorama, Hellenic American Union, Infolab, BWC, LHH Harrison, ESADE and EADA Business Schools for Leadership programme , Aranzadi, UNIR, Universidad de Zaragoza, and IPEI (Cardenal Cisneros).

The provision of adequate training is also an important driver of business in Spain, Cyprus and Portugal. doValue Spain and its subsidiaries annually develop a training Programme, tailored to the needs highlighted by area managers, regulatory shifts, and the Group's strategic goals, outlining the requisite training courses.

The training plans include multiple course, including:

• internal training (Business, onboarding, welcome day);
• skills development (face to face leadership programme , ad hoc platforms, coaching, time management);
• training on internal tools for monitoring the Company's operations;
• technical training (real estate business training, finance, Qlikview, PowerBi, Excel);
• training for the company's female workforce, as part of the Equal Opportunity Plan in Spain;
• language training;
• regulatory training (Code of Ethics, PRL, GDPR).

Within the leadership Programmes designed for employees of varying seniority, we highlight the doValue initiative.

Leadership Programme created with Bocconi University and People Leading People.

Furthermore, the wealth of procedures includes training and development policies and procedures, Training & Development Policy and Training & Development Procedure in particular.

Providing adequate training is also highly important

for doValue Greece, which has a dedicated Business Training division, i.e., internal training strictly related to business aspects. The aims of the Business Training are to strengthen the knowledge and skills of employees, update customer services and improve efficiency.

Training needs are identified with the cooperation of business departments depending on any new practices and procedures adopted, changes in processes, products or because of system releases or new tools. At the beginning of each year, the People Department meets with the departmental managers to collect training needs, which are then assessed and prioritised within the framework of a Programme that also highlights any individual needs relevant to each task. The prepared Programme is presented to the Executive Committee, tasked with verifying and ensuring that the identified training needs and priorities encompass all crucial strategic areas. After approval, the training activities are planned in agreement with the Department Managers.

The different Group companies invest in People development, aware that professional updating brings cross-company benefits to corporate culture. This enabled the Group to deliver around 60,500 hours of training in 2023, marking a modest reduction from the previous year. Women averaged 23 hours of training per person, whereas men averaged 19 hours, indicating a positive trend in training hours over time. Regarding the training content, professional technical refresher courses constituted the largest portion, accounting for 23.1% of the total training hours. This was followed by sessions focused on anti-corruption and anti-money laundering (13.2%), as well as training related to privacy and cybersecurity issues (8.5% of the total training hours).

Training hours by gender and by role		2023		2022			2021
	Women	Men	Total	Women	Men	Total	Women	Men	Total
Top management	658	1,505	2,162	989	1,709	2,698	4,951	5,681	10,632
Middle management	6,147	6,170	12,318	10,198	9,387	19,585	14,339	12,382	26,721
Staff	30,558	15.459	46.017	34.351	21.221	55.572	18.916	13.113	32.029
Total	37,363	23,134	60.497	45.539	32.316	77.855	38.206	31.176	69.382

Average training hours per employee, by role, and by	2023			2022			2021
gender	Women	Men	Total	Women	Men	Total	Women	Men	Total
Top management	17.3	16.5	18	26	19	21	124	53	72
Middle management	20	17	18	31	25	28	39	31	35
Staff	23	20	22	25	27	26	13	16	14

Training hours by type

All employees can access training and certification Programmes tailored to their specific roles and responsibilities. The People Functions within the Group and across each country are dedicated to gathering the needs of employees and translating them into practical actions. Indeed, beyond the scheduled internal and external training, the Group supports employees seeking to enhance their personal and professional journey by obtaining degrees, postgraduate master's degrees, and certifications. Study leave is granted to all employees, including part-time staff and interns, who require time off to prepare for exams towards obtaining a degree.

In addition, in some cases, the Group provides for local co-participation in individual skill-upgrade courses. At doValue Greece, for example, employees can obtain partial funding (up to 40% of the costs) for postgraduate Programmes to further their studies. Interested employees can apply for funding if a recognised public or private institution provides the Programme, the study subject relates to their job responsibilities, and they have been working for the company for at least two years with a permanent contract.

60,500 hours

of training provided by the Group

The doValue Group considers training fundamental for enhancing the skills of its employees:

People Strategy

Talent Plan

Annual Training Program

The Group pays special attention to developing skills as it is a key element in the growth path or its employees. Personal and professional development is furthered by doValue by periodically assessing performance on the basis of individual objectives, guaranteeing at the same time the achievement of corporate objectives through the enhancement of its people and skills improvement paths.

For this reason, over the years doValue has developed appropriate performance monitoring processes for its employees in order to support motivation, individual development and at the same time improve their experience within the Group.

Since 2018, the Italian companies have formalised the definition of a system for detecting and assessing skills in a specific procedure. The system facilitates the identification of areas for improvement in target skills, categorised by area of affiliation (Business, Staff, Business Staff), role (Resource Managers, Nonmanagers), and type (e.g., managerial, operational, interpersonal, etc.).

Regarding staff development, doValue has implemented a Group Performance System. This system measures individual attainment of objectives ("What") and evaluates behaviours ("How") based on a new skills model that aligns with the Group's values (Responsibility, Leadership, Collaboration, and Effectiveness). The two dimensions are assessed on a scale of 1 to 5 with a weighting of 60:40 between the What and the How and the individual employee's development plan is de- fined within this process. In addition, the annual short-term variable remuneration is linked to the performance system. The process includes a mid-year evaluation during which the manager provides the employee feedback on their progress to better guide achieving objectives and behaviours.

In the final annual evaluation phase, a calibration exercise is foreseen with the involvement of the People Department to share the evaluation results in line with the Gauss curve defined at the beginning of the year. Conversely, top managers identified as key resources in the Remuneration Policy participate in a bespoke incentive system. For more information, please refer to the relevant section.

3.1.3 for further details.

Skills assessment and professional development are also crucial for the other Group companies in Spain, Cyprus and Portugal, which are committed to fostering the growth of talent and the continuous improvement of their employees' skills. doValue Greece has also implemented its performance appraisal framework to guide the career path of employees (e.g., promotion and succession planning).The framework contributes to defining the annual training plans of the different Structures and Departments to translate the strategy into tangible corporate priorities for all employees and to support the construction of a common culture that guides doValue's behaviour throughout the organisation.

During 2023, a total of 2,096 employees received a skills assessment. In particular, 127 top managers (40 women and 87 men), 580 middle managers

(266 women and 314 men) and 1,389 staff (885 women and 504 men) received an assessment10 .

For certain professional categories, the number of employees who underwent a skills assessment in 2023 might exceed the total number of employees at the end of the reporting period. In Italy, the National Credit Agreement establishes that the previous year's skills are to be evaluated in the current year. Therefore employees who ceased to work with the Group in 2023 could be included in the calculation. 10

— 4.4 Employees' well-being

doValue is committed to creating working conditions that promote well-being and work-life balance so that employees can achieve their best and a corporate climate that ensures social well-being and company productivity is generated. Consequently, doValue provides all employees, depending on their role, responsibility, and years of seniority, with a benefits Programme and corporate welfare initiatives designed to boost motivation and engagement levels.

In 2023, the Group's expenditure on planned welfare activities totalled 6.8 million euros.

In Italy, the benefits available to employees, as stipulated by second-level bargaining agreements, apply irrespective of their workplace location and the length of their employment relationship. The main benefits that can be offered to Staff, beyond those stipulated in the National Collective Labour Agreement (where applicable), consistent with various classification levels and in line with internal regulations as they evolve, include:

• allocation of a car for mixed use;
• allocation of accommodation through sublets, freeuse loans or payroll contributions;
• supplementary contribution to the Retirement Fund complementary;
• health insurance policy;
• insurance policy covering professional and extraprofessional injuries;
• Welfare platform;
• Health & Wellness platform.

To promote the work-life balance, doValue also offers its employees several initiatives, including the possibility of smart working, study leave and maternity and paternity support Programmes.

Specifically, at the end of 2023, a new union agreement for smart working was signed, drawing on the experience accumulated in recent years. This agreement endorses hybrid work as an organisational model that meets the company's strategic and operational requirements and supports an optimal work-life balance. Moreover, since 2023, doValue has permitted the use of study leave beyond the maximum limit established by the relevant collective bargaining agreement. Additionally, the company has doubled the allowance for medical visit leave, from 10 to 20 hours. In addition, scholarships are granted to employees' children under the National Collective Labour Contract.

The welfare system also includes a flexible benefit plan which allows employees to spend their production premium on customisable services, increasing their spending capacity.

The Health & Wellness initiative continued in 2023, confirming doValue's commitment to promoting a healthy lifestyle. In line with this, a new partnership with FitPrime has been initiated, granting all employees access to a platform focused on psychophysical wellbeing. Here, they can activate personal fitness plans, access content on nutrition and sports, participate in challenges, and access exclusive discounts nationwide.

The Group sees to the provision of benefits to all its employees in Spain as well, without distinction related to the type of contract. doValue Spain is committed to fostering a corporate culture that supports a balance between work and personal life. The company's goal is to attract new talent and enhance well-being in the workplace. It believes that an employee who is motivated and in harmony with the Group's values and objectives benefits the entire company community. Besides the health-related benefits provided (such as health coverage and the promotion of prevention campaigns), a flexible benefit plan is in place, featuring initiatives designed to support a better work-life balance and support

parenting, including flexible working hours, the digital disconnection Protocol, the possibility of taking

advantage of additional leave for family matters, smart working and, starting from 2023, the extension of parental leave to 18 weeks, in line with regulatory provisions.

The benefits offered to all employees in Cyprus include health insurance and social security measures, provided through specific funds. Flexible working hours and discounts on gym memberships are also offered. Since 2020, activities supporting health protection, the promotion of healthy lifestyles and work-life balance have been planned as part of the Altamira 'Health&Wellness' Programme.

Lastly in Portugal, benefits for full-time employees include medical insurance (with the possibility of extending this to employees' family members), insurance coverage for injuries at work and parental leave.

Many activities are in place to promote a healthy lifestyle among employees, both through a culture of sport and healthy food and through events that encourage social interaction among staff.

Benefit	Italy	Greece	Spain	Portugal	Cyprus
Flexible work hours
Seasonal hours or short week
Part time
Teleworking
Remote working			Certain employee categories
Hour bank	Staff only
Extra weekdays
Gym subscriptions/contributions
Extra leave

Note: the check box denotes that all employees are eligible for the indicated benefit.

Employees involved in welfare activities	Italy	Greece	Spain	Portugal	Cyprus
Socialisation events	680	-	636	59	393
Payments to supplementary pension funds	930	959	15	6	-
Health and insurance coverage	943	959	78	59	-
Meal vouchers	901	-	-	-	-
Vouchers for culture, leisure and free-time	216	-	-	-	-
Shopping vouchers	-	240	-	-	40
Covid-19 insurance	-	-		-	-
Psychological support	-	65	636	-	-
Other	-	800	-	-	-

Investments in welfare activities (€)	Italy	Greece	Spain	Portugal	Cyprus
Socialisation events	-	-	5,000	-	25,000
Payments to supplementary pension funds	1,328,449	1,125,844	257,559	-	-
Health and insurance coverage	945,417	1,746,343	136,763	-	-
Meal vouchers	1,207,486	-	-	-	-
Vouchers for culture, leisure and free-time	28,100	-		-	-
Shopping vouchers	-	-	-	-	8,000
Psychological support	-	-	6,000	-	-
Other	-	-	-	-	-
Total	3,509,451	2,872,187	405,322	-	33,000

In addition, it is worth mentioning here the focus that doValue also devotes to its employees on termination of employment. Mechanisms are in place to facilitate continuity at work and the management of departures due to retirement or termination of employment. For example, in Spain, employees can benefit from outplacement plans, while in Portugal, employees can negotiate transition assistance Programmes during the definition of the termination plan.

Lastly, to comply with Organic Law 3/2018, doValue Spain has implemented a Digital Disconnection Policy since 2019, in agreement with the trade unions. The Policy focuses on the issues of protection of personal data and the guarantee of digital rights, ensuring employees can disconnect outside of working hours. The document also establishes that at the end of the workday, employees have the right not to respond to communications, though they still may do so voluntarily if they wish. In addition, employees are required to use the technological tools made available by the company rationally and guidelines for the proper use of corporate email are provided.

— Industrial relations and trade union relations 4.5

Dialogue with trade unions is very important to the Group, which is why it maintains regular, constructive and respectful relations with organisations representing workers, inspired and based on principles of fairness and respect for reciprocal roles, always aiming to reach new agreements for the Group's growth and competitiveness.

doValue guarantees the right of employees to freedom of trade union association and collective bargaining, as well as the right of employees to participate in all initiatives promoted by trade unions, regardless of the specificities that they acquire depending on the countries in which doValue is present.

In Italy and Greece, the Group applies national sectoral legislation on trade union eligibility, ensuring an open dialogue with freely chosen employee representatives and enabling both parties to understand better any issues that may arise on both sides and to find the best ways to resolve them.

In particular, in Italy trade unions have a dedicated section on the company intranet. Dialogue and discussion are the basis of relations with trade unions, with no discrimination or difference in treatment, to foster a climate of mutual trust, seek shared solutions that protect staff and establish a proper system of trade union relations that is as cooperative as possible. Special analysis committees exist to enhance the relationship between companies and workers' representatives. They try to identify the best solutions for harmonising treatments for all staff in the areas of professional development, health policies, work-life balance and variable remuneration systems.

Spain also maintains an ongoing dialogue with employees' legal representatives to ensure collaboration on issues that may have a significant impact on the organisation. This ongoing dialogue is ensured through both informal communications (emails, meetings, announcements, calls) and thanks to the formal bodies for information, consultation, participation, and collective negotiation: the Works Committee, the Health and Safety Committee, and the Equality Committee. The Human Department manages the labour relations system in , organising frequent meetings with trade unions to address issues that may impact employees' working conditions. During the year, both restricted meetings within all regional offices and staff meetings take place, where senior management presents business information to all employees. Finally, there is also trade union representation in Portugal, although no collective bargaining agreements are required by law, leading to annual discussions on relevant projects in progress.

Collective bargaining covers 90,2% of employees at Group level, which is in line with previous years.

In particular, all employees of the Italian and Greek companies are covered by collective bargaining. At the Italian level, this also covers the notice periods to be granted to employees in case of significant changes in the organisational structure, equal to 45 days, whereas for doValue Greece, the notice period is 2-4 weeks. As already reported, there is no collective bargaining in Portugal, while at doValue Spain it covers 100% of the employees in Spain and 40% in Cyprus. The minimum notice period for significant organisational changes is one week, in line with what we have agreed with the trade unions at local level.

— Workplace health and safety 4.6

Industrial relations and

trade union relations

doValue has always been committed to developing a corporate culture regarding health and safety and to providing levels of physical protection in the workplace at all organisational levels, in line with the regulations in force in the countries where doValue operates. The various Group companies have consolidated the extraordinary measures adopted to guarantee their employees the highest levels of safety both at work and in their private lives, from the extension of smart working to the presence of health instructions on the intranet and in company premises to the distribution of masks and the continuous sanitisation of offices.

In general, the Group promotes the health and safety of people in the workplace through organisational measures that comply with all applicable legal and other regulatory requirements. It commits to implementing systematic procedures for identifying, managing and reducing risks to prevent accidents, injuries and occupational diseases.

In Italy, the Group manages aspects related to the health and safety of people through organisational measures that comply with Italian Legislative Decree 81/2008 and Article 2087 of the Italian Civil Code. In addition, this issue is monitored through the following activities: analysis, assessment and management of risk factors and conditions, health surveillance, collection and processing of data on safety management and implementing mandatory information and training Programmes on safety at work, in line with current legislation. Training activities are also overseen beyond regulatory provisions: internal training programmes continue throughout 2023, including training for emergency workers and Safety Induction for new hires, among others. Additionally, the issue of health and safety at work is monitored throughout the supply chain. Suppliers in the prequalification phase are required to have the DVR and/or other documentation proving compliance with current legislation.

To ensure the constant monitoring of health and safety activities, the rules of corporate governance, the internal control system, the delegation system and powers in compliance with Art. 16 of Italian Legislative Decree 81/2008 and the Code of Ethics have all been maintained. In 2023, the Mobility Management activity was also concluded as mandated by Ministerial Decree 27/03/1998 and by Law 77/2020. This involved submitting the respective Home-Work Travel Plans (PSCL) to the Municipalities of Rome, Milan and Verona. This will be followed by monitoring activities and the implementation as outlined in the aforementioned PSCLs.

The measures necessary to guarantee and ensure that the health and safety conditions are acceptable in the environment and work activities are also adopted in Spain. doValue Spain has adopted an Occupational Risk Plan and a Health and Safety Policy that defines its occupational risk prevention activities. These efforts include integrating and implementing the Risk Prevention Plan, identifying, analysing, assessing, and controlling health and safety risks (including psychosocial risks), planning and prioritising preventive actions and measures, monitoring employee health, and conducting training and prevention activities. The issue is also covered for suppliers, who are required to share their certificate of workplace health and safety training for each employee and the certificate of fitness for work.

In Cyprus, the company's commitment to the health and safety of its employees is formalised within the Health and Safety Policy. It is made tangible by implementing an Occupational Health and Safety Management System. External workers, such as contractors, maintenance workers, visitors, or those who might be affected by the organisation's activities, are also considered within this Health and Safety Management System.

Safety measures are also in place in Portugal for every workplace and activity, ensuring that employees receive adequate training. The company has a Prevention Service for integrating occupational risk prevention in compliance with the relevant legislation.

An external supplier assesses annually the working environment risk. The supplier, qualified according to the legal requirements, provides reports highlighting possible improvement actions to the organisation.

In Greece, doValue ensures the monitoring of workplace health and safety aspects under current legislation, also adopting additional measures that go beyond the legal requirements. When negotiating with a service provider/ subcontractor, the latter is also checked for compliance with regulatory requirements and internal regulations. The company adopts an Occupational Health Plan, which includes the possibility for employees to meet regularly with the competent doctor. In addition, an inspection is carried out periodically to prevent dangerous situations in the offices. Starting in 2023, the healthcare service offered to employees has been further strengthened by including additional benefits through a partnership with an employee health and safety service provider.

The Group is committed to the process of identifying hazards and health and safety risk assessment.

The main health and safety risks related to the activities of the Group are in the tertiary sector (working environment, facilities, use of office equipment, storage of objects and materials, electrical systems, fire, ergonomic factors, etc.).

In Italy, the Risk Assessment Document (DVR) identifies risks and, for each, specifies the "Evaluation Criterion" and the "Prevention and Protection Measures". These measures outline strategies to prevent the occurrence of harmful events associated with identified risks. In 2023, the updating of the DVR continued with the introduction of new rules at the level of the Consolidated Security Law (Legislative Decree 81/08) and will be published in the first quarter of 2024, once the review and validation process has been completed. All the company safety information is published and constantly updated on the intranet, together with the relevant documents.

At the Spanish level, the Safety, Health and Welfare Department identifies health and safety risks. Internal audits are carried out every two years and external audits every four years on the integration process of the occupational risk prevention system in the company. In addition, occupational risk assessments are carried out quarterly by qualified personnel, which are analysed and reported to the Safety and Health Committee to implement any new prevention or mitigation measures.

In Cyprus, the workplace risk assessment process is carried out through an analysis of the activities, work environments and possible equipment, as well as by checking the control measures in place, again in compliance with legal requirements.

