Chairperson	Domitilla Benigni
Managing Director	Emanuele Galtieri
Director	Alberto Luigi Sangiovanni Vincentelli
Director	Alessandra Bucci
Director	Cinzia Parolini
Director	Alessandro Chimenton
Director	Maria Giovanna Calloni
Director	Roberto Ferraresi
Director	Paolo Izzo

Chairperson	Stefano Fiorini
Standing statutory auditor	Paolo Grecco
Standing statutory auditor	Daniela Delfrate
A L = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =	Allegra Piccini

MANAGEMENT REPORT 5
CONSOLIDATED SUSTAINABILITY STATEMENT27
CONSOLIDATED FINANCIAL STATEMENTS AS OF AND FOR THE YEAR ENDED DECEMBER 31, 2024101
NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS 110
SEPARATE FINANCIAL STATEMENTS AS OF AND FOR THE YEAR ENDED DECEMBER 31, 2024 168
NOTES TO THE SEPARATE FINANCIAL STATEMENTS177

Management Report

GENERAL INFORMATION

CY4Gate S.p.A. (hereinafter also the "Parent Company" or the "Company") has prepared this Management Report as a single document referring both to the consolidated financial statements of the CY4Gate Group, and to the separate financial statements of the Company, both prepared in accordance with the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB) and endorsed by the European Commission. The Management Report provides information on the results and performance of the CY4Gate Group (as defined below) and the Parent Company CY4Gate S.p.A. updated as of December 31, 2024, as well as on significant events occurred in the 2024 year and after the closing of the reference year. This report should be read together with the Consolidated Sustainability Statement, the Financial Statements and the related Explanatory Notes that constitute the consolidated financial statements and the separate financial statements as of and for the year ended December 31, 2024. The consolidated financial statements as of and for the year ended December 31, 2024 include the financial statements of CY4Gate S.p.A. together with its subsidiaries (the "CY4Gate Group" or the "Group") and were approved and authorized for publication by the Board of Directors of CY4Gate S.p.A. at the meeting of March 12, 2025. CY4Gate S.p.A. is a company whose shares are traded on Euronext STAR Milan, a regulated market organized and managed by Borsa Italiana S.p.A. The Company heads the CY4Gate Group specialized in the design, development and production of technologies, products, systems and services, capable of meeting the most stringent and modern "Cyber Intelligence & Cyber Security" requirements expressed by the Armed Forces, Law Enforcement Agencies and Companies, on the national territory and abroad. A unique Italian industrial project, CY4Gate operates in the 360° cyber market, with proprietary products that meet both the needs for information collection and analysis, and security. The Company is a subsidiary of Elettronica S.p.A., with registered office in Rome.

The Group is not subject to direction and coordination by any of its Shareholders as the Board of Directors of the Company assumes every and most appropriate decision related to the management of activities in full and complete autonomy and independence.

As of the date of preparation of this report, the Board of Directors of CY4Gate S.p.A. is composed as follows:

Domitilla Benigni (Chairman)
Emanuele Galtieri (CEO)
Alessandra Bucci (Independent Director)
Maria Giovanna Calloni (Independent Director)
Alessandro Chimenton
Roberto Ferraresi
Paolo Izzo
Cinzia Parolini (Independent Director)
Alberto Sangiovanni Vincentelli

Economic overview and reference markets

With regard to the economic overview, as the Bank of Italy stated in its Bulletin 1/2025, the economic situation remains robust in the United States but it is losing momentum in the other advanced economies. In China, the crisis in the real estate market continues to weigh on domestic demand. According to our estimates, world trade will expand slightly above 3 percent in 2025, in line with the expected trend in global output. However, the outlook for international trade could be adversely affected not only by heightened geopolitical tensions, but also by the announced tightening of US trade policy. Oil prices have seen only a modest increase, while natural gas prices remain volatile and subject to upward pressures due to both demand- and supply-related factors.

As expected, inflation rose slightly in the US; it fell slightly in the UK while in Japan it rose more than expected. At its December meeting, the Federal Reserve again cut its policy rates by 25 basis points to 4.25-4.50 percent. Compared to previous meetings, the members of the Federal Open Market Committee expect a more gradual normalization of monetary policy in light of the slower decline in inflation and the low level of unemployment. This contributed to the sharp appreciation of the dollar against other major currencies, including the euro. In the same month, the Bank of England and the Bank of Japan left rates unchanged. The Chinese authorities announced a package of measures to support domestic consumption, which would complement the Central Bank of the People's Republic of China's commitment to maintain an expansionary monetary stance.

On the basis of the available information, economic growth in the euro area weakened at the end of 2024, adversely affected by sluggish consumption and investments and declining exports. The trend in manufacturing remains unsatisfying, particularly in Germany; the impetus provided by services has also weakened. Inflation remains moderate, at around 2 percent, with the core component remaining broadly stable: the price change in services is still relatively high, partly reflecting lagged adjustments to past inflation. In December, Eurosystem experts revised the area's growth forecasts downwards to above 1 percent per year in the 2025-27 three-year period; inflation is expected to stabilize around the European Central Bank's target of 2 percent.

In December, the Governing Council of the ECB cut policy interest rates by a further 25 basis points. Markets expect a further reduction of approximately 75 basis points in 2025. Despite the gradual easing of the monetary policy, credit dynamics in the euro area remain subdued due to high uncertainty and weak demand.

Economic activity in Italy remained weak in the fourth quarter of 2024, suffering as in the rest of the euro area from the persistent sluggishness in manufacturing and the slowdown in services. In construction, the stimulus provided by the National Recovery and Resilience Plan project is expected to offset the decline in the residential segment. Domestic demand is expected to be held back by the deceleration of households spending and by the ongoing adverse investment conditions. According to our projections, prepared as part of the Eurosystem's coordinated exercise, growth is expected to gain momentum during this year, averaging around 1 percent over the 2025-27 three-year period.

In the autumn, exports of Italian goods were reportedly held back by a sharp decline in global demand. The protectionist policies announced by the new US administration are likely to have a negative impact on the foreign sales of our country's companies that export to the US market, especially small- and medium-sized enterprises. The current account balance decreased in the third quarter, while still remaining in surplus. The net foreign creditor position has continued to strengthen. Foreign investors' purchases of Italian government bonds remained high, and the yield spread on the 10 year duration against the corresponding German bonds decreased.

Although the number of employees continues to grow, the number of hours worked per employee is declining and the use of the Income Support Fund (Cassa Integrazione Guadagni) remains high, especially in manufacturing. The gradual decline in participation, particularly in the younger segments of the population, continued into the autumn, helping to reduce the unemployment rate to an exceptionally low level. Contractual wage growth in the private sector remains solid, contributing to a gradual recovery in households purchasing power.

In the last months of 2024, the fall in energy prices helped to keep consumer inflation well below 2 percent. Core inflation remains moderate, though it is relatively higher in the services component. For the current year, companies anticipate modest increases in their price lists. According to our forecasts, the increase in consumer prices will be 1.5 percent in 2025-26 two-year period (up from 1.1 in 2024), reaching 2 percent in 2027, driven by temporary effects due to the entry into force of the new EU pollutant and greenhouse gas emission trading system.

The ECB's cuts in policy interest rates are being passed on, in line with historical patterns, to the cost of bank funding and credit. Given the weakness in investments, demand for financing by businesses remains subdued. The gradual recovery of household mortgages continues.

The European Commission positively assessed the program for the adjustment of public accounts, as outlined in the Medium-Term Fiscal-Structural Plan for the years 2025-31.

In the government's assessments, the budget maneuver approved in December entails an increase in the ratio of net debt to GDP of 0.4 percentage points in 2025, 0.6 in 2026 and 1.1 in 2027. About half of the resources earmarked for expansionary measures would be used to make the personal income tax (IRPEF) reform and the measures to reduce the tax wedge structural.

In a global context, the risk of cyber-attacks continues to be a major global threat. The World Economic Forum's Global Risks Report 2025 reveals an increasingly fragmented international landscape with escalating geopolitical, environmental, social and technological challenges that threaten stability and progress.

In 2024, Italy experienced a significant increase in cyber-attacks. In the first half-year, the number of cyber-attacks recorded by Clusit experts increased by 23% compared to the previous six months, with an average of 9 serious attacks per day. A total of 1,927 cyber-attacks were recorded during the year, marking an increase of 18% compared to 2023. Healthcare was the most affected sector worldwide, while in Italy, for the first time, the manufacturing sector suffered the highest number of attacks, with an 83% increase in healthcare attacks compared to the first half of 2023.

As regards regulations, the NIS2 Directive, which came into force on January 17, 2023, extended the cybersecurity obligations to more operators than the previous 2016 NIS Directive. EU Member States have to transpose it into their national legislation by October 2024.

Italy is in the process of adapting its national legislation to NIS2, with a strengthening of the role of the National Cybersecurity Agency (ACN), established by Italian Legislative Decree No. 82 of June 14, 2022. The ACN is responsible for coordinating national cybersecurity strategies and promoting defense measures to ensure the country's resilience to cyber-attacks.

In 2023, the European Union adopted the Cyber Resilience Act, a regulation introducing security obligations for hardware and software manufacturers to ensure the protection of connected devices throughout their life cycle. In parallel, the Data Act and the Artificial Intelligence Act aim to regulate data management and the use of AI in a way that mitigates security and privacy risks.

At the national level, the Cyber Security Perimeter continues to be a pillar of Italy's cybersecurity strategy. The Italian Decree of the President of the Council of Ministers of October 21, 2021, which updated the application criteria, mandated the use of certified technologies for the protection of critical infrastructure, raising the entry barriers for non-EU suppliers.

The Russia-Ukraine conflict confirmed the key role of cyber warfare in modern hybrid warfare scenarios. The cyberattacks affected not only the parties directly involved, but also numerous European countries and global infrastructures. The use of destructive malware and disinformation campaigns has increased exponentially, with state-affiliated hacker groups being used to compromise sensitive data and destabilize economic and political systems.

In summary, 2024 saw a further intensification of cyber threats, marking an important resurgence of the phenomenon in the first two months of 2025 by Russian pro-government activists against Italian institutions, coinciding with the stance taken by national political bodies against the policy of war implemented by Russia. This has required and will increasingly require the development of more structured response capabilities by institutions and companies at national and European level. Regulatory adjustments and investments in cybersecurity will be crucial to reduce risk and ensure digital resilience in the long term.

The CY4Gate Group (hereinafter: CY4 or CY4Gate) structures its value proposition through two main business lines: Cyber Intelligence and Cyber Security, dividing its offer between products, services and solutions in both business lines. More specifically, the Cyber Intelligence segment is made up of proprietary "Decision intelligence" and "Forensic Intelligence" products, while the Cyber Security segment can rely on products and technologies for Cybersecurity as well as a part dedicated to consulting, training and Cybersecurity services.

In particular, the Group operates in the design, development and production of technologies, products, systems and services in order to meet the needs of "cyber intelligence and cybersecurity" of companies, Public Institutions, Police Forces, Italian and foreign Armed Forces that, in the use of communication networks, IOT and OT networks and the related data flows, must guarantee high standards of security and resilience against cyber-attacks and express the need to correlate significant volumes of data (known as big data) to enable decision-makers in the timely adoption of relevant initiatives and actions (known as decision intelligence).

Thanks to recent acquisitions made over the last three years (2022-2024), the Group's commercial offer has been extended with a wider portfolio of products that have enriched both business lines, cybersecurity and cyber intelligence, with cutting-edge software platforms capable of acting as gap fillers in relation to the emerging and increasingly challenging requirements demanded by customers and related to the evolution of technologies and threat scenarios. The process of establishing a hub of skills and technologies at national and European level in the cyber domain is being consolidated, with the CY4Gate group now able to rely on a portfolio of proprietary products - capable of providing an integrated response to major digital transformation, decision intelligence and cybersecurity projects - that has improved the customer value proposition, increasingly directed towards a "one stop shop" approach in the relevant industry.

With the acquisition of a 77.8% stake in the share capital of XTN Cognitive Security at the end of January 2024, the Group has entered a new and complementary business context that enriches and completes the offering on cybersecurity, allowing it to access the market of anti-banking fraud and mobile protection from malware and account takeover in other important industries such as the automotive, with important prospects also in Telco and Energy&Utilities.

Furthermore, the Group extended its offering to the SMEs in 2024, in response to the growing needs of the fast-growing SME cybersecurity services market, with projections of more than Euro 750 million in 2028. This was made possible thanks to the signing in July 2024 of binding agreements between CY4Gate S.p.A. and CDP Venture Capital SGR, Italy's leading venture capital manager owned by CDP Equity (70%) and Invitalia (30%) through the Boost Innovation Fund – a corporate venture building instrument – to enter into a strategic partnership through the establishment of Prontocyber Plus S.r.l., a joint venture based in Rome, dedicated to cybersecurity for SMEs, which is operating from September 1, 2024. The company offers comprehensive cybersecurity solutions – from data collection and risk assessment to recovery plans in the event of cyber/attacks – dedicated to the Italian SME segment, through an end-to-end approach that guarantees the highest level of risk protection. In addition to the cybersecurity services recently launched on the market under the "Helm On" brand, a dedicated cyber insurance product, specifically designed for SMEs, is also planned to be launched, which will provide comprehensive coverage against cyber risks.

The Group continues to be active also in the European reference panorama, participating – directly and/or through commercial partners – in projects of the European Union, among which stand out:

IDMO Project: the project called "Italian Digital Media Observatory", named after the National Observatory that promoted it, which aims to create technologies that – relying on advanced artificial intelligence algorithms – are able to identify fake news that create disinformation, through a real-time content verification activity, thus supporting the Observatory in the timely verification of the reliability of what is published. Cy4Gate will make its contribution to the project, particularly on the topic of AI.
FMB Tech Project: a European project that aims to define and specify the best and most innovative technologies that will contribute to the development of the Main Battle Tanks of the future, vehicles for land forces that will have to face the new and complex operational scenarios, which will present a high rate of digitalization and the ability to interface with unmanned systems as well as increase the efficiency of crews through the use of artificial intelligence. CY4Gate's role will be to identify the most innovative technologies to ensure the cyber defense of the vehicles.
ECYSAP Project: a European project for information defense (also known as "European Cyber Situational Awareness Platform") whose main objective is the creation of a European platform for cyber situational awareness capable of improving the work carried out by military personnel in cyber missions.
REACT Project: the project named "Responsive Electronic Attack for Cooperative Task'' and aims at the development of the so-called CEMA (Cyber Electro Magnetic Activities) capability and cyber resilience in the avionics domain.
CERERE Project: the project named "Cyber Electromagnetic Resilience Evaluation on Replicated Environment" which aims to develop an advanced capability to verify the cyber resilience of systems to planning and/or execution activities of attack chains through the use of the electromagnetic spectrum (i.e., the "CEMA").
CYBER4DE Project: launched as part of the European Industrial Development Program for Defense in December 2021, the "Cyber Rapid Response Toolbox for Defence Use" (CYBER4DE) project tackles the challenge of developing a modular and scalable rapid response system to handle IT incidents in various complex national and international scenarios, aiming to ensure a higher level of cyber resilience and collective response to cyber incidents by improving the processes and practices of the Cyber Rapid Response Teams (CRT).
International research project "AI Framework for Improving Cyber Defence Operations" (AInception), carried out by a consortium including CY4GATE, which was awarded funding in 2021 from the European Defence Fund (EDF) international research call to develop techniques and tools that – based on the use of advanced artificial intelligence algorithms – can detect possible malicious intrusions into systems and equipment at an early stage, generating alerts that prevent cyber-attacks from having an impact on vital defense and security activities.

The main end markets for the business lines of the company (Cyber Intelligence e Cyber Security) are the "AIRO" market (Cybersecurity Analytics, Intelligence, Response and Orchestration), as defined by the IDC Report Analyze the Future (the "IDC Report"), the Decision Intelligence market, which among the subcategories also includes "Forensic Analysis" as defined by the Market Research Future and Technavio report. The reference market is therefore represented by various industries in which the Company operates, both locally and internationally.

Overview of the markets in which the CY4Gate Group operates (Cyber Intelligence and Cyber Security)

Digitalization and data protection represent a fundamental pillar for the development of companies and the proper functioning of institutions as they guarantee the sustainability of business models and the traceability of information in a context characterized by a high technological content and the rapid introduction of innovative technologies capable of radically modifying this context.

As from 2024, the global Cyber Intelligence market is valued at around USD 13.3 billion and is expected to reach USD 50.1 billion by 2030, with a compound annual growth rate (CAGR) of 24.7%. This growth is fueled by the increasing need for data-driven decision-making processes across various sectors, including finance, healthcare, retail and manufacturing.

In 2024, the global market for cybersecurity products is estimated at USD 184 billion, up 13% year-on-year. This increase is due to the rise in cyber-attacks and the growing awareness of cyber threats. The market for cybersecurity services continues to represent a significant opportunity, driven by the growing demand for services such as penetration testing. In summary, Cyber Security and Cyber Intelligence markets are experiencing robust growth, supported by increasing digitalization, rising cyber threats and both public and private investments in advanced security and data analysis solutions.

SIGNIFICANT EVENTS OF THE YEAR

Acquisition of XTN Cognitive Security S.r.l.

On January 16, 2024, CY4Gate S.p.A., in partnership with Alfa Group, signed the contract for the purchase of 97.8% of XTN Cognitive security S.r.l. (hereinafter also "XTN").

The acquisition followed the announcement to the market and resolution of the Board of Directors of CY4Gate on November 14, 2023, as well as the signing of the preliminary agreement on the same date and the occurrence of certain resolved precedent conditions, including the positive outcome of the reverse merger by incorporation of XTN Cognitive Security into IKS TN. XTN is an Italian cybersecurity company, operating in the field of IT security and a leader in combating digital fraud with a significant footprint in banking and also present in the automotive market. Through its proprietary Cognitive Security Platform, XTN is able to protect critical digital-based processes through the use of Artificial Intelligence and Machine Learning algorithms. The company realizes 100% of its revenues in Italy. The acquisition occurred according to the following percentages:

CY4Gate purchased a stake equivalent to 77.8% of the share capital;
Alfa Group purchased a stake equivalent to 20% of the share capital;
The remaining 2.2% stake is held by the Management of the investee.

The total consideration for the operation amounted to Euro 12.2 million, agreed on the basis of an Enterprise Value of approximately Euro 10 million and on the net financial indebtedness of approximately Euro 2.5 million. As of the date of preparation of this document, 80% of the total consideration has been paid; the remaining 20% will be paid by June 30, 2027, and this amount may be reduced by up to 20% based on the investee's results as of December 31, 2026. The transfer agreement also provides for (i) Put and Call agreements exercisable in three years that will allow CY4Gate to acquire the 80% of the capital of XTN, and (ii) some contractual clauses to protect minorities and investment.

The acquisition of a majority stake in XTN was driven by the strategic objective of acquiring a technology that integrates and complements CY4Gate's portfolio, enabling it to rapidly enter the market and gain access to important new market segments. The product developed by XTN Cognitive complements the cybersecurity offering and reaches the banking market more effectively. The convergence of cybersecurity and anti-fraud, a trend that is emerging globally, will provide important business development opportunities both in terms of upselling the RTA SIEM that the company owns and integrating the offering into other markets such as automotive, energy, telco.

Acquisition of treasury shares

On February 27, 2024, the program for the acquisition of treasury shares initiated on August 8, 2023, was concluded and implemented in accordance with the authorization of the Shareholders' Meeting of April 27, 2023. As part of the aforementioned program, CY4Gate S.p.A. purchased on the Euronext Milan Market – STAR Segment in the period between January 1, 2024, and February 27, 2024, inclusive, a total of 450,000 ordinary shares of CY4Gate S.p.A equal to the maximum number of shares that can be purchased and to 1.91% of the share capital, at an average price of approximately Euro 6.59 each, for a total value of about Euro 3,214,883.

Finally, it should be noted that, pursuant to arts. 2357 et seq. of the Italian Civil Code, the Shareholders' Meeting of November 26, 2024, resolved to authorize the further acquisition of treasury shares, in one or more tranches, up to a maximum of 450,000 ordinary shares.

Establishment of Prontocyber Plus S.r.l.

Purchase of an additional stake in Diateam S.a.S.

Other significant events

The CY4Gate Group in year 2024 continued to make its overall value proposition more attractive, with clear product and service definitions, further developing its product catalog in the Cybersecurity, Intelligence, and CyberElectronicWarfare industries in collaboration with Elettronica S.p.A., as well as with significant players in the national scene. Among the main activities carried out in this regard during the year, the company:

dedicated considerable resources to Research and Development for products capable of offering customers innovative technologies and cutting-edge solutions;
strengthened the workforce during the year, hiring 132 resources, most of them dedicated to technical areas, compared to 109 departures. In addition to these are the 25 resources who joined the Group following the acquisition of XTN, which is further discussed below. The average number of employees in the Group in 2024 was 549. In 2024, CY4Gate also made use of external strategic resources for product development;
structured, defined and carried out important collaboration agreements with highly relevant players in the national scene;
continued to improve the state-of-the-art IT infrastructure, a key enabler for business development, in compliance with the particularly challenging requirements of the NIS Directive;
in terms of Quality Management, confirmed the ISO9001, ISO14001 and ISO27001 certifications, adopting a Privacy Management System in accordance with the current EU Reg. no. 679/16;
has an NCAGE code (NATO Commercial and Governmental Entity Code);
has the License pursuant to Art. 28 of the TULPS (Law on public security) for the design, manufacture, possession and sale of electronic equipment specifically designed for military use for the Armed Forces and Police Forces, both national and foreign;
holds NOSI (Industrial Security Clearance) since 2021, which in the Italian system is a clearance to handle information, documents or materials classified from very confidential up to top secret;
updated the Procedure for related-party transactions;
in December 2024, renewed its legality rating, with a score of three stars, improving the result compared to 2023 with a target corresponding to the maximum achievable score.

Regarding ESG, in 2024 the Group was awarded the "silver medal" by Ecovadis, a platform that assesses the sustainability performance of companies. Moreover, CY4Gate was awarded the Ethifinance rating with a score that was a significant improvement on the previous year and above the industry average, and XTN was mentioned as a "representative vendor" in Gartner's "Emerging Tech: 5 elements to prevent digital commerce fraud" report for the year 2024. For the year 2024, the Group prepared the Consolidated Sustainability Statement pursuant to Italian Legislative Decree 125/2024, for which reference is made to the section "Consolidated Sustainability Statement".

GROUP FINANCIAL PERFORMANCE AND KEY PERFORMANCE INDICATORS

The Group's growth path, which has continued its intense business development activity in the domestic and international market, concluded with a significant increase in order intake compared to the previous year +15%, confirming the solidity and scalability of the business model, consolidating a backlog creation process and focused on technological solutions capable of meeting the increasingly challenging needs of cyber intelligence and cybersecurity. In particular, the 2024 results confirm the consolidation of the CY4Gate Group in the defense and government sectors. Activities in the corporate sector are gradually expanding, thanks to the creation of a dedicated and structured sales force and the investments made that will allow the Group to continue its progressive and solid business development path in this sector, accruing sustainable growth over time. However, the seasonality of turnover remains, historically concentrated in the last quarter of the year, especially in the defense segment and foreign business. The results show a growing performance trend for cybersecurity, supported by important projects in the institutional sector, driven especially by the Cyber Range; the cybersecurity segment also benefits from the consolidation of XTN Cognitive Security S.r.l. As for SIEM RTA, a flagship product for the detection of cyber/attacks, it is worth noting its recent inclusion in Gartner's peer insight. The product is experiencing renewed interest in the corporate market, with good prospects also in the OT/IoT security sector.

Consolidated revenues show an increase compared to those of the previous year due to the expansion of the proprietary product portfolio and the contribution of XTN, consolidated as from January 1, 2024.

The acquisition of XTN follows the previous M&A transactions of the Aurora Group in 2022 (now RCS Group), a market leader in the Forensic Intelligence segment, and of Diateam S.a.S. in 2023, a French company specialized in the design and development of technologies applied to cybersecurity, and the recent establishment of Prontocyber Plus. These initiatives are entirely coherent and convergent with the Group's strategic vision of continuing along the path undertaken to establish a hub of national and European skills and technology in the field of cyber intelligence and cybersecurity, through a portfolio of proprietary products suitable to provide an integrated response to the market's significant digital transformation and cybersecurity requirements, enabling significant technical synergies, a rapid go to market and an access to new important market segments.

For both Cyber Security and Cyber Intelligence business lines, there are ongoing projects that have led to the signing of new contracts that are enabling the acquisition of additional orders, skills and know-how.

The initiatives implemented during the year, in line with the Group's strategy and which will continue for the following two-year period, have enabled the Group to strengthen its ability to build backlogs, in particular thanks to the defense market characterized by multi-year orders, and thus gradually reduce the seasonal effect of a business that also accounted for approximately 37% of total revenues in the last quarter of 2024. An important contribution to the top line, starting as early as 2024, and to the deseasonalization will also come from the push into the Corporate market, which is also characterized by a multi-year order intake, for which the Group aims to consolidate in Italy and open up the European market.

The Forensic Intelligence market in Italy is stable, and the Group's activities aimed at increasing its market share for the acquisition of evidence using proprietary electronic devices during the year led to an increase in turnover with the same ministerial budget. While institutional sales in the country are in line with expectations, foreign sales are, however, more affected by the seasonality as well as international geopolitical tensions that have reduced purchasing activities by customers.

Some events in the foreign Forensic Intelligence market and in Corporate Italy characterized the last period of the year, slowing down the acquisition of budgeted orders from some domestic customers, with an impact on the results for the year.

In particular:

regarding the Decision Intelligence market, revenues stood at Euro 28.8 million in 2024 vs Euro 26.8 million in 2023 with an increase of 8%. Sales increased in the LEA (Law Enforcement Agency) market, both domestically and in foreign markets;
the Forensic Intelligence market recorded a sharp decline compared to the previous year: Euro 21.5 million in 2024 vs Euro 30.0 million in 2023 (-28%). In this case, sales slowed down in the foreign LEA market, where there were more business opportunities, but not the expected conversion into orders due to delays in the conclusion and awarding of some foreign tenders due to the international crisis context;
for the cybersecurity market, revenues were Euro 22.1 million in 2024, up 128% from Euro 9.7 million in 2023. The significant growth is partly due to the acquisition of XTN as well as the start of the first major cybersecurity projects in the defense world with a multi-year time horizon.

The Group has continued to invest to expand its product portfolio and structure itself to face future challenges in relation to the significant increase in opportunities. R&D investments have been made in all three segments with a predominant focus still in Decision and Forensic Intelligence.

The order intake, which in 2024 is up 15% compared to 2023, the growth of Backlog (+40% compared to 2023) and the growth of the pipeline confirm that the strategic vision and ambition of the company; supported by significant M&A transactions that took place in the 2022-2024 three-year period, they are leading towards a progressive consolidation of a leadership position of CY4Gate in Italy and abroad.

MAIN ALTERNATIVE INDICATORS OF THE GROUP'S PERFORMANCE

The management of CY4Gate evaluates the performance of the Group based on some indicators discussed below. In particular, EBITDA is used as the main profitability indicator, as it makes it possible to analyze the Group's margin by eliminating the effects arising from volatility originated from non-recurring, exceptional or extraneous economic elements to ordinary management. Below, in addition to the financial indicators provided by the International Financial Reporting Standards (IFRS), some indicators derived from these latter, although they are not provided for by the IFRS (Alternative Performance Indicators), and the components of each of these indicators are presented:

Adjusted EBITDA is calculated by adjusting the profit/(loss) for the year to exclude the effect of taxes, net financial income/(expense), depreciation and amortization, impairment losses and value adjustments of financial assets as well as (income) expenses considered by the Group to be non-recurring and exceptional, mainly related to the M&A activities and, with regard to the consolidated financial statements, the amortization resulting from the Purchase Price Allocation (PPA) following the allocation of part of the acquisition price of RCS, Diateam and XTN in intangible assets;
EBIT is calculated by adjusting the profit/(loss) for the year to exclude the effect of taxes and financial income/(expense);
Adjusted EBIT is calculated by adjusting the profit/(loss) for the year to exclude the effect of taxes, financial income/(expense), as well as the income/(expenses) considered by the Group as non-recurring and exceptional as described above, as well as the amortization resulting from the PPA following the allocation of part of the acquisition price of RCS ETM Sicurezza S.p.A. (RCS) and control of Diateam S.a.S. (Diateam) and XTN in intangible assets;
Adjusted EBITDA Margin is calculated as the ratio of Adjusted EBITDA, as previously described, to total revenues;
Net financial position (NFP) is calculated by subtracting cash and cash equivalents and financial assets from current and non-current financial liabilities;
Adjusted Net financial position (Adjusted NFP) is calculated by excluding events considered by the Group to be non-characteristic and/or linked to non-recurring transactions from the Net financial position

(indebtedness). In particular, from a consolidated financial statements perspective, the financial liabilities recorded in relation to the business combination of Diateam and XTN, in order to reflect the present value of the liabilities arising from the put liabilities provided for in the acquisition contract on: (i) the remaining 29.34% of the share capital for the subsidiary Diateam; (ii) the 2.20% of the share capital held by some of the minority shareholders for the subsidiary XTN; from the Parent Company's financial statements perspective, the financial income recorded due to the change in fair value of the financial asset accounted for because of the aforementioned put option.

It was deemed appropriate to present these performance values at consolidated level in order to represent the financial trend of the Group net of non-recurring events, non-characteristic events and events related to non-recurring transactions, as identified. These indicators reflect the main economic and financial figures, minus the non-recurring income and expense not strictly correlated to the core business and therefore allow a performance analysis more consistent with previous periods.

The tables below present the main changes that characterized the Group's trend compared to the previous year. In this regard, it should be noted that the 2024 year data include, compared to the 2023 comparison, the balances of XTN consolidated as from January 1, 2024.

Reclassified statement of profit or loss	For the year ended
(in Euro)	December 31 2024	December 31 2023
Revenues	72,364,427	66,489,053
Other revenues and income	2,714,371	1,775,265
Revenues	75,078,798	68,264,318
Purchases, services and other operating costs	(30,335,440)	(27,144,755)
Personnel expenses	(32,791,815)	(29,056,401)
Costs	(63,127,255)	(56,201,156)
Adjusted EBITDA	11,951,543	12,063,162
Adjusted EBITDA Margin	15.9%	17.7%
Depreciation, amortization, impairment losses and value adjustments of financial assets	(16,794,237)	(12,270,083)
Adjusted EBIT	(4,842,694)	(206,921)
Depreciation and amortization (related to PPA)	(4,703,552)	(4,519,417)
EBIT	(9,546,245)	(4,726,338)
Net financial expense	(2,366,770)	(2,019,473)
Non-recurring costs (one off)	(332,192)	(2,747,305)
Income taxes	6,606,696	594,951
Profit/(loss) for the year	(5,638,510)	(8,898,165)
of which, attributable to non-controlling interests	1,763,176	1,806,514
Earnings/(loss) per share	(0.24)	(0.38)

CONSOLIDATED RECLASSIFIED STATEMENT OF PROFIT OR LOSS

Group investments in Research and Development activities amount to Euro 7.9 million in 2024 (Euro 7.2 million in 2023).

CONSOLIDATED RECLASSIFIED STATEMENT OF FINANCIAL POSITION

Reclassified Statement of Financial Position	As at
(in Euro)	December 31	December 31
	2024	2023
Non-current assets	97,966,248	87,936,990
Inventories	973,831	759,066
Contract assets/(liabilities)	5,957,176	3,109,905
Trade receivables	49,940,566	53,651,187
Trade payables	(11,918,398)	(14,377,973)
OPERATING WORKING CAPITAL	44,953,174	43,142,185
Other assets (liabilities)	(9,707,168)	(6,307,719)
NET WORKING CAPITAL	35,246,006	36,834,466
NET INVESTED CAPITAL	133,212,255	124,771,456
Cash and cash equivalents	14,537,530	17,561,190
Financial assets	1,472,983	1,369,509
Financial liabilities	(41,070,787)	(28,798,385)
Lease liabilities	(5,859,148)	(3,778,467)
Net financial position	(30,919,422)	(13,646,153)
Adjustments for extraordinary events and/or non-recurring transactions	(4,173,798)	(5,740,397)
Adjusted Net financial position	(26,745,624)	(7,905,756)
Equity	(102,292,833)	(111,125,303)
Total sources	(133,212,255)	(124,771,456)

Below are some comments on the main figures of the Group and of the parent company CY4Gate S.p.A. presented above:

Group revenues as of December 31, 2023 amount to Euro 72 million, with an increase of 9% compared to December 31, 2023 (Euro 66 million), with the recent acquisition of XTN contributing Euro 4.8 million to the item. The Parent Company contributes to these revenues for Euro 22 million (+29% compared to the Euro 17 million of revenues for the year 2023). Group purchases, services and personnel expenses, including overtime pay, amount to approximately Euro 63.5 million (Euro 58.9 million as of December 31, 2023), with a contribution from the Parent Company of Euro 23.5 million (Euro 19.7 million in 2023).

Group Adjusted EBITDA amounted to Euro 12.0 million (Euro 12.1 million as of December 31, 2023) with an Adjusted EBITDA Margin of 16%. With reference to the Parent Company, Adjusted EBITDA amounted to Euro 1.4 million (Euro - 0.6 million as of December 31, 2023).

Group depreciation, amortization, impairment losses and value adjustments collectively amounted to Euro 21.5 million (Euro 16.8 million in 2023), of which Euro 4.7 million relating to the amortization of the purchase price allocation (PPA) carried out on the higher value of the assets acquired through the purchase of the RCS Group in 2022, which involved the allocation of approximately Euro 12 million to assets related to proprietary software; the higher value of the assets acquired through the Diateam operation in 2023, which involved the allocation of approximately Euro 3 million to assets related to proprietary software; as well as the higher value of the assets acquired through the XTN operation in 2024, which involved the allocation of approximately Euro 1.8 million to assets related to the brand. These assets, recognized in accordance with IFRS3, are amortized in 3 years for the acquisition of the RCS Group, in 7 years for the acquisition of Diateam and in 10 years for the acquisition of XTN.

Group Adjusted EBIT is Euro -4.8 million (Euro -0.2 million in 2023), adjusted for the above described PPA phenomenon, as well as for the non-recurring costs incurred during 2024 of Euro 0.3 million (of which Euro 0.26 attributable to the Parent Company) mainly attributable to M&A activities. In 2023, the non-recurring costs mainly related to the translisting and integration operation, which involved costs of Euro 2.7 million, of which Euro 1.6 million were incurred by CY4Gate S.p.A.

The net balance of income taxes is positive for Euro 6.6 million due mainly to the allocation of deferred tax assets mainly in response to tax losses and from the discharge of deferred taxes connected to the purchase price allocation. As a result of the above, the loss for the year amounted to Euro 5.6 million (loss of Euro 8.9 million as of December 31, 2023). With reference to CY4Gate S.p.A., income taxes are positive for Euro 3.0 million; the loss for the year amounted to Euro 5.9 million (loss of Euro 11.1 million for the previous year).

Total Group equity amounted to Euro 102.3 million (Euro 111.1 million as of December 31, 2023).

The Adjusted Net Financial Position showed a balance of financial liabilities greater than financial assets, of Euro 26.7 million (Euro 7.9 million as of December 31, 2023), including the lease liabilities under to IFRS 16.

Financial liabilities and lease liabilities amounted to Euro 46.9 million, an increase of approximately Euro 14.4 million compared to December 31, 2023 (Euro 32.6 million), mainly due to the effect of drawdowns of available lines made during the year, net of repayments. This value excludes Euro 4.2 million, included in the "Adjustments for extraordinary events and/or non-recurring transactions", representing the present value of the put liabilities provided for by the acquisition contract on the remaining 29.34% of the share capital of Diateam S.a.S. and by the acquisition contract on the remaining 2.2% of the share capital of XTN (put liabilities recognized in the consolidated financial statements of CY4Gate following the application of the anticipated acquisition method as permitted by the reference accounting standards).

With reference to financial liabilities, these consist mainly of financial payables of the Parent Company and the subsidiary RCS. With reference to CY4Gate S.p.A., in particular, they mainly relate to the loan for the acquisition of the RCS Group of Euro 8.4 million; the loan for the acquisition of control of Diateam of Euro 5.5 million; Euro 1.6 million for the acquisition of a further 15.33% stake in the share capital of Diateam during the year, through the exercise of put & call agreements provided for in the contract; the loan for the acquisition of XTN of Euro 8.7 million, and Euro 4.4 million of liabilities connected to the Acquisition/Capex line for draws made during the year to finance capex for the period. RCS's financial liabilities as of December 31, 2024, amounted to approximately Euro 6.6 million, mainly to support working capital and investments for the period.

As for the Parent Company, the equity amounted to Euro 103.5 million (Euro 111 million as of December 31, 2023). For the reconciliation between consolidated and separate equity, please refer to the following detailed table.

	Equity as of December 31, 2024, before result for the year	Profit/(loss) for the year 2024	Equity as of December 31, 2024	Equity as of December 31, 2023, before result for the year	Profit/(loss) for the year 2023	Equity as of December 31, 2023
CY4Gate S.p.A.	109,460,279	(5,964,955)	103,495,323	122,112,383	(11,104,148)	111,008,235
Subsidiaries' equity and result for the year	43,571,071	4,053,249	47,624,320	37,695,765	6,932,003	44,627,768
Non-controlling interests	(1,429,408)	(1,763,176)	(3,192,583)	(769,177)	(1,806,514)	(2,575,691)
Elimination of investments in subsidiaries	(93,956,317)	-	(93,956,317)	(81,859,590)	-	(81,859,590)
Recognition of goodwill	48,698,837	-	48,698,837	41,589,067	-	41,589,067
Purchase Price Allocation effects	6,905,369	(3,366,993)	3,538,377	8,801,658	(3,233,293)	5,568,366
Put financial liability recognition	(4,418,333)	(123,014)	(4,541,347)	(5,187,182)	(596,347)	(5,783,529)
Other consolidation adjustments	(2,329,563)	(236,796)	(2,566,359)	(3,128,633)	(896,383)	(4,025,016)
Equity and profit for the year attributable to the owners of the parent	106,501,936	(7,401,686)	99,100,250	119,254,291	(10,704,682)	108,549,610
Equity attributable to non-controlling interests	1,429,408	1,763,176	3,192,583	769,177	1,806,514	2,575,691

Total equity 107,931,344 (5,638,510) 102,292,833 120,023,468 (8,898,168) 111,125,300

The Adjusted Net Financial Position of CY4Gate S.p.A. is cash negative for Euro -24 million (Euro -15 million as of December 31, 2023), including lease liabilities under IFRS 16. As of December 31, 2024, the amount excludes Euro 368 thousand (Euro 43 thousand as of December 31, 2023) of "Adjustments for non-core events and/or non-recurring transactions", representing the fair value of the option connected to the purchase of the remaining 29.34% of the share capital of Diateam.

It should be noted that CY4Gate S.p.A. also holds a derivative representing the fair value of the option to purchase additional 2.2% of XTN's share capital, the fair value of which was zero as of December 31, 2024.

CONSOLIDATED NET FINANCIAL POSITION

The following is the detailed statement of the composition of the Net Financial Position of the Group as of December 31, 2024, as required by Consob communication no. DEM/6064293 of July 28, 2006 and in compliance with Warning no. 5/21 issued by Consob on April 29, 2021 with reference to ESMA Orientation 32-382-1128 of March 4, 2021.

For the same detail relating to the Parent Company, please refer to Note 22 "Current and non-current financial liabilities" of CY4Gate S.p.A. financial statements as of December 31, 2024.

	As of December 31
(in Euro)	2024	of which to related parties	2023	of which to related parties
A. Cash	(14,537,530)	-	(17,561,190)	-
B. Cash equivalents	-	-	-	-
C. Other current financial assets	(667,780)	(419,000)	(985,189)	(19,000)
D. Liquidity (A+B+C)	(15,205,310)	(419,000)	(18,546,379)	(19,000)
E. Current financial debt (including debt instruments, but excluding the current portion of non-current financial debt)	5,295,877	-	1,297,081	-
F. Current portion of non-current financial debt	12,887,026	256,718	8,030,891	244,994
G. Current financial indebtedness (E+F)	18,182,902	-	9,327,972	244,994
H. Net current financial indebtedness (G+D)	2,977,592	256,718	(9,218,407)	225,994
I. Non-current financial debt (excluding current portion and debt instruments)	28,269,571	474,237	22,932,633	729,795
J. Debt instruments	-	-	-	-
K. Non-current trade and other payables	-	-	-	-
L. Non-current financial indebtedness (I+J+K)	28,269,570	474,237	22,932,633	729,795
M. Total financial indebtedness as per ESMA Recommendation of March 4, 2021 (H+L)	31,247,162	730,955	13,714,226	955,789
N. Non-current financial assets	(327,742)	-	(68,066)	-
Net Financial Position (indebtedness) (M+N)	30,919,422	730,955	13,646,160	955,789
O. Adjustments for extraordinary events and/or non recurring transactions	(4,173,798)	-	(5,740,397)	-
Adjusted Net Financial Position (indebtedness) (M+N+O)	(26,745,624)	730,955	7,905,763	951,789

The item "C. Other current financial assets" includes the item of the consolidated financial statements as of December 31, 2024 relating to current financial assets (Euro 971 thousand) excluding derivative financial instruments classified in this item (Euro 303 thousand).

The item "E. Current financial debt" includes the current portion of the items in the consolidated financial statements as of December 31, 2024 for loans (Euro 5,200 thousand) and other loans and borrowings (Euro 96 thousand).

The item "F. Current portion of non-current financial debt" includes the current portion of the item in the consolidated

financial statements as of December 31, 2024 related to loans (Euro 9,732 thousand), other loans and borrowings (Euro 44 thousand), the liability connected to the put option on business combinations (Euro 1,782 thousand), the current portion of the item in the consolidated financial statements as of December 31, 2024 related to current lease liabilities (Euro 1,632 thousand), as well as the current portion of financial derivative instruments (Euro 303 thousand).

The item "I. Non-current financial debt" includes items in the consolidated financial statements as of December 31, 2024 related to non-current financial liabilities related to loans (Euro 21,820 thousand), other loans and borrowings (Euro 5 thousand), to the non-current portion of the financial liability related to the put agreements included in the acquisition contract of the subsidiary Diateam (Euro 2,153 thousand) and of the subsidiary XTN (Euro 239 thousand); to non-current lease liabilities (Euro 4,227 thousand), as well as the non-current portion of financial derivative instruments (Euro 175 thousand).

The item "N. Non-current financial assets" corresponds to the item in the consolidated financial statements as of December 31, 2024 related to non-current financial assets (Euro 502 thousand), excluding financial derivative instruments classified in this item (Euro 175 thousand).

The item "O. Adjustments for extraordinary events and/or non-recurring transactions" includes the financial liability recorded in relation to the business combination of Diateam and XTN in order to reflect the present value of the liability arising from the aforementioned put liabilities.

CONSOLIDATED STATEMENT OF CASH FLOWS

	For the year ended December 31
(in Euro)	2024	2023

A) Net cash flows from operating activities	11,780,267	20,461,489
B) Net cash flows from investing activities	(21,592,217)	(26,071,342)
C) Net cash flows from financing activities	6,788,290	3,285,538
Total change in cash and cash equivalents	(3,023,660)	(2,324,315)
Opening cash and cash equivalents	17,561,190	19,885,505
Closing cash and cash equivalents	14,537,530	17,561,190

The cash flow from operating activities in the 2024 year generated liquidity of Euro 11,780 thousand (Euro 20,461 thousand for the 2023 year), a decrease of Euro 8,681 thousand compared to the previous year, mainly due to the lower liquidity generated in relation to changes in net working capital.

The cash flows from investing activities totaled Euro 21,592 thousand, mainly due to the portion related to investments in intangible assets, amounting to Euro 12,144 thousand for the year ended December 31, 2024, and to the acquisition of the company XTN and the acquisition of an additional 15.33% of Diateam S.a.S. in the year. During 2024, the cash flows from financing activities generated liquidity of Euro 6,788 thousand, mainly in relation to the net uses of credit lines, partially offset by the acquisition of treasury shares made during the year; to dividends distribution to minority shareholders of some subsidiaries and to the repayments of liabilities for leased assets.

The demand generated by the investment activity was almost entirely met by the contribution of the cash flows generated from operating and financing activities, respectively positive for Euro 11,780 thousand and Euro 6,788 thousand, as mentioned above. The greater liquidity requirement resulting from the investment activities led to a negative change in the balance of cash and cash equivalents amounting to Euro 3,024 thousand for the year ended December 31, 2024, for a total balance at the end of the year amounting to Euro 14,538 thousand.

HUMAN RESOURCES

With reference to the personnel employed during the year, the Group carries out its activities in full compliance with the provisions on the environment and hygiene in the workplace, as well as in line with applicable foreign local regulations. Below is the composition of the workforce of the CY4Gate Group as of December 31, 2024 with evidence of the movement of the year, and the average number of employees of the year 2024 compared to the previous year.

	Executive Managers	Middle Managers	Employees	Apprentices	Total
12/31/2023	23	73	360	48	504
Acquisition of XTN	-	2	23	-	25
inflows (+)	3	17	102	10	132
transformations	1	7	3	(11)	-
outflows (-)	(2)	(16)	(85)	(6)	(109)
12/31/2024	25	83	403	41	552

Average number of employees	2024	2023
Executive Managers	25	23
Middle Managers	81	74
Employees	443	398
Total	549	495

Please note that CY4Gate S.p.A. has set up for its executive managers and for some executive managers and other top managers of some subsidiaries an Incentive Plan (Stock Grant Plan), consisting of the allocation of the Company's shares, free of charge, upon achieving certain economic and financial targets. For more information, please refer to the paragraph "Purchases, services and personnel expenses" in the Consolidated Financial Statements.

SUBSEQUENT EVENTS

Inclusion of XTN Cognitive Security S.r.l. in the National Tax Consolidation System

On March 6, 2025, the Company's Board of Directors resolved to include XTN Cognitive Security S.r.l. in CY4Gate S.p.A.'s National Tax Consolidation System for the 2025-2027 three-year period.

Payment of loan instalment to Prontocyber Plus S.r.l.

In January 2025, the Company made a payment of Euro 575 thousand of non-interest-bearing loan to the subsidiary Prontocyber Plus S.r.l., reaching the total amount agreed between the parties of Euro 975 thousand, of which Euro 400 thousand was paid in 2024.

BUSINESS OUTLOOK

The Group will continue its growth path focusing on strong consolidation, efficiency and creation of synergies with the acquired companies, while consistently maintaining technological excellence and enhancing the broad product portfolio, which now includes leading cyber solutions capable of supporting the most challenging customer needs. The current organizational structure and resources will support future growth with a strong increase in operating leverage.

The strategy for the following two years will aim to:

intercept the growing needs of the Defense market, characterized by significant investments globally, and multiyear contracts with important size, accelerating the creation of backlog and therefore, contributing – together with the Corporate market – in reducing the risks of seasonality;
further consolidate the leadership position in Italy on the Security & Law Enforcement market (with initiatives aimed at mitigating the potential effects resulting from the reforms started in the industry) and strengthen, making it structural, growth in EU countries;
ensure a greater expansion in the Italian Corporate market on cybersecurity, enabled by M&A, with a progressive penetration in Europe; the development of the Corporate market is an important tool for mitigating the seasonality of the Group's business.

In particular, the following three markets are identified as priorities for the implementation of the strategy, in each of which the Group is currently present and will pursue the following actions over the next two years:

DEFENCE

strengthening of industrial partnerships with the major players in the Italian and European Aerospace & Defence segment;
opening of new markets abroad, exploiting the possibilities offered by the training activities of the Cyber Academy and the Cyber Labs as "entry point capabilities" to then initiate upselling initiatives;
increase in market share on the domestic and international market both through direct sales to the end customer and with the support of ELT Group, founder and reference shareholder of CY4Gate, which can count on a well-established presence spanning over seventy years in the Defence market;
direct participation and/or in partnership in EU (EDA, ESA) or NATO tenders that finance research and development in cyber;
adherence to international consortia or JV for multi-year defense programs abroad, where local presence is required as an enabling requirement to fulfill offset obligations.

SECURITY & LAW ENFORCEMENT

consolidation in the Italian market, aiming at streamlining services and higher-value activities for the benefit of Italian public prosecutors' offices;
implementation of targeted technological partnerships with "boutique" companies with the aim of sharing investments to reduce the need for resources (human and financial) necessary to cope with the rapid obsolescence of the typical technologies of the industry;
increase in market share both in Italy and abroad on the new concept tactical devices produced by the Group;
progressive improvement of presence in the European area, which offers guarantees of greater predictability and business stability, starting from the Spanish market on which the Group can already count on a multi-year presence.

CORPORATE ITALY and EU MARKET

in line with new market trends and strong with a significant basket of cyber products, we proceeded to the implementation of a distinctive "customer value proposition" focused more on "capabilities" than on "products". The products and technologies will constitute, in this new model, the enabling factors to ensure those capabilities and performance that the customer requires for the satisfaction of cyber protection needs;
integration of sales force efforts with new and effective channel partnerships;
expansion of the domestic market with a focus on large/ and medium-sized companies, thanks to a renewed sales team, expert in the industry and geographically located in the areas of greatest interest for the business;
leveraging the customer network derived from the acquisition of XTN, we will act in pursuing up-selling and cross-selling opportunities on new market segments (telco, automotive, luxury, etc.);
progressive expansion of sales over the three-year period on new geographical areas in the EU, establishing collaborations with channels operating abroad and promoting the development of an international sales team.

Management will also be aimed at implementing the roll-out of synergies between the affiliated companies after three years of intensive M&A activities, with a view to optimizing the entire cost structure, fully streamlining the organizational model and processes, and capitalizing on the investments made and in progress.

The scouting of potential targets to support organic growth will continue with ad/hoc M&A initiatives that bring cyber technology and expertise that can be integrated and synergic with the current portfolio.

MAIN RISKS AND UNCERTAINTIES

RISK MANAGEMENT

The Group's activities are exposed to the following risks:

market risk, defined as currency risk, for transactions in currencies other than the presentation currency; interest rate risk, related to financial exposure, and price risk;
credit risk, arising from normal business operations or financing activities;
liquidity risk, related to the availability of financial resources and access to the credit market;
capital risk;
authorization risk;
reputational risk;
human resources risk;
technological risk.

The Group's risk management strategy is aimed at minimizing potential negative effects on the Group's financial performance.

INTEREST RATE RISK

The Group, in choosing financing and investment transactions, has adopted criteria of prudence and limited risk and has not carried out speculative operations. It should be noted that the Group has sought to hedge itself from financial risk, and in particular from the risk of rising interest rates, by entering into "Interest Rate Swap" contracts, financial instruments to hedge the risk of fluctuation of the interest rate applied to variable rate financing contracts. The aforementioned "Interest Rate Swaps" should be considered as hedging transactions and their impact on the result of the period is given exclusively by the accounting of the active and passive differentials on the interest rates accrued as of December 31, 2024. Below are the main data of these contracts:

Bank	Agreement date	Expiry date	Reference principal (in Euro)	Outstanding principal (in Euro)	MTM (in Euro)
INTESA	06/25/2021	06/25/2025	2,813,751	377,345	4,137
INTESA	01/18/2024	11/30/2026	2,750,000	2,000,000	(7,927)
ICCREA	05/24/2022	03/29/2028	5,000,000	3,600,000	41,187
CREDIT AGRICOLE	05/24/2022	03/29/2028	7,500,000	5,400,000	64,589

CURRENCY RISK

The Group believes it is not significantly exposed to fluctuations in exchange rates; therefore, it does not carry out transactions in derivative financial instruments to hedge against currency risk. In particular, although the Group operates abroad, its agreements are mainly regulated in Euro, and its exposure to foreign countries is limited and there are no financial liabilities in currencies other than the Euro.

PRICE RISK

The Group believes it is not significantly exposed to the movements of raw material and commodity prices used in the production process and the resulting influence of these on operating margins.

CREDIT RISK

Credit risk essentially derives from trade receivables. To mitigate the credit risk related to counterparties in trade transactions, the Group has implemented procedures aimed at limiting the concentration of exposures to single counterparties or groups, through a creditworthiness analysis. Constant credit monitoring allows the Group to promptly verify any defaults or worsening of the creditworthiness of the counterparts and to adopt the relative mitigating actions. It is also specified that the credit risk is further limited considering the characteristics of the customers, largely public sector entities.

LIQUIDITY RISK

The liquidity risk is associated with the Group's ability to meet commitments primarily arising from financial liabilities. Prudent management of liquidity risk originated from the Group's normal operations implies maintaining an adequate level of cash availability and the availability of funds obtainable through an adequate amount of credit lines. Cash flows, financing needs and liquidity are constantly monitored and managed with the aim of ensuring effective and efficient management of financial resources.

CAPITAL RISK

The Group's objective in the scope of capital risk management is mainly to preserve the going concern in order to ensure returns to shareholders and benefits to all stakeholders. The Group also aims to maintain an optimal capital structure in order to reduce the cost of indebtedness.

AUTHORIZATION RISK

The Group operates in an industry characterized by multiple specific regulatory and regulatory disciplines. In particular, the Group's activity is conditioned by these regulations to the extent that they can influence the obtaining of the necessary authorizations for the sale of new products and services in particularly regulated markets, with specific reference to export extra UE. The procedures that must be followed to obtain such authorizations can be long, costly and with no guaranteed outcome. This risk is particularly significant if linked to the seasonality of the Group's business, characterized by a marked concentration in the last quarter of the year.

REPUTATIONAL RISK

The Group operates in a regulated sector, Forensic Intelligence, which by its nature is intended to support the Law Enforcement Agencies and national and foreign judicial bodies in conducting investigative activities using proprietary technologies. The Group always acts in full legitimacy, within a framework of preventive authorization by the competent authorities and imposes strict contractual clauses that prevent a "misuse" of its products by end-users, even up to the termination of the existing contract and the interruption of maintenance activities that enable the use of the products themselves. Nonetheless, circumstances may arise in which the improper use of the aforementioned technologies is reported through paper and/or online press with incomplete or incorrect information, which aims to discredit the Group, even if it has operated in full compliance with current regulations.

HUMAN RESOURCES RISK

The Group operates in an industry characterized by the need of companies to employ highly specialized personnel with high technical and professional skills and, therefore, the Group's success depends also on its ability to attract, train and retain staff with the level of specialization and technical and professional skills required. The current context, moreover, suffers from a severe lack of human resources with adequate technical preparation in the so-called "STEM" disciplines.

TECHNOLOGICAL RISK

Delays in product development or in adapting to technological evolution could negatively affect the Group's business relationships and limit market expansion, with a consequent effect of reducing the resources needed to develop new products and services, meet customer demands and maintain the Group's positioning in terms of innovation within the reference market.

TRANSACTIONS WITH RELATED PARTIES

CY4Gate S.p.A. adopted in 2023 a specific "Procedure for Transactions with Related Parties" (hereinafter the "Procedure") - with subordinate effect from the date of start of trading of ordinary shares on Euronext Milan, STAR segment - in implementation of the provisions pursuant to art. 2391-bis of the Civil Code and the Regulation containing provisions on transactions with related parties adopted by Consob with Resolution no. 17221 of March 12, 2010 and subsequent amendments and additions, subsequently amended on September 12, 2024 (the "OPC Regulation"). The Group applies the Procedure also taking into account the Consob Communication no. DEM/10078683, published on September 24, 2010, containing "Indications and guidelines for the application of the Regulation on transactions with related parties adopted with resolution no. 17221 of March 12, 2010 as subsequently amended".

The Procedure, as currently in force, is published on the Group's website: www.cy4gate.com under the "Governance" section, "Corporate Documents" area).

Pursuant to art. 5, paragraph 8, of the Regulation, it is noted that in 2024 no major transactions (as defined by art. 4, paragraph 1, letter a) and identified by the mentioned Procedure pursuant to Annex 3 to the Regulation), nor other transactions with related parties have significantly influenced the consolidated financial situation in the reference period. For details on relationships with related parties during the year, please refer to what is reported in the Explanatory Notes to the Financial Statements and to the consolidated financial statements, in the paragraph "Transactions with Related Parties".

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURES

The Corporate Governance model adopted by CY4Gate S.p.A. is in line with the principles contained in the "Code of Self-Discipline of Listed Companies", approved by the Committee for Corporate Governance and promoted by Borsa Italiana S.p.A., ABI, ANIA, Assogestioni, Assonime and Confindustria.

The Report on Corporate Governance and Ownership Structures for the year 2024, approved by the Board of Directors on March 12, 2025, is available on the Company's website www.cy4gate.com.

OTHER INFORMATION

Purchases or sales of parents' shares during the year

The Group companies have not made acquisitions or disposals of shares or quotas of parents, either directly, or through trustees or nominees.

Research and development activities

The Group has carried out research and development activities during the year, aimed at the creation and development of innovative products and cutting-edge technological solutions.

Treasury shares

It should be noted that as of December 31, 2024, there are 450,000 treasury shares in the portfolio, without a stated nominal value. It should also be noted that as of December 31, 2024, CY4Gate S.p.A. and the Group do not own shares of parent companies and none of the subsidiaries own shares of the parent company.

Management and coordination

As of the date of preparation of the financial statements, the company CY4Gate S.p.A. is not subject to management and coordination by any of its shareholders, pursuant to articles 2497 and following of the Civil Code, having verified that the assumption of article 2497-sexies of the Italian Civil Code does not apply.

Significant non-recurring, atypical and/or unusual events and operations

During the year 2024, no significant non-recurring atypical or unusual operations were carried out either with third parties or with related parties. Furthermore, during the year under review, no further significant non-recurring events occurred.

Assets designated for a specific transaction

There are no assets designated for a specific transaction.

Priorities for financial reporting supervision for 2024 contained in the ESMA European Common enforcement priorities document

On October 24, 2024, ESMA published the supervisory priorities for 2024 financial reporting. These priorities include:

Priorities related to IFRS financial statements Liquidity considerations: the focus of the Regulator, as far as applicable to the Group, is on disclosures related to financial liabilities and their classification as current or noncurrent, also in connection with covenants; as well as on the Statement of Cash Flows. In this regard, please refer to Statement of Cash Flows and Note 27 to the Consolidated Financial Statements.
Priorities related to IFRS financial statements Accounting policies, judgements and significant estimates: the Regulator's recommendations concern, in particular, revenues from contracts with customers, whose estimates underlying the calculation of work in progress must be reasonable and supported; situations of control, joint control and significant influence; general comments on accounting policies, judgments, significant estimates and related disclosures. In this regard, please refer to Note 2 to the Consolidated Financial Statements as well as the comments on revenues and contract assets and liabilities of the Consolidated Financial Statements.
Priorities related to ESEF reporting Common errors found in the Statement of Financial Position: it should be noted that the Regulator's recommendations regarding common ESEF tagging errors found in the Statement of Financial Position have been considered for the purposes of ESEF tagging in this document.