In Portugal, an external company certified by ACT (authority for working conditions provides the occupational health services). This provider has free access to the facilities to guarantee that working conditions are low risk, both physical and mental. Every year, the provider sends a technician to assess any work risks and to measure the equipment used, such as lights, air conditioners, screens, accessibility, ensuring compliance with the law and providing suggestions and best practices.

doValue Greece instead entrusts a qualified external supplier with the services related to occupational safety, who carries out the necessary checks with periodic visits to each of the company's sites, in line with Greek law. The supplier must prepare an Occupational Risk Assessment that identifies the sources of occupational risks, records the working conditions in order to document the preemptive measures already in place and those to be taken additionally.

The Group considers it essential to develop workers' awareness of the risks associated with their jobs.

Employees have a variety of communication tools at their disposal to report hazards and dangerous situations at work, and they can also choose to leave or escape circumstances that could lead to occupational injuries or illnesses, as set out in the relevant local regulations. For reports, anonymity is, of course, guaranteed to

protect employees against any retaliation. In the case of accidents in the workplace, the processes and methods of investigation are defined within the documents and procedures prepared by the various subsidiaries according to the regulations in force.

In all Group companies, the employees undergo periodic medical examinations based on the requirements of the laws in force in the individual countries.

In general terms, employees throughout the Group participate in maintaining and implementing the health and safety management system, either directly (with requests for clarifications, observations, proposals, etc.) or indirectly through their representatives. They are invited to share their views on the matter, even if this is not required by law. Besides what is provided for by law and the possibility for employees to take part in the consultation or decision-making process on health and safety, there are no further processes aimed at facilitating employee participation and consultation in the development, implementation and evaluation of the occupational health and safety management system. Additionally, there are no formal joint committees of management and workers for health and safety.

The Group continues to disseminate and promote a culture of health and safety among its people through training courses (both mandatory and non-mandatory), seminars and events focused on these areas. Training activities also continued on health and safety issues connected to the new remote/smart working methodologies.

Eight minor injuries occurred during 2023. We also note the death of an employee of doValue Greece in 2023, which occurred due to non-work-related illnesses of the employee.

From the analysis of health and safety risks, considering the Group's activities, there are limited occupational hazards that pose a risk of accidents with serious consequences. These are mainly related to the use of vehicles for customer visits or business trips.

Injuries11	2023		2022			2021
	Women	Men	Total	Women	Men	Total	Women	Men	Total
Total number of recordable injuries12	4	4	8	2	7	9	2	2	4
of which are in Italy	3	2	5	0	2	2	-	2	2
of which are in Greece	-	-	-	0	0	0	-	-	-
of which are in Spain	1	2	3	1	2	3	2	-	2
of which in are Portugal	-	-	-	1	3	4	-	-	-
of which in Cyprus	-	-	-	0	0	0	-	-	-
Recordable injury rate	1.33	1.82	1.54	0.31	2.03	1.05	0.63	0.81	0.71
of which are in Italy	2.94	2.77	2.87	-	2.61	1.08	-	2.88	1.22
of which are in Greece	-	-	-	-	-	-	-	-	-
of which are in Spain	2.17	4.67	3.37	-	-	-	2.56	-	1.27
of which in are Portugal	-	-	-	-	-	-	-	-	-
of which in Cyprus	-	-	-	-	-	-	-	-	-

The recordable accident rate is calculated as the ratio of the number of recordable accidents to the total hours worked in the same period, multiplied by 1,000,000. 11

The table refers to employees only. It is noted that no injuries were recorded among non-employee workers in 2023. 12

THE DOVALUE GROUP'S BUSINESS RESPONSIBILITY

— 5.1 Transparency, fairness and responsibility in the provision of services

The Group's Code of Ethics defines the reference values and principles governing relations with all stakeholders with whom the Group has relations in carrying out its activities and providing services.

The doValue Group's primary aim is customer satisfaction to create a solid and lasting relationship based on honesty, transparency, cooperation, fairness and mutual respect. The Group bases its relationships with customers on compliance with laws, applicable regulations, and company regulations. All employees who have relations with customers must therefore ensure that the rules defined in terms of correctness, completeness, adequacy and transparency in the provision of services are respected, as well as the internal procedures to implement with customers when providing these services.

The Group guarantees its customers transparency and correctness and undertakes to provide them with all information on the characteristics and risks associated with the services and the rights and obligations they will assume by signing the relevant contracts, avoiding any form of misleading and/or unfair practice; attention and sense of responsibility towards the customers also translate into the presence of procedures for managing complaints compliant with the applicable regulations and the contractual commitments with principals.

Regarding the relationship with the end debtor customer, it is essential to emphasise a fundamental aspect that distinguishes the management of loans for doValue, represented by preferring out-of-court solutions to those before the court. The AM carries out this out-ofcourt contacting activity with the support of information systems and individual work plans that enable them to map their portfolios. To support this, a management KPI monitoring system has been established, allowing the verification of both the number of contacts made and the number of resolutions sent. The monitoring is carried out monthly, and the report is shared with managers. This monitoring frequency made it possible to increase management's awareness of the consistency of action and the timely implementation of the system.

The doValue external network, comprising external professionals and debt collection companies, handles the contact and negotiation phase concerning the portfolio's more minor cases in compliance with standards of conduct consistent with the Group's Code of Ethics, which, as extensively described in Chapter 3, was updated in May 2023, and with the External Network Code of Ethics. This activity is always carried out in synergy with the AM.

In more general terms, to monitor and strengthen the quality of the services provided while consolidating its relationship with its customers, the Group has a structured system for monitoring customer satisfaction, focusing strongly on handling reports received from customers.

The measures adopted by doValue to prevent all forms of corruption and to comply with the principles of ethics, legality and transparency also represent a real commitment to defining a model of ethical and transparent behaviour and service. No incidents of noncompliance relating to the information and labelling of products and services were reported in Italy in 2023.

doValue Greece has also adopted Policies to ensure transparency, fairness and accountability in all its services to customers, debtors and in supplier relations.

As one of the founding members of the Hellenic Servicers Association, the company operates in line with the principles within the framework of the relevant local regulations and has established an adequate internal control system to ensure compliance with the regulations on protecting its customers' rights.

More specifically, the Company adopts the Code of Professional Conduct (CoC) aligned with the Group's Code of Ethics. This Code explains its culture and

values and supports ethical conduct throughout the organisation. doValue Greece also has a dedicated complaints management function to ensure that it handles all complaints correctly through a quarterly meeting with Business Compliance to discuss the details of the reports and the recorded trends.

Regarding the procedures adopted in the real estate business, please note that doValue Spain, through suppliers tasked with the maintenance of real estate assets, ensures that preventive maintenance work is carried out on the buildings to guarantee the absence of risks for third parties who may live or work in them.

In addition, maintenance plans sent by suppliers include an economic assessment of the actions needed in each asset and indicate the minimum actions essential to make it habitable or ensure that it is in a suitable condition for use and/or sale. These conditions are checked with special periodic verification visits to the properties at least annually.

Qualitative standards and acceptable

Conduct of the External Loan Recovery Network The principles of correctness and integrity guide the development and monitoring of the External Network, which is called upon to carry out debt collection activities according to standards of conduct consistent with the indications of the Group's Code of Ethics and the External Network's Code of Ethics.

The External Consultant Network (ECN) comprises Loan Recovery Companies (LRC), External Professionals (EP) and External Lawyers (EL). The network of consultants is subject to constant quality controls and assessments to determine the suspension or continuation of their work with the Group.

External Professionals and Loan Recovery Companies

In Italy, the External Consultant Network (ECN) function handles the search, selection, administrative contract management, retention, development and monitoring of the External Networks

(External Professionals, Loan Recovery Companies, AES). It also manages non-performing loans, which are subject to outsourcing by doValue SpA.

Based on service needs, the ECN function handles recruitment activities, which are carried out through multiple channels (job postings, press advertisements, recruiting portals, job listings and orders, contacts with university job placements). All potential candidates who wish to send their CVs are directed to the company's website to complete a special form.

The analysis of applications for recruitment and subsequent contracting includes a phase of verification of the criteria of effectiveness and efficiency envisaged for the External Network of doValue, the expected levels of professionalism and the evaluation of any potential reputational risk. If the application in question relates to a Loan Recovery Company, besides the activities detailed above, a visit is made to the company's headquarters to assess the adequacy of the structure, the representatives and collaborators.

The personal and contractual data of the accepted candidates are recorded within the applications used by the ECN. For years, the ECN has used a digital document signing system, with the duly signed documents sent via certified email address, with a clear reduction in costs and environmental advantages through the reduced use of paper.

doValue constantly monitors the already-contracted External Network for the entire duration of the collaboration, and periodically carries out specific checks, such as:

• maintenance of registration in the professional registers of reference (half-yearly);
• detection of any connections with subjects included in the related parties perimeter (half-yearly);
• checking the validity of insurance policies provided by EPs or LRCs (bimonthly);
• monitoring of harmful events through record updating (bimonthly);
• checking the participation of individual external professionals/loan recovery companies in courses organised based on the organisational and regulatory inputs Programmed by the AML or Compliance Functions;
• monitoring of the presence of the name on the "Black List" and "PEPs lists" (annual);
• control of "harmful events" through information from press and web sources related to external

professionals/loan recovery companies that the ECN receives massively and weekly from an external supplier (weekly);

• operational management of cases related to situations of conflict of interest regarding the "active network" as detected in the Management System compared with the automatic monitoring system on related parties and conflicts of interest, which is part of a broader activity whose application falls within current company legislation.

To speed up the entry of external resources from other companies or previous experiences that do not entirely coincide with the doValue S.p.A. model, "start-up" courses are organised focusing on technical-operational aspects and business processes or behaviours.

Periodically, usually at least every six months, a turnover activity is conducted based on the collection and rating results obtained by the individual PE/ SRC to keep only the best-performing professionals active.

doValue has also activated a process aimed at detecting behavioural asymmetries in the operational, managerial and relational spheres that may cause problems and/or potential operational risks. The objective is to constantly measure the quality of the management of assignments and the level of reliability and behavioural consistency of the External Network. The process consists of contacting and identifying debtor counterparties on a sample basis and administering a questionnaire to verify the work of the External Professionals or Loan Recovery Companies with whom they have had contact.

Regarding the different geographies' specificities, please keep in mind that for doValue Spain, recovery management is outsourced exclusively to Banco Santander. The Service Legal Agreement provides for the possibility of managing transactions under 100,000 euros as a Servicer. doValue Spain selects external managers based on capacity, experience, and available resources. The managers must also meet the company and bank's approval requirements.

Instead, the Cypriot subsidiary appoints only authorised law firms according to a pre-approved list from the portfolio owner customer.

For amicable recoveries, doValue Spain and its subsidiaries assign to Debt Collection Agencies smaller portfolios of less than 50,000 euros to carry out recovery campaigns pre-approved by the portfolio owner. All external service providers must comply with the applicable legislation and policies of the portfolio owner and the instructions shared during contracting.

The External Professionals and Loan Recovery Companies are closely monitored in terms of compliance with the signed contract and performance and results on a daily, weekly and monthly basis. Tools are used, and company reports are drawn up describing performance with the possibility of comparing them with each other and with the agreed targets. Besides monitoring and evaluation in terms of actual results, doValue Greece verifies the application of policies, procedures and guidelines through continuous physical monitoring at partner sites.

External Lawyers

External lawyers play an important role in the legal management of non-performing loans. Their search, selection and maintenance, as well as their monitoring, is entrusted to the External Lawyers Network (ELN) in Italy. The accreditation and recruiting of External Lawyers (EL) is initiated when specific needs arise.

All lawyers must sign the Operational Agreement, which defines the principles of correctness and ethics with which the lawyers must comply when performing their duties for the Group.

The doValue Operational Agreement expressly envisages the obligation of the External Lawyers to digitise all documentation relative to their assigned duties, with related environmental benefits in terms of reduced printed material. doValue also uses electronic cumulative invoicing (a single invoice for each principal regardless of the number of bills). Another obligation ratified by the Operational Agreement is the exclusive use of the "Ex Parte Creditoris" web-based computer system (EPC), which can be used anywhere.

For many years, ELN has used the ature system for documents sent via PEC, again clearly reducing environmental impact. A training course on the functioning of the management application is always provided before assigning tasks to a new lawyer and the description of the doValue management and operating model. The same methods described for the

ECN are adopted to measure the quality of assignment management and the level of behavioural reliability and consistency of the External Lawyers.

The monitoring areas include a number of indicators, covering:

• the monitoring of logins to the EPC management and information system;
• the number of favourable settlements obtained in recognised proceedings;
• the level of proactivity of the lawyer based on the assessment of proposals for judicial settlements submitted to the EPC and approved;
• measuring the timing of each lawyer in the real estate enforcement proceedings;
• monitoring of data quality warnings;
• the evaluation of NPL management structures on aspects of accuracy of documents and feedback, timeliness, proactiveness, and availability;
• the measurement of any operational misalignments.

The criteria defined to determine the ratings aim to allow each professional to compare their quality levels against the reference benchmarks (national and for each factor), i.e., the optimal benchmarks against which the different rating components are compared.

An IT system has also been implemented, which is designed to allow users to understand the ratings system and the individual factors. The results of the analysis are submitted (confidentially and individually) to each lawyer as a further incentive to improve personal performance. For portfolios managed through the operational systems, the Asset Managers assess the lawyers' performance in the internal IT system.

The lawyers are assessed for each of the following aspects:

• • accuracy of deeds and findings;
• • punctuality;
• • proactivity;
• • availability.

The ratings thus generated for each lawyer are included in an internal report and monitored by the External Legal Network of doNext. In cases of misalignment with company standards, the ELN intervenes directly with the lawyer or by reporting directly to the mandating bank (for lawyers belonging to a register managed by the principal bank). In the most serious cases, the lawyer may be suspended from receiving any new assignments.

For legal recovery activities in Spain, doValue Spain uses external law firms only to manage specific portfolios, selected based on criteria of technical quality, specialisation, territoriality, profiles of the lawyers, knowledge of the financial and real estate sector and previous experience. Service conditions, behavioural expectations, and any customer-required service levels are specified through distinct Service Level Agreements. The External Lawyers Network is monitored through compliance KPIs relating to turnover, procedural timing, completeness, and shared data quality.

Concerning operations in Portugal, the Company has entered into agreements with law firms focusing on corporate and human resources aspects, chosen for their superior service quality in this area.

Regarding doValue Greece, the legal offices the company uses must have a network at the national level, full competence in legal actions and long experience in the legal administration of non-performing loans. Contracts with each external legal office detail the obligations they must adhere to, including compliance with the doValue Greece Code of Conduct, GDPR, and the Business Continuity Plan, as well as meeting the objectives for each legal action within the agreed period.

The quality of external legal partners is monitored through specific reporting tools, which provide the result of the legal actions taken, together with compliance with the agreed KPIs. Any complaints arising when the external partner performs its activity are also monitored. They are classified, evaluated and communicated to the External Lawyers for corrective actions. Any incidents are taken into account when reviewing the partnership.

— 5.2 Privacy, data security and digital innovation

The Group takes all the measures necessary to minimise the risks associated with the services offered, implementing the best security standards on its systems. doValue also identifies the appropriate protection tools that support the technological structure and counteract IT fraud.

Innovation

doValue recognises the importance of evolving IT processes and frameworks to sustain management efficiency and security levels that align with the top industry standards. After reorganising and centralising existing local IT systems, the Group Information Security Office was established, providing IT security services to all countries in a centralised manner.

In particular, the Information Security Office provides standardised and consistent IT security services and systems to all Group companies. The key areas of competence and responsibility include:

• Information Security Management System (ISMS);
• Business Continuity Management System (BCMS);
• ICT Risk Management Framework;
• Identity and Access Management Structure;
• Training and awareness Programmes on information security and business continuity;
• Hacking team responsible for the vulnerability management framework (to periodically test systems and discover, evaluate and fix any vulnerabilities);
• Security Operations Centre, tasked with monitoring cybersecurity 24 hours a day, seven days a week;
• Implementation and maintenance of security tools to protect the Group's IT perimeter.

On this last point, the doValue Group has established a multi-tiered security infrastructure based on different levels of protection. If oneof these is compromised by a cyber-attack, the company has additional "redundant" protection barriers to prevent the spread of the incident.

Among the security tools implemented by the doValue Group, we can mention the safeguards in the following areas:

• Privileged Access Management (PAM);
• Endpoint Antivirus;
• Mobile Device Management (MDM);
• Classification of information and Data Loss Prevention (DLP);
• Server Antivirus;
• Database Encryption;
• Next-generation Firewalls;
• Firewalls for Web Applications;
• E-mail Protection;
• Vulnerability Scanner and PenTest;
• MFA;
• SIEM.

The services offered by the Group Information Security Office can be traced back to two main areas:

• • Governance, Risk and Compliance (GRC) area: aims to implement and monitor common security frameworks across all countries, to standardise processes and ensure consistent maturity levels throughout the Group;
• • Cybersecurity Area: aims to improve the level of protection of corporate assets and information to raise the Group's Cybersecurity position.

Regarding the GRC Area, doValue has implemented an information security management system (ISMS) based on different security standards, such as ISO27001, ISO27002, NIST, COBIT or GDPR, among others.

The tool standardises IT security policies and processes across all Group branches. The framework defines the information security policies at Group level to guarantee that all the countries follow the same security guidelines and, when possible, the defined Group processes.

If some security processes cannot be standardised throughout the Group, local processes based on the Group guidelines are defined.

In connection with the aforementioned Group ISMS, besides the existing local policies and procedures, during 2023, the following information security policies were defined:

• Group secure software development policy.
• The Group's ICT risk management framework.
• Third-party assessment methodology for information security.
• Security incident management procedure.

Additionally, the Group has a Business Continuity Management System (BCMS) that standardises all business continuity plans of the Group's Legal Entities, enhancing resilience across the board. As for the ISMS, an adequate number of procedures has been linked in the BCMS area:

• Business continuity policy;
• Business continuity roles and responsibilities (definition of information security roles at group and local levels);
• Analysis of the impact on business (for all critical activities of all the branches);
• Crisis management plan.

During 2023, the Group Information Security Office evolved and improved existing safeguards. In particular, concerning:

• Information Security Management System (ISMS), additional policies and controls have been defined to improve the framework:
  • Definition, implementation, and establishment of a formal process for monitoring and reporting key ICT KRIs, such as unresolved cybersecurity incidents within the set timeframe, critical and high-risk vulnerabilities not addressed by the deadline, and the percentage of updated endpoints and servers.
  • Establishment of various Group-wide security policies, such as the Group Secure Software Development Policy.
  • Definition of an annual training and awareness plan on information security in all Group countries, to ensure all employees are constantly trained and informed on relevant information security topics.
• The Group's Business Continuity Management System (BCMS), which aligns with the ISO22301 standard, has been strengthened and enhanced:
  • Creation of a business continuity KRI dashboard designed to oversee the crucial elements of local business continuity plans, enabling the identification of potential risks or anomalies.
  • Definition and implementation of crisis communication channels (such as Crisis Management Teams).
  • Carrying out operational continuity and disaster recovery tests.
• • The Group's ICT risk management framework, which defines how to identify, quantify and manage risks impacting the Group's ICT assets, was approved by the Board of Directors in 2023.
• A security framework for critical suppliers has been established, defining a methodology for evaluating third parties in terms of information security. This is aimed at the early detection of potential risks associated with the services they provide.
• IT security control measures include regular audits to assess system IT security, such as pentesting of the Group's critical applications.

Cyber Security

Cyber Security is one of the main risks for most companies. The doValue Group is exposed to this risk because of the number of operators, the extensive use of electronic tools for providing services, and the nature and volumes of data processed.

Moreover, the complexity of managing cyber risk has escalated due to the increasing demand for reliability and compliance with specific requirements from the Group's biggest customers, new business models that have created a context in which data and information are widely shared and interconnected, along with the growing sophistication, speed, and impact of cyberattacks.

In this context and in general, doValue's main objective regarding cybersecurity is, as already mentioned, to improve the level of protection of the Group's corporate assets and information. The Internal Audit Department

periodically evaluates the adequacy, overall reliability, and security of this set of measures, tools, and controls, both through IT audits focused on so-called "IT General Controls" and in the context of process audits, regarding the review of the functionalities and automatic controls of the applications to support the included processes. The frequency and coverage intensity of these audit areas is subject to annual review because of the risk assessment process, which leads to the definition of the annual and three-year audit plan by the Internal Audit Department.

Below are some of the most significant upcoming future initiatives,including standout projects:

• Performance of ICT risk assessment and improvement of the ICT risk management framework.
• Achievement of ISO27001 certification.
• Implementation of the Group's PAM tool in all countries.
• Implementation of the Group's IAM solution.
• Implementation of the Group's cloud security tool in all countries.
• Implementation of the Group's encryption
• tool.
• Implementation of the Group's NAC tool.

Privacy

Within the company context, all personnel employed by doValue Group companies acquire a large amount of personal data and confidential information of customers, suppliers and other stakeholders, entailing various regulatory and business requirements. The protection of data and information is, therefore, a priority of the doValue governance and business model, as this crucially influences the protection of the brand, the reduction of operating losses, the quality of customer relations, the level of confidence with all stakeholders and compliance with of regulatory obligations.

Since the entry into force of the GDPR, doValue has introduced a Data Protection Framework aimed at ensuring the security and protection of personal data processed by all employees and collaborators through a risk-based approach, consistent with the applicable regulatory requirements and with the expectations of all Stakeholders.

Over the years, a project was implemented to adapt and strengthen the privacy management framework at Group level that, while considering the reorganisation and expansion of doValue in Europe, led to dividing up the Data Protection Framework under three areas:

• doValue's Data protection strategy, in which the Group's commitment to protecting personal data is summarised;
• the Organisational Model for the Protection of Personal Data ("OMPPD"), which describes the roles, responsibilities and relationships between the various figures identified to govern the personal data management system of the Group companies;
• the Data Management Model, which outlines the main obligations envisaged by the European Regulation for proper governance of the processing of personal data.

Regarding the information on the processing of personal data of users of the doValue SpA website, it's important to note that for processing reliant on the user's consent, users have the right to withdraw their consent at any time. Users may contact the Personal Data Protection Officer to exercise their rights. The information is available on the web site.

There is a Group Data Protection Policy adopted by the subsidiaries of the Italian and foreign perimeter, with the adaptations required depending on the local regulatory context. The "Privacy and Security of Data and Information" Policy is available on the doValue website and the company intranet in the relevant section.

The doValue Group constantly monitors regulatory developments regarding the protection of personal data to implement adaptation actions that lead to a continuous improvement of the personal data protection system.

The doValue Group, in line with Italian and European regulations and the best practices of the reference sector set up the Compliance & Global DPO function in 2021.

The function, reporting directly to the General Counsel, aims to establish a uniform compliance framework at the Group level, ensuring adherence to pertinent

regulations (e.g., Market Abuse, Related Parties, Consob Regulations, Anti-corruption, Privacy) through the definition of common guidelines and policies, regulatory monitoring and implementing the interventions to ensure compliance with applicable regulations, and introducing specific intra-group information flows. Also, the Global DPO defines the Group's Data Protection organisational model and a common DPO control framework. It coordinates data protection activities, receives information flows from the local DPOs and reports to the doValue Board of Directors. The Global DPO also carries out control tasks of the data processing activities at the corporate level as a point of contact with the Authority and the interested parties involved in the processing activities and for information and consultancy.

In the individual Legal Entities the MOPDP provides as a general rule for the appointment of a local DPO with a supervisory role pursuant to Article 39 of the GDPR. If a Group company is not obliged to appoint a DPO (pursuant to Art. 37 paragraph 1) and the adoption of this role voluntarily has been excluded, the protection of data privacy must be guaranteed by the local Compliance or Legal Function or by another internal structure where both indicated structures are not present.

doValue has formalised the roles, responsibilities, and interactions and flows between the Global DPO and Local DPOs through the Group's Data Protection Office Regulation, issued in December 2021 and enacted in 2022.

Additionally, in 2023, numerous initiatives were undertaken concerning both cybersecurity and privacy aimed at enhancing the protection level of the Group's corporate assets and information:

• Implementation of the Group's external vulnerability scanner (Qualys) to perform weekly vulnerability scans on the Group's external critical applications.
• Implementation of the Group's external vulnerability scanner (Qualys) on the perimeter of the Group's Data Centre to perform weekly vulnerability scans on the Group's external critical applications.
• Definition and implementation of the 24x7 SOC service for all Group assets integrated into the Group SIEM.
• Definition, implementation and testing of the security incident management process between doValue and IBM's SOC.
• Centralisation and standardisation of local protection services at the Group level: o Spanish encryption service
  • o Network Access Control Service (NAC)
• Implementation of the Group's email protection tool, designed to enhance the security level of corporate email.
• Implementation of multi-factor authentication (MFA) on the Italian VPN and on O365.
• Network segregation project at doValue Italia.
• Implementation of encryption functionality in the Italian DR.
• Performing source code audits in Italian applications.

During the reporting period, doValue Greece received five privacy complaints from the Data Protection Authority, which investigated an alleged violation of privacy legislation. Additionally, two recommendations (one related to a complaint received in 2022) were made concerning the company's prompt response to requests from interested parties. A further three complaints were presented in the Cypriot subsidiary, but in no case were sanctions imposed. No complaints, and consequently no sanctions, were received in Spain, Italy and Portugal.

— 5.3 Monitoring the level of customer satisfaction

In line with the Code of Ethics, the Sustainability Plan and the Charter of Values, the doValue Group considers it essential to develop a relationship with its stakeholders based on constant and proactive listening and dialogue to define its business strategy and create shared value in the long term.

Since 2020, the Group set up a structured customer satisfaction monitoring system (banks, investors and Special Purpose Vehicles) to continuously measure the satisfaction level and quality of the services offered.

The Customer Satisfaction Survey, conducted periodically, is designed not only to evaluate customer satisfaction but also to:

• develop a transparent and cooperative relationship based on active involvement and continuous dialogue;
• increase the Sustainability Rating.

In subsequent editions, the questionnaire has been enhanced and expanded, for example, by incorporating the Net Promoter Score (NPS) KPI, an indicator that measures the overall level of customer satisfaction. The qualitative and quantitative outputs of the Survey allow for continuous improvement and raising the quality level of the relationship, responding to customer needs and increasing satisfaction by carefully monitoring the excellence of the services offered.

The main topics evaluated

Listening to needs and strengthening the relationship and trust.

Anti-corruption and Security

Evaluation of anti-corruption processes and systems security.

110

Listening to customer requests in terms of purpose, expectations and urgency.

Services and Processes

Measuring the relationship between the value of the services provided and the customer's perception.

Relationship Communication Professionalism and Competence

Anticipating requests and guiding the customer towards the best solution.

Sustainability

110 Assessment of the knowledge of doValue's commitment to Sustainability issues and their relevance to the customer.

Apart from the NPS indicator, the main issues were evaluated on a 5-level value scale, where 5 signified "extremely satisfied/important" and 1 indicated "not at all satisfied/important."

In the most recent edition conducted in 2022, the third, the data analysis highlighted the following key findings:

• 80% of customers answer the question on the added value provided by customer-provider dialogue with "extremely" or "very";
• 80% of the IT implementation aimed at improving the security and efficiency of system is "extremely" or "highly satisfied";
• 80% consider it "extremely" or "very important" for doValue to engage in Sustainability projects and initiatives.

The Group will continue to undertake the building of a trust relationship with its Customers in its conviction that understanding their expectations is at the heart of its corporate strategies.

Additional Customer Satisfaction analysis and monitoring initiatives are also carried out by the Group's other legal entities, both in-house and through the collaboration of specialised market research organisations, to study indepth knowledge of the Stakeholders, their needs and possibilities of cooperation.

— 5.4 Sustainable management of the supply chain

doValue uses suppliers who mainly provide professional, consulting and support services in the ICT area, as well as facilities for the Group's offices.

Since 2020, there has been a Group Procurement function that, in particular, manages global negotiation initiatives concerning strategic and synergistic projects. Given the unique characteristics of the specific businesses and regulations in the countries where the Group operates, some procurement activities are carried out centrally and locally, with dedicated monitoring except for the global ICT category.

In 2023, a survey targeting various company structures was initiated to assess the performance of the Procurement function, both within the Italian perimeter and at the Group level, aiming to identify potential areas for improvement. After the survey, the approach to purchasing planning was refined. At the beginning of the year, a purchasing plan was developed, involving the main company functions based on the approved budget.

As far as the procedural assets are concerned, the doValue Group has formalised its procurement processes and activities through various procedures and regulations, including the Sourcing Procedure, Supplier Register Management Procedure, and Group Expenditure Regulations. Moreover, the Procurement Function helped to shape other procedures and processes that, albeit indirectly, impact the Supply Chain. Examples include the Procedure on conflict of interest and on the transfer of data outside the EU, and the Procedure on the Accounts Payable Cycle.

Within the realm of information systems, specifically concerning Supply Chain management, doValue has upgraded its company ERP by adopting the SAP management system, the master data management system that has been integrated with the existing e-Procurement platform for synchronic alignment between the two systems, with particular reference to the most critical processes, including:

• Management of supplier qualification status
• Management of PR (Purchase Requests)
• Management of contracts and related POs (Purchase Orders)

This integrated approach to process management enables us to engage with most suppliers. According to existing procedures, these suppliers fall within the procurement ambit, meaning they cannot be managed by exception.

Furthermore, as part of the doTransformation project, starting in 2023 the e-Procurement platform, previously only used in Italy and Spain, has also been adopted in Greece.

Following these innovations, seminars were organised focusing on the use of company tools, including SAP and the e-Procurement platform. Additionally, refresher courses and webinars were conducted on purchasing processes, current procedures, and regulatory updates. These were complemented by regular updates from the Procurement function.

The e-Procurement platform features interconnected modules designed for vendor management (Supplier Register), sourcing (including tenders and RFIs), and contract management. Thanks to the platform, Procurement controls and manages the entire procurement process for various product categories.

In particular, by utilising the supplier register, doValue can now qualify and monitor its "Vendor List" not only based on technical and commercial parameters but also by incorporating environmental, social, and safety indicators into the assessment. This method establishes a minimum threshold/score for acceptance, represented by a "clause" with questions about the environment and occupational safety. In the subsequent phases of the qualification process, suppliers will be able to increase their base score through the presentation of certifications issued by accredited bodies: Procurement

will thus be able, through the attribution of the score, to identify the most virtuous suppliers and contribute to the reduction of risks related to sustainability.

This approach has the dual value of immediately identifying and hiring suppliers with reduced environmental impact and raising awareness in the rest of the market.

With regards to the supplier selection, qualification and monitoring process, the Supplier Register Management Procedure includes the following phases:

Pre-qualification

Potential suppliers are asked to fill in a questionnaire/ clause for the collection and acceptance of a set of information of an administrative, ethical, social, environmental and occupational safety nature:

• acceptance of doValue's document on the processing of personal data;
• acceptance of the doValue Organisation and Management Model 231/2001;
• acceptance of the doValue Code of Ethics;
• adherence to the anti-mafia law 136/2010;
• acceptance of the doValue Anti-corruption Policy;
• self-declaration of absence of pending charges and sanctions relating to decree 231/2001;
• declaration of having a corporate responsibility system with standards similar to those established by standard SA 8000, and possibly having certification;
• declaration, for suppliers belonging to relevant product categories, of having an environmental management system with standards comparable to those established by ISO 14001, and possibly having certification;
• social insurance contribution regularity (DURC);
• occupational safety (RAD);
• compliance and application of collective agreements (National Collective Labour Agreement - CCNL).

All this information and requirements, duly organised and weighed, represent the minimum and necessary set that the supplier must provide to access the qualification process. The output of this phase generates a score, which, if lower than the minimum threshold, does not allow the supplier to continue in the process, as it is not in line with the minimum standards required by doValue.

Qualification

At this stage, accessible only to suppliers who have passed the pre-qualification, the completion of

questionnaires on technical and commercial aspects linked to the categories chosen in the pre-qualification phase is required. Scores are allocated and combined with those acquired during the pre-qualification stage, based on the provided information. The supplier asserts and ensures the authenticity, accuracy, completeness, and current relevance of the personal data submitted at the time of Qualification.

Vendor Rating

Periodic campaigns are planned to evaluate all the results and performance of the supply relationship through the collection of KPIs provided by all the units involved (contract holder, Administration, Compliance, Risk Management, key user, etc.).

These vendor rating parameters are typically represented through logical tree structures, to which appropriate weightings and predefined valuation metrics are assigned. This phase determines the maintenance or variation of the score assigned during the qualification phase. It guides the future choices of Central Purchasing (CP), offering the chance to carry out any corrective actions in good time.

Continuous monitoring

Continuous monitoring of information and qualification parameters is envisaged through updating by the supplier itself (obligation explained in the portal use regulations) and a set of controls and automatisms that generates alerts for Central Purchasing and any units involved. Should this verification reveal a decline in the expected quality index for the Service, or if other conditions emerge that cast doubt on the Supplier's capability to uphold the required standards, the doValue Group reserves the right to suspend the qualification.

The main intervention areas concerning extension of the procurement source quality checking and monitoring activities include:

• introduction of a section on checking for any conflicts of interest in the qualification questionnaire, with relevant implementation of the monitoring and intervention controls;

• The inclusion of a section focused on anticorruption in the questionnaire, verifying ISO 37001 certification and initiating a dedicated due diligence process where required.

In the realm of anti-corruption, the Procurement Function carries out Due Diligence activities for new potential suppliers, encompassing those providing goods or services, excluding external professionals like consultants or lawyers. This verification activity is fully integrated with the already existing process, managed through the e-Procurement platform and formalised through the e-Procurement platform and formalised via the Supplier Register Management Procedure, as previously mentioned. In conducting Due Diligence for new potential suppliers regarding projects, transactions, and activities that doValue may engage in with them, the Compliance Function for corruption prevention analyses and evaluates the following key areas:

• counterparty's details;
• counterparty's capacity;
• presence of Red Flags, information on which is gathered at the supplier pre-qualification stage through the doValue e-Procurement portal.

Should the supplier lack ISO 37001 certification, the e-Procurement portal directly notifies the Compliance Function with an alert. In this case, the Due Diligence process considers the presence of any Red Flags and the rating determined by a matrix. Once thoroughly evaluated by the Compliance Function, this matrix indicates the level of corruption risk associated with the supplier.

Depending on the identified corruption risk level, actions may vary: for mild risk, the supplier's qualification can proceed; for moderate risk, qualification may be temporarily suspended, pending a decision after consulting Top Management; and for high risk, a consultation with the Governing Body is required. doValue ensures all necessary measures are taken to protect its suppliers' personal data. Indeed, during the pre-qualification phase, the supplier acknowledges, in compliance with the EU Regulation,

no. 2019/679 (GDPR) on personal data protection, that their personal data will be processed by the doValue Group for registration in the doValue Group's Register of Suppliers in line with the Privacy Policy as per Article 13 of the GDPR, with doValue acting as the Data Controller. The policy is available on the Portal.

In 2023, the e-Procurement platform underwent further developments in terms of new features:

• Profiling of user roles/activities;
• Management in the e-procurement platform of the new escalation qualification procedure;
• Management of modification and addition of supplier product categories present in the Vendor List;
• Activation of artificial intelligence for checking qualification documentation;
• Organisational structure update in the e-Procurement platform;
• Definition of the supplier survey questionnaire in the ESG field, which will generate an impact on the qualification rating. Activity conducted together with the Communication & Sustainability structure, as mentioned in the previous point.

Finally, we report the launch of the 2023 campaign to evaluate the supplier's performance in contract management. Along with local contracts, the contracts of the Group's Top Vendors were also assessed to gauge performance value across the entire doValue perimeter.

Finally, several questions/requirements in the ESG field were included among the technical requirements assessed for determining the ranking in 2023 when carrying out multi-parameter tenders.

Thanks to the new developments introduced in 2023, doValue has enhanced its Supply Chain's performance in terms of control and security while also optimising and centralising communication with all entities involved in the procurement process.

As mentioned earlier, the e-Procurement platform has also been rolled out at the local level in Spain. More generally, doValue Spain and its subsidiaries adhere to a Supplier Approval and Engagement procedure that outlines partner selection processes. These are based on objective and technical criteria, tailored to the type of goods or services being procured, and are founded on the principles of transparency, competition, and competence. Through the procedure, doValue Spain ensures the existence of key requirements, including:

• absence of reports from potential suppliers relating to money laundering and terrorism financing;
• transposition by suppliers of the latest available updates in tax, social and other obligations required by current legislation;

• satisfaction by potential suppliers of the minimum conditions required by doValue Spain in legal, fiscal, technical and risk mitigation terms, including ethical requirements and their social and environmental responsibility.

Finally, please note that contracts with suppliers include an anti-corruption clause, which requires a guarantee that ethical and professional conduct is maintained at all times in the business relationship, avoiding any behaviour that could lead to violation of the applicable laws or regulations on corruption.

In the same way, in Portugal and Cyprus dedicated supplier selection procedures are applied, which establish the principles and procedures to follow when selecting brokers, and there are policies concerning management of conflicts of interest.

Supplier selection

In selecting suppliers, the Group aims to give preference to those based in the same countries where it operates.

Within the Italian perimeter, which constitutes the largest segment of the Group's suppliers, the proportion of local suppliers relative to total supplier turnover in 2023 stood at 97%, marking a six percentage point increase from 2022.

In pursuit of transparent commercial relationships capable of creating shared value, doValue Spain pays

attention to the sustainability characteristics of its suppliers: in the case of the supply of services whose value exceeds 75,000 euros, doValue Spain requires suppliers to present their Environmental Policy or ISO 14001 certification. If the request cannot be met, the suppliers must submit a document explaining why.

Regarding the assessment of new suppliers based on social and environmental criteria, the percentage in Italy has also reached 100% for 2022, in line with the result achieved in the previous reporting year.

In Greece, Spain, Portugal, and Cyprus, there were no supplier evaluations conducted in 2023 based on these criteria, although social and environmental factors are considered prior to defining relevant supply contracts.

In 2023, as previously mentioned, doValue Greece implemented the e-Procurement platform, aligning its management systems with those of the Group and ensuring greater consistency within doValue's procedural assets. Indeed, a new supplier management process has been formalised, in line with the Group's Procurement Policy, which is currently under review. This process governs the selection, onboarding, due diligence, pre-qualification, approval/authority matrix, performance monitoring, and risk management.

— 5.5 Generated, distributed and retained economic value

The prospectus for calculating the economic value generated and retained is constructed by aggregating, in scalar form, items in the income statement in line with the regulatory framework provided for by IAS 1 to highlight the formation process of added value and its distribution to the various stakeholders.

Distribution of economic value (in thousands of euros)	2023	2022	2021
Economic value generated	445,343	510,023	542,885
Economic value distributed	(425,325)	(455,439)	(444,408)
Employees and collaborators	(213,097)	(231,149)	(231,581)
Suppliers	(110,565)	(142,058)	(164,507)
Shareholders - Dividends distributed*	(52,992)	(44,142)	(23,224)
State and institutions	(48,671)	(38,090)	(24,696)
Economic value retained	20,018	54,584	98,877

*The dividends distributed item is shown by disbursement date and not by accrual date

When reviewing the data and trends detailed in the text and supporting tables, it's essential to factor in the Group's development trajectory and goals. The Group aims to reinforce its status as a determined and robust contender in its target market, which, during the reporting year, underwent a profound evolution of its governance structure and the operations that make up its core business.