Climate-Related Matters

It is specified that given the type of business of the Company, there is no significant impact of climatic factors on the estimation and valuation processes used by the Directors in preparing the financial statements (described in the "Estimates and Assumptions" section of the notes); nor on the useful life and recoverability assessments of the assets recognized in the financial statements.

Remuneration Report

For information regarding the remuneration of directors, statutory auditors and key managers, reference is made to the report on the remuneration policy and on the remuneration paid, drawn up in accordance with articles 123-ter of the TUF (Consolidated Law on Finance) and 84-quater of the Issuers' Regulation as well as in compliance with what is recommended by art. 5 of the Corporate Governance Code, made available to the public on the Company's website (www.cy4gate.com) with the other methods provided for by current legislation.

CONSOLIDATED SUSTAINABILITY STATEMENT

1.GENERAL DISCLOSURES (ESRS 2)

BP-1 Basis for preparation of sustainability statement

CY4Gate Group falls under the scope of Legislative Decree 125/2024. This Consolidated Sustainability Statement has therefore been prepared on a consolidated basis in accordance with ESRS and provides an overview of the CY4Gate Group's sustainability performance for the financial year 2024. The objective of this Statement is to communicate our sustainability strategies, impacts and progress to our stakeholders in a transparent and comprehensive manner.

On the first reporting in accordance with the provisions of Legislative Decree 125/2024, particular attention was paid to the transposition of information requirements, both quantitative and qualitative, into data and descriptions of strategic relevance. It is specified that, for the reporting period 2023, the Group did not exceed 500 average employees and was therefore not subject to either the requirements of Legislative Decree 254/2016 or EU Regulation 2020/852.

This Consolidated Sustainability Statement has been prepared with reference to the implementation guidelines developed by EFRAG, with specific reference to 'Implementation Guide 3: List of ESRS Data Points (IG-3), therefore the references are the same as the IDs in IG 3 List of ESRS Data Points.

In this document are datapoints identified as material following the double materiality assessment and mandatory under ESRS; some phase-in and voluntary ESRS datapoints are included where available, otherwise the ESRS recommendation for phase-in periods of one to three years has been followed.

This statement is based on the principles set out in Appendix B - ESRS 1. The information has been prepared so as to ensure relevance, faithful representation, comparability, verifiability and comprehensibility. The reporting covers the activities of the following Group companies:

CY4GATE S.p.A. Holding
RCS ETM Sicurezza S.p.A. subsidiary company
Servizi Tattici Informativi Legali srl (STIL) subsidiary company merged in RCS on the 31st December 2024
Tykelab S.r.l. subsidiary company
Dars Telecom S.L. (DARS) subsidiary company
Diateam S.A.S. (Diateam) subsidiary company
XTN Cognitive Security S.r.l. (XTN) subsidiary company

The Group also has an associated company and a Joint Venture as detailed below:

Foretec S.A.S.: affiliated company subject to CY4Gate's influence by virtue of its indirect shareholding through RCS S.p.A. at 25%.
Prontocyber Plus S.r.l.: joint venture at 50%

The Group exercises no operational control over these two companies for the purposes of Consolidated Sustainability reporting. In particular, Foretec S.A.S. has no significant impacts, risks and opportunities for reporting purposes, therefore, the Group's Consolidated Sustainability Statement scope excludes it. Prontocyber is considered in the value chain, as per paragraph 5 'Value chain' art. 67, ESRS 1.

Below follows the structure of the Group:

The parent company CY4Gate S.p.A. was established in 2014 and is controlled by ELETTRONICA S.p.A. CY4Gate S.p.A. is a subsidiary of ELETTRONICA S.p.A. It does not benefit from the reporting exemption pursuant to Article 19a(9) or Article 29a(8) of Directive 2013/34/EU, as it is a large company and a public interest entity. Subsidiaries of the Holding Company included in the consolidation of this reporting, on the other hand, benefit from the above exemption.

The Group recognises the importance of involving all stakeholders in the value chain with which solid and lasting relationships are built. As proof of this 'modus operandi', this reporting covers the upstream and downstream value chain, as further explained in the relevant section 'SMB-2 Stakeholder Expectations and Interests', in order to identify and manage the sustainability factors most relevant to our business. Company policies, including 231 clauses and Code of Ethics, are applied to the upstream and downstream value chain.

The disclosures contain data on the upstream and downstream value chain as far as possible limited to business relations and relevant issues.

The Group has not exercised its right to omit information corresponding to intellectual property, know-how or innovation results, nor relating to upcoming developments or matters under negotiation.

BP-2 Disclosures in relation to specific circumstances

The Group adopted different time horizons from those indicated in ESRS 1 - section 6.4 to ensure better alignment and understanding with the strategic corporate documentation.

Here are the time horizons used:

Short term: within 1 year;
Medium-term: between 1 and 3 years;
Medium long term: between 3 and 5 years;
Long-term: beyond 5 years.

The assumptions used to calculate GHG emissions, their level of accuracy and the actions planned to improve it are described in the relevant sections ESRS E1. In addition, other assumptions related to the calculation of some metrics in ESRS S1 were also used (see the relevant section for more details).

Given that 2024 is the first year of Consolidated Sustainability Statement under the ESRS standards, the provisions relating to any changes in the preparation and presentation of information with respect to previous periods are not applicable. Similarly, there are no significant reporting errors relating to periods prior to this reporting period.

No information in addition to the information required by the ESRS standards has been included in this Consolidated Sustainability Statement.

The table below shows the information included in this Consolidated Sustainability Statement by reference:

Disclosure Requirement / Datapoint	Descrizione	Riferimento paragrafo
GOV-3	Incentive scheme related to sustainability targets	" Transactions with share-based payments" Consolidated Financial Statements

Transitional provisions in accordance with Appendix C of ESRS 1

Below are listed the issues found to be relevant from the double materiality assessment:

E1: Climate Change
S1: Own workforce
S2: Workers in the value chain
S3: Affected communities
S4: Consumers and end users
G1: Business Conduct

In accordance with Appendix C of ESRS 1, the Group, with a workforce of less than 750 employees at the end of the financial year 2024, has decided to omit information relating to the following material sustainability issues subject to phase-in:

Disclosure obligation	Description of disclosure duty	Omissions
SBM-1	Strategy, business model and value chain	Revenue distribution by significant ESRS sector
E1-6	Gross Scopes 1, 2, 3 and Total GHG emissions - Scope 3 GHG emission	Scope 3 GHG emission
E1-9	Disclosure of anticipated financial effects in terms of margin erosion for business activities at material transition risk	Information as of E1-9
S1-7	Disclosure of the most common types of non employees	All information
S1-11	Social protection	All information
S1-12	Persons with disabilities All information
S2	All disclosure requirements
S3	All disclosure requirements
S4	All disclosure requirements

Both with respect to relevant and reported sustainability issues, as well as issues for which the Group applies the transitional provisions, the Group is oriented towards the prevention of negative impacts and risks, favouring the generation of opportunities and positive effects: this attitude guides the development of technological solutions as well as the definition of strategies and organisational solutions. The Group identifies and assesses its environmental, social and economic impacts, both positive and negative, including value chain analysis.

Sustainability is an embedded part of the Group's vision and values, as a fundamental element of its identity and culture, and according to the dual materiality assessment, measurable sustainability objectives are defined and aligned with the Group's business strategy.

In accordance with the provisions of Appendix C of ESRS 1, as previously reported, the Group has decided to omit, for this financial year, the information related to topics S2 - Workers in the value chain, S3 - Affected communities and S4 - Consumers and end users. For theme S1 - Own workforce, the omission is instead partially in relation to specific metrics belonging to this theme.

ESRS S2 – Workers in the value chain

The Group recognises the importance of protecting human rights and working conditions throughout the value chain and is committed to operating in accordance with the highest ethical and sustainability standards. These principles are outlined in the Code of Ethics and the Organisational Model.

The Code of Ethics represents a binding reference framework for all levels, from governance to individual employees, and for anyone interacting with the Company. It sets out the fundamental values and rules of conduct that guide corporate decisions and actions, in line with the Group's Vision and Mission.

The Group has not defined a plan of actions and targets for the year 2024, these will be evaluated in the Sustainability Plan 2025 - 2029.

ESRS S3 – Affected communities

The Group has decided to adopt the phase-in option for these topics in 2024.

ESRS S4 – Consumers and end-users

The Group has agreed to adopt the phase-in option for these topics in 2024, as the requirements are met.

Governance

GOV-1 The role of the administrative, management and supervisory bodies

The Group applies responsible business conduct, with an integrated, risk assessment-based management approach, in order to:

integrate ESG risks and opportunities into planning and control systems
use shared rules of conduct and management systems to ensure compliance with regulations
ensure transparency of information towards stakeholders, fairness in behaviour and business relations, avoiding anti-competitive behaviour
promote the quality of services, products and workers' welfare,
operate in compliance through timely management of economic, social and environmental impacts.

The Group is committed to maintaining a system that favours the achievement of corporate objectives and the pursuit of ESG values and goals, and has therefore established a solid governance structure, with a Board of Directors whose characteristics and competencies guarantee competence, independence and the ability to guide the Group's development with a view to sustainability.

Furthermore, in order to guarantee adequate supervision of sustainability issues, an Internal Risk and Sustainability Control Committee has been set up to advise and make proposals to the Board of Directors on sustainability issues.

The main activities carried out by the Risk and Sustainability Control Committee during the financial year and up to the date of the Statement included analysis and assessment on ESG issues with a view to promoting the sustainable success of the Company: results and materiality assessment, sustainability plan, ESG reporting and meetings with specialist consultants and dedicated corporate function. This structure ensures an integrated and transparent approach to sustainability, in line with the highest standards of governance and reporting.

The appointment of CY4Gate's Board of Directors is carried out in compliance with the law and the applicable statutory provisions, based on lists submitted by the shareholders. Only shareholders who, alone or together with other shareholders, own a shareholding of at least 5% of the share capital are entitled to submit lists.

The Board of Directors of CY4Gate consists of nine members, as stated in the Corporate Governance Report. Among them, one holds executive positions, while eight are non-executive directors, three of whom meet the independence requirements. As of the date of this report, there are no members representing employees or other workers.

Below is the composition of the Board of Directors and the characteristics of the Company's administration, management and control bodies.

Name	Position	Date of first appointment	Other positions (number and commitment)
Domitilla Benigni	President of the Board of Directors	15/05/2020	3 positions: General Manager and Managing Director of ELT Group, Member of the Technical Scientific Committee of the National Cybersecurity Agency
Emanuele Galtieri	Chief Executive Officer	31/03/2021	1 office as General Manager of CY4Gate; 1 office as Chairman of the Board of Directors (BoD) within the group
Alberto Sangiovanni Vincentelli	Director	31/03/2021	4 positions as Board Member (Board of Directors) and 4 as President
Cinzia Parolini	Indipendent director	04/08/2021	1 position on university committees
Roberto Ferraresi	Director	15/03/2022	1 position as CEO (Chief Executive Officer)
Paolo Izzo	Director	04/11/2022	1 position as Vice President sales of Elt
Alessandro Chimenton	Director	26/07/2023	1 office as Member of the Board of Directors (Board of Directors)
Alessandra Bucci	Independent Director	27/04/2023	3 offices as Member of the BoD (Board of Directors) 4 positions as member of endoconsiliar committees and 1 as chairman, 1 position as Board of Directors (Board of Directors) contact person for Sustainability; 1 position as company chairman
Maria Giovanna Calloni	Independent Director	27/04/2023	4 positions as member of the BoD (Board of Directors)

The Board of Directors of CY4Gate

The administration, management and control bodies of CY4Gate are described in the corporate governance report. The composition by gender and age is shown below.

Administration, management and control bodies of CY4Gate

Members of the Board of Directors	N°	%
Independent members	3	33%
Female components	4	44%
Male components	5	56%
Members under 30 year	0	0%
Members between 30 and 50 years	2	22%
Members > 50 years	7	78%

Members of the Board of Auditors	N°	%
Independent members	3	100%
Female components	1	33%
Male components	2	67%
Members under 30 year	0	0%
Members between 30 and 50 years	0	0%
Members > 50 years	3	100%

Members of the Supervisory Board	N°	%
Independent members	3	100%
Female components	1	33%
Male components	2	67%
Members under 30 year	0	0%
Members between 30 and 50 years	1	33%
Members > 50 years	2	67%

Characteristics, professional experience and educational background of the Board of Directors guarantee competence, independence and the ability to direct the Group's development with a view to sustainability.

Cy4Gate's administration, management and control bodies have competences divided by sectors, products and geographical areas in which the Group operates, as shown in the table below.

The following tables show the competences of the various bodies and specify the percentage for each area, calculated by comparing the number of members with a single competence to the total number of members.

In this regard, it should be noted that the Board members, the Statutory Auditors and the Supervisory Board have the necessary competences in the area of sustainability to assess, analyse and plan CSRD activities.

Members of the Board of Directors AREA	Number of members	%
A) Strategic planning	9	100%
B) Risk management	6	67%
C) Innovation and technology	7	78%
C) Digital IT e cyber security	4	44%
E) Finance and business management	9	100%
F) Environmental sustainability	4	44%
G) Social sustainability	5	56%
H) Human resources management	1	11%
I) Legal	1	11%

Members of the Board of Auditors AREA	Number of members	%
A) Strategic planning	3	100%
B) Risk management	3	100%
C) Innovation and technology	3	100%
C) Digital IT e cyber security	0	0%
E) Finance and business management	3	100%
F) Environmental sustainability	0	0%
G) Social sustainability	3	100%
H) Human resources management	0	0%
I) Legal	3	100%

Members of the Supervisory Board AREA	Number of members	%
A) Strategic planning	2	67%
B) Risk management	2	67%
C) Innovation and technology	3	100%
C) Digital IT e cyber security	1	33%
E) Finance and business management	2	67%
F) Environmental sustainability	1	33%
G) Social sustainability	3	100%
H) Human resources management	0	0%
I) Legal	3	100%

The composition of the administration, management and control bodies ensures fair gender representation, promoting equal opportunities within the bodies, which are made up of 57% men and 43% women, with an average female gender ratio of 0.75. The percentage of independent directors on the Board of Directors is 33%, in line with best governance practices and to protect the interests of all shareholders.

In order to ensure adequate oversight of sustainability issues, as mentioned above, an Internal Risk and Sustainability Committee was established. For this Committee, roles and responsibilities were defined for the acquisition and analysis of key information related to:

Economic, environmental and social context
Economic and financial risks

- Regulatory compliance

ESG (Environmental, Social, Governance) issues

At the organizational structure level, a dedicated group has also been established for ESG issues with the following responsibilities:

Overseeing and managing ESG issues
Integrating ESG criteria into business processes
Preparing sustainability reporting, which is submitted for review to the Risk and Sustainability Committee and subsequently consulted and approved by the governing body.

Furthermore, the administrative, management, and control bodies play a crucial role in governance processes, controls, and procedures aimed at monitoring, managing, and supervising impacts, risks, and opportunities. They are also responsible for implementing an effective risk management system that includes the identification, assessment, and mitigation of risks, as well as the monitoring of performance and impacts.

These bodies define a three-year commitment plan, updated annually, based on the analysis of significant impacts for the organization. This plan defines specific, measurable, achievable, relevant, and time-bound (SMART) objectives and concrete actions to address challenges and seize opportunities related to sustainability. The Risk and Sustainability Committee, composed of independent directors, plays a fundamental role in this process, providing advice and support to the Board of Directors on sustainability issues, monitoring the effectiveness of the risk management system, and formulating recommendations for its continuous improvement.

The Group has adopted a traditional management model, consisting of a Shareholders' Meeting, a Board of Directors, and a Board of Statutory Auditors.

The Chief Executive Officer (CEO) is actively involved in defining priorities and commitments on sustainability issues, as well as in their reporting. This process is led by the Chief Financial Officer (CFO), who, with the support of a dedicated assessment and reporting team, coordinates and monitors the planning, implementation, and reporting activities.

The Audit and Risk Committee oversees the entire process, in close collaboration with other company functions, including Risk Management for the identification and assessment of risks, opportunities, and impacts, Compliance to ensure legislative and regulatory compliance, Internal Audit for periodic verifications, and all operational functions necessary for the implementation and monitoring of indicators.

The administrative, management, and control bodies, together with Senior Management, exercise active control over the definition of objectives related to relevant impacts, risks, and opportunities, constantly monitoring progress towards these goals. The Board of Directors plays a central role in this process, integrating sustainability into the Group's strategies, management, and operations. The Board of Directors defines the scope of Consolidated Sustainability Statement, evaluates and approves the results achieved and the commitments made, including through the approval of the Consolidated Sustainability Statement. This approach ensures that sustainability objectives are aligned with the business strategy and that progress is monitored and communicated transparently.

The administrative, management, and control bodies carefully assess whether the existing skills and capabilities are adequate to address sustainability challenges, considering both internal expertise and access to external resources.

These bodies, supported by members with expertise in sustainability, evaluate whether the skills are relevant to the company's material impacts, risks, and opportunities and whether it is necessary to acquire additional skills, through specific experts, training, or other initiatives to ensure effective oversight of sustainability issues.

Sustainability expertise is adequately distributed among the members of the Board of Directors. Based on the educational backgrounds and professional experiences of the Board members, the skills in environmental and social sustainability have scored 44% and 56% respectively.

Furthermore, skills in Innovation and Technologies show a result of 78%.

GOV-2 Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies

The administrative, management, and control bodies, as well as the internal board committees for matters within their competence, receive regular and updated information on relevant impacts, risks, and opportunities, on the implementation of due diligence procedures, and on the results and effectiveness of the policies, actions, metrics, and objectives adopted to address them. This information is provided by various sources, including:

Senior Management: which reports periodically on the progress of sustainability performance, the effectiveness of actions taken, and the emergence of new challenges or opportunities;
Control Functions: such as Risk Management, Compliance, and Internal Audit, which provide independent assessments of risks and the adequacy of controls;
External Experts: who may be involved to provide specialist opinions or to support the evaluation of complex situations.

The frequency with which the aforementioned information is provided varies depending on its nature and relevance. In general, the most strategic and general information is discussed at the Board of Directors level at least annually, in occasion of the approval of the sustainability report. Starting from 2024, such information falls within the scope of the sustainability statement, pursuant to Legislative Decree 125/2024. More operational and detailed information is subject to periodic reports and/or more frequent discussions at the level of specific committees, such as the Risk and Sustainability Committee. Thanks to this integrated structure, the administrative, management, and control bodies can make informed and conscious decisions, taking into account the long-term sustainability impacts, risks, and opportunities.

During the reporting period, the Control, Risk and Sustainability Committee (CCRS) was informed of the outcome of the double materiality analysis, which it shared, and of the development of the 2025-2029 sustainability plan. The Committee was also actively involved in the following topics:

Updates on anti-corruption and anti-money laundering matters: The Committee received and discussed the annual reports of the Anti-Money Laundering function, the Reporting Committee, and the Coordination and Consultation Body for the Prevention of Corruption, to assess the effectiveness of the preventive and control measures adopted by the company.
Environmental, Social, Governance (ESG) Project: The Committee met with the responsible managers to be updated on the progress of the project and participated in the selection of the consultant for the preparation of the 2024 Consolidated Sustainability Statement.
Appointment and evaluation of the Internal Audit role: The Committee evaluated the appointment of the person responsible for Internal Audit, to ensure adequate internal control and effective oversight of company risks.

These topics highlight the CCRS Committee's commitment to monitoring and addressing sustainability-related challenges and opportunities, with a particular focus on the prevention of corruption, the integration of ESG factors into the company's strategy, and the guarantee of an adequate internal control system.

GOV-3 Integration of sustainability-related performance in incentive schemes

The Group has a three-year Stock Grant Plan 2023-2025 - governed by a specific regulation called the "Stock Grant Plan" - intended for the managers of the Parent Company and some managers and other top figures of subsidiaries, with objectives subject to annual verification, approved by the Board of Directors of CY4Gate S.p.A.

Among the objectives of this Plan, there is an "ESG objective" which consists of obtaining and maintaining the Gender Equality Certification, obtained in 2023 and renewed in December 2024 by CY4Gate S.p.A. This objective was achieved in 2024. For more information on the Stock Grant Plan, please refer to the commentary in the "Share-based payments" section of the Consolidated Financial Statements. The compensation of the Board of Directors is established by the Shareholders' Meeting at the time of appointment.

The performance metrics related to sustainability are included in the aforementioned Stock Grant Plan.

The portion of variable remuneration based on the achievement of sustainability-related objectives and/or impacts (achievement of the Annual ESG Objective) grants the individual beneficiary, upon the achievement of economicfinancial objectives, the right to exercise at the end of each annual cycle a number equal to 5% of the total rights assigned.

GOV-4 Statement on due diligence

The Group aims to promote a diverse culture and to favor more sustainable solutions both internally, for employees, and externally, through collaboration and engagement with the upstream and downstream value chain.

In line with its policy on human and labor rights, the company is committed to respecting fundamental human rights and decent working conditions, as enshrined, for example, in the Universal Declaration of Human Rights and the fundamental conventions of the International Labour Organization (ILO) on fundamental rights and principles at work.

The company regularly monitors and assesses social, environmental, and governance risks in its supply chain, with a particular focus on labor rights and environmental protection. Although the overall risk is low, the company is committed to improving its processes and collaborating with suppliers for a more effective management of specific risks, especially in sectors and geographical areas with higher risk

An analysis of risks has been conducted both internally and along the value chain, involving customers and suppliers. In this way, potential impacts have been mapped and the adequacy of existing processes, governance, and mitigation actions has been verified.

Furthermore, a system for monitoring and evaluating impacts in the social and environmental sphere has been implemented to identify any suppliers to be monitored and to whom detailed supplementary information on the measures adopted in the area of sustainability will be requested.

The Group recognizes the potential negative impact that its customers and suppliers can generate in the environmental and social spheres; therefore, it actively promotes adherence to the principles of the United Nations Global Compact.

Due diligence on customers and suppliers represents an important element of the Group's commitment to sustainability. Through the promotion of the Global Compact principles, risk mapping, involvement in the assessment of impact materiality, and continuous monitoring, the Group aims to minimize the potential negative impacts deriving from its activities and to actively contribute to a more sustainable future.

The constant monitoring of the value chain allows for the control of the situation and the timely implementation of necessary actions in case of changes or new risks. This proactive approach ensures that due diligence is a dynamic process adapted to the evolution of the context and specific risks.

The Group adopts a due diligence approach that involves stakeholders in crucial phases. Their perspectives are an integral part of the double materiality analysis, a fundamental tool for identifying relevant impacts, risks, and opportunities. In this way, it ensures that stakeholders can actively influence direction and actions. The dialogue is continuous, with periodic updates of policies and various open communication channels: from public contacts such as investor relations and the whistleblowing system, to internal channels dedicated to suppliers and partners.

To manage risks, mitigate negative impacts, and maximize positive impacts and opportunities that have emerged from the double materiality analysis, the Group implements targeted actions for relevant sustainability issues. The effectiveness of these actions is monitored through specific metrics and objectives, detailed in each thematic section of the report.

Main Elements of Due Diligence	Sections in the Consolidated Sustainability Statement
a) Integration of due diligence into governance, strategy, and business model	GOV-1, GOV-2, GOV-3, SBM-3
b) Engagement of impacted stakeholders through key phases of due diligence	GOV-2, IRO-1
c) Identification and assessment of negative impacts	SMB-3, IRO-1
d) Actions to addressing material negative impacts	E1-3, S1-4
e) Monitoring the effectiveness of these efforts and communicating the results	GOV-4

GOV-5 Risk management and internal controls over sustainability reporting

In 2024, the Group identified internal control systems for consolidated sustainability reporting, adopting an approach similar to that of financial reporting, in collaboration with the various functions responsible for the data. The internal control and risk management processes and systems, in relation to consolidated sustainability reporting, are focused on ensuring relevant, accurate, complete, and reliable information, as also specified in IRO-1.

The scope of intervention to mitigate the risk of data incompleteness and poor accuracy involved the engagement of company managers who worked to ensure:

Data integrity and completeness: Verification that the data collected is complete and accurate, and that it truthfully reflects the company's sustainability performance.
Accuracy of estimates: Control that the results of estimates, where applicable, are based on sound and consistent methodologies.
Availability of value chain data: Verification that data related to the value chain, both upstream and downstream, is available within the expected timeframe.
Timeliness of information: Ensuring that information is available in a timely manner to support the decisionmaking process and reporting.

Information related to the value chain represents the main risk, as it does not fall under the Group's direct control. To mitigate this risk, the consolidated sustainability reporting team has undertaken the following actions:

Defining a method for collecting information.
Engaging with suppliers to ensure the conformity of the requested information.

Finally, as this is the first year of reporting, the procurement manager has been involved with the aim of integrating sustainability criteria into future contracts, in order to improve information gathering.

The Group assesses the risks associated with an incomplete or inconsistent consolidated sustainability reporting, including risks related to data accuracy and human errors during the consolidation of data from different systems. To mitigate this risk, a centralized online repository has been used to document sustainability-related risks and controls, focusing on the highest risks. Regarding the double materiality assessment, controls have been performed on the process of identifying material impacts, risks, and opportunities and on the underlying documentation.

The functions responsible for data assess the risks associated with sustainability data and implement appropriate controls. The central Finance function tracks the overall risk assessment of the consolidated sustainability reporting and determines the level of internal controls required per process, based on the materiality of the risks, as also specified in the paragraph "SBM-1 Strategy, value chain and business model". The Group assesses the risks associated with an incomplete or inconsistent consolidated sustainability reporting, including risks related to data accuracy and manual errors during the consolidation of data from different systems. To mitigate this risk, a centralized online repository has been used to document sustainability-related risks and controls, focusing on the highest risks. Regarding the double materiality assessment, controls have been performed on the process of identifying material impacts, risks, and opportunities and on the underlying documentation.

Main identified risks and the respective actions, where applicable, are reported in the paragraph "SBM-3 Identification of material impacts, risks, and opportunities (environmental, social, and governance) relevant to the company and its stakeholders; their interaction with the strategy and business model" in the relevant sections of the material topics. In line with global principles, the Group has defined specific objectives for the various committees and functions, implementing policies, processes, procedures, and control and monitoring activities. These initiatives, as a whole, contribute to strengthening sustainability governance and ensuring the transparency and reliability of the reported information.

To ensure the effectiveness of these systems, the company has strengthened existing activities related to:

Risk and Sustainability Committee: with supervisory and guidance functions in sustainability matters.
Internal Audit Function: for the independent assessment of the adequacy and effectiveness of internal controls.
Nomination and Remuneration Committee: to ensure that sustainability expertise is adequately considered in the composition of the governing bodies.

Internal control, integrated with risk management, is a fundamental element of its management system. The Board of Directors is responsible for defining the operating principles and ensuring the continuous monitoring of the system's effectiveness.

The Chief Financial Officer, in his capacity as the Officer in Charge, is responsible for overall internal control. He periodically reviews the reporting and submits it for approval to the Risk and Sustainability Committee. Subsequently, the reporting is presented to the governing, management, and supervisory bodies for the necessary verification of the findings.

The process described has been structured by the Group with the aim of meeting the qualitative criteria required by the ESRS Standards, ensuring the relevance, faithful representation, verifiability, and understandability of the reported information. To support this process, the Group is initiating the integration of an internal control system aimed at strengthening the reliability of non-financial information through the identification of key risks and related controls. These safeguards, as outlined below, are part of an organic and coordinated approach that allows for the progressive incorporation of risk assessment results into company processes and functions, contributing to the consistency and effectiveness of sustainability strategies.

The results of the risk assessment and internal controls related to the sustainability reporting process are integrated into relevant internal functions and processes through a structured and coordinated approach. In particular, the

dedicated team, under the supervision of the CFO, plays a central role in integrating information into sustainabilityoriented strategies and policies. For example, it monitors sustainability issues and stakeholder perspectives in the vision, business objectives, and the design, development, and production of technologies, products, systems, and services, to ensure consistency between stated intentions and actions and to support internal and external credibility and legitimacy of our operations.

The information also feeds into the evaluation of the three-year commitment plan, with annual updates, contributing to the definition of concrete actions such as:

Continuous integration: evolution of company policies and procedures, with an increasing focus on the environmental and social dimensions.
Internal awareness: training programs and communication initiatives to increase employee awareness of sustainable behaviors and promote their adoption.

Strategy

SBM-1 Strategy, business model and value chain

he Group's strategy and business model are intrinsically oriented towards the prevention of negative impacts and the generation of positive value, by seizing the opportunities that arise. The concept of prevention and protection is the core of the Group's product and service development, as well as the guiding principle in defining our objectives and implementing management and control systems.

The Group's primary commitment is to ensure the creation and preservation of value for all stakeholders, through responsible and sustainable management of our activities.

Leadership in innovation is a fundamental pillar of the strategy, aimed at ensuring a significant contribution to highquality technological advancement and the construction of national technological sovereignty, an essential element for the realization of European technological sovereignty. This synergistic approach aims to effectively respond to the needs of governments and businesses in the protection of critical infrastructures, services, and citizens.

In line with this vision, the Group is committed to a process of creating a European center of excellence in the cyber sector, through strategic acquisitions and targeted alliances. At the same time, it constantly invests in the development of internal skills, in the dimensional growth of its workforce, and in the promotion of a continuous research and development process, in close collaboration with universities and other key players in the sector.

The development and innovation model places a priority emphasis on respecting human rights, including property rights, both in commercial relationships and in innovation, research, and development processes. The Group actively promotes practices of attention and management of the impacts that may arise within its own organizations, among partners, and in the IT sector as a whole, fostering a model of sustainable and responsible development.

The relationship with customers, through listening to their needs, is a fundamental driver for innovation and the development of cutting-edge solutions in the cybersecurity sector.

Simultaneously, the Group is committed to transferring knowledge and expertise to its customers, so that they can make the best use of the potential of cyber intelligence and reduce the risks of attacks.

Recognizing the difficulties that small and medium-sized enterprises (SMEs) face in implementing adequate cybersecurity solutions, the Group has established synergies with other companies to offer accessible and timely solutions.

The goal is to democratize cybersecurity, making it accessible to all entrepreneurial realities, including SMEs, which represent a fundamental link in the supply chain of large companies. In this way, the Group contributes to strengthening the cyber resilience of the entire economic system, from small to large enterprises.

The responsible management of the supply chain is based on the selection of reliable companies and commercial partners, while at the same time promoting the development of their capabilities and skills through targeted training programs. This approach ensures the quality of supplies and commercial relationships, in compliance with industry standards, our values, and internal procedures.

The Group thus strengthens trust throughout the entire supply chain, from customers to investors, contributing to the creation of a cyber ecosystem that meets present and future challenges, also through the promotion of sustainabilityoriented behaviors.

The Group's strategy involves a rigorous selection of clients also based on ethical principles, ensuring that its technologies are not used improperly or in a way that violates human rights and democratic principles.

Recognizing the power of data and the risks associated with its improper use, the Group adopts stringent measures to protect it.

The significant groups of products and services offered by the company that represent over 10% of the turnover are the development and commercialization of forensic products, decision intelligence, and cyber security solutions.

Public Customers for Cyber Security Solutions by Type	%
Safety agencies	37.5%
Government agencies	50%
National/European Research Programs	12.5%
Private Customers for Cyber Security Solutions by Type	%
Public Utilities	25 %
Other	75%

The total number of own workforce of the Group (head count) is 552, of which 485 are in Italy and 67 are abroad.

The Group does not commercialize prohibited products. Dual-Use products are subject to authorization by UAMA (Italian Export Control Authority) with reference to foreign markets.

Some products or services may be commercialized exclusively to specific customers (government entities or judicial authorities).

The Group's total revenues for the financial year 2024 amount to €75.1 million.

For further information, please refer to the Consolidated Statement of profit and loss and the Notes to the Consolidated Financial Statements (in particular, the notes "Revenues" and "Other revenues and income").

The Group does not avail itself of the exemption from the disclosure of information referred to in Article 18, paragraph 1, point (a) of Directive 2013/34/EU and operates in a single sector (TSI).

The Group does not operate in the fossil fuels sector, nor in the production of chemicals, controversial weapons, or the cultivation or production of tobacco.

The Group is strongly focused on the cyber protection of space infrastructures and the supply chain, with particular attention to SMEs, which are often vulnerable to cyberattacks.

Sustainability goals are defined and pursued at group level, consistent with the structure of financial reporting, which is based on a single segment. The revenue analysis conducted at group level reflects the unitary nature of the business.

Therefore, there are no different sustainability targets for individual product/service categories, customers, geographic areas or stakeholder relations.

Below are the Group's commitments for the three-year period 2024 - 2026:

- Internationalisation and development: consolidation of the internationalisation strategy and creation of a European cyber competence hub, with the aim of sustainable growth and leadership in the sector.

- Innovation and entrepreneurship: continuous promotion of innovation and development of national entrepreneurship in the field of cyber security.

- Sustainability and human rights: constant adherence to and promotion of the principles of the Global Compact, for a sustainable digital world that respects human rights.

Customer satisfaction is a primary objective, pursued by offering customised technological solutions that fully comply with contractual requirements.

Each company in the Group tailors the customer experience to the specificity of the products and services offered, each customer benefits from a dedicated Account Manager, a single point of contact for all projects and programs.

Proper execution of contracts is fundamental, ensuring compliance with time, cost and quality. After-sales support, through specialised consultancy, completes the offer, ensuring the full usability of the technological solutions. Measuring customer satisfaction is crucial for continuous improvement. CY4Gate offers customers the possibility of reporting issues through a dedicated ticket system. Questionnaires are delivered periodically to assess the level of satisfaction and the importance attached to the services/products. Moreover, for indirect evaluation, various information sources are analysed, including complaints, renewal contracts, customer communications and meeting reports.

The Group, through a Quality Management System and a dedicated Customer Management and Marketing Department, ensures the provision of high quality services/products and monitors customer satisfaction.

The business model is constantly being improved to ensure ever greater proximity to customers and end users.

Providing timely and qualified answers, fosters the building of solid and lasting relationships and the satisfaction of customers' security needs; transferring knowledge for a conscious use of the products and services offered, increasing the security and resilience of customers.

The conception, design and production of products and services is developed to meet the needs of citizens, companies and governments for protection, security and access to essential services.

The Group, confirming its ambition to create a European Centre of excellence in the specific domain, pursuing the dual objective of guaranteeing technological sovereignty and enriching the customer value proposition, is pursuing a strategy of growth and strengthening on various levels:

Acquisitions of companies specialised in the cyber domain
Establishment of strategic and operational alliances
Participation in international research and development partnerships and calls for tenders
Membership of national and international networks and initiatives
Adoption of an innovation-oriented organisation
Implementation of a monitoring and reporting system to measure the environmental impact of the Group's activities and set improvement targets
Promotion of sustainable mobility among employees
Investments in people empowerment, ensuring appropriate working conditions, protecting health and safety at work, and ensuring confidentiality and data protection
Expand the evaluation of suppliers according to ESG criteria or adhering to the Group Sustainability Policy

The strategy and business model of CY4Gate Group are naturally oriented towards preventing negative impacts and generating positive ones: prevention and protection are the concept behind the development of the products and services offered, but they are also the principles that guide the definition of the Group's objectives and the implementation of management and control systems, in order to ensure the creation and preservation of value for all stakeholders.

The double materiality assessment confirms the integration of sustainability at the heart of the Group's business model. It provides essential data and information security products and services, constantly investing in research and development, with a dedicated innovation team.

Focusing on the security, privacy and well-being of employees, customers, communities and institutions is central to the Group's strategic model, which bases its relationships on ethics and responsible conduct.

The Group adopts a dynamic and responsible strategic approach, in which Management and the Board of Directors engage in an ongoing, in-depth analysis of short-, medium- and long-term risks and opportunities.

This analysis, based on internal data and the interpretation of external trends, ensures that corporate strategies are constantly aligned with social and environmental needs.

Adaptability is essential: the process involves implementing timely strategic adjustments, where necessary, to ensure the Group's resilience and sustainability over time.

The Group's value chain, whose main actors are specified in section 'SBM-2 Stakeholder Expectations and Interests', was analysed to assess possible relevant IROs, considering:

the characteristics of the upstream and downstream value chain;
the position of CY4Gate Group in the value chain;
the description of the main commercial actors and their relationship with the company, including: key suppliers, main distribution channels, main customers and/or end users.

The Group has established the priority level of its stakeholders, including the value chain, based on procedures in use in the company and supplier evaluation questionnaires.

As part of its business model and value chain management, the Group has implemented procedures and directives, described in this document, aimed at promoting partnership and collaboration relations with its stakeholders. This approach is aimed, in particular, at the continuous improvement of sustainability performance.

Below is a representation of the Group's value chain:

UPSTREAM VALUE CHAIN

The Group's supply chain is mainly consisting of companies that provide hardware, software and know-how for the development of products and services.

The Group establishes synergies with partners, suppliers, universities and research centres, providing their know-how to strengthen their capabilities and generate a strong cyber innovation ecosystem.

Suppliers of IT equipment are selected from authorised manufacturers and distributors, who are not subject to embargoes and can guarantee the origin of supplies, as well as comply with high standards of confidentiality and security, fundamental requirements for the products and services offered by the Group.

In terms of know-how, the Group relies on a group of outsourcing companies that select and provide highly qualified personnel with specialist skills, even for extended periods. CY4Gate Group establishes agreements with these companies - mostly Italian and mainly composed of young professionals - to integrate people with whom there is a mutual interest in establishing a stable collaboration.

Companies that supply IT equipment and know-how to CY4Gate are included in the Company's Supplier List, after an accreditation/qualification process and undergo periodic evaluations. The Reliability Index on the Supplier Evaluation Form is annually reviewed, based on the supplies purchased.

The Group establishes accreditation and qualification processes for suppliers to ensure their reliability in the supply of goods, services and know-how essential to the manufacture and distribution of the Group's products.

CY4Gate regularly promotes the supplier evaluation and accreditation process, according to specific policies and procedures to ensure supplier compliance by requesting suppliers to sign "clauses 231", the document ''Adoption of the commitment to social responsibility and ethical and sustainable development'' and sharing specific documentation. Formal commitment to compliance with the principles and ethical rules enshrined in the Organisation, Management and Control Model (MOG) is an essential element; in fact, violation of these principles entails immediate termination of the contract.

Supply chain management represents a crucial step in the cyber risk mitigation process, as it involves a complex network of suppliers and partners that may be vulnerable to cyber attacks, thus increasing the importance of strict vigilance and security along the entire supply chain.

The Group asks its suppliers to sign a commitment to provide quality and sustainable services, managing all activities from a customer and stakeholder satisfaction perspective with a focus on economic, environmental and social sustainability.

Despite maintaining independent supplier management procedures, affiliated companies follow similar criteria within their integrated quality and safety management systems. This process involves collecting detailed information on the reliability of suppliers, assessing their compliance with quality, competitiveness and regulatory compliance requirements, as well as with the principles and rules set out in the group's governance documents, including adherence to environmental programmes or related certifications. The information gathered is documented in the Supplier Evaluation Forms.

Purchasing procedures at Group companies are set up to guarantee the reliability of the products or services purchased, with a view to continuous improvement of activities and performance for the development of innovative technologies, including digital ones, and, at the same time, taking into account the requirements of sustainability and respect for human rights.

The Group pays great attention to the supply chain, considering suppliers as partners for the development of innovative proprietary services and products in the national and European context.

DOWNSTREAM VALUE CHAIN

The Group is active mainly in Italy, but also in Spain and France, and is increasing its presence in Europe. It also has a global presence with customers in the Middle East and South East Asia and in Latin America.

Below is the customer segmentation:

• 86% customers of Cyber Intelligence solutions

• 14% customers of Cyber Security solutions

The Group works closely with its customers, anticipating their needs by researching and developing cutting-edge technological solutions, and is committed to enhancing its customers' knowledge and skills in cyber intelligence to reduce the risks associated with cyber attacks.

The organisational structure is customer-focused, with a commitment to establishing solid and lasting relationships, based on transparency and capable of providing rapid and high-quality responses.

The Group is committed to fully understanding its clients, then guiding them towards personalized technological solutions to meet their specific needs, thanks to a significant technological portfolio, in synergy with a commercial structure renewed in 2023 in terms of skills and territorial division.

Finally, the Group offers companies and institutions training to enable them to make informed use of its products and services.

Cy4Gate's development strategy also includes selecting customers based on their ethical standards. The Group believes in the importance of respecting human rights and is firmly opposed to anybody seeking to use its technologies improperly or contrary to democratic principles.

Data can be extremely powerful tools, but also very dangerous if it falls into the wrong hands.

CY4Gate Group's business relations focus on both the government and corporate sectors. The Group has also strengthened its value proposition by collaborating on a national and European level, confirming its ability to offer highly innovative cyber solutions based on Italian and European technology. Operating in the global market, with clients both in Italy and abroad, the Group is committed to establishing long-term relationships for those companies and institutions that require continuous protection over time.

CY4Gate Group operates in a highly dynamic sector, facing impacts related to technological innovation, evolving regulations and increasing demand for security. Key industry risks include technological obsolescence, competition and regulatory compliance, while opportunities arise from expanding markets, developing advanced solutions and strategic partnerships. The Group's business model is based on continuous innovation and collaboration with institutional and corporate clients, ensuring constant adaptation to market changes and strengthening its value chain through research, development and strategic synergies.

The tailor-made approach promoted by the Group is aimed at helping customers approach cyber issues with greater peace of mind, simplifying the technical complexity associated with cyber security.

PARTNERSHIP

The Group recognises the strategic importance of partnerships in achieving its business objectives and creating value for its stakeholders. In line with the principles of transparency and accountability, the Group is committed to developing collaborative relationships based on trust, mutual respect and the sharing of common goals.

Associations:

CY4Gate is a member of several associations, including A.I.A.D., Cyber 4.0 and Women 4 Cyber Italia (W4C).

Cyber 4.0: CY4Gate, as a founding member, supports the centre in providing cybersecurity advisory, training, assessment and test-before-invest services to companies and public administration.

Women 4 Cyber Italia (W4C): CY4Gate actively supports the initiative, which promotes the training and inclusion of women in the cybersecurity sector. CY4Gate's Chairman of the Board of Directors is also President of Women 4 Cyber Italia and is a founding member of the Women4Cyber Foundation initiative. CY4Gate employees, as a member company of W4C IT, actively participated in the promotion and dissemination of the activities.

European Projects:

CY4Gate actively contributes to European programmes and projects, investing in research and development to foster innovation in cybersecurity and intelligence at an international level.

Relations with entrepreneurial stakeholders:

The development strategy is based on the creation of a network of qualified entrepreneurial partners, with whom we share objectives and growth projects. Through collaboration, the group aims to strengthen our market position, expand our product and service offering and access new business opportunities.

We believe that partnerships with business players are a key factor for innovation and competitiveness, and we are committed to investing in long-term relationships based on trust and shared values.

Data collection, as also indicated in GOV-5 Risk management systems and internal controls related to Consolidated Sustainability Statement, covers qualitative and quantitative information required by the ESRS principles

The collection method was developed in the following two steps:

I) mapping of company systems, procedures and regulations consistent with information in other documents and sections of the website (https://www.Cy4Gate.com/it/azienda/governance/; https://www.Cy4Gate.com/it/azienda/investor-relations/) and

II) data collection from the responsible department managers using internal management systems. The data and information for year 2024 were collected in special thematic sheets, in line with EFRAG guidelines.

The thematic sheets record the values of each Group company within the reporting scope.

This information was verified and approved not only by the individual functions responsible, but also by the dedicated team of the Finance area, for subsequent verification and approval by the Appointed Manager, before being submitted to the administration, supervision and control bodies.

CY4Gate Group is committed to providing cybersecurity solutions and services that generate tangible benefits for its stakeholders.

The Group offers:

- Advanced protection: advanced ICT systems and solutions designed to minimise the impact of data breaches and ensure business continuity.

- Timely response: an integrated Security Operation Centre (SOC/CERT) and a digital emergency response service to identify, manage and resolve cyber attacks quickly and effectively.

Comprehensive support: a team of cybersecurity experts that assists organisations at every stage, from planning to incident management.
Training and specialisation: recruitment and training courses to enhance clients' internal cybersecurity skill

For investors, the Group represents:

Technological Innovation: A company recognized by GARTNER® as a Representative Vendor in Composite AI, thanks to its know-how in the application of artificial intelligence to cybersecurity.
Sustainable Growth: A solid business model and a long-term value creation strategy.
Industry Leadership: A cutting-edge company in the provision of cybersecurity solutions, in a rapidly expanding market.

For other stakeholders, the Group contributes to:

Digital security: a more secure and resilient digital ecosystem by protecting organisations' information.
Skills development: a training programme that promotes professional growth in the field of cybersecurity.
Strategic collaborations: partnerships with Group companies and other industry players to develop innovative solutions and address common challenges.

The Group is committed 360° to creating value for its stakeholders through cutting-edge cybersecurity solutions, comprehensive support services, and a strong commitment to innovation and sustainable growth.

Interests and views of stakeholders

The awareness of the impacts the Group generates and its contribution to building sustainable development necessarily requires a stakeholder-oriented vision: the needs, interests, considerations, and critical issues represented by stakeholders are the foundation of strategies capable of overcoming and removing obstacles, seizing opportunities, and creating conditions for sustainability.

A successful business model means pursuing and combining excellent economic-financial, governance, social, and environmental performance for the satisfaction of our main stakeholders, whose involvement occurs through various channels and methods depending on the circumstances and needs. The main engagement mechanisms are:

Continuous Dialogue: An open and transparent dialogue with stakeholders, through surveys, focus groups, public meetings, online platforms, and social media.

Formal Consultations: For strategic issues or those with significant impact, formal consultations can be organized with stakeholder representatives, ensuring a structured and inclusive process.

Collaborations and Partnerships: Collaborations and partnerships with various organizations, such as suppliers, universities, and research centers, to address common challenges together and develop innovative solutions.

Employee Engagement: Promotion of participation through internal surveys, company committees, dedicated meetings, training activities, communications, and company programs.

Marketing Campaigns: Aimed at engaging customers and other stakeholders, through messages that reflect company values and promote sustainability.

The Group has identified and prioritised its stakeholders through the involvement of representatives of corporate functions. This made it possible to map key stakeholders, relationships, channels and means of interaction. To fully understand stakeholders' interests and expectations, the Group performed the following actions

benchmark analysis of companies operating in similar sectors;
documents and reports from national and international bodies outlining relevant issues on the three dimensions of sustainability;
sharing of a questionnaire aimed at understanding their perception of the Group's activities - also in a forward-looking and potential perspective - and their interests and expectations on environmental, social and governance issues.

The questions were aimed at gathering stakeholders' perceptions of the group's potential and actual impacts (from an inside-out perspective, i.e. how the group's activities affect the outside world) in relation to the three dimensions mentioned.

The purpose of the questions was to gather stakeholders' perceptions of the group's potential and actual impacts (from an inside-out perspective, i.e. how the group's activities influence the outside world) in relation to the three dimensions mentioned.

With regard to the perception of the Group's risks and opportunities (outside-in perspective, i.e. how external factors influence the Group) in relation to the three dimensions of environmental, social and governance, internal stakeholders from top and middle management were involved.

The objective of this involvement process was to identify the risks and opportunities that the Group faces in relation to the three dimensions, from an internal management perspective.

It should be noted that direct and dedicated stakeholder engagement was a commitment for the three-year period 2024- 2026, as indicated in the Group's Sustainability Statement 2023.

The Group's key stakeholder identification process is based on the classification of the stakeholders of the parent company and the companies included in the reporting scope, organised into the following internal and external stakeholder clusters:

Employees
Shareholders / Partners
Corporate bodies
Customers
Suppliers
Credit institutions
Residual cluster of 'other' stakeholders including: rating agencies; associations; investment banks; research centres; communities; public institutions; media; universities.

No distinctions have been made in the population of certain clusters considered 'key' in their entirety, in particular credit institutions, investment banks, research centres, universities and employees.

Group companies, recognising the importance of an open and constant dialogue with their stakeholders, have implemented a structured engagement system, which envisages the use of various communication channels, both formal and informal.

Formal Communication Channels:

Shareholders' Meetings: These represent a fundamental moment of discussion with shareholders, during which company results, future strategies, and key decisions are presented.

Board of Directors Meetings: The members of the Board of Directors meet periodically to discuss company performance, strategies, and major challenges.

Periodic Reports: Periodic reports (sustainability report, annual financial report, etc.) are published to provide transparent and comprehensive information on the Group's performance.

Website: The company website is constantly updated with news, information, and useful documents for stakeholders.

Events and Conferences: Events and conferences are organized to meet key stakeholders, discuss relevant topics, and gather feedback, such as the Business Partner Day held last Wednesday, November 20th, at the MAXXI National Museum of 21st Century Arts, an important opportunity to celebrate the first ten years of CY4Gate, strengthen strategic relationships, and define new goals together in the Cyber Security sector.

Informal Communication Channels:

Internal Communications: Various tools (newsletters, intranet, meetings, etc.) are used to maintain a constant dialogue with employees and keep them informed about major company news.

Customer Meetings: Sales and customer support teams are in constant contact with customers to gather feedback, answer questions, and provide support.

Supplier Relations: Long-term relationships are maintained with suppliers, based on trust and collaboration.

Contacts with Institutions: Relationships are maintained with local, national, and international institutions to discuss topics of common interest and collaborate on sustainable development projects.

Particular focus to:

Employees: Dialogue with employees is considered a priority, as they are a fundamental resource for the Group's success. Engagement initiatives, such as focus groups and meetings with management, are organized.
Shareholders and Members: Clear and transparent information on the Group's performance and future strategies is provided through periodic meetings.
Customers: Customer satisfaction and needs are constantly monitored through interviews and complaint analysis; the Group develops innovative products and services to meet their expectations.
Suppliers: A selection and choice process for partners who share the Group's values in terms of sustainability and social responsibility, with the aim of establishing long-term relationships based on trust and collaboration.
Credit Institutions: The Group keeps transparent and constant relationships, providing information on financial performance and strategies.

This approach allows for organized and constant communication, aimed at receiving feedback and communicating relevant information. The Group is aware that an open and constructive dialogue with its stakeholders is fundamental to creating shared value and contributing to a more sustainable future. For this reason, it is committed to constantly improving its engagement processes and developing new initiatives to increasingly involve its stakeholders, such as the organization of periodic meetings with key stakeholders to discuss sustainability issues.

The primary aim of engagement is to establish an open, constructive and ongoing dialogue with all our stakeholders, both internal and external, to foster collaboration and the creation of shared value.

This strategic approach enables the Group to:

Build lasting relationships of trust: constant and transparent dialogue creates a climate of mutual trust, a fundamental element for the organisation's reputation and long-term sustainability.
Understand needs and expectations: actively listening to stakeholders' needs, expectations and concerns provides valuable information to guide corporate strategies and decisions.
Promoting transparency and accountability: open and accessible communication reinforces the organisation's accountability to its stakeholders, fostering responsible and sustainable business management.
Taking new opportunities of growth: interaction with stakeholders can generate new ideas, suggestions and opportunities for collaboration, paving the way for innovative projects and shared solutions.

Successful engagement is not just an act of communication, but a real investment in the future of the Group; it helps build a solid and positive reputation, increasing the trust and loyalty of stakeholders, essential elements for the sustainable success of the organisation.

The issues that arise are not just information, but real drivers for the evolution of strategies, resource allocation and the development of sustainable business models.

The integration of the results of engagement takes place through a structured and iterative approach:

1. Data collection and analysis: the information collected is analysed to identify relevant issues and stakeholder expectations.

2. Materiality assessment: the strategic relevance of the issues for the Group and the potential impact on stakeholders are assessed, considering both internal and external perspectives.

3. Integration into the strategic framework: the results of the materiality assessment influence the definition of sustainability objectives, strategies and KPIs.

4. Definition of actions and allocation of resources: concrete actions are defined and the necessary resources allocated.

5. Monitoring, evaluation and continuous improvement: progress is monitored and evaluated to ensure effectiveness and identify areas for improvement.

The integration of engagement results also guides decision-making processes:

Corporate strategy: feedback guides strategies aligned to expectations and sustainability.

- Innovation and product development: knowledge of needs stimulates the development of sustainable products and services.

- Risk management: early identification of ESG risks enables preventive measures.

- Reputation: effective engagement strengthens stakeholder trust.

The Group is committed to transparently communicating its engagement processes and results, strengthening dialogue with stakeholders and increasingly integrating their feedback into strategic and operational decisions to create shared value and sustainable development.

The stakeholder engagement process confirmed current strategic choices and provided useful insights for the future, although no areas emerged that required substantial changes to the strategy or business model.

The boards of directors, management and auditors are informed about the opinions and interests of stakeholders regarding the sustainability impacts of the company.

These documents summarise the main issues arising from the stakeholder dialogue, highlighting relevant topics and areas for improvement, and ensure that the management bodies are kept up-to-date on stakeholder expectations and concerns.

SMB-3 Material impacts, risks and opportunities and their interaction with strategy and business model

Relevant impacts, risks and opportunities based on the double materiality assessment are listed below.

DOUBLE MATERIALITY - RESULTS
------------------------------	--

IRO	ORIZZONTE TEMPORALE	IRO MATERIALE	DESCRIZIONE
ESRS E1 – climate change
Negative impact	Effective - ST	Mitigation	The Group, through atmospheric emissions of greenhouse gases and substances, contributes negatively to climate change.
Risk - OB	Potential - LT	Adaptation	Increased costs for the Group caused by extreme weather events that may cause disruptions to IT systems.
Negative impact	Effective - ST	Energy	The Group's use of fossil energy sources and the associated increase in emissions have negative impacts on climate change.

ESRS S1 – Own workforce - Working conditions

Positive impact	Effective - ST	Working condition Working time - Adequate wages - Work-life balance Health & Safety	The focus on the working conditions (e.g. health and safety, working hours, adequate wages, work-life balance) of its employees and collaborators generates a positive impact on its workforce
Negative impact	Potential - MT	Working condition Working time - Adequate wages - Work-life balance Health & Safety	The Group, by failing to apply systems to protect the working conditions (health and safety, working hours, adequate wages, work-life balance) of employees and collaborators, can potentially generate a negative impact on them.

ESRS S1 - Own workforce - Equal treatment and opportunities for all

Positive impact	Potetial - MT	Training and skills development	The Group, by providing training and upgrading the skills of its employees, generates a positive impact on its workforce
Risk OB	ST	Training and skills development	Higher costs for the Group due to a shortage of trained and qualified personnel, which can slow down technological development and evolution.

Positive Impact	Potential - MT	Equal treatment and opportunities for all - Employment and inclusion of persons with disabilities - Diversity	The Group by focusing on diversity and equal opportunities, employment and inclusion of people with disabilities within the Group, as well as by ensuring equal pay for work of equal value, generates a positive impact.
Positive Impact	Effective - ST	Measures against violence and harassment in the workplace	The Group, by combating discrimination, violence and harassment in the workplace, generates a positive impact on its workforce.
Opportunity OB	MT	Measures against violence and harassment in the workplace - Diversity	Opportunity for the Group arising from the satisfaction of employees who find the Group's working environment stimulating and inclusive, generating higher staff retention and resource stability.

ESRS S1 – Own workforce - Other work-related rights

Positive Impact	Effective - ST	Child and forced labour	The Group generates a positive impact on its workforce through the rejection of child labour and forced labour.
Positive Impact	Effective - ST	Adequate housing	The Group's adoption of a staff travel policy that includes appropriate expense ceilings to ensure adequate travel accommodation has a positive impact on its workforce.
Positive Impact	Effective - ST	Privacy	The Group, also through its management system to protect the confidentiality of its employees' data and information, generates a positive impact on its employees.
Opportunity VCD	MT	Privacy	Opportunity for the Group arising from market demand for software solutions aimed at safeguarding the confidentiality of personal data, to be applied within the Group as well.

ESRS S2 - Workers in the value chain - Equal treatment and opportunities for all

Positive Impact	Potential - MT	Measures against violence and harassment in the workplace -	The Group's partners, through the fight against discrimination, violence, and harassment in the workplace, can generate a positive impact on their own workforce (within the Group's value chain)
-----------------	-------------------	----------------------------------------------------------------------	------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ESRS S2 - Workers in the value chain - Other work-related rights

Positive Impact	Effective - ST	Child and forced labour	The Group, through the rejection of forced and/or child labor in its value chain, generates a positive impact on the workers in the value chain.
Positive Impact	Effective - ST	Privacy	The Group, also through its management system for the protection of the information security, data, and information of its clients, generates a positive impact on its value chain.
Rischio - VCU	MT	Privacy	Economic repercussions for the Group due to cyberattacks suffered by the value chain with the loss of sensitive data of employees, customers, and/or suppliers

ESRS S3 – Affected communities- Communities' economic, social and cultural rights

Positive Impact	Effective - ST	Security-related impacts	The Group, through its activities to combat cybercrime and related threats to global security, has a positive impact on the communities concerned
-----------------	----------------	-----------------------------	---------------------------------------------------------------------------------------------------------------------------------------------------------

Positive Impact	Effective - ST	Security-related impacts	Through the protection of critical infrastructures (e.g., healthcare, banking, energy systems) and cultural heritage, it actively supports national security, generating a positive impact on the communities concerned
ESRS S3 - Affected communities - Communities' civil and political rights
Opportunity VCD	Freedom of MT expression		Opportunity for the Group connected to the possibility of providing cybersecurity solutions for the benefit of communities/institutions, in the face of increasing cyberattacks.
ESRS S4 - Consumers and end- users - Information-related impacts for consumers and/or end-users
Risk VCD	MT	Privacy, Freedom of expression, Access to (quality) information	Economic repercussions for the Group due to cyberattacks suffered, with the loss of sensitive user data.
Opportunity VCD	MT	Privacy, Access to (quality) information	Opportunity for the Group connected to the increase in cyberattacks against communities and/or institutions, and the consequent increase in demand for cybersecurity solutions
ESRS S4 - Consumers and end- users - Information-related impacts for consumers and/or end-users
Positive Impact	Effective - ST	Access to cutting edge, high-quality, innovative, non obsolete solutions.	The Group, by investing in research and development, produces innovative solutions, generating a current positive impact on consumers and end users
			ESRS S4 - Consumers and end- users - Social inclusion of consumers and/or end-users
Positive Impact	Effective - ST	Access to products The Group monitors developments after the delivery of the and services - product/service, guaranteeing maximum quality and Responsible transparency for consumers, thus increasing the reliability business practices of the Group itself. Customer Satisfaction
	ESRS G1 – Business conduct - Corporate culture
Opportunity OB	MT	Corporate culture	Opportunity for the Group promoted by internal policies focused on ethics and transparency.
Opportunity OB	MT	Protection of whistle-blowers	Opportunity for the Group connected to government incentives related to interventions aimed at protecting the confidentiality of information.
	ESRS G1 - Business conduct - Corruption and bribery
Positive Impact	Effective - ST	Prevention and detection including training	The Group, through the adoption and application of an Anti-Corruption Code, generates a current positive impact in combating corruption
Risk (OB, VCU, VCD)	MT	Prevention and detection including training - Incidents	Legal processes related to corruption cases within the value chain, due to non-compliance with procedures and the Anti-Corruption Code, can generate negative financial effects for the Group
Opportunity OB	MT	Prevenzione e individuazione compresa la formazione - Incidenti	Opportunity for the Group connected to the strength of its Governance, its reputation, and the presence of a set of company procedures to combat corruption
Opportunity OB	MT	Prevenzione e individuazione compresa la	Clear legislation, together with the Group's internal policies, regulations, or procedures regarding anti corruption measures to be implemented in its business,

LEGENDA:

OB (own business) / VC (value chain) / VCU (VC upstream) / VCD (VC downstream) ST -> short term MT -> medium term LT -> long term

The Group recognises the importance of transparently disclosing the effects of impacts, risks and opportunities on its business model, value chain, strategy and decision-making.