The robustness of the financial performance and the expansion and rationalisation of the efforts of the businesses across different geographical entities significantly influence all analyses presented in the Non-financial Statement, impacting both qualitative and quantitative aspects.

BREAKDOWN OF DOVALUE GROUP ECONOMIC VALUE

4.4% Retained

economic value

10.7% State and institutions

12% Shareholders

48.7% Employees and collaborators

117

24.1% Suppliers

For more details about the items in the income statement that the calculation is based on, please take a look at the section of the Management Report in the Consolidated Financial Statements as of 31 December 2023. Further details about the Group's economic performance and financial stability can be found in the Reports and Consolidated Financial Statements as of 31 December 2023, specifically in the chapter titled "Report on Group Management."

— 5.6 doValue and the territory: the Group strategy and local initiatives

Dialoguing actively with its stakeholders and prioritising the value of its people, doValue shapes a strategy that involves and supports the communities and regions where the Group operates, aiming to create sustainable value over the long term.

To promote the development of the Community, doValue is committed to sharing its experiences and know-how with the academic world.

In 2023, doValue forged several academic partnerships, underscoring its commitment to fostering a beneficial path that encourages the professional development of future generations. This initiative prepares them for the job market and contributes to innovative and sustainable growth.

The Group's initiatives follow:

• • UN Global Compact: The doValue Group has joined the United Nations Global Compact initiative, committing to align its strategies and operations with universal principles on human rights, labour, the environment, and anti-corruption, while undertaking actions that promote societal objectives.
• • Luiss Business School: doValue is a Partner of the Executive Programme in NPL (Non-Performing Loans) Management, the training Programme developed in association with the Luiss Business School. The course offers an overview of the NPL phenomenon, including the macroeconomic context and classification of various NPL types, extending to techniques for managing NPL portfolios;
• • Rome Business School: This is a partnership with Rome Business School, an international educational institute offering Master's degrees, MBAs, and corporate "Executive Education" programmes. Its mission is to educate global leaders able to manage companies worldwide with an innovative and sustainable approach.
• • AISM Italian Multiple Sclerosis Association: doValue supports AISM, the Italian Association that intervenes 360° on Multiple Sclerosis and promotes

fundraising for the study and research of this serious disease. In 2023, the Group participated in the "The AISM Apple" initiative, hosting the Association's volunteers at the Rome offices.

• • 4W4I: doValue is a Partner of the "4 Weeks 4 Inclusion" (#4W4I) initiative promoted by TIM to raise awareness and spread the culture of diversity and inclusion. During the four-week digital programme, the partner companies explored various topics daily to promote diversity within the company through webinars, Digital Labs, and creative groups.
• • FeduF: doValue is a partner of FEduF, the Foundation for Financial and Savings Education, established by the Italian Banking Association (ABI). Together with the Foundation, doValue supports financial education initiatives targeting young people, aiming to broaden their knowledge and foster financial inclusion. The Group is a Partner of the "I Fuoriclasse della Scuola" project, providing scholarships to support a training program for top Italian students and promote smart, sustainable, and inclusive growth.
• • doValue supports FAI (Fondo per l'Ambiente Italiano) by subscribing to the Corporate Golden Donor corporate membership programme. In Italy, joining the FAI means supporting a major cultural preservation project to protect and promote this country's beauty, and raising awareness of, respect for and care of art and nature.
• • @xia Financial Literacy Programme: doValue Greece actively engages in an initiative by the Greek Association of Credit Services Companies (EEDADP) to develop a financial literacy programme in association with the Financial Literacy Institute.
• • Κ.Ε.Φ.Ι Association of Cancer Patients: doValue Greece was the main sponsor of the 1st "Run Faster than Cancer" Virtual Cycling Tour which took place on 6 June 2021 with the aim of providing emotional, psychological and social support to cancer patients and their families;
• • ELEPAP (Rehabilitation for the Disabled) non-profit organisation;

• Social Cooperative Organisation "Look to the Stars";
• • Friends of Aretaieio Hospital Association (Obstetrics and Gynaecology Department): a palliative medicine programme for women battling cancer, offering supportive medical care during the pre-surgery and recovery phases, along with the refurbishment of the wards where they are admitted.
• • Adecco Foundation, whose aim is to create a people-centred model that recognises their dignity through work;
• • Alares Foundation, focused on improving people's quality of life and promoting corporate and institutional competitiveness;
• • Integra Foundation, which helps socially excluded and disabled people take control of their own lives through inclusion in the labour market;
• • Vivir Sin Barreras Foundation, which aims to improve the assistance, integration and social and labour inclusion of people with reduced mobility;
• • Carlos III University Foundation, dedicated to supporting people in economic difficulty with good academic performance by providing scholarships;
• • MasHumano Foundation, which aims to drive cultural transformation in business and society by emphasising the value of people so that they can achieve maximum personal, family and professional development;
• • Asociación para la Racionalización de los Horarios Españoles, aiming to streamline working hours;
• • Asociación Española de Ejecutivos y Consejeros, which provides a code of good practices for the management of talents and the improvement of competitiveness within the Company;
• • Asociación de Promotores Constructores de España, which represents the interests of the development and construction sector;
• • International Facility Management Association, an international organisation whose mission is to emphasise and promote the role of facility management;
• • Instituto de Auditores Internos de España, which aims to enhance and protect the value of organisations that provide objective assurance, advice and risk-based knowledge;
• • Clúster de la edificación, an organisation for collaboration and innovation in the building sector;
• • Asociación Española para la Calidad, which promotes quality as a driver of competitiveness and sustainability;
• • Asociación Nacional de Entidades de Gestión de Cobro, whose social purpose is to provide credit collection services, both amicably and through the judicial system;
• • Asociación de Espacios Inmobiliarios, whose social objective is to support the development of shared real estate spaces and to protect the actors involved legally;
• • ABI Italian Banking Association, a voluntary non-profit association that works to promote knowledge and awareness of social values and behaviours inspired by the principles of healthy and correct entrepreneurship and creating a free and competitive market.

doValue Spain's dedication to community engagement is even more noteworthy given that the nature of the company's business and the locations of its operations do not have, nor are they expected to have, any negative impacts on local communities. Therefore, the company does not feel the need to perform impact assessments on the effects of its operations on the local community.

For the same reason, doValue Spain does not invest in infrastructure and does not fund community services. Regarding DoValue Spain Servicing's engagement with the community, particularly in supporting minority groups or individuals at risk of social exclusion, or through its voluntary commitment to agreements that formally document the company's dedication, the following contributions are noted:

• Regarding compliance with the exceptional measures contained in article 42.1 of Royal Legislative Decree 1/2013 of 29 November, which approved the revised Law on the rights and social inclusion of disabled people:
  • Adecco Foundation: €32,400
  • Integra Foundation: €21,600
• Contributions to human rights bodies:
  • UN Global Compact: €2,400

• Scholarships for students with limited economic resources and a good academic record:

  • Carlos III University Foundation: €6,000

• Donations and contributions to support workprivate life balance:

  • MásHumano Foundation: €6,500

• Asociación para el progreso de la Dirección: €1,946.23

• Contributions to sector associations:

• Clúster de la edificiación (Building Cluster): €3,000

• Asociación de Promotores Constructores de España (Spanish Building Developers' Association): €4,078.28

• International Facility Management Association: €423.50

• Asociación Española para la Calidad (Spanish Quality Association): €725.99

• Asociación para el progreso de la Dirección;

€5,611.90 (Protector Partner)

• Asociación Nacional de Entidades de Gestión de Cobro (Spanish National Debt Collection Association): €2,500

• Instituto de Auditores Internos de España (Spanish Institute of Internal Auditors): €2,420

• Contributions towards Adsolum: Asociación de Espacios Inmobiliarios (Real Estate Spaces Association).

In Portugal, interactions with associations and the business community are primarily facilitated through Oitante Bank, whereas in Cyprus, these are conducted via the Association of Cyprus Banks and the Credit Services Association. Throughout 2023, there were no donations made to non-profit organisations in Cyprus, while doValue Portugal contributed 8,300 euros to nonprofit organisations with an established track record in Portugal.

In the Sustainability Plan and Policy the Group has defined the three pillars which materialise in projects and initiatives for the benefit of the territory, the community, as well as the environment: operate responsibly, pay attention to people and pay attention to the environment.

ENVIRONMENTAL VALUE

Environmental stewardship is one of the cornerstones of the doValue Group's Sustainability Policy, outlining the Group's dedication to environmental sustainability. This policy establishes the Guiding Principles that underpin doValue's efforts, categorised according to the three pillars that form the foundation of doValue's Sustainability strategy.

To translate our commitment into tangible action at an operational level, we have formulated specific "Guidelines on Environmental Issues" that accompany our Sustainability Policy. These guidelines aim to establish principles and best practices that direct daily activities and the projects the Group chooses to support for the benefit of the environment.

doValue is ranked among the Corriere Della Sera's top 50 "Most Climate-Conscious Companies" for the ratio of CO2 emissions to turnover.

da processi o fonti rinnovabili 8.640mq renewable processes or sources 4,825mq

aree boschive create nel Parco del Ticino in Italia grazie al Progetto Zero Impact® Web 83% of forest protected in Madagascar thanks to the Zero Impact® Web Project 80%

85% 93%

dei materiali utilizzati proviene of materials used come from

energia rinnovabile sul totale di energia elettrica acquistata renewable energy on the total electricity purchased

— 6.1 Consumption of materials

Despite operating in a sector with a limited environmental impact, the doValue Group is constantly committed to environmental sustainability. Its goal is to actively contribute to sustainable growth while respecting the environment and ecosystems.

doValue places a strong emphasis on managing material consumption, primarily related to standard office supplies. It encourages the adoption of virtuous practices among employees and within business relationships, prioritising the use of sustainable and highly recyclable materials.

In Italy, the Group tries to limit paper consumption and consequently toner consumption through an authentication system, which requires each employee to enter a personal PIN to start printing. Moreover, in both Italy and Greece, doValue prioritises the procurement of paper that is certified according to environmental sustainability criteria, for example, FSC, PEFC or EcoLabel).

doValue Spain and its subsidiaries also pay attention to the responsible use of materials.

For instance, it's worth noting that the Madrid office is equipped with innovative laser printers designed to significantly lower toner consumption.

Regarding doValue Greece, as will be further discussed in the context of energy consumption, the company is assessing the feasibility of various sustainability initiatives to ensure alignment with the exemplary practices adopted at the group level.

In 2023, there was a notable decrease in paper consumption, whereas the use of toner and other office materials experienced a significant increase, primarily due to the timing of purchases. Specifically, the renewable materials used during 2023 totalled over 27,702 kg (compared to 27,094 kg in 2022), and represented approximately 93% of the total materials. In this context, it is also highlighted that the consumption of non-renewable materials, amounting to 2,091 kg, has seen a drastic reduction compared to the 2022 figure, with a decrease of 2,839 kg.

Materials used by weight or volume13	UdM	2023	2022	2021
Paper	kg	27,883	29,941	35,735
Toners, cartridges and stationery (envelopes, folders, binders, boxes, labels, signature books, return receipt postcards)	kg	959	514	14,207
Plastic	kg	798	624	-
Glass	kg	34	118	-
IT Materials	kg	120	489	-

The scope was extended to the entire doValue Group (Italy, Greece, Spain, Cyprus and Portugal) starting from 2022. The data from the previous years refer to Italy, Greece and Spain. Additionally, it's important to mention that data on the consumption of plastic, glass, and IT materials have been recorded starting from 2022, and as such, are not available for 2021. 13

— 6.2 Energy consumption and greenhouse gas emissions

The Group's energy consumption is mainly linked to lighting, heating and air-conditioning systems serving the offices, the data centre and the server rooms.

In continuity with previous years, the Group has continued to enhance the efficiency of its energy consumption, further improving its energy sustainability. In fact, doValue has also renewed the contract with the company Repower Srl for the supply of electricity from renewable sources for the entire Italian real estate perimeter for 2023. The electricity delivered by the supplier, whose origin is verified by the third-party certification body TUV Italia, is produced by plants fuelled by renewable sources within Italy. The supply is certified by Guarantees of Origin (GO), i.e. electronic certifications issued by the supplier certifying the renewable origin of the sources used by IGO-qualified plants.

In continuity with what was achieved in 2022, several energy efficiency interventions were also completed in 2023 at the doValue S.p.A. offices to reduce environmental impacts to a minimum.

Specifically:

• in agreement with the owners of Rome Lungotevere Flaminio (FINAMO), the old refrigeration units, previously classified in a high energy consumption category, were replaced with heat pump units. This change also involved the decommissioning of the heating plant, leading to a significant reduction in gas consumption. This intervention resulted in a reduction in electricity consumption (by 22% in July) and a lower consumption of methane gas (-73% compared to 2022);
• installation of motion detectors for the automatic switching on/off of lights in the Milan Brenta, Bari and Naples offices;
• • awareness campaign for employees regarding the correct and sustainable use of energy sources;
• greater control of the temperature inside of working environments and manual setting of thermostats;
• • switching off internal and external lighting systems (perimeter area) and unused energy sources at the Group's offices during the night;
• • efficiency of the spaces of the offices of doValue in Italy;

These energy efficiency initiatives have led to a notable decrease in electricity consumption across the offices within the Italian perimeter, with a reduction of 14% compared to 2022.

The Facility structure also aims to implement all the necessary actions to reduce energy consumption for 2024.

To substantiate its commitment to the environment, doValue has developed "Guidelines on Environmental Issues." These guidelines are annexed to the doValue Group Sustainability Policy, outlining the principles and best practices to be adhered to in daily activities. The Guidelines were drawn up by the Procurement and Group Communication & Sustainability functions.

The doValue Spain, doValue Portugal and Altamira Cyprus companies are also attentive to the consumption of energy resources, the use of which remains confined to performing daily business activities. In particular, several measures were adopted during 2023 to reduce energy consumption:

• redistribution of employees across the different floors of the buildings, making space and energy consumption more efficient;
• weekly day for the offices to be closed, allowing all employees to work remotely;
• installation of charging stations for electric cars at the doValue Spain headquarters;
• inclusion of electric cars in the catalogue of the
• company car fleet;
• raising employee awareness for the conscious and sustainable use of thermostats.

The building and headquarters of doValue Greece is LEED Gold certified, and the certification renewal procedure has already been started. Furthermore, in continuity with previous years, the company has implemented a series of initiatives to align itself with the Group's practices, thus actively contributing to doValue's sustainability performance. In particular, the company continued the installation of presence detectors for automatically switching lights on and off in some buildings. Additionally, more charging stations for electric vehicles were installed, offering employees practical options for choosing cars with a lower environmental impact. Finally, the replacement of old light bulbs with LED solutions was executed.

During 2023, the Group's total electricity consumption amounted to 18,076 GJ, recording a positive trend of reduction in energy consumption attributable mainly to the energy efficiency measures mentioned above. The energy intensity at the Group level, based on total energy consumption, stands at 10.07 GJ per average number of employees. Furthermore, the proportion of electricity sourced from renewable energies is approximately 80%, which is substantially consistent .

Scope 1 emissions in 2023 were equal to 494 tonnes of CO2 equivalent, recording a slight increase compared to 2022 (377 CO2e) mainly related to expanding the company car fleet and greater fuel consumption. Conversely, there is a significant decrease in natural gas consumption of approximately 36% compared to 2022. Indirect Scope 2 emissions amounted to 1,809 according to the locationbased method and 277 according to the market-based method. This figure underscores the predominant share of energy procurement from renewable sources, which, as mentioned above, accounts for 80% of the energy purchased by the Group.

Energy consumption within the organisation14	UdM	2023	2022	2021
Natural gas	GJ	1,956	3,056	14,532
Diesel consumption for the fleet15	GJ	4,450	2,000	1,446
Petrol consumption for the fleet	GJ	714	694	598
Electricity purchased from the grid	GJ	18,076	19,145	18,420
of which from renewable sources (purchased)	GJ	14,456	15,804	15,908
% renewable of the total	%	80%	83%	86%
Total energy consumed within the organisation	GJ	25,197	24,895	34,997
Energy intensity16
Energy intensity compared to total consumption	GJ/average number of employees	10.07	9.09	12.83
Energy intensity compared to natural gas consumption	GJ/average number of employees	0.72	1.06	5.22
Energy intensity compared to diesel consumption	GJ/average number of employees	2.34	1.04	0.70
Energy intensity compared to petrol consumption	GJ/average number of employees	0.38	0.36	0.29
Energy intensity compared to purchased electricity consumption	GJ/average number of employees	6.64	6.63	6.62
Energy intensity compared to the consumption of electricity purchased from renewable sources	GJ/average number of employees	5.31	5.48	5.72

Unless otherwise specified, the data refers to the perimeter of Italy, Greece, and Spain (in some cases, they could be equal to 0 because they refer to fuels that are not used in the relevant locations). For the Portuguese company, energy consumption is deemed non-material, accounting for approximately 3% of the headcount. Meanwhile, in Cyprus, while investigations into the energy consumption data for office buildings have been conducted, such data are not available because they are neither held nor controlled by the company. We note the partial restatement of the 2022 data relating to natural gas consumption and the related energy intensity indices were carried out to refine the natural gas consumption database of doValue Greece. For the same reason, in the following table the relative values of Scope 1 emissions go from 913 to 377 tCO2e. Accordingly, the intensity rates of direct emissions have also been updated, now equal to 0.1647. Finally, with reference to 2021, it should be noted that the data relates to the reporting perimeter prior to the corporate reorganisation and the related interventions on the amounts of real estate assets (for further details, consult the Methodological Note of the 2021 NFS). 14

From 2022, the perimeter has been extended to include the consumption of the Italian, Spanish and Cyprus fleets (the latter equal to zero for the year 2023). Regarding the Italian car fleet, it should be noted that 2021 consumption was estimated on the basis of 2020 consumption due to the unavailability of timely data. 15

The energy intensities have been calculated considering the different scopes in terms of the average number of employees for consumption related to office buildings and car fleet. 16

Emissions	UdM	2023	2022	2021
Direct emissions (Scope 1)
Natural gas	tCO2 e	115	180	850
Diesel for the fleet	tCO2 e	327	147	106
Petrol for the fleet	tCO2 e	52	50	44
Petrol electric hybrid	tCO2 e	-	-	-
Refrigerant gases used for air conditioning	tCO2 e	-	-	-
Total	tCO2e	494	377	1.000
Indirect emissions (Scope 2)
Electricity purchased from the grid (Location-based emissions)	tCO2 e	1,809	1,963	1,943
Electricity purchased from the grid (Market-based emissions)	tCO2 e	277	279	267
Emissioni GHG tCO2e / n° medio dipendenti
Direct emissions	tCO2 e / average no. employees	0.2413	0.1647	0.3778
Indirect emissions (location-based)	tCO2 e / average no. employees	0.6648	0.6804	0.6987
Indirect emissions (market-based)	tCO2 e / average no. employees	0.1016	0.0967	0.0959

Conversion factors	UdM	2023	2022	2021
Natural Gas Emission Factor - Source: DEFRA 2021, 2020, 2019 respectively for the reporting periods 2023, 2022 and 2021	kgCO2 e/ kWh	0.1843	0.1839	0.1832
Diesel & Petrol Emission Factor - Source: DEFRA 2023, 2022, 2021 respectively for the reporting periods 2023, 2022 and 2021. Emission factors of the car fleet (diesel and petrol) ISPRA.	kgCO2 e/ kWh	Specific emission factors were considered for each category of car	Specific emission factors were considered for each category of car	Specific emission factors were considered for each category of car
Terna - International comparisons 2019 for 2021, 2022 and 2023	kgCO2 e/ kWh	0.315 (Italy) 0.428 (Greece) 0.210 (Spain)	0.315 (Italy) 0.428 (Greece) 0.210 (Spain)	0.315 (Italy) 0.428 (Greece) 0.210 (Spain)
European Residual Mixes 2019 for 2021 data, European Residual Mixes 2020 for 2022, European Residual Mixes 2022 for 2023	kgCO2 e/ kWh	0.457 (Italy) 0.531 (Greece) 0.275 (Spain)	0.458 (Italy) 0.490 (Greece) 0.286 (Spain)	0.465 (Italy) 0.577 (Greece) 0.342 (Spain)

Scope 3 consumption

The Group focuses on optimising and reducing consumption and atmospheric pollution as part of monitoring and containing energy consumption and emissions. In developing increasingly complete nonfinancial reporting in line with the best market practices, the doValue Group, since FY21, has enhanced its reporting on environmental issues by extending the calculation of Scope 3 emissions to the total scope. This is referred to as an extension and not as an ex novo exercise because to comply with the requirements of Spanish Law 11/2018, some categories of Scope 3 emissions were already reported in the previous reporting periods with specific reference to the Spain scope.

The "other indirect GHG emissions (Scope 3)," as outlined by the GHG Protocol17 guidelines, refer to emissions from an organisation's activities originating from sources not owned or controlled by the organisation. According to life cycle management principles, they include emissions both upstream and downstream of the production processes and provision of activities and services: some relevant examples are the emissions relating to the production of purchased materials, the fuel consumption of non-owned vehicles, the final use of products and services, and the consumption of waste decomposition processes.

The investigable universe of Scope 3 emissions is essentially quite vast and strongly influenced by the reference business, and as imagined, is more applicable to industrial and less "people-oriented" business activities. Regarding this specific type of data, the processes that determine emissions relating to the provision of the Group's predominantly intellectual services were therefore investigated, i.e., emissions deriving from business trips and travel by air and rail.

ghgprotocol.org/scope-3-technical-calculation-guidance 17

The emissions reported relate to the entire Group scope, calculated using the fuel-based method and compared with the 2022 data already reported in the NFS of the previous reporting year.

Emissions	UdM	2023	2022
Other emissions (Scope 3)18
Indirect emissions related to business travel – plane	tCO2 e	147.65	136.93
indirect emissions related to business travel– train	tCO2 e	36.69	23.04
Indirect emissions related to business travel – Total	tCO2 e	184.35	159.97
GHG tCO2e emissions / average no. employees
Indirect emissions related to business travel – Total	tCO2 e / average no. employees	0.06	0,05

Conversion factors	UdM	2023	2022
Natural Gas Emission Factor - Source: DEFRA 2022 and 2020 respectively for the reporting	kgCO2 e/km	0,17580 (aereo) 0,035463 (treno)	0,18362 (aereo) 0,03549 (treno)

The data presented in table format indicate that emissions experienced a slight increase during 2023. However, when focusing on the parameter of emissions intensity per average number of employees, the figures remain consistent with those of the previous reporting year in absolute values.

18 The analysis encompasses the entire Group, although the subsidiaries in Greece, Portugal, and Cyprus have reported values equal to zero for the reporting year.

— 6.3 Waste production and disposal

The doValue Group is dedicated to minimising its environmental footprint daily and adheres to responsible practices in the generation and disposal of waste relating exclusively to office activities. This responsibility is reflected in compliance with the regulations in the countries where the Group operates and in the dissemination of good practices that employees are called upon to adopt in their daily work to promote a culture of respect for the environment.

In Italy, waste disposal is managed by a facilities service company. In 2022 and 2023, this company oversaw cleaning services and ensured the proper disposal of produced waste. This is documented on specific forms available at each location.

Since 2017, doValue has taken steps to implement a separate waste collection service at every Italian site, providing everyone with special containers for collecting the different materials (plastic/glass/metal, organic waste, paper/card/cardboard waste).

doValue Spain also adopts behaviours aimed at reducing waste production as much as possible. Among the initiatives implemented, we should mention:

• the recycling of paper, which the company contracts to an external supplier regarding the destruction of confidential documents in compliance with the standard UNE-EN 15713:2010 "Secure destruction of confidential documents";
• the responsible disposal of computers, also in this case carried out by a supplier who, on the one hand, guarantees disposal under the Data Protection Law, and on the other, ensures the proper conduct of the recycling process of the devices;
• the recycling of batteries, for which special containers have been placed in the Spanish offices, in response to the campaign conducted by the environmental department of the regional government;
• the correct sorting and recycling of waste through the placement in the Spanish company's headquarters of special containers for the separate collection of organic waste, plastics, metal, paper, cardboard and fluorescent materials.
• the installation of water dispensers, limiting the consumption of disposable plastic.

Waste management is considered a part of the environmental risks associated with the operations of the Spanish company19. Consequently, suppliers tasked with providing maintenance services and carrying out conservation works on real estate assets are required to act following relevant regulations. To ensure compliance, they must document waste management and proper oversight.

With these suppliers, environmental checks are carried out through two different lines of action:

• preventive checks carried out by the supplier in question, who is contractually obliged to include these checks in the maintenance plan for each property. They are also conducted if requested by the administration or by third parties;
• corrective actions, defined following a preventive check or upon the request of a third party (primarily public authorities) when an environmental risk is identified. doValue Spain also mandates its suppliers to exhibit responsible behaviour in the production and disposal of waste, ensuring operations adhere to current laws and regulations.

In 2023, waste production amounted to 13,735 kg, compared to 78,420 kg in 2022, a significant decrease compared to the previous reporting year. Please note that the data relating to the two years 2021 - 2022 includes the waste produced by the extraordinary activities of releasing the properties as part of the corporate reorganisation.

Waste20	UdM	2023	2022	2021
Total waste produced	Kg	13,735	78,420	48,129
Of which hazardous	Kg	120	578	730
Of which non-hazardous	Kg	13,615	77,842	47,399

It should be noted that, with the exception of the Spanish company, the activities of the doValue Group do not present significant impacts related to the production of waste. The 2021 data refer only to the Italian companies and the Spanish company of the Group, while from 2022 the data also include the Portuguese LEs. 19 20

— 6.4 Environmental projects and initiatives

As mentioned in the previous sections, the Group has developed various initiatives to achieve increasingly virtuous environmental performance and to spread a culture of sustainability within the company.

The actions implemented by the Facility structure at the Group level and by the relevant departments in other companies exemplify this commitment.

The desire to actively contribute to a more sustainable future and the sense of responsibility towards its stakeholders has led doValue to pay particular attention to environmental sustainability issues. This awareness translates daily into concrete actions to proactively tackle the challenge of pollution, reduce the environmental impact of its activities and ensure that future generations can count on a cleaner, more sustainable planet. The Group is also committed to sharing and disseminating to all its stakeholders' positive behaviours in line with the principles of sustainable development.

To solidify its environmental commitment, as previously mentioned, "Guidelines on Environmental Issues" were established. These outline principles and best practices to steer daily actions and the projects the Group chooses to support for the benefit of the environment.

LIFEGATE - Zero Impact® Web

doValue renewed its membership in the Zero Impact®Web initiative, the Life-Gate project to calculate, reduce and compensate for the CO 2 emissions from browsing online. In this way, the Group offsets carbon dioxide emissions from visits to their websites, reducing the environmental impact of web visits and contributing to creating and protecting growing forests.

In 2023, this initiative enabled the contribution to the conservation and protection of approximately 4,825 square meters of expanding forests in Madagascar, which are capable of absorbing 6,480 kg of CO2 in a single year.

The partnership with Lifegate represents the tangible commitment of doValue to a reforestation project aimed at combating global warming.

Certified partners for services and production of material

The Group relies on certified Partners who guarantee high quality standards, such as catering with organic and kmØ products that use eco-compostable material, and preferring, for producing gadgets, certified or recycled materials that respect the environment. To improve its environmental performance, the Group has therefore integrated methods for selecting suppliers and partners that also allow them to be assessed from an environmental point of view; for more detailed information, please refer to paragraph 5.5 Sustainable management of the supply chain.

FAI membership

doValue has chosen to support FAI (Fondo per l'Ambiente Italiano) by subscribing to the Corporate Golden Donor corporate membership Programme. FAI is a non-profit foundation which aims to protect and upgrade Italy's historical, artistic and landscape heritage. In Italy, joining the FAI means supporting a major cultural preservation project to protect and promote this country's beauty, and raising awareness of, respect for and care of art and nature.

As supporters of the Foundation, doValue employees had the opportunity to participate in exclusive cultural webinars dedicated to discovering the FAI assets that doValue contributed to protecting.

METHODOLOGICAL NOTE

— Methodological note

For years, the doValue Group has aimed to disseminate and share its culture of sustainability with all stakeholders, showcasing the results attained and future goals via a structured and all-inclusive document. This approach acknowledges the increasing significance of environmental and social issues within the global economy and the European regulatory framework.

The 2023 Consolidated Non-Financial Statement (CNFS), covering the financial year from 1 January 2023 to 31 December 2023, marks the doValue Group's seventh CNFS21. It comprehensively overviews the Group's sustainability journey and ESG performance. Additionally, it outlines the Group's evolutionary trajectories and future prospects in light of changes in the relevant legislative and regulatory framework. The document, whose previous version was published in March 2023, is prepared pursuant to Italian Legislative Decree 254/2016, which implements Directive 2014/95/ EU. It also adheres to the related Consob Implementing Regulation, adopted by Resolution No. 20267 on 18 January 2018.

The 2023 CNFS also incorporates, in a separate Appendix, the disclosure requirements under EU Regulation 852/2020 (the so-called "EU Taxonomy"), in terms of eligibility and alignment, to which the Limited Assurance activities of the company responsible for auditing the CNFS do not extend.

Further information was disclosed under the principle of maximum transparency to ensure an understanding of the Group's activities, performance, results and impacts. The NFS contains information related to environmental, social and personnel issues, respect for human rights and the fight against bribery and corruption.

In 2023, doValue continued the path of the progressive integration of sustainability into management processes through continuous improvement and the evolution of non-financial reporting, which represents not only a regulatory compliance document but also a strategic lever in risk monitoring and opportunity identification.

Unless stated otherwise in specific topics or the GRI Content Index, the reporting scope for the data and the qualitative and quantitative information in the CNFS pertains to the performance of the Parent Company doValue S.p.A. and its subsidiaries. These are consolidated line-by-line, as reflected in the Group Consolidated Financial Statements for the year ending on 31 December 202322 .

The reporting perimeter, which includes the various Legal Entities (hereinafter also "LEs") remained unchanged compared to the previous reporting year. Therefore, please refer to the Methodological Note of the 2022 CNFS for further details and to the last lines of this paragraph for the facilitated terms.

The contents of the NFS were determined based on the results of the materiality analysis conducted during the previous reporting period. Considering the present context and recent anticipated developments in sustainability, the doValue Group has decided it unnecessary to update the materiality analysis this year, as the material topics identified in 2022 still align with the Group's current priorities. Please refer to section 2.2 Materiality Analysis for more details.

Following this analysis, in line with the previous year's analysis, the report on the use of water resources, as outlined in Article 3 of Legislative Decree 254/2016, was not deemed significant for inclusion in this CNFS. The characteristics of the Group and the services provided are not associated with significant water consumption. Unless stated otherwise, the consolidated data should be interpreted as referring to the Legal Entities (LEs) in Italy, Greece, Cyprus, Spain, and Portugal.

The performance indicators presented adhere to the latest edition of the reporting standards published in 2021 (GRI 1, GRI 2, and GRI 3), which became effective on 1 January 2023, as well as all other applicable GRIs from 2016. The standards adopted represent the different areas of sustainability and consistent with the activity carried out and the impacts produced. In particular, the choice of indicators has been made based on the materiality analysis and the issues referred to in the Decree. The "GRI content index" is included at the end of the document, with the details of the contents reported, per the above reporting standards.

The CNFS includes an appendix with data and information related to the scope of Spanish Law 11/2018, which transposes Directive 95/2014/EU. This appendix

All Non-Financial Statements related to the Group from the year 2017 onwards are taken into consideration. 21

When reviewing the entire document and the data provided, we should also consider the significant downsizing of operations within the Portuguese perimeter in 2023. The 2023 Consolidated Annual Financial Report provides more details. Portugal is no longer considered a strategic area for the Group's business. 22

addresses the additional requirements mandated by Spanish legislation compared to Italian Legislative Decree 254/2016. Please refer to the appendix itself for further information on scope and content.

The published data are presented in comparative form to provide a complete and in-depth overview of the performances of the Group, where possible. The quantitative information in relation to which estimates were used are duly indicated. The document also specifies that any restatements of previously published comparative data are clearly identified as such within the document.

It's important to note that in preparing the CNFS, the principle of incorporation by reference was employed to prevent redundant information concerning other public documents that already contain the same data.

This CNFS was approved by the doValue S.p.A. Board of Directors on 20 March 2024 and previously submitted to the Risk, Related Party Transactions and Sustainability Committee.

Pursuant to Article 3, section 10 of the Decree, the CNFS was subject to a specific declaration of conformity with the requirements of the Decree and the 2021 GRI Standards by EY S.p.A., reported in the annexe to this document.

To aid in understanding the document, it is noted that the following terms are used within it:

• Group" or "doValue" to indicate the set of activities belonging to doValue S.p.A., doNext S.p.A., doData Srl, doValue Spain Servicing S.A. (formerly Altamira Asset Management S.A.), Adsolum Real
• Estate SL, doValue Cyprus Limited (formerly Altamira Asset Management Cyprus Limited), doValue Special Projects Cyprus Limited (formerly doValue Cyprus Limited), doValue Portugal, Unip. Lda., doValue Greece Loans and Credits Claim Management Société Anonyme, doValue Greece Real Estate Services single member Société Anonyme, Zarco STC, S.A. and Adsolum Real Estate S.L.;
• "Parent Company" to indicate the activities headed by doValue S.p.A.;
• doValue Spain and its subsidiaries" to indicate all the activities carried out by doValue Spain Servicing

S.A. (formerly Altamira Asset Management S.A.), doValue Cyprus Limited (formerly Altamira Asset Management Cyprus Limited), doValue Special Projects Cyprus Limited (formerly doValue Cyprus Limited), doValue Portugal Unip Lda., Zarco STC, Adsolum Real Estate S.L.;

• "Italy" to indicate all the activities headed by doValue S.p.A., doNext S.p.A. and doData Srl;
• "Greece" indicates all the activities headed by doValue Greece Loans and Credits Claim Management Société Anonyme and doValue Greece Real Estate Services single member Société Anonyme;
• "Spain" to indicate all the activities headed by doValue Spain Servicing S.A. (formerly Altamira Asset Management S.A.), Adsolum Real Estate SL;
• "Portugal" indicates all the activities headed by doValue Portugal, Unip. Lda., Zarco STC;
• "Cyprus" to indicate all the activities belonging to doValue Cyprus Limited (formerly Altamira Asset Management Cyprus Limited) and doValue Special Projects Cyprus Limited (formerly doValue Cyprus Limited).

The document is disseminated by publication on the institutional website, along with the Consolidated Financial Statements.

Contact: groupcommunication&sustainability@dovalue.it

GRI CONTENT INDEX

— GRI content index

Declaration of use	The doValue Group has drawn up the Consolidated Non-Financial Statement in compliance with the GRI Standards for the period 01/01/2023 - 31/12/2023.
GRI 1 used	GRI 1: Fundamental principles 2021
	Applicable GRI Sector Standards		N/A
Standard GRI	General	Location	Requirements omitted Reason Explanation	Note
	GRI 1: Fundamental Principles 2021
General information
	2-1 Organisational details	Methodological Note
	2-2 Entities included in the organisation's sustainability reporting	Methodological note 1.2. The Development of a Sustainable Financial System: Group Purpose, Vision, Mission and Strategy 1.4 Legal status and shareholder structure
	2-3 Reporting period, frequency and point of contact	Methodological Note
	2-4 Restatements of information	Methodological Note
GRI 2: General Information 2021	2-5 External assurance	Methodological note on the Independent Audit Company Report
	2-6 Activities, value chain and other business relationships	Company Report
	2-7 Employees	4.1 doValue and its People 4.2 Protecting diversity and respect for human rights
	2-8 Non-employed workers	4.1 doValue and its People
	2-9 Governance structure and composition	4.2 Protecting diversity and respect for human rights

GRI 2: General Information 2021	2-10 - Nominating and selecting the top governance body		The Board comprises ten members, of which five are independent, including the Chairman. Half of the members of the new Board of Directors (5 out of 10) belong to the less represented gender (female), in compliance with the gender balance regulations in force. For more information, please refer to the Regulations of the Board of Directors on the Institutional Website.
	2-11 - Chairman of the highest governing body		The Chairman of the Board of Directors is elected from the non-Executive members of the Board. For more information please refer to the Art. 4 of the Regulations of the Board of Directors on the Institutional Website.
	2-12 - Role of the highest governing body in controlling impact management	1.2. The Development of a Sustainable Financial System: Group Purpose, Vision, Mission and Strategy 2.2 Materiality Analysis
	2-13 Delegation of responsibilities of impact management	2.2 Materiality Analysis 3.1 Ethics and business integrity 3.2 Governance and risk management
	2-14 Role of the highest governing body in sustainability reporting	Methodological Note
	2-15 Conflicts of interest	3.1 Ethics and business integrity 3.2 Governance and risk management
	2-16 Communication of critical issues	3.1 Ethics and business integrity 3.2 Governance and risk management
	2-17 Collective knowledge of the highest governing body	1.2. The Development of a Sustainable Financial System: Group Purpose, Vision, Mission and Strategy 2.2 Materiality Analysis

	2-18 Assessment of the performance of the highest governing body	3.1 Ethics and business integrity
	2-19 Remuneration rules	3.1 Ethics and business integrity
	2-20 Salary determination procedure	3.1 Ethics and business integrity
	2-21 Annual Total Compensation Report		b) Information unavailable/ incomplete	A ratio of 8.6 is reported, calculated in line with last year's methodologies as Group CEO first lines + Country Manager first lines (numerator) / Average 2022 fixed remuneration (not including STI+LTI) of all company personnel (not including CEO and Country Manager first lines) (denominator). Please also refer to the disclosure pursuant to Spanish Law 11/2018.
	2-22 Sustainable development strategy statement	Letter from the CEO
GRI 2: General Information 2021	2-23 Commitment in terms of policy	1.2 The Development of a Sustainable Financial System: Purpose, Vision, Mission and Strategy of the Group
	2-24 Integration of commitments in terms of policy	1.2 The Development of a Sustainable Financial System: Purpose, Vision, Mission and Strategy of the Group
	2-25 Processes aimed at remedying negative impacts	3.2 Governance and risk management
	2-26 Mechanisms for requesting clarifications and raising concerns	3.1 Ethics and business integrity
	2-27 Compliance with laws and regulations	3.1 Ethics and business integrity 3.2 Governance and risk management
	2-28 Association membership	5.6 doValue and the Territory: the Group strategy and local initiatives
	2-29 Approach to stakeholder engagement	2.3 Dialogue with our Stakeholders
	2-30 Collective contracts	2.2 Materiality Analysis 2.3 Dialogue with our Stakeholders