In line with its commitment to sustainability, the Group provides clear and comprehensive information on future actions and plans. At present, no changes to the strategy and business model are planned to address material issues; however, the Group assesses and updates the Sustainability Plan annually.

Consolidated Sustainability Statement is the tool by which the company transparently discloses its material issues and progress, engaging stakeholders in dialogue and collaboration.

In its business activities, the Group adopts rules of conduct that integrate impacts, risks and opportunities into its planning and control systems, shared through certified management systems. In particular, business activities include strict compliance with environmental, social and governance (ESG) regulations, as well as fairness and transparency in relations with customers, suppliers and other business partners.

With reference to the risks and opportunities relevant to the Group, no current financial effects of a significant magnitude attributable to the identified ESG risks and opportunities were recognised for the year under review. Consequently, there were no material financial effects associated with these profiles for the year under review.

The Group has a control model for analysing risks, performance and updating the strategic plan in line with industry benchmarks. The model includes the 'Management Control Memorandum' and a set of procedures for corporate planning, control and reporting. The management control covers the Group companies and is in line with the 2020 Corporate Governance Code of Listed Companies to which CY4Gate has adhered.

As this is the first reporting period according to ESRS, there are no material impacts, risks and opportunities from the previous period.

There are no impacts, risks and opportunities subject to entity-specific disclosure requirements under ESRS.

Disclosures on the materiality assessment process

IRO-1 Description of the process to identify and assess material impacts, risks and opportunities

The objective of the double materiality assessment (DMA) is to understand both the environmental, social, and governance impacts generated by business activities (impact materiality) and the financial risks and opportunities arising from ESG factors (financial materiality).

A context analysis was carried out to identify:

impacts, risks, and opportunities related to environmental, social, and governance issues, both current and potential
how the group can influence and be influenced by these aspects, during its operations and with the value chain.

For the framing of issues and aspects related to the sector of belonging, a benchmark analysis was carried out, taking as a reference the sustainability reports or other non-financial reporting documentation of organizations operating in similar sectors.

The analysis was carried out separately between impact and financial analysis to ensure a more appropriate and detailed methodology.

A broad representation of internal stakeholders was involved throughout the entire process.

For impact materiality, potential and current impacts of the Group on the environmental, social and governance dimensions were identified, considering stakeholder expectations and the impact of business activities on the environment and society. For each impact, the time horizon of occurrence was identified, whether it would have a positive or negative effect. The list of impacts considered was prepared by referring to the guidance contained in RA16 of ESRS 1.

For the analysis of financial materiality, financial risks and opportunities arising from the Group's operations and business relationships were assessed, based on the impacts identified in the previous phase, integrated with some considerations deriving from a structured process that involved various sources: industry benchmarks, company documents, information deriving from stakeholder involvement, such as requests from the financial market, and indications from the UN Global Compact.

For each risk and opportunity, both the time horizon of occurrence and the value chain were identified.

The Double Materiality Assessment (DMA) will be reviewed periodically, in line with best practices, new directives, the latest developments and any organisational changes.

The Double Materiality Assessment process was structured in the following steps:

Assessment of impact materiality based on severity and probability criteria and identification of actions to manage it, according to the principles enshrined in the document 'Scoring Impacts';
Evaluation of the financial materiality based on risks and opportunities with financial effect, calculated considering probability of occurrence and potential magnitude of the effects, according to the principles of the document 'Risk - Opportunity Scoring';
Consolidation of results by aggregating identified impacts, risks and opportunities to determine material issues for inclusion in reporting.

Impact materiality focuses on the significant effects that the Group's activities may generate on people and the environment, and the assessment is based on the severity and likelihood assessment identified by stakeholders.

Severity is determined as follows:

Actual negative impact Severity = Scale + Scope + Remediable character

Potential negative impact Severity (Scale + Scope + Remediable character) x Likelihood

For positive impacts, relevance is determined by the following formulas:

Scale + scope for actual impacts;
(Scale + scope) x likelihood for potential impacts

For the assessment of impacts, a level scale from 1 (low impact) to 5 (high impact) was considered, to be able to measure the opinions of respondents quantitatively and obtain an in-depth understanding of stakeholder expectations and priorities.

For the reporting year 2024, the assessment of severity and probability is expressed jointly. The Group aims to evaluate a more granular methodology during 2025 by separately analyzing the magnitude, scope, irreversibility, and probability of impacts, in line with the provisions of the ESRS (European Sustainability Reporting Standards).

The selection of material topics was based on the results of an in-depth consultation of the stakeholders considered most relevant, through the administration of a specific questionnaire.

The following assessment bands were identified:

Critical (5): topics with a very high impact,
Extensive (4): topics with a significant impact that require particular attention,
Significant (3): topics to be monitored and managed with targeted actions,
Moderate (2): topics with a non-significant impact, but still to be taken into consideration,
Minimal (1): topics with a non-significant impact.

This subdivision allowed for a clear representation of the relevance of the various identified topics, identifying different priority levels on which to prepare the action plan.

The responses to the questionnaire were analyzed by calculating the average, excluding missing responses. Subsequently, the 85th percentile was identified to determine the materiality threshold.

Topics that exceeded this threshold were considered material.

Financial materiality assesses the risks and opportunities arising from sustainability issues that can affect the Group's financial performance.

The analysis focuses on:

· Risks: contribute to a negative deviation in expected future incoming cash flows and/or a greater deviation in expected future outgoing cash flows and/or a negative deviation compared to an expected capital variation not recognized in the balance sheet;

· Opportunities: contribute to a positive deviation in expected future incoming cash flows and/or a smaller deviation in expected future outgoing cash flows and/or a positive deviation compared to an expected capital variation not recognized in the balance sheet.

Material risks and opportunities for the Group generally derive from impacts, dependencies, or other risk factors.

For the reporting year 2024, the assessment was of a qualitative-quantitative nature with a range of possible effects evaluated from 1 to 5, with particular reference to the impact on revenues; the Group aims to carry out an extended quantitative assessment of financial materiality, possibly also involving external stakeholders in the coming years.

The assessment was carried out by expressing a value on a level scale from 1 (low) to 5 (high) considering jointly:

· Likelihood of occurrence;

· Potential magnitude of the financial effect.

To identify material risks and opportunities, internal stakeholders (top and middle management) were involved.

Relevant risks and opportunities were selected based on the same methodology applied to impact materiality.

The responses to the questionnaire were analyzed by calculating the average, excluding missing responses. Subsequently, the 85th percentile was identified to determine the materiality threshold.

Responses to the questionnaire below the 85th percentile were considered "non-material," while those above were considered material.

The choice of the 85th percentile was determined based on a company sensitivity developed over the years and in relation to the representativeness of the responses obtained in the questionnaires. It was therefore identified as the most appropriate threshold of relevance to capture the expression of the interviewees, in agreement with the Management.

The double materiality assessment was conducted using a rigorous analysis methodology and involving internal and external stakeholders, and enabled the identification of the most relevant risks, opportunities and impacts for the Group, which were fundamental to the definition of sustainability strategies.

Top Management, following a careful assessment, decided to integrate the results of the double materiality, adding an issue that had not initially emerged as relevant.

The implementation of specific preventive and protective measures for each identified risk is fundamental.

The Group does not apply generic measures, but analyses each risk in detail to identify how to prevent it or mitigate its impact. The measures applied include procedures, company policies, established best practices, training, collection of reports, auditing activities, monitoring of planned actions and related metrics.

The decision-making process in CY4Gate and the related control procedures are structured in line with the standards required for a multinational company, listed on the Euronext Milan stock market, STAR segment.

Starting in 2024, the first year of reporting under ESRS, the Group has integrated the process of identifying, assessing and managing impacts and risks into its corporate risk management system.

This process is structured to ensure a proactive assessment of risks, including both 'traditional' risks (financial, operational, legal) and emerging sustainability-related risks (environmental, social, governance).

The process of identifying, assessing and managing opportunities is structurally integrated into the overall management system, with a focus on strategic alignment and multidisciplinary involvement of corporate functions.

The assessment of opportunities, conducted in line with the company's established practices and procedures of risk identification and assessment and Consolidated Sustainability Statement, considers both factors internal and external to the company.

This integrated approach ensures that the opportunities identified are consistent with the company's strategic objectives and that their potential impact, both positive and negative, is carefully assessed.

The process includes the active involvement of several corporate departments, including the general management, the finance division, the operations unit and the human resources department, in order to ensure a comprehensive and multidisciplinary view of opportunities. Selected opportunities are then monitored over time, with regular reporting to management and the Board of Directors, to verify their effective implementation and impact on the company.

IRO-2 List of material topics reported and omitted

1.GENERAL DISCLOSURES (ESRS 2)	28
BP-1 Basis for preparation of sustainability statement	28
BP-2 Disclosures in relation to specific circumstances	29
ESRS S2 – Workers in the value chain	31
ESRS S3 – Affected communities	31
ESRS S4 – Consumers and end-users	31
Governance	31
GOV-1 The role of the administrative, management and supervisory bodies	31
GOV-2 Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies	36
GOV-3 Integration of sustainability-related performance in incentive schemes	37
GOV-4 Statement on due diligence	37
GOV-5 Risk management and internal controls over sustainability reporting	38
Strategy	40
SBM-1 Strategy, business model and value chain	40
Interests and views of stakeholders	47
SMB-3 Material impacts, risks and opportunities and their interaction with strategy and business model	50
Disclosures on the materiality assessment process	53
IRO-1 Description of the process to identify and assess material impacts, risks and opportunities	53
IRO-2 List of material topics reported and omitted	57
2. ENVIRONMENTAL DISCLOSURES	63
Taxonomy (Article 8 of Regulation 2020/852)	63
ESRS E1 – Climate change	74
The Group has no climate-related incentives in the remuneration of members of the administration, management and control bodies 74
E1-1 Transition Plan for Climate Change Mitigation 74
E1-2 Policies related to climate change mitigation and adaptation 76
E1-3 Actions and resources in relation to climate change policies 76
E1-5 Energy consumption and mix 77
E1-6 Gross Scopes 1, 2, 3 and Total GHG emissions 77
3. SOCIAL DISCLOSURES	80
ESRS S1 – Own workforce	80
S1-1 Policies related to own workforce 82
S1-2 Processes for engaging with own workforce and workers' representatives about impacts 83
S1-3 Processes to remediate negative impacts and channels for own workers to raise concerns 83

S1-4 Taking action on material impacts on own workforce, and approaches to managing material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions and approaches 83
S1-5 Targets related to managing material impacts, advancing positive impacts, as well as to risks and opportunities 84
S1-6 Characteristics of the Undertaking's Employees 84
S1-8 Collective bargaining coverage and social dialogue 85
S1-9 Diversity metrics 86
S1-10 Adequate Wages 87
All employees receive remuneration in accordance with the levels stipulated in applicable national collective bargaining agreements, ensuring adequacy against sectoral and regulatory benchmarks. 87
No employees in any country earn below the benchmark for adequate remuneration 87
S1-13 Training and Skills Development metrics 87
S1-14 Health and safety metrics 88
S1-15 Work-life balancemetrics 88
S1-16 Remuneration metrics (pay gap and total remuneration) 88
S1-17 Incidents, complaints and severe human rights impacts 88
4. GOVERNANCE DISCLOSURES	89
ESRS G1 – Business conduct	89
G1-1 Business conduct policies and corporate culture 94
G1-3 Prevention and detection of corruption and bribery 95
G1-4 Incidents of corruption or bribery 96

The table below illustrates the datapoints in ESRS 2 and topical ESRS that derive from other EU legislation.

Disclosure Requirement and related datapoint	SFDR1 Reference	Pillar 3 reference 2	Benchmark Regulation reference 3	EU Climate Law reference 4	Section
ESRS 2 GOV-1 Board's gender diversity	✓		✓		ESRS 2
paragraph 21, d)					GOV-1
ESRS 2 GOV-1 Percentage of board members			✓		ESRS 2
who are independent paragraph 21, e)					GOV-1
ESRS 2 GOV-4 Statement on due diligence,	✓				ESRS 2
paragraph 30					GOV-4
ESRS 2 SBM-1 Involvement in activities related	✓	✓	✓		ESRS 2
to fossil fuel activities paragraph 40 (d) i					SBM-1
ESRS 2 SBM-1 Involvement in activities related	✓		✓
to chemical production paragraph 40 (d) ii					N.A.
ESRS 2 SBM-1 Involvement in activities related	✓		✓
to controversial weapons paragraph 40 (d) iii					N.A.
ESRS 2 SBM-1 Involvement in activities related
to cultivation and production of tobacco			✓		N.A.
paragraph 40 (d) iv
ESRS E1-1 Transition plan to reach climate				✓
neutrality by 2050 paragraph 14					N.A.
ESRS E1-1 Undertakings excluded from Paris aligned Benchmarks paragraph 16 (g)		✓	✓		N.A.
ESRS E1-4 GHG emission reduction targets
paragraph 34	✓	✓	✓		N.A.
ESRS E1-5 Energy consumption from fossil
sources disaggregated by sources (only high	✓				N.A.
climate impact sectors) paragraph 38
ESRS E1-5 Energy consumption and mix
paragraph 37	✓				ESRS E1-5
ESRS E1-5 Energy intensity associated with
activities in high climate impact sectors	✓
paragraphs 40 to 43					N.A.
ESRS E1-6 Gross Scope 1, 2, 3 and Total GHG
emissions paragraph 44	✓	✓	✓		E1-6
ESRS E1-6 Gross GHG emissions intensity
paragraphs 53 to 55	✓	✓	✓		N.A.
ESRS E1-7 GHG removals and carbon credits
paragraph 56				✓	N.A.
ESRS E1-9 Exposure of the benchmark portfolio
to climate-related physical risks paragraph 66			✓		phase-in
ESRS E1-9 Disaggregation of monetary amounts
by acute and chronic physical risk paragraph 66
(a)		✓			phase-in
ESRS E1-9 Location of significant assets at
material physical risk paragraph 66 (c)

¹ Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability reporting in the financial services sector (SFDR) (OJ L 317, 9.12.2019, p. 1).

² Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (Capital Requirements Regulation) (OJ L 176, 27.6.2013, p. 1).

³ Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1).

⁴ Regulation (EU) 2021/1119 of the European Parliament and of the Council of 30 June 2021 establishing the framework for achieving climate neutrality and amending Regulation (EC) No 401/2009 and Regulation (EU) 2018/1999 ('European Climate Regulation') (OJ L 243, 9.7.2021, p. 1).

ESRS E1 -9 Breakdown of the carrying value of its real estate assets by energy -efficiency classes paragraph 67 (c).				phase -in
ESRS E1 -9 Degree of exposure of the portfolio to climate - related opportunities paragraph 69		✓		phase -in
ESRS E2 -4 Amount of each pollutant listed in Annex II of the E -PRTR Regulation (European Pollutant Release and Transfer Register) emitted to air, water and soil, paragraph 28	✓			Not material
ESRS E3 -1 Water and marine resources paragraph 9	✓			Not material
ESRS E3 -1 Dedicated policy paragraph 13	✓			Not material
ESRS E3 -1 Sustainable oceans and seas paragraph 14	✓			Not material
ESRS E3 -4 Total water recycled and reused paragraph 28 (c)	✓			Not material
ESRS E3 -4 Total water consumption in m 3 per net revenue on own operations paragraph 29	✓			Not material
ESRS 2 - SBM 3 - E4 paragraph 16 (a) i	✓			Not material
ESRS 2 SBM -3 – E4 paragraph 16 (b)	✓			Not material
ESRS 2 SBM -3 – E4 paragraph 16 (c)	✓			Not material
ESRS E4 -2 Sustainable land / agriculture practices or policies paragraph 24 (b)	✓			Not material
ESRS E4 - 2 Sustainable oceans / seas practices or policies paragraph 24 (c)	✓			Not material
ESRS E4 -2 ESRS E4 -2 Policies to address deforestation paragraph 24 (d)	✓			Not material
ESRS E5 -5 Non -recycled waste paragraph 37 (d)	✓			Not material
ESRS E5 - 5 Hazardous waste and radioactive waste paragraph 39	✓			Not material
Risk of incidents of forced ESRS 2 – SBM3 – S1 labour paragraph 14 (f)	✓			N.A.
ESRS 2 – SBM3 – S1 Risk of incidents of child labour paragraph 14 (g)	✓			N.A.
ESRS S1 -1 Human rights policy commitments paragraph 20	✓			N.A.
ESRS S1 - 1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 21		✓		S1 - 1
ESRS S1 -1 Processes and measures for preventing trafficking in human beings paragraph 22	✓			N.A.
ESRS S1 -1 Workplace accident prevention policy or management system paragraph 23	✓		S1	-1_14
ESRS S1 -3 Grievance/complaints handling mechanisms paragraph 32 (c) )	✓			S1 - 3

Number of fatalities and number ESRS S1 -14 and rate of work -related accidents paragraph 88 (b) and (c)	✓	✓	S1 -14
ESRS S1 -14 Number of days lost to injuries, accidents, fatalities or illness paragraph 88 (e)	✓		S1 -14
ESRS S1 -16 Unadjusted gender pay gap paragraph 97 (a)	✓	✓	S1 -16
ESRS S1 -16 Excessive CEO pay ratio paragraph 97 (b)	✓		S1 -16
ESRS S1 -17 Incidents of discrimination paragraph 103 (a)	✓		S1 -17
ESRS S1 -17 Non -respect of UNGPs on Business and Human Rights and OECD Guidelines paragraph 104 (a)	✓	✓	S1 -17
ESRS 2 SBM -3 – S2 Significant risk of child labour or forced labour in the value chain paragraph 11 (b)	✓		No t material
ESRS S2 -1 Human rights policy commitments paragraph 17	✓		No t material
ESRS S2 -1 Policies related to value chain workers paragraph 18	✓		No t material
ESRS S2 -1 Non -respect of UNGPs on Business and Human Rights principles and OECD guidelines paragraph 19	✓	✓	Not material
ESRS S2 - 1 Due diligence policies on issues addressed by the fundamental International Labor Organisation Conventions 1 to 8, paragraph 19		✓	Not material
ESRS S2 -4 Human rights issues and incidents connected to its upstream and downstream value chain paragraph 36	✓		Not material
ESRS S3 -1 Human rights policy commitments paragraph 16	✓		Not material
ESRS S3 -1 Non -respect of UNGPs on Business and Human Rights, ILO principles or OECD guidelines paragraph 17	✓	✓	Not material
ESRS S3 -4 Human rights issues and incidents paragraph 36	✓		Not material
ESRS S4 -1 Policies related to consumers and end -users paragraph 16	✓		Not material
ESRS S4 -1 Non -respect of UNGPs on Business and Human Rights and OECD guidelines paragraph 17	✓	✓	Not material
ESRS S4 -4 Human rights issues and incidents paragraph 35	✓		Not material
ESRS G1 -1 United Nations Convention against Corruption paragraph 10 (b)	✓		G1 - 1
ESRS G1 -1 Protection of whistle - blowers paragraph 10 (d)	✓		G1 - 1
ESRS G1 -4 Fines for violation of anti -corruption and anti -bribery laws paragraph 24 (a)	✓	✓	G1 - 4
ESRS G1 -4 Standards of anti - corruption and anti - bribery paragraph 24 (b)	✓		G1 - 4

The relevant information is disclosed in a transparent and accessible manner through this document, which contains

the description of the material issues.
relevant policies, objectives and metrics.
the strategies and actions taken to manage the material issues.

The Group monitors the effectiveness of the disclosure process and is committed to improving it, taking into account stakeholder feedback and changes in the regulatory and market environment.

The Group's policies, actions, metrics and objectives related to each material issue are set out in more detail in the respective section of the document.

2. ENVIRONMENTAL DISCLOSURES

Taxonomy (Article 8 of Regulation 2020/852)

The European Taxonomy, a key element of the EU's sustainable finance strategy, is a classification system that defines uniform environmental criteria to identify economic activities that can contribute to achieving the EU's climate and environmental objectives.

Companies that apply the European Sustainability Reporting Standards (ESRS) must disclose the extent to which their activities are aligned with the European Taxonomy. This provides stakeholders with crucial information on the sustainability of company operations and their contribution to EU environmental goals.

The Taxonomy identifies six environmental objectives:

1. Climate change mitigation.
1. Climate change adaptation.
1. Sustainable use and protection of water and marine resources.
1. Transition towards a circular economy.
1. Pollution prevention and control.
1. Protection and restoration of biodiversity and ecosystems.

To be considered 'environmentally sustainable', an economic activity must contribute substantially to at least one of these objectives, without significantly damaging any other.

The taxonomy reporting process can be represented in the following steps:

Preliminary screening of potentially eligible economic activities: this activity involves a rigorous selection, carried out on the basis of the technical annexes of the Delegated Acts. The screening is carried out by taking as a reference both the ATECO code of the individual company of the Group and the specific description of the activities contemplated in the annexes. In the light of the above analysis, the list of eligible economic activities emerges.
Detailed assessment of the alignment of the economic activities identified as eligible: each economic activity is assessed on the basis of the manner in which it is carried out against the technical screening criteria defined by the legislator. This verification reveals the alignment or non-alignment of the various economic activities.
KPIs for reporting: extraction of the KPIs necessary for reporting in accordance with the Taxonomy, based on the criteria highlighted in Annex I and following the template in Annex II of the Delegated Regulation.

The analysis carried out revealed the following with regard to eligibility, however none were aligned.

Climate change mitigation: Eligible 8.1 Data processing, hosting and related activities

The Group has not implemented all the relevant practices indicated as 'expected practices' in the most recent version of the European Code of Conduct on Data Centre Energy Efficiency or in CEN-CENELEC document CLC TR50600-99-1 Data centre facilities and infrastructures. In fact, the Group operates some data centres that it does not own, due to logistical constraints not attributable to it. Furthermore, the global warming potential of the refrigerants used in the data centre cooling system could not be verified.

Transition to a Circular Economy Eligible 4.1 Provision of IT/OT solutions (information technology/data-based operational technology).

Activities associated with the remaining objectives other than mitigation and circular economy are not eligible as they are not relevant to the activities of Group companies

The accounting information shown in the tables is reconciled with the values entered in the financial statements.

In particular, as far as revenues are concerned, please refer to section '7. Revenues'; instead, as regards Capex, please refer to sections "16. Intangible Assets, 17. Property, plant and equipment, 18. Right-of-Use Assets".

Proportion of turnover from products or services associated with Taxonomy-aligned economic activities 2024

Financial year N		YEAR 2024			Substantial contribution DNSH
ACTIVITIES	Co de	To ta l t ur no ve r	Pr op or ti on o f t ur no ve r	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt at io n	W at er	Po llu tio n	Ci rc ul ar e co no m y	Bi od iv er sit y & e co sy st em s	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt at io n	w at er	Po llu tio n	Ci rc ul ar e co no m y	Bi od iv er sit y & e co sy st em s	Minumum safeguards	Taxonomy of turnover aligned (A.1.) or taxonomy eligible (A.2.), year N-1	Enabling activity	Transitional activity

		currency	%	Y/ N; N/E	Y/ N; N/E	Y/ N; N/E	Y/ N; N/E	Y/ N; N/E	Y/ N; N/E	Y/ N	Y/ N	Y/ N	Y/ N	Y/ N	Y/ N	Y/N	%	E	T
A. TAXONOMY ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (taxonomy-aligned)
Activity 1			%	N/E	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%
Activity 1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Activity 2			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%		T
Turnover of environmentally sustainable activities (taxonomy aligned) A.1		0	0%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%

Financial year		YEAR 2024						Substantial contribution		DNSH
N
ACTIVITIES	Co de	To ta l t ur no ve r	Pr op or ti on o f t ur no ve r	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt ati on i	W at er	Po llu tio n	Ci rc ul ar e co no m y	Bi od iv er sit y & e co sy st m es	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt ati on	W at er	Po llu tio n	Ci rc ul ar e co no m y	Bi od iv er sit y & e co sy st m es	Minumum safeguards	Taxonomy of turnover aligned (A.1.) or taxonomy eligible (A.2.), year N-1	Enabling activity	Transitional activity
Enabling			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Transitional			%	%						Y	Y	Y	Y	Y	Y	Y	%		T
A.2. Taxonomy eligible activities, not Environmentally sustainable (activities not aligned to Taxonomy)
				E; N/E	E; N/E	E; N/E	E; N/E	E; N/E	E; N/E
Activity 1		€	%														%
Data processing, hosting and related activities: Forensic Intelligence and Decision Intelligence	CCM 8.1	50,271,000.00 €	70%	E	N/E	N/ E	N/ E	N/ E	N/ E								N/A
Provision of data-driven IT/OT (information technology/operational technology) solutions	CE 4.1	11,617,000.00 €	16%	N/E	N/E	N/E	N/E	E	N/E								N/A

Cybersecurity services and software
Turnover of activities eligible for the taxonomy but not environmentally sustainable (activities not aligned with the taxonomy) (A.2)	61,889,000.00 €	86%	70%	%	%	%	16%	%	%
Turnover of Taxonomy eligible activities (A.1+ A.2)	61,889,000.00 €	86%	70%	%	%	%	16%	%
B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover of Taxonomy NON – eligible activities	10,476,426.86 €	14%
TOTAL	72,364,426.86 €	100%

	Portion of turnover / total turnover
	Taxnonomy aligned per objective	Tanonomy eligible per objective
CCM	0%	70%
CCA	%	%
WTR	%	%
CE	0%	16%
PPC	%	%
BIO	%	%

Financial year N		YEAR 2024				Substantial contribution							DNSH
ACTIVITIES	Co de	To ta l c ap ita l e xp en di tu re	Po rti on o f c ap ita l e xp en di tu re	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt at io n	W at er	Po llu tio n	Ci rc ua lr ec on om y	Bi od iv er sit y % e co sy st em s	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt at io n	W at er	Po llu tio n	Ci rc ua lr ec on om y	Bi od iv er sit y & e co sy st em s	Minimum safeguards	Portion of CapEx Taxonomy aligned (A.1.) or eligible (A.2.), year N-1	Eligible activity	Transitional activity
		currency	%	Y/N;	Y/N; N/E	Y/N; N/E	Y/N; N/E	Y/N; N/E	Y/N; N/E	Y/	Y/	Y/	Y/	Y/	Y/	Y/N	%	E	T
A. TAXONOMY ELIGIBLE ACTIVITIES				N/E						N	N	N	N	N	N
A.1. Environmentally sustainable activities (taxonomy-aligned)
Activity 1				%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%
Activity 1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Activity 2			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%		T
CapEx of Environmentally sustainable activities (taxonomy aligned) A.1		0	%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y		%

Portion of capital expenditure arising from products or services associated with economic activities aligned with the taxonomy - 2024

Financial year N		YEAR 2024					Substantial contribution						DNSH
ACTIVITIES	Co de	To ta l c ap ita l e xp en di tu re	Po rti on o f c ap ita l e xp en di tu re	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt at io n	W at er	Po llu tio n	Ci rc ua lr ec on om y	Bi od iv er sit y % e co sy st em s	Cl im at e ch an ge m iti ga tio n	Cl im at e ch an ge a da pt at io n	W at er	Po llu tio n	Ci rc ua lr ec on om y	Bi od iv er sit y % e co sy st em s	Minimum safeguard	Portion ofi CapEx Taxonom y aligned (A.1.) or eligible (A.2.) year N-1	Enabling activity	Transition al activity
Enabling			%	%	%	%	%	%	%	Sì	Sì	Sì	Sì	Sì	Sì	Sì	%	A
Transitional			%	%						Sì	Sì	Sì	Sì	Sì	Sì	Sì	%		T
A.2 Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)
				E; N/E	E; N/E	E; N/E	E; N/E	E; N/E	E; N/E
Activity 1 € %
Data processing, hosting and related activities: Forensic Intelligence and Decision Intelligence	CC M 8.1	6,087,458.06 €	25%	AM	N/A M	N/A M	N/A M	N/A M	N/A M								N/A
Provision of data-driven IT/OT (information technology/operational technology) solutions:	CE 4.1	1,795,604.54 €	7%	N/A M	N/A M	N/A M	N/A M	AM	N/A M								N/A

Cybersecurity services and software
CapEx of Taxonomy eligible activities but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)	7,883,062.60 €	32%	25%	%	%	%	7%	%				%
CapEx of Taxonomy eligible activities (A.1+ A.2)	7,883,062.60 €	32%	25%	%	0	0	7%	0

B. TAXONOMY NOT ELIGIBLE ACTIVITIES

CapEx of NOT Taxonomy eligible activities B	68% 16,536,789.39 €
TOTAL	100 24,419,851.99 % €

	Portion of CapEx / total CapEx
	Taxnonomy aligned per objective	Tanonomy eligible per objective
CCM	0%	25%
CCA	%	%
WTR	%	%
CE	0%	7%
PPC	%	%
BIO	%	%

Proportion of opex associated with Taxonomy-aligned economic activities 2024

FINANCIAL YEAR N		YEAR 2024			Substantial contribution DNSH
ACTIVITIES	Co de	To ta l O pE x	Po rt io n of O pE x	C lim at e ch an ge m iti ga ti o n	C lim at e ch an ge a da pt ati o n	W at er	Po llu ti o n	C ir cu al r ec o no m y	Bi od iv er si ty % e co sy st em s	C lim at e ch an ge m iti ga ti o n	C lim at e ch an ge a da pt ati o n	W at er	Po llu ti o n	C ir cu al r ec o no m y	Bi od iv er si ty % e co sy st em s	Minimum safeguards	Portion of OpEx Taxonomy aligned (A.1.) or eligible (A.2.) year N-1	Enabling activity	Transitional activity
		Currency	%	Y/N; N/E	Y/N; N/E	Y/N; N/E	Y/N; N/E	Y/N; N/E	Y/N; N/E	Y/ N	Y/ N	Y/ N	Y/ N	Y/ N	Y/ N	Y/ N	%	E	T
A. Taxonomy-eligible activities
A.1. Environmentally sustainable activities (taxonomy-aligned)
Activity 1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%
Activity 1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Activity 2			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%		T
OpEx of Environmentally sustainable activities (taxonomy-aligned) A.1		0	%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%

FINANCIAL YEAR N	YEAR 2024			Substantial contribution									DNSH
ACTIVITY	Co de	To ta l O pE x	Po rt io n of O pE x	C lim at e ch an ge m iti ga ti o n	C lim at e ch an ge a da pt ati o n	W at er	Po llu ti o n	C ir cu al r ec o no m y	Bi od iv er si ty % e co sy st em s	C lim at e ch an ge m iti ga ti o n	C lim at e ch an ge a da pt ati o n	W at er	Po llu ti o n	C ir cu al r ec o no m y	Bi od iv er si ty % e co sy st em s	Minimum safeguards	Portion of OpEx Taxonomy aligned (A.1.) or eligible (A.2.), year N-1	Enabling activity	Transitio nal activity
Enabling			%	%	%	%	%	%	%	Y	Y	Y	Y	Y		Y	%	E
Transitional			%	%						Y	Y	Y	Y	Y		Y	%		T
Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) A.2.
				E; N/E	E; N/E	E; N/E	E; N/E	E; N/E	E; N/E
Activity 1		€	%														%
Data processing, hosting and related activities: Forensic Intelligence and Decision Intelligence	CC M 8.1	0 €	0%	N/E	N/E	N/E	N/E	N/E	N/E								N/A
Provision of data-driven IT/OT (information technology/operational technology) solutions: Cybersecurity services and software	CE 4.1	0 €	0%	N/E	N/E	N/E	N/E	N/E	N/E								N/A

OpEx of Taxonomy eligible but not environmentally sustainable activities (not Taxonomy-aligned activities) (A.2)	0€	0%	%	%	%	%	%	%	%
OpEx of Taxonomy aligned activities (A.1+ A.2)	0 €	0%	%	%	%	%	%	%	N/A
B. TAXONOMY NOT ELIGIBLE ACTIVITIES
OpEx of NOT Taxonomy eligible activities B	1,079,198.18 €	100 %
TOTAL	1,079,198.18 €	100 %

	Portion of Opex / Total Opex
	Taxnonomy aligned per objective	Tanonomy eligible per objective
CCM	%	0%
CCA	%	%
WTR	%	%
CE	%	0%
PPC	%	%
BIO	%	%

Below the KPIs:

ANNEX XII

Model 1 - Nuclear and Fossil Gas Activities

	Nuclear activities
1	The company carries out, finances or has exposures to research, development, demonstration and implementation of innovative power generation plants that produce energy from nuclear processes with a minimum amount of fuel cycle waste.	NO
2	The company carries out, finances or has exposures to the construction and safe operation of new nuclear power plants for the generation of electricity or process heat, including for district heating purposes or for industrial processes such as hydrogen production, and improvements in their safety with the help of the best available technology.	NO
3	The company carries out, finances or has exposures to the safe operation of existing nuclear power plants that generate electricity or process heat, including for district heating or industrial processes such as the production of hydrogen from nuclear energy, and improvements to their safety.	NO
	Fossil Gas activities
4	The company carries out, finances or has exposures to the construction or operation of power generation plants using gaseous fossil fuels.	NO
5	The company carries out, finances or has exposures to the construction, upgrading and operation of combined heat/cool and power generation plants using gaseous fossil fuels.	NO
6	The company carries out, finances or has exposures to the construction, upgrading and operation of heat generation plants that produce heat/cooling using gaseous fossil fuels.	NO

ESRS E1 – Climate change

The Group has no climate-related incentives in the remuneration of members of the administration, management and control bodies.

E1-1 Transition Plan for Climate Change Mitigation

A transition plan for climate change mitigation is currently not in place.

The internal analysis concluded that the Group's activities covered by the delegated regulations on climate change adaptation and mitigation under the Taxonomy Regulation are not aligned.

The Group does not carry out any activities under Article 12(1)(d)-(g) and 12(2) of Commission Delegated Regulation (EU) 2020/1818 (Climate Reference Index Regulation).

As previously stated, the Group has no Transition Plan aimed at mitigating climate change, although it reserves the right to assess its adoption within the 2025-2029 Sustainability Plan, consistent with the evolution of the regulatory and strategic reference context.

A risk of a physical nature has been identified, namely the negative financial effect on the Group caused by extreme climatic events that may cause disruptions to IT systems.

Through the double materiality assessment, identified impacts, risks and opportunities (IROs) were examined, with a focus on potential risks or hazards associated with climate change. The assessment results concluded that the Group's business model, current assets and operating locations have an overall low level of exposure to climate risks, attesting to the Group's high resilience in the face of climate change. The Group is committed to assessing and strengthening its resilience analysis considering specific scenarios starting from the next reporting with reference to the approval of the 2025-2029 Sustainability Plan.

As outlined in the list of IROs related to climate change, negative impacts were identified mainly due to greenhouse gas emissions into the atmosphere and the Group's use of fossil energy sources. A significant physical risk was also identified, represented by the potential impact of natural or environmental events, such as earthquakes, floods, fires and extreme weather events. Although this risk is not expected to materialise in the short term, there is increasing attention and demand for actions aimed at climate adaptation. Additional climate risks were identified in relation to the business model, operating locations or business activities, which were not assessed as material by the analysis conducted and as further detailed in the next section.

The double materiality and the risk analysis was carried out in December 2024.

The analysis considered impacts over short, medium and medium-long term time horizons, focusing on activities that fall within its area of competence and direct knowledge. However, the view on potential risks arising from the value chain remains more limited, although it is considered unlikely that these factors would significantly affect our financial strength or business performance.

Based on the assessments performed, the impacts and risks identified do not directly influence the business model or corporate strategy in the short, medium and medium to long term.

Climate-related hazards and the assessment of exposure and sensitivity are not based on high-emission climate scenarios.

As part of the analysis and treatment of the risks envisaged by the company's integrated management system and the ISO 31000 Principles and Guidelines 'Risk Management', an in-depth assessment of the company's sites and activities was conducted, from which a significantly high physical climate risk of destruction and/or alteration due to natural or environmental events (earthquakes, floods, fires, weather and meteorological events) concentrated exclusively on the data centre/Server Farm emerged.

The model applied is based on the following steps:

Risk identification
Risk analysis
Risk treatment
Risk monitoring and control

An initial qualitative analysis, aimed at assessing which risks are considered critical and should be subjected to a subsequent quantitative analysis and treatment, and which can be considered of low impact on the project and included in a list of risks to be monitored during Risk Reviews, was followed by the quantitative analysis to define priorities.

The quantitative analysis consists of estimating the economic and financial effects of the risks, the probability of occurrence of the risk assumes a fixed percentage based on the level established in the qualitative analysis.

Risk is assessed on the basis of an Impact - Probability matrix, the scale of which consists of 5 levels: Very High, High, Medium, Low, Null.

The Risk Assessment for the identification and evaluation of risks is carried out at intervals defined by the Risk Manager and the results are presented and shared with the corporate functions involved and submitted to the Administration, Management and Control bodies.

It is deemed that the approach adopted is adequate to assess and understand the risk environment, particularly considering that potential exposures are limited. Nevertheless, the Group will continue to assess the appropriateness of future updates and/or the implementation of further analyses based on climate scenarios.

The approach taken is deemed adequate to assess and understand the risk environment, particularly considering that potential exposures are limited. Nevertheless, the Group will continue to assess the appropriateness of future updates and/or the implementation of further analyses based on climate scenarios.

Therefore, as described above, there is a significantly high risk of destruction and/or alteration due to natural or environmental events (earthquakes, floods, fires, atmospheric and meteorological events) concentrated exclusively on data centres/Server Farms and not on other corporate assets, as highlighted by the Risk Analysis and Treatment conducted within the scope of ISO 27001.

Climate-related hazards, exposure and sensitivity assessments are not based on high-emission climate scenarios.

No short-, medium- or long-term transition events have been identified.

The Group has not screened assets and business activities for exposure to climate-related transition events.

The Group has not assessed the extent to which corporate assets and activities may be exposed to and are sensitive to the identified transition events, taking into consideration the likelihood, magnitude and duration of such events.

The identification of transition events and the assessment of exposure were not based on climate scenario analyses.

The Group has not identified business assets and activities that are incompatible with a transition to a climate-neutral economy or that require significant efforts to be compatible with such a transition.

No climate scenarios were used for the analysis.

There are no climate assumptions in the financial statements.

No high-emission climate scenarios were considered.

The physical risk related to climate change was assessed during the risk assessment conducted within the context of ISO 27001.

The methodology followed is specified in the relevant company documentation, for internal use.

The results of the periodic assessment are approved by management and reported in the Management Review. The result of the last risk assessment concerning the risk 'Destruction and/or alteration due to natural or environmental events (earthquakes, floods, fires, atmospheric and meteorological events)' reports that the Management has adopted a strategy of accepting the residual risk, although this is classified as a risk to be dealt with, since the interventions aimed at mitigating it are too costly in relation to the company's business needs.

With regard to climate-related transition opportunities and risks, no climate scenarios were considered, nor was the exposure of the company's assets and activities to transition events assessed. However, management assessed significant impacts, risks and opportunities in the double materiality assessment.

E1-2 Policies related to climate change mitigation and adaptation

Code of Conduct

The Group, whose objectives include the protection of the environment as a 'common interest' item, implements strategies aimed at guaranteeing the right balance between business needs and ecology. Therefore, the Group is committed to making industrial processes more efficient, in order to market products with a low environmental impact and to optimise the use of natural resources.

In order to reduce costs to the environment, it ensures, inter alia, the careful procurement of energy resources and the continuous control of consumption and, with the same aim, invests in the periodic renewal of equipment and machines and the purchase of new technologies.

RCS has also adopted an integrated quality, environment, health and safety policy, as detailed in section 'G1-1 Policies on corporate culture and business conduct'.

The Group, while referring in its Code of Conduct to general principles of environmental responsibility and attention to the responsible use of resources, has not yet formalised specific policies on climate change mitigation and adaptation, nor on the management of related risks, as at the date of this report. These aspects will be evaluated as part of the progressive evolution of the strategic and regulatory framework of reference, in consideration of the 2025-2029 Sustainability Plan.

The Group has identified the following actions in the medium to long term:

Evaluation of a plan to reduce Scope 1 and 2 emissions
Maintenance of ISO 14001 certification for RCS
Periodic assessment of climate change risks
Pursuing the commitment to plant 10 trees in the Treedom forest, thus contributing to the reduction of 17 tonnes of CO2

All actions are planned in the medium to long term. Their definition, including the scope and financial resources envisaged for their implementation, will be the subject of a detailed assessment in the 2025-2029 Sustainability Plan. The planned actions will be mainly related to the Group's own business.

E1-3 Actions and resources in relation to climate change policies

The decarbonisation drivers, to be implemented as of the financial year 2025, will be identified in the Sustainability Plan 2025 - 2029.

The Group made the first measurement in 2024, so the identification of reductions from previous periods is not applicable.

The Group has no specific greenhouse gas reduction targets at present; however, it confirms its commitment to assess them within the scope of its Sustainability Plan.

The Group covers all material result issues through its actions.

The Group has not set specific targets for the year 2024, which it commits to assess in the development of its Sustainability Plan 2025 - 2029.

Furthermore, in 2024 the Group undertook the following qualitative commitment related to the Group's own operations, for which no performance indicators have been provided: 'to strive for energy efficiency together with environmentally friendly and low-impact use of company premises and technological infrastructure'.

E1-5 Energy consumption and mix

The Group's electricity consumption in 2024 is shown below.

ID	Group's electricity consumption	udm	CY4Gate Group*
E1-5_02	Total energy consumption from fossil sources	MWh	7,202.01
E1-5_15	% of fossil sources in total energy consumption	%	99.71
E1-5_03	Total energy consumption from nuclear sources	MWh	0
E1-5_04	% of energy consumption from nuclear sources in total energy consumption	%	0
E1-5_06	Fuel consumption from renewable sources, included biomass	MWh	0
E1-5_07	Consumption of purchased or acquired electricity, heat, steam, and cooling from renewable sources	MWh	21.22
E1-5_08	Consumption of self-generated non-fuel renewable energy	MWh	0
E1-5_05	Total energy consumption from renewable sources	MWh	21.22
E1-5_09	% of renewable sources in total energy consumption	%	0.29
E1-5_01	Total energy consumption related to own operations	MWh	7,223.23

*Data includes estimates for XTN.

Energy from renewable sources is represented by certificates of guarantee of origin.

The Group does not produce energy.

E1-6 Gross Scopes 1, 2, 3 and Total GHG emissions

There were no significant changes in the Group or in the upstream and downstream value chain during the year.

The Group's emissions are shown below.

GHG Inventory

Scope 1

ID		Total Group
E1-6_07	Gross Scope 1 greenhouse gas emissions	1,068.69*
E1-6_08	% of Scope 1 GHG emissions from regulated emission trading schemes	n.a.

* Scope1 data for the Group includes estimates for Dars, Diateam, Tykelab and XTN based on the number of employees, using the proportionality coefficient of CY4Gate, a company active in the same business.

Scope 2
---------

ID		Total Group
E1-6_09	Gross location-based Scope 2 greenhouse gas emissions	437.74*
E1-6_10	Gross market-based Scope 2 greenhouse gas emissions	837.18*

* Group Scope 2 data includes estimates for XTN based on the number of employees, using the proportionality coefficient of CY4Gate, a company active in the same business.

Emissions Own Operations (Scope 1&2)

ID	Total Group*
Total Scope 1 & 2 (location-based)	1,506.43
Total Scope 1 & 2 (market-based)	1,905.87

* Data includes estimates based on the number of employees, using the proportionality coefficient of CY4Gate, a company active in the same business.

Disaggregation of GHG emissions

Scope 1

ID		Total Group*	Italy*	France*	Spain
E1-6_07	Gross Scope 1 greenhouse gas emissions	1,068.69	1,010.938	27.58*	30.17*
E1-6_08	% of Scope 1 GHG emissions from regulated emission trading schemes	n.a	n.a	n.a	n.a

* Data estimated based on the number of employees, using the proportionality coefficient of CY4Gate, a company active in the same business.

Scope 2
---------	--

ID		Total Group*	Italy*	France	Spain
E1-6_09	Gross location based Scope 2 greenhouse gas emissions	437.74	430.41	3.2	4.13
E1-6_10	Gross market based Scope 2 greenhouse gas emissions	837.18	825.44	3.14	8.6

* Data estimated based on the number of employees, using the proportionality coefficient of CY4Gate, a company active in the same business

Emissions Own Operations (Scope 1&2)

ID	Total Group*	Italy*	France*	Spain
Total Scope 1 & 2 (location-based)	1,506.43	1,441.65	30.78	34.3
Total Scope 1 & 2 (market-based)	1,905.87	1,836.68	30.72	38.77

* Data estimated based on the number of employees, using the proportionality coefficient of CY4Gate, a company active in the same business.

The methodologies applied to calculate emissions are outlined below:

Scope 1: Emission factors used for the calculation are based on the Fifth Assessment Report (AR5) of the Intergovernmental Panel on Climate Change (IPCC) considering a time horizon of 100 years.

The amount of greenhouse gases emitted per litre of fuel consumed is then shown. The calculation was performed by multiplying the tracked consumption by the relevant emission factors, resulting in an accurate estimate of GHG emissions expressed in tonnes of CO₂ equivalent (tCO₂).

Scope 2: Emissions are calculated by multiplying energy consumption expressed in MWh by the relevant emission factor, thus obtaining an estimate of GHG emissions expressed in tonnes of CO₂ equivalent (tCO₂e). The location-based method uses the average emission factor of the national or regional electricity grid. The market-based method uses the specific emission factor associated with the purchase of electricity, if the latter is certified through Guarantees of Origin (GO). In the absence of such certification, the emission factor of the residual mix calculated by the AIB is used.

No significant events are known.

No biogenic CO2 emissions were detected from the combustion or biodegradation of biomass that are not included in the GHG emissions of Scope 1.

0.29% of the total energy, that is, 100% for Tykelab, comes from renewable sources, with certificates of guarantee of origin. Emissions were calculated according to a market and location based approach, as shown in previous reporting tables.

The volume of biogenic CO2 emissions from the combustion or biodegradation of biomass, which are not included in the GHG emissions of Scope 2, was not reported.

The emission intensity in relation to net revenue (location and market based) is shown in the following table:

ID	Unit	2024
GHG emissions intensity, location-based (total GHG emissions per net revenue)	tCO₂ /€ milions	20.06
GHG emissions intensity, market-based (total GHG emissions per net revenue)	tCO₂ /€ millions	25.37

3. SOCIAL DISCLOSURES

ESRS S1 – Own workforce

Own workforce on which the Group could have a material impact are included in the scope of reporting according to ESRS 2. Data for the company STIL are included in RCS, the incorporating company as of 31 December 2024.

The Group consists mainly of employees with technical skills, such as developers and systems engineers, who represent the majority of the workforce. Thus, the vast majority of the people working in the Group's companies are employees, although the Group also employs highly specialised consultants for specific needs.

The Group is aware of the importance of protecting the working conditions of its employees and contractors, including aspects such as health and safety, working hours, adequate remuneration and work-life balance. Failure to apply these protections could have a negative impact on employees. To prevent this, the Group is committed to sharing and implementing the Parent Company's directives and policies on labour protection.

Activities that generate significant positive impacts include training initiatives, corporate welfare programmes and inclusion policies. The recipients of these benefits, whether employees or contractors, vary depending on the business and geographical context.

The Group is committed to promote an inclusive work environment that respects diversity, ensuring equal employment and inclusion opportunities for people with disabilities. In addition, the Group ensures equal pay for work of equal value, helping to generate a positive impact on the working community.

Through initiatives to combat discrimination, violence and harassment in the workplace, the Group promotes a healthy and safe working environment, with a positive impact on the well-being and productivity of its employees and collaborators.

The Group also has a positive impact on its workforce through the rejection of child labour and forced labour, ensuring respect for workers' fundamental rights.

By adopting policies for staff travel that include appropriate expense ceilings to guarantee the possibility of adequate accommodation when travelling, the Group is committed to protecting the wellbeing of its employees while on business.

Finally, the Group, through its management system safeguarding the confidentiality of its employees' data and information, ensures the protection of employees' privacy and the security of their personal information, generating a positive impact on their sense of security and trust.

The Group recognises that financial success is closely linked to the quality of its human resources and its ability to innovate and develop new technologies.

On the one hand, it is recognised that the shortage of trained and qualified personnel represents a significant risk to growth, and the difficulty in finding talent with the necessary skills could slow down technological development and compromise the ability to remain competitive in the market. This could result in a negative financial effect, with missed earnings and growth opportunities. In this regard, please refer to the comments in the section 'Main Risks and Uncertainties' of the Management Report.

On the other hand, investing in employee well-being is a winning strategy for the Group. A stimulating and inclusive work environment, where employees feel valued and appreciated, generates greater employee satisfaction, loyalty and retention. This translates into greater resource stability, reduced turnover costs and a positive working climate that fosters productivity and innovation. Consequently, this generates a positive financial effect with increased business performance and a greater ability to attract and retain top talent.

As the business is increasingly oriented towards software solutions that guarantee the confidentiality of personal data, this trend represents an important opportunity for our companies. The capability to develop and offer innovative solutions in this field can generate a significant competitive advantage and a positive financial effect, with an increase in turnover and market share.

The Group's strategy is also about carefully balancing the risks and opportunities associated with human resources and technology. We invest in employee training and development to ensure the availability of qualified staff, we promote a positive and inclusive work environment to foster staff retention, and we are constantly attentive to market needs to develop innovative solutions that meet the challenges of data protection. We are convinced that this strategic approach will enable us to maximise positive financial effects and mitigate risks, ensuring sustainable, long-term growth.

No operations with significant risk of forced or compulsory labour incidents exist within the Group.

The double materiality assessment and internal reviews did not reveal any critical situations for its workers.

The lack of personnel with an adequate level of training and specialised skills is a serious constraint to our expansion. Difficulties in recruiting professionals with the required skills could hold back technological progress and jeopardise our ability to compete effectively in the market. This could have negative financial repercussions, resulting in lost revenues and untapped growth opportunities.

Group policies

Work-life balance

The Group introduced flex-time to encourage a work-life balance, allowing its employees more free time to spend with their families. Overtime from 2023 to 2024 decreased by introducing target-based working. In addition, the Group has a smart working regulation that provides for 8 days per month of remote working. For new mothers, the days are extended to 12 until the first year of a newborn's life.

This policy applies to all employees in Italy, Spain and France, and responsibility for implementation lies with the CEO and Human Resources Director. The policy is available to all employees.

Adequate salaries

In order to ensure balanced salaries, the Group uses a market survey prepared by WTW (Willis Towers Watson), which associates professionalism with certain professional families and returns an external market benchmark on the remuneration linked to the role and expertise of the resource. The use of this methodology, called 'Global Grading', allows the Group to implement balanced and fair remuneration policies.

This policy applies to all employees in Italy, Spain and France, and responsibility for its implementation lies with the Managing Director and Human Resources Director. The policy is available to all employees.

15% of the eligible population received a salary increase or performance bonus.

Short- to medium-term remuneration policy, with target 2026, will also be extended to XTN.

For CY4Gate, RCS and Tykelab: adoption of the global grading system provided by Willis Towers Watson and establishment of remuneration policies with 2 evaluation periods:

March for meritocratic policy namely, performance evaluation related to the previous year. Evaluation is done by assessing the achievement of assigned goals, returning feedback to the resource about his or her performance.
July for salary policy. An employee's position is weighed according to a survey that returns the average salary provided by the market for the position held. Adopting this system allows the employee to have firm timelines for re-evaluating both his or her position and performance.

Gender Equality

The Group believes in and invests in gender equality, so much so that it has obtained gender equality certification in the year 2023 and 2024 for two Group companies, CY4Gate and RCS, respectively.

The policy on gender equality provides a fair pay and placement ratio for both genders with the goal of ensuring fair treatment.

The policy applies to all employees Italy, Spain and France, with responsibility for implementation resting with the CEO and Director of Human Resources. The policy is available to all employees

Health and Safety Policy

The Group believes that the protection of workers' health and safety is a fundamental and essential value. In this perspective, the Group has adopted an occupational health and safety management system in line with the provisions of Legislative Decree No. 81/2008, the Unified Text on the Protection of Health and Safety in the Workplace. This system was developed with reference to the UNI-INAIL Guidelines, an authoritative reference point for structuring effective management systems in this area.

CY4Gate Group's occupational health and safety management system consists of several key elements.

Workers' health and safety is a top priority for the Group, which has adopted an occupational safety policy that aims to ensure a safe and healthy working environment for all employees and contractors. This policy is based on compliance with occupational safety regulations and the promotion of a culture of prevention and safety. The occupational safety policy has several aspects, including risk assessment, staff training, provision of personal protective equipment, and emergency management.

S1-1 Policies related to own workforce

The Policies address and apply to its workforce as a whole.

The Group is committed to operate in compliance with all applicable regulations applicable to its own workforce on the subject.

Respect for human rights, including labor rights, of own workers is ensured through the Code of Ethics, internal rules and procedures that guide and manage relations, as well as the regulatory framework of the relevant CCNL on the subject of own workers' rights and human rights.

The Group, for the involvement of its workers in its initiatives, adopts a communication approach based on e-mails and training courses.

The Group is committed to act in compliance with all current regulations applicable to its workforce on the subject.

Respect for Human Rights, i.e., the principles expressed in the Universal Declaration of the United Nations, the Conventions of the International Labor Organization, the OECD Guidelines, the Charter of Fundamental Rights of the European Union and any other relevant legislation.

It is noted that, as of the date of this report, the Group has not formalized specific policies that explicitly address the issues of human trafficking, forced or compulsory labor, and child labor. However, these issues do not emerge as being of relevance to the Group.

The Group has a policy for accident management, in compliance with applicable current regulations.

It is worth noting that the Group, as of the date of this report, does not have formalized policies that explicitly address the assumptions of discrimination, nor are there any specific commitments adopted regarding inclusion or positive actions aimed at groups particularly at risk of vulnerability within the workforce. Similarly, there are no dedicated procedures identified for implementing and monitoring these policies, aimed at preventing, mitigating or managing possible discriminatory incidents, nor initiatives to actively promote diversity and inclusion.

The adopted policies cover all sustainability issues.

S1-2 Processes for engaging with own workforce and workers' representatives about impacts

The Group has no formalized written procedure at present; however, it is committed to actively listening to its workforce through regular consultations and structured dialogues, integrating feedback into business decisions is a hallmark of the Group. Levels of involvement range from site meetings to company-wide discussions, and resources are allocated to support these activities. This ensures that decisions reflect the needs and perspectives of employees. By 2025, the Group intends to incorporate a structured framework dedicated to this area into its management system.

S1-3 Processes to remediate negative impacts and channels for own workers to raise concerns

In the event of negative impacts on its workforce, the group undertakes to identify the cause of disruption and remove it. Once the cause is identified and removed, an internal review is conducted to understand whether the issue has been resolved and its effectiveness.

The Group has fully anonymous reporting channels in place that give employees the opportunity to report any issues. The matter will then be analyzed so that the necessary actions can be put in place to resolve it.

Any potential issues or actual violations that may adversely affect the Group or people's well-being are highlighted through the violation reporting system, a platform that allows all stakeholders secure and confidential access. Reporting can be done through the platform and/or directly through the impartial and specifically trained person/function appointed within the Group companies and the Chairman of the Supervisory Board (OdV).

Internal training and audit activities enable the Group to assess whether its workforce is aware of the structures or processes available to raise its concerns or needs and whether it places trust in them.

The Group has adopted and applies a procedure for the protection of whistleblowers.

S1-4 Taking action on material impacts on own workforce, and approaches to managing material risks and pursuing material opportunities related to own workforce, and effectiveness of those actions and approaches

The actions and resources put in place to manage the material impacts, risks, and opportunities related to its workforce are listed below.

Training and skills development

A training plan has been adopted that includes a prior gathering of needs and then, respecting the budget, the implementation of the required courses.

Time horizon: short

Work-life balance

The Group firmly believes in a balanced work-life balance; in fact, it incentivizes the use of smart working through the application of flexible regulations that meet the employee's needs. Group employees enjoy at least 2 days of smart working per week.

Time horizon: short.

Gender equality

The Group believes strongly in the issue of gender equality. In 2023 and 2024, the main companies in the Group have certified, there are plans to maintain certification for the main companies in the Group.

Time horizon: short, medium, long.

S1-5 Targets related to managing material impacts, advancing positive impacts, as well as to risks and opportunities

Gender equality (PdR 125)

The Group pursues the goal of ensuring wage and gender equity by maintaining and strengthening its equal opportunity commitments.

For financial year 2024, it is planned to maintain the certification on gender equality for CY4Gate and extend it to the subsidiary RCS.

In the following three years, the goal is to maintain the above certifications through the implementation of management systems and the implementation of internal monitoring audits.

Employees, as internal stakeholders, were involved in the goal-setting process through training initiatives, email communications and dedicated surveys.

Skills development

The Group intends to promote the development of specialized technical skills through high-tech training interventions aimed at its employees. The goal is to foster value creation through know-how sharing and collaboration with universities and public institutions.

Employees were involved through activities to collect training needs, which were functional in defining objectives.

Work-life balance

The Group is committed to ensuring an effective work-life balance, including through the adoption of smart working regulations.