GRI 3: Material topics 2021	3-1 Process for determining material topics	2.2 Materiality Analysis 2.3 Dialogue with Stakeholders 2.4 Evolutionary trajectories and prospective vision
	3-2 List of material topics	2.2 Materiality Analysis
MATERIAL TOPICS
	GROUP ECONOMIC PERFORMANCE, RISK MANAGEMENT AND FINANCIAL SOUNDNESS
GRI 3: Material topics 2021	3-3 Management of material topics	1.3 Operating model and value creation
GRI 201: Economic performance 2016	201-1 Direct economic value generated and distributed	5.5 Generated, distributed and retained economic value
	ANTI-CORRUPTION POLICIES AND PROCEDURES
GRI 3: Material topics 2021	3-3 Management of material topics	3.1 Ethics and business integrity
GRI 205: Anti corruption 2016	205-2 Communication and training on anti-corruption policies and procedures	3.1 Ethics and business integrity
	205-3 Confirmed incidents of corruption and actions taken	3.1 Ethics and business integrity
	CYBERSECURITY AND PROTECTION OF PRIVACY
GRI 3: Material topics 2021	3-3 Management of material topics	5.2 Privacy, data security and digital innovation
GRI 418 Customer privacy 2016	418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data	5.2 Privacy, data security and digital innovation
INNOVATION AND DIGITAL STRATEGY
GRI 3: Material topics 2021	3-3 Management of material topics	5.2 Privacy, data security and digital innovation
Stand-alone Indicator	Digital, security and privacy training	5.2 Privacy, data security and digital innovation

RESPONSIBILITY IN THE PROVISION OF SERVICES
GRI 3: Material topics 2021	3-3 Management of material topics	1.2. The Development of a Sustainable Financial System: Group Purpose, Vision, Mission and Strategy 1.3 Operating model and value creation
GRI 417 Marketing and labelling 2016	417-2 Incidents of non compliance concerning product and service information and labelling	5.1 Transparency, fairness and responsibility in the provision of services
	TRAINING, DEVELOPMENT OF SKILLS AND UPGRADING OF TALENTS
GRI 3: Material topics 2021	3-3 Management of material topics	4.3 Training, development and enhancing talents
GRI 404 Training and education 2016	404-1 Average hours of training per year per employee	4.3 Training, development and enhancing talents
EMPLOYEE WELL-BEING
GRI 3: Material topics 2021	3-3 Management of material topics	4.3 Training, development and enhancing talents 4.4 Employees' well-being
	401-1 New employee hires and employee turnover	4.1 doValue and its People
GRI 401 Employment 2016	401-2 Benefits provided to full-time employees that are not provided to temporary or part-time employees	4.4 Employees' well-being
GRI 402 Labour/ Management Relations 2016	402-1 Minimum notice periods regarding operational changes	4.4 Employees' well-being
WORKPLACE HEALTH, WELL-BEING AND SAFETY
GRI 3: Material topics 2021	3-3 Management of material topics	4.6 Workplace health and safety
GRI 403 Occupational health and safety 2018	403-1 Occupational health and safety management system	4.6 Workplace health and safety
	403-2 Hazard identification, risk assessment and incident investigation	4.6 Workplace health and safety
	403-3 Occupational health services	4.6 Workplace health and safety

GRI 403 Occupational health and safety 2018	403-4 Worker participation, consultation and communication on occupational health and safety	4.6 Workplace health and safety
	403-5 Worker training on occupational health and safety	4.3 Training, development and enhancing talents 4.6 Workplace health and safety
	403-6 Promotion of worker health	4.6 Workplace health and safety
	403-7 Prevention and mitigation of occupational health and safety impacts within business relationships	4.6 Workplace health and safety
	403-9 Work-related injuries	4.6 Workplace health and safety
	403-10 Work-related ill health		b) The data is not available because it is not under the Group's direct control.	No cases of work-related ill health have been recorded, nor are occupational hazards of such importance that they pose significant risks of work related ill health.
	DIVERSITY, INCLUSION AND EQUAL OPPORTUNITIES
GRI 3: Material topics 2021	3-3 Management of material topics	4.2 Protecting diversity and respect for human rights
GRI 405 Diversity and equal opportunity 2016	405-1 Diversity of governance bodies and employees	4.2 Protecting diversity and respect for human rights
GRI 406 Non discrimination 2016	406-1 Incidents of discrimination and corrective actions taken	4.2 Protecting diversity and respect for human rights
	ETHICS AND BUSINESS INTEGRITY
GRI 3: Material topics 2021	3-3 Management of material topics	1.2. Lo Sviluppo di un Sistema Finanziario Sostenibile: Purpose, Vision, Mission e Strategy del Gruppo
GRI 206 Anti-competitive behaviour 2016	206-1 Legal actions concerning anti-competitive behaviour, anti-trust and monopolistic	3.1 Ethics and business integrity

	DIRECT ENVIRONMENTAL IMPACTS
GRI 3: Material topics 2021	3-3 Management of material topics	6.1 Consumption of materials 6.2 Energy consumption and greenhouse gas emissions 6.3 Waste production and disposal
GRI 301 Materials 2016	301-1 Materials used by weight or volume	6.1 Consumption of materials		As per the methodological note, please refer to the footnote on the reference table page.
	302-1 Energy consumption within the organisation	6.2 Energy consumption and greenhouse gas emissions
GRI 302 Energy 2016	302-3 Energy intensity	6.2 Energy consumption and greenhouse gas emissions		As per the methodological note, please refer to the footnote on the reference table page.
	302-4 Reduction in energy consumption	6.2 Energy consumption and greenhouse gas emissions
	306-1 Waste generation and significant waste-related impacts	6.3 Waste production and disposal
GRI 306 Waste 2020	306-2 Management of significant impacts related to waste	6.3 Waste production and disposal
	306-3 Waste generated	6.3 Waste production and disposal		As per the methodological note, please refer to the footnote on the reference table page.
	CLIMATE AND ENVIRONMENTAL RISK MITIGATION
GRI 3: Material topics 2021	3-3 Management of material topics	6.2 Energy consumption and greenhouse gas emissions 6.4 Environment projects and initiatives
	305-1 Direct (Scope 1) GHG emissions	6.2 Energy consumption and greenhouse gas emissions		As per the methodological note, please refer to the footnote on
GRI 305 Emissions 2016	305-2 Energy indirect (Scope 2) GHG emissions	6.2 Energy consumption and greenhouse gas emissions
	305-3 Other indirect GHG emissions (Scope 3)	6.2 Energy consumption and greenhouse gas emissions		the reference table page.
	305-4 GHG emissions intensity	6.2 Energy consumption and greenhouse gas emissions

GRI 307 Environmental compliance 2016	307-1 Non-compliance with environmental laws and regulations		The absence of fines and non-monetary sanctions related to compliance with environmental laws and regulations is also recorded in 2023.
	SUSTAINABLE MANAGEMENT OF THE SUPPLY CHAIN
GRI 3: 2021 Material topics	3-3 Management of material topics	5.4 Sustainable management of the supply chain
GRI 204 Procurement practices 2016	204-1 Proportion of spending on local suppliers	5.4 Sustainable management of the supply chain	The data refers exclusively to the Italian perimeter of the doValue Group due to unavailability of data.
GRI 308 Environmental assessment of suppliers 2016	308-1 New suppliers that were screened using environmental criteria	5.4 Sustainable management of the supply chain
GRI 414 Supplier social assessment 2016	414-1 New suppliers that were screened using social criteria	5.4 Sustainable management of the supply chain
	ECONOMIC BALANCE AND FINANCIAL INCLUSION
GRI 3: 2021 Material topics	3-3 Management of material topics	1.2 The Development of a Sustainable Financial System: Group Purpose, Vision, Mission and Strategy
Stand-alone Indicator	Gross Book Value (GBV)	1.1 doValue: a story of growth and diversification
COMMITMENT TO LOCAL COMMUNITIES
GRI 3: 2021 Material topics	3-3 Management of material topics	5.6 doValue and the territory: the Group strategy and local initiatives
GRI 413: Local communities	413- 2 Operations with significant actual and potential negative impacts on local communities	2.3 Dialogue with our Stakeholders 5.3 Monitoring the level of customer satisfaction	In light of the numerous initiatives carried out by the Group for the benefit of communities and types of business, also during 2023 we highlight the absence of negative impacts, potential or actual, on local communities.
DIALOGUE WITH STAKEHOLDERS
GRI 3: 2021 Material topics	3-3 Management of material topics

APPENDIX - ADDITIONAL REQUIREMENTS ESTABLISHED IN SPANISH LAW 11/2018 OF 28 DECEMBER, AMENDING THE SPANISH CÓDIGO DE COMERCIO

— 1 doValue Spain and Subsidiaries

1.1 2023 in numbers

	2023	2022	2021
Net turnover (thousands of euros)	84,502	159.145	208,760
Number of employees (FTE)	1,009	1,071	1,124

In 2023, the Group's structure remained consistent with the previous reporting period. It's worth noting, as mentioned in the Methodological Note, the name change of Altamira Asset Management, S.A. to doValue Spain and the significant downsizing of business operations in Portugal perimeter started during 2023, which has a significant impact on the data and information being reported. For further details of a strictly financial nature, please refer to the 2023 Consolidated Annual Financial Report of the doValue Group.

1.2 The structure of doValue Spain and its subsidiaries

doValue Spain (formerly Altamira Asset Management Holding, S.L.) is the Parent Company of the following companies:

• doValue Spain Servicing, S.A. (formerly Altamira Asset Management, S.A.), a company based in Las Rozas (Madrid, Spain) wholly controlled by doValue S.p.A. (100%);
• Adsolum Real Estate, S.L., a company based in Las Rozas (Madrid, Spain) 100% owned by doValue Spain Servicing, S.A.;
• doValue Portugal, Unip. Lda (formerly Altamira Asset Management Portugal, Unip. Lda.), a company based in Lisbon (Portugal) 100% owned by doValue Spain Servicing, S.A.;
• Zarco STC, S.A. based in Lisbon (Portugal);
• doValue Cyprus Limited (formerly Altamira Asset Management Cyprus Limited), a company based in Nicosia (Cyprus) 100% controlled by doValue Spain Servicing, S.A.;
• doValue Special Projects Cyprus Limited (formerly doValue Cyprus Limited), a company based in Cyprus, 6% owned by doValue Spain Servicing, S.A.

doValue Spain was incorporated in Madrid and is registered for commercial and tax purposes at Paseo de la Castellana 143, 28046 Madrid.

doValue Spain's corporate purpose includes investments and administrative and executive management, on its own account or on behalf of third parties, of all types of loans, credits, debt instruments and real estate and the provision of other ancillary services.

In particular, doValue Spain provides the following services:

• portfolio advice and management, also regarding the sale and purchase of portfolios, which is based on the definition of asset management methodologies and analysis activities (for example, due diligence and real estate valuations);
• management of loans, i.e., activities related to the administration and recovery of debt in and out of court;
• marketing of real estate, both through its enhancement and through the creation and implementation of adequate sales plans, including operational asset management and rental plans for commercial and residential properties;
• developing and promoting real estate by optimising and managing land portfolios, the economic and financial analysis of the potential for land development, implementing design and development activities of interrupted construction and developing own and subcontracted construction projects;
• international development, with a commercial methodology that includes differentiated sales processes for the countries in which it is present.

Operating countries	Spain, Cyprus and Portugal
Sector served	Real estate servicing
Customers and beneficiaries	Customers and beneficiaries of sales and services mainly involving the management, execution and recovery of debts in and out of court and the management, administration and sale of real estate

1.3 Objectives and strategic guidelines

doValue Spain and its subsidiaries continue to hold a prominent position as a manager of financial and real estate assets in Southern Europe. This is attributed to its integrated management model, which emphasises leadership, operational excellence, results orientation, and teamwork.

The pursuit of these objectives is based on the implementation of a strategy built on the following pillars:

1. Sustainable growth: diversifying portfolios and clientele to boost business volume and decrease reliance on any single customer, thereby enhancing the business's profitability and sustainability.

2. Attraction and retention of talents:

3. consolidating and strengthening the company's image by promoting the creation of value for employees;

4. attraction and retention of talents through recruiting activities that reward skills and behaviours in line with the corporate culture and through training, development and career planning pathways;
5. offering a competitive salary and a system of benefits linked to the achievement of individual and corporate objectives;

6. implementing appropriate Programmes to foster work-life balance.

7. Digital marketing and sales, through:

8. a business line specialised in the marketing of new properties, including those that can custom made;

9. digital channels, such as the Altamira Inmuebles website and owner portals such as Idealista and Fotocasa;

10. 360º virtual tour of homes and the option to display virtual furnishings on the website are offered to ensure an enhanced user experience.

11. Innovation and efficiency, through:

12. artificial intelligence applied to the real estate sector to improve customer experience and the quality of the service offered;

13. strengthening of internal operational management tools for work processes and procedures;
14. creating synergies between working groups to improve corporate productivity.

In the coming years, doValue Spain's strategy will remain focused on national and international expansion in the management of real estate and financial assets. Additionally, the strategy emphasises enhancing service quality by consistently aligning with the asset management goals established by customers.

— 2 Staff

The following pages contain additional information about the management and characteristics of the personnel at doValue Spain and its subsidiaries, supplementing the data presented in the Consolidated Non-Financial Statement of doValue.

2.1 Employee information

In 2023, the employee count at doValue Spain and its subsidiaries stood at 1,009, decreasing from 1,071 in 2022. This reduction is primarily due to the downsizing of business operations within the Portuguese perimeter.

Average Contracts23

The tables below show the average annual trend of fixed-term, full-time, and part-time contracts for the Spanish, Portuguese and Cyprus companies. The data are reported by professional category, gender, and age of employees.

Spain - Average number of permanent contracts, and part-time contracts		2023							2022
		Women			Men			Women			Men
		≤29	30-50	≥50	≤29	30-50	≥50	≤29	30-50	≥50	≤29	30-50	≥50
	Top management		10.41	4.13		23.30	12.82	0.51	11.07	3.32		27.74	16.39
Average number of part-time contracts	Middle management	2.70	81.16	19.84	1.57	89.68	28.04	2.11	101.67	23.92	8.64	111.86	38.09
	Staff	6.15	131.55	26.50	7.13	84.61	14.25	15.06	149.16	28.60	7.56	98.51	22.83
Average number	Top management
of fixed-term	Middle management											0.02
contracts	Staff							0.24
Average number of part- time contracts	Top management
	Middle management					0.80						0.83
	Staff
Total		8.85	223.13	50.48	8.70	198.40	55.11	17.93	261.90	55.85	16.20	238.96	77.31

23 The contract average is calculated based on the days each employee was employed, the sum of which was re-proportioned for 365 days.

Portugal - Average number of permanent contracts, and part-time contracts		2023							2022
		Women			Men			Women			Men
		≤29	30-50	≥50	≤29	30-50	≥50	≤29	30-50	≥50	≤29	30-50	≥50
Average number	Top management		5.00		2.00	2.00			3.42			4.92	2.00
of part-time	Middle management	1.00	4.33	2.67		7.08	1.00	1.00	10.00	6.00		4.92	2.83
contracts	Staff	0.25	26.08	6.83	0.25	10.67	7.83	0.75	37.17	3.42	0.25	9.75	8.00
Average number	Top management
of fixed-term	Middle management
contracts	Staff		1.00			0.17			1	0.33		1.42
Average number of part- time contracts	Top management
	Middle management
	Staff
Total		1.25	35.91	9.50	0.25	19.92	10.83	1.75	51.92	9.75	0.25	21.01	12.83

Cyprus - Average number of permanent contracts, and part-time contracts		2023				2022
		Women		Men		Women		Men
		≤29	30-50	≥50	≤29	30-50	≥50	≤29	30-50	≥50	≤29	30-50	≥50
Average number	Top management			2.00		4.00	1.00			2.00		5.00
of part-time contracts	Middle management		53.00	5.00	1.00	43.00	12.00	1.00	44.00	1.00		34.00	7.00
	Staff	36.00	133.00	23.00	10.00	59.00	11.00	37.00	98.00	13.00	12.00	46.00	5.00
Average number	Top management
of fixed-term	Middle management
contracts	Staff
Average number	Top management
of part- time contracts	Middle management
	Staff
Total		36.00	186.00	30.00	11.00	106.00	24.00	38.00	142.00	16.00	12.00	85.00	12.00

Terminations

During 2023, 175 layoffs were recorded, divided between Spain (129), Portugal (44) and Cyprus (2). The following tables present the data broken down by gender, professional category, and age group.

Terminations (no.)		2023		2022
			Men	Women	Men
	Top management	5	9	5	19
Spain	Middle management	20	28	59	87
	Staff	39	28	47	52
	Top management	-	-	-	1
Portugal	Middle management	4	1	-	1
	Staff	26	13	8	5
	Top management	-	-	-	-
Cyprus	Middle management	-	-	-	-
	Staff	1	1	-	-
Total		95	80	119	165

Terminations (no.)		2023		2022
		Donne	Uomini	Donne	Uomini
	<=29	9	6	9	8
Spain	30-50	38	41	23	52
	>=50	17	18	79	98
	<=29	1	1	-	-
Portugal	30-50	23	8	7	7
	>=50	6	5	1	-
Cyprus	<=29	-	-	-	-
	30-50	1	-	-	-
	>=50	-	1	-	-
Total		95	80	119	165

Remuneration24

doValue Spain and its subsidiaries guarantee equal pay treatment for all workers. The differences in remuneration between men and women and professional categories and age groups are therefore attributable to the roles covered and market development. They are not in any way connected to gender or any other characteristic of the employees.

Average annual remuneration of employees (base salary + variable remuneration) (€)	2023		Wage gap	2022		Wage gap
Gender	Women	Men	%	Women	Men	%
Spain	49,539	64,990	23.8	50,199	69,034	27.3
Portugal	31,375	44,942	30.2	36,841	49,238	25.2
Cyprus	54,219	80,467	32.6	34,353	50,902	32.5

Average annual remuneration of employees (base salary + variable remuneration) (€)	2023			2022
Professional category	Top management	Middle management	Staff	Top management	Middle management	Staff
Spain	135,402	61,139	39,987	173,424.96	64,516.71	42,628.80
Portugal	100,600	48,474	25,320	100,991	52,090	29,701
Cyprus	397,515	87,736	44,907	221,039	67,711	31,209

Average annual remuneration of employees (base salary + variable remuneration) (€)	2023			2022
Age group	<=29 anni	30-50	>=50	<=29 anni	30-50	>=50
Spain	43,370.83	54,246.24	69,811.17	40,287	55,555	81,809
Portugal	18,695.88	36,793.81	37,238.28	29,000	41,624	43,053
Cyprus	38,299	65,432	83,997	21,008	44,365	57,639

The wage gap percentage is calculated as follows: (average annual men's remuneration - average annual women's remuneration)/ average annual men's remuneration. 24

Wage gap25 with respect to base salary and remuneration (%)			2023	2022
		Base salary	Remuneration	Base salary	Remuneration
	Top management	17%	15%	26%	28%
Spain	Middle management	8%	7%	6%	5%
	Staff	11%	11%	12%	12%
Portugal	Top management	-12%	-19%	-25%	-32%
	Middle management	45%	40%	23%	21%
	Staff	31%	29%	23%	22%
Cyprus	Top management	12%	20%	16%	22%
	Middle management	16%	17%	5%	6%
	Staff	10%	11%	11%	12%

Below is the average remuneration of Top Management (including variable remuneration, allowances, payment to long-term savings forecasting systems and any other remuneration) divided by gender.

Average remuneration of Top Management (€)	2023
Gender	Women	Men
Spain	121,871.30	142,718.13
Portugal	87,996.96	78,655.80
Cyprus	194,930.00	259,891.00

Rate of total annual remuneration	2023	2022
Spain	7.0	10.1
Portugal	4.5	5.3
Cyprus	15.6	16.2

The wage gap percentage is calculated as follows: (average annual men's remuneration - average annual women's remuneration)/ average annual men's remuneration. Additionally, we note the partial restatement of the 2022 data following a methodological refinement in the reporting of data relating to compliance pursuant to Ley 11/2018. 25

Parental leave26

During 2023, 38 employees in Spain and 4 employees in Cyprus took advantage of parental leave, as detailed below:

Spain	2023			2022
	Women	Men	Total	Women	Men	Total
Number of employees who used parental leave	20	18	38	25	31	56
Of which
Number of employees who returned to work during the reporting period after having used parental leave	17	15	32	24	27	51
Number of employees still using parental leave on the indicated date	5	2	7	4	4	8
Total number of employees who returned to work after using parental leave and who are still employed by the organisation in the 12 months following their return	13	16	29	21	16	37

Portugal	2023			2022
	Women	Men	Total	Women	Men	Total
Number of employees who used parental leave	-	-	-	6	3	9
Of which
Number of employees who returned to work during the reporting period after having used parental leave	-	-	-	6	3	9
Number of employees still using parental leave on the indicated date	-	-	-	-	-	-
Total number of employees who returned to work after using parental leave and who are still employed by the organisation in the 12 months following their return	-	-	-	5	3	8

The number of employees taking parental leave within a year may not match the number who return to work in that same period. This discrepancy also extends to the total of those returning plus those still on leave at the year's end. This is because in certain instances, the leave may span two different reporting years. 26

	2023			2022
Cyprus27	Women	Men	Total	Women	Men	Total
Number of employees who used parental leave	2	2	4	8	1	9
Of which
Number of employees who returned to work during the reporting period after having used parental leave	2	2	4	8	1	9
Number of employees still using parental leave on the indicated date	-	-	-	-	-	-
Total number of employees who returned to work after using parental leave and who are still employed by the organisation in the 12 months following their return	1	-	1	1	-	1

Spain	2023			2022
	Women	Men	Total	Women	Men	Total
Rate of return to work (%)	85	83	100	96	87	92
Retention rate (%)	65	89	83	84	52	68

Portugal	2023			2022
	Women	Men	Total	Women	Men	Total
Rate of return to work (%)	-	-	-	100	100	100
Retention rate (%)	-	-	-	83	100	91

Cyprus28	2023			2022
	Women	Men	Total	Women	Men	Total
Rate of return to work (%)	100	100	100	100	100	100
Retention rate (%)	50	0	75	13	0	7

We note the partial restatement of the 2022 data following a methodological refinement in reporting compliance data pursuant to Ley 11/2018. We note the partial restatement of the 2022 data following a methodological refinement in reporting compliance data pursuant to Ley 11/2018. 27 28

2.2 Workplace health and safety

Health and safety were prioritised by doValue Spain and its subsidiaries in 2023, even though in their regular operations, there are no workers or workplaces engaged in activities with a high incidence or risk of specific injuries or diseases.

The hours of absence and the injury severity index appear below, on top of what we previously reported within the document at the consolidated level:

Spain	2023			2022
	Women	Men	Total	Women	Men	Total
Hours of Absence	19,728	5,576	25,304	21,688	13,008	34,696
Severity index	0.04	0.01	0.03	0.03	0.02	0.02

Portugal	2023			2022
	Women	Men	Total	Women	Men	Total
Hours of Absence	6,878	890	7,768	13,659	3,925	17,584
Severity index	0.07	0.01	0.8	0.1	0.06	0.08

Cyprus	2023			2022
	Women	Men	Total	Women	Men	Total
Hours of Absence	8,446	2,031	10,477	6,521	2,000	8,521
Severity index	0.02	0.01	0.01	0.02	0.01	0.01

— 3 Society and sustainable development

3.1 Customer health and safety

Customer health and safety are of paramount importance to doValue Spain and its subsidiaries, even though their business activities do not pose a substantial risk concerning the current and potential effects on the health and safety of customers.

The key aspects of customer security are related to two areas: the processing of personal or sensitive data and their circulation; and the management of real estate activities. Regarding the first aspect, the Organisation is dedicated to thorough and continuous adherence to data protection legislation, as evidenced by, for example, the clauses incorporated in contracts with suppliers and customers, and disclaimers on corporate websites. Concerning the second aspect, doValue Spain and its subsidiaries, through the suppliers tasked with maintaining real estate assets, ensure preventive maintenance on buildings to eliminate risks for third parties residing or working in them. They also conduct regular or at least annual visits to ensure the proper execution of the maintenance plans.

Due to the nature and characteristics of its operations, doValue Spain and its subsidiaries do not conduct additional analyses on the impact of their services on customers' health and safety, beyond the areas previously described. As a result, there have been no cases of non-compliance in 2023 relating to impacts on the health and safety of customers in relation to the services provided.

For the same reasons, no procedures have been envisaged in product and service information and labelling relating to the supply of components, the signalling of the presence of substances that can generate an environmental or social impact, the safe use of products and services and the correct methods to dispose of the same.

Customer service

doValue Spain and its subsidiaries have customer service for resolving customer incidents and complaints. In 2023, the following reports were received and managed through the different systems in place for this purpose, often with operational assistance from the External Network.

Portfolio - Spain 2023	In process	Total
Call Center + Portal Web	-	3,045
Other channels	-	2,196
Total	-	5,241

Portfolio – Portugal 2023	In process	Total
Total	-	44

Portfolio – Cyprus 2023	In process	Total
Total	5	103

3.2 Tax information

Tax information	2023		2022
Country	Profits	Company income taxes	Government grants	Profits	Company income taxes	Government grants
Spain	-15,795,105.46	0	0	-24,471,906	0	0
Portugal	-	-	-	-2,683,827	-26,979	7,543
Cyprus	11,091,730.00	1,386,442	N/A	20,787,027	2,591,109	N/A

— 4 Environment

Aware of the need for increased commitment to sustainable development, doValue Spain and its subsidiaries responsibly manage the real estate assets connected to its business by setting contractual terms and requirements with suppliers to minimise the environmental impact.

Interested suppliers are called on to develop a maintenance plan tailored for each asset and its structures. The custom maintenance plan provides for the analysis and management of risks to people and third parties, the preservation of the value of the activity and the verification of the assets' compliance with the applicable regulations, and, in particular, any whose non-compliance could incur penalties, and its preparation always starts with an inspection. The custom maintenance plans are designed and delivered to the customer together with an economic evaluation of any corrective actions necessary to make the building habitable or in the conditions for use or sale.

The suppliers also see to carrying out preventive maintenance on the properties, conducting a risk analysis. Suppliers carry out corrective maintenance where critical issues are detected to implement adequate measures or adaptations to mitigate the identified risks. As previously noted, inspection visits to verify the properties are conducted at least once a year, following the guidelines set out in the maintenance plan.

At present, doValue Spain and its subsidiaries do not conduct further assessments of the financial implications of the risks and opportunities associated with climate change; owing to regulatory developments in this area, particularly the heightened awareness of the EU regulator, it cannot be ruled out that future indepth studies may be initiated to evaluate the possibility of extending analyses concerning climate change risks and impacts.

4.1 Sustainable use of resources Water consumption

doValue Spain and its subsidiaries are committed to minimising the consumption of water resources as much as possible, despite their business activities not posing substantial risks related to water consumption or significantly impact any water sources, as their usage is confined to office hygiene and sanitary services.

In 2023, water withdrawals for civil use amounted to 469 litres29 a significant decrease from 998 litres in 2022, reflecting a notable reduction in line with the commitment to environmental stewardship. As previously stated, since business activities do not involve water usage in production processes, water consumption is effectively zero. Additionally, the organisations' operations do not impact water basins and their associated habitats, making water discharges non-material and destined for public sewers.

The estimation of water withdrawal from the aqueduct system was based on the average price per cubic metre specific to the Autonomous Community of Madrid (€1.97 per m^3, according to the latest study by the Asociación Española de Abastecimientos de Agua y Saneamiento - AEAS). This estimation only covers offices for which water consumption data is available. It is important to note that all offices of doValue Spain and its subsidiaries operate under rental agreements, where water consumption is often included in the monthly rent. Consequently, the Organisation does not directly manage water consumption. 29

INDEX OF ADDITIONAL CONTENTS PROVIDED FOR BY LEY 11/2018

Information required by Law 11/2018 on non-financial information and diversity	Correspondence with GRI Disclosures	Indicators required by Law 11/2018	Location	Requirements omitted - Reason - Explanation
BUSINESS MODEL
Brief description of the group's business model, including business environment, organisation and structure, the markets in which it operates, goals and strategies and the factors and trends that can affect its future evolution	GRI 2-6 (2021) GRI 2-1 (2021)	-	1.1 2023 in numbers 1.2 The structure of doValue Spain and Subsidiaries 1.3 Goals and strategic lines
SOCIAL ISSUES AND THOSE RELATED TO STAFF
Employment
Average annual number of permanent, fixed-term, and part-time contracts by gender, age and professional category	-	Average annual number of permanent, fixed term, and part- time contracts by gender, age and professional category	2.1 Employee information
Average remuneration and its evolution by gender, age and professional category	GRI 405-2 (2016) GRI 2-21(2021)	-	2.1 Employee information
Wage differentiation, remuneration with equal level or organisation average	-	Wage differentiation Average annual remuneration of employees (base salary + variable remuneration)	2.1 Employee information
Average remuneration for directors and executives, including the variable remuneration, allowances and social security contributions in the long term and any other remuneration received, divided by gender	GRI 201-3 (2016)	Average remuneration for directors and executives	2.1 Employee information	Information on directors' remuneration for 2023 is presented in the annual Consolidated Financial Statements of doValue Spain.
Working disconnection policies	GRI 3-3 (2021)	-	4.5 Employees' well-being
Number of terminations by gender, age and professional category	-	Number of terminations by gender, age and professional category	2.1 Employee information
Employees with disabilities	GRI 3-3 (2021)	Number of employees with disabilities	2.1 Employee information

Information required by Law 11/2018 on non-financial information and diversity	Correspondence with GRI Disclosures	Indicators required by Law 11/2018	Location	Requirements omitted - Reason - Explanation
Organizzazione del lavoro
Work hours organisation	-	Measures for encouraging disconnection	4.5 Employees' well-being	Please refer to section 4.5 at the Group level.
Measures to facilitate reconciliation and encourage co-parenting	GRI 401-3 (2016)	-	2.1 Employee information
Health and safety
Workplace health and safety conditions	-	Hours of Absence and severity index of injuries by gender	2.2 Workplace health and safety
Social relations
Organisation of social dialogue, including proceedings for informing and consulting staff and negotiating with workers	GRI 407-1 (2016) GRI 403-4 (2018)	-	4.5 Industrial relations and trade union relations	Please refer to section 4.6 at the Group level.
Balance of collective agreements, with particular reference to the issue of workplace health and safety	GRI 403-4 (2018)	-	4.4 Employees' well-being 4.5 Industrial relations and trade union relations	Please refer to sections 4.4 and 4.5 at the Group level.
Training
Policies implemented in the field of training	GRI 404-2 (2016)	-	4.3 Training, Skills Development and Enhancement of Talents	Please refer to section 4.3 at the Group level.
Equal opportunities
Universal accessibility for people with disabilities	GRI 3-3 (2021)	-	4.2 Protecting diversity and respect for human rights	Please refer to section 4.2 at the Group level.
Measures taken to promote employment	GRI 404-2 (2016)	-	4.2 Protecting diversity and respect for human rights	Please refer to section 4.2 at the Group level.
Measures adopted for the integration and universal accessibility for people with disabilities	GRI 3-3 (2021)	-	4.2 Protecting diversity and respect for human rights	Please refer to section 4.2 at the Group level.

Information required by Law 11/2018 on non-financial information and diversity	Correspondence with GRI Disclosures	Indicators required by Law 11/2018	Location	Requirements omitted - Reason - Explanation
PREVENTION OF CORRUPTION
Checking contributions to foundations and non profit organisations	GRI 2-28 (2021)	-	5.6 doValue and the territory: the Group strategy and local initiatives	Please refer to section 5.6 at the Group level.
SOCIETY AND SUSTAINABLE DEVELOPMENT
Company commitment to sustainable development
Impact of the company's activities on local employment and development	GRI 203-1 (2016) GRI 203-2 (2016) GRI 413-1 (2016) GRI 413-2 (2016)	-	5.6 doValue and the territory: the Group strategy and local initiatives	Please refer to section 5.6 at the Group level.
Impact of company activities on local populations and the territory	GRI 203-1 (2016) GRI 203-2 (2016) GRI 413-1 (2016) GRI 413-2 (2016)	-	5.6 doValue and the territory: the Group strategy and local initiatives	Please refer to section 5.6 at the Group level.
Company commitment to sustainable development
Association and sponsorship actions	GRI 2-28 (2021)	-	5.6 doValue and the territory: the Group strategy and local initiatives	Please refer to section 5.6 at the Group level
Sub-suppliers and suppliers
Inclusion in supply policies of social issues, equal opportunities, gender and environmental aspects	GRI 3-3 (2021)	-	5.4 Sustainable management of the supply chain	Please refer to section 5.4 at the Group level.
Consideration of social and environmental responsibility in relations with suppliers and sub suppliers	GRI 308-2 (2016) GRI 414-2 (2016)	-	5.4 Sustainable management of the supply chain	Please refer to section 5.4 at the Group level.
The supervisory and audit system and related results	GRI 3-3 (2021) GRI 308-2 (2016) GRI 414-2 (2016)	-	5.4 Sustainable management of the supply chain	Please refer to section 5.4 at the Group level.
Consumers
Measures for the health and safety of consumers	GRI 416-1 (2016) GRI 416-2 (2016) GRI 417-1 (2016)	-	3.1 Customer health and safety
Complaints, complaints received and resolutions management system	GRI 3-3 (2021)	-	3.1 Customer health and safety
Tax information
Public subsidies received	GRI 201-4 (2016)	-	3.2 Tax information	c)

Information required by Law 11/2018 on non-financial information and diversity	Correspondence with GRI Disclosures	Indicators required by Law 11/2018	Location	Requirements omitted - Reason - Explanation
ENVIRONMENT
Description of the policies applied	GRI 3-3 (2021)	-	Chapter 6: Environmental value	Please note that the information related to the Portuguese and Cypriot LEs is not significant either in terms of size criterion or the
Main risks	GRI 2-23 (2021)	-	Chapter 6: Environmental value	core business. Therefore, they have been integrated only as an exception where relevant.
Environmental management
Procedure for environmental evaluation or certification	-	-	-	doValue Spain and its subsidiaries do not have environmental or personal insurance dedicated to the
Resources dedicated to the prevention of environmental risks	GRI 201-2 (2016)	-	-	prevention of environmental risks. Moreover, there is no precise oversight of the financial resources allocated for enhancing building efficiency as they are owned by third parties.
Application of the precautionary principle, amount of provisions as guarantee of environmental risks	GRI 2-23 (2021)	-	-	doValue Spain carries out actions aimed at reducing consumption, but they are not systematic activities. To date, doValue Spain and its subsidiaries have not implemented systematic environmental assessment procedures.
Circular economy, waste prevention and management
Measures of prevention, recycling, reuse and other forms of waste recovery and disposal	GRI 301-2 (2016) GRI 301-3 (2016)	-	6.3 Waste production and disposal	Please note that the information related to the Portuguese and Cypriot LEs is not significant either in terms of size criterion or the core business. Therefore, they have been integrated only as an exception where relevant. Please refer to section 6.3 at the Group level.
Actions to combat food waste	-	-	-	Not applicable. The canteen used by doValue Spain is managed by third parties, and its structures are shared with other companies. The Company has no control over food waste management.

Information required by Law 11/2018 on non-financial information and diversity	Correspondence with GRI Disclosures	Indicators required by Law 11/2018	Location	Requirements omitted - Reason - Explanation
Sustainable use of resources
Consumption of water and water supply in compliance with the local restrictions	GRI 303-1 (2016) GRI 303-2 (2016) GRI 303-3 (2016) GRI 306-1 (2016) GRI 306-5 (2016)	-	4.1 Sustainable use of resources	Please be aware that the information about the Portuguese and Cypriot LEs is insignificant regarding size or core business relevance. Hence, they are included only as exceptions where relevant.
Climate change
Measures taken to adapt to climate change, including those to combat acoustic and light pollution	GRI 3-3 (2021) GRI 305-6 (2016) GRI 305-7 (2016)	Measures and initiatives adopted for the reduction of GHG emissions	-	Given the type of activities carried out by doValue Spain and its subsidiaries, the company does not foresee specific measures to prevent, reduce or mitigate noise and light pollution, as these issues are not relevant to the company.
Protection of biodiversity
Measures taken to preserve or restore biodiversity	GRI 3-3 (2021)	-	-	Given the nature of the activities undertaken by doValue Spain and its subsidiaries, there are
Impacts caused by activities or operations in protected areas	GRI 304-2 (2016) GRI 304-3 (2016)	-	-	no impacts on biodiversity, nor are there significant operations within protected areas.
HUMAN RIGHTS
Description of the policies applied	GRI 410-1 (2016)	-	4.2 Protecting diversity and respect for human rights	Please refer to paragraph 4.2 at Group level.
Application of due diligence procedures in respect for human rights	GRI 3-3 (2021)	-	4.2 Protecting diversity and respect for human rights	Please refer to paragraph 4.2 at Group level.
Prevention of risks of human rights violations
and possible measures to mitigate, manage and resolve possible abuses committed	GRI 412-1 (2016) GRI 410-1 (2016) GRI 412-3 (2016)	-	4.2 Protecting diversity and respect for human rights	Please refer to paragraph 4.2 at Group level.
Complaints for cases of violation of human rights	GRI 3-3 (2021) GRI 2-26 (2021) GRI 411-1 (2016) GRI 419-1 (2016)	-	4.2 Protecting diversity and respect for human rights	Please refer to paragraph 4.2 at Group level.
Promotion and enforcement of the ILO core conventions regarding respect for freedom of association and the right to collective bargaining	GRI 3-3 (2021)	-	4.2 Protecting diversity and respect for human rights	Please refer to paragraph 4.2 at Group level.
Elimination of forced labour	GRI 409-1 (2016)	-	4.2 Protecting diversity and respect for human rights	Please refer to paragraph 4.2 at Group level.

INFORMATION APPENDIX IN ACCORDANCE WITH THE EU TAXONOMY

— Introduction to the EU Taxonomy

Regulation EU/2020/852 introduced the EU Taxonomy as part of the European Commission's action plan to redirect flows of capital to a more sustainable economic system.

The taxonomy is a classification system to establish which economic activities we can consider environmentally sustainable in the EU context. The purpose of the directive is to protect private investors from greenwashing while at the same time helping companies to understand which types of investment are necessary to make their economic activities sustainable from the environmental viewpoint.

The EU Taxonomy stipulates that economic activities can only be deemed environmentally sustainable ("aligned") if they exhibit specifi characteristics enabling them to make a substantial contribution to at least one of the following environmental objectives:

• 1) Mitigation of climate change;
• 2) Adaptation to climate change;
• 3) Sustainable use of water and marine resources;
• 4) Transition towards a circular economy;
• 5) Prevention and control of pollution;
• 6) Protection and restoration of biodiversity and ecosystems.

To be classified as aligned, the admissible activities must:

• Contribute substantially to the achievement of at least one of the six environmental objectives;
• Not significantly damage (DNSH) any of the other environmental objectives;
• Meet the minimum protection criteria relating to human and labour rights, corruption, taxation and fair competition;

To evaluate compliance of the admissible activities with these requirements, the European Commission defined a set of specific technical screening criteria for each economic activity mentioned in the Delegated Regulation on Climate.

Starting with the Consolidated Non-Financial Statement on FY22, non-financial companies were required to extend

the eligibility analysis conducted on the previous year, introducing an assessment of the level of alignment of their economic activities with environmental objectives. Since the technical criteria were published exclusively concerning climate change mitigation and adaptation objectives, the taxonomy information for all operators, including the doValue Group, for 2022, was centred on the requirements set out for these two climate-related environmental objectives.