Monitoring takes place every six months, based on the evaluation of attendance.

Employees have been involved in setting the goal through sharing and discussing the regulation.

The Group through its goals covers all sustainability issues found to be material.

S1-6 Characteristics of the Undertaking's Employees

The composition of the workforce as of December 31, 2024 is represented below.

WORKFORCE	CY4Gate group
Male	456
Female	96
Other	0
Not reported	0
Total	552

Characteristics of company employees: breakdown by countries with 50 or more employees representing at least 10% of the total number of employees.

Employees in France and Spain are not represented as they do not meet the criterion given.

CY4Gate group

Country	Number of employees
Italy	485
France	0
Spain	0

Representation by contract type is identified as either fixed-term or permanent FTE (average number of employees).

Characteristics of enterprise employees: breakdown by number of employees by gender (FTE).

CY4Gate Gtoup
FEMALE	MALE	OTHER	TOTAL
	Number of employess (n° / FTE)
98	451	0	549
	Number of permanent employees (n° / FTE)
95	445	0	540
Number of fixed-term employees (n° / FTE)
3	6	0	9
Number of employees with unsecured hours non guaranteed (n°/FTE)
0	0	0	0
Number of full time employees (n° / FTE)
84	445	0	529
Number of part time employees (n° / FTE)
13	7	0	20

During 2024, the number of employees (headcount) who left the Group is 109.

The Group's turnover is 24%.

For the calculation of turn over, the number of FTEs at the end of the year, the number of entrants, and the number of exits and put on report were considered for each company. For counting the exits, the HC system was taken into account, i.e., each exited employee corresponds to one head; the average number of employees, was calculated using the FTE method. For the remaining data, the database available to the group was used. No assumptions were made.

For the calculation of exits, full number was used; for the calculation of turnover, both full number and FTEs were used. The following criteria were used to calculate FTEs: the employee's date of hire, the employee's date of termination, and the number of days worked in a year.

Employee numbers are referred to the end of the reporting period as the average of the entire period by calculating FTEs.

S1-8 Collective bargaining coverage and social dialogue

100% of the Group's employees are covered by collective bargaining agreements, as better represented in the table below.

GRUPPO CY4Gate - Collective bargaining coverage and social dialogue

	Collective bargaining coverage		Social dialogue
	EEA Employees	Non – EEA Employees	EEA – Collective bargaining
Coverage Rate	(country with at least 50 employees by head count representing at least 10% of its total number of employees)	(estimate for countries with more than 50 employees representing more than 10% of total employees)	(Countries with more than 50 employees representing more than 10% of total employees)
0 -19 %
20 -39 %
40 -59 %
60 -79 %
80 - 100 %	100%		0%

Employees in France and Spain are not represented as they do not meet the stated criterion.

The Group has not signed agreements with its employees for representation by a European Works Council (EWC), a European Company (SE) Works Council or a European Cooperative Society (SCE) Works Council.

S1-9 Diversity metrics

Below is the gender distribution in number and percentage of employees (total count) at the senior management level.

Top Management	CY4Gate group
Male	20
Male (%)	80%
Female	5
Female (%)	20%
Other
Other (%)
Not reported
Not reported (%)
Total	25

The breakdown of employees by age group is shown below.

Age range	CY4Gate group
Employees < 30 years old	103
Employees between 30 & 50 years old	339
Employees > 50 years old	110

Senior Management (Top Management) refers to the executives directly reporting to the Group CEO.

S1-10 Adequate Wages

All employees receive remuneration in accordance with the levels stipulated in applicable national collective bargaining agreements, ensuring adequacy against sectoral and regulatory benchmarks.

No employees in any country earn below the benchmark for adequate remuneration.

S1-13 Training and Skills Development metrics

The performance reviews conducted during the period covered by this Statement and the corresponding percentage of employees, broken down by gender, who participated in these reviews are shown below. Periodic review means a single annual evaluation per Group employee who participated in the evaluation process, consisting of a series of moments that are part of the process itself.

Gender	Total number of employess	Number of employees that participated in regular performance and career development reviews	Percentage of employees that participated in regular performance and career development reviews
Male	456	149	33%
Female	96	39	41%
Other/Not reported	0	0	0
Total	552	188	34%

Average number of training hours by gender

The following table shows, for the period covered by this report, the average number of training hours provided per Group employee. Data was calculated as the ratio of total training hours provided during the period to the total number of employees.

Gender	Average number of training hours CY4Gate group
Male	10
Female	24
Other/Not reported	0
Average number of training hours per employee	12

S1-14 Health and safety metrics

100% of employees are covered by health management system as required by the relevant collective agreements.

No fatalities have been recorded.

In 2024, with reference to the Group's entire workforce, 3 accidents were recorded with a rate of 4.40%.

The number of work days lost due to occupational accidents was 63.

S1-15 Work-life balancemetrics

All employees are entitled to family leave under social policy and/or collective agreements. Details by gender are given below.

Gender	CY4Gate group Employees entitled to take family-related leave (%)	Gruppo CY4Gate* Entitled employees that took family-related leave (%)
Male	100%	2%
Female	100%	4%
Other/Not reported	0%	0%
Total	100%	3%

*dato del Gruppo stimato sulla proiezione dei valori della società capogruppo.

S1-16 Remuneration metrics (pay gap and total remuneration)

The average pay gap stands at 19.57% in favor of the male gender.

The ratio of the annual total remuneration of the highest wage earner to the median annual total remuneration of all employees is 2.97.

S1-17 Incidents, complaints and severe human rights impacts

No reports were recorded regarding incidents of discrimination, including harassment or complaints filed through the channels provided.

4. GOVERNANCE DISCLOSURES

ESRS G1 – Business conduct

Responsible business management represents an integrated approach to business conduct that considers environmental, social and governance factors as indispensable elements for long-term success. These are an integral part of decision-making and actions, from defining strategy to managing day-to-day operations.

This vision translates into an integrated management approach, where sustainability issues are not isolated elements, but an integral part of the company's decision-making and operational processes. It starts with an accurate assessment of the risks, opportunities and impacts related to these factors, in order to integrate them into the planning and control systems.

Responsible management implies the adoption of shared rules of conduct that guide the actions of all members of the organisation. This is accompanied by management systems that ensure compliance with regulations, transparency of information to stakeholders and fairness in business behaviour and relationships

Particular focus is placed on the prevention of anti-competitive behaviour, the quality of services and products offered and the well-being of workers, which are key elements in the creation of a healthy and productive working environment.

The primary objective is to prevent compliance risks and untimely management of economic, social and environmental impacts. In this way, the Group not only protects itself from potential problems, but also actively contributes to the creation of value for all stakeholders, from employees to investors, from the local community to the environment.

The board of directors, as the strategic guide of the company, is responsible for defining the vision and strategy, integrating environmental, social and governance factors into strategic decision-making, identifying risks and opportunities and ensuring that they are properly managed. It also oversees the implementation of the strategy, monitoring performance and progress towards sustainability goals and reporting to stakeholders on achievements.

The Management, in turn, translates the strategy into concrete actions:

defines specific objectives, implementation plans and performance metrics, integrating sustainability issues into the day-to-day operations of the company.
actively involves stakeholders in the strategy definition and implementation process, creating an open and constructive dialogue.
transparently communicates performance, reporting on progress made and challenges faced.

Finally, control bodies play an assurance and verification role:

verify that corporate conduct complies with laws, regulations and codes of conduct, assess sustainability risks, opportunities and impacts, and provide an independent opinion on their appropriateness and management.
They support the board of directors in overseeing risk management and assessing sustainability performance.

In summary, the boards of directors, management and control, each with their own responsibilities and competencies, work together to ensure that responsible business management is effectively integrated into all business activities.

This approach creates value for the Group and all its stakeholders, contributing to a more sustainable future.

Competencies relevant to sustainable corporate governance are adequately distributed among the members of CY4Gate's administration, management and control bodies.

Based on educational background and professional experience, competencies in environmental and social sustainability score 36 % and 71 % respectively.

In addition, innovation and technology skills scored 86 %.

Below is the assessment of the competencies of the company areas, derived from an analysis of the knowledge, skills and competencies of each resource on the basis of CVs and interviews.

Competencies	%
Strategic Planning	93%
Finance & business management	93%
Risk management	71%
Innovation and technology	86%
Digital IT & cyber security	29%
Environmental sustainability	36%
Social sustainability	71%
Legal & HR management	50%

The Group applies a structured and dynamic approach to managing the impacts, risks and opportunities related to corporate culture and business conduct through a series of integrated policies and tools.

At the heart of this approach is a three-year commitment plan, updated annually, which sets out concrete objectives and actions to address challenges and maximise opportunities related to corporate culture and business conduct. This plan is the result of an in-depth analysis and constant monitoring of impacts, enabling the Group to proactively adapt its strategies and respond to changes in the context.

A key element of this system is the Internal Control, Risk and Sustainability Committee (CCRS), which plays a crucial role by advising and making proposals to the Board of Directors on sustainability issues.

The CCRS not only assesses risks and opportunities, but also actively contributes to shaping the Group's strategy, ensuring that the principles of responsibility and sustainability are integrated into every decision.

It is important to emphasise that this system is not static, but constantly evolving.

The annual update of the three-year commitment plan and the constant monitoring of the ESRAB allow the Group to adapt to changes in the environment and to continuously improve its performance in terms of corporate culture and business conduct.

The Group is concretely committed to managing the impacts, risks and opportunities associated with corporate culture and business conduct, through an integrated and dynamic approach that actively involves the administration, management and control bodies.

The six-monthly report of the CCRS to the Board of Directors ensures transparent communication and constant monitoring of progress. This mechanism allows the Board of Directors (BoD) to be fully informed on sustainability issues and to exercise effective control over the management of risks and opportunities.

Consistent with its commitment to responsible business management, the CY4Gate Group has adopted a number of policies aimed at promoting an ethical business culture and ensuring the quality of its products and services.

Code of Conduct

The Code of Conduct represents the cornerstone of the system of values and principles that guide the Group's actions. This document, an integral part of the contractual documentation with both customers and suppliers, is divided into two fundamental sections:

Chart of Values: defines the general ethical principles that inspire the Company's actions, in line with the Company Vision.
Chart of Commitments: establishes the concrete rules of conduct that guide the daily operations of all those who interact with the Group, contributing to the realisation of the Company Mission,

The Code of Ethics applies to all levels of the organisation, from the governing and supervisory bodies to employees and collaborators, and to anyone who has a relationship with the Group.

In this way, the Group is committed to promoting a corporate culture based on integrity, transparency and responsibility.

Quality Policy (ISO 9001) adopted by CY4Gate and RCS

As part of risk management and with the aim to guarantee the quality of their products and services, the companies have implemented a quality management system certified according to ISO 9001:2015. This system focuses on several crucial aspects:

Product and service quality: ensuring that the products and services offered meet the highest quality standards.
Customer satisfaction: ensuring customer satisfaction throughout the contract lifecycle, from design to delivery and after-sales support.
Technological innovation: ensuring an adequate level of innovation and technological content in the products and services offered, in order to remain competitive in the market.

Through the implementation of these policies, we demonstrate a concrete commitment to promoting an ethical and responsible business culture, oriented towards quality, innovation and customer satisfaction.

Environmental Policy (ISO 14001) applied by RCS

An environmental policy has been adopted in line with the international standard ISO 14001, which defines environmental objectives, the actions to be taken to achieve them and the responsibilities of each member of the organisation. The environmental policy covers a number of areas, including waste management, energy saving, emission reduction and staff awareness of environmental issues. It should be noted that this policy and the Group's consumption are in line with the policy of the parent company Elettronica S.p.A.

Occupational Safety Policy as detailed in the paragraph Group Policies.

Gender Equality Policy (PdR 125)

The gender equality policy represents the formal and strategic commitment to the creation of an inclusive, fair and respectful working environment, where all people, regardless of their gender, have the same opportunities for professional and personal growth.

This policy is based on the principles of non-discrimination, equal opportunities, pay equity, work-life balance, valuing diversity and combating all forms of violence or harassment

Information Security Policy (ISO 27001) adopted by CY4Gate, RCS and XTN

The Information Security Policy is based on the international standard ISO 27001, a globally recognised standard for information security management.

This policy covers several areas, including physical, logical and communications security, risk management and staff training and awareness.

In parallel, in line with the General Data Protection Regulation (GDPR), a specific personal data protection policy has been adopted, which aims to ensure compliance with privacy regulations and to protect the rights of individuals with regard to the processing of their personal data.

The data protection policy consists of several aspects, including the definition of responsibilities, impact assessment, security measures, breach management and data subjects' information and consent.

A Data Protection Officer (DPO), a professional figure with expertise in personal data protection, has been appointed to guarantee this policy. The DPO is in charge of informing and advising the data controller, data processor and employees on the provisions of the GDPR and best practices regarding personal data protection, verifying the compliance of personal data processing with the GDPR and other applicable regulations, cooperating with the Supervisory Authority (Data Protection Authority) on matters relating to the processing of personal data, and acting as a point of contact for data subjects and the Supervisory Authority.

The information security and personal data protection policy represents a concrete commitment to protecting IT assets and safeguarding people's rights. The application of international standards such as ISO 27001 and compliance with privacy regulations testify to the focus on creating a safe and responsible working environment.

Governance and Remuneration

The Board of Directors is appointed as reported in paragraph GOV-1 Composition and role of the administrative, management and control bodies.

The Remuneration Policy provides for a Stock Grant Plan as indicated in paragraph GOV-3 Incentive Scheme related to sustainability objectives.

Risk management

CY4Gate's internal control and risk management system is a detailed set of rules, procedures and organisational structures that aim to ensure the effective identification, measurement, management and monitoring of key business risks.

This integrated system is essential for sustainable success, as it provides a solid framework for proactive risk management and supports informed decision-making. Among the main actors involved in this system, a key role is played by the Internal Audit function, which was established in 2023 following the Group's move from the Euronext Growth Milan segment to the STAR segment.

Through its independent and objective assessment activities, the Internal Audit function verifies the adequacy and effectiveness of the internal control and risk management system, contributing to strengthening corporate governance and protecting stakeholder value.

Organisation, Management and Control Model (MOG)

The organisation, management and control model (MOG) required by Legislative Decree 231/2001 and implemented by the Group represents a central pillar in its governance strategy, outlining a system of rules and tools to prevent the commission of crimes and promote a corporate culture of legality and transparency.

This document, in line with best practices and constantly updated to reflect legislative and corporate developments, defines general principles, identifies areas of risk, establishes rules of conduct, implements a control system, establishes a Supervisory Board and provides for a disciplinary system.

The document was updated in 2023 to take into account new legislation, the expansion of the Group and the switch to the STAR segment of the Italian Stock Exchange, further reinforcing the commitment to responsible and transparent management.

Customers, suppliers and partners are required to make a formal commitment to comply with the MOG, providing for the immediate termination of the contract in the event of violation, reflecting its crucial importance to the Group.

Anti- Bribery Code

The bribery prevention system, formalised in the Anti-Corruption Code, is a fundamental pillar of its commitment to integrity and transparency.

This organic and coherent system of principles aims to prevent and counter the risks of unlawful practices by promoting a corporate culture of honesty, ethics and respect for the law.

The Anti-Bribery Code, based on core principles such as integrity, transparency, accountability and diligence, defines clear rules of conduct, adequate control procedures, an internal reporting system and disciplinary sanctions for violations.

Approved by the Board of Directors and applied to all levels of the organisation, including employees, collaborators, directors, partners and suppliers, the Anti-Bribery Code is regularly updated to respond to new legislation and best practices.

Anti-Money Laundering Policy

The Group has adopted a structured organisational model to mitigate money laundering and terrorist financing risks, in line with national and international regulations. The model provides for a series of preventive and control measures, including the Anti-Money Laundering corporate function, which is responsible for identifying and assessing risks, defining procedures, monitoring transactions, reporting suspicious transactions and training staff. In addition to this, the model includes other crucial measures such as customer due diligence, document retention, internal control and periodic audits.

The Group is committed to an effective and up-to-date prevention system, aware of the importance of this matter for its reputation and the prevention of unlawful activities. The implementation of a robust organisational model and the establishment of the Anti-Money Laundering function testify to the Group's commitment to legality, transparency and social responsibility.

Transparency of financial transactions

The Group emphasises transparency of financial transactions, adopting strict procedures for the management of related party transactions, internal dealing and the prevention of market abuse. The primary objective is to prevent and mitigate potential conflicts of interest, while ensuring clear and complete disclosure to investors.

As far as transactions with related parties are concerned, the Group has implemented a specific procedure that provides for the identification of related parties, the assessment of transactions to verify their appropriateness and fairness, the approval of major transactions by the Board of Directors and the transparent and timely disclosure of information to the market.

In the area of internal dealing, the Group has adopted a specific procedure that defines relevant persons, provides for disclosure obligations for transactions involving Group shares and ensures the publication of relevant information.

The Group is particularly vigilant in preventing market abuse, having adopted a Code of Ethics that defines the principles and rules to be followed to avoid insider trading, market manipulation and other illegal practices.

Finally, the Group is committed to providing the market with complete, accurate and prompt information, in compliance with the disclosure requirements of the law and regulations.

Information on the Group's economic and financial situation, related party transactions, internal dealing and other relevant events is communicated through official channels and forwarded to Consob.

The transparency of financial transactions is a fundamental element in creating a relationship of trust with investors and protecting the Group's reputation.

The procedures adopted for the management of transactions with related parties, internal dealing and the prevention of market abuse testify to the commitment to responsible and fair governance.

Group Directive - MOG 231 Guidelines

The Group, by sharing its Code of Ethics and its Organisation, Management and Control Model (MOG 231), is committed to promoting a corporate culture deeply rooted in the principles of legality, transparency, ethicality, fairness and respect for rules.

This sharing is not just a formality, but a declaration of intent that underlines the importance of these fundamental values for the Group.

Consistent with the most rigorous principles adopted, it does not merely declare these values, but actively integrates them into every aspect of its business.

The commitment to legality translates into scrupulous compliance with laws and regulations, both nationally and internationally, while transparency is manifested through open and complete communication with all stakeholders.

Ethics guides every business decision, ensuring that actions are always inspired by integrity and honesty. Fairness in relations with customers, suppliers and partners is considered an essential value, as is respect for internal rules and company procedures, essential elements to ensure operational efficiency and effectiveness.

Sharing the Ethical Code and the MOG 231 is therefore a fundamental step to strengthen a corporate culture based on solid and shared values, with the aim of ensuring sustainable success over time and the creation of value for all stakeholders.

The Chief Executive Officer, the Managing Director or the Board of Directors (BoD), depending on the governance structure adopted, represents the highest level of management responsible for implementing the company's policy.

G1-1 Business conduct policies and corporate culture

Corporate culture aspects are considered and discussed by the administration, management and control bodies. They are promoted and disseminated to stakeholders (internal and/or external to the Group) as part of the corporate culture. In addition, specific tools are in place for its employees to promote and encourage its corporate culture.

The Group has adopted an integrated management system geared towards respecting and integrating sustainability issues, which includes various mechanisms for identifying, reporting and investigating unlawful behaviour or behaviour that does not comply with the Code of Conduct and internal regulations. The Group recognises the importance of the contribution of all stakeholders, internal and external, for the continuous improvement of the management system and for the prevention of unlawful behaviour.

Reporting and investigation mechanisms

Whistleblowing procedure: allows employees and third parties to report, even anonymously, potential or actual violations of the Code of Ethics, the 231 Organisational Model or other internal regulations. Reports are collected and managed by an independent function, which assesses their grounds and initiates the appropriate investigations.
Whistleblowings Committee: consisting of the heads of the Group Human Resources, Legal & Shared Services, Group Accounting, Finance, Controlling and Procurement organisational units, it is responsible for managing the preliminary investigation and reporting phase of the whistleblowings received. Every six months, the Committee draws up a report summarising the activities carried out and the progress of the Action Plans of the reports concerning conduct relevant to the Corruption risk.

Reports are handled with the utmost confidentiality and diligence.

The Whistleblowings Committee assesses the merits of reports and, if violations are ascertained, proposes corrective and disciplinary actions.

The Group is committed to ensuring that there is no retaliation against bona fide whistleblowers.

Additional oversight is ensured by the Risk and Sustainability Control Committee (CCRS), which expresses opinions on specific aspects relating to the identification of the main corporate risks, including risks relating to the internal corruption prevention system, and supports the Board of Directors' assessments and decisions relating to the management of risks arising from prejudicial facts of which it has become aware.

Il Gruppo adotta politiche in materia di lotta alla corruzione attiva e passiva coerenti con la Convenzione delle Nazioni Unite contro la corruzione.

The Group has deployed a comprehensive and secure breach reporting system, aimed at ensuring that all stakeholders can report, in a confidential and protected manner, any issues or violations that may have a negative impact on the Group or people's well-being. A dedicated online platform is available to all stakeholders, accessible in a secure and confidential manner, which allows them to report violations in a simple and intuitive way, following a guided procedure, and guarantees the anonymity of the reporter and the confidentiality of the information transmitted.

Whistleblowing can be submitted via the platform and/or directly through an impartial function, specifically trained and assigned to handle whistleblowing, in addition to the Chairman of the Supervisory Board (OdV), who is in charge of handling whistleblowing.

The Group has policies on the protection of whistleblowers, as outlined above.

The Group has developed an integrated management system to promote a corporate culture of integrity, transparency and accountability, with a particular focus on the prevention of corruption, money laundering and respect for human rights, as detailed in the Policies section.

The Group has implemented an integrated and articulated management system, which includes policies, control bodies and specific procedures to promote a culture of integrity and transparency, prevent unlawful conduct and ensure regulatory compliance in various areas, from the fight against corruption to respect for human rights.

With reference to the Organisational Model pursuant to Legislative Decree 231/2001, the positions most at risk of active and passive corruption are Human Resources, Sales, Marketing and Procurement.

G1-3 Prevention and detection of corruption and bribery

The Group has implemented a comprehensive system to prevent, identify and manage potential cases of bribery and corruption, both active and passive.

All Group companies have undergone a corruption risk assessment over the past two years, covering 100 per cent of the company sites. This assessment allowed the most vulnerable areas to be identified and analysed and targeted preventive measures to be implemented.

To date, no occurrences of active or passive bribery have emerged within the Group. This result testifies to the effectiveness of the preventive measures taken and the Group's commitment to promoting a culture of integrity and transparency.

In the event of any bribery incidents, the Group has an Anti- Bribery Code. This code defines the guidelines and procedures to be followed to effectively and promptly handle any report or case of corruption, ensuring a uniform and rigorous approach in all Group companies.

The Whistleblowings Committee is not separate from the management chain involved in the matter, and is composed of the Heads of the organisational units Human Resources, Legal & Shared Services, Group Accounting, Finance, Controlling and Procurement, the latter being in charge of managing the preliminary investigation and the reporting process of the reports received.

Every six months, the Committee draws up a report summarising the activities carried out and the progress of the Action Plans of the reports concerning conduct relevant to the risk of Corruption, which is submitted to the Coordination and Consultation Body for the Prevention of Bribery.

The following documentation is adopted and disseminated through the company's website and intranet;

Management and Control Organisational Model pursuant to Legislative Decree 231/2001;
Code of Ethics;
Anti- Bribery Code;
Anti-Money Laundering Policy.

In addition, there are contractual clauses binding customers and suppliers to comply with these documents.

Training programmes are extended to managers, middle managers, employees and apprentices.

Training is provided for 100% of the functions at risk. With reference to these risk profiles on bribery and extortion, on the basis of the analysis of business processes and areas of operation, the Group has identified the functions that are potentially most exposed in relations with third parties or public administrations. These areas include, as a priority, commercial and supplier purchasing and selection processes, institutional relations, activities related to participation in tenders and calls for tenders, and human resources selection and management processes.

Training on corruption is provided to senior and top management as part of 231 workshops, general and specific training on Model 231, anti- bribery and whistleblowing. This training is planned during 2025. No training was provided to governance bodies on corruption in 2024.

G1-4 Incidents of corruption or bribery

The Group encountered no cases of active or passive corruption, violations of procedures and consequent sanctions. CY4Gate S.p.A. also communicated the Code of Ethics and the Anti- Bribery Code to the Group Companies. The Group has taken the following actions to manage the relevant impacts, risks and opportunities related to active and passive corruption:

Anti- Bribery Code;
Risk and Sustainability Committee;
Coordination and Consultation Body for the Prevention of Bribery.
Reporting Committee.

Furthermore, in 2024 it was implemented:

Sharing the Code of Conduct with subsidiaries, adoption of contractual clauses committing stakeholders to the Code of Conduct;
Renewed CY4Gate S.p.A.'s legality rating in 2024, with a score of three stars, improving the result compared to 2023 with a target corresponding to the maximum score obtainable;
Achievement of the Ethifinance ESG rating by CY4Gate S.p.A., with a score of 82/100, a clear improvement on the previous score (64/100), placing it above the average of the 264 companies in the IT sector;
The Group was awarded the 'silver medal' by Ecovadis, a platform that assesses the sustainability performance of companies;
Contractual clauses committing suppliers to compliance with the MOG;
Renewed training on Whistleblowing to employees of CY4Gate S.p.A. and its Italian subsidiaries.

No violations of laws against active and passive bribery were recorded, as also revealed by the 2024 Report of the Anti-Corruption Committee.

There were no cases of violations of procedures and consequent sanctions.

***

KPMG S.p.A. Revisione e organizzazione contabile Via Curtatone, 3 00185 ROMA RM Telefono +39 06 80961.1 Email [email protected] PEC [email protected]

(This independent auditors' report has been translated into English solely for the convenience of international readers. Accordingly, only the original Italian version is authoritative.)

Independent auditors' limited assurance report on the consolidated sustainability statement pursuant to article 14-bis of Legislative decree no. 39 of 27 January 2010

To the shareholders of CY4Gate S.p.A.

Conclusion

Pursuant to articles 8 and 18.1 of Legislative decree no. 125 of 6 September 2024 (the "decree"), we have been engaged to perform a limited assurance engagement on the 2024 consolidated sustainability statement of the CY4Gate Group (the "group") prepared in accordance with article 4 of the decree, presented in the specific section of the directors' report (the "consolidated sustainability statement").

Based on the procedures performed, nothing has come to our attention that causes us to believe that:

the group's 2024 consolidated sustainability statement has not been prepared, in all material respects, in accordance with the reporting standards endorsed by the European Commission pursuant to Directive 2013/34/EU (the European Sustainability Reporting Standards, "ESRS");
the information presented in the "Taxonomy (Article 8 of Regulation 2020/852)" section of the consolidated sustainability statement has not been prepared, in all material respects, in accordance with article 8 of Regulation (EU) 2020/852 of 18 June 2020 (the "taxonomy regulation").

Basis for conclusion

We have performed the limited assurance engagement in accordance with the Standard on Sustainability Assurance Engagements - SSAE (Italia). The procedures performed in a limited assurance engagement vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement. Consequently, the level of assurance obtained in a limited assurance engagement is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed. Our responsibilities under SSAE (Italia) are further described in the "Auditors' responsibilities for the sustainability assurance engagement" section of our report.

We are independent in accordance with the ethics and independence rules and standards applicable in Italy to sustainability assurance engagements.

Ancona Bari Bergamo Bologna Bolzano Brescia Catania Como Firenze Genova Lecce Milano Napoli Novara Padova Palermo Parma Perugia Pescara Roma Torino Treviso Trieste Varese Verona

Società per azioni Capitale sociale Euro 10.415.500,00 i.v. Registro Imprese Milano Monza Brianza Lodi e Codice Fiscale N. 00709600159 R.E.A. Milano N. 512867 Partita IVA 00709600159 VAT number IT00709600159 Sede legale: Via Vittor Pisani, 25 20124 Milano MI ITALIA

CY4Gate Group Independent auditors' report 31 December 2024

Our company applies International Standard on Quality Management 1 (ISQM Italia 1) and, accordingly, is required to design, implement and operate a system of quality management including policies or procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

We believe that the evidence we have acquired is sufficient and appropriate to provide a basis for our conclusion.

Responsibilities of the directors and board of statutory auditors ("Collegio Sindacale") of CY4Gate S.p.A. (the "parent") for the consolidated sustainability statement

The directors are responsible for designing and implementing the procedures to identify the information included in the consolidated sustainability statement in accordance with the ESRS (the "materiality assessment process") and for the description of these procedures in the "IRO-1 Description of the process to identify and assess material impacts, risks and opportunities" section of the consolidated sustainability statement.

The directors are also responsible for the preparation of a consolidated sustainability statement in accordance with article 4 of the decree, which contains the information identified through the materiality assessment process, including:

compliance with the ESRS;
compliance of the information presented in the "Taxonomy (Article 8 of Regulation 2020/852)" section with article 8 of the taxonomy regulation.

Moreover, the directors are responsible, within the terms established by the Italian law, for designing, implementing and maintaining such internal controls as they determine is necessary to enable the preparation of a consolidated sustainability statement in accordance with article 4 of the decree that is free from material misstatement, whether due to fraud or error. They are also responsible for selecting and applying appropriate methods to produce disclosures and formulating assumptions and estimates about specific information on sustainability matters that are reasonable in the circumstances.

The Collegio Sindacale is responsible for overseeing, within the terms established by the Italian law, compliance with the decree's provisions.

Inherent limitations in preparing the consolidated sustainability statement

For the purpose of disclosing forward-looking information in accordance with the ESRS, the directors are required to prepare such information based on assumptions, described in the consolidated sustainability statement, regarding future events and the group's actions that are not necessarily expected to occur. Actual results are likely to be different from the forecast sustainability information since anticipated events frequently do not occur as expected and the variation could be material.

Auditors' responsibilities for the sustainability assurance engagement

Our objectives are to plan and perform procedures in order to obtain limited assurance about whether the consolidated sustainability statement is free from material misstatement, whether due to fraud or error, and to issue an assurance report that includes our conclusion. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence decisions of intended users taken on the basis of the consolidated sustainability statement.

As part of a limited assurance engagement in accordance with SSAE (Italia), we exercise professional judgement and maintain professional scepticism throughout the engagement.

CY4Gate Group Independent auditors' report 31 December 2024

Our responsibilities include:

considering risks to identify disclosures where a material misstatement is likely to occur, whether due to fraud or error;
designing and performing procedures to check disclosures where a material misstatement is likely to occur. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control;
directing, supervising and performing the sustainability limited assurance engagement and assuming full responsibility for the conclusion on the consolidated sustainability statement.

Summary of the work performed

A limited assurance engagement involves carrying out procedures to obtain evidence as a basis for our conclusion.

The procedures performed are based on our professional judgement and include inquiries, primarily of the parent's personnel responsible for the preparation of the information presented in the consolidated sustainability statement, documental analyses, recalculations and other evidence gathering procedures, as appropriate.

We have performed the following main procedures:

we gained an understanding of the group's business model, strategies and operating environment with regard to sustainability matters;
we gained an understanding of the process adopted by the group to identify and assess material sustainability-related impacts, risks and opportunities (IROs), based on the double materiality principle. Moreover, on the basis of the information acquired, we evaluated any emerging inconsistencies that may indicate the presence of sustainability matters not addressed by the group in its materiality assessment process; Specifically, mostly through inquiries, observations and inspections, we gained an understanding of how the group:
- considered the interests and opinions of the stakeholders involved;
- identified its sustainability-related IROs, assessing their consistency with our knowledge of the group and its sector;
- defined and assessed material IROs by analysing the qualitative and quantitative materiality thresholds it determined, checking their consistency with the results of the enterprise risk management (ERM) process;
we gained an understanding of the processes underlying the generation, recording and management of the qualitative and quantitative information disclosed in the consolidated sustainability statement, including of the reporting boundary, through interviews and discussions with the group's personnel and selected procedures on documentation;
we identified the disclosures associated with a risk of material misstatement, whether due to fraud or error;
we designed and performed procedures at group level, based on our professional judgement, to respond to identified risks of material misstatement, including:

CY4Gate Group Independent auditors' report 31 December 2024

with reference to qualitative information and, in particular, the sustainability-related policies, actions and objectives, we held inquiries and performed limited procedures on documentation;
with reference to quantitative information, we carried out analytical procedures, inspections, observations and recalculations on a sample basis, including through the acquisition of acquired documentary evidence;
we gained an understanding of the process adopted by the group to determine taxonomy-eligible economic activities and whether they were aligned under the taxonomy regulation and checked the related disclosures presented in the consolidated sustainability statement;
we checked the consistency of the disclosures contained in the consolidated sustainability statement with those included in the group's consolidated financial statements pursuant to the applicable financial reporting framework, the underlying accounting records or management accounts;
we checked the compliance of the structure and presentation of disclosures included in the consolidated sustainability statement with the ESRS;
we obtained the representation letter.

Rome, 28 March 2025

KPMG S.p.A.

(signed on the original)

Matteo Ferrucci Director of Audit

CONSOLIDATED FINANCIAL STATEMENTS AS OF AND FOR THE YEAR ENDED DECEMBER 31, 2024

Consolidated Financial Statements as of and for the year ended December 31, 2024

CY4Gate S.p.A. Headquarters in VIA COPONIA, 8 00131 ROME Company registration no. 13129151000 – Economic and Administrative Index no. 1426295

	Consolidated Statement of profit and loss 105
	Consolidated Statement of Comprehensive Income 106
	Consolidated Statement of Financial Position 107
	Consolidated Statement of Cash Flows 108
	Consolidated Statement of Changes in Equity 109
1.	General Information 111
2.	Basis of Presentation 111
	2.1. Basis of Preparation 111
	2.2. Scope of consolidation 112
	2.3. Basis of Consolidation 113
	2.4. Valuation Criteria 114
	2.5. Recently issued accounting standards 123
3.	Risk Management 125
4.	Estimates and Assumptions 129
5.	Business Combinations 131
6.	Segment Reporting 133
7.	Revenues 133
8.	Other revenues and income 134
9.	Purchases, services and personnel expenses 135
10.	Amortization and depreciation 136
11.	Other operating costs 136
12.	Financial income and expense 137
13.	Income Taxes 137
14.	Earnings/(Loss) per share and Diluted Earnings/(Loss) per share 138
15.	Goodwill 138
16.	Intangible Assets 140
17.	Property, plant and equipment 142
18.	Right-of-Use Assets 143
19.	Inventories 143
20.	Trade receivables 144
21.	Current tax assets and liabilities 144
22.	Other current and non-current assets 145

23.	Cash and cash equivalents 145
24.	Current and non-current financial assets 145
25.	Equity-accounted investments 146
26.	Contract assets and liabilities 146
27.	Equity 146
28.	Current and non-current financial and lease liabilities 148
29.	Employee benefits 152
30.	Provisions for risk and charges 154
31.	Deferred tax assets and liabilities 154
32.	Trade payables 155
33.	Other current and non-current liabilities 155
34.	Other information 156
35.	Transactions with Related Parties 158
36.	Significant events of the year 159
37.	Subsequent events 160

Consolidated Statement of profit and loss

			For the year ended December 31
(in Euro)	Note	2024	of which to related parties:	2023	of which to related parties:

Revenues	7	72,364,427	10,175,965	66,489,053	3,837,560
Other revenues	8	2,714,371	586,697	1,775,265	-
Purchases, services and personnel expenses	9	(62,499,848)	(217,165)	(58,157,682)	(555,751)
Amortization and depreciation	10/16/17	(20,945,274)	(245,532)	(16,425,885) -
Net impairment losses on financial assets	20	(552,515)	-	(284,955)	-
Accrual to provision for risks and charges	30	-	-	(78,660) -
Other operating costs	11	(959,599)	-	(790,782)	-
Operating profit/(loss)		(9,878,437)	10,299,965	(7,473,646)	3,281,809
Financial income	12	822,100	-	490,305	-
Financial expense	12	(2,961,029)	-	(2,509,778)	-
Share of profit/(loss) of equity-accounted investments, net of tax effects	12	(227,840)	-	-	-
Profit/(loss) before tax		(12,245,206)	10,299,965	(9,493,119)	3,281,809
Income taxes	13	6,606,696	-	594,951	-
Profit/(loss) for the year		(5,638,510)	10,299,965	(8,898,168)	3,281,809
of which:
Profit attributable to non-controlling interests		1,763,176		1,806,514
Profit/(loss) attributable to the owners of the parent		(7,401,686)		(10,704,682)
Basic and diluted earnings/(loss) per share		(0.24)		(0.38)

Consolidated Statement of Comprehensive Income

		For the year ended December 31
(in Euro)	Note	2024	2023
Profit/(loss) for the year		(5,638,510)	(8,898,168)
Net actuarial gains (losses) on defined benefit plans	29	(209,499)	(100,626)
Net actuarial gains (losses) on defined benefit plans - tax effect	29	51,731	24,150
Items that will not be subsequently reclassified to profit or loss		(157,768)	(76,476)
Net fair value gain/(losses) on cash flow hedges	27	(214,269)	(418,012)
Net fair value gain/(losses) on cash flow hedges - tax effect	27	51,425	100,323
Items that may be subsequently reclassified to profit or loss		(162,844)	(317,689)
Other comprehensive income/(loss), net of tax effect		(320,612)	(394,165)
Comprehensive income/(loss)		(5,959,122)	(9,292,333)
of which:
Comprehensive income attributable to non-controlling interests		1,763,176	1,806,514
Comprehensive income/(loss) attributable to the owners of the parent		(7,684,662)	(11,098,847)

Consolidated Statement of Financial Position

			As of December 31
(in Euro)	Note	2024	of which with related parties:	2023	of which with related parties:
Intangible assets and goodwill	15-16	81,191,711	-	76,429,227	-
Goodwill	15	49,190,205	-	42,080,435	-
Intangible assets	16	32,001,506	-	34,348,792	-
Property, plant and equipment	17	9,850,247	-	7,295,123	-
Right-of-use assets	18	5,694,377	712,970	3,646,191	958,502
Non-current financial assets	24	502,251	419,000	153,210	19,000
Equity-accounted investments	25	1,229,914	-	566,451	-
Deferred tax assets	31	10,460,187	-	3,518,420	-
Other non-current assets	22	1,031,789	-	1,461,872	-
Non-current assets		109,960,476	1,131,970	93,070,494	977,502
Inventories	19	973,830	-	759,066	-
Contract assets	26	8,429,181	2,430,044	3,609,079	1,748,572
Trade receivables	20	49,940,566	5,627,842	53,651,186	5,727,691
Current tax assets	21	79,225	-	394,446	-
Other current assets	22	5,680,942	-	8,586,008	-
Current financial assets	24	970,732	-	1,216,299	-
Cash and cash equivalents	23	14,537,530	-	17,561,190	-
Current assets		80,612,005	8,057,886	85,777,274	7,476,263
Total assets		190,572,481	9,189,857	178,847,768	8,453,765
Share capital		1,441,500	-	1,441,500	-
Share premium reserve		108,539,944	-	108,539,944	-
Reserves		(3,479,508)	-	9,272,847	-
Profit/(loss) for the year		(7,401,686)	-	(10,704,682)	-
Total equity of Group		99,100,250	-	108,549,609	-
Equity attributable to non-controlling interests		3,192,583	-	2,575,691	-
Equity	27	102,292,833	-	111,125,300	-
Employee benefits - non-current	29	4,739,373	-	3,581,384	-
Other non-current liabilities	33	3,559,998	-	447,636	-
Non-current financial liabilities	28	24,216,798	-	20,446,325	-
Non-current financial and lease liabilities	28	4,227,281	474,237	2,571,452	729,795
Deferred tax liabilities	31	1,375,380	-	2,284,071	-
Total non-current liabilities		38,118,830	474,237	29,330,868	729,795
Provisions for risk and charges	30	-	-	78,660	-
Trade payables	32	11,918,398	3,172	14,377,973	485,727
Current financial liabilities	28	16,853,988	-	8,352,067	-
Current lease liabilities	28	1,631,866	256,718	1,207,015	244,994
Current contract liabilities	26	2,472,005	535,808	499,174	182,823
Current tax liabilities	21	278,023	-	1,030,777	-
Other current liabilities	33	17,006,538	-	12,845,934	-
Total current liabilities		50,160,818	795,698	38,391,600	913,544
Total liabilities		88,279,648	1,269,935	67,722,468	1,643,339
Total equity and liabilities		190,572,481	1,269,935	178,847,768	1,643,339

Consolidated Statement of Cash Flows

		For the year ended December 31
(in Euro)	Note	2024	2023
Profit/(loss) before tax		(12,245,206)	(9,493,119)
Adjustments for:
Amortization and depreciation of intangible assets and property, plant and equipment	10/16/17	20,945,274	16,425,885
Impairment losses	20	552,515	284,955
Expenses for employee share-based incentives	29	213,712	211,295
Accruals to provisions for risks and charges	30	-	78,660
Net interest expense	12	2,366,770	2,019,473
Other non-cash items		358,987	802,683
Cash flows from operating activities before changes in net working capital		12,192,052	10,329,832
Change in inventories	19	(214,765)	52,582
Change in trade receivables	20	5,004,784	11,460,115
Change in trade payables	32	(5,569,629)	3,715,976
Change in other assets/liabilities	22/33	8,492,932	(2,930,414)
Payment of employee benefits	29	(404,392)	(313,632)
Interest paid		(2,146,468)	(1,227,839)
Income tax paid		(5,574,247)	(625,131)
Net cash flows from operating activities		11,780,267	20,461,489
Net investment in intangible assets	16	(12,143,676)	(18,232,644)
Net investment in property, plant and equipment	17	(3,585,295)	(3,822,713)
Acquisition of subsidiaries net of cash and cash equivalents	5	(5,863,246)	(4,226,105)
Changes in financial assets		-	210,120
Net cash flows from investing activities		(21,592,217)	(26,071,342)
Acquisition of treasury shares	36	(1,606,906)	(1,600,410)
Dividends distributed		(2,015,411)	(653,471)
Other changes in financial assets		(228,682)	-
Net utilizations of credit facilities	28	12,593,098	7,202,410
Repayment of lease liabilities	28	(1,953,811)	(1,662,991)
Net cash flows from financing activities		6,788,290	3,285,538
Total change in cash and cash equivalents		(3,023,660)	(2,324,315)
Cash and cash equivalents at the beginning of the year	23	17,561,190	19,885,505
Cash and cash equivalents at the end of the year	23	14,537,530	17,561,190

Consolidated Statement of Changes in Equity

(in Euro)	Share capital	Share Premium reserve	Reserves	Profit/(loss) for the year	Total equity attributable to the owners of the parent	Total equity attributable to non controlling interests	Total equity
As of January 1, 2023	1,441,500	108,539,944	8,926,237	2,209,462	121,117,143	1,422,648	122,539,791
Profit/(loss) for the year	-	-	-		(10,704,682) (10,704,682)	1,806,514	(8,898,168)
Actuarial losses on defined benefit plans	-	-	(76,476)	-	(76,476)	-	(76,476)
Fair value gains on cash flow hedges	-	-	(317,689)	-	(317,689)	-	(317,689)
Comprehensive income/(loss)	-	-	(394,165)		(10,704,682) (11,098,847)	1,806,514	(9,292,333)
Allocation of previous year result	-	-	2,209,462	(2,209,462)	-	-	-
Acquisition of treasury shares	-	-	(1,600,410)	-	(1,600,410)	-	(1,600,410)
Other changes	-	-	(79,572)	-	(79,572)	-	(79,572)
Distribution of dividends to non controlling interests	-	-	-	-	-	(653,471)	(653,471)
Share-based payments	-	-	211,295	-	211,295	-	211,295
As of December 31, 2023	1,441,500	108,539,944	9,272,847	(10,704,682)	108,549,609	2,575,691	111,125,300
Profit/(loss) for the year	-	-	-	(7,401,686)	(7,401,686)	1,763,176	(5,638,510)
Actuarial losses on defined benefit plans	-	-	(157,768)	-	(157,768)	-	(157,768)
Fair value gains/(losses) on cash flow hedges	-	-	(162,844)	-	(162,844)	-	(162,844)
Comprehensive income/(loss)	-	-	(320,612)	(7,401,686)	(7,722,298)	1,763,176	(5,959,122)
Allocation of previous year result	-	-	(10,704,682)	10,704,682	-	-	-
Acquisition of treasury shares	-	-	(1,606,906)	-	(1,606,906)	-	(1,606,906)
Other changes	-	-	(139,618)	-	(139,618)	-	(139,618)
Distribution of dividends to non controlling interests	-	-	(194,250)	-	(194,250)	(1,821,161)	(2,015,411)
Acquisition of equity investments	-	-	-	-	-	674,877	674,877
Share-based payments	-	-	213,713	-	213,713	-	213,713
As of December 31, 2024	1,441,500	108,539,944	(3,479,508)	(7,401,686)	99,100,250	3,192,583	102,292,833

NOTES TO THE CONSOLIDATED FINANCIAL STATEMENTS

Notes to the Consolidated Financial Statements

1. General Information

CY4Gate S.p.A. (hereinafter "CY4Gate" or the "Company" and, together with its subsidiaries, the "Group") is a company established and domiciled in Italy, with its registered office in Rome (RM), at 8, Coponia Street and organised according to the legal system of the Italian Republic. The Group is primarily engaged in the design, development and production of technologies, products, systems and services for the Armed Forces, Law Enforcement Agencies and Italian and foreign companies. Since June 26, 2023, the shares of CY4Gate S.p.A. have been traded in the Euronext STAR Milan market segment of the Italian Stock Exchange (from 2020 and until the above date shares were traded in the Euronext Growth Milan market segment).

The Company is a subsidiary of Elettronica S.p.A., with a registered office in Rome, which prepares the consolidated financial statements of the largest group of companies to which the Company belongs. In compliance with point 22 quinquies of art. 2475 of the Civil Code, it is communicated that a copy of the consolidated financial statements is kept at the registered office of the ultimate parent company in Via Tiburtina Km 13,700.

As of the date of preparation of the financial statements, the Company is not subject to the direction and coordination of any of its shareholders, as the Board of Directors of the Company assumes in full and complete autonomy and independence the most appropriate decisions regarding the management of the Company's activities.

Authorization for publication

These consolidated financial statements were approved and authorized for publication by the Board of Directors of CY4Gate S.p.A. on March 12, 2025, and are subject to audit by KPMG S.p.A.

The publication of these consolidated financial statements is carried out in accordance with the Delegated Regulation of the European Commission 2019/815 and subsequent amendments.

2. Basis of Presentation

This section provides a description of the most relevant accounting policies adopted for the preparation of these consolidated financial statements as of and for the year ended December 31, 2024 (hereinafter the "Consolidated Financial Statements"). These principles have been applied consistently for all periods presented.

2.1. Basis of Preparation

These Consolidated Financial Statements, prepared in compliance with the provisions of art. 154-ter of Legislative Decree no. 58/98 - T.U.F. - and subsequent amendments and additions, have been prepared in accordance with the "EU IFRS", meaning by this all the "International Financial Reporting Standards" (IFRS), all the "International Accounting Standards" (IAS), all interpretations of the "International Financial Reporting Interpretations Committee" (IFRIC), formerly the "Standing Interpretations Committee" (SIC) that, as of the reporting date of the Consolidated Financial Statements, have been endorsed by the European Union in accordance with the procedure provided for by Regulation (EC) No. 1606/2002 of the European Parliament and of the European Council of July 19, 2002. The IFRS have been applied consistently to all periods presented in this document. Furthermore, reference was made to the provisions issued by Consob (Italian National Commission for listed companies) in implementation of paragraph 3 of art. 9 of Legislative Decree 38/2005.

The Consolidated Financial Statements have been prepared on a going concern basis, as the Directors have verified the absence of financial, managerial or other indicators that could signal difficulties regarding the Group's ability to meet its obligations in the foreseeable future and in particular in the next 12 months, in relation to the date of these Consolidated Financial Statements. The description of the ways in which the Group manages financial risks is illustrated in the subsequent Note 3 related to "Risk Management".

The Consolidated Financial Statements have been prepared and presented in Euro, which represents the currency of the predominant economic environment in which the Group operates. All amounts included in this document, unless otherwise indicated, are expressed in Euro.

The following are the financial statements formats and the relative classification criteria adopted by the Group, within the options provided by IAS 1 Presentation of financial statements:

The Consolidated Statement of Financial Position has been prepared by classifying assets and liabilities according to the "current/non-current" criterion;
The Consolidated Statement of profit and loss has been prepared by classifying operating costs by nature;
The Consolidated Statement of comprehensive income, in addition to the profit or loss for the year resulting from the Statement of profit and loss, includes income and expense that are not recognized in profit or loss as required by IFRS;
The Consolidated Statement of changes in equity, prepared in accordance with IAS 1;
The Consolidated Statement of cash flows has been prepared by presenting cash flows resulting from operating activities according to the "indirect method".

The Consolidated Financial Statements were prepared based on the conventional criterion of the historical cost, except for the measurement of financial assets and liabilities, in cases where the application of the criterion of the fair value criterion is mandatory.

It should be noted that the Directors deemed it appropriate to reclassify the balances of certain items for the comparative year, in order to better represent and understand the financial statements amounts. Particular reference is made to the Consolidated Statement of profit and loss items of "Services" and "Personnel expenses".

2.2. Scope of consolidation

The list of companies included in the scope of consolidation as of December 31, 2024 is indicated in the following table:

Company name	Registered Office	Share/quota capital	% direct ownership	% Group ownership	Consolidation method	As of December 31
						2024	2023
CY4Gate S.p.A. (Parent company)	Rome (Italy) - via Coponia 8	€1,441,500	-	-	-	x	x
Subsidiaries
RCS ETM Sicurezza S.p.A. (in short, RCS)	Milan (Italy) - Via Caldera 21	€7,000,000	100%	100%	Line-by-line consolidation	x	x
Dars Telecom SL	Madrid (Spain) - Paseo Pintor Rosales 44	€4,808	65%	65%	Line-by-line consolidation	x	x
Diateam S.a.S. *	Brest (France) - 31 rue Yves Collet	€300,000	70.66%	100.00%	Line-by-line consolidation	x	x
Servizi Tattici Informativi Legali S.r.l. (in short, STIL) **	Cuneo (Italy) - Via XX settembre 2	€33,333	n/a	n/a	Line-by-line consolidation	-	x
Tykelab S.r.l.	Rome (Italy) - Via Benedetto Croce 10	€10,000	90%	90%	Line-by-line consolidation	x	x
XTN Cognitive Security S.r.l. (in short, XTN) ***	Arco (Italy) - via S. Caterina 95	€10,000	77.80%	80.00%	Line-by-line consolidation	x	-
Associates
SAS Foretec	Andrézieux-Bouthéon (France) - Bvd P. Desgrange 5	€500,000 €	25%	25%	Equity	x	x

Joint Venture
Prontocyber Plus S.r.l.	Rome (Italy) - Via Cassiodoro 1/a	€120,000	50%	50%	Equity	x	-

*It is specified that the % contribution to the Group is 100% and takes into account Diateam's contribution to equity attributable to the owners of the parent following the registration of additional interests as a result of the accounting of the Put options granted to non-controlling investors on their quotas.

** The company STIL was merged by incorporation into the direct parent company RCS on January 1, 2024. Please note that the percentage of direct investment in STIL was 70% as of December 31, 2023, increased to 100% during 2024.

*** Please note that the % contribution to the Group is 80% and takes into account XTN's contribution to equity attributable to the owners of the parent following the registration of additional interests as a result of the accounting of the Put options granted to some non-controlling investors on the quotas in their possession, equal to 2.20% of the quota capital of the investee.

On July 26, 2024, following the exercise of the Put & Call option agreements, CY4Gate S.p.A. signed the closing for the purchase of a further 15.33% of the French subsidiary, thus reaching 70.66% of its share capital. For further information, please refer to the paragraph "Significant events of the year".

It is specified that the Company excluded the following subsidiaries from the consolidation scope, as they are immaterial to the Consolidated Financial Statements due to their limited operations.

Company name	Registered office	Share capital	% Direct ownership
Aurora France S.A.S.	Paris (France) - 9 Rue Parrot	€10,000	100%
RCS LAB GMBH	Lebach (Germany) - Scheuernstraße 24	€25,000	70%
XTN Inc.	New York - Madison Ave 509	USD30,500	100%

The accounts of the subsidiaries are included in the consolidated financial statements from the date on which the parent company begins to exercise control and until the date on which such control ceases.

The accounts of the consolidated companies, prepared for consolidation purposes by the respective competent bodies, have been appropriately harmonized and reclassified in order to make them uniform with the accounting standards and measurement criteria of the Group, as described below.

The subsidiaries are consolidated on a line-by-line basis from the date on which control was effectively acquired and cease to be consolidated on the date on which control is transferred to third parties.

2.3. Basis of Consolidation

The consolidated financial statements as of and for the year ended December 31, 2024 were prepared by consolidating on a line-by-line basis the accounts as of and for the year ended December 31, 2024 of the Parent company and of the Italian and foreign companies of which CY4Gate holds control, both directly and indirectly.

Subsidiaries are those companies over which the Group exercises control. The Group controls a company when it is exposed, or has rights, to the variability of the subsidiary's results based on its involvement with the subsidiary itself and has the ability to influence those results through the exercise of its power.

Control can be exercised either by direct or indirect ownership of the majority of voting shares or by contractual or legal agreements, regardless of shareholding relationships. The existence of potential voting rights exercisable at the reporting date is considered for the purpose of determining control.

In general, control is presumed to exist when the Group holds, directly or indirectly, more than half of the voting rights.

The criteria adopted for full consolidation are as follows:

the assets and liabilities, expenses and income of the fully consolidated entities are assumed line by line, in their total amount, regardless of the ownership share held, attributing to non-controlling interests, where applicable, their share of equity and profit or loss for the period due to them; these shares are shown separately in the Consolidated Statement of equity and Statement of profit and loss;
business combinations are recorded, in accordance with the provisions contained in IFRS 3, using the acquisition method. According to this method, the consideration transferred in a business combination is measured at fair value, calculated as the sum of the fair values of the assets transferred and the liabilities assumed by the Group at the acquisition date and of the equity instruments issued in exchange for control of the acquired entity. Transaction costs are generally recognized in the Statement of profit and loss when they are incurred. Identifiable assets acquired and liabilities assumed are recorded at fair value at the acquisition date; exceptions are the following items, which are instead measured according to their reference principle: (i) deferred tax assets and liabilities, (ii) employee benefit assets and liabilities and (iii) assets held for sale. In the event that the fair values of assets, liabilities and potential liabilities can only be determined provisionally, the business combination is recorded using these provisional values. Any adjustments resulting from the completion of the measurement process are recognized within twelve months from the acquisition date;
if a component of the price is linked to the realization of future events, such component is considered in the estimate of fair value at the time of the business combination;
significant profits and losses, along with their tax effects, resulting from transactions carried out between fully consolidated companies and not yet realized with third parties, are eliminated, except for losses that are not eliminated if the transaction provides evidence of an impairment of the transferred asset. If significant, reciprocal liabilities and assets, costs and revenue, as well as financial expense and income are eliminated;
the purchase of additional equity shares in controlled companies and the sale of equity shares that do not imply the loss of control are considered owner transactions; as such, the accounting effects of the said operations are recorded directly in the Group's equity.

2.4. Valuation Criteria

The following briefly describes the accounting standards and most significant measurement criteria used for the preparation of these Consolidated Financial Statements.

INTANGIBLE ASSETS

Intangible assets consist of identifiable non-monetary items without physical substance, controllable and capable of generating future economic benefits. These elements are initially recognized at purchase and / or production cost, including directly attributable expenses to prepare the asset for use. Any interest expense accrued during and for the development of intangible assets is considered part of the purchase cost. Specifically, the following main intangible assets can be identified:

(a) Goodwill

Goodwill is classified as an intangible asset with an indefinite useful life and is initially recorded at cost, as described above, and subsequently subjected to an assessment, at least annually, aimed at identifying any losses in value ("impairment test"). The reversal of impairment loss is not permitted, even if the reasons that led to the impairment cease to exist.

(b) Other intangible assets with a finite useful life

Intangible assets with a finite useful life are recognized at cost, as described above, net of accumulated amortization and any impairment losses.

Amortization begins when the asset is available for use and is systematically allocated in relation to its residual possibility of use, i.e. based on the estimated useful life.

The estimated useful life for the various categories of intangible assets is as follows:

Class of intangible asset	Useful life in years
Industrial patents and intellectual property rights	3-5
Concessions, licenses, trademarks and similar rights	3-10
Other intangible assets	3-9
Development costs	3

PROPERTY, PLANT AND EQUIPMENT

Property, plant and equipment are recorded at purchase or production cost, net of accumulated depreciation and any impairment losses. The purchase or production cost includes the costs directly incurred to prepare the assets for use, as well as any dismantling and removal costs that will be incurred as a result of contractual obligations that require the asset to be restored to its original condition. Financial expense directly attributable to the acquisition, construction or production of qualified assets isare capitalized and amortized based on the useful life of the asset to which they refer.

The costs incurred for maintenance and repairs of an ordinary and / or cyclical nature are charged to the Statement of profit and loss when incurred. The capitalization of the costs related to the expansion, modernization or improvement of the structural elements owned or used by third parties is carried out to the extent that they meet the requirements to be separately classified as an asset or part of an asset. The assets recognized in relation to leasehold improvements are amortized based on the duration of the lease, or on the basis of the specific useful life of the asset, if lower.

Depreciation is calculated on a straight-line basis using rates that allow assets to be depreciated until the end of their useful life. When the asset being depreciated is composed of distinctly identifiable elements, whose useful life differs significantly from that of the other parts that make up the asset, the depreciation is carried out separately for each of these parts, in application of the "component approach".

The indicative useful life, estimated for the various categories of property, plant and equipment, is as follows:

Class of property, plant and equipment	Useful life in years
Plant and machinery	3-7
Industrial and commercial equipment	5-7
Other assets	5-9

The useful life of property, plant and equipment is reviewed and updated, where necessary, at least at the end of each year.

Leased assets

The Group has entered into lease agreements relating to property, vehicles and industrial equipment. Lease contracts are generally entered into for fixed periods of 6 months to 6 years with extension options, as described below. Contracts can contain both lease components and components other than leases.

The Group attributes the consideration in the contract to components other than lease on the basis of the stand-alone selling price (SSP) for each obligation. When an SSP does not exist, the Group estimates the SSP using an adjusted market approach.

Lease contracts are recognized as right-of-use assets and liabilities corresponding to the date on which the asset is available for use by the Group.

The assets and liabilities deriving from a lease are initially measured on the basis of their present value.

Lease liabilities include the net present value of the following lease payments:

fixed payments (including fixed payments in substance), net of any lease incentives;
variable payments based on an index or rate, initially measured using the index or rate as at the start date;
the exercise price of a purchase option if the Group is reasonably certain to exercise such option;
the payment of penalties for early termination; and
payments due in an optional renewal period if the Group is reasonably certain to exercise the renewal option.

The lease payments are discounted using the lease's implicit interest rate. If this rate cannot be easily determined, which is generally the case with leases held by the Group, the lessee's incremental borrowing rate is used, being the rate that the Group should pay to borrow the funds needed to obtain assets of similar value to the right-of-use asset in a similar economic environment with similar terms, guarantees and conditions.

The right-of-use asset is depreciated on a straight-line basis over the lease term, unless the contract provides for the transfer of ownership at the end of the lease term or the lease cost reflects the fact that the lessee will exercise the purchase option. In this case, the depreciation shall be the shorter of the useful life of the asset and the lease term. The estimated useful lives of the assets consisting of the right of use are calculated according to the same criterion applied to the items of property, plant and equipment. In addition, the right-of-use asset is reduced by any impairment losses and adjusted to reflect the remeasurement of the lease liability.

In the Statement of Financial Position, the Group presents right-of-use assets within property, plant and equipment and lease liabilities within current and non-current financial liabilities. In the Statement of profit and loss, interest expense on lease liabilities constitutes a component of financial expense and is presented separately from the depreciation of right-of-use assets.

The Group avails itself of the exemptions provided by the IFRS 16 - Leases principle with reference to lease contracts lasting less than 12 months and contracts related to so-called "low value assets", overall not significant. The Group recognizes deferred tax on right-of-use assets and lease liabilities. Finally, it should be noted that the Group does not have any lease contracts as a lessor.

FOREIGN CURRENCY TRANSLATION

Transactions in a currency other than the functional currency are recorded at the exchange rate in effect on the date of the transaction. Monetary assets and liabilities denominated in a currency other than the euro are subsequently adjusted at the exchange rate in effect on the reporting date of the year. Non-monetary assets and liabilities denominated in a currency other than the euro are recorded at historical cost using the exchange rate in effect on the initial date of the transaction. Any exchange differences are reflected in profit and loss.

IMPAIRMENT OF INTANGIBLE ASSETS AND PROPERTY, PLANT AND EQUIPMENT

(a) Goodwill

Goodwill is not amortized but is rather tested for impairment annually or more frequently whenever there are indicators that may lead one to believe that it may be impaired.

The impairment test is carried out with reference to the cash generating unit ("Cash Generating Unit", "CGU") to which the goodwill was allocated. Any reduction in the value of goodwill is recognized if its recoverable amount is less than its carrying amount. Recoverable amount means the greater of the fair value of the CGU, net of disposal costs, and the related value in use, meaning the present value of the estimated future cash flows for this asset. In determining the value in use, the expected future cash flows are discounted using a pre-tax discount rate that reflects the current market valuations of the cost of money, compared to the investment period and the specific risks of the asset. In the event that the reduction in value resulting from the impairment test is greater than the value of the goodwill allocated to the CGU, the residual surplus is allocated to the assets included in the CGU in proportion to their carrying amount. The minimum limit of this allocation is the higher of the following:

the fair value of the asset net of selling costs;
the value in use, as defined above; and
zero.

The original value of goodwill cannot be reinstated if the reasons that led to the impairment cease to exist.

(b) Assets (intangible assets and property, plant and equipment) with a finite useful life

At each reporting date, a review is performed to ascertain whether there are any indicators that property, plant and equipment and/or intangible assets may have suffered an impairment. To this end, both internal and external sources of information are considered. With regard to the first (internal sources) the following are considered: the obsolescence or physical deterioration of the asset, any significant changes in the use of the asset and the economic performance of the asset compared to what was expected. With regard to external sources, the following are considered: the trend of market prices of assets, any technological, market or regulatory discontinuities, the trend in market interest rates or the cost of capital used to evaluate investments.

If the presence of these indicators is identified, the recoverable amount of the aforementioned assets is estimated, allocating any impairment loss with respect to the relative carrying amount to profit and loss. The recoverable amount of an asset is represented by the higher of the fair value, net of ancillary sales costs, and the related value in use, meaning the present value of the estimated future cash flows for this asset. In determining the value in use, the expected future cash flows are discounted using a pre-tax discount rate that reflects the current market valuations of the cost of money, compared to the investment period and the specific risks of the asset. For an asset that does not generate largely independent cash flows, the recoverable amount is determined in relation to the CGU to which this asset belongs.

An impairment loss is recognized in profit or loss if the carrying amount of the asset, or of the related CGU to which it is allocated, is higher than its recoverable amount. Impairment losses on CGUs are charged first against the carrying amount of any goodwill attributed to them and then, as a reduction of other assets, in proportion to their carrying amount and within the limits of the related recoverable amount. If the reasons that led to the impairment cease to exist, the carrying amount of the asset is reinstated with recognition in the Statement of profit and loss, within the limits of the net carrying amount that the asset would have had if the impairment loss had not occurred and the related amortization/depreciation had been charged.

EQUITY INVESTMENTS

In the presence of evidence of impairment, recoverability is verified by comparing the carrying amount and the higher between the value in use, determined by discounting the prospective cash flows, where possible, of the investment, and the hypothetical sale value, determined on the basis of recent transactions or market multiples. The share of losses exceeding the carrying amount is recognized as a specific liability to the extent that the Group believes there are legal or implicit obligations to cover the losses and in any case within the limits of the equity. If the subsequent performance of the investment subject to impairment presents an improvement such that the reasons for the impairments made are no longer present, the investments are revalued within the limits of the impairments recognized in the previous years. Dividend income is recognized in the Statement of profit and loss when the right to receive payment is established.

INVENTORIES

Inventories are recorded at the lower of purchase or production cost and net realizable value, represented by the amount the Group expects to obtain from its sale in the normal course of business, net of selling costs.

The cost of finished products and semi-finished products includes raw materials, direct labor costs and other production costs (determined on the basis of normal operating capacity). Financial expense are not included in the measurement of inventories, they are charged to the Statement of profit and loss when incurred, as they do not meet the timing requirements for capitalization.

Inventories of raw materials and semi-finished products that can no longer be used in the production cycle and inventories of unsaleable finished products are written down. The write-down is eliminated in subsequent years if the reasons for it cease to exist.

CASH AND CASH EQUIVALENTS

Cash and cash equivalents include cash and available bank deposits and other forms of short-term investment, with maturity at origin of or less than three months. The items included in cash and cash equivalents are initially measured at fair value and then at amortized cost.

TRADE RECEIVABLES AND CURRENT FINANCIAL ASSETS

Trade receivables, other current assets, and current financial assets are generated through the ordinary course of the business and held for the purpose of collecting the contractual cash flows, that consist of "solely capital payments and interest" according to the criterion set out in IFRS 9. Consequently, they are initially recognized at fair value adjusted for the directly attributable transaction costs and subsequently measured at amortized cost based on the effective interest rate method (i.e. the rate that makes the present value of expected cash flows and the carrying amount equal, at the time of initial recognition), appropriately adjusted to take account of any impairment, by recognizing a loss allowance. Trade receivables, other current assets and financial assets are included in current assets, with the exception of those with a contractual maturity of more than twelve months after the reporting date, which are classified in noncurrent assets.

Assets with due dates over 12 months and without significant financial components are presented at their present value.

IMPAIRMENT OF ASSETS

At each reporting date, financial assets, with the exception of those measured at fair value through profit or loss, are analyzed to verify the existence of indicators of impairment. According to IFRS 9, a model for forecasting expected credit losses must be applied when assessing an impairment. In carrying out this assessment, the Group applies a standard simplified approach to estimate the lifetime expected credit losses and takes into account its historically gained experience regarding credit losses, adjusted for specific prospective factors, the nature of the Group's receivables and the economic context. If there is evidence of impairment, the loss is recognized in the Statement of profit and loss under the item "Net impairment losses on financial assets and contract assets".

Trade receivables and financial assets are written down when there is no rational expectation of them being recovered. The signs that indicate the absence of rational recovery expectations include, among others, the inability of a creditor to engage in a recovery plan with the Group, and the inability to make contractual payments for a significant period of time.

For financial assets accounted for at amortized cost, when an impairment loss has been identified, its value is measured as the difference between the carrying amount of the asset and the present value of expected future cash flows, discounted at the original effective interest rate. This impairment loss is recognized in the Statement of profit and loss.

DERECOGNITION OF FINANCIAL ASSETS AND LIABILITIES

Financial assets are derecognized when one of the following conditions is met:

the contractual right to receive the cash flows from the asset has expired;
the Group has substantially transferred all the risks and benefits associated with the asset, transferred its rights to receive cash flows from the assets or assumed a contractual obligation to transfer the cash flows received to one or more potential beneficiaries by virtue of a contract that meets the requirements of the standard ("pass through test");
the Group has neither transferred nor substantially maintained all the risks and benefits associated with the financial asset but has ceded control of it.

Financial liabilities are derecognized when they are extinguished, that is, when the contractual obligation is fulfilled, canceled or prescribed. An exchange of debt instruments with substantially different contractual terms must be accounted for as an extinction of the original financial liability and the recognition of a new financial liability. Similarly, a substantial change in the contractual terms of an existing financial liability, even partial, must be accounted for as an extinction of the original financial liability and the recognition of a new financial liability.

OFFSETTING OF FINANCIAL ASSETS AND LIABILITIES

The Group offsets financial assets and liabilities if and only if:

there is a legally exercisable right to offset the amounts recognized in the financial statements;
there is an intention either to offset on a net basis or to realize the asset and settle the liability simultaneously.

FINANCIAL LIABILITIES AND TRADE PAYABLES

Financial liabilities and trade payables are recognized when the Group becomes part of the related contractual clauses and are initially measured at fair value adjusted for directly attributable transaction costs. Financial liabilities and trade payables, with the exception of derivative financial instruments, are measured at amortized cost using the effective interest rate method.

Financial liabilities are derecognized when and only when they are extinguished (that is, when the obligation specified in the contract is remitted, canceled or expires).

DERIVATIVE FINANCIAL INSTRUMENTS

Derivative financial instruments are used as economic hedging only to reduce interest rate risk. All derivative financial instruments are measured at fair value.

If financial instruments are not accounted for, under IFRS 9, as hedging instruments, changes in fair value recognized subsequent to initial recognition are treated as components of profit or loss.

When derivative financial instruments qualify for hedge accounting, the following accounting treatments apply.

Cash flow hedging instruments

When a derivative financial instrument is designated as a hedging instrument for the exposure to the variability of future cash flows of an asset or liability recognized in the financial statements or a highly probable expected transaction and can impact profit or loss, the effective portion of any profit or loss on the derivative financial instrument is recognized directly in the Statement of comprehensive income through a specific capital reserve ("Hedging reserve"). The cumulative profit or loss is reclassified from the Statement of comprehensive income to the Statement of profit and loss when the economic effects deriving from the hedged item impact profit or loss. The profit or loss associated with a hedge or part of the hedge that has become ineffective is recognized in the profit and loss statement immediately within financial income or financial expense, respectively. When an instrument or a hedging relationship expires (for example, the derivative is sold, reaches its expiry or the hedging relationship no longer qualifies as effective), but the Group expects the hedged transaction to happen in the future, the cumulative gain or loss at the time of extinction remains in the Statement of comprehensive income and is recognized in profit or loss when the underlying transaction takes place. If the underlying transaction is no longer probable, the cumulative gain or loss present in the Statement of comprehensive income is immediately recognized in profit or loss.

The Group makes use of hedging derivatives to face the interest rate risk on financing contracts entered into by the parent company and its subsidiaries.

If hedge accounting cannot be applied, the fair value gains or losses on the derivative financial instruments are recognized immediately in financial income or financial expense, respectively.

EMPLOYEE BENEFITS

Short-term benefits are represented by wages and salaries, social security contributions, compensation for vacation and incentives paid in the form of bonuses payable in the twelve months from the reporting date. These benefits are accounted for as components of personnel expenses in the period in which the work is performed.

POST-EMPLOYMENT BENEFITS

In defined benefit plans, including the post-employment benefits due to employees pursuant to Article 2120 of the Italian Civil Code ("TFR"), the amount of the benefit to be paid to the employee can be quantified only after the termination of the employment relationship, and is linked to one or more factors such as age, years of service and remuneration; therefore the related expense is charged to profit or loss on the basis of an actuarial calculation. The liability recorded in the financial statements for defined benefit plans corresponds to the present value of the obligation at the reporting date. The present value of the defined benefit plan is determined by discounting the future cash flows at an interest rate equal to that of bonds (high-quality corporate) issued in Euro and which takes into account the duration of the related pension plan. Actuarial gains and losses deriving from the aforementioned adjustments and changes in actuarial assumptions are recognized in the comprehensive income.

Starting from January 1, 2007 the so called 2007 Budget Law and the related implementation decrees have introduced significant changes to the post-employment benefit regulations, including the choice of the employee regarding the allocation of the accruing TFR. In particular, the new TFR flows may be directed by the worker to selected pension forms or maintained in the company. In the case of allocation to external pension schemes, only a defined contribution to the selected fund is paid, and from that date the newly accrued shares are defined contribution plans not subject to actuarial measurement.

SHARE-BASED PAYMENTS

In relation to share-based payments, the Group recognizes, if the conditions exist, the cost of the services acquired during the period in which it receives the service in exchange for an increase in equity or a liability, depending on the transaction settlement methods and, in particular, if the obligation is settled through shares (equity-settled plan) or with cash payment (cash-settled plan).

These plans are measured on the date the rights are assigned, through financial measurement techniques including market conditions in the measurement, and adjusting the number of rights that are expected to be assigned at each reporting date. The initial fair value of these rights is updated depending on whether the plan is classified as cash-settled or equity-settled respectively.

The Parent Company has provided for the Group's executives an Incentive Plan that consists of the free allocation of the Company's shares, upon reaching certain financial objectives. The Stock Grant Plan, as structured, falls within the scope of IFRS 2 in the "equity settled" transactions category.

The cost of the incentive plan is spread over the period to which the incentive refers (known as the vesting period) and is determined with reference to the fair value of the right assigned to the beneficiaries at the date of commitment, in order to reflect the market conditions existing at that date.

At each reporting date, the assumptions regarding the number of Stock Grants that are expected to mature are verified. The expense for the year is recognized in profit or loss, among the personnel expenses, and an equity reserve is recognized in counterpart.

PROVISIONS FOR RISK AND CHARGES

Provisions are recorded for losses and charges of a specific nature, of certain or probable existence, for which, however, the amount and / or date of occurrence cannot be determined. They are only recognized when there is a current obligation, legal or implicit, for a future outflow of economic resources as a result of past events and it is probable that this outflow is required for the fulfillment of the obligation. This amount represents the best estimate of the costs to settle the obligation. The rate used in determining the present value of the liability reflects current market values and takes into account the specific risk associated with each liability.

When the time value of money is significant and the payment dates of the obligations can be reliably estimated, the provisions are measured at the present value of the expected cash outflows using a rate that reflects the market conditions, the change in the cost of money over time and the specific risk linked to the obligation. The increase in the amount of the provision, determined by changes in the cost of money over time, is accounted for as an interest expense.

The risks for which the emergence of a liability is only possible are indicated in the specific section regarding contingent liabilities, and no provision is made for these.

RECOGNITION OF REVENUE FROM CONTRACTS WITH CUSTOMERS

The Group's revenues are mainly generated by the sale of technologies, products, systems and cyber security and cyber intelligence services.

Revenues for product sales are recognized at the time of transfer of control of the asset, namely risks and benefits, which normally coincides with the delivery or shipment of the goods, or at the time of transfer of the service to the customer, taking into account the value of any commercial discounts, allowances and expected returns. Revenues of a financial nature and that deriving from the provision of services are recognized on an accruals basis. Revenues and income, costs and expenses related to foreign currency transactions are determined at the current exchange rate on the date on which the related transaction is carried out.

Contracts that meet the requirements for revenue recognition "over time" are classified among "contract assets" or among "contract liabilities" depending on the relationship between the status of fulfillment of the performance by the Group and the payments received from the customer. In particular:

"contract assets" represent the right to consideration for goods or services that have already been transferred to the customer;
"contract liabilities" represent the Group's obligation to transfer goods or services to the customer for which a consideration has already been received (or the right to receive has already arisen).

Where in a contract there is more than one performance obligation, representing a contractual promise to transfer to the customer a distinct good or service (or a series of distinct goods or services that are substantially the same and are transferred in the same way), the classification between assets and liabilities is made at an overall level and not at the level of single performance obligation.

Contract assets and liabilities are recognized using the percentage of completion as the methodology for measuring progress; according to this methodology, costs, revenues and margin are recognized based on the progress of the activity, determined by referring to the ratio between costs incurred at the measurement date and total expected costs included in the respective order budgets. The Group systematically updates the assumptions that underlie the order budgets in order to reflect in the financial statements the most reasonable estimate of contractual considerations accrued and the economic result of the order.

Conversely, if the requirements for recognition over a period of time are not met, revenues are recognized at a specific point in time ("at a point in time"), that is, when the customer gains control of the promised goods or services.

Contract assets are presented net of any impairment losses. Periodic updates of estimates are made and any economic effects are accounted for in the period in which the updates are made.

The Group enters into contracts that are generally able to be distinguished and accounted for as separate performance obligations. The recognized revenues are limited to the amount of consideration that the Group expects to receive. The Group allocates the transaction price to performance obligations based on the stand-alone selling prices (SSP) for each obligation. When an SSP does not exist, the Group estimates it using a market-adjusted approach.

GRANTS

Government grants are recorded at fair value, when there is reasonable certainty that they will be received and all conditions relating to them are satisfied. When the grants are related to cost components, they are recognized as revenues, but are systematically allocated over the years to match the costs they intend to compensate. In the event that the grant is related to an asset, the fair value is used to decrease the value of the asset. It is also suspended in liabilities if the asset to which it is related has not come into operation, or is under construction and the related amount is not covered by the value of the same asset.

DIVIDENDS

Dividends are recognized when the Shareholders' right to receive payment arises, which normally corresponds to the shareholders' meeting resolution on the distribution of dividends. The distribution of dividends to Shareholders is recorded as a liability in the financial statements in the period in which the distribution of the same is approved by the Shareholders' Meeting and reflected as a movement of equity.

TAXES

Current taxes are determined based on an estimate of taxable income, in compliance with the applicable tax legislation.

Deferred tax assets and deferred tax liabilities are calculated against all the differences that emerge between the tax base of an asset or liability and the related carrying amount, with the exception of goodwill upon initial recognition. Deferred tax assets, including those relating to previous tax losses, for the portion not offset by deferred tax liabilities, are recognized to the extent that it is probable that future taxable income will be available against which they can be recovered. Deferred tax assets and liabilities are determined using the tax rates that are expected to be applicable in the years in which the differences will be realized or settled.

The amount of deferred tax assets is reviewed at each reporting date and possibly reduced to the extent that it is no longer probable that sufficient tax profits will be available in the future to allow all or part of the related credit to be used. Unrecognized deferred tax assets are reviewed annually at the reporting date and are recognized to the extent that it has become probable that the tax profit is sufficient to allow such deferred tax assets to be recovered.

Current taxes, deferred tax assets and deferred tax liabilities are recognized in the statement of profit and loss under the item "Income taxes", with the exception of those relating to items recognized in the Statement of comprehensive income other than profit and those relating to items directly debited or credited to equity. In these latter cases, deferred taxes are recognized in the Statement of comprehensive income and directly in equity. Deferred tax assets and deferred tax liabilities are offset when they are applied by the same tax authority, there is a legal right to offset them, and a settlement of the net balance is expected.

Other taxes not related to income, such as indirect taxes, are included in the statement of profit and loss item "Other operating costs".

EARNINGS PER SHARE

Sale and Leaseback

The basic earnings per share are calculated by dividing the profit or loss attributable to the holders of ordinary shares of the Company by the weighted average of ordinary shares in circulation during the year, adjusted to take into account the treasury shares owned. The diluted earnings per share are calculated by adjusting the profit or loss attributable to the holders of ordinary shares, as well as the weighted average of shares in circulation, as defined above, to take into account the effects of all potential ordinary shares with dilutive effect.

2.5. Recently issued accounting standards

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS EFFECTIVE FROM JANUARY 1, 2024

The new standards, amendments and interpretations effective from January 1, 2024 are listed below.

Amendments to IAS 7 — Statement of Cash Flows and IFRS 7 — Financial Instruments: Disclosures: Supplier Finance Arrangements	In May 2023, the IASB issued amendments to IAS 7 — Statement of Cash Flows and IFRS 7 — Financial Instruments: Additional information: Supplier Finance Arrangements, that introduce new disclosure requirements to enhance the transparency and usefulness of the information provided by entities about supplier finance arrangements and are intended to assist users of financial statements in understanding the effects of supplier finance arrangements on an entity's liabilities, cash flows and exposure to liquidity risk. The amendments are effective on or after January 1, 2024.
Amendments to IAS 1 —	In January 2020, the IASB issued amendments to IAS 1 — Presentation of Financial
Presentation of Financial	Statements: Classification of Liabilities as Current or Non-Current to clarify how to
Statements: Classification of	classify debt and other liabilities as current or non-current, and in particular how to
Liabilities as Current or Non	classify liabilities with an uncertain settlement date and liabilities that may be settled
Current	by converting to equity. These changes are effective from January 1, 2024.
Amendments to IFRS 16	In September 2022, the IASB made changes to IFRS 16 – Leases: Liabilities in a sale and
Leases – Lease Liability in a	leaseback to provide guidelines for assessing the liability arising from a sale and

leaseback to provide guidelines for assessing the liability arising from a sale and leaseback transaction, aimed at ensuring that the seller-lessee does not recognize any profit or loss amount related to the retained right of use. These changes are effective from January 1, 2024.

The adoption of the aforementioned amendments had no significant impact on the Consolidated Financial Statements.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS ENDORSED BY THE EUROPEAN UNION BUT NOT YET APPLICABLE

The accounting standards, amendments and interpretations endorsed by the European Union but not yet applicable as of December 31, 2024; effective on or after January 1, 2025. The Group is considering the effects that the adoption of these amendments could have on its Consolidated Financial Statements. As of the date of preparation of these Consolidated Financial Statements, no significant impacts are expected.

Amendments IAS 21 — The Effects of Changes in Foreign Exchange Rates: Lack of Exchangeability

In August 2023, the IASB issued amendments to IAS 21 — The Effects of Changes in Foreign Exchange Rates: Lack of Exchangeability, to clarify how an entity has to apply a consistent approach to assessing whether a currency is exchangeable into another currency and, when it is not, to determine the exchange rate to use and the disclosures to be provided. These amendments are effective on or after January 1, 2025. The Group does not foresee significant impacts from the adoption of these amendments.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS NOT YET ENDORSED BY THE EUROPEAN UNION

The new standards, amendments and interpretations not yet endorsed by the European Union are summarized below: The Group is considering the effects that the adoption of these amendments could have on its Consolidated Financial Statements. As of the date of preparation of these Consolidated Financial Statements, no significant impacts are expected.

Amendments to the
Classification and
Measurement of Financial
Instruments

In May 2024, the IASB issued Amendments to Classification and Measurement of
Financial Instruments that amended IFRS 9 Financial Instruments and IFRS 7 Financial
Instruments: additional information. In detail, the IASB amended the provisions relating
to: (i) settlement of financial liabilities using an electronic payment system; (ii) assessing
the contractual cash flow characteristics of financial assets, including those with
characteristics related to ESG factors; (iii) disclosure related to investments in equity
instruments designated at fair value through other comprehensive income; and (iv)
additional disclosures for financial instruments with contingent characteristics that are
not directly related to the underlying risks and costs of the loan.
The amendments are effective on or after January 1, 2026.

IFRS 18 Presentation and
Disclosure in Financial
Statements

In April 2024, the IASB issued a new accounting standard that will replace IAS 1
Presentation of Financial Statements, to improve the reporting of financial results. IFRS
18 Presentation and Disclosure in Financial Instruments will improve the quality of
financial reporting through requirements on: (i) subtotals defined in the statement of
profit and loss; (ii) disclosure of management-defined performance measures; and (iii)
the addition of new standards regarding aggregation and disaggregation of information.
The standard is effective on or after January 1, 2027.

Contracts Referencing
Nature-dependent Electricity
Amendments to IFRS 9 and
IFRS 7

In December 2024, the IASB issued amendments aimed at helping companies better
report the financial effects of nature-dependent electricity contracts, which are often
structured as power purchase agreements (PPAs). Nature-dependent electricity
contracts help companies to secure their electricity supply from sources such as wind
and solar power, and current accounting requirements may not adequately capture how
these contracts affect a company's performance. To allow companies to better reflect
these contracts in the financial statements, the IASB has made targeted amendments to
IFRS 9 Financial Instruments and IFRS 7 Financial Instruments: Disclosure, and will
include: (i) clarifying the application of the "own-use" requirements; (ii) permitting
hedge accounting if these contracts are used as hedging instruments; and (iii) adding
new disclosure requirements to enable investors to understand the effect of these
contracts on a company's financial performance and cash flows. The amendments are
effective on or after January 1, 2026.

3. Risk Management

The Group's activities are exposed to the following risks: i) market risk, defined as currency risk, interest rate risk and price risk, ii) credit risk, iii) liquidity risk and iv) capital risk.

The Group's risk management strategy is aimed at minimizing potential negative effects on the Group's financial performance.

Currently and based on the estimates made, no problems of business continuity or impairment emerge.

INTEREST RATE RISK

The Group has entered into "Interest Rate Swaps", hedging the risk of fluctuation in the interest rates applied to variable rate loans. The following tables provide details of the instruments held as of December 31, 2024 and 2023:

Bank loans as of December 31, 2024		Cash Flow hedges
	Principal	Principal as of December 31, 2024
(in Euro)		IRS	Total
Variable rate loans	48,500,000	18,500,000	18,500,000
Fixed rate loans	500,000	-	-
Total	49,000,000	18,500,000	18,500,000

Bank loans as of December 31, 2023	Principal	Cash Flow hedges
		Principal as of December 31, 2023
(in Euro)		IRS	Total
Variable rate loans	26,555,052	15,500,000	15,500,000
Fixed rate loans	2,050,000	-	-
Total	28,605,052	15,500,000	15,500,000

In its choice of financing and investments, the Group has adopted criteria of prudence and limited risk and has not carried out speculative transactions.

CURRENCY RISK

PRICE RISK

The Group believes it is not significantly exposed to the movements of raw material and commodity prices used in the production process and the resulting influence of these on operating margins.

CREDIT RISK

Credit risk essentially derives from trade receivables. To mitigate credit risk related to counterparties in trade transactions, the Group has implemented procedures aimed at limiting the concentration of exposures to single counterparties or groups, through a creditworthiness analysis. Constant credit monitoring allows the Group to promptly verify any defaults or worsening of the creditworthiness of the counterparts and to adopt the relative mitigating actions.

It is also specified that the credit risk is further limited considering the characteristics of the customers, largely public sector entities.

The Group applies the simplified approach provided by IFRS 9 for the estimate of the recoverability of its trade receivables. The adjustment of the estimates that results from this takes into account the risk of non-collectability of receivables through the differentiation of the ECL (Expected Credit Losses) applied to groups of homogeneous receivables with respect to the risk profile and age, or depending on the progress of the actions taken for the recoverability of doubtful receivables. The amount of financial assets considered doubtful for recovery is not significant and is, in any case, covered by appropriate allocations to the loss allowance. See Note 20 for more details about the loss allowance.

LIQUIDITY RISK

CAPITAL RISK

FINANCIAL ASSETS AND LIABILITIES BY CATEGORY

The fair value of financial assets, financial liabilities and loans, recorded among the "current" items of the Statement of Financial Position and evaluated with the amortized cost method, being mainly assets underlying relationships whose settlement is expected in the short term, does not differ from the amounts recognized in the financial statements as of and for the years ended December 31, 2024 and 2023.

Non-current financial liabilities and assets are settled or measured at market rates and it is believed, therefore, that the fair value of the same is substantially in line with current carrying amounts.

The following is a classification of financial assets and liabilities by category as of December 31, 2024 and 2023 identified based on the requirements of IFRS 7.

As of December 31, 2024 (in Euro)	Financial assets / liabilities at amortized cost	Fair value of hedging instruments	Assets / liabilities at fair value through the profit or loss	Non-financial assets / liabilities	Total
Assets
Non-current financial assets	442,719	59,532		-	502,251
Current financial assets	920,352	50,380		-	970,732
Cash and cash equivalents	14,537,530		-	-	14,537,530

Total assets	15,900,601	109,912	-	-	16,010,513
Liabilities
Non-current financial liabilities	21,819,661	5,292	2,391,845	-	24,216,798
Non-current lease liabilities	4,227,281		-	-	4,227,281
Current financial liabilities	15,069,400	2,635	1,781,953	-	16,853,988
Current lease liabilities	1,631,866		-	-	1,631,866
Total liabilities	42,748,208	7,927	4,173,798		- 46,929,933

As of December 31, 2023 (in Euro)	Financial assets / liabilities at amortized cost	Fair value of hedging instruments	Assets / liabilities at fair value through the profit or loss	Non-financial assets / liabilities	Total
Assets
Non-current financial assets	68,066	85,144	-	-	153,210
Current financial assets	985,189	231,110	-	-	1,216,299
Cash and cash equivalents	17,561,190	-	-		- 17,561,190
Total assets	18,614,445	316,254	-		- 18,930,699
Liabilities
Non-current financial liabilities	16,372,319	-	4,074,006		- 20,446,325
Non-current lease liabilities	2,571,452	-	-	-	2,571,452
Current financial liabilities	6,685,676	-	1,666,391	-	8,352,067
Current lease liabilities	1,207,015	-	-	-	1,207,015
Total liabilities	28,836,462	-	5,740,397		- 32,576,859

FAIR VALUE MEASUREMENT

The fair value of financial instruments listed on an active market is based on market prices as of the financial statements' reporting date. The fair value of instruments that are not listed on an active market is determined using measurement techniques based on a series of methods and assumptions related to market conditions as of the reporting date.

The following is the classification of the fair values of financial instruments based on the following hierarchical levels:

- Level 1: Fair value determined with reference to listed prices (not adjusted) on active markets for identical financial instruments;
- Level 2: Fair value determined with measurement techniques with reference to observable variables on active markets;
- Level 3: Fair value determined with measurement techniques with reference to unobservable market variables.

The following tables present the classification of the fair value of current financial instruments, as of December 31, 2024 and 2023. The amounts refer to interest rate hedging derivatives subscribed by the Group and the put option recognized in relation to the acquisition of Diateam S.a.S. and, for the year ended on December 31, 2024, of XTN. For more information, please refer to Note 5.

As of December 31, 2024	Fair Value
(in Euro)	Level 1	Level 2	Level 3	Total

Non-current assets	-	59,532	114,977	174,509
Derivative financial instruments	-	59,532	114,977	174,509
Current assets	-	50,380	252,572	302,952
Derivative financial instruments	-	50,380	252,572	302,952
Non-current liabilities	-	(5,292)	-	(5,292)
Derivative financial instruments	-	(5,292)	-	(5,292)
Current liabilities	-	(2,635)	-	(2,635)
Derivative financial instruments	-	(2,635)	-	(2,635)
Current and non-current financial liabilities	-	-	(4,173,798)	(4,173,798)
Put option on business combinations	-		(4,173,798)	(4,173,798)
Total	-	101,985	(3,806,249)	(3,704,264)

As of December 31, 2023	Fair Value
(in Euro)	Level 1	Level 2	Level 3	Total
Non-current assets	-	85,144	-	85,144
Derivative financial instruments	-	85,144	-	85,144
Current assets	-	231,110	-	231,110
Derivative financial instruments	-	231,110	-	231,110
Current and non-current financial liabilities	-	-	(5,740,397)	(5,740,397)
Put option on business combinations	-	-	(5,740,397)	(5,740,397)
Total	-	316,254	(5,740,397)	(5,424,143)

Measurement techniques and inputs used

The fair value of the put option on business combinations, amounting to Euro 4,174 thousand, refers to the accounting, under the anticipated acquisition method provided for by IFRS 3 - Business Combinations, of the liabilities connected to the acquisition of control of Diateam and XTN deriving from the put options provided in favor of the non-controlling interests (sellers) of Diateam on the residual 29.34% share and some of the non-controlling interests of XTN on additional shares equal to 2.2% of its share capital, as provided by the acquisition contracts. The fair value of the abovementioned liability was calculated by implementing a Monte Carlo simulation model, simulating a large number of prospective future scenarios of Diateam's EBITDA. In each scenario and for each tranche, the prospective value of EBITDA was simulated through a normal model (Bachelier framework), starting from the value realized in the 2024 by the subsidiary and from the values forecasted in the Business Plan, for the 2025 and 2026. For each simulated EBITDA scenario, the value of the Strike Price at the option exercise date was calculated, taking into account the contractually defined constraints. In each scenario, the amount of the liability was then obtained as the sum of the discounted values of the Strike Price related to the different tranches at the cost of debt. The final amount of the liability was calculated as the arithmetic average, over all scenarios, of the related simulated amounts.

The simulation model was implemented based on the following assumptions:

for the calculation of the value of the liability, the cost of debt of the parent company was considered as the discount rate. This rate was assumed to be an IBR rate (Incremental Borrowing Rate), calculated from a discount curve identified by the sum of the following three components:
- risk-free component, obtained from interbank interest rates expressed in euros over different maturities. In particular, a discount curve was determined through the bootstrapping procedure, starting from market data collected through public information providers;
- credit risk component: at the measurement date, the parent company obtained an indication of implicit rating based on the credit conditions found in the financing contracts in force. In particular, an implicit credit rating was obtained from the margins of the most significant tranches of these financings. The margins thus obtained were then compared with the spreads of the CDS Service

Company Western Europe curves and the curve closest to this spread level was identified, corresponding overall to a B+ rating for both. This indication of creditworthiness was used for the selection of the corresponding CDS curve. The credit risk component was then estimated from the relative CDS levels.

component of adjustment for country risk, determined between the curve of the spread on Italian government CDS and the aggregate curve of the spread on investment grade Euro area government CDS;
The volatility parameter of Diateam's EBITDA was calculated from the time series of EBITDA for comparable companies.

For XTN, the fair value of the liability was determined as equal to the present value of the amount to be paid at the contractually established maturity in exchange for the purchase of the interests of the minority shareholders.

The changes in the fair value of the aforementioned liability are recorded by the Group in the Statement of profit and loss, under the heading "Net financial income / (expense)". For more information, please refer to note 12.

4. Estimates and Assumptions

The preparation of the financial statements requires the Directors to apply accounting principles and methods which, in certain circumstances, are based on difficult and subjective assessments and estimates based on historical experience and assumptions that are considered reasonable from time to time and realistic according to the relative circumstances. The application of these estimates and assumptions affects the amounts reported in the financial statements, in the Statement of Financial Position, in the Statement of profit and loss, in the Statement of Comprehensive Income, in the Statement of Cash Flows, in the Statement of Changes in Equity, as well as in the disclosure provided. The estimates are based on the most recent information that the Directors have at the time of drafting the present financial statements.

The final results of the financial statements items for which the aforementioned estimates and assumptions have been used may differ from those reported in the financial statements that reflect the effects of the occurrence of the event subject to estimation, due to the uncertainty that characterizes the assumptions and conditions on which the estimates are based.

The areas that require more subjectivity on the part of the Directors in preparing the estimates, and for which a change in the conditions underlying the assumptions used could have a significant impact on the financial data, are briefly described below.

(a) Impairment of assets

In accordance with the accounting standards applied by the companies of the Group, property plant and equipment and intangible assets are subject to verification in order to ascertain whether they are impaired, which must be recognized through an impairment loss, when there are indicators that suggest difficulties in recovering the related net carrying amount, represented by the higher between fair value less cost of disposal and value in use. The verification of the existence of the aforementioned indicators requires the directors to make subjective assessments based on the information available within the Group companies and on the market, as well as from historical experience. Furthermore, if it is determined that a potential impairment may have occurred, the companies of the Group proceed with the determination of the impairment using measurement techniques deemed appropriate. The correct identification of the elements indicating the existence of a potential impairment of property plant and equipment and intangible assets, as well as the estimates for their determination, depend on factors that may vary over time, influencing the assessments and estimates made by the Directors.

With particular reference to the estimation of the value in use through a method based on the discounting of expected cash flows, it is highlighted that this methodology is characterized by a high degree of complexity and the use of estimates, by their uncertain and subjective nature, about:

the expected flows, determined taking into account the general economic trend and the industry, the cash flows produced in the last few years and the forecast growth rates;
the financial parameters to be used for the discounting of the above mentioned flows.

(b) Purchase Price Allocation

In the context of business combinations, for the consideration transferred for the acquisition of control of a company, the identifiable assets acquired and liabilities assumed are recognized in the consolidated financial statements at present values (fair value) at the date of acquisition, through a process of allocation of the paid price (Purchase Price Allocation). Generally, the Group determines the fair value of the acquired assets and liabilities assumed through methodologies based on the discounting of expected cash flows. This method is characterized by a high degree of complexity and the use of estimates, by their uncertain and subjective nature, about:

the expected cash flows, determined taking into account the economic trend of the acquired companies and their respective industry, the cash flows accounted for in the last few years and the forecast growth rates;
the financial parameters used for the determination of the discount rate.

(c) Amortization and depreciation

The cost of property, plant and equipment and intangible assets is amortized/depreciated on a straight-line basis over the estimated useful life of the related assets. The useful economic life of these assets is determined by the Directors when they are purchased; It is based on historical experience for similar assets, market conditions, and expectations regarding future events that could have an impact on the useful life of the assets, including changes in technology. Therefore, the actual economic life may differ from the estimated useful life.

(d) Fair value measurement

In measuring the fair value of an asset or a liability, the Group makes use of observable market data as far as possible. Fair values are distinguished into various hierarchical levels based on the input data used in measurement techniques, as better described in the previous paragraph "Fair value measurement".

(e) Provisions for risk and charges

The Group identifies in the provisions for risk and charges the likely liabilities attributable to personnel expenses, suppliers, third parties and, in general, other expenses arising from obligations undertaken; the provisions recorded are representative of the risk of negative outcome associated with the listed cases. The amount of the provisions recorded in the financial statements relating to these risks represents the best estimate at the date made by the Directors. This estimate involves the adoption of assumptions which depend on factors that may change over time and that could, therefore, have significant effects compared to the current estimates made by the Directors for the preparation of the Group's financial statements.

(f) Loss allowance

The loss allowance reflects the estimates of estimated losses for the Group's loan portfolio. Provisions were made for expected losses on receivables, estimated based on past experience with reference to receivables with similar credit risk, to current and historical unpaid amounts, as well as to the careful monitoring of the quality of the loan portfolio and the current and expected conditions of the economy and the reference markets. Estimates and assumptions are periodically reviewed and the effects of any change are reflected in the Statement of profit and loss in the relevant year.

(g) Contract assets and liabilities

In the measurement of contract assets and liabilities, the Group determines whether contract revenues should be recognized at a certain time or over time and estimates the percentage of completion based on the method of cost to cost.

(h) Employee benefits

The actuarial measurement requires the processing of various assumptions that may differ from actual future developments. The results depend on the technical bases adopted such as, among others, the discount rate, the inflation rate, the wage increase rate and the expected turnover. All assumptions are reviewed annually.

(i) Deferred tax assets

Deferred tax assets must be recognized for all deductible temporary differences or for tax losses if it is likely that taxable income will be realized against which deductible temporary difference or tax losses can be used exist. The Group assesses the possibility to recognize deferred tax assets based on future economic projections. The estimates and assumptions underlying such future economic projections are reviewed periodically.

(l) Lease liabilities

The measurement of lease liabilities is influenced by the duration of the lease as the non-cancellable period of the lease, to which both the following periods are to be added: a) periods covered by a lease extension option, if the lessee is reasonably certain to exercise the option; and b) periods covered by the lease termination option, if the lessee is reasonably certain not to exercise the option. The measurement of the lease duration involves the assumption of estimates that depend on factors that can change over time with potentially significant effects compared to the assessments made by the Directors.

5. Business Combinations

2024

On January 16, 2024, CY4Gate, following the signing of the Preliminary Agreement on November 14, 2023, and the occurrence of certain resolved precedent conditions, in partnership with Alfa Group, signed the contract for the total purchase of 97.8% of XTN Cognitive security S.r.l. according to the following proportions:

CY4Gate has purchased a stake equivalent to 77.8% of the share capital;
Alfa Group has purchased a stake equivalent to 20% of the share capital;
The remaining 2.2% stake is held by the Management of the investee.

The total consideration for the operation amounted to Euro 12.2 million, As of the date of preparation of this document, 80% of the total consideration has been paid; the remaining 20% will be paid by June 30, 2027, and this amount may be reduced by up to 20% based on the investee's results as of December 31, 2026.

The acquisition was financed through the use of the acquisition Capex line subscribed during 2022 with a pool of banks, The acquisition contract also provides for (i) a 20% share of the consideration to be paid by CY4Gate and the Alfa Group on a deferred basis, and (ii) a put and call mechanism that allows CY4Gate to obtain an additional 2.2% of XTN's share capital, to be exercised during the period between June 1, 2027, and June 30, 2027.

The fair value of the consideration transferred by CY4Gate at the acquisition date consists of:

a fixed amount of Euro 8.7 million upfront payment upon acquisition;
a deferred price of Euro 973 thousand to be paid by June 30, 2027, the present value of which was estimated to be Euro 805 thousand as of December 1, 2024; date of acquisition of control (present value of Euro 814 thousand as of December 31, 2024), As mentioned above, the amount of the deferred payment may be reduced, up to a maximum of 20%, based on the investee's performance as of December 31, 2026; and
put options on an additional 2.2%, the present value of which was estimated to be Euro 274 thousand as of December 1, 2024 (present value of Euro 230 thousand as of December 31, 2024).

In this regard, it is specified that the Group, as permitted by the reference accounting standards, has adopted the anticipated acquisition method for accounting for the put options provided for in the acquisition contract, This method also involved the consideration, in the determination of the transferred consideration for the acquisition of control, of the present value of the liability arising from the put option provided in favor of the non-controlling interests (sellers) on the 2.2% stake as provided for in the acquisition contract, Consequently, the recognition of the business combination did not result in the recognition of NCI (non-controlling interests) in these Consolidated Financial Statements for a share of 20% of the share capital of XTN, corresponding to the share held by the company Alfa Group, which is not affected by the Group's option rights.

It should be noted that, also with reference to the investee Diateam, acquired in the previous year, the Group adopted the anticipated acquisition method to account for the put options on the remaining 29.34% of the share capital, Consequently, the recognition of the business combination did not result in the recognition of NCI (non-controlling interests).

With reference to the Acquisition, as permitted by IFRS 3, the Group completed the process of measuring the fair value of the assets acquired, the liabilities and contingent liabilities assumed ("Purchase Price Allocation"), Specifically, this analysis identified a company trademark of XTN Cognitive Security Srl for a total of Euro 1.8 million, gross of related tax effects. The net amount of the assets acquired can be detailed as follows:

(in Euro)	Carrying amount as of the date of acquisition	Revaluation / Depreciation	Fair value
Non-current assets	492,935	1,841,348	2,334,283
Intangible assets and goodwill	412,406	1,841,348	2,253,754
Property, plant and equipment	21,765		21,765
Deferred tax assets	58,764		58,764
Current assets	6,357,287	-	6,357,287
Trade receivables	1,846,679		1,846,679
Other current assets	39,871		39,871
Cash and cash equivalents acquired	4,470,737		4,470,737
Total assets	6,850,222	1,841,348	8,691,570
Non-current liabilities	(914,344)	(504,345)	(1,418,689)
Employee benefits - non-current	(202,344)		(202,344)
Non-current financial liabilities	(712,000)		(712,000)
Deferred tax liabilities	-	(504,345)	(504,345)
Current liabilities	(3,898,491)	-	(3,898,491)
Trade payables	(1,348,318)		(1,348,318)
Other current liabilities	(2,550,173)		(2,550,173)
Total liabilities	(4,812,835)	(504,345)	(5,317,180)
Net assets acquired	2,037,387	1,337,003	3,374,390
Consolidation percentage *	80.00%
Net assets acquired pertaining to the Group (A)	1,629,910	1,069,602	2,699,512
Net assets acquired pertaining to third parties	407,477	267,401	674,878

Goodwill (C) = (B) - (A)	8,179,372	(1,069,602)	7,109,770
Net amount of assets acquired (consideration) (B)	9,809,282		9,809,282

* The percentage of contribution to the Group is 80% and includes XTN's contribution to equity attributable to the owners of the parent as a result of the recognition of additional quotas due to the effect of the put options granted to certain minority interests on the quotas they hold, amounting to 2.20% of the quota capital of the investee.

Goodwill represents the intrinsic value of the investee resulting from the technical expertise of the personnel, market recognition and income prospects, regardless of the specific value attributed to the brand and/or individual elements. The recognized goodwill is not deductible for tax purposes.

The consideration of Euro 9,809 thousand includes Euro 8,730 thousand as the upfront price; Euro 805 thousand as the fair value of the deferred price component as of January 1, 2024; and Euro 274 thousand as the fair value of the put option liability as of January 1, 2024.

The details of the liquidity absorbed by the acquisition are reported below:

(in Euro)

Consideration paid	8,729,700
Cash and cash equivalents acquired	(4,470,737)
Net cash flow from investing activities	4,258,963

The acquired business has contributed to the Group's results with Revenue of Euro 5,021 thousand and a profit of Euro 1,641 thousand for the period from January 1 to December 31, 2024.

6. Segment Reporting

IFRS 8 defines an operating segment as a component i) that involves business activities generating Revenues and costs, ii) whose operating results are periodically reviewed at the highest decision-making level and iii) for which separate financial-economic data are available, For the purposes of IFRS 8, the activity carried out by the Group is identifiable in a single operating segment, that of the development and marketing of cyber intelligence and cyber security products.

7. Revenues

This item mainly refers to the sale of products and can be detailed as follows:

	For the year ended December 31
(in Euro)	2024	2023

Revenues from sales and services	67,388,250	66,666,596
Change in contract work in progress	4,976,177	(177,543)
Total	72,364,427	66,489,053

Revenues recorded in 2024, present an increase compared to the previous period of Euro 5,875 thousand, attributable for Euro 4,800 thousand to the changes in scope of consolidation following the acquisition of control of XTN starting from January 1, 2024.

The item "Change in contract assets work in progress" can be traced back to the sum of revenue related to ongoing contracts recognized "over time", mainly acquired in the last few months of 2024, and revenues resulting from the closure of certain contracts completed during the period.

The following table presents the breakdown of revenues recognized "at a point in time" (i.e. upon delivery of the good, license or service) or "over time".

	For the year ended December 31
(in Euro)	2024	2023

Recognized at point in time	7,057,140	18,201,855
Recognized over time	60,331,110	48,464,741
Total	67,388,250	66,666,596

Within each contract, the reference element for revenue recognition is the individual performance obligation. For each obligation to perform, separately identified, the Group recognizes revenues when (or as) it fulfills the obligation itself, transferring the promised good/service (i.e. the asset) to the customer. The asset is transferred when (or as) the customer takes control of it. For the obligations to perform fulfilled over time, revenues are recognized over time, evaluating the progress made towards complete fulfillment of the obligation at the end of each year. For the evaluation of progress, the Group uses the method based on inputs (cost to cost method). Revenues are recognized based on the inputs used to fulfill the obligation up to the date, compared to the total inputs assumed to fulfill the entire obligation. When the inputs are distributed uniformly over time, the Group linearly recognizes the corresponding revenues. In certain circumstances, when it is not possible to reasonably assess the outcome of the obligation to perform, revenues are recognized only up to the extent of the costs incurred.

The following table presents revenues broken down by geographical segment:

		For the year ended December 31
(in Euro)	2024	2023

Italy	46,928,906	37,712,516
Outside Italy	25,435,521	28,776,537
Total	72,364,427	66,489,053

8. Other revenues and income

This item can be detailed as follows:

(in Euro)		For the year ended December 31
	2024	2023

Tax benefits	708,687	1,271,275
Grants	989,512	301,392
Other	1,016,172	202,598
Total	2,714,371	1,775,265

The 2024 income from tax benefits refers entirely to tax benefits for research and development. In 2023, it referred to tax benefits for research and development activities (Euro 757 thousand) and to tax benefits for the purchase of assets (Euro 514 thousand).

As a result of business combinations, in 2024, other revenues include Euro 221 thousand from XTN, consolidated by the Group from January 1, 2024.

9. Purchases, services and personnel expenses

This item can be detailed as follows:

(in Euro)		For the year ended December 31
	2024	2023
Costs for raw materials and goods	1,974,247	3,300,696
Costs for consumable materials	1,966,457	550,208
Total costs for raw materials	3,940,704	3,850,904
Legal and consultancy fees	1,703,851	2,419,290
Utilities and telephone expenses	3,768,371	3,306,028
Technical and commercial services	1,063,640	2,881,486
Management and administration services	3,601,724	4,132,847
Maintenance	3,006,638	1,891,592
Rentals and accessory expenses	923,878	1,229,290
Software licenses	1,840,341	671,204
Representation and promotion expenses	2,104,095	2,055,104
Remuneration of corporate bodies	1,251,860	927,504
Services of third-party suppliers on orders	3,432,440	3,485,178
Other costs	3,070,492	2,782,099
Total service costs	25,767,329	25,781,622
Wages and salaries	21,726,483	19,499,424
Social security contributions	8,732,937	7,152,554
Post-employment benefits (TFR)	1,510,825	1,278,241
Retirement benefits and similar	175,116	162,918
Share-based payments	213,712	211,295
Other costs	432,742	220,725
Total personnel expenses	32,791,815	28,525,156
Total purchases, services and personnel expenses	62,499,848	58,157,682

Service costs and personnel expenses are presented net of capitalizations made for development costs. Such capitalizations amount to Euro 1,560 thousand and Euro 6,303 thousand respectively for the year ended December 31, 2024 (Euro 2,601 thousand and Euro 4,561 thousand for the year ended December 31, 2023). For more information, please refer to Note 16.

The item "share-based payments", included in personnel expenses, refers to the recognition of the expense for the year related to the stock grant plan approved by the parent company. The recognition of this expense implied the recognition of an equity reserve. The main features of the plan are described below.

The stock grant plan approved by the parent company consists in the award to the beneficiaries, free of charge, of shares of the parent company, over an allocation cycle of the shares referred to the three-year period 2023-2025. The maximum number of shares that can be collectively assigned to the beneficiaries will be 427,500, throughout the entire duration of the plan cycle. Each year, the allocation of the shares is subordinated to the Group's achievement of the financial performance targets and the qualitative targets defined in the plan regulations. For the purposes of the regulation, the date of share allocation is the date of the resolution by which the Board of Directors ascertains the achievement of the aforementioned targets. In relation to what has been described so far, the measurement of the plan has determined, for the year under review, a cost of Euro 214 thousand and implied the recognition of an equity reserve for the same amount.

The increase in raw materials, services and personnel expenses is attributable to the changes in scope of consolidation following the acquisition of control of XTN from January 1, 2024, respectively for Euro 2 thousand, Euro 1,481 thousand and Euro 1,391 thousand. In addition, it is noted that in 2024 the Group confirmed the strengthening of the workforce with the entry of 132 new resources compared to 109 exits both in the sales area for the consolidation of the Group's presence in strategic markets, and of the technical teams of Development and delivery to support the increase in business volumes. Furthermore, 25 resources have become part of the CY4 Group following the XTN acquisition.

The following is the average number of the Group's employees:

	For the year ended December 31
(in Units)	2024	2023

Executive managers	25	23
Middle managers	81	74
Employees	443	398
Total	549	495

10. Amortization and depreciation

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2024	2023
Amortization of intangible assets	16,355,427	12,879,762
Depreciation of property, plant and equipment	2,614,133	1,808,985
Depreciation of right-of-use assets	1,975,714	1,737,138
Total	20,945,274	16,425,885

The increase in amortization and depreciation in the financial year 2024 is mainly attributable to the previous period's investments amortized in the year. As a result of business combinations, in 2024, amortization and depreciation include Euro 181 thousand of XTN, which was consolidated by the Group as of January 1, 2024. The item also includes the amortization of the brand of Euro 184 thousand resulting from allocation of the price paid in the XTN business combination; completed on December 31, 2024 - as further described in Note 5 "Business Combinations".

11. Other operating costs

This item can be detailed as follows:

(in Euro)		For the year ended December 31
	2024	2023

Losses on transactions	122,067	184,677
Contributions and membership fees	80,690	64,834
Taxes and other indirect taxes	18,207	71,606
Other costs	738,635	469,665
Total	959,599	790,782

"Other costs" are mainly related to the management costs of company cars.

12.Financial income and expense

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2024	2023

Interest income	291,229	55,291
Other financial income	355,871	435,014
Financial income	822,100	490,305
Bank interest expense	(2,762,908)	(1,594,713)
Interest expense on lease contracts	(125,628)	(108,082)
Net exchange losses	(14,487)	(7,288)
Interest expense on employee benefits	(23,388)	(20,603)
Other interest and financial expense	(262,459)	(779,092)
Financial expense	(3,188,870)	(2,509,778)

The change in financial expense is mainly due to higher bank interest expense (the change for this item amounts to Euro 1,168 thousand). For more information on bank loans and borrowings, please also refer to Note 28.

The item "other interest and financial expense", which decreased by Euro 517 thousand, mainly included in 2023 the recognition of the fair value change of the put liability registered with reference to the acquisition of the investee Diateam S.a.S. (amounting to Euro 553 thousand). The fair value adjustment of the aforementioned put liability in 2024 resulted in the recognition of a gain of Euro 201 thousand. As of December 31, 2024, this item included an expense of Euro 228 thousand when recognizing the result for the year of Prontocyber Plus, accounted for using the equity method.

For more information, please refer to Note 5 "Business combinations".

The contribution to the aforementioned items from XTN, acquired and consolidated by the Group from January 1, 2024, amounts to Euro 3 thousand in financial income and Euro 21 thousand in financial expense.

13.Income Taxes

This item can be detailed as follows:

		For the year ended December 31
(in Euro)	2024	2023

Current taxes	(1,485,033)	(1,619,433)
Taxes relating to previous periods	-	2,291
Deferred taxes	8,091,730	2,212,093
Total	6,606,696	594,951

XTN's contribution to this item amounted to Euro 222 thousand in current taxes.

The change in deferred taxes compared to 2023 is mainly related to the allocation in 2024 of deferred tax assets (for Euro 6,780 thousand) mainly on tax losses considered recoverable under the Group's 2025-2029 Business Plan approved by the Board of Directors on March 6, 2025; in addition to the reversal of deferred taxes of Euro 1,309 thousand, recognized on the capital gains allocated as part of the allocation of the price paid for the acquisition of the RCS Group, in 2022; of Diateam in 2023 and of XTN in 2024. For more information, please refer to Note 5 "Business combinations".

CY4Gate, as the consolidating entity, and its subsidiaries RCS ETM Security S.p.A. and Tykelab S.r.l., as consolidated entities, participate in the National Fiscal Consolidation in force for the 2023-2025 three-year period. The relationships between the consolidating and consolidated entities are governed by the National Fiscal Consolidation Regulation of the Group, inspired by criteria of homogeneity and neutrality.

The following table presents the reconciliation of the theoretical tax charge with the effective tax charge for the year ended December 31, 2024, and for the year ended December 31, 2023:

	For the year ended December 31
(in Euro)	2024	2023

Loss before taxes	(12,234,589)	(9,493,119)
Theoretical IRES taxes	2,936,301	2,278,349
Lower taxes
Other	(1,825,606)	(3,244,781)
Higher taxes
Other	303,018	253,616
Total current income taxes (IRES)	183,387	206,644
IRAP	39,287	18,560
Foreign income taxes	1,262,359	1,394,229
Taxes relating to previous periods		(2,291)
Deferred taxes	(8,089,555)	(2,212,093)
Total income taxes	(6,606,696)	(594,951)

14.Earnings/(Loss) per share and Diluted Earnings/(Loss) per share

The loss per share (hereinafter "earnings per share" or "EPS") amounts to Euro 0.24, calculated by dividing the loss for the year of Euro 5,638 thousand by the average number of shares in the reference period (23,571,428). The loss per share coincides with the diluted loss per share.

15.Goodwill

Goodwill, amounting to Euro 49,190,205 as of December 31, 2024, (Euro 42,080,435 as of December 31, 2023) was identified following the business combinations concluded during 2024 (for more details on these latter, please refer to Note 5 - "Business Combinations"), as well as acquisitions carried out in previous years.

The increase in goodwill recorded during the period is related to the investee XTN, consolidated as of January 1, 2024.

Goodwill was allocated to the XTN CGU (Euro 7,110 thousand), to the Diateam CGU (Euro 6,282 thousand) and to the RCS Group CGU (Euro 35,798 thousand) at the time of acquiring control of each individual company or group of companies.

With reference to the goodwill allocated to the XTN CGU, in light of the fact that the acquisition took place during the year, the Group tested for recoverability based on the fair value derived from the acquisition transaction carried out with an independent third party. It should be noted that the 2024 performance of the subsidiary XTN was higher than budgeted for the same year. The Group completed the Purchase Price Allocation activities as of December 31, 2024, for which it used the specific advice of an external expert.

The recoverable amount of the goodwill allocated to the Diateam CGU and to the RGS Group CGU was determined by estimating the value in use considering the flows forecasted based on the Group's Business Plan prepared for the time horizon 2025-2029, which reports the projections related to sales, investments, margins, as well as the trend of the main market variables (e.g. inflation, nominal interest rates and exchange rates). It should be noted that for the preparation of the goodwill impairment test, the Group's Management made use of the specific advice of an external expert.

The value in use was determined using the discounted cash flow method, in the unlevered version, applied to the forecast data prepared by the Group's Directors for the five-year period from 2025 to 2029. The cash flows used for the determination of the value in use are related to the operating management of Diateam, of the RCS Group and do not include the net financial expense, theoretical taxes and non-recuring items; they include the investments planned in the plans and the cash changes attributable to working capital. As mentioned above, an explicit period of five years was used beyond which the above flows were projected according to the perpetual annuity method (Terminal value) using a growth rate (g-rate) expected for the reference market of 2%, corresponding to the ECB's inflation growth forecasts in the medium-long term.

The aforementioned cash flows have been updated using a pre-tax WACC of 14.43% in relation to the goodwill allocated to Diateam and a pre-tax WACC of 10.98% in relation to the goodwill allocated to the RCS Group. It is noted that the difference in rates is due to the additional risk of the Diateam CGU due to the reduced size of their respective business (small size premium).