For this disclosure, following the publication of the remaining delegated acts on environmental matters, the analysis now encompasses both the verification of eligibility and alignment with the objectives of climate change mitigation and adaptation, and a new verification of eligibility for the remaining environmental objectives.

It is important to mention here that doValue carefully monitors the evolution of the regulatory package relating to the EU Taxonomy, including the official FAQs and related guidelines. In this context, on 21 December 2023, the European Commission released a communication addressing the interpretation of the Taxonomy disclosure requirements for financial institutions. The document provides numerous clarifications and/or supplements to the regulation, addressing unresolved issues regarding eligibility and alignment reporting. This includes guidance on reporting by business segments, particularly relevant for complex group structures. At the time of drafting this Consolidated Non-Financial Statement: the document is still in draft form, and publication in the Official Journal is awaited. doValue carefully follows regulatory developments and professional guidelines in this area and will conform to reporting best practices as soon as they are defined to always ensure maximum clarity, completeness, and comparability of its disclosure.

Looking ahead, the Group is closely following the progress related to the EU Taxonomy, including the potential introduction of a social and governance Taxonomy, and adherence to the Corporate Sustainability Reporting Directive (CSRD). As outlined in Paragraph 2.4, this will necessitate the inclusion of Taxonomy-related information within a specific section of the Management Report.

— Eligibility analysis

The scope of the doValue Group subject to the requirements of EU Regulation 2020/852 coincides with the scope of consolidation, as represented in full in the Methodological Note, with indication of the individual LEs of reference.

In line with the approach taken for previous disclosures, doValue carried out the 2023 eligibility assessment by mapping the Company's economic activities to the descriptions of eligible activities outlined in the Delegated Act on climate (Annexes I and II). This year, activities provided for by the Environmental Delegated Act, adopted on 27 June 2023, were also included, alongside the activity codes from the Statistical Classification of Economic Activities in the European Community (NACE codes). In this phase, only the possibility of including the Group's economic activities among those listed by the

Delegated Act

was assessed regardless of whether these activities were suitable to satisfy one of the technical screening criteria established by the same legislation.

From the analyses carried out by comparing the economic activities of the individual Group companies with the activities mapped by the Delegated Acts, the following Group companies are:

• doData S.r.l: "8.1 Data processing, hosting and related activities";
• doValue Greece Real Estate Services, doValue Spain, Altamira Asset Management Cyprus Limited, Adsolum and doValue Portugal: "7.7 Acquisition and ownership of buildings".

Eligible activities under the European Taxonomy
Activities	Description	NACE codes	Climate change mitigation	Climate change adaptation
7.7. Purchase and ownership of buildings	"Purchase of real estate and exercise of ownership on such real estate"	L68
8.1. Data processing, hosting and related ctivities	"Storage, manipulation, management, movement, control, display, switching, interchange, transmission or processing of data through data centres including edge computing"	J63.11

It is worth mentioning how the Group has, also during this year, conducted its analyses with reference to the so-called "Capex C". In fact, concerning CapEx, although the Group considered the investments as not aligned with the Climate Delegated Act and the Environmental Delegated Act, amounts relating to eligible economic activities were still identified, as these interventions allow a reduction in the Group's emission impact (Annex 1 of the Delegated Regulation (EU) 2021/2178, par. 1.1.2.2 point (c)). In particular, these amounts can be associated with CapEX included within the activity 7.3 Installation, maintenance and repair of devices for energy efficiency.

— Alignment analysis

As previously indicated, doValue is obligated to broaden its Taxonomy analysis to evaluate the alignment of its admissible economic activities, beginning from the previous CNFS.

The Group conducted this analysis by assessing compliance with the established technical screening criteria in the Delegated Regulation on Climate as described in the preceding paragraph, by identifying the areas already in line with the technical screening criteria and those with margins for integration, on which it will concentrate its commitment and implement controls. Because of the gaps identified at present regarding the technical screening criteria, today, the doValue Group has no aligned activities but is undertaking to seize the opportunities of the criteria to increasingly improve its sustainability performance in the broadest meaning of the term. Below is an overview of a few significant elements in the alignment assessment of the activities eligible for Taxonomy.

Substantial contribution and Do No Significant Harm (DNSH) Climate Change adaptation

It's important to note that analysing the Substantial Contribution and DNSH criteria for the objective of Adaptation to Climate Change for all economic activities necessitates performing climate risk analyses at a consolidated level. doValue does not currently undertake this level of granularity. The Group has established a Group Enterprise Risk Management (ERM) function, detailed in paragraph 3.2, which has also initiated activities related to assessing sustainability risks. In this framework, the subsidiary doNext has conducted dedicated analyses and vigilantly monitors the sustainability risks of its core business. These safeguards will ensure coordination in management of strategic, operational, reputational, legal and financial risks to which the Group's activities are exposed, also considering environmental risks and impacts relevant to the core business.

Minimum safeguards clauses

Compliance with the criteria regarding minimum guarantees was assessed based on Art. 18 of Regulation 852/2020 and the "Final report on minimum safeguards clauses" published in October 2022 by the Platform on Sustainable Finance (PSF), the advisory body formed by the European Commission to coordinate the development and implementation of the EU Taxonomy. The analysis then concentrated on how the Group complies with the OECD Guidelines for Multinational Enterprises and the UN Guiding Principles on Business and Human Rights (UNGP), including the principles and rights established in the eight fundamental conventions identified in the Declaration of the International Labour Organisation on the fundamental principles and rights at work and in the International Bill of Human Rights. doValue's conformity assessment focused on six analytical areas: workers' rights and human rights, corruption, taxation, fair competition, equal opportunities and diversity, and exposure to controversial weapons. The latter two areas were included in this year's reporting for the first time. Regarding the subjects covered by the minimum safeguard clauses, doValue can draw upon the extensive safeguards established within its rich repository of internal regulations, as well as the analyses conducted and detailed in the annual CNFS. For details, please refer to the detailed analysis in section 3.1 Business Ethics and Integrity and to section 4.2 Protecting diversity and respect for human rights.

— KPIs and accounting policies

The KPIs required by Art. 8 of the EU Taxonomy Regulation, explained in detail by the dedicated support Delegated Regulation ("Delegated Regulation Art. 8") are listed below. The Regulation requires non-financial companies to disclose this information by reporting the percentage of their turnover, capital expenditure (CapEx) and operating expenses (OpEx) associated with executing economic activities aligned with all the respective technical selection criteria. In compliance with the instructions provided by the EU Taxonomy Regulation to prevent double counting (Section 1.2.2.2 (c) of Annex I of the Delegated Regulation Art. 8), the activities identified as aligned were attributed to a single environmental objective.

Turnover

The percentage of turnover was calculated, based on precise data, in line with Delegated Regulation Art. 8.

For the company doData, data concerning the total turnover for 2023 were extracted, as the company's principal economic activity aligns with eligible activity 8.1. Data processing, hosting and related activities.

Regarding real estate activities, only activities strictly related to the management of real estate assets (e.g., management and sale of properties, definition of redevelopment and subcontracting), managed by the Group on behalf of customers within the integrated services offered in the NPL area, were considered eligible.

For further details on the accounting policies relating to consolidated net turnover, see page xxx of the 2023 Consolidated Financial Statements. To calculate the indicator, the revenue from operations, which can be derived from the financial statements of the do- Value Group, was selected.

To identify eligible revenues and thus elaborate the corresponding indicator, an analysis process of the single items used for the Group's accounts was chosen, selected with the highest possible level of granularity.

Where the level of granularity available was not sufficient for the analysis, approximations were made, albeit using a conservative and prudential approach.

CapEx

The percentage of economic activities considered admissible/aligned with the Taxonomy in terms of capital expenditure (CapEx) is calculated as the CapEx aligned with the Taxonomy (numerator) divided by the total CapEx (denominator).

Total investments comprise the additions to the material and immaterial assets made during the year, gross of depreciation and amortisation and recalculations of value, including those coming from revaluations and write-downs, and excluding changes in fair value. The values include the acquisitions of tangible assets (IAS 16), intangible assets (IAS 38), rights of use (IFRS 16) and real estate investments (IAS 40). Goodwill is not included in CapEx since it is not defined as an intangible asset pursuant to IAS 38. see page xxx of the 2023 Consolidated Financial Statements.

The numerator comprises "investments in goods or processes associated with economic activities admissible to the Taxonomy" (category A, section 1.2.1, letter a) of Annex I to the Delegated Regulation Art. 8).

OpEx

The percentage of economic activities admissible/ aligned with the Taxonomy in terms of operating expenses is defined as OpEx admissible or aligned with the Taxonomy (numerator) divided by the OpEx total (denominator). The denominator is restricted to the following elements: uncapitalised costs relating to research and development, repair and maintenance costs, maintenance-related personnel costs, repair and cleaning costs, building renovation measures and shortterm leases.

The operating expenses are selected from the Group's 2023 condensed income statements. The numerator includes the part of the above accounting items associated with the admissible economic activities.

— Template

For the purposes of tabular representation the following legend applies:

• (1) Climate Change Mitigation: CCM;
• (2) Climate Change Adaptation: CCA;
• (3) Sustainable use and protection of water and marine resources; WTR;
• (4) Transition to a circular economy: CE
• (5) Pollution Prevention and Control: PPC;
• (6) Protection and restoration of biodiversity and ecosystems: BIO;

Minimum Safeguards: MS.

The following legend applies to reading the alignment section:

Yes - the activity is both eligible for the taxonomy and aligned with it concerning the relevant environmental objective;

No - the activity is eligible for the taxonomy but is not aligned with the taxonomy regarding the relevant environmental objective;

N/A - Not applicable; technical screening criteria not listed in the Regulation.

To read the admissibility section, the following legend applies:

AM - activity admissible for the taxonomy for the relevant objective;

N/AM - activity not admissible for the taxonomy for the relevant objective;

N/A - Not applicable.

Percentage of turnover deriving from products or services associated with economic activities aligned with the Taxonomy - disclosure for the year 2023.

	Fiscal Year 2023					Substantial Contribution Criteria						DNSH Criteria	("Do No Significant Harm")
Economic Activities	Code	Turnover	year 2023 Share of turnover	(1)	(2)	(3)	(4)	(5)	(6)	(1)	(2)	(3)	(4)	(5)	(6)	MS	Percentage of aligned turnover (A.1) or ad admissible (A.2.) year 2022	admissible Categories activity	Categories transition activity
		bnEUR	%	Yes; No; N/AM	Yes; No; N/AM	Yes; No; N/AM	Yes; No; N/AM	Yes; No; N/AM	Yes; No; N/AM	Yes/ No	Yes/ No	Yes/ No	Yes/ No	Yes/ No	Yes/ No	Yes/ No	%	A	T
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1. Eco-sustainable activities (aligned to the taxonomy)
Purchase and ownership of buildings	CCM 7.7 / CCA 7.7	-	0.00%	No	No	N/AM	N/AM	N/AM	N/AM	No	No	No	N/A	N/A	N/A	No	0.00%	-	-
Data processing, hosting and related activities	CCM 8.1 / CCA 8.1	-	0.00%	No	No	N/AM	N/AM	N/AM	N/AM	N/A	N/A	N/A	N/A	N/A	N/A	No	0.00%	-	-
Turnover from eco-sustainable acti vities (aligned with the taxonomy) (A.1)		-	0.00%														0.00%
Of which are admissible		-	0.00%	-	-	-	-	-	-	-	-	-	-	-	-	-	0.00%	-	-
Of which are transition		-	0.00%	-						-	-	-	-	-	-	-	0.00%	-	-
A.2 Activities admissible for the taxonomy but not eco-sustainable (activities not aligned with the taxonomy)
				AM; N/ AM	AM; N/ AM	AM; N/ AM	AM; N/ AM	AM; N/ AM	AM; N/ AM
Purchase and ownership of buildings	CCM 7.7 / CCA 7.7	26,642,105.97	5,58%	AM	AM	N/AM	N/AM	N/AM	N/AM								10.35%	-	-
Data processing, hosting and related activities	CCM 8.1 / CCA 8.1	7,374,948.76	1,55%	AM	AM	N/AM	N/AM	N/AM	N/AM								0.07%	-	-
nable (activities not aligned with the Turnover of activities admissible for the taxonomy but not eco-sustai taxonomy) (A.2)		34,017,054.73	7.13%
A. Turnover admissible to the taxonomy .1+A.2)		34,017,054.73	7.13%	0.00%	0.00%	0.00%	0.00%	0.00%	0.00%								10.42%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of the activities not admissible to the taxonomy		443,263,042.27	92.87%
TOTAL		477,280,097.00	100.00%

Share of CapEx deriving from products or services associated with economic activities aligned with the Taxonomy - disclosure relating to 2023.

AM; N/ No; N/ 0.00% Yes; N/AM N/AM N/AM N/AM N/AM AM AM (4) - AM; N/ No; N/ 0.00% Yes; N/AM N/AM N/AM N/AM AM AM AM (3) - A.2 Activities admissible for the taxonomy but not eco-sustainable (activities not aligned with the taxonomy) No; N/ 0.00% Yes; N/AM N/AM AM; AM AM AM (2) No No - Yes; No; AM; N/ 0.00% N/AM N/AM AM AM AM (1) No No - - CapEx year Share of 0.00% 0.00% 0.00% 0.00% 0.00% 0.07% 0.39% 0.10% 7.13% 0.57% 2023 % 121,955.15 83,934.46 Turnover bnEUR 15,914 22,107 22,107 - - - - -	Yes; No; AM; N/ 0.00% Criteri di contributo sostanziale N/AM N/AM N/AM N/AM N/AM N/AM AM (5) -	Yes; No; AM; N/ 0.00% N/AM N/AM N/AM N/AM N/AM N/AM AM (6) -	Yes/ No N/A (1) No - -	Yes/ No N/A (2) No - -	Yes/ No N/A (3) No - -	Yes/ No N/A N/A (4) - -	Yes/ No N/A N/A (5) - -	MS No No - - ('Non Arrecare Danno Significativo') Yes/ No N/A N/A (6) - -	Share of CapEx aligned (A.1.) or admissible (A.2.) to the taxonomy, year 2022 0.00% 0.00% 0.00% 0.00% 0.00% 0.91% 0.68% 0.06% 2.22% % Yes/ No Criteri DNSH	Categories admissible activity A - - - -

Share of Opex deriving from products or services associated with economic activities aligned to the Taxonomy - disclosure for the year 2023.

	Fiscal Year 2023					Substantial Contribution Criteria						("Do No Significant Harm") DNSH Criteria
Economic Activities	Code	Turnover	year 2023 Share of turnover	(1)	(2)	(3)	(4)	(5)	(6)	(1)	(2)	(4) (3)		(6) (5)	MS	Share of OpEx aligned (A.1.) or admissible (A.2.) to the taxo nomy, year 2022	admissible Categories activity	Categories transition activity
		bnEUR	%	Yes; No; N/AM	No; N/ Yes; AM	No; N/ Yes; AM	No; N/ Yes; AM	Yes; No; N/AM	Yes; No; N/AM	Yes/ No	Yes/ No	Yes/ No	Yes/ No	Yes/ No Yes/ No	Yes/ No	%	A	T
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1. Eco-sustainable activities (aligned to the taxonomy)
Purchase and ownership of buildings	CCM 7.7 / CCA 7.7	-	0.00%	No	No	N/AM	N/AM	N/AM	N/AM	No	No	N/A No		N/A N/A	No	0.00%	-	-
Data processing, hosting and related activities	CCM 8.1 / CCA 8.1	-	0.00%	No	No	N/AM	N/AM	N/AM	N/AM	N/A	N/A	N/A N/A		N/A N/A	No	0.00%	-	-
vities (aligned with the taxonomy) OpEx from eco-sustainable acti (A.1)		-	0.00%													0.00%
Of which are admissible		-	0.00%	-	-	-	-	-	-	-	-	- -		- -	-	0.00%	-	-
Of which are transition		-	0.00%	-						-	-	- -		- -	-	0.00%	-	-
A.2 Activities admissible for the taxonomy but not eco-sustainable (activities not aligned with the taxonomy)
				AM; N/ AM	N/AM AM;	AM; N/ AM	AM; N/ AM	AM; N/ AM	AM; N/ AM
Purchase and ownership of buildings	CCM 7.7 / CCA 7.7	1,318,838.03	1.14%	N/AM	N/AM	AM	N/AM	N/AM	N/AM							0.95%	-	-
Data processing, hosting and related activities	CCM 8.1 / CCA 8.1	0.00	0.00%	AM	AM	N/AM	N/AM	N/AM	N/AM							0.00%	-	-
not eco-sustainable (activities not admissible for the taxonomy but Operating expenses of activities aligned with the taxonomy) (A.2)		1,318,838.03	1.14%
A. OpEx of the admissible activities to the taxonomy (A.1+A.2)		1,318,838.03	1.14%	0.00%	0.00%	0.00%	0.00%	0.00%	0.00%							0.95%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Operating expenses of the activities that are notadmissible to the taxonomy		114,683,778.97	98.86%
TOTAL		116,002.617.00	100.00%

Share of turnover from products or services linked to economic activities aligned to the Taxonomy - disclosure for the year 2023.

	Share of Turnover / Total Turnover
	Aligned to the per-objective taxonomy	Admissible to the per-objective taxonomy
CCM	0.00%	7.13%
CCA	0.00%	0.00%
WTR	0.00%	0.00%
CE	0.00%	0.00%
PPC	0.00%	0.00%
BIO	0.00%	0.00%

Share of capital expenses (CapEx) deriving from products or services associated with economic activities aligned to the Taxonomy - disclosure for the year 2023.

	Share of CapEx / Total CapEx
	Aligned to the per-objective taxonomy	Admissible to the per-objective taxonomy
CCM	0.00%	0.57%
CCA	0.00%	0.00%
WTR	0.00%	0.00%
CE	0.00%	0.00%
PPC	0.00%	0.00%
BIO	0.00%	0.00%

Share of operating expenses (OpEx) from products or services associated with economic activities aligned to the Taxonomy - disclosure for the year 2023.

	Share of OpEx / Total OpEx
	Aligned to the per-objective taxonomy	Admissible to the per-objective taxonomy
CCM	0.00%	1.14%
CCA	0.00%	0.00%
WTR	0.00%	0.00%
CE	0.00%	0.00%
PPC	0.00%	0.00%
BIO	0.00%	0.00%

Attività legate al nucleare e al gas fossile.

Row	Activities related to nuclear power and fossil gas	SI/NO
1	The company carries out, funds or has exposure to the research, development, demonstration and construction of innovative electricity generation plants that produce energy from nuclear processes with a minimum amount of waste from the fuel cycle.	No
2	LThe company carries out, funds or has exposure to the construction and operation of new nuclear plants for the generation of electricity or process heat, including for the purposes of district heating or for industrial processes such as hydrogen production, and improvements in their safety, with the help of the best available technologies.	No
3	The company operates, funds or has exposure to the operation of existing nuclear plants that generate electricity or process heat, including for district heating or for industrial processes, such as the production of hydrogen from nuclear energy and improvements in their safety.	No
Activities related to fossil gas
4	The company carries out, finances or has exposure to the construction or management of plants for the electricity production using fossil gaseous fuels.	No
5	The company carries out, funds or has exposure to the construction, redevelopment and management of combined heat/cold and electricity generation plants that use fossil gaseous fuels.	No
6	The company carries out, funds or has exposure to the construction, redevelopment and management of heat generation plants that produce heat/cold using fossil gaseous fuels.	No

REPORT OF THE INDEPENDENT AUDITORS

-

• -
  -
  -

-