The discount rate for the goodwill allocated to the RCS Group of 3.53% was assumed through an average of the yields of BTPs issued by the Italian state in 2024 (average duration of about 7 years). The market risk premium of 6.20% has been estimated by many studies based on observations over very long periods (10-30 years) of stock returns exceeding the return on government bonds. The unlevered beta index was calculated based on a basket of companies operating in the same sector as RCS, which was 0.69; levered on the basis of RCS's financial structure and tax rate by applying Hamada's formula, resulting in a levered beta of 0.76. No size premium was considered as the company is comparable in size to other companies in the sector. The fair net rate of return is therefore 8.23%.

With regard to the goodwill allocated to Diateam, the discount rate of 3.20% was assumed by taking into account the average yields of French government bonds with a duration of 10 years as of December 31, 2024. The market risk premium of 5.60% was estimated by many studies on the basis of observations over very long periods (10-30 years) of equity returns exceeding the return on government bonds. The unlevered beta index was calculated based on a basket of companies operating in the same sector as Diateam, which was 0.67; equal to the levered beta calculated assuming a target financial structure for the utilization of the asset without net debt, corresponding to that of Diateam as of December 31, 2024. In addition, a risk premium for small size was estimated at 3.87 percentage points, taking into account the difference between the expected returns of companies of different sizes (in France), specifically comparing the size of the company under valuation with the average size of comparable companies used to estimate the cost of capital. The fair net rate of return is therefore 10.83%.

The plans underlying the above-mentioned impairment tests were approved by the Board of Directors of the Parent Company on March 6, 2025.

In addition, the following sensitivity analyses were carried out:

for the Diateam CGU: change in the WACC of 2.5%, 5%, 7.5% and 10%, i.e. a change ranging from 14.43% to 15.88%, and a growth rate change ranging from 2% to 1%. No impairment would be necessary. Furthermore, the impact on the value of the CGU of a 10% decrease in the terminal value of the cash flows that can be generated at full capacity, as compared to the assumptions made in the baseline scenario, was simulated. No impairment was required for this sensitivity analysis.
for the RCS Group CGU: change in the WACC of 2.5%, 5%, 7.5% and 10%, i.e. a change ranging from 10.98% to 12.07%, and a growth rate change ranging from 2% to 1%. No impairment would be necessary. Furthermore, the impact on the value of the CGU of a 10% decrease in the terminal value of the cash flows that can be generated at full capacity, as compared to the assumptions made in the baseline scenario, was simulated. No impairment was required for this sensitivity analysis.

Following the impairment test carried out on the basis of the above considerations, it is noted that the recoverable amount of each CGU exceeds the corresponding carrying amount as of December 31, 2024.

16.Intangible Assets

This item and its change can be detailed as follows:

(in Euro)	Developmen t costs	Industrial patents and intellectual property rights	Concessions, licenses, trademarks and similar rights	Assets under development and payments on account	Other	Total

Balance as of January 1, 2023	5,106,822	6,233,802	10,436,374	1,729,000	2,327,664	25,833,662
Of which:
- historical cost	11,767,135	9,889,773	18,310,369	1,729,000	4,612,817	46,309,094
- accumulated amortization	(6,660,313)	(3,655,971)	(7,873,995)			- (2,285,153) (20,475,432)
Changes in scope of consolidation	-	-	3,162,248	-	-	3,162,248
Investments	7,598,426	5,036,480	3,383,077	1,797,573	417,088	18,232,644
Amortization	(3,260,739)	(2,998,950)	(5,328,613)			- (1,291,460) (12,879,762)
Reclassifications	-	1,729,000	-	(1,729,000)	-	-
Balance as of December 31, 2023	9,444,509	10,000,332	11,653,086	1,797,573	1,453,292	34,348,792
Of which:
- historical cost	27,609,762	16,568,695	21,332,964	1,797,573	4,191,335	71,500,329
- accumulated amortization	(18,165,253)	(6,568,363)	(9,679,878)			- (2,738,043) (37,151,537)
Changes in scope of consolidation	578,493	-	1,841,348	-	-	2,419,841
Investments	7,883,063	676,864	2,411,968	-	985,153	11,957,048
Disposals	-	-	-	-	(368,748)	(368,748)
Amortization	(5,746,015)	(2,995,554)	(6,722,776)	-		(891,082) (16,355,427)
Reclassifications	-	1,044,641	633,507	(1,678,148)	-	-
Balance as of December 31, 2024	12,160,050	8,726,283	9,817,133	119,425	1,178,615	32,001,506
Of which:
- historical cost	35,624,631	19,293,030	23,286,588	119,425	3,886,837	82,210,511
- accumulated amortization		(23,464,580) (10,566,747) (13,469,455)				- (2,708,014) (50,208,796)

"Development costs" include costs related to the application of the results of research or other knowledge to a plan or project aimed at the production of new or substantially advanced applications, devices and software systems prior to the start of commercialization, for which the future production of economic benefits can be demonstrated.

Intangible assets recognized as of December 31, 2024, amount to Euro 32,001,506 and show a net decrease compared to the previous year of Euro 2,347,286 attributable to: lower investments in the period compared to the previous financial year Investments of the period for a total of Euro 11,957 thousand are mainly attributable to development costs (Euro 7,883 thousand) for which, following appropriate analysis, the Directors believed that all the requirements for their capitalization were met; to the acquisition of licenses (Euro 2,412 thousand); to intellectual property rights (Euro 677 thousand), net of amortization for the year of Euro 16,355 thousand.

With reference to the recoverability of the intangible assets with finite useful lives discussed above, it should be noted that the impairment tests carried out by the Directors, with the assistance of an external expert on all the CGUs that make up the consolidated financial statements, did not reveal the existence of impairment and therefore the need to proceed with impairment losses. With reference to the impairment test carried out on the RCS Group CGU and the Diateam CGU, please refer to the previous "Goodwill" paragraph of these notes.

With reference to the CGU, inclusive of the parent's assets and liabilities, the recoverable amount was determined by estimating the value in use considering the flows forecasted in the Business Plan prepared for the period 2025-2029, which reports the sales projections, investments, margins, as well as the trend of the main market variables (e.g. inflation, nominal interest rates and exchange rates). It is specified that even for the preparation of the impairment test of the net assets of the CY4Gate CGU, the directors of the parent company have used the specific advice of an external expert.

As mentioned above, an explicit period of five years was used, beyond which the above flows were projected using the method of the perpetual annuity (terminal value) using a growth rate (g-rate) forecasted for the reference market was to 2% corresponding to the ECB inflation growth forecasts in the medium-long term.

The above cash flows were discounted using a pre-tax WACC of 9.61%.

The discount rate was assumed through an average of the yields of BTPs issued by the Italian state in 2024 (average duration of about 7 years). The market risk premium of 6.20% has been estimated by many studies based on observations over very long periods (10-30 years) of stock returns exceeding the return on government bonds. The considered unlevered beta index of 0.54 is equal to that of the Parent company, as it is a listed company, levered on the basis of CY4Gate's financial structure and tax rate through the application of Hamada's formula. The fair net rate of return is therefore 7.46%; 10.48% pre-tax.

The plans underlying the above-mentioned impairment tests were approved by the Board of Directors of the parent company.

In addition, the following sensitivity analyses were carried out:

change in the WACC of 2.5%. 5%. 7.5% and 10%. i.e. a change ranging from 9.61% to 10.57%. and a growth rate change ranging from 2% to 1%;
the impact on the value of the CGU of a 10% decrease in the terminal value of the cash flows that can be generated at full capacity, as compared to the assumptions made in the baseline scenario, was simulated. No impairment was required for this sensitivity analysis.

Even in the described sensitivity scenarios, there was no need to record an impairment of intangible assets with a finite useful life.

Following the impairment test carried out on the basis of the above considerations, it is noted that the recoverable amount of the CY4Gate CGU exceeds the corresponding carrying amount as of December 31, 2024.

17.Property, plant and equipment

This item and its change can be detailed as follows:

(in Euro)	Plant and machinery	Industrial and commercial equipment	Other assets	Land and buildings	Assets under construction and payments on account	Total
Balance as of January 1, 2023	259,501	2,405,307	2,500,139	-	-	4,732,835
Of which:
- historical cost	1,403,777	13,660,666	8,627,082	-	-	23,691,525
- accumulated depreciation	(1,144,276)	(11,255,359)	(6,559,055)	-	-	(18,958,690)
Changes in scope of
consolidation	-	166,374	-	382,186	-	548,560
Investments	709,893	2,017,911	1,055,198	1,130	81,219	3,865,351
Disposals	-	(21,118)	(21,520)	-	-	(42,638)
Depreciation	(547,483)	(605,579)	(601,566)	(54,357)	-	(1,808,985)
Balance as of December 31, 2023	421,911	3,962,895	2,500,139	328,959	81,219	7,295,123
Of which:
- historical cost	2,107,192	14,984,636	9,365,512	554,208	81,219	27,092,767
- accumulated depreciation	(1,685,281)	(11,021,740)	(6,865,373)	(225,249)	-	(19,797,643)
Changes in scope of consolidation	-	21,765	-	-	-	21,765
Investments	660,516	3,175,287	1,727,177	-	218,066	5,781,046
Disposals	(633,554)	-	-	-	-	(633,554)
Depreciation	(169,518)	(1,850,287)	(539,750)	(54,578)	-	(2,614,133)
Balance as of December 31, 2024	279,355	5,309,660	3,687,566	274,380	299,286	9,850,247
Of which:
- historical cost	1,473,638	18,181,688	11,092,689	554,208	299,286	31,601,509
- accumulated depreciation	(1,194,283)	(12,872,028)	(7,405,123)	(279,827)	-	(21,751,261)

The item "Property, plant and equipment" as of December 31, 2024, amounts to Euro 9,850,247 and shows a net increase compared to the previous year of Euro 2,555,124 mainly attributable to:

investments for Euro 5,781 thousand, mainly for purchases of industrial and commercial equipment (Euro 3,175 thousand) and other assets (Euro 1,727 thousand);
decreases totalling Euro 3,248 thousand due to depreciation of the year(Euro 2,614 thousand) and disposals (Euro 634 thousand).

With reference to the recoverability of the item Plant and machinery, impairment tests on the identified CGUs, carried out by the Directors of the Parent Company with the help of an external expert, described in the previous paragraphs of these notes, have demonstrated the recoverability of the item "Property, plant and equipment" commented on and therefore the absence of impairment losses to be recognized in the Consolidated Financial Statements as of and for the year ended December 31, 2024.

18.Right-of-Use Assets

This item can be detailed as follows:

	As of December 31
(in Euro)	2024	2023
Buildings	4,366,485	2,280,838
Hardware	326,480	682,803
Vehicles	1,001,412	682,550
Total right-of-use assets	5,694,377	3,646,191

Below are the amounts included in the Statement of profit and loss for the years ended December 31, 2024, and 2023:

	As of December 31
(in Euro)	2024	2023

Depreciation of right-of-use assets	1,975,714	1,737,138
Interest expense on lease contracts	125,628	108,082
Rentals and accessory expenses	923,878	1,229,290
Total	3,025,220	3,074,510

This item is mainly attributable to the lease of the Group's offices, as well as the rental of hardware used in the ordinary operations of the RCS Group, and of vehicles.

The depreciation period of right-of-use assets is 6 years for buildings, 5 years for hardware and 4 years for cars. It should also be noted that the Group has chosen to exclude from the scope of application leases with a duration of less than 12 months and those concerning goods of modest value whose effects, therefore, are recorded under the item "Purchases, services and personnel expenses".

With reference to the recoverability of the right-of-use assets, the impairment tests on the identified CGUs, carried out by the Directors of the Parent Company with the help of an external expert, discussed in the previous paragraphs of these notes, have demonstrated the recoverability of the right-of-use assets commented on and therefore the absence of impairment losses to be recognized in the Consolidated Financial Statements as of and for the year ended December 31, 2024,

19.Inventories

This item can be detailed as follows:

	As of December 31
(in Euro)	2024	2023
Finished products and goods	973,830	759,066
Total	973,830	759,066

The item is mainly attributable to the inventories of finished products and goods of the RCS Group (Euro 881 thousand), mainly consisting of external hard drives and other similar products currently used in the RCS Group's business. The item is completed by the inventories of the subsidiary Diateam (Euro 93 thousand).

20.Trade receivables

This item can be detailed as follows:

		As of December 31
(in Euro)	2024	2023

From customers	45,940,377	49,050,886
From parent companies	5,662,699	5,727,691
Loss allowance	(1,662,510)	(1,127,391)
Total	49,940,566	53,651,186

	As of December 31
(in Euro)	2024	2023

From customers (Italy)	40,740,339	45,647,548
From customers (outside Italy)	10,862,737	9,131,029
Loss allowance	(1,662,510)	(1,127,391)
Total	49,940,566	53,651,186

The following table presents the movement of the loss allowance:

(in Euro)	Loss allowance
Balance as of January 1, 2023	(1,282,213)
Accrual	(284,955)
Utilization	439,777
Balance as of December 31, 2023	(1,127,391)
Accrual	(535,119)
Utilization	-
Balance as of December 31, 2024	(1,662,510)

21.Current tax assets and liabilities

The items "current tax assets" and "current tax liabilities", respectively amounting to, as of December 31, 2024, Euro 79 thousand and Euro 278 thousand (Euro 394 thousand and Euro 1,031 thousand as of December 31, 2023), refer entirely to amounts claimed from and due to the Treasury for IRES and IRAP.

22.Other current and non-current assets

The item other current and non-current assets can be detailed as follows:

		As of December 31
(in Euro)	2024	2023

Accrued income	1,926,526	3,491,655
VAT assets	1,708,386	2,739,683
Tax credits for capital expenditures	517,987	511,705
Tax credits for research and development	1,032,037	1,231,335
Other	496,006	611,630
Total other current assets	5,680,942	8,586,008
Tax credits for capital expenditures	62,999	445,462
Tax credits for research and development	570,852	1,014,479
Other	397,938	1,931
Total other non-current assets	1,031,789	1,461,872
Total other current and non-current assets	6,712,731	10,047,880

Other current assets, amounting to Euro 5,681 thousand, show a decrease compared to the previous year by Euro 2,905 thousand, mainly due to the decrease in VAT receivables (Euro 1,031 thousand) and accrued income (Euro 1,565 thousand). XTN, consolidated as of January 1, 2024, contributes Euro 258 thousand to this item. Other non-current assets, amounting to Euro 1,030 thousand in total, show a decrease compared to the previous year of Euro 432 thousand, mainly attributable to the reduction in tax credits for research and development.

It should also be noted that the items "Tax credits for capital expenditures" and "Tax credits for research and development" refer to tax credits recognized following a technical expert appraisal.

23.Cash and cash equivalents

As of December 31, 2024, cash and cash equivalents amount to Euro 14,537,530 (Euro 17,561,190 as of December 31, 2023) and are essentially made up of deposits in Euro at leading financial institutions.

24.Current and non-current financial assets

This item can be detailed as follows:

	As of December 31 2024		As of December 31 2023

(in Euro)	Current	Non-current	Current	Non-current

Deposits	93,860	42,704	158,697	67,954
Derivative financial instruments	50,380	59,532	231,110	85,144
Policies on active contracts	26,492	-	26,492	-
Securities	800,000	-	800,000	-
Loan to Prontocyber Plus	-	400,000	-	-
Others	-	15	-	112
Total current and non-current financial assets	970,732	502,251	1,216,299	153,210

The item "derivative financial instruments" refers to hedging derivatives on interest rates subscribed to deal with the interest rate risk on loan agreements signed by the Parent Company and its subsidiaries; these instruments will expire, respectively, in 2028 those signed by the Parent Company and between 2025 and 2026 those signed by the subsidiaries. The item "loan to Prontocyber Plus" is related to the first tranche of the non-interest-bearing shareholders' loan in favor of the newco Prontocyber Plus, subscribed at the time the company was established. It should be noted that the loan consists of two tranches, with the second tranche of Euro 575 thousand disbursed by the Company in January 2025. The item "securities" refers to short-term investments of the subsidiary Diateam.

25. Equity-accounted investments

The increase in the item "Equity-accounted investments" of Euro 663 thousand is related to the recognition of the Joint venture Prontocyber Plus S.r.l.; recognized in the financial statements at the fair value of the asset granted by the Parent Company at the inception of the investee (Euro 1,478 thousand as determined by an independent expert) recognized to the extent of the other investors' interest in the investee - as required by the relevant accounting framework (IAS 28) - net of the profit (loss) for the year of Prontocyber attributable to the owners of the parent company.

26. Contract assets and liabilities

Contract assets include the net amount of activities carried out for amounts exceeding the payments on account received from customers, Similarly, contract liabilities accommodate the opposite case.

The net balance of contract assets is composed as follows:

	As of December 31
(in Euro)	2024	2023

Gross contract assets	9,031,355	3,854,628
Contract liabilities	(584,817)	(241,000)
IFRS 9 impairment provision	(17,357)	(4,549)
Contract assets	8,429,181	3,609,079
Gross contract liabilities	(2,631,155)	(552,018)
Contract assets	159,150	52,844
Contract liabilities	(2,472,005)	(499,174)
Net amount	5,957,176	3,109,905

The item "Contract liabilities", totaling Euro 2,472 thousand, increased by Euro 1,973 thousand, mainly attributable to RCS for contracts signed in the last quarter of the financial year, for which the company has issued advances against activities to be carried out mainly in 2025. The increase in contract assets, amounting to Euro 4,820 thousand, is mainly due to the Parent Company, for work on orders that have not yet been invoiced.

27.Equity

Share capital

As of December 31, 2024 and 2023, the Company's share capital, fully subscribed and paid up, amounts to Euro 1,441,500.

Other reserves and retained earnings

The item "Reserves" can be detailed as follows:

(in Euro)	Reserve for treasury shares	Other Reserves	Retained earnings	Total Reserves

As of January 1, 2023	-	(2,226,672)	11,152,909	8,926,237
Actuarial losses on defined benefit plans	-	(76,476)	-	(76,476)
Fair value gains/(losses) on cash flow hedges	-	(317,689)	-	(317,689)
Comprehensive income/(loss)	-	(394,165)	-	(394,165)
Allocation of prior year result	-	-	2,209,462	2,209,462
Acquisition of treasury shares	(1,600,410)	-	-	(1,600,410)
Other changes	8,429	(88,001)	-	(79,572)
Share-based payments	-	211,295	-	211,295
As of December 31, 2023	(1,591,981)	(2,497,543)	13,362,371	9,272,847
Actuarial losses on defined benefit plans	-	(157,768)	-	(157,768)
Fair value gains/(losses) on cash flow hedges	-	(162,844)	-	(162,844)
Comprehensive income/(loss)	-	(320,612)	-	(320,612)
Allocation of prior year result	-	-	(10,704,682)	(10,704,682)
Acquisition of treasury shares	(1,606,906)	-	-	(1,606,906)
Other changes	-	(139,618)	-	(139,618)
Dividend distribution	-	(194,250)	-	(194,250)
Share-based payments	-	213,713	-	213,713
As of December 31, 2024	(3,198,887)	(2,938,310)	2,657,689	(3,479,508)

Share-based payments

For further details on share-based payments, please refer to note 9.

28.Current and non-current financial and lease liabilities

The following table provides details of the item as of December 31, 2024 and 2023:

As of December 31, 2024 (in Euro)	Within 12 months	Between 1 and 5 years	Over 5 years	Total
Bank loans and borrowings	14,932,527	21,819,952	-	36,752,478
Other loans and borrowings	139,509	5,000	-	144,509
Lease liabilities	1,631,866	4,227,281	-	5,859,147
Put option on business combinations	1,781,953	2,391,845	-	4,173,798
Total	18,485,854	28,444,078	-	46,929,933

As of December 31, 2023 (in Euro)	Within 12 months	Between 1 and 5 years	Over 5 years	Total
Bank loans and borrowings	6,513,610	16,372,319	-	22,885,929
Other loans and borrowings	172,066	-	-	172,066
Lease liabilities	1,207,015	2,571,452	-	3,778,467
Put option on business combinations	1,666,391	4,074,006	-	5,740,397
Total	9,559,082	23,017,777	-	32,576,859

The table below summarizes the information on bank loans and borrowings:

Loan	Funding entity	Rate applied	Maturity date	Original principal amount	Carrying amount as of December 31, 2024	of which current
"Bank pool" Line A Loan	Credit Agricole, ICCREA	Euribor 6m + 200bp	03/29/2028	12,500,000	8,446,519	2,247,705
"Bank pool" Capex Line Loan	Credit Agricole, ICCREA	Euribor 6m + 200bp	03/29/2028	25,000,000	20,312,500	6,250,000
Short-term loan	Credit Agricole	Euribor 3m + 120bp	02/10/2025	500,000	500,000	500,000
Chirography Contract	BPER	Euribor 3m + 90 bp	10/25/2025	1,000,000	1,000,000	1,000,000
Intesa San Paolo Loan	Intesa San Paolo	Euribor 3m + 90 bp	06/25/2025	3,000,000	378,176	378,176
Unicredit Loan	Unicredit	Euribor 3m + 50 bp	12/31/2025	1,500,000	744,973	744,973
Intesa San Paolo Loan	Intesa San Paolo	Euribor 6m + 132 bp	11/30/2026	3,000,000	2,000,000	1,000,000
"Bank pool" Revolving Line Loan	Credite Agricole, ICCREA	Euribor 6m + 200 bp	03/29/2028	2,500,000	2,500,000	2,500,000
Credit Mutuel Bretagne Loan	Credit Mutuel Bretagne	Euribor 3m + 1,15%	06/17/2029	550,000	258,899	55,553
Mediocredito InvestitionsBank	Mediocredito Trentino Alto Adige SpA	2,90%	07/31/2027	700,000	525,000	175,000
Other	n,a,	n,a,	n,a,	n,a,	86,410	81,118
Total				50,250,000	36,752,478	14,932,526

Non-current financial liabilities mainly refer to bank loans and borrowings of Euro 21,820 thousand, mainly consisting of:

the portion beyond 12 months of the Line A loan agreement signed with Credit Agricole Italia S.p.A., leader of a pool of banks, for a maximum total amount of Euro 45,000,000 (the "Loan Agreement"), used as of December 31, 2024, for the portion dedicated to the partial financing of the acquisition in 2022 of the RCS Group amounting to a total of Euro 12,500,000 accounted for a carrying amount of Euro 8,446,519, which takes into account the effect related to the application of the amortized cost criterion and the installments paid based on the amortization plan provided for by the agreement;
the portion beyond 12 months of the Acquisition/Capex Line of the above-mentioned loan agreement, used as of December 31, 2024, for: (i) the financing of the acquisition of Diateam in the year 2023 amounting to a total of Euro 5,555,052; the financing of the acquisition of XTN in the year amounting to a total of Euro 8,729,700; additional draws of Euro 10,715 thousand net of repayments of Euro 4,688 thousand paid as per the contractual amortization schedule, to finance the consolidation of the group and investments in the plan's time frame.
the portion beyond 12 months of a loan to support working capital and investments of the RCS investee, amounting to Euro 1,000 thousand.

In addition to bank loans and borrowings, non-current financial liabilities consisted of Euro 4,227 thousand of noncurrent lease liabilities and Euro 2,392 thousand of the portion beyond 12 months of the financial liability registered on the basis of the put agreements provided for by the acquisition contract of Diateam SaS and by the acquisition contract of XTN exercisable by non-controlling interest of the investees, in application of the anticipated acquisition method adopted by the Group for this type of agreements - in the three-year period 2024-2026 for Diateam; in 2027 for XTN in order to allow the parent CY4Gate S.p.A. to acquire 100% of the capital of Diateam and an additional 2.2% of the capital of XTN.

Current financial liabilities mainly refer to bank loans and borrowings of Euro 14,933 thousand, mainly consisting of:

the portion of liability within 12 months of CY4Gate S.p.A. for the Loan Agreement discussed above, of Euro 8,498 thousand;
the portion beyond 12 months of the loans of the RCS investee to support working capital and investments, amounting to Euro 4,500 thousand.

In addition to bank loans and borrowings, current financial liabilities consisted of Euro 1,632 thousand of non-current lease liabilities and Euro 1,782 thousand of the portion beyond 12 months of the financial liability registered on the basis of the put agreements provided for by the acquisition contract of Diateam SaS and by the acquisition contract of XTN mentioned above.

The loan agreement subscribed with Credit Agricole Italia S.p.A., head of a pool of credit institutions banks, provides for the repayment of the principal amount by its due date in 11 semi-annual installments according to the contractual amortization schedule for Line A. Furthermore, CY4Gate will pay the interest accrued over time, for each interest period, on the amounts disbursed and not repaid, at an interest rate amounting to the EURIBOR 6M/360 rate plus a spread of 225 b.p. for which a derivative has been stipulated for 100% of the amount to cover the risk.

It is also noted that according to the loan agreement, the spread to be applied to the reference rate for each line of finance can vary semi-annually, either increasing or decreasing, depending on the change of the "Net Financial Indebtedness/EBITDA (NFI/EBITDA)" ("financial covenant") ratio calculated based on the consolidated financial statements data or the consolidated half-year report, starting from a base ratio of 2x. The parent company has therefore committed to respecting the aforementioned financial parameter NFI/EBITDA, accepting that the lending banks and the agent bank may undertake the actions and remedies provided for in the contract, including, among other things, the repayment of amounts not yet paid and the related interest, in the event that the initial financial situation at a consolidated level does not comply with said parameter.

The compliance with the aforementioned financial parameter will be verified every six months on a "rolling" basis (i.e., with reference to the data for the previous twelve months), starting from that relating to the year ended December 31, 2022. The covenant was complied with as of December 31, 2024.

In addition, it should be noted that such a loan agreement provides certain limitations on the distribution of profits and/or dividends to the parent company, in particular, the parent company will not be able to proceed with the distribution of profits and/or dividends, nor payments of any amount under any title and in any form to its shareholders, except for payments under commercial contracts and/or subordinate employment relations (including, for example, as capital payment, interest or other utilities on shareholders' loans also in bond form, or as consideration for services rendered and/or management fees) (each operation, a "Distribution"), if not subject to the occurrence of all the following conditions:

the first Distribution is subsequent to the approval of the Issuer's financial statements as of December 31, 2022;
for the duration of the Loan Agreement, each Distribution does not exceed 50% (fifty percent) of the profits resulting from the Issuer's financial statements for the year immediately preceding the one in which the relevant Distribution is to be made;
at the date of the Distribution there is no Relevant Event and such Distribution does not in itself determine a Relevant Event (as defined in the Loan Agreement).

The remaining part of the loan, currently not used, provides for the possibility of activating a medium-long term Revolving line of credit, usable for revolving type cash, up to a maximum of Euro 5,000,000 (the "Revolving Line") aimed at financing the cash needs related to the Treasury needs of the Group.

Furthermore, the item includes financial liabilities of Diateam related to a loan contract in place with Credit Mutuel, as well as financial liabilities of XTN related to a Minibond agreement.

It should also be noted that in relation to the financing of the RCS Group, Diateam and XTN there are no financial covenants.

Net financial indebtedness

The following table illustrates the detail of the Group's Net Financial Position, with the analysis of debt and credit positions towards related parties, highlighting the net financial indebtedness determined according to Consob communication no. DEM/6064293 of July 28, 2006 and the Warning n. 5/21 issued by Consob on April 29, 2021 with reference to ESMA Guidance 32-382-1138 of March 4, 2021.

	As of December 31
(in Euro)	2024	of which to related parties	2023	of which to related parties

A. Cash	(14,537,530)	-	(17,561,190)	-
B. Cash equivalents	-	-	-	-
C. Other current financial assets	(667,780)	(419,000)	(985,189)	-
D. Liquidity (A+B+C)	(15,205,310)	(419,000)	(18,546,379)	-
E. Current financial debt (including debt instruments, but excluding the current portion of non-current financial debt)	5,295,877	-	1,297,081	244,994
F. Current portion of non-current financial debt	12,887,026	256,718	8,030,891	-
G. Current financial indebtedness (E+F)	18,182,902	-	9,327,972	244,994
H. Net current financial indebtedness (G+D)	2,977,592	256,718	(9,218,407)	244,994
I. Non-current financial debt (excluding current portion and debt instruments)	28,269,571	474,237	22,932,633	729,795
J. Debt instruments	-	-	-	-
K. Non-current trade and other payables	-	-	-	-
L. Non-current net financial indebtedness (I+J+K)	28,269,570	474,237	22,932,633	729,795
M. Total financial indebtedness (H+L)	31,247,162	730,955	13,714,226	974,789
N. Non-current financial assets	(327,742)	-	(68,066)	(19,000)
Net Financial Indebtedness (M+N)	30,919,422	730,955	13,646,160	955,789

The item "F. Current portion of non-current financial debt" includes the current portion of the item in the consolidated financial statements as of December 31, 2024 related to loans (Euro 9,732 thousand), other loans and borrowings (Euro 44 thousand), the liability connected to the put option on business combinations (Euro 1,782 thousand), the current portion of the item in the consolidated financial statements as of December 31, 2024 related to current lease liabilities (Euro 1,632 thousand), as well as the current portion of financial derivative instruments (Euro 303 thousand).

Lease liabilities

The item "lease liabilities" can be detailed as follows:

		As of December 31
(in Euro)	2024	2023
Buildings	4,462,217	2,316,448
Hardware	998,365	785,947
Cars	398,566	676,072
Total	5,859,147	3,778,467

The item "lease liabilities", amounting in total to Euro 5,859 thousand, refers to the lease liabilities recorded as a counterpart to the recognition of the right-of-use assets, for the existing lease contracts for the buildings in which the Group's offices are located, for hardware and cars.

The increase in the item is mainly attributable to the payment of the installments made during the 2024 financial year of the leasing contracts signed by the Group.

29.Employee benefits

The item includes the provision for post-employment benefits (TFR) for Group employees.

TFR

The changes in the item can be detailed as follows:

(in Euro)	2024	2023
Balance as of January 1	3,581,384	2,894,479
Change in scope of consolidation	202,344	-
Transfers to Pension Funds / Treasury / Taxation	-	(11,266)
Service costs	1,022,451	802,683
Services financial expense	128,088	108,494
Uses for indemnities paid and advances	(404,392)	(313,632)
Actuarial gains	209,499	100,626
Balance as of December 31	4,739,373	3,581,384

The actuarial assumptions for the calculation purposes of the defined benefit pension plans are detailed in the following table:

	As of December 31, 2024	As of December 31, 2023
Economic assumptions
Inflation rate	2.00%	2.25%
Discount rate	3.18%	3.12%
Salary growth rate	1.00%	2.25%

Demographic assumptions are based on actuarial expectations, in accordance with relevant and published industry statistical data, applied on the average of the personnel in service during the periods.

The following is a sensitivity analysis related to defined-benefit pension plans based on changes in the main assumptions as of December 31, 2024, and 2023:

As of December 31, 2024		Impact on liability
(in Euro)	Changes in assumptions	increase in assumptions	decrease in assumptions
Economic assumptions
Inflation rate	0.25%	56,220	(55,083)
Discount rate	0.25%	(68,376)	70,439
Salary growth rate	1.00%	8,964	(10,242)

As of December 31, 2023	Changes in assumptions	Impact on liability
(in Euro)		increase in assumptions	decrease in assumptions
Economic assumptions
Inflation rate	0.50%	59,937	(40,046)
Discount rate	0.50%	(106,708)	134,166
Salary growth rate	0.50%	50,869	(29,298)

The sensitivity reported above is conducted based on changes in individual assumptions, keeping the others unchanged, although in practice any changes in an assumption can generally also reflect in the others due to potential correlations. The sensitivity presented above was calculated using the same methodology (projected unit credit method) used to define the liability recognized in the Statement of Financial Position.

Through its defined benefit pension plans, the Group is exposed to certain risks, the most significant of which are described below.

Discount and inflation rate risk

The present value of defined benefit pension plans is calculated using a discount rate determined using the rate of high quality corporate bond. A decrease in the discount rate would result in an increase in liability. A decrease in the inflation rate would result in a decrease in the liability.

Employee resignation and early retirement probability

The present value of defined benefit pension plans is calculated using the best estimate of resignations and early retirement. An increase in the rate of resignations and early retirement would result in an increase in the liability.

30.Provisions for risk and charges

The change of the items can be detailed as follows:

(in Euro)	Product warranty provision	Total
As of January 1, 2023	122,111	122,111
Accruals	78,660	78,660
Utilization	(122,111)	(122,111)
As of December 31, 2023	78,660	78,660
Accruals	-	-
Utilization	(78,660)	(78,660)
As of December 31, 2024	-	-

This item changed during the year only for a utilization of Euro 79 thousand, as shown in the table.

31.Deferred tax assets and liabilities

The net change of this item can be detailed as follows:

(in Euro)	2024	2023
Balance as of January 1	1,234,349	(103,420)
Of which:
- deferred tax assets	3,518,420	2,833,918
- deferred tax liabilities	(2,284,071)	(2,937,338)
Change in scope of consolidation	(445,581)	(749,959)
Effect on profit or loss	8,091,730	2,212,093
Effect on comprehensive income	204,307	(124,365)
Balance as of December 31	9,084,807	1,234,349
Of which:
- deferred tax assets	10,460,187	3,518,420
- deferred tax liabilities	(1,375,380)	(2,284,071)

Deferred tax assets recognized in the financial statements mainly refer to tax losses. Deferred tax liabilities mainly refer to deferred taxes recognized on the assets arising from the PPA of the RCS Group, Diateam and XTN. It is specified that when recognizing deferred taxes, the Directors verify their full recoverability based on the future taxable income that the Group will be able to achieve in the coming years.

The item "Deferred tax liabilities" is mainly related to the recognition of deferred taxation on the capital gains allocated as part of the price paid for the acquisition of the RCS Group, during 2022, of Diateam SaS, during 2023, and XTN during 2024, as more fully described in Note 5 "Business Combinations".

32.Trade payables

This item can be detailed as follows:

(in Euro)	As of December 31
	2024	2023

Trade payables	11,918,398	13,892,246
Payables to parent companies	-	485,727
Total trade payables	11,918,398	14,377,973

Trade payables are recorded for an amount of Euro 11,918 thousand and show a decrease compared to the previous year for Euro 2,460 thousand, mainly due to the decrease in trade payables.

The geographical breakdown of trade payables is reported below:

(in Euro)		As of December 31
	2024	2023

Italy	10,384,098	11,710,350
Outside Italy	1,534,300	2,667,623
Total	11,918,398	14,377,973

33.Other current and non-current liabilities

This item can be detailed as follows:

	As of December 31
(in Euro)	2024	2023

Accrued expenses and deferred income	3,559,998	447,636
Total other non-current liabilities	3,559,998	447,636
Accrued expenses and deferred income	6,265,132	3,768,722
Other liabilities	3,199,307	2,940,022
Employees	3,954,489	3,328,463
Social security and welfare institutions	1,596,657	1,352,579
Tax Authorities for VAT	1,048,291	1,022,855
Tax Authorities for IRPEF	169,036	120,117
Advances on grants	773,625	313,176
Total other current liabilities	17,006,538	12,845,934
Total other current and non-current liabilities	20,566,536	13,293,570

The item "Other current liabilities" amounted to Euro 17,007 thousand and shows an increase compared to the previous year of Euro 4,161 thousand. The increase is mainly attributable to deferred income, mostly due to the type of business of the newly acquired XTN.

The item "Other non-current liabilities" amounted to Euro 3,560 thousand and shows an increase compared to the previous year of Euro 3,112 thousand due to higher deferred income.

34.Other information

Guarantees

As of December 31, 2023, the following guarantees were given by the Group:

guarantees (advance bond) issued by Creval in September 2018 for Euro 70,000 relating to a contract towards an end user in a Middle Eastern country;
guarantees (bid bond) issued by Creval in October 2021 for Euro 30,000 for participation in a tender in a Middle Eastern country;
guarantees issued by Credit Institutions on behalf of the subsidiary RCS ETM Sicurezza for Euro 165,000, of which Euro 135,000 relating to a foreign order and Euro 30,000 as a security deposit for a leased property;
guarantees, referred to the SME Guarantee Fund, issued by Mediocredito Centrale for an amount of Euro 1,017,018 issued in relation to loans obtained by the subsidiary RCS in previous years.

The following describes the pledges on social participations established (or to be established) under the Loan Agreement subscribed on March 29, 2022 between CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A., following its adherence to the agreement, and a pool of lending banks led by Crédit Agricole Italia S.p.A.

RCS Group: on March 29, 2022, CY4Gate S.p.A., in its capacity as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of Aurora S.p.A. as a guarantee of the correct, full and timely fulfillment of all present and/or future monetary obligations of CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks, arising from any title from the loan agreement subscribed on March 29, 2022 between CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks. It is noted that this pledge has converged in RCS following the reverse merger completed on November 15, 2022;
RCS ETM Sicurezza pledge: on March 29, 2022, Aurora S.p.A., as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of RCS ETM Sicurezza S.p.A., as a guarantee of the correct, full and timely fulfillment of the monetary obligations (within the limits expressly provided for in the relevant pledge deed) of CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks arising from any title from the loan agreement subscribed on March 29, 2022 between CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks.

Seasonality of the business

The business in which the Group operates is characterized by a marked concentration of deliveries and cash flow from customers in the last three months of the year. This aspect of collections affects both inter-annual cash flows and the variability of the Group's debt situation in different periods of the year, characterized by substantial improvements in the last few months of the calendar year.

Judicial and arbitration proceedings

As of the date of preparation of these consolidated financial statements, the Group is not party to significant administrative, judicial or arbitration proceedings, which may have or have had in the recent past significant repercussions on the financial situation or profitability of the Parent Company and/or the Group. For the sake of completeness, it should be noted that during the first half of 2021, the Public Prosecutor's Offices of Naples and Florence opened investigations, respectively, against the members of the Board of Directors of RCS at the time of the contested facts and the then technical engineer in charge of the subsidiary. These investigations, which were pending at the reporting date, refer to the active telematic interception activity carried out on behalf of the Perugia Public Prosecutor's Office by the subsidiary RCS and, in particular, concern the storage of the data captured on a transit server located in Naples and owned by the subsidiary RCS, before their definitive transfer to another server used by the competent Public Prosecutor's Office located in Rome. At the date of preparation of these consolidated financial statements, investigations are still ongoing and none of the Group companies has been reached by the information of investigation pursuant to art. 57 of Legislative Decree 231. During the first half of 2024, the Naples prosecutor's office restored the service provided for the installation and management of computer interceptors, a service temporarily suspended following the opening of criminal proceedings in 2021. The directors of the parent company and the subsidiary RCS, also on the basis of the assessments received from the external lawyers following the dispute, have assessed as remote the risk that these proceedings may result in potential liabilities for the subsidiary and the Group.

Fees of the directors and statutory auditors

The following table shows the fees of the Directors and Statutory Auditors of the Group for the years ended December 31, 2024 and 2023:

	For the year ended December 31
(in Euro)	2024	2023

Directors' fees	668,421	513,292
Statutory auditors' fees	160,972	95,930
Total	829,393	609,222

The change in directors' fees is due to the inclusion of XTN into the Group, consolidated as from January 1, 2024, whose cost for directors' fees in the year amounted to Euro 162 thousand. The change in statutory auditors' fees is mainly attributable to the Parent Company.

Fees of the independent auditors

Below, as required by art. 149-duodecies of the Implementation Regulation of Italian Legislative Decree of February 24, 1998, no. 58 ("CONSOB Issuers- Regulation"), the details of the fees to the Independent Auditors and the entities belonging to its network are reported. The amounts listed in the table, attributable to the 2024 financial year, are those agreed upon in the contracts, including any indexations (excluding out-of-pocket expenses and VAT).

(in thousands of Euro)		Fees
Type of services	Entity that provided the service	2024
CY4Gate S.p.A.
Auditing	KPMG S.p.A.	111
Attestation services (*)	KPMG S.p.A.	59
Other services with no Attestation	KPMG S.p.A.	6
Total CY4Gate S.p.A.		176
Subsidiaries
Auditing	KPMG S.p.A.	93
Attestation services (*)	KPMG S.p.A.	14
Total subsidiaries		107
Total		283

(*) The attestation services relate to (i) the limited assurance of the Consolidated Sustainability Statement pursuant to Italian Legislative Decree 125/2024; (ii) tax returns; (iii) the audit of the statement of costs incurred for research and development activities.

It should be noted that the investee XTN is audited by a sole auditor whose fee, for the year 2024, amounted to Euro 5 thousand.

35. Transactions with Related Parties

The relationships maintained by the Group with related parties are both commercial and financial in nature.

It should be noted that in August 2024 CY4Gate S.p.A. made a payment of Euro 400 thousand of non-interest-bearing loan to the subsidiary Prontocyber Plus S.r.l. The remaining transactions are set out in the table below, and the Group considers that these transactions with related parties are conducted on an arm's length basis.

	Parent	Joint Ventures	Total related	Total in consolidated	Impact on the consolidated financial
(in Euro)	company		parties	financial statements	statement item
Impact of transactions on
profit or loss
Revenues and other
income
Year ended December 31,
2024	10,175,965	586,697	10,762,662	75,078,798	14%
Year ended December 31, 2023	3,837,560	-	3,837,560	68,264,318	6%

Services Year ended December 31,
2024	(214,565)	(2,600)	(217,165)	(25,767,329)	-1%
Year ended December 31,
2023	(555,751)	-	(555,751)	(25,781,622)	2%
Impact of transactions on
the statement of financial
position
Current and non-current
financial assets
As of December 31, 2024	19,000	400,000	419,000	1,472,983	28%
As of December 31, 2023	19,000	-	19,000	1,369,509	1%
Trade receivables
As of December 31, 2024	5,302,682	325,160	5,627,842	49,940,566	11%
As of December 31, 2023	5,727,691	-	5,727,691	53,651,186	11%
Right-of-use assets
As of December 31, 2024	712,970	-	712,970	5,956,020	12%
As of December 31, 2023	958,502	-	958,502	3,646,191	0
Contract assets
As of December 31, 2024	2,430,044	-	2,430,044	8,429,181	29%
As of December 31, 2023	1,748,572	-	1,748,572	3,609,079	48%
Lease liabilities
As of December 31, 2024	730,955	-	730,955	6,116,323	12%
As of December 31, 2023	974,790	-	974,790	3,778,467	26%
Trade payables
As of December 31, 2024	-	3,172	3,172	11,918,398	0%
As of December 31, 2023	485,727	-	485,727	14,377,973	3%
Contract liabilities
As of December 31, 2024	535,808	-	535,808	2,472,005	22%
As of December 31, 2023	182,823	-	182,823	499,174	37%

Atypical and/or unusual events and operations

During 2024, no significant atypical or unusual operations were carried out, either with third parties or with related parties.

Impacts of the macroeconomic situation

In the preparation of these Consolidated Financial Statements as of and for the year ended December 31, 2024, in accordance with IFRS and the recent notices released by financial market supervisory authorities, the Group has assessed the impact of the Russian invasion of Ukraine and the War in the Middle East on the financial position, performance and cash flows. As of the date of these Consolidated Financial Statements, the Group is constantly monitoring the developments of these conflicts for the identification of further risks. At present, it is considered that there are no significant impacts on the Group's resources and business.

2024 corporate reporting priorities in the ESMA European Common enforcement priorities document

On October 24, 2024, ESMA published the European common enforcement priorities for 2024 corporate reporting. These priorities include:

Priorities related to IFRS financial statements – Liquidity considerations: the focus of the Regulator, as far as applicable to the Group, is on disclosures related to financial liabilities and their classification as current or noncurrent, also in connection with covenants; as well as on the Statement of Cash Flows. In this regard, please refer to Statement of Cash Flows and Note 28.
Priorities related to IFRS financial statements – Accounting policies, judgements and significant estimates: the Regulator's recommendations concern, in particular, revenues from contracts with customers, whose estimates underlying the calculation of work in progress must be reasonable and supported; situations of control, joint control and significant influence; general comments on accounting policies, judgments, significant estimates and related disclosures. In this regard, please refer to Note 4 as well as the comments to revenues and contract assets and liabilities.
Priorities related to ESEF reporting Common errors found in the Statement of Financial Position: it should be noted that the Regulator's recommendations regarding common ESEF tagging errors found in the Statement of Financial Position have been considered for the purposes of ESEF tagging in this document.

Climate-Related Matters

Moreover, as also emphasized by CONSOB Warning Notice no. 2/24 of December 20, 2024, in the aforementioned document of October 2024, ESMA also highlighted the supervisory priorities related to climate issues – published as early as 2021 – which continue to be relevant for the 2024 annual financial statements. In this regard, please refer to the Consolidated Sustainability Statement pursuant to Italian Legislative Decree 125/2024 for information on the climate aspects of the Company and the CY4Gate Group, as well as to the "Risk Management" section of these notes. It is specified that given the type of business of the Company, there is no significant impact of climatic factors on the estimation and valuation processes used by the Directors in preparing the financial statements (described in the "Estimates and Assumptions" section of the notes); nor on the useful life and recoverability assessments of the assets recognized in the financial statements.

State aid disclosures pursuant to Italian Law no. 124/2017

With reference to the transparency obligations established by art, 1, paragraphs 125 to 129 of Italian Law 124/2017, it is noted that during 2024, the CY4Gate Group did not receive any government grants pursuant to the aforementioned law.

36.Significant events of the year

Acquisition of XTN Cognitive Security S.r.l.

On January 16, 2024, following the signing of the previous Preliminary Agreement on November 14, 2023, and the occurrence of certain resolved precedent conditions, CY4Gate, in partnership with Alfa Group, signed the agreement to acquire 97.8% of XTN Cognitive Security, an Italian cybersecurity company, operating in the cybersecurity sector and a leader in the fight against digital fraud with a significant footprint in banking and also present in the automotive market.

Acquisition of treasury shares

Establishment of Prontocyber Plus S.r.l.

Purchase of an additional stake in Diateam S.a.S.

37.Subsequent events

Inclusion of XTN Cognitive Security S.r.l. into National Tax Consolidation System

On March 6, 2025, the Company's Board of Directors resolved to include XTN Cognitive Security S.r.l. in CY4Gate S.p.A.'s National Tax Consolidation System for the 2025-2027 three-year period.

Disbursement of loan instalment to Prontocyber Plus S.r.l.

In January 2025, the Company disbursed Euro 575 thousand of the non-interest-bearing loan to the subsidiary Prontocyber Plus S.r.l., reaching the total amount agreed between the parties of Euro 975 thousand, of which Euro 400 thousand was disbursed in 2024.

Rome, March 12, 2025

On behalf of the Board of Directors

(Emanuele Galtieri)

Statement pursuant to article 154-bis of Legislative decree no. 58 of February 24, 1998, "Italian Consolidated Law on Financial Intermediation", as amended

(Translation from the original Italian text)

The undersigned Emanuele Galtieri and Marco Latini, respectively Chief Executive Officer and Manager in charge of the preparation of the corporate accounting documents of CY4Gate S.p.A. certify, also taking into account the provisions of art. 154-bis, paragraphs 3, 4 and 5-ter, of the legislative decree of February 24, 1998, no. 58:

• the adequacy in relation to the characteristics of the company (also considering any changes occurred during 2024) and

• the effective application of administrative and accounting procedures for the preparation of the consolidated financial statements as of and for the year ended December 31, 2024.

No significant issues arose from the application of the administrative and accounting procedures for the preparation of the consolidated financial statements as of and for the year ended December 31, 2024.
It is also certified that:

3.1 the financial statements as of and for the year ended December 31, 2024:

a) are prepared in compliance with the applicable International Financial Reporting Standards recognized in the European Community under Regulation (EC) No. 1606/2002 of the European Parliament and of the Council of July 19, 2002;

b) are consistent with the underlying accounting books and records;

c) provide a true and correct view of the financial performance, financial position and cash flows of the issuer and of all the companies included in the consolidation.

3.2 The Management Report and the Corporate Governance Report include a reliable analysis of the performance and the result of operations, as well as the situation of the issuer and of all the companies included in the consolidation, together with a description of the main risks and uncertainties they are exposed to.

3.3 The Consolidated Sustainability Statement included in the Management Report has been drawn up in accordance with the reporting standards applied pursuant to Directive 2013/34/EU of the European Parliament and of the Council of June 26, 2013 and the Legislative Decree of September 6, 2024 No. 125 and with the specifications adopted pursuant to Article 8, paragraph 4, of Regulation (EU) 2020/852 of the European Parliament and of the Council of June 18, 2020.

Rome, March 12, 2025

Chief Executive Officer Manager in charge of the preparation of the corporate accounting documents ………………………………………… …………………………………………

KPMG S.p.A. Revisione e organizzazione contabile Via Curtatone, 3 00185 ROMA RM Telefono +39 06 80961.1 Email [email protected] PEC [email protected]

(The accompanying translated consolidated financial statements of the CY4Gate Group constitute a nonofficial version which is not compliant with the provisions of the Commission Delegated Regulation (EU) 2019/815. This independent auditors' report has been translated into English solely for the convenience of international readers. Accordingly, only the original Italian version is authoritative.)

Independent auditors' report pursuant to article 14 of Legislative decree no. 39 of 27 January 2010 and article 10 of Regulation (EU) no. 537 of 16 April 2014

To the shareholders of CY4Gate S.p.A.

Report on the audit of the consolidated financial statements

Opinion

We have audited the consolidated financial statements of the CY4Gate Group (the "group"), which comprise the statement of financial position as at 31 December 2024, the statements of profit or loss, comprehensive income, changes in equity and cash flows for the year then ended and notes thereto, which include material information on the accounting policies.

In our opinion, the consolidated financial statements give a true and fair view of the financial position of the CY4Gate Group as at 31 December 2024 and of its financial performance and cash flows for the year then ended in accordance with the IFRS Accounting Standards issued by the International Accounting Standards Board and endorsed by the European Union, as well as the Italian regulations implementing article 9 of Legislative decree no. 38/05.

Basis for opinion

We conducted our audit in accordance with the International Standards on Auditing (ISA Italia). Our responsibilities under those standards are further described in the "Auditors' responsibilities for the audit of the consolidated financial statements" section of our report. We are independent of CY4Gate S.p.A. (the "parent") in accordance with the ethics and independence rules and standards applicable in Italy to audits of financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Key audit matters

Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the consolidated financial statements of the current year. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

KPMG S.p.A. è una società per azioni di diritto italiano e fa parte del network KPMG di entità indipendenti affiliate a KPMG International Limited, società di diritto inglese.

Ancona Bari Bergamo Bologna Bolzano Brescia Catania Como Firenze Genova Lecce Milano Napoli Novara Padova Palermo Parma Perugia Pescara Roma Torino Treviso Trieste Varese Verona

Allocation of the consideration paid for business combinations

Notes to the consolidated financial statements: notes 2.2 "Scope of Consolidation", 4 "Estimates and assumptions" and 5 "Business combinations"

Key audit matter

Audit procedures addressing the key audit matter

During 2024, in accordance with IFRS 3 Business
combinations, the group completed the recognition of
the fair value of the assets acquired and liabilities
assumed with the acquisition of control over XTN
Cognitive Security S.r.l
Assisted by an external expert, the group measured the
fair value of the assets acquired and liabilities assumed
using the discounted cash flow model. The model is
very complex and entails the use of estimates which,
by their very nature, are uncertain and subjective,
about:
•
the expected cash flows, calculated by taking into
account the acquiree's performance and that of its
sector, the actual cash flows for recent years and
the projected growth rates;
•
the financial parameters used to calculate the
discount rate.
For the above reasons, we believe that the allocation of
the consideration paid for the above acquisition is a key
audit matter.

Our audit procedures included:
•
analysing the contract documents relating to the
acquisition of control over XTN Cognitive Security
S.r.l.;
•
understanding the process adopted to allocate the
consideration paid for the acquisition of XTN
Cognitive Security S.r.l.;
•
analysing the reports prepared by the external
expert engaged by the group to measure the fair
value of the assets acquired and liabilities
assumed with the acquisition of XTN Cognitive
Security S.r.l.;
•
involving experts of the KPMG network in the
assessment of the reasonableness of the valuation
methods and application parameters used to
measure the fair value of the net assets acquired;
•
checking the accounting entries made by the group
in connection with the purchase price allocation
procedure;
•
assessing the appropriateness of the disclosures
provided in the notes about the allocation of the

consideration paid for the acquisition of control

Recoverability of goodwill and intangible assets

Notes to the consolidated financial statements: notes 2.4 "Valuation Criteria - Intangible assets", 4 "Estimates and assumptions", 15 "Goodwill" and 16 "Intangible Assets"

over XTN Cognitive Security S.r.l..

Key audit matter	Audit procedures addressing the key audit matter
The consolidated financial statements at 31 December 2024 include goodwill of €49,190 thousand and intangible assets with a finite useful life of €32,002 thousand under the caption "Intangible assets and goodwill". Assisted by an external expert, the directors tested the cash-generating units (CGUs) to which goodwill and intangible assets with a finite useful life are allocated for impairment, in order to identify any impairment losses compared to their recoverable amount. They estimated the recoverable amount based on value in use, calculated using the discounted cash flow model. The model is very complex and entails the use of estimates which, by their very nature, are uncertain and subjective about:	Our audit procedures included:
	• understanding the process adopted for impairment testing approved by the parent's board of directors;
	• analysing the criteria used to identify the CGU and tracing the amount of the CGU assets and
	liabilities to the relevant carrying amounts in the consolidated financial statements;
	• understanding the process adopted for preparing the 2025-2029 business plan approved by the
	parent's board of directors (the "2025-2029 plan") from which the expected cash flows used for impairment testing have been derived;
	• analysing the reasonableness of the assumptions used by the directors and the external expert to prepare the impairment test;

Key audit matter			Audit procedures addressing the key audit matter
•	the CGUs' expected cash flows, calculated by taking into account the general economic performance and that of their sector, the actual cash flows for recent years and the projected	•	analysing the most significant discrepancies between the previous year business plans' figures and actual figures, in order to check the accuracy of the estimation process adopted by the directors;
	growth rates;	•	comparing the expected cash flows used for
•	the financial parameters used to calculate the discount rate.		impairment testing to the cash flows forecast in the 2025-2029 plan and analysing any discrepancies;
For the above reasons, we believe that the recoverability of goodwill and intangible assets with a finite useful life is a key audit matter.		•	involving experts of the KPMG network in the assessment of the reasonableness of the impairment testing model and related assumptions, including by means of a comparison with external data and information;
		•	assessing the appropriateness of the disclosures provided in the notes about goodwill and intangible assets with a finite useful life and related impairment tests.

Responsibilities of the parent's directors and board of statutory auditors ("Collegio Sindacale") for the consolidated financial statements

The directors are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with the IFRS Accounting Standards issued by the International Accounting Standards Board and endorsed by the European Union and the Italian regulations implementing article 9 of Legislative decree no. 38/05 and, within the terms established by the Italian law, for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

The directors are responsible for assessing the group's ability to continue as a going concern and for the appropriate use of the going concern basis in the preparation of the consolidated financial statements and for the adequacy of the related disclosures. The use of this basis of accounting is appropriate unless the directors believe that the conditions for liquidating the parent or ceasing operations exist, or have no realistic alternative but to do so.

The Collegio Sindacale is responsible for overseeing, within the terms established by the Italian law, the group's financial reporting process.

Auditors' responsibilities for the audit of the consolidated financial statements

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors' report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISA Italia will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these consolidated financial statements.

As part of an audit in accordance with ISA Italia, we exercise professional judgement and maintain professional scepticism throughout the audit. We also:

identify and assess the risks of material misstatement of the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control;
obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the group's internal control;
evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the directors;
conclude on the appropriateness of the directors' use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors' report to the related disclosures in the consolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors' report. However, future events or conditions may cause the group to cease to continue as a going concern;
evaluate the overall presentation, structure and content of the consolidated financial statements, including the disclosures, and whether the consolidated financial statements represent the underlying transactions and events in a manner that achieves fair presentation;
obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance, identified at the appropriate level required by ISA Italia, regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with the ethics and independence rules and standards applicable in Italy and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, the measures taken to eliminate those threats or the safeguards applied.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the consolidated financial statements of the current year and are, therefore, the key audit matters. We describe these matters in our auditors' report.

Report on other legal and regulatory requirements

Opinion on the compliance with the provisions of Commission Delegated Regulation (EU) 2019/815

The parent's directors are responsible for the application of the provisions of Commission Delegated Regulation (EU) 2019/815 with regard to regulatory technical standards on the specification of a single electronic reporting format (ESEF) to the consolidated financial statements at 31 December 2024 to be included in the annual financial report.

We have performed the procedures required by Standard on Auditing (SA Italia) 700B in order to express an opinion on the compliance of the consolidated financial statements with Commission Delegated Regulation (EU) 2019/815.

In our opinion, the consolidated financial statements at 31 December 2024 have been prepared in XHTML format and have been marked up, in all material respects, in compliance with the provisions of Commission Delegated Regulation (EU) 2019/815.

Opinion and statement pursuant to article 14.2.e)/e-bis)/e-ter) of Legislative decree no. 39/10 and article 123-bis.4 of Legislative decree no. 58/98

The parent's directors are responsible for the preparation of the group's directors' report and report on corporate governance and ownership structure at 31 December 2024 and for the consistency of such reports with the related consolidated financial statements and their compliance with the applicable law.

We have performed the procedures required by Standard on Auditing (SA Italia) 720B in order to:

express an opinion on the consistency of the directors' report and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 with the consolidated financial statements;
express an opinion on the consistency of the directors' report, excluding the section that includes the consolidated sustainability statement, and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 with the applicable law;
issue a statement of any material misstatements in the directors' report and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98.

In our opinion, the directors' report and the specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 are consistent with the group's consolidated financial statements at 31 December 2024.

Moreover, in our opinion, excluding the section which includes the consolidated sustainability statement, the directors' report and the specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 have been prepared in compliance with the applicable law.

With reference to the above statement required by article 14.2.e-ter) of Legislative decree no. 39/10, based on our knowledge and understanding of the entity and its environment obtained through our audit, we have nothing to report.

Our opinion on compliance with the applicable law does not extend to the section of the directors' report which includes the consolidated sustainability statement. Our conclusion on the compliance of this section with the legislation governing its preparation and with the disclosure requirements of article 8 of Regulation (EU) 2020/852 is included in the assurance report prepared in accordance with article 14-bis of Legislative decree no. 39/10.

Rome, 28 March 2025

KPMG S.p.A.

(signed on the original)

Matteo Ferrucci Director of Audit

SEPARATE FINANCIAL STATEMENTS AS OF AND FOR THE YEAR ENDED DECEMBER 31, 2024

Financial Statements as of and for the year ended December 31, 2024

CY4Gate S.p.A. Headquarters in VIA COPONIA, 8 00131 ROME Company registration no. 13129151000 – Economic and Administrative Index no. 1426295

	Statement of profit and loss 172
	Statement of Comprehensive Income 173
	Statement of Financial Position 174
	Statement of Cash Flows 175
	Statement of Changes in Equity 176
1.	General Information 178
2.	Basis of Presentation 178
	2.1. Basis of Preparation 178
	2.2. Valuation Criteria 179
	2.3. Recently issued accounting standards 189
3.	Risk Management 190
4.	Estimates and Assumptions 194
5.	Revenues 197
6.	Other revenues and income 198
7.	Purchases, services and personnel expenses 198
8.	Amortization and depreciation 199
9.	Other operating costs 199
10.	Financial income and expense 200
11.	Income Taxes 200
12.	Intangible Assets 201
13.	Property, plant and equipment 203
14.	Right-of-Use Assets 203
15.	Equity Investments 204
16.	Trade receivables 207
17.	Other current and non-current assets 208
18.	Cash and cash equivalents 208
19.	Current and non-current financial assets 209
20.	Contract assets and liabilities 209
21.	Equity 210
22.	Current and non-current financial liabilities 211
23.	Employee benefits 214
24.	Provisions for risk and charges 216

25.	Deferred tax assets and liabilities 216
26.	Trade payables 217
27.	Other current and non-current liabilities 217
28.	Other Information 218
29.	Transactions with Related Parties 219
30.	Significant events of the year 221
31.	Subsequent events 222
	Proposal of the Board of Directors to the Shareholders' Meeting 222

Statement of profit and loss

	Note		of which to	For the year ended December 31 of which to
(in Euro)		2024	related parties:	2023	related parties:

Revenues	5	22,038,832	11,416,529	16,875,004	7,487,560
Other revenues	6	2,825,055	1,173,394	1,228,441	511,939
Purchases, services and personnel
expenses	7	(23,559,397)	(5,150,048)	(20,158,291)	(1,886,760)
Amortization and depreciation	8/12/13	(8,485,681)		(7,725,897)	-
Net impairment losses on financial assets	17	(526,446)		(47,627)	-
Accrual to provision for risks and charges	24	-		(78,660)
Other operating costs	9	(229,423)		(125,444)	-
Operating profit/(loss)		(7,937,060)	7,439,875	(10,032,474)	6,112,739
Financial income	10	1,402,035	773,201	295,414	3,465
Financial expense	10	(2,404,059)		(1,561,834)	-
Profit/(loss) before tax		(8,939,084)	8,213,076	(11,298,894)	6,116,204
Income taxes	11	2,974,129		194,746	-
Profit/(loss) for the year		(5,964,955)	8,213,076	(11,104,148)	6,116,204

Statement of Comprehensive Income

	Note	For the year ended December 31
(in Euro)		2024	2023

Profit/(loss) for the year		(5,964,955)	(11,104,148)
Net actuarial gains (losses) on defined benefit plans	23	(30,098)	(71,962)
Net actuarial gains (losses) on defined benefit plans - tax effect	23	8,674	17,271
Items that will not be subsequently reclassified to profit or loss		(21,424)	(54,691)
Net fair value gain/(losses) on cash flow hedges	21	(175,440)	(345,130)
Net fair value gain/(losses) on cash flow hedges - tax effect	21	42,106	82,831
Items that may be subsequently reclassified to profit or loss		(133,334)	(262,299)
Comprehensive income/(loss)		(6,119,713)	(11,421,138)

Statement of Financial Position

	Note	As of December 31
(in Euro)		2024	of which to related parties:	2023	of which to related parties:

Intangible assets	12	12,527,476	-	16,102,247	-
Property, plant and equipment	13	706,520	-	1,011,252	-
Right-of-use assets	14	988,071	712,970	1,197,638	958,502
Non-current financial assets	19	593,011	19,000	168,276	19,000
Equity Investments	15	94,619,779	-	81,859,590	-
Deferred tax assets	25	5,433,292	-	2,450,489	-
Other non-current assets	17	200,908	-	622,931	-
Non-current assets		115,069,057	731,970	103,412,423	977,502
Contract assets	20	8,218,926	2,430,044	3,609,080	1,748,572
Trade receivables	16	17,769,237	5,627,842	33,022,568	11,259,760
Current tax assets		9,228	-	8,650
Other current assets	17	2,384,863	471,600	2,395,810	-
Current financial assets	19	2,799,313	2,500,000	196,071	-
Cash and cash equivalents	18	3,277,133	-	2,579,157	-
Current assets		34,458,700	11,029,486	41,811,336	13,008,332
Total assets		149,527,757	11,761,457	145,223,759	13,985,834
Share capital		1,441,500	-	1,441,500	-
Share premium reserve		108,539,944	-	108,539,944	-
Reserves		(521,165)	-	12,130,939	-
Profit/(loss) for the year		(5,964,955)	-	(11,104,148)	-
Equity	21	103,495,324	-	111,008,235	-
Employee benefits - non-current	23	873,440	-	737,944	-
Other non-current liabilities	27	1,503,613	-	447,636	-
Non-current financial liabilities	22	20,261,315	-	12,967,017	-
Non-current financial and lease liabilities	22	666,490	474,237	864,750	729,725
Deferred tax liabilities	25	25,386	-	67,492	-
Total non-current liabilities		23,330,244	474,237	15,084,839	729,725
Provisions for risk and charges	24	-	-	78,660	-
Trade payables	26	8,497,683	2,227,291	10,302,113	1,683,600
Current financial liabilities	22	9,074,837	-	3,788,798	-
Current lease liabilities	22	349,160	256,718	349,159	244,994
Contract liabilities	20	713,482	535,808	375,174	182,823
Current tax liabilities		-	-	8,650
Other current liabilities	27	4,067,027	-	4,228,131	-
Total current liabilities		22,702,189	3,491,417	19,130,685	2,111,417
Total liabilities		46,032,433	3,965,654	34,215,524	2,841,142
Total equity and liabilities		149,527,757	3,965,654	145,223,759	2,841,142

Statement of Cash Flows

		For the year ended December 31
(in Euro)	Note	2024	2023
Profit/(loss) before tax		(8,939,084)	(11,298,894)
Adjustments for:
Amortization and depreciation of intangible assets and property, plant and
equipment	8/12/13	8,485,681	7,725,897
Impairment losses	16	526,446	47,627
Expenses for employee share-based incentives	23	147,976	145,559
Accruals to provisions for risks and charges	24	-	78,660
Net interest expense		1,002,024	1,266,420
Other non-cash items		212,638	248,171
Cash flows from operating activities before changes in net working capital		1,435,681	(1,786,560)
Change in inventories		-	33,250
Change in trade receivables	16	14,726,885	478,165
Change in trade payables	26	(1,943,852)	3,217,934
Change in other assets/liabilities	17/27	(5,264,926)	1,358,453
Payment of employee benefits	23	(116,199)	(104,750)
Interest paid		(1,021,945)	(1,050,206)
Net cash flows from operating activities		7,815,644	2,146,286
Equity investments	15	(10,411,233)	(5,631,442)
Net investment in intangible assets	12	(4,063,264)	(8,705,184)
Net investment in property, plant and equipment	13	(24,647)	(263,479)
Changes in financial assets	19	(3,224,417)	751,979
Net cash flows from investing activities		(17,723,561)	(13,848,126)
Capital increase		-	-
Acquisition of treasury shares	30	(1,606,906)	(1,600,412)
Net utilizations of credit facilities	22	12,580,336	3,203,361
Changes in other financial liabilities		-	2,251,960
Repayment of lease liabilities	22	(367,536)	(341,186)
Net cash flows from financing activities		10,605,894	3,513,723
Total change in cash and cash equivalents		697,977	(8,188,117)
Cash and cash equivalents at the beginning of the year	18	2,579,157	10,767,274
Cash and cash equivalents at the end of the year	18	3,277,133	2,579,157

Statement of Changes in Equity

(in Euro)	Share capital	Share Premium reserve	Reserves	Profit/(loss) for the year	Total equity
As of January 1, 2023	1,441,500	108,539,944	9,300,529	4,528,088	123,810,061
Profit/(loss) for the year	-	-	-	(11,104,148)	(11,104,148)
Actuarial losses on defined benefit plans	-	-	(54,691)	-	(54,691)
Fair value gains/(losses) on cash flow hedges	-	-	(262,299)	-	(262,299)
Comprehensive income / (loss)	-	-	(316,990)	(11,104,148)	(11,421,138)
Allocation of prior year result	-	-	4,528,088	(4,528,088)	-
Acquisition of treasury shares	-	-	(1,600,412)	-	(1,600,412)
Share-based payments	-	-	211,295	-	211,295
Other changes	-	-	8,429		8,429
As of December 31, 2023	1,441,500	108,539,944	12,130,939	(11,104,148)	111,008,235
Profit/(loss) for the year	-	-	-	(5,964,955)	(5,964,955)
Actuarial losses on defined benefit plans	-	-	(21,424)	-	(21,424)
Fair value gains/(losses) on cash flow hedges	-	-	(133,335)	-	(133,335)
Comprehensive income / (loss)	-	-	(154,759)	(5,964,955)	(6,119,714)
Allocation of prior year result result	-	-	(11,104,148)	11,104,148	-
Acquisition of treasury shares	-	-	(1,606,906)	-	(1,606,906)
Share-based payments	-	-	213,709	-	213,709
As of December 31, 2024	1,441,500	108,539,944	(521,165)	(5,964,955)	103,495,324

NOTES TO THE SEPARATE FINANCIAL STATEMENTS

Notes to the Financial Statements

1. General Information

CY4Gate S.p.A. (hereinafter "CY4Gate" or the "Company") is a company established and domiciled in Italy, with registered office in Rome (RM), at Via Coponia, 8 and organized under the legal system of the Italian Republic. The Company is primarily active in the design, development and production of technologies, products, systems and services for the Armed Forces, Law Enforcement Agencies and Italian and foreign companies. Since June 26, 2023, the shares of CY4Gate S.p.A. have been traded in the Euronext STAR Milan market segment of the Italian Stock Exchange (from 2020 and until the aforementioned date they were traded in the Euronext Growth Milan market segment).

The Company is a subsidiary of Elettronica S.p.A., with registered office in Rome, which prepares the consolidated financial statements of the largest group of companies to which the Company belongs. In compliance with point 22 quinquies of art. 2475 of the Civil Code, it is communicated that a copy of the consolidated financial statements is kept at the headquarters of the ultimate parent company in Via Tiburtina Km 13,700.

As of the date of preparation of these financial statements, the Company is not subject to direction and coordination of any of its shareholders, as the Board of Directors of the Company assumes in full and complete autonomy and independence the most appropriate decision relating to the management of the Company's activities.

Authorization for publication

These financial statements were approved and authorized for publication by the Board of Directors of CY4Gate S.p.A. on March 12, 2025, and are subject to audit by KPMG S.p.A.

The publication of these financial statements is carried out in accordance with the Delegated Regulation of the European Commission 2019/815 and subsequent amendments.

2. Basis of Presentation

This section provides a description of the most relevant accounting standards adopted for the preparation of these financial statements as of and for the year ended on December 31, 2024 (hereinafter the "Financial Statements"). These principles have been applied consistently for all periods presented.

2.1. Basis of Preparation

These Financial Statements have been prepared in accordance with the "EU IFRS", meaning by this all the "International Financial Reporting Standards", all "International Accounting Standards" (IAS), all interpretations of the "International Financial Reporting Interpretations Committee" (IFRIC), formerly the "Standing Interpretations Committee" (SIC), that, as of the reporting date of the Financial Statements, have been endorsed by the European Union in accordance with the procedure provided forth in Regulation (EC) No. 1606/2002 of the European Parliament and the European Council of July 19, 2002. IFRS have been applied consistently to all periods presented in this document. Furthermore, reference was made to the provisions issued by Consob (Italian National Commission for listed companies) in implementation of paragraph 3 of art. 9 of Legislative Decree 38/2005.

These Financial Statements have been prepared on a going concern basis, as the Directors have verified that there are no financial, managerial or other indicators that could indicate critical issues regarding the Company's ability to meet its obligations in the foreseeable future and in particular over the next 12 months. A description of the ways in which the Company manages financial risks is illustrated in Note 3 related to "Risk Management".

These Financial Statements have been prepared and presented in Euro, which represents the functional currency of the predominant economic environment in which the Company operates. All amounts included in this document, unless otherwise indicated, are expressed in Euro.

The following are the financial statements formats and the relative classification criteria adopted by the Company, within the options provided by IAS 1 Presentation of financial statements:

the Statement of Financial Position has been prepared by classifying assets and liabilities according to the "current/non-current" criterion;
The Statement of profit and loss has been prepared by classifying operating costs by nature;
The Statement of comprehensive income, in addition to the profit or loss for the year resulting from the statement or profit and loss, includes income and expense that are not recognized in profit or loss as required by IFRS;
The Statement of changes in equity, prepared in accordance with IAS 1;
The Statement of Cash Flows has been prepared by presenting cash flows resulting from operating activities according to the "indirect method".

These Financial Statements have been prepared on the basis of the conventional historical cost criterion, except for the measurement of financial assets and liabilities, in cases where the application of the fair value criterion is mandatory.

It should be noted that the Directors deemed it appropriate to make some reclassifications to the balances of certain items for the comparative year, in order to better represent and understand the financial statements amounts. In particular, reference is made to the Statement of profit and loss items of "Services", "Personnel expenses", and "Other revenues".

2.2. Valuation Criteria

The following briefly describes the accounting standards and most significant measurement criteria used for the preparation of the Financial Statements.

INTANGIBLE ASSETS

Intangible assets with a finite useful life

Intangible assets with a finite useful life are recognized at cost, as described above, net of accumulated amortization and any impairment losses.

Amortization begins when the asset is available for use and is systematically allocated in relation to its residual possibility of use, i.e. based on the estimated useful life.

The estimated useful life for the various categories of intangible assets is as follows:

Class of intangible asset	Useful life in years
Industrial patents and intellectual property rights	3-5
Concessions, licenses, trademarks and similar rights	3-5
Other intangible assets	3-5

PROPERTY, PLANT AND EQUIPMENT

Property, plant and equipment are recorded at purchase or production cost, net of accumulated depreciation and any impairment losses. The purchase or production cost includes the costs directly incurred to prepare the assets for use, as well as any dismantling and removal costs that will be incurred as a result of contractual obligations that require the asset to be restored to its original condition. Financial expense directly attributable to the acquisition, construction or production of qualified assets are capitalized and amortized based on the useful life of the asset to which they refer.

The costs incurred for maintenance and repairs of an ordinary and / or cyclical nature are charged to the statement of profit and loss when incurred. The capitalization of the costs related to the expansion, modernization or improvement of the structural elements owned or used by third parties is carried out to the extent that they meet the requirements to be separately classified as an asset or part of an asset. The assets recognized in relation to leasehold improvements are amortized based on the duration of the lease, or on the basis of the specific useful life of the asset, if lower.

The indicative useful life, estimated for the various categories of property, plant and equipment, is as follows:

Class of property, plant and equipment	Useful life in years
Plant and machinery	3-5
Industrial and commercial equipment	6-7
Other assets	5-9

The useful life of property, plant and equipment is reviewed and updated, where necessary, at least at the end of each year.

Leased assets

The Company has entered into lease agreements relating to buildings, vehicles and industrial equipment. Lease contracts are generally entered into for fixed periods of 6 months to 6 years with extension options, as described below.

Contracts can contain both lease components and components other than leases.

The Company attributes the consideration in the contract to components other than lease on the basis of the standalone selling price (SSP) for each obligation. When an SSP does not exist, the Company estimates the SSP using an adjusted market approach.

Lease contracts are recognized as right-of-use assets and liabilities corresponding to the date on which the asset is available for use by the Company.

The assets and liabilities deriving from a lease are initially measured on the basis of their present value.

Lease liabilities include the net present value of the following lease payments:

fixed payments (including fixed payments in substance), net of any lease incentives;
variable payments based on an index or rate, initially measured using the index or rate as of the start date;
the exercise price of a purchase option if the Company is reasonably certain to exercise such option;
the payment of penalties for early termination; and

● payments due in an optional renewal period if the Company is reasonably certain to exercise the renewal option.

The lease payments are discounted using the lease's implicit interest rate. If this rate cannot be easily determined, which is generally the case with leases held by the Company, the lessee's incremental borrowing rate is used, being the rate that the Company should pay to borrow the funds needed to obtain assets of similar value to the right-of-use asset in a similar economic environment with similar terms, guarantees and conditions.

In the statement of financial position, the Company presents right-of-use assets within property, plant and equipment and lease liabilities within current and non-current financial liabilities. In the statement of profit and loss, interest expense on lease liabilities constitutes a component of financial expense and is presented separately from the depreciation of right-of-use assets.

The Company avails itself of the exemptions provided by the IFRS 16 - Lease principle with reference to lease contracts of less than 12 months and contracts relating to so-called "low value assets", collectively not significant.

The Company recognizes deferred taxation on right-of-use assets and lease liabilities.

FOREIGN CURRENCY TRANSLATION

Transactions in currency other than the functional currency are recorded at the exchange rate in force at the date of the transaction. Monetary assets and liabilities denominated in currency other than Euro are subsequently adjusted to the exchange rate in force at the reporting date of the year. Non-monetary assets and liabilities denominated in currency other than Euro are recorded at historical cost using the exchange rate in force at the date of initial recording of the transaction. Any exchange differences are reflected in profit or loss.

IMPAIRMENT OF INTANGIBLE ASSETS AND PROPERTY, PLANT AND EQUIPMENT

Assets (intangible assets and property plant and equipment) with a finite useful life

If the presence of these indicators is identified, the recoverable amount of the aforementioned assets is estimated, allocating any impairment loss with respect to the relative carrying amount to profit or loss. The recoverable amount of an asset is represented by the higher of the fair value, net of ancillary sales costs, and the related value in use, meaning the present value of the estimated future cash flows for this asset. In determining the value in use, the expected future cash flows are discounted using a pre-tax discount rate that reflects the current market valuations of the cost of money, compared to the investment period and the specific risks of the asset. For an asset that does not generate largely independent cash flows, the recoverable amount is determined in relation to the CGU to which this asset belongs.

An impairment loss is recognized in profit or loss if the carrying amount of the asset, or of the related CGU to which it is allocated, is higher than its recoverable amount. Impairment losses on CGUs are charged first against the carrying amount of any goodwill attributed to them and then, as a reduction of other assets, in proportion to their carrying amount and within the limits of the related recoverable amount. If the reasons that led to the impairment cease to exist, the carrying amount of the asset is reinstated with recognition in the statement of profit and loss, within the limits of the net carrying amount that the asset would have had if the impairment loss had not occurred and the related amortization/depreciation had been charged.

EQUITY INVESTMENTS

Investments in subsidiaries are recorded at acquisition cost, inclusive of directly attributable ancillary charges, adjusted in the presence of any impairments, which are charged to the statement of profit and loss. They are restored if the reasons for the impairments carried out no longer exist. Subsidiaries are the ones over which CY4 has the power to determine, directly or indirectly, the financial and operational policies in order to obtain the benefits arising from their activities.

In the presence of impairment indicators, equity investments are subject to verification in order to ascertain the existence of any impairments to be recognized in the statement of profit and loss. In particular, the aforementioned verification involves the determination of the recoverable amount of the participation by estimating its related use value or the fair value net of disposal costs; if this recoverable amount is lower than the carrying amount, an impairment loss on the investment must be recognized.

In the presence of evidence of impairment, recoverability is verified by comparing the carrying amount and the higher between the value in use, determined by discounting the prospective cash flows, where possible, of the investment, and the hypothetical sale value, determined on the basis of recent transactions or market multiples. The share of losses exceeding the carrying amount is recognized as a specific liability to the extent that the Company believes there are legal or implicit obligations to cover the losses and in any case within the limits of the equity. If the subsequent performance of the investment subject to impairment presents an improvement such that the reasons for the impairments made are no longer present, the investments are revalued within the limits of the impairments recognized in the previous years. Dividend income is recognized in the statement of profit and loss when the right to receive payment is established.

	Share/quota Company name Registered office Equity capital		% of ownership as of December 31		Carrying amount as of December
				2024	2023	31, 2024
Subsidiaries
RCS ETM Sicurezza S.p.A. (in short, RCS)	Milan (Italy) - Via Caldera 21	€7,000,000	34,831,074 €	100%	100%	76,279,056
Diateam S.a.S. *	Brest (France) - 31 rue Yves Collet	€300,000	2,897,788 €	70.66%	55.33%	7,250,553
XTN Cognitive Security S.r.l. (in short, XTN) **	Arco (Italy) - via S. Caterina 95	€10,000	3,004,050 €	77.80%	-	9,612,170
Joint Venture
Prontocyber Plus S.r.l. ***	Rome (Italy) - Via Cassiodoro 1/a	€120,000	2,405,142 €	50%	-	1,478,000

* On July 26, 2024, CY4Gate signed the closing for the purchase of a further 15.33% of the company at a price of Euro 1.6 million, increasing its interest to 70.66% of the company, following the exercise of the put & call option agreements exercisable in the three-year period 2024 - 2026 and signed on the occasion of the purchase of the first 55.33% of Diateam S.a.S., which will allow CY4Gate to acquire 100% of the company in the three-year period. ** On January 16, 2024, CY4Gate, in partnership with Alfa Group, signed the contract for the purchase of 97.8% of XTN. In particular, CY4Gate purchased 77.8% of XTN and 20% of Alfa Group%. The remaining 2.2% stake is held by XTN Management, which holds Put options on it. *** Joint venture established on July 23, 2024 as a strategic partnership between CY4Gate and CDP Venture Capital SGR; active from September 1, 2024.

INVENTORIES

Inventories are recognized at the lower of purchase or production cost and net realizable value, represented by the amount the Company expects to obtain from its sale in the normal course of business, net of selling costs.

The cost of finished products and semi-finished products includes raw materials, direct labor costs and other production costs (determined on the basis of normal operating capacity). Financial expense are not included in the measurement of inventories. They are charged to the statement of profit and loss when incurred, as they do not meet the timing requirements for capitalization.

CASH AND CASH EQUIVALENTS

Cash and cash equivalents include cash and available bank deposits and other forms of short-term investment, with maturity at origin of less than three months. The items included in cash and cash equivalents are initially measured at fair value and then at amortized cost.

TRADE RECEIVABLES AND CURRENT FINANCIAL ASSETS

Trade receivables, other current assets and current financial assets are generated through the ordinary course of the business and held for the purpose of collecting the contractual cash flows, that consist of "solely capital payments and interest" according to the criterion set out in IFRS 9. Consequently, they are initially recognized at fair value adjusted for the directly attributable transaction costs and subsequently measured at amortized cost based on the effective interest rate method (i.e. the rate that makes the present value of expected cash flows and the carrying amount equal, at the time of initial recognition), appropriately adjusted to take account of any impairment, by recognizing a loss allowance. Trade receivables, other current assets and financial assets are included in current assets, with the exception of those with a contractual maturity of more than twelve months after the reporting date, which are classified in noncurrent assets.

Assets with due dates over 12 months and without significant financial components are presented at their present value.

IMPAIRMENT OF FINANCIAL ASSETS

At each reporting date, financial assets, with the exception of those measured at fair value through profit or loss, are analyzed to verify the existence of indicators of impairment. According to IFRS 9, a model for forecasting expected credit losses must be applied when assessing an impairment. In carrying out this assessment, the Company applies a standard simplified approach to estimate the expected credit losses over the entire life of the Company and takes into account its historically gained experience regarding credit losses, adjusted for specific prospective factors, the nature of the Company's receivables and the economic context. If there is evidence of impairment, the loss is recognized in the statement of profit and loss under the item "Net impairment losses on financial assets and contract assets".

Trade receivables and financial assets are written down when there is no rational expectation of them being recovered. The signs that indicate the absence of rational recovery expectations include, among others, the inability of a creditor to engage in a recovery plan with the Company, and the inability to make contractual payments for a significant period of time.

DERECOGNITION OF FINANCIAL ASSETS AND LIABILITIES

Financial assets are derecognized when one of the following conditions is met:

the contractual right to receive the cash flows from the asset has expired;
the Company has substantially transferred all the risks and benefits associated with the asset, transferred its rights to receive cash flows from the assets or assumed a contractual obligation to transfer the cash flows received to one or more potential beneficiaries by virtue of a contract that meets the requirements of the standard ("pass through test");
the Company has neither transferred nor substantially maintained all the risks and benefits associated with the financial asset but has ceded control of it.

OFFSETTING OF FINANCIAL ASSETS AND LIABILITIES

The Company offsets financial assets and liabilities if and only if:

there is a legally exercisable right to offset the amounts recognized in the financial statements;
there is an intention either to offset on a net basis or to realize the asset and settle the liability simultaneously.

FINANCIAL LIABILITIES AND TRADE PAYABLES

Financial liabilities and trade payables are recognized when the Company becomes part of the related contractual clauses and are initially measured at fair value adjusted for directly attributable transaction costs. Financial liabilities and trade payables, with the exception of derivative financial instruments, are measured at amortized cost using the effective interest rate method.

Financial liabilities are derecognized when and only they are extinguished (that is, when the obligation specified in the contract is remitted, canceled or expires).

DERIVATIVE FINANCIAL INSTRUMENTS

Derivative financial instruments are used as economic hedges solely to reduce interest rate risk. All derivative financial instruments are measured at fair value.

If financial instruments are not accounted for, under IFRS 9, as hedging instruments, changes in fair value detected subsequent to initial recognition are treated as components of profit or loss.

When derivative financial instruments qualify for hedge accounting, the following accounting treatments apply.

Cash flow hedge instruments

When a derivative financial instrument is designated as a hedging instrument for the exposure to the variability of future cash flows of an asset or liability recognized in the financial statements or a highly probable expected transaction and can impact profit or loss, the effective portion of any profit or loss on the derivative financial instrument is recognized directly in the Statement of comprehensive income through a specific capital reserve ("Hedging reserve"). The cumulative profit or loss is reclassified from the Statement of comprehensive income to the statement of profit and loss when the economic effects deriving from the hedged item impact profit or loss. The profit or loss associated with a hedge or part of the hedge that has become ineffective is recognized in profit or loss immediately within financial income or financial expense, respectively. When an instrument or a hedging relationship expires (for example, the derivative is sold, reaches its expiry or the hedging relationship no longer qualifies as effective), but the Company expects the hedged transaction to happen in the future, the cumulative gain or loss at the time of extinction remains in the Statement of comprehensive income and is recognized in profit or loss when the underlying transaction takes place. If the underlying transaction is no longer probable, the cumulative gain or loss present in the Statement of comprehensive income is immediately recognized in profit or loss.

The Company makes use of hedging derivatives subscribed to face the interest rate risk on the financing contracts it has stipulated.

If hedge accounting cannot be applied, the fair value gains or losses on the derivative financial instruments are recognized immediately in financial income or financial expenses, respectively.

EMPLOYEE BENEFITS

Short-term benefits are represented by wages and salaries, social security contributions, compensation for vacation and incentives paid in the form of bonuses payable in the twelve months of the reporting date. These benefits are accounted for as components of personnel expenses in the period in which the work is performed.

POST-EMPLOYMENT BENEFITS

In defined benefit plans, including the post-employment benefits due to employees pursuant to Article 2120 of the Italian Civil Code ("TFR"), the amount of the benefit to be paid to the employee can be quantified only after the termination of the employment relationship, and is linked to one or more factors such as age, years of service and remuneration; therefore the related expense is charged to profit or loss on the basis of an actuarial calculation. The liability recorded in the financial statements for defined benefit plans corresponds to the present value of the obligation at the reporting date. The present value of the defined benefit plan is determined by discounting the future cash flows at an interest rate equal to that of bonds (high-quality corporate) issued in Euro and which takes into account the duration of the related pension plan. Actuarial gains and losses deriving from the aforementioned adjustments and changes in actuarial assumptions are recognized in comprehensive income.

SHARE-BASED PAYMENTS

In relation to share-based payments, the Company recognizes, if the conditions exist, the cost of the services acquired during the period in which it receives the service in exchange for an increase in equity or a liability, depending on the transaction settlement methods and, in particular, if the obligation is settled through shares (equity-settled plan) or with cash payment (cash-settled plan).

The Company has planned for its managers and for managers and other top figures of the subsidiaries, an Incentive Plan which consists in the assignment, free of charge, of the Company's shares, upon reaching certain economic-financial objectives. The Stock Grant Plan as structured falls within the scope of IFRS 2 in the type of equity settled transactions.

The cost of the incentive plan is spread over the period to which the incentive refers (cd. vesting period) and is determined with reference to the fair value of the right assigned to the beneficiaries at the date of the commitment in order to reflect the market conditions existing at the date.

At each reporting date, the assumptions regarding the number of Stock Grants that are expected to mature are checked. The expense for the year is recognized in profit or loss, among Personnel expenses, and an equity reserve is recognized in counterpart.

PROVISIONS FOR RISKS AND CHARGES

The risks for which the emergence of a liability is only possible are indicated in the specific section regarding contingent liabilities, and no provision is made for these.

RECOGNITION OF REVENUE FROM CONTRACTS WITH CUSTOMERS

The Company's revenues are mainly generated from the sale of cyber security and cyber intelligence technologies, products, systems and services.

Revenues from product sales are recognized at the time of transfer of control of the asset, i.e. of the risks and benefits, which normally coincides with the delivery or shipment of the goods, or at the time of transfer of the service to the customer, taking into account the value of any commercial discounts, allowances and expected returns. Revenues of a financial nature and that deriving from services are recognized on an accruals basis. Revenues and income, costs and expenses related to foreign currency transactions are determined at the current exchange rate on the date on which the transaction is carried out.

Contracts that meet the requirements for revenue recognition "over time" are classified among "contract assets" or among "contract liabilities" depending on the relationship between the status of fulfillment of the performance by the Company and the payments received from the customer. In particular:

"contract assets" represent the right to consideration for goods or services that have already been transferred to the customer;
"contract liabilities" represent the Company's obligation to transfer goods or services to the customer for which a consideration has already been received (or the right to receive has already arisen).

Where more than one performance obligation is present within a contract, representing a contractual promise to transfer a distinct good or service to the customer (or a series of distinct goods or services that are substantially the same and are transferred in the same way), the classification between assets and liabilities is made at the overall level and not at the level of a single performance obligation.

Contract assets and liabilities with customers are recognized using the percentage of completion as the methodology for measuring progress; according to this methodology, costs, revenues and the margin are recognized based on the progress of the activity, determined by referring to the ratio between costs incurred at the measurement date and total expected costs included in the relevant job budgets. The Company systematically updates the assumptions that are the basis of the job budgets in order to reflect in the financial statements the most reasonable estimate of the contractual considerations accrued and the economic result of the job.

Conversely, in the event that the requirements for recognition over a period of time are not met, revenues are recognized at a specific point in time ("at a point in time"), that is when the customer gains control of the promised goods or services.

Contract assets are presented net of any impairment losses. Periodic updates of estimates are made and any economic effects are accounted for in the year in which the updates are made.

The Company enters into contracts that are generally able to be distinguished and accounted for as separate performance obligations. The recognized revenues are limited to the amount of consideration that the Company expects to receive. The Company attributes the transaction price to the performance obligations on the basis of the stand-alone selling prices (SSP) for each obligation. When an SSP does not exist, the Company estimates the SSP using an adjusted market approach.

GRANTS

Government grants are recorded at fair value, when there is reasonable certainty that they will be received and all the conditions related to them are satisfied. When the contributions are related to cost components, they are recognized as revenues, but are systematically distributed over the years so as to be proportionate to the costs they intend to compensate. In the case where the contribution is related to an asset, the fair value is brought to decrease the asset itself. It is also suspended in liabilities if the asset to which it is related is not operational, or is under construction and the relative amount does not fit into the value of the asset itself.

DIVIDENDS

Dividends are recognized when the Shareholders' right to receive payment arises, which normally corresponds to the shareholders' resolution to distribute the dividends. The distribution of dividends to Shareholders is recorded as a liability in the financial statements in the period in which their distribution is approved by the Shareholders' Meeting and reflected as a movement of equity.

TAXES

Current taxes are determined based on an estimate of taxable income, in compliance with the applicable tax legislation.

The amount of deferred tax assets is reviewed at each reporting date and possibly reduced to the extent that it is no longer likely that sufficient taxable profits will be available in the future to allow all or part of the related credit to be utilized. Unrecognized deferred tax assets are reviewed annually at the reporting date and are recognized to the extent that it has become likely that the taxable profit is sufficient to allow such deferred tax assets to be recovered.

Other taxes not related to income, such as indirect taxes, are included in the statement of profit and loss item "Other operating costs".

2.3. Recently issued accounting standards

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS EFFECTIVE FROM JANUARY 1, 2024

The new standards, amendments and interpretations effective from January 1, 2024 are listed below.

Amendments to IAS 7 —	In May 2023, the IASB issued amendments to IAS 7 — Statement of Cash Flows and IFRS
Statement of Cash Flows and	7 — Financial Instruments: Additional information: Supplier Finance Arrangements, that
IFRS 7 — Financial	introduce new disclosure requirements to enhance the transparency and usefulness of
Instruments: Disclosures:	the information provided by entities about supplier finance arrangements and are
Supplier Finance	intended to assist users of financial statements in understanding the effects of supplier finance arrangements on an entity's liabilities, cash flows and exposure to liquidity risk.
Arrangements	The amendments are effective on or after January 1, 2024.
Amendments to IAS 1 — Presentation of Financial Statements: Classification of Liabilities as Current or Non Current	In January 2020, the IASB issued amendments to IAS 1 — Presentation of Financial Statements: Classification of Liabilities as Current or Non-Current to clarify how to classify debt and other liabilities as current or non-current, and in particular how to classify liabilities with an uncertain settlement date and liabilities that may be settled by converting to equity. These changes are effective from January 1, 2024.
Amendments to IFRS 16 Leases – Lease Liability in a Sale and Leaseback	In September 2022, the IASB made changes to IFRS 16 – Leases: Liabilities in a sale and leaseback to provide guidelines for assessing the liability arising from a sale and leaseback transaction, aimed at ensuring that the seller-lessee does not recognize any profit or loss amount related to the retained right of use. These changes are effective from January 1, 2024.

The adoption of the aforementioned amendments had no significant impact on the Consolidated Financial Statements.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS APPROVED BY THE EUROPEAN UNION BUT NOT YET APPLICABLE

The accounting standards, amendments and interpretations endorsed by the European Union but not yet applicable as of December 31, 2024; effective on or after January 1, 2025. The Company is evaluating the effects that the adoption of these amendments could have on its Financial Statements. As of the drafting date of these Financial Statements, no significant impacts are expected.

Amendments IAS 21 — The Effects of Changes in Foreign Exchange Rates: Lack of Exchangeability

Please note that the Company has not adopted, in advance, accounting standards and amendments with an effective date in subsequent years.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS NOT YET ENDORSED BY THE EUROPEAN UNION

The new standards, amendments and interpretations not yet endorsed by the European Union are summarized below: The Company is evaluating the effects that the adoption of these amendments could have on its Financial Statements. As of the drafting date of these Financial Statements, no significant impacts are expected.

Amendments to the Classification and Measurement of Financial Instruments	In May 2024, the IASB issued Amendments to Classification and Measurement of Financial Instruments that amended IFRS 9 Financial Instruments and IFRS 7 Financial Instruments: Additional information. In detail, the IASB amended the provisions relating to: (i) settlement of financial liabilities using an electronic payment system; (ii) assessing the contractual cash flow characteristics of financial assets, including those with characteristics related to ESG factors; (iii) disclosure related to investments in equity instruments designated at fair value through other comprehensive income; and (iv) additional disclosures for financial instruments with contingent characteristics that are not directly related to the underlying risks and costs of the loan. The amendments are effective on or after January 1, 2026.
IFRS 18 Presentation and	In April 2024, the IASB issued a new accounting standard that will replace IAS 1
Disclosure in Financial	Presentation of Financial Statements, to improve the reporting of financial results. IFRS
Statements	18 Presentation and Disclosure in Financial Instruments will improve the quality of financial reporting through requirements on: (i) subtotals defined in the statement of profit and loss; (ii) disclosure of management-defined performance measures; and (iii) the addition of new standards regarding aggregation and disaggregation of information. The standard is effective on or after January 1, 2027.
Contracts Referencing	In December 2024, the IASB issued amendments aimed at helping companies better
Nature-dependent Electricity	report the financial effects of nature-dependent electricity contracts, which are often
Amendments to IFRS 9 and	structured as power purchase agreements (PPAs). Nature-dependent electricity contracts help companies to secure their electricity supply from sources such as wind
IFRS 7	and solar power, and current accounting requirements may not adequately capture
	how these contracts affect a company's performance. To allow companies to better reflect these contracts in the financial statements, the IASB has made targeted
	amendments to IFRS 9 Financial Instruments and IFRS 7 Financial Instruments:
	Disclosure, and will include: (i) clarifying the application of the "own-use"
	requirements; (ii) permitting hedge accounting if these contracts are used as hedging
	instruments; and (iii) adding new disclosure requirements to enable investors to understand the effect of these contracts on a company's financial performance and
	cash flows. The amendments are effective on or after January 1, 2026.

3. Risk Management

The Company's activities are exposed to the following risks: i) market risk, defined as currency risk, interest rate risk and price risk, ii) credit risk, iii) liquidity risk and iv) capital risk.

The Company's risk management strategy is aimed at minimizing potential negative effects on the Company's financial performance.

Currently and based on the estimates made, no problems of business continuity or impairment emerge.

INTEREST RATE RISK

The Company has entered into "Interest Rate Swap" hedging the risk of fluctuation of the interest rates applied to variable rate loans. The following tables provide details of the instruments entered into as of December 31, 2024 and 2023:

Bank loans as of December 31, 2023		Cash Flow hedges Principal as of December 31, 2024
(in Euro)	Principal	IRS	Total
Variable rate loans	37,500,000	12,500,000	12,500,000
Fixed rate loans	500,000	-	-
Total	38,000,000	12,500,000	12,500,000

Bank loans as of December 31, 2023		Cash Flow hedges Principal as of December 31, 2023
(in Euro)	Principal	IRS	Total
Variable rate loans	17,555,052	12,500,000	12,500,000
Fixed rate loans	1,500,000	-	-
Total	19,055,052	12,500,000	12,500,000

In its choice of financing and investments, the Company has adopted criteria of prudence and limited risk and has not carried out speculative transactions.

CURRENCY RISK

The Company believes that it is not significantly exposed to fluctuations in exchange rates, therefore it does not carry out operations in derivative financial instruments to hedge against currency risk. In particular, despite the Company conducting its business abroad, exposure to foreign countries is limited and there are no financial liabilities in currencies other than the Euro.

PRICE RISK

The Company believes it is not significantly exposed to movements in the prices of raw materials and commodities used in the production process and the consequent influence of these on operating margins.

CREDIT RISK

Credit risk is essentially derived from trade receivables. To mitigate credit risk related to counterparties in trade transactions, the Company put in place procedures aimed at ensuring that product sales are made to customers who are deemed reliable. This risk, which takes the form of the possibility that the counterparty does not fulfill its contractual obligations, is mitigated through constant monitoring of its commercial exposure and the collection times of receivables.

It should also be specified that the credit risk is further limited considering the characteristics of the customers, largely public sector entities.

The Company applies the simplified approach provided by IFRS 9 for the estimate of the recoverability of its trade receivables. The adjustment of the estimates that results from this takes into account the risk of non-collectability of receivables through the differentiation of the ECL (Expected Credit Losses) applied to groups of homogeneous receivables with respect to the risk profile and age, or depending on the progress of the actions taken for the recoverability of doubtful receivables. The amount of financial assets considered doubtful for recovery is not significant and is, in any case, covered by appropriate allocations to the loss allowance. See Note 16 for more details about the loss allowance.

LIQUIDITY RISK

The liquidity risk is associated with the Company's ability to meet commitments deriving mainly from financial liabilities. A prudent management of the liquidity risk originating from the Company's normal operations involves maintaining an adequate level of cash availability and the availability of liquidity obtainable through an adequate amount of credit lines. Cash flows, financing needs and liquidity are constantly monitored and managed with the aim of ensuring an effective and efficient management of financial resources.

CAPITAL RISK

The Company's objective in the context of capital risk management is mainly to safeguard the going concern in order to guarantee returns to shareholders and benefits to all stakeholders. The Company also aims to maintain an optimal capital structure so as to reduce the cost of borrowing.

FINANCIAL ASSETS AND LIABILITIES BY CATEGORY

The fair value of financial assets, financial liabilities and loans, recorded among the "current" items of the statement of financial position and evaluated with the amortized cost method, being mainly assets underlying relationships whose settlement is expected in the short term, does not differ from the amounts recognized in the financial statements as of and for the years ended December 31, 2024 and 2023.

The following is a classification of financial assets and liabilities by category as of December 31, 2024 and 2023 identified based on the requirements of IFRS 7.

As of December 31, 2024 (in Euro)	Financial assets / liabilities at amortized cost	Fair value of hedging instruments	Assets / liabilities at fair value through profit or loss	Non financial assets / liabilities	Total
Assets
Non-current financial assets	419,000	59,034	114,977	-	593,011
Current financial assets	2,500,000	46,741	252,572	-	2,799,313
Cash and cash equivalents	3,277,133	-	-	-	3,277,133
Total assets	6,196,133	105,775	367,549	-	6,669,457
Liabilities
Non-current financial liabilities	20,261,315	-	-	-	20,261,315
Non-current lease liabilities	666,490	-	-	-	666,490
Current financial liabilities	9,074,838	-	-	-	9,074,838
Current lease liabilities	349,160	-	-	-	349,160
Total liabilities	30,351,803	-	-	-	30,351,803

As of December 31, 2023 (in Euro)	Financial assets / liabilities at amortized cost	Fair value of hedging instruments	Assets / liabilities at fair value through profit or loss	Non financial assets / liabilities	Total
Assets
Non-current financial assets	40,000	85,144	43,132	-	168,276
Current financial assets	-	196,071	-	-	196,071
Cash and cash equivalents	2,579,157	-	-	-	2,579,157
Total assets	2,619,157	281,215	43,312	-	2,943,504
Liabilities
Non-current financial liabilities	12,967,017	-	-	-	12,967,017
Non-current lease liabilities	864,750	-	-	-	864,750
Current financial liabilities	3,788,798	-	-	-	3,788,798
Current lease liabilities	349,159	-	-	-	349,159
Total liabilities	17,969,724	-	-	-	17,969,724

FAIR VALUE MEASUREMENT

The fair value of financial instruments listed on an active market is based on market prices at the financial statements' reporting date. The fair value of instruments that are not listed on an active market is determined using measurement techniques based on a series of methods and assumptions related to market conditions at the reporting date.

The following is the classification of the fair values of financial instruments based on the following hierarchical levels:

Level 1: Fair value determined with reference to listed prices (not adjusted) on active markets for identical financial instruments;

Level 2: Fair value determined with measurement techniques with reference to observable variables on active markets;

Level 3: Fair value determined with measurement techniques with reference to unobservable market variables.

The value of the call option held for the acquisition of 29.34% of the share capital of Diateam S.a.S. is recorded among the assets measured at fair value. For further information, see Note 15.

At 31 December 2024 and 2023, there are also interest rate derivatives with a positive fair value. For further information, see Note 19.

The following tables presents the classification of the fair value of the aforementioned financial assets as of December 31, 2024 and 2023.

As of December 31, 2024	Fair Value
(in Euro)	Level 1	Level 2	Level 3	Total
Non-current assets	-	59,034	114,977	174,011
Derivative financial instruments	-	59,034	114,977	174,011
Current assets	-	46,741	252,572	299,313
Derivative financial instruments	-	46,741	252,572	299,313
Total	-	105,775	367,549	473,324

As of December 31, 2023	Fair Value
(in Euro)	Level 1	Level 2	Level 3	Total
Non-current assets	-	85,144	43,132	128,276
Derivative financial instruments	-	85,144	43,132	128,276
Current assets	-	196,071	-	196,071
Derivative financial instruments	-	196,071	-	196,071
Total	-	281,215	43,132	324,347

Measurement techniques and inputs used

The fair value of the call option held for the acquisition of the non-controlling interest in Diateam was calculated by implementing a Monte Carlo simulation model, simulating a large number of future prospective scenarios of the Equity Value and EBITDA of the subsidiary Diateam. The prospective amounts of Equity Value and EBITDA were simulated through a normal model (Bachelier framework), starting from the value realized in the 2024 by the subsidiary Diateam and from the values forecasted in the Business Plan of the subsidiary, for 2025 and 2026.

For each scenario of simulated Equity Value and EBITDA, the value of the Strike Price at the date of exercise of the option was calculated, taking into account the contractually defined constraints. In each scenario, the fair value of the option was therefore obtained as the sum of the values, discounted to the cost of equity, of the Strike Prices relating to the different tranches. The fair value of the option was calculated as an arithmetic average, across all scenarios, of the relative simulated magnitudes.

The simulation model was implemented based on the following assumptions:

for the calculation of the fair value of the option, the cost of equity of the Company was considered as the discount rate;
the volatility parameter of Diateam's Equity Value was calculated based on the relative historical series of CY4Gate's Equity Value;
the volatility parameter of Diateam's EBITDA was from the time series of EBITDA for comparable companies.

The variations of the fair value option, amounting to Euro 324 thousand, are recorded by the Company in the Statement of profit and loss, under the item "Net financial income". For more information, please refer to Note 10.

It should be noted that there is also a call option held for the purchase of 2.2% of XTN's share capital by some noncontrolling investors, the estimated fair value of which at December 31, 2024 is zero.

4. Estimates and Assumptions

The preparation of the financial statements requires the Directors to apply accounting principles and methods which, in certain circumstances, are based on difficult and subjective assessments and estimates based on historical experience and assumptions that are considered reasonable from time to time and realistic according to the relative circumstances. The application of these estimates and assumptions affects the amounts reported in the financial statements, in the Statement of Financial Position, in the Statement of profit and loss, in the Statement of Comprehensive Income, in the Statement of Cash Flows, in the Statement of Changes in Equity, as well as in the disclosure provided. Cash flows, financing needs and liquidity are constantly monitored and managed with the aim of ensuring effective and efficient management of the specific financial resources.

(a) Impairment of assets

In accordance with the accounting standards applied by the companies of the Company, property, plant and equipment and intangible assets are subject to verification in order to ascertain whether they are impaired, which must be recognized through an impairment, when there are indicators that suggest difficulties in recovering the related net carrying amount, represented by the higher between fair value less cost of disposal and value in use. The verification of the existence of the aforementioned indicators requires the directors to make subjective assessments based on the information available within the Company and on the market, as well as from historical experience. Furthermore, if it is determined that a potential impairment may have occurred, the Company proceeds with the determination of the impairment using measurement techniques deemed appropriate. The correct identification of the elements indicating the existence of a potential impairment of property, plant and equipment and intangible assets, as well as the estimates for their determination, depend on factors that may vary over time, influencing the assessments and estimates made by the Directors.

the expected flows, determined taking into account the general economic trend and the Company's industry, the cash flows produced in the last few years and the forecast growth rates;
the financial parameters to be used for the discounting of the above mentioned flows.

(b) Equity investments

In accordance with the accounting standards applied by the Company, equity investments are subject to verification to ascertain whether an impairment has occurred, which must be recorded through an impairment loss, when there are indicators that predict difficulties in recovering the relative net carrying amount represented by the greater of the fair value, net of selling costs, and the value in use. The verification of the existence of these indicators requires, from the Directors, the exercise of subjective evaluations based on information available within the Company and on the market, as well as from historical experience. Furthermore, if it is determined that a potential impairment may have occurred, the Company proceeds to determine it using measurement techniques deemed appropriate. The correct identification of the indicative elements of the existence of a potential impairment of equity investments, as well as the estimates for the determination of the same, depend on factors that can vary over time, influencing the evaluations and estimates made by the Directors.

The determination of the recoverable amount of equity investments involves the assumption of estimates that depend on factors that may change over time, with potential significant effects compared to the evaluations carried out by the Directors. Particularly with reference to the determination of the value in use with the methodology of discounting expected future cash flows, it should be noted that this methodology is characterized by a high degree of complexity and the use of estimates, by their uncertain and subjective nature, about:

the expected cash flows of these investees, determined taking into account the general economic trend, the Company's industry, the cash flows accounted for in the last few years and the forecast growth rates;
the financial parameters used for the determination of the discount rate.

(c) Amortization and depreciation

regarding future events that could have an impact on the useful life of the assets, including changes in technology. Therefore, the actual economic life may differ from the estimated useful life.

(d) Fair value measurement

In measuring the fair value of an asset or a liability, the Company makes use of observable market data as far as possible. Fair values are distinguished into various hierarchical levels based on the input data used in measurement techniques, as better described in the previous paragraph "Fair value measurement".

(e) Provisions for risks and charges

The Company identifies in the provisions for risk and charges the likely liabilities attributable to personnel expenses, suppliers, third parties and, in general, other expenses arising from obligations undertaken; the provisions recorded are representative of the risk of negative outcome associated with the listed cases. The amount of the provisions recorded in the financial statements relating to these risks represents the best estimate at the date made by the Directors. This estimate involves the adoption of assumptions which depend on factors that may change over time and that could, therefore, have significant effects compared to the current estimates made by the Directors for the preparation of the Company's financial statements.

(f) Loss allowance

The loss allowance reflects the estimates of estimated losses for the Company's loan portfolio. Provisions were made for expected losses on receivables, estimated based on past experience with reference to receivables with similar credit risk, to current and historical unpaid amounts, as well as to the careful monitoring of the quality of the loan portfolio and the current and expected conditions of the economy and the reference markets. Estimates and assumptions are periodically reviewed and the effects of any change are reflected in the statement of profit or loss in the relevant year.

(g) Contract assets and liabilities

In measuring contract assets and liabilities the Company determines whether revenues from contracts must be recognized at a specific time or over time and estimates the percentage of completion based on the cost to cost.

(h) Employee benefits

The actuarial measurement requires the elaboration of various assumptions that can differ from actual future developments. The results depend on the technical bases adopted such as, among others, the discount rate, the inflation rate, the wage increase rate and the expected turnover. All assumptions are reviewed annually.

(i) Deferred tax assets

Deferred tax assets must be recognized for all deductible temporary differences or for tax losses if it is likely that taxable income will be realized against which deductible temporary difference or tax losses can be used exist. The Company assesses the possibility to recognize deferred tax assets based on future economic projections. The estimates and assumptions underlying such future economic projections are reviewed periodically.

(l) Lease liabilities

5. Revenues

This item mainly refers to the sale of products and can be detailed as follows:

		For the year ended December 31
(in Euro)	2024	2023

Revenues from sales and services	17,327,272	15,731,628
Change in contract work in progress	4,711,560	1,143,376
Total	22,038,832	16,875,004

Revenues, totaling Euro 22,039 thousand, showed an increase of Euro 5,164 thousand compared to the previous year, mainly due to sales to institutional customers, thanks to new projects acquired in the area of Cyber Defense.

The positive change in the item "Change in contract work in progress" for 2024 shows an increase of Euro 3,568 thousand and is related to the progress of orders mainly acquired in the last quarter of the year and not yet invoiced.

The following table presents the breakdown of revenues recognized "at a point in time" (i.e. upon delivery of the good, license or service) or "over time".

	For the year ended December 31
(in Euro)	2024	2023

Recognized at point in time	2,811,730	7,168,565
Recognized over time	14,515,542	8,563,063
Total	17,327,272	15,731,628

Within each contract, the reference element for revenue recognition is the individual performance obligation. For each separately identified obligation, the Company recognizes revenues when (or as) it fulfills the obligation itself, transferring the promised good/service (i.e. the asset) to the customer. The asset is transferred when (or as) the customer takes control of it.

For the obligations to perform fulfilled over time, revenues are recognized over time, evaluating the progress made towards complete fulfillment of the obligation at the end of each year. For the evaluation of progress, the Company uses the method based on inputs (cost to cost method). Revenues are recognized based on the inputs used to fulfill the obligation up to the date, compared to the total inputs assumed to fulfill the entire obligation. When the inputs are distributed evenly over time, the Company linearly recognizes the corresponding revenues. In certain circumstances, when it is not possible to reasonably assess the outcome of the obligation to perform, revenues are recognized only up to the extent of the costs incurred.

The following table presents revenues broken down by geographical segment:

		For the year ended December 31
(in Euro)	2024	2023

Italy	16,547,110	15,464,972
Outside Italy	5,491,722	1,410,032
Total	22,038,832	16,875,004

6. Other revenues and income

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2024	2023

Tax benefits	112,893	456,574
Grants	474,622	197,647
Others	2,237,540	574,219
Total	2,825,055	1,228,440

The income from "Tax benefits" mainly refers to tax assets for research and development and for the purchase of operating assets. The item "Other" is mainly related to the income of Euro 1,173 thousand recognized in connection with the establishment of Prontocyber Plus S.r.l.; the difference between the fair value of an asset granted - as determined by an expert opinion - and its carrying amount in the Company's financial statements; as well as Euro 550 thousand in intercompany re-charges for seconded personnel.

7. Purchases, services and personnel expenses

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2024	2023

Costs for raw materials and goods	16,331	45,142
Costs for consumable materials	1,966,456	416,288
Total costs for raw materials	1,982,787	461,430
Legal and consultancy fees	1,112,099	2,188,541
Technical and commercial services	227,774	169,164
Management and administration services	218,976	176,454
Rentals and accessory expenses	433,296	345,355
Software licenses	2,697,175	671,204
Representation and promotion expenses	546,420	801,210
Remuneration of corporate bodies	742,701	542,079
Services of third-party suppliers on orders	5,058,505	3,893,621
Maintenance	555,531	152,773
Other costs	1,070,440	1,170,123
Total services	12,662,917	10,110,524

Wages and salaries	6,023,274	6,628,899
Social security contributions	1,902,778	2,132,894
Post-employment benefits (TFR)	324,038	248,581
Retirement benefits and similar	175,116	186,300
Other costs	340,511	244,106
Share-based payments	147,976	145,559
Total personnel expenses	8,913,693	9,586,336
Total purchases, services and personnel expenses	23,559,397	20,158,291

Services and personnel expenses are presented net of capitalizations made for development costs. Such capitalizations amount to Euro 547 thousand and Euro 1,487 thousand respectively for the year ended December 31, 2024 (Euro 1,412 thousand and Euro 1,044 thousand for the year ended December 31, 2023). For more information, please refer to Note 12.

The item "Legal and consultancy fees" in the corresponding period included the costs incurred for the translisting process, amounting to Euro 1,271 thousand.

The item "Share-based payments", included in personnel expenses, refers to the recognition of the expense related to the stock grant plan approved by the Company. The recognition of this expense implied the recognition of an equity reserve. The main features of the plan are described below.

The stock grant plan approved by the Company consists in the free assignment to beneficiaries of shares of the parent company, over a share assignment cycle referred to the three-year period 2023-2025. The maximum number of shares that can be collectively assigned to the beneficiaries will be 427,500, throughout the entire duration of the plan cycle. Each year, the allocation of the shares is subordinated to the Group's achievement of the financial performance targets and the qualitative targets defined in the plan regulations. For the purposes of the regulation, the date of share allocation is the date of the resolution by which the Board of Directors ascertains the achievement of the aforementioned targets. In relation to what has been described so far, the measurement of the plan has determined, for the year, a cost of Euro 148 thousand and entailed the recognition of an equity reserve for the same amount.

The following is the average number of the Company's employees:

		For the year ended December 31
(in Units)	2024	2023
Executive managers	12	11
Middle managers	27	27
Employees	83	99
Total	122	137

8. Amortization and depreciation

This item can be detailed as follows:

(in Euro)		As of December 31
	2024	2023
Amortization of intangible assets	7,752,741	6,978,128
Depreciation of property, plant and equipment	354,098	390,571
Depreciation of right-of-use assets	378,842	357,198
Total	8,485,681	7,725,897

The change is mainly due to investments in intangible assets during the previous year, particularly industrial patents and intellectual property rights, which were amortized over twelve months during the year.

9. Other operating costs

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2024	2023

Losses on transactions	52,695	4,015
Contributions and membership fees	77,759	62,038

Taxes and other indirect taxes	-	37,316
Other costs	98,969	22,075
Total	229,423	125,444

10.Financial income and expense

This item can be detailed as follows:

(in Euro)	For the year ended December 31
	2024	2023

Interest income	394,224	31,924
Other financial income	1,007,811	263,490
Financial income	1,402,035	295,414
Bank interest expense	(2,363,862)	(1,346,103)
Interest expense on lease contracts	(6,271)	(15,209)
Net exchange losses	(10,538)	(5,347)
Interest expense on employee benefits	(23,388)	(20,603)
Other interest and financial expense	-	(174,572)
Financial expense	(2,404,059)	(1,561,834)
Net financial expense	(1,002,024)	(1,266,420)

The increase in Other financial income is mainly due to dividends paid during the year by investees of Euro 773 thousand, of which Euro 221 thousand by Diateam and Euro 552 thousand by XTN. This item also includes credits on derivative financial instruments of Euro 235 thousand. The change in financial expense is mainly due to higher interest expenses on borrowings (the change for this item amounts to Euro 1,016 thousand). For more information on bank loans and borrowings, please also refer to Note 22.

11.Income Taxes

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2024	2023

Deferred taxes	(2,974,129)	(194,746)
Total	(2,974,129)	(194,746)

The Company ended the 2024 year with a tax loss and, therefore, no current tax for IRES and IRAP purposes was recognized. Deferred taxes are mainly related to the IRES tax loss for the 2024 year.

It should be noted that, as also reported in the section "Subsequent Events ", in March 2025, the Company's Board of Directors resolved to include the investee XTN in CY4Gate's National Tax Consolidation System for the 2025-2027 threeyear period.

The following table presents the reconciliation of the theoretical tax charge with the effective tax charge for the year ended December 31, 2024, and for the period ended December 31, 2023:

	For the year ended December 31
(in Euro)	2024	2023

Loss before taxes	(8,939,084)	(11,298,894)
Theoretical IRES taxes	2,145,380	2,711,735
Lower taxes
Other	(1,622,238)	(973,347)
Higher taxes
Other	201,806	107,504
Deferred taxes	(2,974,129)	(194,746)
Total income taxes	(2,974,129)	(194,746)

12.Intangible Assets

This item and its change can be detailed as follows:

		Industrial	Concessions,	Assets under
		patents and	licenses,	developmen
	Developmen	intellectual	trademarks	t and	Other	Total
	t costs	property	and similar	payments on
(in Euro)		rights	rights	account
Balance as of January 1, 2023	4,864,958	6,233,802	-	1,369,000	1,907,431	14,375,191
Of which:
- historical cost	10,286,472	9,819,351	200,000	1,369,000	2,580,692	24,255,515
- accumulated amortization	(5,421,514)	(3,585,549)	(200,000)	-	(673,261)	(9,880,324)
Investments	2,456,782	4,785,503	-	1,044,641	418,258	8,705,184
Amortization	(3,098,546)	(2,986,987)	-	-	(892,595)	(6,978,128)
Reclassifications	-	1,369,000	-	(1,369,000)	-	-
Balance as of December 31, 2023	4,223,194	9,401,318	-	1,044,641	1,433,094	16,102,247
Of which:
- historical cost	12,743,254	15,943,853	-	1,044,641	1,539,678	31,271,426
- accumulated amortization	(8,520,060)	(6,542,535)	-	-		(106,584) (15,169,179)
Investments	2,033,520	2,513,197	-	-	-	4,546,717
Disposals	-	-	-	-	(368,748)	(368,748)
Amortization	(2,826,167)	(4,111,622)	-	-	(814,951)	(7,752,741)
Reclassifications	-	1,044,641	-	(1,044,641)	-	-
Balance as of December 31, 2024	3,430,547	8,847,534	-	-	249,395	12,527,476
Of which:
- historical cost	14,776,774	19,457,699	-	-	251,195	34,485,668
- accumulated amortization		(11,346,227) (10,610,165)	-	-		(1,800) (21,958,192)

Intangible assets recognized as of December 31, 2024, amount to Euro 12,527,476 and show a net decrease compared to the previous year of Euro 3,574,771 mainly attributable to amortization for the period:

With reference to the recoverability of the intangible assets with a finite useful life discussed above, it is noted that the impairment test carried out by the Directors with the aid of an external expert did not reveal the existence of impairment and therefore the need to proceed with impairment losses.

With reference to this impairment test, it is specified that the Directors proceeded to determine the recoverable amount of the net assets of CY4Gate, excluding only the equity investments that were subject to a separate impairment test, as extensively described in Note 15 "Equity investments" of these notes, by estimating the value in use considering the flows expected based on the Business Plan prepared for the period 2025-2029, which reports the projections related to sales, investments, margins, as well as the trend of the main market variables (e.g. inflation, nominal interest rates and exchange rates). The value in use was determined using the discounted cash flow method, in the unlevered version, applied to the forecast data for the five-year period from 2025 to 2029. The cash flows used to determine the value in use relate to the operations of CY4Gate S.p.A. on a stand-alone basis, and do not include financial expense, notional taxes and non-recurring components; they include the investments provided for in the plans and cash changes attributable to working capital. As mentioned above, an explicit period of five years was used beyond which the above flows were projected according to the perpetual annuity method (Terminal value) using a growth rate (g-rate) expected for the reference market of 2%, corresponding to the ECB's inflation growth forecasts in the medium-long term.

The above cash flows were discounted using a pre-tax WACC of 9.61%, derived from the average yield on BTPs issued by the Italian State in 2024 (average duration of about 7 years). The market risk premium of 6.20% has been estimated by many studies based on observations over very long periods (10-30 years) of stock returns exceeding the return on government bonds. The considered unlevered beta index of 0.54 is equal to that of the Parent company, as it is a listed company; levered on the basis of CY4Gate's financial structure and tax rate through the application of Hamada's formula. The fair net rate of return is therefore 7.46%; 10.48% pre-tax.

The plan underlying the above-mentioned impairment test was approved by the Board of Directors of the Company on March 6, 2025.

In addition, the following sensitivity analyses were carried out:

change in the WACC of 2.5%, 5%, 7.5% and 10%, i.e. a change ranging from 9.61% to 10.57%, and a growth rate change ranging from 2% to 1%.
the impact on the value of the CGU of a 10% decrease in the terminal value of the cash flows that can be generated at full capacity, as compared to the assumptions made in the baseline scenario, was simulated.

Even in the described sensitivity scenarios, there was no need to record an impairment of intangible assets with a defined useful life.

13.Property, plant and equipment

This item and its change can be detailed as follows:

(in Euro)	Property, plant and equipment	Industrial and commercial equipment	Other assets	Total
Balance as of January 1, 2023	40,989	49,647	1,047,708	1,138,344
Of which:
- historical cost	82,693	409,055	1,771,655	2,263,403
- accumulated depreciation	(41,704)	(359,408)	(723,947)	(1,125,059)
Investments	-	2,137	261,342	263,479
Disposals	-	-	-	-
Depreciation	(17,255)	(25,205)	(348,111)	(390,571)
Balance as of December 31, 2023	23,734	26,579	960,939	1,011,252
Of which:
- historical cost	82,692	411,192	2,032,997	2,526,881
- accumulated depreciation	(58,958)	(384,613)	(1,072,058)	(1,515,629)
Investments	-	-	72,366	72,366
Disposals	-	-	(22,999)	(22,999)
Depreciation	(14,427)	(17,729)	(321,943)	(354,098)
Balance as of December 31, 2024	9,307	8,850	688,363	706,520
Of which:
- historical cost	82,692	411,191	2,105,363	2,599,246
- accumulated depreciation	(73,385)	(402,341)	(1,417,000)	(1,892,726)

The item "Property, plant and equipment" amounts to Euro 706,520 as of December 31, 2024, and presents a net increase compared to the previous year of Euro 304,732 mainly attributable to the depreciation of the year.

Regarding the recoverability of the item, the impairment test carried out by the Company's Directors with the help of an external expert, commented in the previous paragraph "Intangible Assets" of these notes, demonstrated the recoverability of the above mentioned item and therefore the non-existence of impairment losses to be recognized in the Financial Statements as of and for the year ended December 31, 2024.

14.Right-of-Use Assets

This item can be detailed as follows:

(in Euro)		As of December 31
	2024	2023
Buildings	744,150	958,502
Hardware	-	34,588
Vehicles	243,921	204,548
Total	988,071	1,197,638

As of December 31, 2024, the amount of right-of-use assets in place was Euro 988 thousand, mainly related to the rental of the Company's offices.

Below are the amounts included in the Statements of profit and loss for the years ended December 31, 2024, and 2023:

	As of December 31
(in Euro)	2024	2023

Depreciation of right-of-use assets	378,842	357,198
Rentals and accessory expenses	433,296	345,355
Interest expense on lease contracts	6,271	15,209
Total	818,409	717,762

During the year, rents and leases were adjusted for Euro 379 thousand (Euro 357 thousand for the year ended December 31, 2023).

With reference to the recoverability of the right-of-use assets, the impairment test carried out by the Company's Directors with the help of an external expert, discussed in the previous paragraph "Intangible Assets" of these notes, has demonstrated the recoverability of the item and therefore the absence of impairment losses for the year ended December 31, 2024.

15.Equity Investments

The following table presents the movement of the "Equity investments" item as of December 31, 2024, and December 31, 2023:

Equity investments in subsidiaries

(in Euro)	RCS ETM Sicurezza S.p.A.	Diateam S.a.S.	XTN Cognitive Security S.r.l.	Total
Balance as of January 1, 2023	76,162,412	-	-	76,162,412
Investments	-	5,631,442	-	5,631,442
Share-based payments	58,322	7,414	-	65,736
Balance as of December 31, 2023	76,220,734	5,638,856	-	81,859,590
Investments		1,604,283	9,612,170	11,216,453
Share-based payments	58,322	7,414	-	65,736
Balance as of December 31, 2024	76,279,056	7,250,553	9,612,170	93,141,779

Equity investments in Joint Ventures

(in Euro)	Prontocyber Plus S.r.l.	Total
Balance as of January 1, 2023	-	-
Balance as of December 31, 2023	-	-
Investments	1,478,000	1,478,000
Balance as of December 31, 2024	1,478,000	1,478,000

Establishment of Prontocyber Plus S.r.l.

On July 23, 2024, CY4Gate S.p.A. together with CDP Venture Capital SGR, Italy's leading venture capital manager owned by CDP Equity (70%) and Invitalia (30%), through the Boost Innovation Fund, a corporate venture building instrument, signed binding agreements to enter into a strategic partnership through the establishment of Prontocyber Plus S.r.l., a joint venture with headquarters in Rome, dedicated to cybersecurity for SMEs. The company, active as of September 1, 2024, has total assets and capital of Euro 3 million, with an option for shareholders to contribute up to Euro 9.5 million to support future growth.

Acquisition of XTN Cognitive Security S.r.l.

On January 16, 2024, CY4Gate, following the signing of the previous Preliminary Agreement on November 14, 2023, and the occurrence of certain resolved precedent conditions, in partnership with Alfa Group, signed the contract for the purchase of 97.8% of XTN Cognitive Security according to the following proportions:

CY4Gate has purchased a stake equivalent to 77.8% of the share capital;
Alfa Group has purchased a stake equivalent to 20% of the share capital;
the remaining 2.2% stake is held by Management.

The total consideration for the operation amounted to Euro 12.7 million. As of today, 80% of the total consideration has been paid; 69.7% by CY4Gate and 10.3% by Alfa Group. The remaining 20% will be paid by June 30, 2027, and this amount may be reduced by up to 20% based on the investee's performance in the year ending December 31, 2026.

The acquisition was financed through the use of the Acquisition Capex line subscribed during 2022 with a pool of banks. The acquisition contract also provides for (i) a 20% share of the consideration to be paid by CY4Gate and the Alfa Group on a deferred basis, and (ii) a put and call mechanism that allows CY4Gate to obtain an additional 2.2% of XTN's share capital, to be exercised during the period between June 1, 2027, and June 30, 2027.

The fair value of the consideration transferred by CY4Gate at the acquisition date consists of:

a fixed amount of Euro 8.7 million upfront payment upon acquisition;
a deferred price to be paid by June 30, 2027, the present value of which was estimated to be Euro 814 thousand as of December 31, 2024 (date of acquisition of control). As mentioned above, the amount of the deferred payment may be reduced, up to a maximum of 20%, based on the investee's performance as of December 31, 2026; and
put options on an additional 2.2%, the present value of which was estimated at Euro 230 thousand as of December 31, 2024.

Acquisition of Diateam S.a.S.

On January 30, 2023, following the preliminary agreement subscribed on October 20, 2022, the Company completed the acquisition of 55.33% of Diateam, a French company specialized in the design, development and implementation of advanced systems for testing, validation and training in the field of cyber security (i.e. cyber hybrid digital twin), for government and corporate customers, for a total consideration of Euro 5.5 million, consisting of:

a fixed consideration of Euro 3.6 million;
a variable consideration, for targets related to the 2023 year (achieved by Diateam) amounting to Euro 1.6 million; this consideration was fully paid during 2024.

The acquisition was financed through the use of Euro 3.2 million from the Acquisition/Capex line subscribed in 2022 with a pool of banks. The acquisition contract also provides for a put and call mechanism that allows the Company to gain 100% control of Diateam by 2026.

On July 26, 2024, following the exercise of the "Put & Call" option agreements exercisable in the 2024 - 2026 three-year period and signed at the time of the purchase of the first 55.33% of Diateam S.a.S., CY4Gate signed the closing for the purchase of a further 15.33% of the French investee at a price of Euro 1.6 million, thus coming to hold 70.66% of its quota capital. With regard to the remaining 29.34% held by the sellers, put and call rights are exercisable for 14.67% following the approval of the 2024 financial statements and for the remaining 14.67% following the approval of the 2025 financial statements.

As of December 31, 2024, the Company proceeded to determine the fair value of these options, by implementing a Montecarlo type valuation model, from which a positive fair value of Euro 368 thousand emerged, recorded in the item "non-current financial assets" with counterpart in the statement of profit and loss, in the item "financial income".

Share-based payments

The increase in the carrying amount of the equity investments for share-based payments refers to the recognition of the expense for the year 2024 for the stock grant plan approved by the Company, also applicable to Directors and employees of the subsidiaries. Such expense, totaling Euro 66 thousand, was recognized as an increase in equity investments with a corresponding impact in the company's equity reserve.

Carrying amount

Please note that any difference between the carrying amount of the investment, measured at cost, and the amount of the equity of the investee can be attributed to the profitability of the acquired business or the synergies that are expected to be achieved from the integration of the investee within the Company.

We specify that, following the analyses carried out, the Directors have proceeded to determine the recoverable amount of each of the two equity investments registered in RCS and Diateam through specific impairment tests. In this context, the related recoverable amount was determined by estimating the value in use, considering the forecasted flows based on the Business Plan of the RCS Group and the Diateam company, included in the Company's Business Plan for the period 2025-2029, which report the projections related to sales, investments, margins, as well as the trend of the main market variables (e.g., inflation, nominal interest rates and exchange rates). It is specified that for the preparation of the impairment tests, the Directors used the specific consultancy of an external expert.

The value in use was determined using the discounted cash flow method, in the unlevered version, applied to the forecast data for the five-year period from 2025 to 2029. The cash flows used for the determination of the value in use are related to the operations of the RCS Group and Diateam and do not include financial expense, notional taxes and non-recurring items; they include the investments expected in the plans and cash changes attributable to working capital. As mentioned above, an explicit period of five years was used beyond which the above flows were projected according to the perpetual annuity method (Terminal value) using a growth rate (g-rate) expected for the reference market of 2%, corresponding to the ECB's inflation growth forecasts in the medium-long term.

The aforementioned cash flows have been discounted using a pre-tax WACC of 14.43% for Diateam and 10.98% for RCS. It is noted that the difference in rates is due to the additional risk of Diateam due to the reduced size of its respective business (small size premium).

The discount rate for RCS of 3.53% was assumed through an average of the yields of BTPs issued by the Italian state in 2024 (average duration of about 7 years). The market risk premium of 6.20% has been estimated by many studies based on observations over very long periods (10-30 years) of stock returns exceeding the return on government bonds. The unlevered beta index was calculated based on a basket of companies operating in the same sector as RCS, which was 0.69; levered on the basis of RCS's financial structure and tax rate by applying Hamada's formula, resulting in a levered beta of 0.76. No size premium was considered as the company is comparable in size to companies in the sector. The fair net rate of return is therefore 8.23%.

With regard to the subsidiary Diateam, the discount rate of 3.20% was determined by taking into account the average yields of French government bonds with a duration of 10 years as of December 31, 2024. The market risk premium of 5.60% was estimated by many studies on the basis of observations over very long periods (10-30 years) of equity returns exceeding the return on government bonds. The unlevered beta index was calculated based on a basket of companies operating in the same sector as Diateam, which was 0.67; equal to the levered beta calculated assuming a target financial structure for the utilization of the asset without net debt, corresponding to that of Diateam as of December 31, 2024. In addition, a risk premium for small size was estimated at 3.87 percentage points, taking into account the difference between the expected returns of companies of different sizes (in France), specifically comparing the size of the company under valuation with the average size of comparable companies used to estimate the cost of capital. The fair net rate of return is therefore 10.83%.

The plans underlying the above-mentioned impairment tests were approved by the Board of Directors of the Company on March 6, 2025.

In addition, the following sensitivity analyses were carried out:

for the stake in Diateam: change in the WACC of 2.5%, 5%, 7.5% and 10%, i.e. a change ranging from 14.43% to 15.88%, and a growth rate change ranging from 2% to 1%; Furthermore, the impact on the value of the equity investment of a 10% decrease in the terminal value of the cash flows that can be generated at full capacity, as compared to the assumptions made in the baseline scenario, was simulated.
for the stake in RCS: change in the WACC of 2.5%, 5%, 7.5% and 10%, i.e. a change ranging from 10.98% to 12.07%, and a growth rate change ranging from 2% to 1%;

Following the impairment test carried out on the basis of the considerations illustrated above, it is noted that the recoverable amount of each equity investment exceeds its carrying amount as of December 31, 2024, and this is also true in the sensitivity scenarios described above. For this reason, no impairment was necessary on investments in this year's financial statements.

With regard to the investee XTN, no impairment test was conducted as of December 31, 2024, due to the recent acquisition and its performance, which exceeded the budget forecast for the year 2024.

16.Trade receivables

This item can be detailed as follows:

	As of December 31
(in Euro)	2024	2023

From customers	13,207,615	22,421,479
From parent companies	5,302,682	5,727,691
From subsidiaries	427,465	5,532,069
Loss allowance	(1,168,525)	(658,671)
Total	17,769,237	33,022,568

		As of December 31
(in Euro)	2024	2023

From customers (Italy)	14,333,428	28,129,823
From customers (outside Italy)	4,604,334	5,551,416
Loss allowance	(1,168,525)	(658,671)
Total	17,769,237	33,022,568

The decrease in receivables from customers compared to the previous year was mainly due to the collection of items from leading institutional customers, which mainly occurred in the first half of 2024. Receivables from subsidiaries decreased mainly due to the collection of receivables from the subsidiary RCS in the amount of approximately Euro 5 million.

The following table presents the movement of the loss allowance:

(in Euro)	Loss allowance
Balance as of January 1, 2023	(611,044)
Accrual	(47,627)
Balance as of December 31, 2023	(658,671)
Accrual	(509,854)
Balance as of December 31, 2024	(1,168,525)

17.Other current and non-current assets

The item other current and non-current assets can be detailed as follows:

	As of December 31
(in Euro)	2024	2023

Accrued income	889,578	700,867
VAT assets	854,615	495,594
Tax credits for capital expenditures	232,352	266,404
Tax credits for research and development	306,138	512,789
Other	102,180	420,156
Total other current assets	2,384,863	2,395,810
Tax credits for capital expenditures	62,999	295,352
Tax credits for research and development	137,909	327,579
Total other non-current assets	200,908	622,931
Total other current and non-current assets	2,585,771	3,018,742

Please note that the items "Tax credits for capital expenditures" and "Tax credits for research and development" refer to tax credits recognized following the conduct of a technical expert appraisal.

18.Cash and cash equivalents

As of December 31, 2024, cash and cash equivalents amount to Euro 3,277,133 (Euro 2,579,157 as of December 31, 2023) and are essentially made up of deposits in Euro at leading financial institutions.

19.Current and non-current financial assets

This item can be detailed as follows:

	As of December 31		As of December 31
	2024			2023
(in Euro)	Current	Non-current	Current	Non-current

Deposits	-	19,000	-	40,000
Derivative financial instruments	299,313	174,011	196,071	128,276
RCS transaction account	2,500,000	-	-	-
Loan to Prontocyber Plus	-	400,000	-	-
Total financial assets	2,799,313	593,011	196,071	168,276

Current and non-current financial assets totaled Euro 3,068 thousand as of December 31, 2024, showing an increase of Euro 2,704 thousand compared to the previous year, mainly due for Euro 2,500 thousand to the activation of an interestbearing transaction account between the Company and the investee RCS, used to regulate the maturities of financial remittances between the parties, and for Euro 400 thousand to the first tranche of the non-interest-bearing shareholders' loan in favor of the newco Prontocyber Plus, subscribed at the time the company was established. It should be noted that the loan consists of two tranches, with the second tranche of Euro 575 thousand paid by the Company in January 2025. For more information, please refer to Note 29.

The item "derivative financial instruments" item refers to i) hedging derivatives on interest rates subscribed to cope with the interest rate risk on loan contracts (these instruments will expire in 2028) and ii) the fair value of the call option held for the acquisition of 29.34% of the share capital of Diateam. For more information on the acquisition of control of Diateam, see Note 15. It should be noted that CY4Gate S.p.A. also holds a derivative representing the fair value of the option to purchase the remaining 2.2% of XTN's share capital, the fair value of which was zero as of December 31, 2024. For further information on derivative financial instruments, please refer to Note 3.

20. Contract assets and liabilities

Contract assets include the net amount of activities carried out for amounts exceeding the payments on account received from customers. Similarly, contract liabilities accommodate the opposite case.

The net balance of contract assets is composed as follows:

(in Euro)		As of December 31
	2024	2023

Gross contract assets	8,495,975	3,854,629
Contract liabilities	(259,692)	(241,000)
IFRS 9 impairment provision	(17,357)	(4,549)
Contract assets	8,218,926	3,609,080
Gross contract liabilities	(832,543)	(428,018)
Contract assets	119,061	52,844
Contract liabilities	(713,482)	(375,174)
Net amount	7,505,444	3,233,906

The increase in contract assets, amounting to Euro 4,610 thousand, mainly derives from the changes on work in progress contracts as of December 31, 2024, mainly abroad.

21.Equity

Share capital

As of December 31, 2024 and 2023, the Company's share capital, fully subscribed and paid up, amounts to Euro 1,441,500.

Other reserves and retained earnings

The item "Reserves" can be detailed as follows:

(in Euro)	Retained Other Reserves earnings		Total Reserves
As of January 1, 2023	(1,854,495)	11,155,024	9,300,529
Actuarial losses on defined benefit plans	(54,691)	-	(54,691)
Fair value gains/(losses) on cash flow hedges	(262,299)	-	(262,299)
Comprehensive income / (loss)	(316,990)	-	(316,990)
Allocation of prior year result	-	4,528,088	4,528,088
Acquisition of treasury shares	(1,591,983)	-	(1,591,983)
Share-based payments	211,295	-	211,295
As of December 31, 2023	(3,552,173)	15,683,112	12,130,939
Actuarial losses on defined benefit plans	(21,424)	-	(21,424)
Fair value gains/(losses) on cash flow hedges	(133,335)	-	(133,335)
Comprehensive income / (loss)	(154,759)	-	(154,759)
Allocation of prior year result	-	(11,104,148)	(11,104,148)
Acquisition of treasury shares	(1,606,906)	-	(1,606,906)
Share-based payments	213,709	-	213,709
Other changes	-	-	-
As of December 31, 2024	(5,100,129)	4,578,964	(521,165)

The following table shows the equity items as of December 31, 2024, broken down by origin, the possibility of use and distribution:

	As of December		Available portion
(in Euro)	31, 2024	Possibility of use*

Share capital	1,441,500
Share Premium reserve	108,539,944	A, B, C	108,539,944
Other reserves	(5,100,129)	A, B	355,592
Total Other reserves	103,439,815		108,895,536
Retained earnings	4,578,964	A, B, C	4,578,964
Profit/(loss) for the year	(5,964,955)
Total equity	103,495,324		113,474,500

* Key – A = for capital increase, B = for loss allowance, C = for distribution to shareholders, D = for other statutory constraints

22.Current and non-current financial liabilities

The following table provides details of the item as of December 31, 2024 and 2023:

As of December 31, 2024		Between 1 and 5	Over 5 years	Total
(in Euro)	Within 12 months	years
Bank loans and borrowings	9,074,838	20,261,313	-	29,336,151
Lease liabilities	349,160	666,490	-	1,015,650
Total	9,423,998	20,927,803	-	30,351,801

As of December 31, 2023 (in Euro)	Within 12 months	Between 1 and 5 years	Over 5 years	Total
Bank loans and borrowings	3,788,798	12,967,017	-	16,755,815
Lease liabilities	349,159	864,750	-	1,213,909
Total	4,137,957	13,831,767	-	17,969,724

The table below summarizes the information on bank loans and borrowings:

Loan	Funding entity	Rate applied	Maturity date	Original principal amount	Carrying amount as of December 31, 2024	of which current
"Bank pool" Line A loan	Credit Agricole, ICCREA	Euribor 6m + 200bp	03/29/2028	12,500,000	8,446,519	2,247,705
"Bank pool" Acquisition / Capex Line loan	Credit Agricole, ICCREA	Euribor 6m + 200bp	03/29/2028	25,000,000	20,312,500	6,250,000
Short-term loan	Credit Agricole	Euribor 3m + 120bp	02/10/2025	500,000	500,000	500,000
Other	Amex, Nexi	n.a.	n.a.	n.a.	77,132	77,132
Total				38,000,000	29,336,151	9,074,837

Non-current financial liabilities refer to:

the portion beyond 12 months of the Line A loan agreement signed with Credit Agricole Italia S.p.A., leader of a pool of banks, for a maximum total amount of Euro 45,000,000 (the "Loan Agreement"), used as of December 31, 2024, for the portion dedicated to the partial financing of the acquisition in 2022 of the RCS Group amounting to a total of Euro 12,500,000 accounted for a carrying amount of Euro 8,446,519, which takes into account the effect related to the application of the amortized cost criterion and the installments paid based on the amortization plan provided for by the agreement;
the portion beyond 12 months of the Acquisition/Capex Line of the above-mentioned loan agreement, used as of December 31, 2024, for: (i) the financing of the acquisition of Diateam in the year 2023 amounting to a total of Euro 5,555,052; the financing of the acquisition of XTN in the year amounting to a total of Euro 8,729,700; additional draws of Euro 10,715 thousand net of repayments of Euro 4,688 thousand paid as per the contractual amortization schedule, to finance the consolidation of the group and investments in the plan's time frame.

Current financial liabilities refer to:

the portion within 12 months of the Loan Agreement discussed above;
the loan taken out during the year with Credit Agricole for Euro 500,000, maturing in February 2025, fully repaid on that date;
Euro 77 thousand for American Express and Nexi credit card payables.

The loan agreement subscribed with a pool of banks provides, for Line A, the repayment of the capital share by the relative due date, in 11 semi-annual installments according to the contractually agreed amortization plan. Furthermore, CY4Gate will pay the interest accrued over time, for each interest period, on the amounts disbursed and not repaid, at an interest rate amounting to the EURIBOR 6M/360 rate increased by a spread of 225 b.p. for which a derivative was subscribed to cover 100% of the amount in terms of risk.

It is also noted that according to the loan agreement the spread that will be applied to the reference rate in relation to each line of financing, may vary semi-annually, increasing or decreasing, in relation to the variation of the "Net Financial Indebtedness/EBITDA (NFI/EBITDA)" ("financial covenant") ratio calculated on the basis of the consolidated financial statements data, or of the consolidated half-yearly report, starting from a base ratio of 2x. The parent company, therefore, has committed to respect the aforementioned NFI/EBITDA financial parameter, accepting that the financing banks and the agent bank may take the actions and remedies contractually provided, among others the repayment of the amounts not yet paid and the relative interest, in the event that the initial financial situation at consolidated level does not comply with said parameter.

The compliance with the aforementioned financial parameter will be checked every six months on a "rolling" basis (i.e. with reference to the data related to the previous twelve months), starting from that relating to for the year ended on December 31, 2022. This covenant was respected as of December 31, 2024.

In addition, it should be noted that this loan agreement includes certain restrictions on the distribution of profits and/or dividends by the Company, in particular, the Company will not be able to distribute profits and/or dividends, nor make payments of any amount for any reason and in any form to its shareholders, except for payments under commercial contracts and/or employment relationships (including, for example, as payment of pricipal, interest or other benefits on shareholder loans, also in bond form, or as compensation for services rendered and/or management fees) (each operation, a "Distribution"), unless all the following conditions occur:

the first Distribution is subsequent to the approval of the Issuer's financial statements closed on December 31, 2022;
for the entire duration of the Loan Agreement, each Distribution does not exceed 50% (fifty percent) of the profits resulting from the Issuer's separate financial statements related to the year immediately before the one in which the related Distribution must be made;
at the date of the Distribution there is no significant event and such Distribution does not in itself determine a Significant Event (as defined in the Loan Agreement).

The remaining part of the loan, currently not used, provides the possibility of activating a medium-long term Revolving credit line, usable for rotating-type cash, up to a maximum of Euro 5,000,000 (the "Revolving Line") intended to finance the cash needs related to the Company's treasury requirements.

Net financial indebtedness

The following table presents the details of the Net Financial Position, with the analysis of debit and credit positions towards related parties, according to Consob communication no. DEM/6064293 of July 28, 2006 and the Warning no. 5/21 issued by Consob on April 29, 2021 with reference to the ESMA Orientation 32-382-1138 of March 4, 2021.

	As of December 31
(in Euro)	2024	of which to related parties:	2023	of which to related parties:
A. Cash	(3,277,133)	-	(2,579,157)	-
B. Cash equivalents	-	-	-	-
C. Other current financial assets	(2,500,000)	(2,500,000)	-	-
D. Liquidity (A+B+C)	(5,777,133)	(2,500,000)	(2,579,157)	-
E. Current financial debt (including debt instruments, but excluding the current portion of non-current financial debt)	577,132	-	1,046,235	-
F. Current portion of non-current financial debt	8,547,552	256,718	2,895,651	244,994
G. Current financial indebtedness (E+F)	9,124,684	256,718	3,941,886	244,994
H. Net current financial indebtedness (G+D)	3,347,551	(2,243,282)	1,362,729	244,994
I. Non-current financial debt (excluding current portion and debt instruments)	20,753,793	474,237	13,703,491	729,725
J. Debt instruments	-	-	-	-
K. Non-current trade and other payables	-	-	-	-
L. Non-current net financial indebtedness (I+J+K)	20,753,793	474,237	13,703,491	729,725
M. Total financial indebtedness (H+L)	24,101,344	(1,769,045)	15,066,220	974,719
N. Non-current financial assets	(419,000)	(419,000)	(40,000)	(19,000)
Net Financial Indebtedness (M+N)	23,682,344	(2,188,045)	15,026,220	955,719

The item "E. Current financial debt" includes the current portion of the items of the financial statements as of December 31, 2024 for loans falling due within 12 months (Euro 577 thousand).

The item "F. Current portion of non-current financial debt" includes the current portion of the item in the financial statements as of December 31, 2024 relating to loans falling due after 12 months (Euro 8,498 thousand), the current portion of the item in the financial statements as of December 31, 2024 relating to current lease liabilities (Euro 349 thousand), as well as the current portion of active derivative financial instruments (Euro 47 thousand).

The item "I. Non-current financial debt" includes the items in the financial statements as of December 31, 2024 relating to non-current financial liabilities relating to loans due after 12 months (Euro 20,261 thousand), non-current lease liabilities (Euro 666 thousand), as well as the non-current portion of financial derivative assets (Euro 174 thousand).

The item "N. Non-current financial assets" corresponds to the item in the financial statements as of December 31, 2024 relating to non-current financial assets (Euro 521 thousand), excluding hedging derivative financial instruments classified in this item (Euro 174 thousand).

Lease liabilities

The item "lease liabilities" can be broken down as follows:

	As of December 31
(in Euro)	2024	2023
Buildings	761,835	974,790
Hardware	-	33,353
Vehicles	253,815	205,766
Total lease liabilities	1,015,650	1,213,909

23.Employee benefits

The item includes the provision for post-employment benefits (TFR) for the Company's employees.

TFR

The changes in the item can be detailed as follows:

	As of December 31, 2023
(in Euro)	2024	2023
Balance as of January 1	737,944	513,224
Uses for indemnities paid and advances	(116,199)	(104,750)
Transfers to Pension Funds / Treasury / Taxation	(93,089)	(11,266)
Service costs	291,298	248,171
Interest expense	23,388	20,603
Actuarial gains	30,098	71,962
Balance as of December 31	873,440	737,944

The actuarial assumptions for the calculation purposes of the defined benefit pension plans are detailed in the following table:

	As of December 31, 2023
	2024	2023
Economic assumptions
Inflation rate	2.00%	2.25%
Discount rate	3.18%	3.12%
Salary growth rate	1.00%	2.25%

The following is a sensitivity analysis related to defined-benefit pension plans based on changes in the main assumptions as of December 31, 2024, and 2023:

As of December 31, 2024		Impact on the liability
(in Euro)	Changes in assumptions	increase in assumptions	decrease in assumptions
Economic assumptions
Inflation rate	0.25%	10,513	(10,297)
Discount rate	0.25%	(12,288)	12,660
Salary growth rate	1.00%	2,490	(2,795)

As of December 31, 2023		Impact on the liability
(in Euro)	Changes in assumptions	increase in assumptions	decrease in assumptions
Economic assumptions
Inflation rate	0.50%	19,945	876
Discount rate	0.50%	(13,982)	36,409
Salary growth rate	0.50%	20,013	1,195

Through its defined-benefit pension plans, the Company is exposed to certain risks, the most significant of which are described below.

Discount and inflation rate risk

The present value of defined benefit pension plans is calculated using a discount rate determined using the rate of high quality corporate bond. A decrease in the discount rate would result in an increase in liability. A decrease in the inflation rate would result in a decrease in the liability.

Employee resignation and early retirement probability

24.Provisions for risk and charges

The change of the items can be detailed as follows:

	Product warranty provision	Total
(in Euro)
As of January 1, 2023	122,111	122,111
Accruals	78,660	78,660
Utilization	(122,111)	(122,111)
Releases	-	-
As of December 31, 2023	78,660	78,660
Accruals	-	-
Utilization	-	-
Releases	(78,660)	(78,660)
As of December 31, 2024	-	-

25.Deferred tax assets and liabilities

The net change of this item can be detailed as follows:

(in Euro)	2024	2023
Balance as of January 1	2,382,997	2,088,149
Of which:
- deferred tax assets	2,450,489	2,238,472
- deferred tax liabilities	(67,492)	(150,323)
Effects on profit or loss	2,974,129	194,746
Effects on comprehensive income	50,780	100,102
Balance as of December 31	5,407,906	2,382,997
Of which:
- deferred tax assets	5,433,292	2,450,489
- deferred tax liabilities	(25,386)	(67,492)

The item "Deferred tax assets" mainly refers to the deferred taxation recognized by the Company on IRES tax losses, as well as other temporary increases that are expected to be reversed in the coming years. Deferred tax assets are recognized following the assessment made by the Company's Directors about their full recoverability based on the future taxable income that will be realized in the coming years.

The item "Deferred tax liabilities" is entirely attributable to the recognition of deferred taxation related to the fair value of the hedging derivative financial instruments.

26.Trade payables

This item can be detailed as follows:

		As of December 31
(in Euro)	2024	2023

Trade payables	6,218,364	8,618,513
Payables to parent companies	-	485,727
Payables to subsidiaries	2,279,319	1,197,873
Total	8,497,683	10,302,113

Payables to parent companies relate to services provided by the parent company Elettronica S.p.A. mainly for canteen services and for ancillary services to the rental of the property in office use by the Company.

		As of December 31
(in Euro)	2024	2023

Italy	7,268,796	7,120,264
Outside Italy	1,228,887	3,181,849
Total	8,497,683	10,302,113

27.Other current and non-current liabilities

This item can be detailed as follows:

	As of December 31
(in Euro)	2024	2023

Accrued expenses and deferred income	1,503,613	447,636
Total other non-current liabilities	1,503,613	447,636
Accrued expenses and deferred income	25,541	1,124,193
Other liabilities	2,096,772	1,461,220
Employees	800,318	924,326
Social security and welfare institutions	370,175	405,215
Tax Authorities for VAT	592	-
Advances on grants	773,629	313,177
Total other current liabilities	4,067,027	4,228,131
Total other current and non-current liabilities	5,570,640	4,675,767

28. Other Information

Guarantees

As of December 31, 2024, the following guarantees were given by the Company:

surety bond (advance bond) issued by Creval in September 2018 for Euro 70,000 related to an active contract with an end user in a Middle Eastern country;
A guarantee (bid bond) issued by Creval in October 2021 for Euro 30,000 for participation in a tender in a Middle Eastern country.

Below are described the pledges on equity investments made (or to be made) under the Loan Agreement subscribed on March 29, 2022 between CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A., following its adherence to the agreement, and a pool of lending banks led by Crédit Agricole Italia S.p.A.

RCS Group: on March 29, 2022, CY4Gate S.p.A., in its capacity as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of Aurora S.p.A. to guarantee the correct, full and timely fulfillment of all present and/or future monetary obligations of CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks, arising in any way from the loan agreement subscribed on March 29, 2022 between CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks. It should be noted that this pledge has been transferred to RCS following the reverse merger completed on November 15, 2022;
RCS ETM Sicurezza Pledge: on March 29, 2022, Aurora S.p.A., in its capacity as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of RCS ETM Sicurezza S.p.A., to guarantee the correct, full and timely fulfillment of the monetary obligations (within the limits expressly provided in the related pledge act) of CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks, arising in any way from the loan agreement subscribed on March 29, 2022 between CY4Gate S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks.

Seasonality of the business

The business in which the Company operates is characterized by a marked concentration of deliveries and cash inflows from customers in the last three months of the year. This aspect of the inflows affects both the intra-annual cash flows and the variability of the Company's debt situation in different periods of the year, characterized by substantial improvements in the last few months of the calendar year.

Fees of the directors and statutory auditors

The following presents the fees of the Directors and Statutory Auditors of the Company for the year ended December 31, 2024 and 2023:

	For the year ended December 31
(in Euro)	2024	2023

Directors' fees	358,500	308,406
Statutory auditors' fees	104,000	52,000
Total	462,500	360,406

Independent auditors' fees

Below, as required by art. 149-duodecies of the Implementation Regulation of Legislative Decree of February 24, 1998 n. 58 ("Consob Issuers Regulation"), the details of the fees to the Independent Auditor and the entities belonging to its network are reported. The fees presented in the table, for the year ended 2024, are those contracted, including any indexations (excluding out-of-pocket expenses and VAT).

(in Euro thousand)

		Fees
Type of services	Entity that provided the service	2024
Audit	KPMG S.p.A.	111
Attestation services (*)	KPMG S.p.A.	59
Total		170

(*) The attestation services relate to (i) limited assurance of the Consolidated Sustainability Statement pursuant to Italian Legislative Decree 125/2024; (ii) audit of the Statement of costs incurred for research and development activities and (iii) subscription of tax declarations.

29. Transactions with Related Parties

The relationships maintained by the Company with related parties are both commercial and financial in nature.

It should be noted that in August 2024 CY4Gate S.p.A. disbursed Euro 400 thousand of the non-interest-bearing loan to the subsidiary Prontocyber Plus S.r.l. The remaining transactions are set out in the table below, and the Company considers that these transactions with related parties are conducted on an arm's length basis.

In addition to the above-mentioned transaction, the transactions with related parties are specifically with Elettronica S.p.A., the RCS Group, Diateam and XTN. These relationships, which do not constitute atypical and/or unusual operations, are governed by normal market conditions and follow a natural development in compliance with contractual commitments and payment terms. Specifically, contract assets (Euro 2,430 thousand) and trade receivables (Euro 5,302 thousand) refer to the activities closely linked to the sales that the Company makes to the parent company for Euro 10,176 thousand, not yet collected at the reporting date.

Lease liabilities (Euro 731 thousand) refer to the properties leased by the parent company and used as offices. Contract liabilities (Euro 536 thousand) refer to the net balances for which the payments received from customers are higher than the services provided by the entity and which are presented among the liabilities in accordance with the requirements of the international accounting standards. Finally, trade payables (Euro 2,224 thousand) refer to costs incurred for services rendered by subsidiaries. The balances recognized in profit or loss during the year represent the income counterpart of the previously discussed items.

(in Euro)	Subsidiaries	Parent company	Joint Ventures	Total related parties	Total in financial statements	Impact on the financial statements item
Impact of transactions on profit or loss
Revenues and other income
Year ended December 31, 2024	1,240,564	10,175,965	1,173,394	12,589,923	24,863,887	51%
Year ended December 31, 2023	3,666,384	3,837,560	-	7,503,944	17,607,890	43%
Raw materials
Year ended December 31, 2024	-	-	-	-	1,982,787	0%
Year ended December 31, 2023	(83,387)	-	-	(83,387)	461,430	18%
Personnel expenses
Year ended December 31, 2024	-	-	-	-	8,913,693	0%

Year ended December 31, 2023	(543,489)	-	-	(543,489)	9,586,336	6%
Services
Year ended December 31, 2024	(4,932,883)	(214,565)	(2,600)	(5,150,048)	12,662,917	41%
Year ended December 31, 2023	(32,525)	555,751	-	(523,226)	10,110,524	10%
Financial income (expense)
Year ended December 31, 2024	773,201	-	-	773,201	1,402,035	55%
Year ended December 31, 2023	3,465	-	-	3,465	1,266,420	0%
Impact of transactions on the statement
of financial position
Current and non-current financial assets
As of December 31, 2024	2,500,000	19,000	-	2,519,000	3,392,324	74%
As of December 31, 2023	-	19,000	-	19,000	364,347	5%
Trade receivables
As of December 31, 2024		5,302,682	325,160	5,627,842	17,769,237	32%
As of December 31, 2023	5,532,069	5,727,691	-	11,259,760	33,022,568	34%
Right-of-use assets
As of December 31, 2024	-	712,970	-	712,970	988,071	72%
As of December 31, 2023	-	958,502	-	958,502	1,197,638	80%
Contract assets
As of December 31, 2024	-	2,430,044	-	2,430,044	8,218,926	30%
As of December 31, 2023	-	1,748,572	-	1,748,572	3,609,080	48%
Lease liabilities
As of December 31, 2024	-	730,955	-	730,955	1,015,650	72%
As of December 31, 2023	-	974,719	-	974,719	1,213,909	80%
Other current assets
As of December 31, 2024	471,600	-	-	471,600	2,384,863	20%
As of December 31, 2023	-	-	-	-	2,395,810	0%
Trade payables
As of December 31, 2024	2,224,119	-	3,172	2,227,291	8,497,683	26%
As of December 31, 2023	1,197,873	485,727	-	1,683,600	10,302,113	16%
Contract liabilities
As of December 31, 2024	-	535,808	-	535,808	713,482	75%
As of December 31, 2023	-	182,823	-	182,823	375,174	49%

Atypical and/or unusual significant events and operations

During 2024, no significant atypical or unusual operations were carried out, either with third parties or with related parties.

Impacts of the macroeconomic situation

In the preparation of these Financial Statements as of and for the year ended December 31, 2024, in accordance with IFRS and the recent notices released by financial market supervisory authorities, the Company has assessed the impact of the Russian invasion of Ukraine and the War in the Middle East on the financial position, economic performance and cash flows. As of the date of these Financial Statements, the Company is constantly monitoring the developments of these conflicts for the identification of further risks. At present, it is considered that there are no significant impacts on the Company's resources and business.

2024 corporate reporting priorities in the ESMA European Common enforcement priorities document

On October 24, 2024, ESMA published the European common enforcement priorities for 2024 corporate reporting. These priorities include:

Priorities related to IFRS financial statements – Liquidity considerations: the focus of the Regulator, as far as applicable to the Company, is on disclosures related to financial liabilities and their classification as current or non-current, also in connection with covenants; as well as on the Statement of Cash Flows. In this regard, please refer to Statement of Cash Flows and Note 22.
Priorities related to IFRS financial statements – Accounting policies, judgements and significant estimates: the Regulator's recommendations concern, in particular, revenues from contracts with customers, whose estimates underlying the calculation of work in progress must be reasonable and supported; situations of control, joint control and significant influence; general comments on accounting policies, judgments, significant estimates and related disclosures. In this regard, please refer to Note 4 as well as the comments to revenues and contract assets and liabilities.

Climate-Related Matters

State aid disclosures pursuant to Italian Law no. 124/2017

With reference to the transparency obligations established by art. 1, paragraphs 125 to 129 of Italian Law 124/2017, it is reported that in 2024 the Company did not receive any government grants pursuant to the aforementioned rule.

30.Significant events of the year

Acquisition of XTN Cognitive Security S.r.l.

Acquisition of treasury shares

Establishment of Prontocyber Plus S.r.l.

On July 23, 2024, CY4Gate S.p.A. together with CDP Venture Capital SGR, Italy's leading venture capital manager owned by CDP Equity (70%) and Invitalia (30%), through the Boost Innovation Fund, a corporate venture building instrument, signed binding agreements to enter into a strategic partnership through the establishment of Prontocyber Plus S.r.l., a joint venture with headquarters in Rome, dedicated to cybersecurity for SMEs. For more information, please refer to Note 15 "Equity investments".

Purchase of an additional stake in Diateam S.a.S.

On July 26, 2024, following the exercise of the "Put & Call" option agreements exercisable in the 2024-2026 three-year period and signed at the time of the purchase of the first 55.33% of Diateam S.a.S., CY4Gate S.p.A. signed the closing for the purchase of a further 15.33% of the French investee at a price of Euro 1.6 million, thus coming to hold 70.66% of its share capital. For more information, please refer to Note 15 "Equity investments".

31.Subsequent events

Inclusion of XTN Cognitive Security S.r.l. into National Tax Consolidation System

On March 6, 2025, the Company's Board of Directors resolved to include XTN Cognitive Security S.r.l. in CY4Gate S.p.A.'s National Tax Consolidation System for the 2025-2027 three-year period.

Disbursement of loan instalment to Prontocyber Plus S.r.l.

Proposal of the Board of Directors to the Shareholders' Meeting

Dear Shareholders,

The Board of Directors proposes you to:

approve the financial statements as of and for the year ended December 31, 2024, of CY4Gate S.p.A. with a loss for the year of Euro 5,964,955.26;
carry forward the loss for the year of EUR 5,964,955.26.

Rome, March 12, 2025

On behalf of the Board of Directors

(Emanuele Galtieri)

Statement pursuant to article 154-bis of Legislative decree no. 58 of February 24, 1998, "Italian Consolidated Law on Financial Intermediation", as amended

(Translation from the original Italian text)

The undersigned Emanuele Galtieri and Marco Latini, respectively Chief Executive Officer and Manager in charge of the preparation of the corporate accounting documents of CY4Gate S.p.A. hereby certify, also taking into account the provisions envisaged by Art. 154-bis, paragraphs 3, 4 and 5-ter, of the Legislative Decree no. 58 of February 24, 1998:

• the adequacy in relation to the characteristics of the company (also taking into account any changes occurred during 2024) and

• the effective application of administrative and accounting procedures for the preparation of the financial statements as of and for the year ended December 31, 2023 during 2024.

No significant aspects emerged from the application of administrative and accounting procedures for the preparation of the financial statements as of and for the year ended December 31, 2024.
It is also certified that:

3.1 the financial statements as of and for the year ended December 31, 2024:

a) are prepared in compliance with the applicable International Accounting Standards recognized in the European Community under Regulation (EC) No. 1606/2002 of the European Parliament and of the Council of July 19, 2002;

b) are consistent with the underlying accounting books and records;

c) provide a true and correct view of the Company's financial performance, financial position and cash flows,

3.2 The Management Report and the Corporate Governance Report include a reliable analysis of the performance and results of operations, as well as the situation of the Company, together with a description of the main risks and uncertainties it is exposed to.

3.3 The Consolidated Sustainability Report Statement included in the Management Report has been prepared in accordance with the reporting standards applied pursuant to Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 and the Legislative Decree of September 6, 2024 No. 125 and with the specifications adopted pursuant to Article 8, paragraph 4, of Regulation (EU) 2020/852 of the European Parliament and of the Council of 18 June 2020.

Rome, March 12, 2025

Chief Executive Officer Manager in charge of the preparation of the corporate accounting documents

…………………….…………………… …………………….……………………

KPMG S.p.A. Revisione e organizzazione contabile Via Curtatone, 3 00185 ROMA RM Telefono +39 06 80961.1 Email [email protected] PEC [email protected]

(The accompanying translated separate financial statements of CY4Gate S.p.A. constitute a non-official version which is not compliant with the provisions of the Commission Delegated Regulation (EU) 2019/815. This independent auditors' report has been translated into English solely for the convenience of international readers. Accordingly, only the original Italian version is authoritative.)

Independent auditors' report pursuant to article 14 of Legislative decree no. 39 of 27 January 2010 and article 10 of Regulation (EU) no. 537 of 16 April 2014

To the shareholders of CY4Gate S.p.A.

Report on the audit of the separate financial statements

Opinion

We have audited the separate financial statements of CY4Gate S.p.A. (the "company"), which comprise the statement of financial position as at 31 December 2024, the statements of profit or loss, comprehensive income, changes in equity and cash flows for the year then ended and notes thereto, which include material information on the accounting policies.

In our opinion, the separate financial statements give a true and fair view of the financial position of CY4Gate S.p.A. as at 31 December 2024 and of its financial performance and cash flows for the year then ended in accordance with the IFRS Accounting Standards issued by the International Accounting Standards Board and endorsed by the European Union, as well as the Italian regulations implementing article 9 of Legislative decree no. 38/05.

Basis for opinion

We conducted our audit in accordance with the International Standards on Auditing (ISA Italia). Our responsibilities under those standards are further described in the "Auditors' responsibilities for the audit of the separate financial statements" section of our report. We are independent of the company in accordance with the ethics and independence rules and standards applicable in Italy to audits of financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Key audit matters

Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the separate financial statements of the current year. These matters were addressed in the context of our audit of the separate financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

KPMG S.p.A. è una società per azioni di diritto italiano e fa parte del network KPMG di entità indipendenti affiliate a KPMG International Limited, società di diritto inglese.

Ancona Bari Bergamo Bologna Bolzano Brescia Catania Como Firenze Genova Lecce Milano Napoli Novara Padova Palermo Parma Perugia Pescara Roma Torino Treviso Trieste Varese Verona

Recoverability of the carrying amount of investments in subsidiaries

Notes to the separate financial statements: notes 2.2 "Valuation Criteria - Equity investments", 4 "Estimates and assumptions" and 15 "Equity investments"

Key audit matter	Audit procedures addressing the key audit matter
The separate financial statements at 31 December 2024 include in the caption "Equity investments" of €94,620 thousand, Equity investments in subsidiaries recognised at acquisition cost which totals €93,142 thousand. The directors identified indicators of impairment and, with the assistance of an external expert, tested these equity investments for impairment, checking their recoverability by comparing their carrying amounts with their value in use calculated using the discounted cash flow model. The model is very complex and entails the use of estimates which, by their very nature, are uncertain and subjective about: • the investees' expected cash flows, calculated by taking into account the general economic performance and that of their sector, the cash flows generated in recent years and the projected growth rates; • the financial parameters used to calculate the discount rate. For the above reasons, we believe that the recoverability of the carrying amount of investments in	Our audit procedures included: • understanding the process adopted for impairment testing approved by the company's board of directors; • understanding the process adopted to prepare the 2025-2029 business plan approved by the company's board of directors (the "2025-2029 plan") from which the investees' expected cash flows used for impairment testing have been derived; • analysing the reasonableness of the assumptions used by the directors and the external expert to prepare the impairment test; • analysing the most significant discrepancies between the previous year business plans' figures and actual figures, in order to check the accuracy of the estimation process adopted by the directors; • comparing the cash flows used for impairment testing to the investees' cash flows forecast in the 2025-2029 plan and analysing any discrepancies; • involving experts of the KPMG network in the
subsidiaries is a key audit matter.	assessment of the reasonableness of the impairment testing model and related assumptions, including by means of a comparison with external

	data and information;
	• assessing the appropriateness of the disclosures provided in the notes about the measurement of investments in subsidiaries.

Recoverability of intangible assets

Notes to the separate financial statements: notes 2.2 "Valuation Criteria - Intangible assets", 4 "Estimates and assumptions" and 12 "Intangible assets"

Key audit matter	Audit procedures addressing the key audit matter
The separate financial statements at 31 December 2024 include intangible assets with finite useful life of €12,527 thousand under the caption "Intangible assets".	Our audit procedures included: • understanding the process adopted to prepare the impairment test approved by the company's board of directors;
The directors identified indicators of impairment and, with the assistance of an external expert, tested these intangible assets for impairment, checking their recoverability by comparing their carrying amounts with their value in use calculated using the discounted cash flow model. The model is very complex and entails the	• understanding the process adopted for preparing the 2025-2029 business plan approved by the company's board of directors (the "2025-2029 plan") from which the expected cash flows used for impairment testing have been derived;

Independent auditors' report 31 December 2024

Key audit matter	Audit procedures addressing the key audit matter
use of estimates which, by their very nature, are uncertain and subjective about:	• analysing the reasonableness of the assumptions used by the directors and the external expert to prepare the impairment test; • analysing the most significant discrepancies between the previous year business plans' figures and actual figures, in order to check the accuracy of the estimation process adopted by the directors;
• the company's expected cash flows, calculated by taking into account the general economic performance and that of its sector, the actual cash flows for recent years and the projected growth rates;
• the financial parameters used to calculate the discount rate. For the above reasons, we believe that the recoverability of the carrying amount of intangible assets is a key audit matter.	• comparing the cash flows used for impairment testing to the company's cash flows forecast in the 2025-2029 plan and analysing any discrepancies;
	• involving experts of the KPMG network in the assessment of the reasonableness of the impairment testing model and related assumptions, including by means of a comparison with external data and information;
	• assessing the appropriateness of the disclosures provided in the notes about the measurement of intangible assets.

Responsibilities of the company's directors and board of statutory auditors ("Collegio Sindacale") for the separate financial statements

The directors are responsible for the preparation of separate financial statements that give a true and fair view in accordance with the IFRS Accounting Standards issued by the International Accounting Standards Board and endorsed by the European Union, as well as the Italian regulations implementing article 9 of Legislative decree no. 38/05 and, within the terms established by the Italian law, for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

The directors are responsible for assessing the company's ability to continue as a going concern and for the appropriate use of the going concern basis in the preparation of the separate financial statements and for the adequacy of the related disclosures. The use of this basis of accounting is appropriate unless the directors believe that the conditions for liquidating the company or ceasing operations exist, or have no realistic alternative but to do so.

The Collegio Sindacale is responsible for overseeing, within the terms established by the Italian law, the company's financial reporting process.

Auditors' responsibilities for the audit of the separate financial statements

Our objectives are to obtain reasonable assurance about whether the separate financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors' report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISA Italia will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these separate financial statements.

As part of an audit in accordance with ISA Italia, we exercise professional judgement and maintain professional scepticism throughout the audit. We also:

identify and assess the risks of material misstatement of the separate financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control;
obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the company's internal control;
evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the directors;
conclude on the appropriateness of the directors' use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the company's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors' report to the related disclosures in the separate financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors' report. However, future events or conditions may cause the company to cease to continue as a going concern;
evaluate the overall presentation, structure and content of the separate financial statements, including the disclosures, and whether the separate financial statements represent the underlying transactions and events in a manner that achieves fair presentation.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the separate financial statements of the current year and are, therefore, the key audit matters. We describe these matters in our auditors' report.

Report on other legal and regulatory requirements

Opinion on the compliance with the provisions of Commission Delegated Regulation (EU) 2019/815

The company's directors are responsible for the application of the provisions of Commission Delegated Regulation (EU) 2019/815 with regard to regulatory technical standards on the specification of a single electronic reporting format (ESEF) to the separate financial statements at 31 December 2024 to be included in the annual financial report.

We have performed the procedures required by Standard on Auditing (SA Italia) 700B in order to express an opinion on the compliance of the separate financial statements with Commission Delegated Regulation (EU) 2019/815.

In our opinion, the separate financial statements at 31 December 2024 have been prepared in XHTML format in compliance with the provisions of Commission Delegated Regulation (EU) 2019/815.

Opinion and statement pursuant to article 14.2.e)/e-bis)/e-ter) of Legislative decree no. 39/10 and article 123-bis.4 of Legislative decree no. 58/98

The company's directors are responsible for the preparation of a directors' report and a report on corporate governance and ownership structure at 31 December 2024 and for the consistency of such reports with the related separate financial statements and their compliance with the applicable law.

We have performed the procedures required by Standard on Auditing (SA Italia) 720B in order to:

express an opinion on the consistency of the directors' report and certain specific information presented in the report on corporate governance and ownership structure required by article 123 bis.4 of Legislative decree no. 58/98 with the separate financial statements;
express an opinion on the consistency of the directors' report, excluding the section that includes the consolidated sustainability statement, and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 with the applicable law;
issue a statement of any material misstatements in the directors' report and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98.

In our opinion, the directors' report and the specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 are consistent with the company's separate financial statements at 31 December 2024.

Rome, 28 March 2025

KPMG S.p.A.

(signed on the original)

Matteo Ferrucci Director of Audit

AI Terminal

CY4GATE S.p.A.

6295_10-k_2025-04-04_353968ee-68e8-4b2a-a719-85fb46338f74.pdf

CONTENTS

Management Report

GENERAL INFORMATION

Economic overview and reference markets

Overview of the markets in which the CY4Gate Group operates (Cyber Intelligence and Cyber Security)

SIGNIFICANT EVENTS OF THE YEAR

Acquisition of XTN Cognitive Security S.r.l.

Acquisition of treasury shares

Establishment of Prontocyber Plus S.r.l.

Purchase of an additional stake in Diateam S.a.S.

Other significant events

GROUP FINANCIAL PERFORMANCE AND KEY PERFORMANCE INDICATORS

MAIN ALTERNATIVE INDICATORS OF THE GROUP'S PERFORMANCE

CONSOLIDATED RECLASSIFIED STATEMENT OF PROFIT OR LOSS

CONSOLIDATED RECLASSIFIED STATEMENT OF FINANCIAL POSITION

CONSOLIDATED NET FINANCIAL POSITION

CONSOLIDATED STATEMENT OF CASH FLOWS

HUMAN RESOURCES

SUBSEQUENT EVENTS

Inclusion of XTN Cognitive Security S.r.l. in the National Tax Consolidation System

Payment of loan instalment to Prontocyber Plus S.r.l.

BUSINESS OUTLOOK

DEFENCE

SECURITY & LAW ENFORCEMENT

CORPORATE ITALY and EU MARKET

MAIN RISKS AND UNCERTAINTIES

RISK MANAGEMENT

INTEREST RATE RISK

CURRENCY RISK

PRICE RISK

CREDIT RISK

LIQUIDITY RISK

CAPITAL RISK

AUTHORIZATION RISK

REPUTATIONAL RISK

HUMAN RESOURCES RISK

TECHNOLOGICAL RISK

TRANSACTIONS WITH RELATED PARTIES

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURES

OTHER INFORMATION

Purchases or sales of parents' shares during the year

Research and development activities

Treasury shares

Management and coordination

Significant non-recurring, atypical and/or unusual events and operations

Assets designated for a specific transaction

Priorities for financial reporting supervision for 2024 contained in the ESMA European Common enforcement priorities document

Climate-Related Matters

Remuneration Report

CONSOLIDATED SUSTAINABILITY STATEMENT

1.GENERAL DISCLOSURES (ESRS 2)

BP-1 Basis for preparation of sustainability statement

Below follows the structure of the Group:

BP-2 Disclosures in relation to specific circumstances

Transitional provisions in accordance with Appendix C of ESRS 1

ESRS S2 – Workers in the value chain

ESRS S3 – Affected communities

ESRS S4 – Consumers and end-users

Governance

GOV-1 The role of the administrative, management and supervisory bodies

The Board of Directors of CY4Gate

Administration, management and control bodies of CY4Gate

- Regulatory compliance

GOV-2 Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies

GOV-3 Integration of sustainability-related performance in incentive schemes

GOV-4 Statement on due diligence

GOV-5 Risk management and internal controls over sustainability reporting

Strategy

SBM-1 Strategy, business model and value chain

UPSTREAM VALUE CHAIN

DOWNSTREAM VALUE CHAIN

• 14% customers of Cyber Security solutions

PARTNERSHIP

Associations:

European Projects:

Interests and views of stakeholders

Formal Communication Channels: