CY4GATE S.P.A. 2025 ANNUAL REPORT

(Translation from the Italian original which remains the official version)

Approved by the Board of Directors on March 12, 2026

BOARO OF OIRECTORS:

Chairperson	Enrico Peruzzi
Managing Director	Emanuele Galtieri
Director	Domitilla Benigni
Director	Alessandra Bucci
Director	Cinzia Parolini
Director	Alessandro Chimenton
Director	Maria Giovanna Calloni
Director	Roberto Ferraresi
Director	Paolo lzzo

BOARO OF STATUTORY AUOITORS:

Chairperson	Stefano Fiorini
Standing statutory auditor	Paolo Grecco
Standing statutory auditor	Daniela Delfrate
Alternate statutory auditor	Allegra Piccini
Alternate statutory auditor	Alberto Trabucchi

INDEPENDENT AUDITORS

KPMG S.p.A.term of engagement unti/ the date of the shareholders' meeting wich approves the Separate financia/ statements as of December 31, 2031

Management Report

GENERAL INFORMATION

CY4GATE S.p.A. (hereinafter also the "Parent Company" or the "Company") has prepared this Management Report as a single document that refers to both the Consolidated Financial Statements of the CY4GATE Group and to the Separate Financial Statements of the Company, both prepared in accordance with the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB) and endorsed by the European Commission. The Management Report provides information on the results and performance of the CY4GATE Group (as defined below) and CY4GATE S.p.A. updated as of December 31, 2025, as well as on significant events occurred after the end of the reporting period. This report should be read together with the Sustainability Statement, Financial Schedules and the related Explanatory Notes that constitute the Consolidated Financial Statements and the Separate Financial Statements as of and for the year ended December 31, 2025. The Consolidated Financial Statements as of and for the year ended December 31, 2025 include the Financial Statements of CY4GATE S.p.A. together with those of its subsidiaries (the "CY4GATE Group" or the "Group") and were approved and authorized for publication by the Board of Directors of CY4GATE S.p.A. at the meeting of March 12, 2026. CY4GATE S.p.A. is a company whose shares are traded on Euronext STAR Milan, a regulated market organized and managed by Borsa Italiana S.p.A. The Company heads the CY4GATE Group, specialized in the design, development and production of technologies, products, systems and services, capable of meeting the most stringent and modern "Cyber Intelligence & Cyber Security" requirements expressed by the Armed Forces, Law Enforcement Agencies and Companies, on the national territory and abroad. A unique Italian industrial project, CY4GATE operates in the 360° cyber market, with proprietary products that meet both the needs for information collection and analysis, and security. The Company is controlled by Elettronica S.p.A., with its registered office in Rome, by virtue of its controlling influence.

As of the date of preparation of this report, the Board of Directors of CY4GATE S.p.A. is composed as follows:

Enrico Peruzzi (Chairman)
Emanuele Galtieri (CEO)
Domitilla Benigni
Alessandra Bucci (Independent Director)
Maria Giovanna Calloni (Independent Director)
Alessandro Chimenton
Roberto Ferraresi
Paolo Izzo
Cinzia Parolini (Independent Director)

Economic overview and reference markets

With regards to the economic picture in question, as emerges from the Bank of Italy's Economic Bulletin 1/2026, the global economy showed moderate growth in 2025, in a context characterized by high geopolitical uncertainty and a cyclical slowdown in the main advanced economies.

The world economy has expanded around 3% and global growth is expected to be around 3.3% over the two-year period 2025-2026. However, the outlook remains affected by high geopolitical uncertainty and intensified international trade tensions, with the tightening of tariffs that has already contributed to reducing global trade during the year. In 2025, the main central banks started or continued a path of monetary easing, albeit with prudence: the Federal Reserve confirmed a step-by-step approach, and the ECB reduced rates during 2025, in line with what was already observed in 2024. However, the impact of this easing on the real economy is slow, with credit volumes remaining at low levels.

In 2025, economic growth in the Euro area remained moderate, marked by a dynamic investment held back by the high cost of capital and business confidence that was affected by the slowdown in the German industrial engine. The most recent Eurosystem projections indicate an expansion around or slightly above 1% per annum for the 2026-2028 threeyear period, with inflation stable, close to the 2% target.

In Italy, economic activity showed signs of gradual strengthening in 2025. Growth was supported by the contribution of services and the contribution of public investment related to the National Recovery and Resilience Plan (PNRR), while manufacturing continued to be affected by the weakness of foreign demand.

Exports benefited from a partial recovery of world trade, while remaining exposed to risks deriving from protectionist policies and geopolitical tensions. The spread between Italian and German government bonds over the ten-year period showed an overall stable dynamic, in a context of renewed market focus on the sustainability of public accounts. The transmission of ECB interest rate cuts to the cost of credit continues gradually, supporting the recovery of household mortgages, while demand for finance from businesses remains weak. The labor market continued to show good resilience. Employment remained at high levels, while wage trends contributed to the recovery of household purchasing power. However, elements of fragility remain, including moderate productivity dynamics and a decline in hours worked in some industrial sectors.

In the field of public finance, the European Commission confirmed a positive assessment of the adjustment path outlined in the 2025-2031 Structural Budget Plan. Government budgetary policy remains geared towards gradual consolidation of accounts, with measures combining growth support and debt reduction. The maneuver focuses resources on remodeling personal income tax (IRPEF), reducing the tax wedge, and supporting families and companies, while providing for a strengthening of investments in defense and cybersecurity, in line with European commitments and the protection of strategic infrastructure. With the new year, the "Cyber Room" was inaugurated at the Italian Ministry of Foreign Affairs of Italy, operating 24 hours a day, 365 days a year, enabling an organic and structured management of any incidents that may compromise the security of systems and information, as well as the identification, analysis and internal reporting of vulnerabilities in the systems. The project was financed entirely by the Department for Digital Transformation, through the Agency for National Cybersecurity (ACN), with PNRR funds. This installation follows the design proposal presented by the Agency for National Cybersecurity for the creation of a dedicated CSIRT (Computer Security Incident Response Team). In only the first two months of 2026, the Cyber Room managed over 150 thousand attacks. These included 30 Distributed Denial of Service (DDoS) attacks against ministerial websites and web services. The main types of external threats detected include phishing campaigns, spear phishing and SPAM (about 150 thousand messages, with about 10 million messages from malicious sources).

Cyber risk continues to represent one of the main systemic threats globally. During 2025, there was a further evolution of IT threats, with an increase in ransomware attacks, evolved phishing campaigns and activities attributable to groups sponsored by states. In 2025, Italy recorded steady growth in serious cyber attacks, with the manufacturing sector continuing to be the main target in an attempt to steal intellectual property or block production lines; therefore, the focus on the protection of critical infrastructure and strategic supply chains remains high, including in light of international tensions related to the conflict between Russia and Ukraine and the most recent conflicts in the Middle East.

On the regulatory level, 2025 was characterized by the strengthening of national security safeguards, guided by the role of the Agency for National Cybersecurity in coordinating accident prevention and response policies, and the NIS2 Directive, which together with the Cyber Resilience Act, the Data Act and the AI Act introduce stricter obligations for companies and public administrations, entered the implementation phase, while the Agency for National Cybersecurity is strengthening its strategic coordination role. The adoption of the new safety standards imposes on Italian companies a significant economic and organizational commitment. The upgrading of defense systems and staff training have become indispensable prerequisites not only for data protection, but for the same business continuity as companies in an increasingly interconnected and digital global market.

In short, 2026 opens with a complex international economic environment and with high geopolitical and cyber risks, in which the resilience of businesses and institutions will depend on the ability to adapt to an unstable geopolitical framework, on prudent economic policies, on financial resilience and on the continuous strengthening of digital security measures.

The CY4GATE Group (hereinafter: CY4 or CY4GATE) operates in two main business lines: Cyber Intelligence and Cyber Security, dividing its offer between products, services and solutions in both business lines. More specifically, the Cyber Intelligence segment is made up of proprietary "Decision intelligence" products and "Forensic Intelligence" products, while the Cybersecurity segment can, in addition to dedicated products and technologies, also rely on a part dedicated to consulting, training and services. In particular, the Group is active in the design, development and production of technologies, products, systems and services in order to meet the needs of "cyber intelligence and cyber security" expressed by companies, Public Institutions, Police Forces, Italian and foreign Armed Forces that, in the use of communication networks, IOT and OT networks and the related data flows, must guarantee high standards of security and resilience against cyber-attacks (cybersecurity) and express the need to correlate significant volumes of data (big data) to enable decision-makers in the timely adoption of relevant initiatives and actions (decision intelligence).

Thanks to the M&A operations that took place in the three-year period 2022-2024, the Group's commercial offer has been extended with a wider portfolio of products that have enriched both business lines, cyber security and cyber intelligence, with cutting-edge software platforms capable of acting as gap fillers in relation to the emerging and increasingly challenging requirements demanded by customers and related to the evolution of technologies and threat scenarios. Today, therefore, the CY4GATE Group can rely on a set of proprietary products - capable of providing an integrated response to major digital transformation, decision intelligence and cyber security projects in the relevant industry.

The Group continues to be active also in the European reference panorama, participating - directly and/or through commercial partners - in projects of the European Union, among which, for the year in question, the following stand out:

IDMO Project: a project known as the "Italian Digital Media Observatory", from the name of the national observatory that promoted it, which aims to create technologies that - leveraging advanced artificial intelligence algorithms - are able to identify fake news that create disinformation through the verification of content in real-time, thus supporting the observatory in its timely verification of the reliability of the published information. CY4GATE, in the context of the project, will make its contribution in particular on the topic of AI.
FMB Tech Project: a project that aims to define and specify the best and innovative technologies that is expected to contribute to the development of the Main Battle Tank of the future - vehicles provided to the terrestrial armed forces that will have to face new and complex operational scenarios, and that will present a high rate of digitalization and the ability to interface with unmanned systems, as well as increase crew efficiency thanks to the use of artificial intelligence. CY4GATE's role will be to identify the most innovative technologies to ensure cyber defense of vehicles.
ECYSAP project: a European project for cyber security (also known as the "European Cyber Situational Awareness Platform") whose main objective is the creation of a European platform for cyber situational awareness capable of improving the work carried out by military personnel in cyber missions.
REACT project: a project known as the "Responsive Electronic Attack for Cooperative Task", which aims at the development of a CEMA (Cyber Electro Magnetic Activities) capability and cyber resilience in the avionics field.
CERERE project: a project named "Cyber Electromagnetic Resilience Evaluation on Replicated Environment" which aims to develop an advanced capability to verify the cyber resilience of systems to planning and/or execution activities of attack chains through the use of the electromagnetic spectrum (i.e., CEMA).
CYBER4DE project: launched as part of the European Industrial Development Program for Defense in December 2021, the "Cyber Rapid Response Toolbox for Defense Use" (CYBER4DE) project tackles the challenge of developing a modular and scalable rapid response system to handle cyber incidents in various complex national and international scenarios, aiming to ensure a higher level of cyber resilience and collective response to cyber incidents by improving the processes and practices of the Cyber Rapid Response Teams (CRRTs).
An international research project "AI Framework for Improving Cyber Defence Operations" (AInception), carried out through a consortium of which CY4GATE is a part, which in 2021 won the funding of the international research call in the context of the European Defence Fund (EDF) to develop techniques and tools that - based on the use of advanced artificial intelligence algorithms - are able to promptly identify possible malicious intrusions on systems and equipment, generating alerts that prevent the cyber-attack from carrying out its effects on activities vital to defense and security.
CITADEL project: aimed at enhancing European defense technology with a strategic change in the EU's cyber defense agenda, which from cyber-reactive operations is migrating towards full spectrum cyber defense operations. The project aims to provide tailor-made solutions for the entire value chain of IT forces, with a focus on the needs of the EU and its Member States.

Overview of the markets in which the CY4GATE Group operates (Cyber Intelligence and Cyber Security)

Digitalization and data protection represent a fundamental pillar for the development of companies and the proper functioning of institutions as they guarantee the sustainability of business models and the traceability of information in a context characterized by a high technological content and the rapid introduction of innovative technologies capable of radically modifying this context. Cyber Security and Cyber Intelligence markets are experiencing robust and structural growth. The combination of accelerated digitalization, increased IT threats, adoption of emerging technologies and public and private investments in advanced security solutions continues to support significant expansion globally. Organizations, regardless of sector, are increasing their dependence on analysis, monitoring and response tools, making these markets increasingly central for digital resilience.

In 2025, the global Cyber Intelligence market continued to rapidly expand. The most recent analyses confirm sustained growth, driven by the increase in the complexity of threats and the need for organizations to integrate advanced data analysis and correlation capabilities into decision-making processes. Demand comes in particular from the finance, health, retail and manufacturing sectors, which are accelerating investments in intelligence solutions and predictive monitoring. In 2025, the global market value is estimated at USD 227.6 billion, with a growth forecast of up to USD 351.9 billion by 2030, supported by a CAGR of 9.1% in the period 2025-2030.

Source: www.marketsandmarkets.com, Report Cybersecurity Market - Forecast to 2030

This dynamic reflects the increase in cyber-attacks, the dissemination of cloud infrastructure and the adoption of technologies such as AI, IoT and machine learning, which expand the risk surface and require more advanced protection solutions. This growth is driven by the demand for professional and managed services, including penetration testing, managed detection and response (MDR), incident response and regulatory compliance consulting services.

SIGNIFICANT EVENTS OF THE YEAR

Purchase of an additional stake in Diateam S.a.S.

On July 30, 2025, following the exercise of the "Put & Call" option agreements signed at the time of the purchase of the first 55.33% of Diateam S.a.S., exercisable in the three-year period 2024-2026, CY4GATE S.p.A. signed the closing for the purchase of an additional 14.67% of the French subsidiary at the price of EUR 1.6 million, thus managing to hold 85.33% of its share capital. A portion of 15.33% of share capital was acquired in 2024, again through the exercise of put and call options.

Entry of XTN Cognitive Security S.r.l. into the National Tax Consolidation Scheme

On March 6, 2025, the Company's Board of Directors resolved the inclusion of XTN Cognitive Security S.r.l. in the National Tax Consolidation Scheme of CY4GATE S.p.A. for the three-year period 2025-2027.

Other significant events

The CY4GATE Group in the year 2025 continued to make its overall value proposition more attractive further developing its product catalog in the Cyber Security, Intelligence, and Cyber Electronic Warfare industries in collaboration with Elettronica S.p.A., as well as with significant players in the national scene. The main activities carried out in this regard during the year, CY4GATE S.p.A.:

has dedicated considerable resources to Research and Development activities for products capable of offering customers innovative technologies and cutting-edge solutions;
definition of important collaboration agreements with highly relevant players in the national scene;
new improvements of the state-of-the-art IT infrastructure, a key enabler for business development, in compliance with the particularly challenging requirements of the NIS Directive;
in terms of Quality Management, the Group has confirmed ISO9001, ISO14001 certifications, as well as ISO27001 certification, adopting a Privacy Management System in accordance with the current EU Reg. no. 679/16,
in 2025 it obtained the ISO 37001 certification of the Anti-Corruption Management System;
holding of the license under Article 28 of the TULPS (Law on public security) for the design, manufacture, possession and sale of electronic equipment specifically designed for military use for the Armed Forces and Police Forces, both national and foreign;
holding of NOSI (Industrial Security Clearance) since 2021, which in the Italian system is a clearance to handle information, documents or materials classified from very confidential up to top secret;
updated the organization and management model pursuant to Legislative Decree 231/2001;
renewed the certification for UNI PdR 125 gender equality;
is in possession of the legality rating, with a score of three stars, corresponding to the maximum score achievable.

CY4GATE is recognized by GARTNER® as a Representative Vendor in Composite AI thanks to its know-how on AI applied to Cyber Security and Decision Intelligence solutions.

In the ESG field, the Group prepares the Consolidated Sustainability Statement pursuant to Legislative Decree 125/2024, for which reference is made in the section "Consolidated Sustainability Statement".

FINANCIAL RESULTS OF THE GROUP AND KEY PERFORMANCE INDICATORS

The Group's growth path, which has continued its intense business development activity in the domestic and international market, concluded with a significant increase in order acquisition compared to the previous year, confirming the solidity and scalability of the business model, consolidating a backlog creation process focused on technological solutions capable of meeting the increasingly challenging needs of cyber intelligence and cyber security. The 2025 results confirm in particular the consolidation of the CY4GATE Group in the governmental/institutional sector, driven by Decision and Forensic Intelligence. Cyber Security marked a slight decrease for some delays linked in particular to the Defense sector. Of note is the important contribution of non-Italian business on the Group's performance, which saw 51% of revenue from EU or non-EU customers.

Consolidated revenue shows significant growth compared to those of the previous year, mainly attributable to the governmental sphere, with the Corporate sector still under consolidation thanks to significant business development initiatives in place with a focus on cyber security. Furthermore, the Group's proprietary product portfolio development and evolution initiatives, launched in previous financial years, were continued through targeted R&D activities designed to synergize common technologies within the Group and add features capable of accelerating penetration in the markets served with appropriate products and solutions.

R&D and business initiatives, implemented in the past and supported in 2025, have strengthened the ability to create backlogs in particular on the Cyber and Forensic Intelligence markets, with the acquisition of the first multi-year orders; the backlog generated and supported by the recurring business is, therefore, enabling the gradual reduction of the seasonal effect of a business that produced about 36% of total revenue in the last quarter in 2025, too.

Also during 2025, the Forensic Intelligence market in Italy remained stable in terms of allocated budget; however, the Group has launched a series of business initiatives aimed at increasing market shares for the part of acquiring audit evidence through proprietary electronic devices: these activities during the year led to an increase in turnover with the same ministerial budget. If institutional sales in the country are in line with expectations, international business previously more influenced by the seasonal factor as well as international geopolitical tensions - supported company revenue with a share of more than 50% during the year.

With the intention of providing an overview by market:

for the Decision Intelligence market, revenue stood at EUR 44 million in 2025 vs EUR 29 million in 2024, with an increase of 49%, mainly due to success abroad;
the Forensic Intelligence market recorded an increase of 68% compared to the previous year: EUR 36 million in 2025 vs EUR 21.5 million in 2024, in large part attributable to RCS ETM Sicurezza S.p.A..
for the Cybersecurity market, revenue stood at EUR 19 million, down by 11 percentage points compared to EUR 22 million in 2024, because of lower volumes in the area of Defense Italy, only partially offset by the Corporate world.

MAIN ALTERNATIVE INDICATORS OF THE GROUP'S PERFORMANCE

Management evaluates the performance of the Group based on certain indicators discussed below. In addition to the financial indicators provided by the International Financial Reporting Standards (IFRS), some indicators are derived from the latter, although they are not provided for by the IFRS (Alternative Performance Indicators), and the components of each of these indicators are presented:

EBITDA: is calculated by adjusting the profit/(loss) for the year to exclude the effect of taxes, net financial income/(expense), amortization, write-downs and value adjustments of financial assets and, in relation to the Consolidated Financial Statements, the amortization deriving from the purchase price allocation (PPA) resulting from the allocation of part of the price of the acquisition of RCS, Diateam and XTN;
EBITDA Margin (%): calculated as a ratio between EBITDA, as previously described, and total revenue;
EBIT: considers the profit (loss) for the period before taxes and net financial income (expense);
Net Financial Position (NFP): represents current and non-current financial liabilities net of cash and cash equivalents and financial assets.

It was deemed appropriate to present these performance indicators at consolidated level in order to illustrate the financial trend of the Group net of non-recurring events, atypical events and events related to non-recurring transactions, as identified.

The tables below present the main changes that have characterized the Group's trend compared to the previous year.

RECLASSIFIED CONSOLIDATED STATEMENT OF PROFIT AND LOSS

Reclassified statement of profit and loss	For the year ended
(in Euro)	12/31/2025	12/31/2024
Revenue	99,133,947	72,364,427
Other revenue and income	2,409,702	2,714,371
Revenue	101,543,649	75,078,798
Purchases, services and other operating costs	(43,449,169)	(30,667,632)
Personnel expenses	(37,333,491)	(32,791,815)
Costs	(80,782,660)	(63,459,447)
EBITDA	20,760,989	11,619,351
EBITDA Margin	20.4%	15.5%
Amortization and depreciation, impairment losses and reversals	(23,826,664)	(16,794,237)
of impairment losses
Amortization and depreciation (related to PPA)	(1,635,410)	(4,703,552)
EBIT	(4,701,084)	(9,878,438)
Net financial expense	(2,756,485)	(2,366,769)
Taxes	(536,425)	6,606,696
Profit/(loss) for the year	(7,993,995)	(5,638,510)
of which, attributable to non-controlling interests	2,000,547	1,763,176
Earnings/(loss) per share	(0.34)	(0.24)

Group investments in Research and Development activities amount to EUR 5.8 million in 2025 (EUR 7.9 million in 2024).

RECLASSIFIED STATEMENT OF FINANCIAL POSITION

Reclassified Statement of Financial PositionAs of
(in Euro)	12/31/2025	12/31/2024
Non-current assets	90,105,184	97,966,248
Inventories	3,024,960	973,831
Contract assets (liabilities)	(36,899,553)	4,130,128
Trade receivables	68,065,009	49,940,566
Trade payables	(13,918,804)	(11,918,398)
Operating working capital	20,271,612	43,126,126
Other assets (liabilities)	(3,762,256)	(7,880,120)
Net working capital	16,509,357	35,246,006
Net invested capital	106,614,541	133,212,255
Cash and cash equivalents	22,984,153	14,537,530
Financial assets	3,296,052	1,472,983
Financial liabilities	(35,210,792)	(41,070,787)
Lease liabilities	(4,842,894)	(5,859,148)
Net financial debt	(13,773,483)	(30,919,422)
Equity	(92,841,061)	(102,292,833)
Total sources	(106,614,541)	(133,212,255)

The main economic and financial figures are commented on below:

Group revenue as of December 31, 2025 amounts to EUR 99 million, with an increase of 37% compared to the year ended December 31, 2024 (EUR 72 million). The Parent Company contributes EUR 18 million to this revenue (EUR 22 million in 2024). Group purchases, services and personnel expenses, including non-recurring expense (approximately EUR 112 thousand mainly related to CY4GATE S.p.A. for special consultancy; approximately EUR 332 thousand in 2024), amounted to EUR 80.8 million (EUR 63.5 million as of December 31, 2024), of which EUR 24.7 million from the Parent Company (EUR 23.5 million in 2024).

Group EBITDA amounted to EUR 20.8 million (EUR 11.6 million as of December 31, 2024) with an EBITDA Margin of 20%, 4 percentage points higher than 2024. The Parent Company's EBITDA amounted to EUR -4.8 million (EUR 1.4 million as of December 31, 2024).

At the Group level, amortization, depreciation, impairment losses and reversals of impairment losses amounted to a total of EUR 25.5 million (EUR 21.5 million in 2024), of which EUR 1.6 million related to the amortization of purchase price allocation (PPA) made in relation to the purchase transaction of Aurora Group/RCS in 2022, which resulted in the allocation of approximately EUR 12 million to proprietary Software; the Diateam transaction in 2023, which resulted in the allocation of approximately EUR 3 million to proprietary Software; as well as the XTN transaction in 2024, which resulted in the allocation of approximately EUR 1.8 million to the brand; assets recorded in accordance with the requirements of IFRS3.

The Group's EBIT is EUR -4.7 million (EUR -9.9 million for 2024).

The net balance of taxes was equal to charges of EUR 0.5 million, against tax active differences for a total of EUR 6.6 million in 2024, for not having recognized deferred tax assets mainly against tax losses. In both the previous year and in the year under review, the item includes the reversal of deferred taxes related to the purchase price allocation. As a result of the above, the loss for the year amounted to EUR 8.0 million (loss of EUR 5.6 million for 2024). The loss for the year of CY4GATE S.p.A. alone amounted to EUR 13.8 million (EUR 5.9 million in the previous year).

Regarding the consolidated financial situation, equity stands at EUR 92.8 million (EUR 102.3 million as of December 31, 2024).

The Net Financial Debt shows net financial liabilities of EUR 13.7 million (EUR 30.9 million as at December 31, 2024), including lease liabilities under IFRS 16. Financial and lease liabilities amounted to EUR 40.0 million, down by about EUR 6.9 million compared to December 31, 2024 (EUR 46.9 million).

Financial liabilities are mainly composed of bank loans of EUR 30.5 million.

As for the Parent Company, the equity amounted to EUR 89.8 million (EUR 103.5 million as of December 31, 2024). For the reconciliation between consolidated and separate equity, please refer to the following detailed table.

	Equity as of			Equity as of
	December 31,	Profit/(loss)	Equity as of	December 31,	Profit/(loss)	Equity as of
	2025, before	for the year	December 31,	2024, before	for the year	December 31,
	result for the	2025	2025	result for the	2024	2024
	year			year
CY4Gate S.p.A.	103,637,299	(13,871,762)	89,765,536	109,460,279	(5,964,955)	103,495,323
Subsidiaries' equity and result from the year	44,734,975	7,079,273	51,814,247	43,571,071	4,053,249	47,624,320
Non-controlling interests	(1,517,501)	(2,000,547)	(3,518,048)	(1,429,408)	(1,763,176)	(3,192,583)
Elimination of investments in subsidiaries	(96,018,714)	0	(96,018,714)	(93,956,317)	0	(93,956,317)
Recognition of goodwill	48,698,837	0	48,698,837	48,698,837	0	48,698,837
Purchase Price Allocation effects	3,538,377	(1,183,089)	2,355,287	6,905,369	(3,366,993)	3,538,377
Put financial liability recognition	(3,388,332)	896,574	(2,491,758)	(4,418,333)	(123,014)	(4,541,347)
Other consolidation adjustments	(367,385)	(914,990)	(1,282,372)	(2,329,563)	(236,796)	(2,566,359)
Equity and result of the year attributable to
the owners of the Parent	99,317,555	(9,994,541)	89,323,013	106,501,936	(7,401,686)	99,100,250
Equity attributable to non-controllin interests	1,517,501	2,000,547	3,518,048	1,429,408	1,763,176	3,192,583
Total equity	100,835,056	(7,993,995)	92,841,061	107,931,344	(5,638,510)	102,292,833

CONSOLIDATED NET FINANCIAL INDEBTEDNESS

The following is the detailed statement of the composition of the Net Financial Indebtedness of the Group as of December 31, 2025, as required by Consob communication no. DEM/6064293 of July 28, 2006 and in compliance with Warning no. 5/21 issued by Consob on April 29, 2021 with reference to ESMA Orientation 32-382-1128 of March 4, 2021.

For the same detail relating to the Parent Company, please refer to Note 22 "Current and non-current financial liabilities" of CY4GATE S.p.A.'s financial statements as of and for the year ended December 31, 2025.

	As of December 31
(in Euro)	2025	of which withrelated parties	2024	of which withrelated parties

A. Cash	(22,984,153)	-	(14,537,530)	-
B. Cash equivalents	-	-	-	-
C. Other current financial assets	(1,349,366)	(19,000)	(667,780)	(419,000)
D. Liquidity (A+B+C)	(24,333,519)	(19,000)	(15,205,310)	(419,000)
E. Current financial debt (including debt instruments, butexcluding the current portion of non-current financial debt)	9,812,729	-	5,295,877	-
F. Current portion of non-current financial debt	13,386,447	295,402	12,887,026	256,718
G. Current financial indebtedness (E+F)	23,199,175	295,402	18,182,902	256,718
H. Net current financial indebtedness (G+D)	(1,134,344)	276,402	2,977,592	(162,282)
I. Non-current financial debt (excluding current portion anddebt instruments)	16,798,077	249,601	28,269,571	474,237
J. Debt instruments	-		-	-
K. Non-current trade and other payables	-		-	-
L. Non-current net financial indebtedness (I+J+K)	16,798,077	249,601	28,269,570	474,237
M. Total financial indebtedness pursuant to ESMARecommendation of March 4, 2021 (H+L)	15,663,733	526,003	31,247,162	311,955
N. Non-current financial assets	(1,890,250)	(975,000)	(327,742)	-
Net Financial Position (M+N)	13,773,483	(448,997)	30,919,422	311,955

The item "C. Other current financial assets" includes the item in the Consolidated Financial Statements at December 31, 2025 of current financial assets (EUR 1,384 thousand) excluding derivative financial instruments classified in this item (EUR 35 thousand).

The item "E. Current financial debt" includes the current portion of the items in the Consolidated Financial Statements at December 31, 2025 related to loans (EUR 8,595 thousand) and other loans and borrowings (EUR 66 thousand), as well as the liability connected to the Diateam put option, exercisable in 2026 (EUR 1,149 thousand).

The item "F. Current portion of non-current financial debt" includes the current portion of the item in the Consolidated Financial Statements at December 31, 2025 relating to loans (EUR 9,295 thousand), to current financial liabilities for factoring (EUR 2,616 thousand), and the current portion of the item in the Consolidated Financial Statements at December 31, 2025 relating to current lease liabilities (EUR 1,459 thousand), as well as the current portion of financial derivative assets (EUR 35 thousand).

The item "I. Non-current financial debt" includes the items in the Consolidated Financial Statements at December 31, 2025 related to non-current financial liabilities related to loans(EUR 12,521 thousand), to non-current financial liabilities for factoring (EUR 239 thousand), to the financial liability relating to the put agreements included in the acquisition contract of the subsidiary XTN (EUR 675 thousand); to the non-current financial and lease liabilities (EUR 3,384 thousand), as well as the non-current portion of financial derivative assets (EUR 22 thousand).

The item "N. Non-current financial assets" corresponds to the item in the Consolidated Financial Statements as of December 31, 2025 related to non-current financial assets (EUR 1,912 thousand), excluding derivatives classified in this item (EUR 22 thousand).

CONSOLIDATED STATEMENT OF CASH FLOWS

	For the year ended December 31
(in Euro)	2025	2024

A) Net cash flows from operating activities	29,165,934	11,780,267
B) Net cash flows used in investing activities	(12,659,004)	(21,592,217)
C) Net cash flows from financing activities	(8,060,309)	6,788,290
Total change in cash and cash equivalents	8,446,623	(3,023,660)
Opening cash and cash equivalents	14,537,530	17,561,190
Closing cash and cash equivalents	22,984,153	14,537,530

The operating activities in the 2025 year generated cash flows of EUR 29,166 thousand (EUR 11,780 thousand for the year ended 2024), an increase of EUR 17,386 thousand compared to the previous year, mainly due to the higher cash flows generated in relation to changes in net working capital. The cash flows used in investing activities totaled EUR 12,659 million, mainly in relation to investments in intangible assets. This flow also includes the payment of an additional 14.69% of Diateam S.a.S. during the year. During 2025, the cash flows from financing activities absorbed liquidity for EUR 8,060 thousand, mainly in relation to repayments for the year, as well as dividends distributed to non-controlling investors in some investee companies and repayments of liabilities for leased assets. This flow as at December 31, 2024 had generated cash of EUR 6,788 thousand due to the net uses of credit lines made in the previous year. The demand generated by the investment activity was almost entirely met by the contribution of the cash flow generated by the operating and financing activities. Pursuant to the above, in 2025 there was a positive change in the balance of cash and cash equivalents amounting to EUR 8,466 thousand, for a total balance at the end of the year amounting to EUR 22,984,153 thousand.

HUMAN RESOURCES

With reference to the human resources employed during the year, the Group carries out its activities in full compliance with the provisions on environment and workplace safety, as well as in compliance with applicable foreign local regulations. Below is the composition of the workforce of the CY4GATE Group as of December 31, 2025 with evidence of the movement of the year, and the average number of employees of the year 2025 compared to the previous year.

	Executivemanagers	Middle managers	Employees	Apprentices	Total
12/31/2024	25	83	403	41	552
additions (+)	2	9	45	7	63
promotions	-	-	7	(7)	-
departures (-)	(2)	(17)	(49)	(6)	(74)
12/31/2025	25	75	406	35	541

	For the year ended December 31
Average Number of Employees	2025	2024
Executive managers	24	25
Middle managers	81	81
Employees	438	443
Total	544	549

Please note that for its managers and other senior figures of some subsidiaries, CY4GATE S.p.A. has set up an Incentive Plan (Stock Grant Plan), consisting of the allocation of the Company's shares, free of charge, upon achieving certain economic and financial objectives, expiring at the end of the 2025 financial year. For more information, please refer to the paragraph "Purchases, services and personnel expenses" in the Consolidated Financial Statements.

SUBSEQUENT EVENTS

No significant events occurred after the end of the year.

BUSINESS OUTLOOK

The Group will continue its growth path through consolidation, efficiency and the creation of synergies between the acquired companies, always favoring the maintenance of technological excellence and enhancing the broad product portfolio that today can count on leading solutions in cyber capable of supporting the most challenging customer needs.

To this end, the Group continues to assess/define possible partnerships aimed at complementing its product/technology portfolio, as well as ensuring access to new markets.

The strategy for the next three years will aim to:

− support its oversight of the Defense market, currently characterized by significant investments being made at a global level, allowing the company to develop state-of-the-art technologies that can guarantee subsequent reuse in the civil sector;

− further consolidate the leadership position in Italy on the & Law Enforcement market, including through initiatives aimed at mitigating the potential effects resulting from the reforms started in the sector, and also continue the path of scouting and technological consolidation aimed at strengthening its presence in profitable foreign markets;
− develop the Italian Corporate market for cybersecurity, through the consolidation of technologies and the development of initiatives aimed at addressing the protection of critical infrastructure and industrial automation systems (Operations Technologies OT/IoT).

The following three markets are identified as priorities for the implementation of the strategy, in each of which the Group is currently present, on each of which the following actions will be pursued over the next three years:

DEFENSE

strengthening of industrial partnerships with the major players in the Italian and European Aerospace & Defense segment;
opening of new markets abroad, exploiting the potential offered by the training activities of the Cyber Academy and the Cyber Labs as "entry point capabilities" to then initiate upselling initiatives;
increase in market share on the domestic and international market both through direct sales to the end customer and with the support of Elettronica S.p.A., reference shareholder of CY4GATE, which can count on a consolidated presence of more than seventy years in the Defense market;
direct participation and/or in partnership in EU (EDA, ESA) or NATO tenders that finance research and development in cyber;
adherence to international consortia or JV for multi-year defense programs abroad, where local presence is required as an enabling requirement to fulfill offset.

SECURITY & LAW ENFORCEMENT

consolidation on the Italian market, aiming at streamlining services and higher value activities for the benefit of the Italian Public Prosecutor's Office;
implementation of targeted commercial and technological partnerships with niche companies, with the aim of sharing efficiency and investments to reduce the need for resources (human and financial) necessary to always stay up to date in a sector in extreme evolution;
increase in market share in Italy on the new concept tactical devices produced by the Group;
progressive improvement of presence in the European area, which offers guarantees of greater predictability and business stability, starting from the Spanish market on which the Group can already count on a multi-year presence and solid market penetration.

EU and ITALIAN CORPORATE MARKET

in line with new market trends and strong with a significant basket of cyber products, we have proceeded to the implementation of a distinctive "customer value proposition" focused more on "capabilities" than on "products". The products and technologies will constitute, in this new model, the enabling factors to ensure the full spectrum of capabilities that the customer requires for the satisfaction of cyber protection needs, with particular reference to the promising OT market;
integration of sales force efforts with new and effective channel partnerships;
expansion of the domestic market with a focus on large and medium-sized companies;
extend the customer network in the portfolio of the subsidiary XTN, to pursue up-selling and cross-selling opportunities on new market segments (telco, energy, transportation, automotive, luxury, etc.);
progressive expansion of sales over the plan period on new geographical areas in the EU starting from Spain, where there is a business footprint and a potential network, first making use of the subsidiary DARS and establishing collaborations with channels operating abroad.

Management will also aim to continue with the roll-out of synergetic initiatives among its subsidiaries, with a view to optimizing the entire cost structure, fully streamlining the organizational model and processes and making use of the investments both completed and in progress.

The scouting of potential targets to support organic growth will continue with potential ad hoc M&A initiatives that will bring cyber technology and skills that can be integrated and that are synergistic with the current portfolio.

MAIN RISKS AND UNCERTAINTIES

RISK MANAGEMENT

The Group's activities are exposed to the following risks:

market risk, defined as currency risk, for transactions in currencies other than the presentation currency; interest rate risk, related to financial exposure, and price risk;
credit risk, arising from normal business operations or financing activities;
liquidity risk, related to the availability of financial resources and access to the credit market;
capital risk;
authorization risk;
reputational risk;
human resources risk;
technological risk.

The Group's risk management strategy is aimed at minimizing potential negative effects on the Group's financial performance.

INTEREST RATE RISK

The Group, in choosing financing and investment operations, has adopted criteria of prudence and limited risk and has not carried out speculative transactions. It should be noted that the Group has sought to hedge itself from financial risk, and in particular from the risk of rising interest rates, by entering into "Interest Rate Swap" contracts, financial instruments to hedge the risk of fluctuation of the interest rate applied to variable rate loan agreements. The aforementioned "Interest Rate Swaps" should be considered as hedging transactions and their impact on the profit (loss) for the period is given exclusively by the accounting of the active and passive differentials on the interest rates accrued as of December 31, 2025. Below are the main data of these contracts:

Bank	Date ofagreement	Maturity date	Referenceprincipal(in Euro)	Outstandingprincipal(in Euro)	MTM(in Euro)
INTESA	01/18/2024	11/30/2026	2,750,000	1,000,000	(2,526)
ICCREA	05/24/2022	03/29/2028	5,000,000	2,600,000	22,359
CREDIT AGRICOLE	05/24/2022	03/29/2028	7,500,000	3,900,000	34,077

CURRENCY RISK

The Group is not significantly exposed to fluctuations in exchange rates; therefore, it does not carry out transactions to hedge against currency risk. In particular, despite the Group conducting its business abroad, foreign contracts are mainly in Euros; exposure to foreign countries is limited and there are no financial liabilities in currencies other than the Euro.

PRICE RISK

The Group is not significantly exposed to the movements of raw material and commodity prices used in the production process and the resulting influence of these on operating margins.

CREDIT RISK

Credit risk is essentially derived from trade receivables. To mitigate the credit risk related to counterparties in trade transactions, the Group has implemented procedures aimed at limiting the concentration of exposures to single counterparties or groups, through a creditworthiness analysis. Constant credit monitoring allows the Group to promptly verify any defaults or worsening of the creditworthiness of the counterparts and to adopt the relative mitigating actions. Finally, it should be specified that the credit risk is in any case limited considering the characteristics of the customers, which are largely public entities.

LIQUIDITY RISK

The liquidity risk is associated with the Group's ability to meet commitments primarily arising from financial liabilities. Prudent management of liquidity risk originated from the Group's normal operations implies maintaining an adequate level of cash and the availability of funds obtainable through an adequate amount of credit lines. Cash flows, financing needs and liquidity are constantly monitored and managed with the aim of ensuring effective and efficient management of the financial resources.

CAPITAL RISK

The Group's objective in the scope of capital risk management is mainly to safeguard business continuity. The Group also aims to maintain an optimal capital structure in order to reduce the cost of indebtedness.

AUTHORIZATION RISK

The Group operates in an industry characterized by multiple specific regulatory and legal disciplines. In particular, the Group's activity is conditioned by these regulations to the extent that they can influence the obtaining of the necessary authorizations for the sale of new products and services in export markets to non-EU countries. The procedures that must be followed to obtain such authorizations can be long, costly and with no guaranteed outcome.

REPUTATIONAL RISK

The Group operates in a regulated sector, Forensic Intelligence, which by its nature is intended to support law enforcement agencies and national and foreign judicial bodies in conducting investigative activities using proprietary technologies. The Group always acts in full compliance with the law, within a framework of prior authorization by the competent authorities. It imposes stringent contractual clauses to prevent the "misuse" of its products by end-users. These include the termination of existing contracts and the interruption of maintenance activities that enable the use of the products themselves. Nevertheless, circumstances may in any case arise where improper use of the technologies is made known through print and/or online media outlets with incomplete or incorrect information, aimed at discrediting the Group, even though it has operated in full compliance with current regulations.

HUMAN RESOURCES RISK

The Group operates in an industry characterized by the need for companies to employ personnel with a high degree of specialization and who have a high level of technical and professional expertise and, therefore, the success of the Group also depends on its ability to attract, train and retain personnel with the requisite level of specialization and technical and professional expertise. The current context, moreover, is affected by a significant shortage of human resources with adequate technical training in the so-called "STEM" disciplines.

TECHNOLOGICAL RISK

Delays in product development or in adapting to technological evolution could negatively affect the Group's business relationships and limit market expansion, with a consequent effect of reducing the resources needed to develop new products and services, meet customer demands and maintain the Group's positioning in terms of innovation within the reference market.

TRANSACTIONS WITH RELATED PARTIES

It is recalled that, on May 18, 2023, CY4GATE S.p.A. adopted – effective as of the date on which the Company's ordinary shares began trading on the Euronext Milan, STAR segment – a specific "Procedure for Transactions with Related Parties" (hereinafter the "Procedure"), in implementation of the provisions pursuant to Article 2391-bis of the Italian Civil Code and the Regulation containing provisions on transactions with related parties adopted by CONSOB with Resolution no. 17221 of March 12, 2010, as subsequently amended and supplemented, most recently on September 12, 2024. It is specified that the Group applies the Procedure also taking into account the CONSOB Communication no. DEM/10078683, published on September 24, 2010, containing "Indications and guidelines for the application of the Regulation on transactions with related parties adopted with resolution no. 17221 of March 12, 2010 as subsequently amended". The Procedure, as currently in force, is published on the Group's website: www.cy4gate.com in the "Governance" section, "Corporate Documents" area.

Pursuant to Article 5, paragraph 8, of the Regulation, it is noted that in 2025 no major transactions (as defined by Article 4, paragraph 1, lett. a) and identified by the mentioned Procedure pursuant to Annex 3 to the Regulation), nor other transactions with related parties have significantly influenced the consolidated financial situation in the reference period. For details on relationships with related parties during the year, please refer to what is reported in the Explanatory Notes to the Financial Statements and to the consolidated financial statements, in the paragraph "Transactions with Related Parties".

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURES

The Corporate Governance model adopted by CY4GATE S.p.A. is in line with the principles contained in the "Code of Self-Discipline of Listed Companies", approved by the Committee for Corporate Governance and promoted by Borsa Italiana S.p.A., ABI, ANIA, Assogestioni, Assonime and Confindustria.

The Report on Corporate Governance and Ownership Structures for the year 2025, approved by the Board of Directors on March 12, 2026, is available on the Company's website www.cy4gate.com.

OTHER INFORMATION

Purchases or sales of shares of parent companies shares during the year

The Group's companies have not made acquisitions or disposals of shares or quotas of the Parent Company, either directly, or through trustees or nominees.

Research and development activities

The Group has carried out research and development activities during the year, aimed at the creation and development of innovative features and products and cutting-edge technological solutions.

Treasury shares

It should be noted that as of December 31, 2025, there are 450,000 treasury shares in the portfolio, without a stated nominal value. It should also be noted that as of December 31, 2025, CY4GATE S.p.A. and the Group do not own shares of parent companies and none of the subsidiaries own shares of the Parent Company.

Management and coordination

As of the date of preparation of the Financial Statements, the company CY4GATE S.p.A. is not subject to management and coordination by any of its shareholders, pursuant to Articles 2497 et seq. of the Italian Civil Code.

Significant non-recurring, atypical and/or unusual events and operations

During the year 2025, no significant non-recurring atypical or unusual operations were carried out either with third parties or with related parties. In the year under review, additionally, no further significant non-recurring events occurred.

Assets designated for a specific transaction

There are no assets designated for a specific transaction.

Remuneration Report

For information regarding the remuneration of directors, statutory auditors and key managers, reference is made to the report on the remuneration policy and on the remuneration paid, drawn up in accordance with Articles 123-ter of the TUF (Consolidated Law on Finance) and 84-quater of the Issuers' Regulation as well as in compliance with what is recommended by Article 5 of the Corporate Governance Code, made available to the public on the Company's website (www.cy4gate.com) with the other methods provided for by current legislation.

CONSOLIDATED SUSTAINABILY STATEMENT

CY4Gate Group Consolidated Sustainability Statement Year 2025

1. GENERAL DISCLOSURES (ESRS 2)

BP-1 General information on the preparation of this document

The CY4Gate Group falls within the scope of application of Legislative Decree 125/2024. This Consolidated Sustainability Statement has therefore been prepared on a consolidated basis in accordance with the European Sustainability Reporting Standards (ESRS) and provides an overview of the sustainability performance of the CY4Gate Group for the financial year 2025. The objective of this Statement is to communicate in a transparent and comprehensive manner to stakeholders our strategies, our impacts, and our progress in the field of sustainability.

The Consolidated Sustainability Statement 2025 represents the second reporting period, as it is only from 2024 that the Group has met the requirements to fall within the scope of application of Legislative Decree 125/2024.

For the preparation of this Consolidated Sustainability Statement, reference was made to the implementation guidelines developed by EFRAG, with specific regard to 'Implementation Guidance 3: List of ESRS Data Points (IG-3)'; therefore, the references correspond to those provided by the IDs included in IG 3 List of ESRS Data Points.

This document reports the datapoints identified as material following the double materiality assessment and mandatory under the ESRS; certain phase-in datapoints and voluntary datapoints provided for by the ESRS are included, where available; otherwise, the ESRS recommendation relating to transition periods of one or three years has been followed.

This statement is based on the principles set out in Appendix B – ESRS 1. The information has been prepared in order to ensure relevance, faithful representation, comparability, verifiability, and understandability.

The reporting covers the activities of the following Group companies:

CY4GATE S.p.A. Parent Company
RCS ETM Sicurezza S.p.A. subsidiary
Tykelab S.r.l. subsidiary
Dars Telecom S.L. (DARS) subsidiary
Diateam S.A.S. (Diateam) subsidiary
XTN Cognitive Security S.r.l. (XTN) subsidiary

The Group also has one associate and one Joint Venture, as further detailed below:

Foretec S.A.S.: associate over which CY4Gate exercises influence by virtue of an indirect 25% shareholding through RCS S.p.A.
Helmon S.r.l.: 50% joint venture. On April 15, 2025, the shareholders' meeting of the investee resolved to change its corporate name from Prontocyber Plus S.r.l. to Helmon S.r.l.

With regard to the above two companies, the Group does not exercise operational control for the purposes of the Consolidated Sustainability Statement. In particular, Foretec S.A.S. does not have significant impacts, risks, or opportunities for reporting purposes; therefore, it is excluded from the consolidation scope of the Group's Consolidated Sustainability Statement. Helmon S.r.l., formerly Prontocyber Plus S.r.l., is considered within the value chain, as provided for in paragraph 5 "Value chain," Article 67, ESRS 1. The scope analysis included Aurora France S.A.S., RCS LAB GmbH, and XTN Inc.; however, no IROs were identified as being relevant for sustainability purposes, as these are nonoperational locations and not significant from an ESG perspective.

Group structure:

The parent company CY4Gate S.p.A. was established in 2014 and is controlled by ELETTRONICA S.p.A. CY4Gate S.p.A. is a subsidiary of ELETTRONICA S.p.A. It does not benefit from the reporting exemption pursuant to Article 19a(9) or Article 29a(8) of Directive 2013/34/EU, as it is a large company and a public interest entity. Subsidiaries of the Holding Company included in the consolidation of this reporting, on the other hand, benefit from the above exemption.

The Group recognises the importance of involving all stakeholders in the value chain with which solid and lasting relationships are built. As proof of this 'modus operandi', this reporting covers the upstream and downstream value chain, as further explained in the relevant section 'SMB-2 Stakeholder Expectations and Interests', in order to identify and manage the sustainability factors most relevant to our business. Company policies, including 231 clauses and Code of Ethics, are applied to the upstream and downstream value chain.

The disclosures contain data on the upstream and downstream value chain as far as possible limited to business relations and relevant issues.

The Group has not exercised its right to omit information corresponding to intellectual property, know-how or innovation results, nor relating to upcoming developments or matters under negotiation.

BP-2 Disclosure on specific situations

The Group has adopted time horizons different from those indicated in ESRS 1 – section 6.4 for reasons of better alignment and understanding with the Group's strategic documentation.

The time horizons used are set out below:

Short-term: within 1 year;
Medium-term: between 1 and 3 years;
Long-term: beyond 3 years.

Itshould also be noted that, for the same reason, the time horizons have been modified compared to the 2024 reporting period, in which the time horizons "medium-long term" and "long term" were present, which have been merged for the 2025 reporting period into a single "long-term" time horizon.

The estimates used for the calculation of greenhouse gas emissions, their level of accuracy, and the actions planned to improve such accuracy are outlined in the relevant sections of ESRS E1. Estimates have also been used for the calculation of certain metrics under ESRS S1 (for further details, please refer to the relevant section).

Compared to the previous financial year of Consolidated Sustainability Statement prepared in accordance with the ESRS, the following changes have been made in the preparation and presentation of information compared to the previous reporting period:

• The topic ESRS S2 – Workers in the value chain was not considered material for the current reporting period: as part of the update of the context analysis, it was verified that the Group, due to the characteristics of its relationships with its value chain, does not generate, through its choices and actions, impacts that significantly affect workers in the value chain; at the same time, the risks and opportunities arising from the management of workers in the value chain are unlikely to translate into risks and opportunities for the Group.

At the same time, it was taken into account that the Group adopts, through the MOG 231/2001, the Code of Ethics, and supplier procurement and qualification procedures, a regulatory approach to relationships with partners, suppliers, and customers, based on compliance with rules and principles, including the protection of individuals who work with or collaborate with them. These policies, actions, and procedures relate to the Group's governance system and therefore are relevant within the scope of topics relating to Business conduct (ESRS G1). In light of the above, it was considered that this topic, contrary to what was indicated in the previous reporting cycle, does not meet the requirements to be considered material and therefore within the scope of sustainability. Its inclusion in the list of topics and sub-topics to be reported for the year 2024 was also the result of a prudent approach adopted by the Group in its first year of application of the Corporate Sustainability Reporting Directive (CSRD).

Following a refinement of the reporting process in line with ESRS requirements, the CY4Gate Group has revised some comparative information.

Specifically, the revised information refers to the S1-16 metric, the EU Taxonomy (specifically the CapEx KPI), and social metrics. Specifically, starting in the 2025 financial year, the Group has introduced a methodological change aimed at ensuring greater consistency in data representation, adopting the headcount criterion for all reported information, replacing the previously used mixed approach (which also included the use of the FTE calculation methodology for 2024).

To ensure full comparability and traceability of information over time, the 2024 data has been restated accordingly.

No information additional to that prescribed by the ESRS has been included in this Consolidated Sustainability Statement.

The table below presents the information included in this Consolidated Sustainability Statement by incorporation by reference:

Disclosure Requirement / Datapoint	Description	Paragraph reference
GOV-3	Incentive scheme linked tosustainability targets	"Share-based paymenttransactions" Consolidated FinancialStatements

Transitional provisions in accordance with Appendix C of ESRS 1

Below are listed the issues found to be relevant from the double materiality assessment:

E1: Climate Change
S1: Own workforce
S3: Affected communities
S4: Consumers and end users
G1: Business Conduct

In accordance with Appendix C of ESRS 1, the Group, with a workforce of less than 750 employees at the end of the financial year 2025, has decided to omit information relating to the following material sustainability issues subject to phase-in:

Disclosureobligation	Description of disclosure duty	Omissions
SBM-1	Strategy, business model and value chain	Revenue distribution by significant ESRSsector
E1-6	Gross Scopes 1, 2, 3 and Total GHG emissions -Scope 3 GHG emission	Scope 3 GHG emission
E1-9	Disclosure of anticipated financial effects interms of margin erosion for businessactivities at material transition risk	Information as of E1-9
S1-7	Disclosure of the most common types of nonemployees	All information
S1-12	Persons with disabilities	All information
S1 - 14	Health and Safety	communication of information on nonemployee workers
S3	All information
S4	All information

Both with respect to relevant and reported sustainability issues, as well as issues for which the Group applies the transitional provisions, the Group is oriented towards the prevention of negative impacts and risks, favouring the generation of opportunities and positive effects: this attitude guides the development of technological solutions as well as the definition of strategies and organisational solutions. The Group identifies and assesses its environmental, social and economic impacts, both positive and negative, including value chain analysis.

Sustainability is an embedded part of the Group's vision and values, as a fundamental element of its identity and culture, and according to the dual materiality assessment, measurable sustainability objectives are defined and aligned with the Group's business strategy.

In accordance with the provisions of Appendix C of ESRS 1, as previously reported, the Group has decided to omit, for this financial year, the information related to topics S3 - Affected communities and S4 - Consumers and end users. For themes E1 - Climate change and S1 - Own workforce, the omission is instead partially in relation to specific metrics belonging to this theme.

ESRS S3 – Affected communities

The Group has decided to adopt the phase-in option for these topics in 2025.

ESRS S4 – Consumers and end-users

The Group has decided to adopt the phase-in option for these topics in 2025.

Governance

GOV-1 Composition and role of the administrative, management and supervisory bodies

The Group adopts a responsible approach to conducting business, with an integrated and risk assessment-based management approach, in order to:

integrate ESG risks and opportunities into planning and control systems;
adopt shared rules of conduct and management systems aimed at ensuring compliance with regulations;
ensure transparency of information toward stakeholders, fairness in conduct and business relationships, avoiding anti-competitive behavior;
promote the quality of services and products and the well-being of workers;
operate in compliance through the timely management of economic, social, and environmental impacts.

The Group is committed to maintaining a system that supports the achievement of corporate objectives and the pursuit of ESG values and objectives, and has established a solid governance structure, with a Board of Directors whose characteristics and competencies ensure expertise, independence, and the ability to guide the development of the Group from a sustainability perspective.

To ensure adequate oversight of sustainability matters, an internal Control, Risk and Sustainability Committee has also been established, with advisory and proposal functions toward the Board of Directors on sustainability matters.

The main activities carried out by the Control, Risk and Sustainability Committee during the financial year and up to the date of this Statement include analysis and evaluation of ESG matters with the aim of promoting the Company's sustainable success: outcomes and analysis of materiality, sustainability plan, ESG reporting, and meetings with specialized consultants and the dedicated corporate function.

This structure ensures an integrated and transparent approach to sustainability, in line with best governance and reporting standards.

The appointment of the Board of Directors of CY4Gate takes place in compliance with applicable laws and the provisions of the bylaws, on the basis of lists submitted by shareholders. Only shareholders who, individually or jointly with other shareholders, hold a shareholding of at least 5% of the share capital are entitled to submit lists.

The Board of Directors of CY4Gate is composed of nine members, as reported in the Corporate Governance Report. Among these, two hold executive positions, while seven are non-executive directors, three of whom meet the independence requirements. As of the date of this reporting, there are no members representing employees or other workers.

The composition of the Board of Directors and the characteristics of the Company's administrative, management and supervisory bodies are set out below.

Name	Position	Dateoffirstappointment	Other positions (n° and commitment)
Enrico Peruzzi	PresidentoftheBoard of Directors	9/06/2025	None;
Emanuele Galtieri	ChiefExecutiveOfficer	31/03/2021	1 office as General Manager of CY4Gate; 1office as Chairman of the Board of Directors(BoD) within the group;
Domitilla Benigni	Director	15/05/2020	1 position as General Manager of Elt Group;1 position as CEO of Elt Group;
Cinzia Parolini	Indipendentdirector	04/08/2021	1 position on university committees;
Roberto Ferraresi	Director	15/03/2022	1 position as Chief Executive Officer;
Paolo Izzo	Director	04/11/2022	1 position as Vice President sales of Elt;
AlessandroChimenton	Director	26/07/2023	1 office as Member of the Board ofDirectors;
Alessandra Bucci	Indipendentdirector	27/04/2023	3 offices as Member of the Board ofDirectors;4 positions as member of endoconsiliarcommittees and 1 as chairman; 1 position as

The Board of Directors of CY4Gate

				Board of Directors contactperson forSustainability;1positionascompanychairman;
MariaCalloni	Giovanna	Indipendentdirector	27/04/2023	4 positions as member of the Board ofDirectors

The administration, management and control bodies of CY4Gate are described in the corporate governance report. The composition by gender and age is shown below

Administration, management and control bodies of CY4Gate

Members of the Board of Directors	N°	%
Independent members	3	33%
Female components	4	44%
Male components	5	56%
Members under 30 year	0	0%
Members between 30 and 50 years	2	22%
Members > 50 years	7	78%

Members of the Board of Auditors	N°	%
Independent members	3	100%
Female components	1	33%
Male components	2	67%
Members under 30 year	0	0%
Members between 30 and 50 years	0	0%
Members > 50 years	3	100%

Members of the Supervisory Board	N°	%
Independent members	3	100%
Female components	1	33%
Male components	2	67%
Members under 30 year	0	0%
Members between 30 and 50 years	0	0%
Members > 50 years	3	100%

Cy4Gate's administration, management and control bodies have competences divided by sectors, products and geographical areas in which the Group operates, as shown in the table below.

The following tables show the competences of the various bodies and specify the percentage for each area, calculated by comparing the number of members with a single competence to the total number of members.

In this regard, it should be noted that the Board members, the Statutory Auditors and the Supervisory Board have the necessary competences in the area of sustainability to assess, analyse and plan CSRD activities.

Members of the Board of DirectorsAREA	Number of members	%
A) Strategic planning	9	100%
B) Risk management	5	56%
C) Innovation and technology	5	56%
C) Digital IT e cyber security	3	33%
E) Finance and business management	9	100%
F) Environmental sustainability	2	22%
G) Social sustainability	2	22%
H) Human resources management	1	11%
I) Legal	1	11%

Members of the Board of AuditorsAREA	Number of members	%
A) Strategic planning	3	100%
B) Risk management	3	100%
C) Innovation and technology	3	100%
C) Digital IT e cyber security	0	0%
E) Finance and business management	3	100%
F) Environmental sustainability	0	0%
G) Social sustainability	3	100%
H) Human resources management	0	0%
I) Legal	3	100%

Members of the Supervisory Board
AREA	Number of members	%
A) Strategic planning	2	67%
B) Risk management	2	67%
C) Innovation and technology	3	100%
C) Digital IT e cyber security	1	33%
E) Finance and business management	2	67%
F) Environmental sustainability	1	33%
G) Social sustainability	3	100%
H) Human resources management	0	0%
I) Legal	3	100%

The composition of the administrative, management and supervisory bodies ensures fair gender representation, promoting equal opportunity within the bodies, which are composed of 56% men and 44% women, with an average female gender ratio of 0.78. The percentage of independent directors on the Board of Directors is 33%, in line with best governance practices and in protection of the interests of all shareholders.

To ensure adequate oversight of sustainability matters, as mentioned above, the intenal Risk and Sustainability Control Committee has been established, with advisory and proposal functions toward the Board of Directors on sustainability matters. For this Committee, roles and responsibilities have been defined for the acquisition and analysis of key information relating to:

Economic, environmental, and social context
Economic-financial risks
Regulatory compliance
ESG (Environmental, Social, Governance) matters

At the organizational structure level, a group dedicated to ESG matters has also been established with the following responsibilities:

Oversight and management of ESG matters
Integration of ESG criteria into business processes
Preparation of the sustainability statement, submitted for examination to the Risk and Sustainability Control Committee and subsequently reviewed and approved by the governing body.

The administrative, management and supervisory bodies also play a crucial role in governance processes, controls, and procedures aimed at monitoring, managing, and overseeing impacts, risks, and opportunities. They are also responsible for the implementation of an effective risk management system that includes the identification, assessment, and mitigation of risks, as well as the monitoring of performance and impacts.

These bodies define a three-year commitment plan, updated annually, based on the analysis of the significant impacts for the organization. This plan defines specific, measurable, achievable, relevant, and time-bound (SMART) objectives and concrete actions to address challenges and seize opportunities related to sustainability. The Control, Risk and Sustainability Committee, composed of independent directors, plays a fundamental role in this process, providing advice and support to the Board of Directors on sustainability matters, monitoring the effectiveness of the risk management system, and making recommendations for its continuous improvement.

The Group has adopted a traditional management model, consisting of the Shareholders' Meeting, the Board of Directors, and the Board of Statutory Auditors.

The Chief Executive Officer is actively involved in the definition of priorities and commitments relating to sustainability matters, as well as in their reporting. This process, which will be formalized within the scope of the "ESG Policy for the Preparation and Control of Sustainability Reporting," is led by the Head of Group Accounting, Tax & Treasury who, with the support of a team dedicated to assessment and reporting, coordinates and monitors planning, implementation, and reporting activities. The Head of Group Accounting, Tax & Treasury submits the interim and final outputs produced for review and validation by the CFO/manager in charge and the Chief Executive Officer. The CFO is also kept constantly updated on the progress of the process, on any deviations from planning, and on any critical issues to be addressed.

The Control and Risk Committee oversees the entire process, in close collaboration with the other corporate functions, including Risk Management for the identification and assessment of risks, opportunities, and impacts, Compliance to ensure legislative and regulatory compliance, Internal Audit for periodic checks, and all operational functions necessary for the implementation and monitoring of the indicators.

The administrative, management and supervisory bodies, together with senior management, exercise active oversight over the definition of objectives connected with material impacts, risks, and opportunities, constantly monitoring progress toward those objectives. The Board of Directors plays a central role in this process, integrating sustainability into the strategies, management, and operations of the Group. The Board of Directors defines the scope of the Consolidated Sustainability Statement, evaluates and approves the results achieved and the commitments undertaken, including through the approval of the Consolidated Sustainability Statement. This approach ensures that sustainability objectives are aligned with the business strategy and that progress is monitored and communicated transparently.

The administrative, management and supervisory bodies carefully assess whether the existing competencies and capabilities are adequate to address sustainability challenges, considering both internal competencies and access to external resources. These bodies, supported by members with expertise in sustainability matters, assess whether the competencies are relevant to the undertaking's material impacts, risks, and opportunities and whether it is necessary to acquire additional competencies, through specific experts, training, or other initiatives, in order to ensure effective oversight of sustainability matters. Competencies in sustainability matters are adequately distributed among the members of the Board of Directors.

GOV-2 Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies

The administrative, management, and control bodies, as well as the internal board committees for matters within their competence, receive regular and updated information on relevant impacts, risks, and opportunities, on the implementation of due diligence procedures, and on the results and effectiveness of the policies, actions, metrics, and objectives adopted to address them.

This information is provided by various sources, including:

Senior Management: which reports periodically on the progress of sustainability performance, the effectiveness of actions taken, and the emergence of new challenges or opportunities;
Control Functions: such as Risk Management, Compliance, and Internal Audit, which provide independent assessments of risks and the adequacy of controls;
External Experts: who may be involved to provide specialist opinions or to support the evaluation of complex situations.

The frequency with which the aforementioned information is provided varies depending on its nature and relevance. In general, the most strategic and general information is discussed at the Board of Directors level at least annually, in occasion of the approval of the sustainability report.

Starting from 2024, such information falls within the scope of the sustainability statement, pursuant to Legislative Decree 125/2024. More operational and detailed information is subject to periodic reports and/or more frequent discussions at the level of specific committees, such as the Risk and Sustainability Committee. Thanks to this integrated structure, the administrative, management, and control bodies can make informed and conscious decisions, taking into account the long-term sustainability impacts, risks, and opportunities.

During the reporting period, the Control, Risk and Sustainability Committee (CCRS) was informed of the outcome of the double materiality assessment, which it endorsed, and of the development of the sustainability plan 2026–2030, in which the sustainability commitments 2025–2029 were updated or supplemented in light of the materiality results, the actions and results achieved in 2025, and in alignment with the Group's strategies and priorities.

In particular, during 2025, the CRS Committee discussed and monitored the following ESG-related topics:

Anti-corruption and anti-money laundering update (Annual report of the Anti-Money Laundering Function; Report of the Whistleblowing Committee; Annual report of the Coordination and Consultation Body for the Prevention of Corruption);
Environmental, Social, Governance (ESG) project (Meeting with those responsible for the implementation of ESG policies; Selection of the consultant for the 2025 sustainability statement);

These topics highlight the commitment of the CCRS to monitor and address sustainability-related challenges and opportunities, with a particular focus on corruption prevention, the integration of ESG factors into the business strategy, and ensuring an adequate internal control system.

GOV-3 Incentive scheme linked to sustainability targets

Within the Group, there is a three-year Stock Grant Plan 2023–2025—governed by a specific regulation entitled "Stock Grant Plan," with renewal scheduled for April 2026—intended for executives of the Parent Company and certain executives and other senior figures of subsidiaries, with objectives subject to annual verification, approved by the Board of Directors of CY4Gate S.p.A.

This plan extends to all Group companies, with the exception of XTN. Among the objectives of this Plan, there is an "ESG target" which, for the entire duration of the Stock Grant Plan (three-year period, 2023–2025), concerned the "Gender Equality Certification" obtained by CY4Gate S.p.A. and its maintenance. This certification was obtained in 2023, renewed in 2024 and 2025 by CY4Gate S.p.A., and extended in 2024 to RCS.

As part of the update of ESG targets for the five-year period 2026–2030, a new target has been identified to be included in the three-year Stock Grant Plan, relating to the management of supplier relationships and providing for the achievement, by 2026, of 40% of CY4Gate's qualified suppliers, assessed according to ESG criteria and/or adhering to the ESG policy. The Group does not apply climate-related incentives in the remuneration of members of the administrative, management and supervisory bodies.

For further information on the Stock Grant Plan, reference is made to the paragraph "Share-based payment transactions" in the Consolidated Financial Statements. The remuneration of the Board of Directors is determined by the Shareholders' Meeting at the time of appointment. Performance metrics linked to sustainability are included in the above-mentioned Stock Grant Plan. The portion of variable remuneration linked to the achievement of sustainabilityrelated targets and/or impacts(achievement of the Annual ESG Target) grants each beneficiary, upon achievement of economic-financial targets, the right to exercise, at the end of each annual cycle, a number equal to 5% of the total rights granted.

GOV-4 Statement on due diligence on sustainability matters

The due diligence process represents the set of systematic activities aimed at identifying, preventing, mitigating, and accounting for how the organization addresses actual and potential negative impacts on the environment and on people. In line with the United Nations Guiding Principles on Business and Human Rights and the OECD Guidelines for Multinational Enterprises, the Group has integrated due diligence into its governance systems to ensure responsible business conduct at every stage of operations.

Specifically, this integration is ensured through:

The Code of Ethics, which defines principles of conduct for employees and collaborators, as well as for partners, suppliers, and customers;
The Sustainability Plan, approved by the Board of Directors, which outlines the commitment to environmental protection and decent work;
Responsible consumption and production processes, including the signing of the ESG policy by suppliers and the monitoring of suppliers' orientation toward sustainability.

The Group also conducts annually an impact materiality assessment to identify where its own activities and those of the value chain may generate risks for the environment or for people. The process includes an analysis of the sectoral, geographical, organizational, business model, and value chain context of the Group, in order to define which sustainability matters are relevant and how they are managed. The context analysis supports the identification and analysis of impacts, also carried out through the involvement of employees, customers and suppliers, as well as corporate bodies and shareholders.

Due diligence on customers and suppliers represents an important element of the Group's commitment to sustainability. Through the promotion of ESG principles, risk mapping, involvement in the assessment of the materiality of impacts, and continuous monitoring, the Group aims to minimize potential negative impacts arising from its activities and to actively contribute to a more sustainable future.

Consultation with customers and suppliers makes it possible to detect any changes in the perception of the value chain or new risks, and to update or integrate impact management actions accordingly. This approach ensures that due diligence is a dynamic process, adapted to the evolution of the context and of specific risks.

The Group adopts a due diligence approach that involves stakeholders at key stages. Their perspectives are an integral part of the double materiality assessment, a fundamental tool for identifying material impacts, risks, and opportunities. In this way, stakeholders are able to actively influence direction and actions. Dialogue is continuous, with periodic updates of policies and various open communication channels: from public-facing channels such as investor relations and the whistleblowing system, to internal channels dedicated to suppliers and partners.

In order to manage risks, mitigate negative impacts, and maximize positive impacts and opportunities identified through the double materiality assessment, the Group implements targeted actions for material sustainability matters. The effectiveness of such actions is monitored through specific metrics and targets, detailed in each thematic section of the report.

Main Elements of Due Diligence	SectionsintheConsolidatedSustainability Statement
a) Integration of due diligence into governance, strategy, and businessmodel	ESRS 2 GOV-1, ESRS 2 GOV-2, ESRS 2GOV-3, ESRS 2 SBM-3
b) Engagement of impacted stakeholders through key phases of duediligence	ESRS 2 GOV-2, ESRS 2 SMB-2, ESRS 2 IRO1
c) Identification and assessment of negative impacts	ESRS 2 SMB-3, ESRS 2 IRO-1
d) Actions to addressing material negative impacts	ESRS 2 MDR-A, ESRS E1-1, ESRS E1-3,ESRS S1-3, ESRS S1-4, ESRS G1-3, ESRSG1-4
e) Monitoring the effectiveness of these efforts and communicating theresults	ESRS 2 MDR-M, ESRS 2 MDR-T,ESRS E1-4/9,ESRS S1-5/17,ESRS G1-4/6

GOV-5 Risk management systems and internal controls related to the Consolidated Sustainability Statement

In 2025, The Group defined a process for the preparation and control of the Sustainability Statement, the formalization of which is ongoing within an ESG Policy, defining roles, responsibilities, process, timelines, and controls. The process, in continuity with what was implemented for the first cycle of sustainability reporting, confirmed the adoption of an approach similar to that of financial reporting, in collaboration with the various functions responsible for the data. The internal control systems and risk management systems, in relation to the Consolidated Sustainability Statement, are focused on ensuring relevant, accurate, complete and reliable information, as also specified in IRO-1. For this purpose, the procedure provides four types of control:

Control 1 Timetable, to ensure compliance with process timelines
Control 2 Information flows, to ensure the completeness and accuracy of data
Control 3 Review of consolidated ESRS schedules, to ensure data integrity
Control 4 Review of Sustainability Statement, to ensure the correctness and completeness of information

The mitigation of the risk of incompleteness, low accuracy, and lack of integrity of data and information involves primarily the Head of Group Accounting, the CFO – in his capacity as Executive responsible for financial reporting – and the Chief Executive Officer, involved at different levels in the review phases; it also involves the business managers of all the companies of The Group, who are required to ensure:

Integrity and completeness of data: verification that the data collected are complete and accurate, and that they faithfully reflect the company's sustainability performance.
Accuracy of estimates: control that the results of estimates, where applicable, are based on solid and consistent methodologies.
Availability of value chain data: verification that data relating to the value chain, both upstream and downstream, are available within the required timelines.
Timelines of information: ensuring that information is available in a timely manner to support decision-making and reporting.

Information relating to the value chain represents the main risk, as it does not fall under the direct control of The Group; to mitigate this risk, the Head of Group Accounting, together with the ESG team, has undertaken the following actions:

definition of a method for collecting information;
engagement with suppliers to ensure compliance with the required information.

In order to improve and systematize the collection of sustainability information relating to the supply chain, specific requests on ESG topics have been integrated into supplier registration forms.

The Group assesses the risks associated with incomplete or inconsistent Consolidated Sustainability Statement, including risks related to data accuracy and manual errors during the consolidation of data from different systems. To mitigate this risk, a centralized online repository has been created to document risks and controls related to sustainability, focusing on the highest risks. With regard to the double materiality assessment, controls were performed on the process of identifying material impacts, risks and opportunities and on the underlying documentation, both by the Head of Group Accounting and subsequently by the audit firm.

To further ensure the effectiveness of such systems, the company has strengthened existing activities relating to:

Risk, Control and Sustainability Committee: with oversight and guidance functions in sustainability matters and reporting to the Board of Directors.
Internal Audit function: for the independent assessment of the adequacy and effectiveness of internal controls.
Nomination and Remuneration Committee: to ensure that sustainability competencies are adequately considered in the composition of governance bodies.

In order to ensure effective oversight, The Group has defined a structured information flow to the governance bodies, providing for discussion and involvement of the Risk Control and Sustainability Committee and Top Management on the different critical points of the process: definition of relevant topics to be submitted for assessment; outcomes of the double materiality analysis; definition of the Sustainability Plan; Sustainability Statement. The process described has been structured by The Group with the objective of meeting the qualitative characteristics of information required by the ESRS Standards, ensuring relevance, faithful representation, verifiability, and understandability of the reported information.

Strategy

SBM-1 Strategy, value chain and business model

The Group's strategy and business model are intrinsically oriented towards the prevention of negative impacts and the generation of positive value, by seizing the opportunities that arise. The concept of prevention and protection is the core of the Group's product and service development, as well as the guiding principle in defining our objectives and implementing management and control systems.

The Group's primary commitment is to ensure the creation and preservation of value for all stakeholders, through responsible and sustainable management of our activities.

Leadership in innovation is a fundamental pillar of the strategy, aimed at ensuring a significant contribution to highquality technological advancement and the construction of national technological sovereignty, an essential element for the realization of European technological sovereignty. This synergistic approach aims to effectively respond to the needs of governments and businesses in the protection of critical infrastructures, services, and citizens.

In line with this vision, the Group is committed to a process of creating a European center of excellence in the cyber sector, through strategic acquisitions and targeted alliances.

At the same time, it constantly invests in the development of internal skills, in the dimensional growth of its workforce, and in the promotion of a continuous research and development process, in close collaboration with universities and other key players in the sector.

The development and innovation model places a priority emphasis on respecting human rights, including property rights, both in commercial relationships and in innovation, research, and development processes. The Group actively promotes practices of attention and management of the impacts that may arise within its own organizations, among partners, and in the IT sector as a whole, fostering a model of sustainable and responsible development.

The relationship with customers, through listening to their needs, is a fundamental driver for innovation and the development of cutting-edge solutions in the cybersecurity sector.

Simultaneously, the Group is committed to transferring knowledge and expertise to its customers, so that they can make the best use of the potential of cyber intelligence and reduce the risks of attacks.

Recognizing the difficulties that small and medium-sized enterprises (SMEs) face in implementing adequate cybersecurity solutions, the Group has established synergies with other companies to offer accessible and timely solutions.

The goal is to democratize cybersecurity, making it accessible to all entrepreneurial realities, including SMEs, which represent a fundamental link in the supply chain of large companies. In this way, the Group contributes to strengthening the cyber resilience of the entire economic system, from small to large enterprises.

The responsible management of the supply chain is based on the selection of reliable companies and commercial partners, while at the same time promoting the development of their capabilities and skills through targeted training programs. This approach ensures the quality of supplies and commercial relationships, in compliance with industry standards, our values, and internal procedures.

The Group thus strengthens trust throughout the entire supply chain, from customers to investors, contributing to the creation of a cyber ecosystem that meets present and future challenges, also through the promotion of sustainabilityoriented behaviors.

The Group's strategy involves a rigorous selection of clients also based on ethical principles, ensuring that its technologies are not used improperly or in a way that violates human rights and democratic principles.

Recognizing the power of data and the risks associated with its improper use, the Group adopts stringent measures to protect it.

The significant groups of products and services offered by the company that represent over 10% of the turnover are the development and commercialization of forensic products, decision intelligence, and cyber security solutions.

Operating revenues by Business Line	2024	2025
Decision Intelligence	40,33%	44,10%
Forensic Intelligence	29,70%	36,43%
Cyber Security	29,97%	19,48%

The total number of own workforce of the Group (head count) is 541, of which 470 are in Italy and 71 are abroad.

The Group does not commercialize prohibited products. Dual-Use products are subject to authorization by UAMA (Italian Export Control Authority) with reference to foreign markets.

Some products or services may be commercialized exclusively to specific customers (government entities or judicial authorities).

The Group's total revenues for the financial year 2025 amount to € 101,5 million.

For further information, please refer to the Consolidated Statement of profit and loss and the Notes to the Consolidated Financial Statements (in particular, the notes "Revenues" and "Other revenues and income").

The Group does not avail itself of the exemption from the disclosure of information referred to in Article 18, paragraph 1, point (a) of Directive 2013/34/EU and operates in a single sector (TSI).

The Group does not operate in the fossil fuels sector, nor in the production of chemicals, controversial weapons, or the cultivation or production of tobacco.

The Group is strongly focused on the cyber protection of space infrastructures and the supply chain, with particular attention to SMEs, which are often vulnerable to cyberattacks.

Sustainability goals are defined and pursued at group level, consistent with the structure of financial reporting, which is based on a single segment. The revenue analysis conducted at group level reflects the unitary nature of the business.

Therefore, there are no different sustainability targets for individual product/service categories, customers, geographic areas or stakeholder relations.

Below are the Group's commitments:

Internationalisation and development: consolidation of the internationalisation strategy and creation of a European cyber competence hub, with the aim of sustainable growth and leadership in the sector
Innovation and entrepreneurship: continuous promotion of innovation and development of national entrepreneurship in the field of cyber security
Sustainability and human rights: constant adherence to and promotion of the principles of the Global Compact, for a sustainable digital world that respects human rights

Customer satisfaction is a primary objective, pursued by offering customised technological solutions that fully comply with contractual requirements.

Each company in the Group tailors the customer experience to the specificity of the products and services offered, each customer benefits from a dedicated Account Manager, a single point of contact for all projects and programs. Proper execution of contracts is fundamental, ensuring compliance with time, cost and quality. After-sales support, through specialised consultancy, completes the offer, ensuring the full usability of the technological solutions. Measuring customer satisfaction is crucial for continuous improvement. CY4Gate offers customers the possibility of reporting issues through a dedicated ticket system. Questionnaires are delivered periodically to assess the level of satisfaction and the importance attached to the services/products. Moreover, for indirect evaluation, various information sources are analysed, including complaints, renewal contracts, customer communications and meeting reports.

The Group, through a Quality Management System and a dedicated Customer Management and Marketing Department, ensures the provision of high quality services/products and monitors customer satisfaction.

The business model is constantly being improved to ensure ever greater proximity to customers and end users.

Providing timely and qualified answers, fosters the building of solid and lasting relationships and the satisfaction of customers' security needs; transferring knowledge for a conscious use of the products and services offered, increasing the security and resilience of customers.

The conception, design and production of products and services is developed to meet the needs of citizens, companies and governments for protection, security and access to essential services.

The Group, confirming its ambition to create a European Centre of excellence in the specific domain, pursuing the dual objective of guaranteeing technological sovereignty and enriching the customer value proposition, is pursuing a strategy of growth and strengthening on various levels:

Acquisitions of companies specialised in the cyber domain
Establishment of strategic and operational alliances
Participation in international research and development partnerships and calls
for tenders
Membership of national and international networks and initiatives
Adoption of an innovation-oriented organisation
Implementation of a monitoring and reporting system to measure the environmental impact of the Group's activities and set improvement targets
Promotion of sustainable mobility among employees
Investments in people empowerment, ensuring appropriate working conditions, protecting health and safety at work, and ensuring confidentiality and data protection
Expand the evaluation of suppliers according to ESG criteria or adhering to the Group Sustainability Policy

The strategy and business model of CY4Gate Group are inherently oriented toward preventing negative impacts and generating positive ones: prevention and protection constitute the concept underlying the development of the products and services offered, and they are also the principles guiding the definition of the Group's objectives and the implementation of management and control systems, in order to ensure the creation and preservation of value for all stakeholders.

The double materiality assessment confirms the integration of sustainability at the heart of the Group's business model. It provides essential data and information security products and services, constantly investing in research and development, with a dedicated innovation team.

Focusing on the security, privacy and well-being of employees, customers, communities and institutions is central to the Group's strategic model, which bases its relationships on ethics and responsible conduct.

The Group adopts a dynamic and responsible strategic approach, in which Management and the Board of Directors engage in an ongoing, in-depth analysis of short-, medium- and long-term risks and opportunities.

This analysis, based on internal data and the interpretation of external trends, ensures that corporate strategies are constantly aligned with social and environmental needs.

Adaptability is essential: the process involves implementing timely strategic adjustments, where necessary, to ensure the Group's resilience and sustainability over time.

The Group's value chain, whose main actors are specified in section 'SBM-2 Stakeholder Expectations and Interests', was analysed to assess possible relevant IROs, considering:

• the characteristics of the upstream and downstream value chain;

• the position of CY4Gate Group in the value chain;

• the description of the main commercial actors and their relationship with the company, including: key suppliers, main distribution channels, main customers and/or end users.

The Group has established the priority level of its stakeholders, including the value chain, based on procedures in use in the company and supplier evaluation questionnaires.

As part of its business model and value chain management, the Group has implemented procedures and directives, described in this document, aimed at promoting partnership and collaboration relations with its stakeholders.

This approach is aimed, in particular, at the continuous improvement of sustainability performance.

Below is a representation of the Group's value chain:

UPSTREAM VALUE CHAIN

The Group's supply chain is mainly consisting of companies that provide hardware, software and know-how for the development of products and services.

The Group establishes synergies with partners, suppliers, universities and research centres, providing their know-how to strengthen their capabilities and generate a strong cyber innovation ecosystem.

Suppliers of IT equipment are selected from authorised manufacturers and distributors, who are not subject to embargoes and can guarantee the origin of supplies, as well as comply with high standards of confidentiality and security, fundamental requirements for the products and services offered by the Group.

In terms of know-how, the Group relies on a group of outsourcing companies that select and provide highly qualified personnel with specialist skills, even for extended periods.

CY4Gate Group establishes agreements with these companies - mostly Italian and mainly composed of young professionals - to integrate people with whom there is a mutual interest in establishing a stable collaboration.

Companies that supply IT equipment and know-how to CY4Gate are included in the Company's Supplier List, after an accreditation/qualification process and undergo periodic evaluations. The Reliability Index on the Supplier Evaluation Form is annually reviewed, based on the supplies purchased.

The Group establishes accreditation and qualification processes for suppliers to ensure their reliability in the supply of goods, services and know-how essential to the manufacture and distribution of the Group's products.

CY4Gate regularly promotes the supplier evaluation and accreditation process, according to specific policies and procedures to ensure supplier compliance by requesting suppliers to sign "clauses 231", the document ''Adoption of the commitment to social responsibility and ethical and sustainable development'' and sharing specific

documentation. Formal commitment to compliance with the principles and ethical rules enshrined in the Organisation, Management and Control Model (MOG) is an essential element; in fact, violation of these principles entails immediate termination of the contract.

Supply chain management represents a crucial step in the cyber risk mitigation process, as it involves a complex network of suppliers and partners that may be vulnerable to cyber attacks, thus increasing the importance of strict vigilance and security along the entire supply chain.

The Group asks its suppliers to sign a commitment to provide quality and sustainable services, managing all activities from a customer and stakeholder satisfaction perspective with a focus on economic, environmental and social sustainability.

Despite maintaining independent supplier management procedures, affiliated companies follow similar criteria within their integrated quality and safety management systems. This process involves collecting detailed information on the reliability of suppliers, assessing their compliance with quality, competitiveness and regulatory compliance requirements, as well as with the principles and rules set out in the group's governance documents, including adherence to environmental programmes or related certifications. The information gathered is documented in the Supplier Evaluation Forms.

Purchasing procedures at Group companies are set up to guarantee the reliability of the products or services purchased, with a view to continuous improvement of activities and performance for the development of innovative technologies, including digital ones, and, at the same time, taking into account the requirements of sustainability and respect for human rights.

The Group pays great attention to the supply chain, considering suppliers as partners for the development of innovative proprietary services and products in the national and European context.

DOWNSTREAM VALUE CHAIN

The Group is active mainly in Italy, but also in Spain and France, and is increasing its presence in Europe. It also has a global presence with customers in the Middle East and South East Asia and in Latin America.

The following is a breakdown of operating revenue by business line:

Decision Intelligence: 44,10%
Forensic Intelligence: 36,43%
Cyber Security: 19,48%

The Group works closely with its customers, anticipating their needs by researching and developing cutting-edge technological solutions, and is committed to enhancing its customers' knowledge and skills in cyber intelligence to reduce the risks associated with cyber attacks.

The organisational structure is customer-focused, with a commitment to establishing solid and lasting relationships, based on transparency and capable of providing rapid and high-quality responses.

The Group is committed to fully understanding its clients, then guiding them towards personalized technological solutions to meet their specific needs, thanks to a significant technological portfolio, in synergy with a commercial structure renewed in 2023 in terms of skills and territorial division.

Finally, the Group offers companies and institutions training to enable them to make informed use of its products and services.

Cy4Gate's development strategy also includes selecting customers based on their ethical standards. The Group believes in the importance of respecting human rights and is firmly opposed to anybody seeking to use its technologies improperly or contrary to democratic principles.

Data can be extremely powerful tools, but also very dangerous if it falls into the wrong hands.

CY4Gate Group's business relations focus on both the government and corporate sectors. The Group has also strengthened its value proposition by collaborating on a national and European level, confirming its ability to offer highly innovative cyber solutions based on Italian and European technology. Operating in the global market, with clients both in Italy and abroad, the Group is committed to establishing long-term relationships for those companies and institutions that require continuous protection over time.

CY4Gate Group operates in a highly dynamic sector, facing impacts related to technological innovation, evolving regulations and increasing demand for security. Key industry risks include technological obsolescence, competition and regulatory compliance, while opportunities arise from expanding markets, developing advanced solutions and strategic partnerships. The Group's business model is based on continuous innovation and collaboration with institutional and corporate clients, ensuring constant adaptation to market changes and strengthening its value chain through research, development and strategic synergies.

The tailor-made approach promoted by the Group is aimed at helping customers approach cyber issues with greater peace of mind, simplifying the technical complexity associated with cyber security.

PARTNERSHIP

The Group recognizes the strategic importance of partnerships for the achievement of its business objectives and for the creation of value for its stakeholders. In line with the principles of transparency and accountability, the Group is committed to developing collaborative relationships based on trust, mutual respect, and the sharing of common objectives.

Associations:

CY4Gate is a member of several associations, including A.I.A.D., Cyber 4.0, and Women 4 Cyber Italia (W4C).

A.I.A.D. Federazione Aziende Italiane per l'Aerospazio, la Difesa e la Sicurezza: CY4Gate has been a member company since 2020.
Cyber 4.0: It is a private law association that represents a public-private partnership broadly representative of the national cybersecurity context, in which over 40 nationally relevant actors participate, including representatives of universities and research centers, public institutions, large companies, foundations, and highly specialized SMEs. Cy4Gate SpA has been a member of the Association since 2019 and, as a founding member, supports the center in providing advisory, training, assessment, and test-before-invest services in the field of cybersecurity to enterprises and public administration.
Women 4 Cyber Italia (W4C): Women4Cyber Foundation is a European non-profit organization established in 2019 within ECSO – European Cyber Security Organisation, with the aim of promoting, encouraging, and supporting the participation of women in the field of cybersecurity at the European level. Women4Cyber Italia, an initiative promoted by Domitilla Benigni, Rita Forse, and Selene Giupponi together with Professor Paola Severino, its Honorary President, represents the Italian Chapter of the European Women4Cyber Foundation. CY4Gate actively supports the initiative, which promotes training and inclusion of women in the cybersecurity sector. The President of Women 4 Cyber Italia is also a member of the Board of Directors of CY4Gate and participates as a founding member in the Women4Cyber Foundation initiative. In 2025, also thanks to the voluntary participation of CY4Gate employees in the staff of the Italian Chapter as an associated company of W4C IT, it actively contributed to the promotion and dissemination of activities and to the second edition of the Youth Ambassador Programme, which involved young women engaged for one year in supporting the mission of W4C Italia. In 2025, W4C Italia strengthened outreach, advocacy, and training activities through participation in and organization of numerous events with honorary members, ordinary members, Board members, members of the Technical Scientific Committee, and Youth Ambassadors as speakers, as well as webinars and online seminars dedicated exclusively to members. It consolidated its presence at the European level through participation in initiatives at the European Parliament together with the Women4Cyber Foundation, other national chapters, and representatives of EU institutions, as well as through activities of the Youth Ambassador Programme. It continued the dissemination and promotion of key topics in the sector through its newsletter, social media sharing, and the bimonthly publication "L'altra metà del cyber. Appunti."

European Projects:

CY4Gate actively participates in European programs and projects, investing in research and development to contribute to innovation in cybersecurity and intelligence at the international level.

Relations with business partners:

The Group's development strategy is based on the creation of a network of qualified business partners, with whom to share objectives and growth projects. Through collaboration, the Group aims to strengthen its market position, expand its offering of products and services, and access new business opportunities.

The Group believes that partnerships with business entities are a key factor for innovation and competitiveness and is committed to investing in long-term relationships based on trust and the sharing of common values.

The CY4Gate Group is committed to providing cybersecurity solutions and services that generate tangible benefits for its stakeholders.

The Group offers:

Advanced protection: complex ICT systems and solutions designed to minimize the impact of data breaches and ensure business continuity.
Timely response: an integrated Security Operation Center (SOC/CERT) and a digital emergency response service to identify, manage, and resolve cyberattacks rapidly and effectively.
Comprehensive support: a team of cybersecurity experts that assists organizations at every stage, from design to incident management.
Training and specialization: recruitment and training programs to strengthen clients' internal cybersecurity capabilities.

For investors, the Group represents:

Technological innovation: a company recognized by GARTNER® as a Representative Vendor in Composite AI, thanks to its know-how in applying artificial intelligence to cybersecurity.
Sustainable growth: a solid business model and a strategy oriented toward long-term value creation.
Industry leadership: a leading company in the provision of cybersecurity solutions, in a rapidly expanding market.

For other stakeholders, the Group contributes to:

Digital security: a more secure and resilient digital ecosystem, through the protection of organizations' information.
Skills development: a training program that promotes professional growth in the field of cybersecurity.
Strategic collaborations: partnerships with Group companies and other industry players to develop innovative solutions and address common challenges.

The Group is committed in a comprehensive manner to creating value for its stakeholders through cutting-edge cybersecurity solutions, comprehensive support services, and a strong commitment to innovation and sustainable growth.

The technical and methodological infrastructure that ensures that information on strategy and business model is based on accurate and reliable data and information is that defined in the ESG Policy for the preparation and control of the Sustainability Statement, as also indicated in GOV-5 Systems of risk management and internal controls related to the Consolidated Sustainability Statement.

In particular, the data collection method was developed in the following two steps:

I) mapping of systems, procedures, and company regulations, in line with the information reported in other documents and sections of the website

(https://www.Cy4Gate.com/it/azienda/governance/; https://www.Cy4Gate.com/it/azienda/investor-relations/)

II) collection of data from the managers of the relevant functions using internal management systems. Data and information relating to the year 2025 were collected in specific thematic sheets, in line with EFRAG guidelines. In the thematic sheets, the values of each company of the Group included in the reporting perimeter are recorded. Such information was verified and approved not only by the individual responsible functions, but also by the Group Accounting Manager, for subsequent verification and approval by the Manager in Charge, before being submitted to the administrative, supervisory, and control bodies.

SBM-2 Interests and views of stakeholders.

The awareness of the impacts the Group generates and its contribution to building sustainable development necessarily requires a stakeholder-oriented vision: the needs, interests, considerations, and critical issues represented by stakeholders are the foundation of strategies capable of overcoming and removing obstacles, seizing opportunities, and creating conditions for sustainability.

A successful business model means pursuing and combining excellent economic-financial, governance, social, and environmental performance for the satisfaction of our main stakeholders, whose involvement occurs through various channels and methods depending on the circumstances and needs.

The main engagement mechanisms are:

Continuous Dialogue: An open and transparent dialogue with stakeholders, through surveys, focus groups, public meetings, online platforms, and social media.

Formal Consultations: For strategic issues or those with significant impact, formal consultations can be organized with stakeholder representatives, ensuring a structured and inclusive process.

Collaborations and Partnerships: Collaborations and partnerships with various organizations, such as suppliers, universities, and research centers, to address common challenges together and develop innovative solutions.

Employee Engagement: Promotion of participation through internal surveys, company committees, dedicated meetings, training activities, communications, and company programs.

Marketing Campaigns: Aimed at engaging customers and other stakeholders, through messages that reflect company values and promote sustainability.

The Group has identified and prioritised its stakeholders through the involvement of representatives of corporate functions. This made it possible to map key stakeholders, relationships, channels and means of interaction. To fully understand stakeholders' interests and expectations, the Group performed the following actions :

• benchmark analysis of companies operating in similar sectors;

• documents and reports from national and international bodies outlining relevant issues on the three dimensions of sustainability;

• sharing of a questionnaire aimed at understanding their perception of the Group's activities - also in a forward-looking and potential perspective - and their interests and expectations on environmental, social and governance issues.

The purpose of the questions was to gather stakeholders' perceptions of the group's potential and actual impacts (from an inside-out perspective, i.e. how the group's activities influence the outside world) in relation to the three dimensions mentioned.

With regard to the perception of the Group's risks and opportunities (outside-in perspective, i.e. how external factors influence the Group) in relation to the three dimensions of environmental, social and governance, internal stakeholders from top and middle management were involved.

The objective of this involvement process was to identify the risks and opportunities that the Group faces in relation to the three dimensions, from an internal management perspective.

It should be noted that direct and dedicated stakeholder engagement was a commitment for the three-year period 2024-2026, as indicated in the Group's Sustainability Statement 2023.

The Group's key stakeholder identification process is based on the classification of the stakeholders of the parent company and the companies included in the reporting scope, organised into the following internal and external stakeholder clusters:

Employees
Top and middle management
Shareholders / Partners
Corporate bodies
Customers
Suppliers
Credit institutions

● Residual cluster of "other" stakeholders that includes: rating agencies; associations; investment banks; research centers; communities; public institutions; media; universities.

No distinctions have been made in the population of certain clusters considered 'key' in their entirety, in particular credit institutions, investment banks, research centres, universities and employees.

Group companies, recognising the importance of an open and constant dialogue with their stakeholders, have implemented a structured engagement system, which envisages the use of various communication channels, both formal and informal.

Formal Communication Channels

Shareholders' Meetings

These represent a fundamental moment of discussion with shareholders, during which company results, future strategies, and key decisions are presented.

Board of Directors Meetings

The members of the Board of Directors meet periodically to discuss company performance, strategies, and major challenges.

Periodic Reports

Periodic reports (sustainability report, annual financial report, etc.) are published to provide transparent and comprehensive information on the Group's performance.

Website

The company website is constantly updated with news, information, and useful documents for stakeholders.

Events and Conferences

Events and conferences are organized to meet key stakeholders, discuss relevant topics and gather feedback.

Informal Communication Channels

Internal Communications

Various tools (newsletters, intranet, meetings, etc.) are used to maintain a constant dialogue with employees and keep them informed about major company news.

Customer Meetings

Sales and customer support teams are in constant contact with customers to gather feedback, answer questions, and provide support.

Supplier Relations

Long-term relationships are maintained with suppliers, based on trust and collaboration.

Contacts with Institutions

Relationships are maintained with local, national, and international institutions to discuss topics of common interest and collaborate on sustainable development projects.

Particular focus to:

Employees

Dialogue with employees is considered a priority, as they are a fundamental resource for the Group's success. Engagement initiatives, such as focus groups and meetings with management, are organized.

Shareholders and Members

Clear and transparent information on the Group's performance and future strategies is provided through periodic meetings.

Customers

Customer satisfaction and needs are constantly monitored through interviews and complaint analysis; the Group develops innovative products and services to meet their expectations.

Suppliers

A selection and choice process for partners who share the Group's values in terms of sustainability and social responsibility, with the aim of establishing long-term relationships based on trust and collaboration.

Credit Institutions

The Group keeps transparent and constant relationships, providing information on financial performance and strategies.

This approach allows for organized and constant communication, aimed at receiving feedback and communicating relevant information. The Group is aware that an open and constructive dialogue with its stakeholders is fundamental to creating shared value and contributing to a more sustainable future. For this reason, it is committed to constantly improving its engagement processes and developing new initiatives to increasingly involve its stakeholders, such as the organization of periodic meetings with key stakeholders to discuss sustainability issues.

The primary aim of engagement is to establish an open, constructive and ongoing dialogue with all our stakeholders, both internal and external, to foster collaboration and the creation of shared value.

This strategic approach enables the Group to:

• Build lasting relationships of trust: constant and transparent dialogue creates a climate of mutual trust, a fundamental element for the organisation's reputation and long-term sustainability.

• Understand needs and expectations: actively listening to stakeholders' needs, expectations and concerns provides valuable information to guide corporate strategies and decisions.

• Promoting transparency and accountability: open and accessible communication reinforces the organisation's accountability to its stakeholders, fostering responsible and sustainable business management.

• Taking new opportunities of growth: interaction with stakeholders can generate new ideas, suggestions and opportunities for collaboration, paving the way for innovative projects and shared solutions.

Successful engagement is not just an act of communication, but a real investment in the future of the Group; it helps build a solid and positive reputation, increasing the trust and loyalty of stakeholders, essential elements for the sustainable success of the organisation.

The issues that arise are not just information, but real drivers for the evolution of strategies, resource allocation and the development of sustainable business models.

The integration of engagement results occurs through a structured and iterative approach:

Data collection and analysis: The information collected is analyzed to identify relevant topics and stakeholder expectations.
Materiality assessment: The strategic relevance of the topics for the Group and the potential impact on stakeholders are assessed, considering both internal and external perspectives.
Integration into the strategic framework: The results of the materiality assessment influence the definition of sustainability objectives, strategies, and KPIs.
Definition of actions and resource allocation: Concrete actions are defined and the necessary resources allocated.
Monitoring, evaluation, and continuous improvement: Progress is monitored and evaluated to ensure effectiveness and identify areas for improvement.

The integration of engagement results also guides decision-making processes:

● Corporate strategy: Feedback guides strategies aligned with expectations and sustainability.

● Innovation and product development: Understanding needs stimulates the development of sustainable products and services.

● Risk Management: Early identification of ESG risks enables preventative measures.

● Reputation: Effective engagement strengthens stakeholder trust.

The Group is committed to transparently communicating its engagement processes and results, strengthening dialogue with stakeholders and increasingly integrating their feedback into strategic and operational decisions to create shared value and sustainable development.

The stakeholder engagement process validated current strategic choices and provided useful insights for the future, although no areas requiring substantial changes to the strategy or business model emerged.

The administrative, management, and control bodies are informed of stakeholders' opinions and interests regarding the company's sustainability impacts. This is achieved through a structured and transparent process, which includes periodic reports and internal communications. These documents summarize the main issues arising from the stakeholder dialogue, highlighting relevant topics and areas for improvement, and ensuring that management bodies are always updated on stakeholder expectations and concerns.

SMB-3 Material environmental, social and governance impacts, risks and opportunities and their interaction with the strategy and business model

The impacts, risks and opportunities identified as relevant by the dual materiality analysis are listed below. DOUBLE MATERIALITY – RESULTS

ESRS E1 - Climate Change
Sub Topics	IRO	Description	Time Horizon	Scope ofapplicabilityof IROs
Climate ChangeMitigation	Negativeimpact	The Group generates emissions into the atmosphere of greenhousegases and substances for the heating of company premises, through theuse of owned (or controlled) boilers that burn fossil fuels, and thecirculation of company fleet vehicles (scope 1)	Effective - ST	Ownoperations
	Negativeimpact	The Group generates emissions into the atmosphere of greenhousegases and substances generated by the consumption of energyresources for the lighting of company premises and for the cooling orheating of company premises (scope 2)	Effective - ST	Ownoperations
Climate ChangeAdaptation	Positiveimpact	The Group, By adopting infrastructure security measures (generatorsand data centers) that guarantee the continuity of operation ofcybersecurity software solutions, strengthens the security of itsinformation systems, benefiting the entire value chain even in the eventof extreme weather events.	EffectiveS-M-L Term	Upstream,Own,downstreamoperations
	Risk	The Group, in case of extreme weather events and in the absence ofsecurity reinforcement solutions, could suffer damage to digitalinfrastructure with consequent service interruption	S-M Term	Upstream,Own,downstreamoperations
Energy	Negativeimpact	The greater computing power and data processing required by the useof AI and digital technologies in business processes increases the energyconsumption and carbon footprint of the company or the supply chain,impacting climate change.This negative impact has implications for Scope 3 reporting on ClimateChange Mitigation.	EffectiveS-M Term	Upstream,Own,downstreamoperations

	ESRS S1 - Own workforce
Sub Topics	IRO	Description	Time Horizon	Scope ofapplicabilityof IROs
Workingconditions(secureemployment;adequate wages;work-life balance;working hours)	Positiveimpact	The Group promotes job stability and fair remuneration, thanks tocompliance with national legislation and sector collective agreements,as well as through the adoption of company policies and proceduresthat guarantee quality contracts.	EffectiveS Term	Ownoperations
	Positiveimpact	The Group, by adopting processes and practices that promote work-lifebalance and response to welfare needs, guarantees conditions ofbetter quality of life and well-being for workers.	EffectiveS Term	Ownoperations
Workingconditions(social dialogue;freedom ofassociation,existence of workscouncils and rightsto information,consultation andparticipation ofworkers; collectivebargaining, includingthe percentage ofworkers covered bycollectiveagreements)	Positiveimpact	The lack of processes and practices that allow workers to be involved,to collectively negotiate working conditions, and to make their voiceheard, can generate an increase in conflict and discontent.	PotentialS-M Term	Ownoperations
	Positiveimpact	The Group, through the current involvement of workers, guaranteeingfreedom of association and collective bargaining, generates a positiveimpact on employees and the organisational climate.	EffectiveS Term	Ownoperations
	Opportunity	The adoption of systems and tools for social dialogue and workerparticipation fosters a positive and collaborative organisational climate,which can lead to greater labour productivity.	M - L Term	Ownoperations

	Negativeimpact	The lack of adequate practices and processes for health and safety atwork can generate injuries or occupational diseases, stress, andpsychological distress among workers.	PotentialS-M Term	Ownoperations
Workingconditions	Positiveimpact	The adoption of awareness and training actions impacts an increase inworker awareness regarding health and safety matters.	EffectiveS-M Term	Ownoperations
(Health and Safety)	Opportunity	M-L Term	Ownoperations
Equal Treatmentand	Positiveimpact	EffectiveS-M Term	Ownoperations
Opportunitiesfor All	Risk	The scarcity of trained and qualified personnel can lead to a lack ofnecessary skills to support development and technological evolution.	S-M-L Term	Ownoperations
(Training and skillsdevelopment)	Opportunity	The Group, by offering employees opportunities for continuousprofessional growth, could strengthen its ability to attract qualifiedpersonnel and retain employees, with a decrease in selection costs.	S-M-L Term	Ownoperations
Equal TreatmentandOpportunitiesfor All(gender equality andequal pay for workof equal value;employment andinclusion of personswith disabilities;measures againstworkplace violenceand harassment;diversity)	Positiveimpact	The Group, by adopting initiatives and instruments capable ofguaranteeing equal pay for work of equal value and equal opportunitiesin career paths, values personnel and creates an equitable and inclusivework environment.	EffectiveS Term	Ownoperations
	Opportunity	A stimulating and inclusive work environment within the Group canlead to employee satisfaction, generating greater personnel retention,resource stability, and increased productivity	M-L Term	Ownoperations
	Positiveimpact	The Group guarantees greater safety, well-being, and comfort toemployees on secondment, thanks to a policy that establishesadequate spending limits for dignified and quality accommodation.	EffectiveS Term	Ownoperations
Other WorkRelated Rights(child labour; forcedlabour; adequate	Positiveimpact	The refusal of child labour and forced labour reinforces the sense ofsafety and well-being of workers, thanks to the sharing of an ethicalsense and respect for human rights.	EffectiveS-M Term	Ownoperations
housing; privacy)	Opportunity	The Group could use software solutions for data privacy developed forthe market to also protect the privacy of its employees, generatinginvestment optimisation.	S - M Term	Downstreamoperations

	ESRS S3 - Affected Communities
Sub Topics	IRO	Description	Time Horizon	Scope ofapplicabilityof IROs
	Positiveimpact	The Group, thanks to the innovations and technological solutionsdeveloped and by promoting their correct use along the value chain,increases the capacity of the appointed bodies to carry out the publicsecurity service, to combat cybercrime, and to protect human rights.	EffectiveS - M -L Term	Own,downstreamoperations
Innovation forCybersecurityand CommunityProtection(economic, social,and cultural rights ofcommunities; civiland political rights ofcommunities)	Positiveimpact	The Group, through the protection of critical infrastructure (e.g.,healthcare, banking, energy systems) and cultural heritage, promotesan increase in national security.	EffectiveS Term	Own,downstreamoperations
	Positiveimpact	The Group, guaranteeing technological autonomy and sovereignty at anational and European level, provides support for the development ofan innovation culture in the sector and for overcoming technologicaldwarfism.	EffectiveS - M -L Term	Upstream,Own,downstreamoperations
	Positiveimpact	The Group, thanks to constant investment in the consolidation andimprovement of proprietary product technologies, constant attentionto the training of partners and clients, promotes greater IT resilience ofpublic and private companies; guarantees the continuity of activitiesand services provided; protects the right of citizens to privacy of theirinformation and to access public utility services securely andcontinuously.	EffectiveS Term	Upstream,Own,downstreamoperations
	Opportunity	Market demand for software solutions aimed at safeguarding personaldata privacy and protection from cyber attacks represents an increasein demand for cybersecurity solutions for the group, stimulatinginnovation and generating positive financial effects.	S - M Term	Downstreamoperations
	Opportunity	Demand from healthcare/governmental organisations for new softwareusable for prevention, care, and health emergencies represents an	S - M Term	Downstreamoperations

	increase in demand for solutions for the group, stimulating innovationand generating positive financial effects.
Risk	Inappropriate use of cyber intelligence and cybersecurity solutions cangenerate claims from local communities and compensation requests,with negative reputational and financial effects for the Group	S - M Term	Downstreamoperations
Opportunity	Market demand to develop software to facilitate access to healthcarethrough telemedicine services and online booking platforms representsan increase in demand for solutions for the group, stimulatinginnovation and generating positive financial effects.	S - M - L Term	Downstreamoperations

		ESRS S4 - Consumers and End Users
Sub Topics	IRO	Description	Time Horizon	Scope ofapplicabilityof IROs
Impacts Related	Positiveimpact	The Group, thanks to the adoption of IT security systems, guaranteesthe protection of client privacy.	EffectiveS Term	Own,downstreamoperations
to Informationfor Consumersand/or End	Risk	Cyber attacks suffered by the Group, with access to or loss of data andinformation from consumers/end users, generates negative financialand reputational effects for the Group.	S- M Term	Downstreamoperations
Users (Privacy)	Opportunity	Attention to the privacy of consumers and/or end users could generatea strengthening of reputational positioning, acquisition of competitiveadvantage, and consolidation of trusting relationships.	M -L Term	Downstreamoperations
Impacts Relatedto Informationfor Consumersand/or EndUsers (Access toquality information)	Positiveimpact	The availability of information on the economic-financial and ESGperformance of the Group adequately supports consumer choices.	EffectiveS Term	Own,downstreamoperations
Personal Safetyof Consumersand/or EndUsers (Health and	Positiveimpact	The Group protects human health and the environment, through theprovision of specific clauses within the purchase conditions, whichoblige suppliers to use materials in conformity with the provisions of EUdirectives and regulations and internal rules regarding the protection ofhuman health and the environment, including the obligations referredto in regulation (EC) no. 1907/2006 "REACH Regulation" andsubsequent amendments.	EffectiveS-M Term	Upstream,Ownoperations
safety)	Opportunity	Attention to the health and safety of consumers/users could generate astrengthening of reputational positioning, acquisition of competitiveadvantage, and consolidation of trusting relationships.	M -L Term	Downstreamoperations
Social Inclusionof Consumersand/or End	Positiveimpact	The Group monitors developments subsequent to product/servicedelivery, guaranteeing maximum quality and transparency forconsumers, increasing reliability.	EffectiveS Term	Own,downstreamoperations
Users (Responsiblecommercialpractices)	Opportunity	The adoption of customer care actions by the Group could strengthenreputational positioning, generate competitive advantage acquisition,consolidate trusting relationships, and increase customer loyalty.	M -L Term	Downstreamoperations

		ESRS G1 - Business conduct
Sub Topics	IRO	Description	Time Horizon	Scope ofapplicabilityof IROs
CorporateCulture	Opportunity	The Group, thanks to its solid governance and a set of corporateprocedures to combat corruption, could strengthen its reputation, gaina competitive advantage, and consolidate relationships of trust with itsstakeholders.	S-M Term	Upstream,Own,downstreamoperations
Active andPassive	Positiveimpact	The Group, through the adoption and application of an Anti-CorruptionCode, generates deterrence and promotes the creation and diffusion ofa culture of legality, within the Group and along the value chain,preventing and combating the implementation of corruptionphenomena	EffectiveS Term	Upstream,Own,downstreamoperations
Corruption	Opportunity	The Group's monitoring of active and passive corruption through theadoption of internal regulations or procedures could strengthen itsreputational positioning, consolidate trusting relationships withstakeholders, and reduce exposure to sanctions.	S-M Term	Upstream,Own,downstreamoperations
Whistleblower	Positiveimpact	The Group, through its anti-corruption policy and correct managementand protection of reports, promotes a culture of legality amongpersonnel and throughout the value chain	EffectiveS Term	Upstream,Own,downstreamoperations
Protection	Opportunity	The introduction of systems to deter unethical behaviour could favourthe consolidation of a strong and cohesive corporate culture, withincreased labour productivity and organisational/management fluidity	M - L Term	Ownoperations

Management ofRelationshipswith Suppliers,	Positiveimpact	The adoption by the Group of systems for evaluating the environmentaland social performance of suppliers can increase attention togenerating environmental, social, and governance impacts in the supplychain	EffectiveS-M Term	Upstream,Ownoperations
IncludingPaymentPractices	Opportunity	Defining and respecting payment terms agreed with suppliers,consistent with adequate financial management of the Group,guarantees financial equilibrium and could favour the consolidation oftrusting relationships with suppliers.	S-M Term	Upstreamoperations

LEGENDA: ST -> short term MT -> medium term

LT -> long term

The Group recognises the importance of transparently disclosing the effects of impacts, risks and opportunities on its business model, value chain, strategy and decision-making.

In line with its commitment to sustainability, the Group provides clear and comprehensive information on future actions and plans. At present, no changes to the strategy and business model are planned to address material issues; however, the Group assesses and updates the Sustainability Plan annually.

Consolidated Sustainability Statement is the tool by which the company transparently discloses its material issues and progress, engaging stakeholders in dialogue and collaboration.

In its business activities, the Group adopts rules of conduct that integrate impacts, risks and opportunities into its planning and control systems, shared through certified management systems. In particular, business activities include strict compliance with environmental, social and governance (ESG) regulations, as well as fairness and transparency in relations with customers, suppliers and other business partners.

With reference to the risks and opportunities relevant to the Group, no current financial effects of a significant magnitude attributable to the identified ESG risks and opportunities were recognised for the year under review. Consequently, there were no material financial effects associated with these profiles for the year under review.

The Group has a control model for analysing risks, performance and updating the strategic plan in line with industry benchmarks. The model includes the 'Management Control Memorandum' and a set of procedures for corporate planning, control and reporting. The management control covers the Group companies and is in line with the 2020 Corporate Governance Code of Listed Companies to which CY4Gate has adhered.

With reference to the first sustainability reporting period, there are changes in relation to the material impacts, risks and opportunities of the previous period. In particular, the work of review and updating of the IROs was directed toward more clearly specifying the impacts and the risks and opportunities generated or that may be generated, through modifications to the wording of the descriptions; in some cases, this also entailed a more precise specification of IROs, in relation to sub-topics or sub-sub-topics, resulting also in the formulation of new IROs and the replacement of general IROs with more specific IROs. In detail, the topics and sub-topics affected by significant changes are:

ESRS E1 Climate change mitigation: the short-term actual negative impact has been articulated into two short-term actual negative impacts, in order to highlight the specificities attributable to Scope 1 and Scope 2.
ESRS E1 Climate change adaptation: a positive impact has been identified as material, linked to a risk already present in the previous reporting cycle.
ESRS E1 Energy: the short-term current negative impact that had been identified as material has been articulated into two impacts in order to highlight the specificities attributable to the use of energy sources and to the increase in emissions, both in relation to the production of software solutions and to the use of data centers, the latter resulting as material.
ESRS S1 Working conditions: the IROs identified in the previous reporting cycle have been articulated in a more detailed and specific manner, in order to specify the effects on workers and the risks and opportunities for the Group, determined by its choices and actions in relation to issues such as employment stability, pay equity, work-life balance, health and safety, social dialogue, and collective bargaining; this led to the identification of six material impacts compared to the two of the previous year, and two opportunities.
ESRS S1 Equal treatment and opportunities for all: the IROs identified in the previous reporting cycle have been reformulated in a more detailed and specific manner and supplemented with additional IROs, in order to specify the effects on workers and the risks and opportunities for the Group, determined by its choices and actions in relation to issues such as training and skills development, gender equality and equal pay for work of

equal value, employment and inclusion of persons with disabilities, and measures against violence and harassment in the workplace.

ESRS S1 Other work-related rights: the IROs identified in the previous reporting cycle have been reformulated in a more detailed and specific manner and supplemented with additional IROs, in order to specify the effects on workers and the risks and opportunities for the Group, determined by its choices and actions in relation to issues such as child labor, forced labor, adequate housing, and privacy.
ESRS S3 Affected communities: first, the analysis of how the Group may impact the topic of affected communities led to the definition of the specific relevant scope "Innovation for Cybersecurity and the protection of the community," within which to frame the identification and analysis of IROs relating to the subtopics "Economic, social and cultural rights of communities" and "Civil and political rights of communities." Within this reference framework, the previously identified IROs were revised, also through a more precise specification of impacts on the community and on the Group; this resulted in the identification of four positive impacts compared to the two identified in the previous reporting cycle, and three opportunities and one risk, compared to only one opportunity previously identified.
ESRS S4 Consumers and end-users: an initial revision concerned the interpretation of the topic itself and of the concept of consumer as applied to the Group; this led to attributing to the terms consumers and end-users the meaning of public and private clients of the Group's Cyber Intelligence, Forensic Intelligence, and Cyber Security solutions. This resulted in a revision and integration of the IROs, which led to the identification of four actual positive impacts, three opportunities, and one risk, compared to the two positive impacts, one risk, and one opportunity identified as material in the previous statement.
ESRS G1 Business conduct: the IROs identified in the previous reporting cycle have been reformulated in a more detailed manner and supplemented with additional IROs, in order to represent more specifically the governance and management mechanisms adopted by the Group and to specify the effects on stakeholders and the risks and opportunities for the Group, determined by its choices and actions in relation to corporate culture, active and passive corruption, protection of whistleblowers, and management of relationships with suppliers, including payment practices.

It should also be noted that the refinement of the assessment methodology, together with a more detailed and precise identification of the IROs, led to the identification of new material IROs, increasing from 18 material impacts identified in 2024 to 25 material impacts in 2025, and from 13 risks and opportunities in 2024 to 19 in 2025.

There are no impacts, risks, or opportunities subject to entity-specific disclosures beyond the disclosure requirements provided for by the ESRS.

Management of risks, opportunities and impacts

IRO-1 Process applied for the materiality assessment, involvement of internal and external stakeholders

The objective of the double materiality assessment (DMA) consists in understanding both the environmental, social, and governance impacts generated by the Group's activities (impact materiality), and the financial risks and opportunities deriving from ESG factors (financial materiality).

A context analysis was carried out to identify:

Impacts, risks and opportunities relating to environmental, social, and governance topics, both actual and potential;
How the Group may influence and be influenced by these aspects, during its operations and along the value chain.

For the framing of topics and aspects relating to the sector of reference, a benchmark analysis was conducted, taking as reference sustainability reports or other non-financial reporting documentation of organizations operating in similar sectors.

The analysis was carried out separately between impact analysis and financial analysis in order to ensure a more appropriate and detailed methodology.

A broad representation of internal stakeholders was involved throughout the entire process.

For impact materiality, potential and actual impacts of the Group on environmental, social, and governance dimensions were identified, taking into account stakeholder expectations and the impact of business activities on the environment and society. For each impact, the time horizon of occurrence was identified, whether it had a positive or negative effect, and the source of the impact within the value chain. The list of impacts considered was developed with reference to the guidance contained in RA16 of ESRS 1.

For the financial materiality analysis, financial risks and opportunities deriving from the Group's operations and business relationships were assessed, based on the impacts identified in the previous phase, supplemented with additional considerations derived from a structured process involving multiple sources: sector benchmarks, company documents, information derived from stakeholder engagement (such as requests from the financial market), and indications from the United Nations Global Compact.

For each risk and opportunity, both the time horizon of occurrence and the source within the value chain were identified.

The double materiality assessment (DMA) was subject to review as part of the second sustainability reporting cycle and will be subject to periodic review, in line with best practices, new directives, recent developments, and any organizational changes, as indicated in the ESG Policy for sustainability reporting currently under formalization. The double materiality assessment process was structured in the following phases:

Assessment of impact materiality based on severity and likelihood criteria, in accordance with the principles set out in the document "Methodological Note," an internal working document of the ESG Team used to formalize the methodology for the double materiality assessment;
Assessment of financial materiality based on risks and opportunities with financial effects, calculated considering likelihood of occurrence and potential magnitude of effects, in accordance with the principles of the "Methodological Note";
Consolidation of results through aggregation of impacts, risks and opportunities identified in order to determine the material matters to be included in the reporting.

Impact materiality focuses on the significant effects that the Group's activities may generate on people and the environment, and the assessment was carried out based on the evaluation of severity and likelihood identified by stakeholders.

In particular, the assessment of impacts is based on severity, which is represented by a combination of factors, namely scale and scope, to which, in the case of negative impacts, the character of irremediability is also added. To severity is also added the assessment of likelihood, which, in the case of potential impacts, is evaluated to determine its level, while for actual impacts the level of likelihood is directly assigned as maximum.

For the assessment of impacts, a scale with levels from 1 (minimum impact) to 5 (very high impact) was used, in order to quantitatively measure respondents' opinions and obtain an in-depth understanding of stakeholder expectations and priorities.

For the 2024 reporting year, the assessment of severity and likelihood was expressed jointly, as each stakeholder was asked to provide an evaluation encompassing all the parameters required by the ESRS. For the 2025 reporting year, the adopted methodology was more granular, analyzing separately scale, scope, irremediability, and likelihood of impacts, in line with the provisions of the ESRS (European Sustainability Reporting Standards).

Specifically, the assessment of severity factors was carried out by combining the evaluation of scale, expressed by all key stakeholders consulted, both internal and external, with an evaluation of scope and irremediability expressed solely by top and middle management, as owners of the operations, activities, and processes from which the impacts arise. Likelihood was also assessed through input from top and middle management, using a scale from 1 (minimum likelihood) to 5 (very high likelihood), to be evaluated based on the presence, specificity, and adequacy of the organizational, control, and management measures implemented by the Group.

The selection of material matters was based on the results of an in-depth consultation of the stakeholders considered most relevant, through the administration of a specific questionnaire.

The responses to the questionnaire were analyzed by calculating the average, excluding missing responses.

Specifically, responses were analyzed by stakeholder categories, calculating for each category the average value attributed to the scale of the impact by all stakeholders and to scope and irremediability by middle and top management; the final value attributed to the scale of the impact is given by the average of the average values obtained for each category, while the value attributed to scope and irremediability is given by the average of the values expressed by management. The final value attributed to severity is given by the sum of the values obtained for scale, scope, and irremediability, reparameterized on the 1 to 5 assessment scale.

Similarly, the final value attributed to likelihood is given by the average of individual management assessments, reparameterized on the 1 to 5 assessment scale.

The identification of material impacts was carried out by defining the materiality threshold starting from a high relevance level: the level of relevance of impacts is given by the product of severity × likelihood, whose minimum value is 1 and maximum is 25. Relevance levels were assigned as follows: minimum relevance for scores between 1 and 2; low relevance for scores between 3 and 6; medium relevance for scores between 7 and 11; high relevance for scores between 12 and 16; very high relevance for scores between 17 and 25.

This classification made it possible to clearly represent the relevance of the various topics, identifying different priority levels on which to define the action plan.

The topics exceeding this threshold were considered material.

Financial materiality assesses the risks and opportunities deriving from sustainability topics that may affect the financial performance of the Group. The analysis focuses on:

Risks: which contribute to a negative deviation in expected future cash inflows and/or a higher deviation in expected future cash outflows and/or a negative deviation compared to an expected change in capital not recognized in the financial statements;
Opportunities: which contribute to a positive deviation in future cash inflows and/or a lower deviation in expected future cash outflows and/or a positive deviation compared to an expected change in capital not recognized in the financial statements.

Material risks and opportunities for the Group generally derive from impacts, dependencies, or other risk factors. For the 2024 reporting year, the assessment was of a qualitative-quantitative nature, with a range of possible effects evaluated from 1 to 5, with particular reference to the impact on revenues; for the 2025 reporting year, the methodology adopted followed the same approach as impact materiality and was carried out by top and middle management and extended to stakeholders such as shareholders, credit institutions, and investment banks. In particular, the assessment of risks and opportunities was based on the likelihood of occurrence and the potential scale of the financial effect.

The assessment was carried out through the administration of a questionnaire in which respondents were asked to express a judgment value on a scale with magnitude from 1 (minimum) to 5 (critical) for scale and from 1 (minimum) to 5 (very high) for likelihood. For each level of scale and likelihood, a rationale for judgment was associated, allowing the expressed judgment to be linked to evidence as objective and verifiable as possible, in continuity with the methodology used in the previous reporting cycle.

Responses to the questionnaires administered were analyzed by stakeholder categories, calculating for each category the average value. The final value attributed to the scale of risks and opportunities is given by the average of the average values obtained, as is the final value attributed to the likelihood of occurrence, which is given by the average of the corresponding average values obtained.

The level of significance of risks and opportunities (RO) is given by the product of magnitude × likelihood, whose minimum value is 1 and maximum is 25. The definition of material risks and opportunities is carried out by defining the materiality threshold starting from a high relevance level, as for impacts: RO with a relevance score equal to or above 12 (included) are considered material, while those with a score below 12 are not considered material.

The double materiality assessment, conducted using a rigorous analytical methodology and involving internal and external stakeholders, made it possible to identify the most relevant risks, opportunities, and impacts for the Group, which are fundamental for the definition of sustainability strategies.

Following careful evaluation, top management decided to integrate the outcomes of the double materiality assessment, adding a topic that had not initially emerged as relevant.

The adoption of specific preventive and protective measures for each identified risk is fundamental. The Group does not implement generic measures, but analyzes each risk in detail to understand how to prevent it or mitigate its impact. Among the measures applied are procedures, corporate policies, established best practices, training, collection of reports, auditing activities, and monitoring of planned actions and related metrics.

Starting from 2024, the first reporting year under the ESRS, the Group has integrated the process of identification, assessment, and management of impacts and risks into its enterprise risk management system. This process is structured to ensure a proactive assessment of risks, including both "traditional" risks (financial, operational, legal) and emerging sustainability-related risks (environmental, social, governance).

The process of identification, assessment, and management of opportunities is structurally integrated into the overall management system, with a focus on strategic alignment and the multidisciplinary involvement of business functions. The assessment of opportunities, conducted in line with established corporate practices and procedures for risk identification and assessment and consolidated sustainability statement, considers both internal and external factors. This integrated approach ensures that identified opportunities are consistent with corporate strategic objectives and that their potential impact, both positive and negative, is carefully assessed. The process involves the active participation of several business functions, including general management, the finance function, the operations function, and the human resources function, in order to ensure a comprehensive and multidisciplinary view of opportunities. The selected opportunities are then monitored over time, with periodic reporting to management and the Board of Directors, to verify their effective implementation and impact on the company.

IRO-2 List of material topics reported and omitted

BP-1 General information on the preparation of this document	2
BP-2 Disclosure on specific situations	3
Transitional provisions in accordance with Appendix C of ESRS 1	4
ESRS S3 – Affected communities	5
ESRS S4 – Consumers and end-users	5
Governance	6
GOV-1 Composition and role of the administrative, management and supervisory bodies	6
GOV-2 Information provided to and sustainability matters addressed by the undertaking's administrative,management and supervisory bodies	10
GOV-3 Incentive scheme linked to sustainability targets	11
GOV-4 Statement on due diligence on sustainability matters	11
GOV-5 Risk management systems and internal controls related to the Consolidated Sustainability Statement	12
Strategy	14
SBM-1 Strategy, value chain and business model	14
SBM-2 Interests and views of stakeholders.	21
SMB-3 Material environmental, social and governance impacts, risks and opportunities and their interaction withthe strategy and business model	24
Management of risks, opportunities and impacts	29
IRO-1 Process applied for the materiality assessment, involvement of internal and external stakeholders	29
IRO-2 Elenco temi materiali rendicontati ed omessi	32
2. ENVIRONMENTAL DISCLOSURES	37
Taxonomy Regulation (information pursuant to ART. 8 EU Reg. 852/2020)	37
ESRS E1 – Climate change	50
3. SOCIAL DISCLOSURES	57
ESRS S1 – Own workforce	57
4. GOVERNANCE DISCLOSURES	65
ESRS G1 – Business conduct	65

The table below reports data points derived from other EU legislation, as listed in Appendix B of the ESRS 2.

Disclosure Requirement and relateddatapoint	SFDRreference1	Pillar 3reference2	BenchmarkRegulationreference 3	EU ClimateLawreference4	Section
ESRS 2 GOV-1 Board's gender diversityparagraph 21, d)	✓		✓		ESRS 2 GOV-1
ESRS 2 GOV-1 Percentage of board memberswho are independent paragraph 21, e)			✓		ESRS 2 GOV-1
ESRS 2 GOV-4 Statement on due diligence,paragraph 30	✓				ESRS 2 GOV-4
ESRS 2 SBM-1 Engagement in activitiesrelated to fossil fuel activities, paragraph40(d)(i)	✓	✓	✓		ESRS 2 SBM-1
ESRS 2 SBM-1 Engagement in activitiesrelated to the production of chemicals,paragraph 40(d)(ii)	✓		✓		N.A.
ESRS 2 SBM-1 Participation in activitiesrelated to controversial weapons, paragraph40(d)(iii)	✓		✓		N.A.
ESRS 2 SBM-1 Engagement in activitiesrelatedtotobaccocultivationandproduction, paragraph 40(d)(iv)			✓		N.A.
ESRS E1-1 Transition plan to achieve climateneutrality by 2050, paragraph 14				✓	N.A.
ESRS E1-1 Companies excluded from Parisaligned benchmarks, paragraph 16(g)		✓	✓		N.A.
ESRS E1-4 GHG emission reduction targets,paragraph 34	✓	✓	✓		N.A.
ESRS E1-5 Energy consumption from fossilfuels disaggregated by source (sectors only)High Climate Impact Sectors), paragraph 38	✓				N.A.
ESRS E1-5 Energy Consumption and EnergyMix, paragraph 37	✓				ESRS E1-5
ESRS E1-5 Energy Intensity Associated withActivities in High Climate Impact Sectors,paragraphs 40–43	✓				N.A.
ESRS E1-6 Gross Scope 1, 2, 3 Emissions andTotal GHG Emissions, paragraph 44	✓	✓	✓		E1-6
ESRS E1-6 Gross GHG Emission Intensity,paragraphs 53–55	✓	✓	✓		N.A.
ESRS E1-7 GHG Absorptions and CarbonCredits, paragraph 56				✓	N.A.
ESRS E1-9 Benchmark Portfolio Exposure toClimate-Related Physical Risks, paragraph 66			✓		phase-in

1 Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability reporting in the financial services sector (SFDR) (OJ L 317, 9.12.2019, p. 1).

2 Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (Capital Requirements Regulation) (OJ L 176, 27.6.2013, p. 1).

3 Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1).

4 Regulation (EU) 2021/1119 of the European Parliament and of the Council of 30 June 2021 establishing the framework for achieving climate neutrality and amending Regulation (EC) No 401/2009 and Regulation (EU) 2018/1999 ('European Climate Regulation') (OJ L 243, 9.7.2021, p. 1).

ESRS E1-9 Breakdown of monetary amountsby acute and chronic physical risk, paragraph		✓		phase-in
66(a)ESRS E1-9 Location of significant assets with
material physical risk, paragraph 66(c)		✓		phase-in
ESRSE1-9Breakdownofthecarrying
amount of its real estate assets by energy			✓	phase-in
efficiency classes, paragraph 67(c)
ESRS E1-9 Degree of portfolio exposure to				Not material
climate-related opportunities, paragraph 69	✓
ESRS E2-4 Quantity of each pollutant listed in				Not material
Annex II of the European Pollutant Release
and Transfer Register (E-PRTR) emitted to	✓
air, water, and land, paragraph 28
ESRS E3-1 Water and marine resources,				Not material
paragraph 9	✓
ESRS E3-1 Dedicated policy, paragraph 13	✓			Not material
ESRS E3-1 Sustainability of the oceans and				Not material
seas, paragraph 14	✓
ESRS E3-4 Total water recycled and reused,				Not material
paragraph 28(a) c)	✓
ESRS E3-4 Total water consumption in m3				Not material
comparedtonetrevenuesfromown	✓
operations, paragraph 29

ESRS 2 SBM-3– E4 paragraph 16, letter a),	✓			Not material
point (i)
ESRS 2 SBM-3– E4 paragraph 16, letter b)	✓			Not material
ESRS 2 SBM-3– E4 paragraph 16, letter c)	✓			Not material
ESRS E4-2 Sustainable agricultural/land-use	✓			Not material
policies or practices, paragraph 24, letter b)
ESRSE4-2Sustainablesea/ocean-use	✓			Not material
practices or policies, paragraph 24, letter c)
ESRS E4-2 Policies to address deforestation,	✓			Not material
paragraph 24, letter d)
ESRS E5-5 Non-recycled waste, paragraph	✓			Not material
37, letter d)
ESRS E5-5 Hazardous waste and radioactive	✓			N.A.
waste, paragraph 39
ESRS 2– SBM3– S1 Risk of forced labor,	✓			N.A.
paragraph 14, letter f)
ESRS 2– SBM3– S1 Risk of Child Labor,	✓			N.A.
paragraph 14, letter g)
ESRS S1-1 Political Commitments on Human			✓
Rights, paragraph 20				S1-1
ESRS S1-1 Policies on Due Diligence on Issues
Covered by Core Conventions 1 to 8 of the	✓
InternationalLabourOrganization,				N.A.
paragraph 21
ESRS S1-1 Occupational Accident Prevention
Policy or Management System, paragraph 23	✓			S1-1_14

ESRS S1-3 Complaint/Writing Mechanisms,	✓
paragraph 32(c)				S1-3
ESRS S1-14 Number of work-related fatalities	✓		✓
and accident rates, paragraph 88(b) and (c)				S1-14

ESRS S1-14 Number of days lost due to
injuries, accidents, fatalities, or illnesses,	✓
paragraph 88(e)			S1-14

ESRS S1-16 Uncorrected gender pay gap,	✓	✓
paragraph 97(a)			S1-16
ESRS S1-16 Excess pay gap in favor of the	✓
CEO, paragraph 97(b)			S1-16
ESRS S1-17 Incidents of discrimination,	✓
paragraph 103(a)			S1-17
ESRS S1-17 Failure to comply with the United
Nations Guiding Principles on Business and	✓	✓
Human Rights and the OECD Guidelines,			S1-17
paragraph 104(a)
ESRS 2 SBM-3– S2 Serious risk of child labor			Not material
or forced labor in the labor chain, paragraph	✓
11(b)
ESRS S2-1 Political commitments on human			Not material
rights, paragraph 17	✓
ESRS S2-1 Labor-Related Policies in the Value			Not material
Chain, Paragraph 18	✓

ESRS S2-1 Failure to Comply with the United			Not material
Nations Guiding Principles on Business and	✓	✓
Human Rights and the OECD Guidelines,
Paragraph 19
ESRS S2-1 Due Diligence Policies on Issues			Not material
CoveredbyInternationalLabour		✓
Organization Core Conventions 1 to 8,
Paragraph 19
ESRS S2-4 Human Rights Issues and Incidents			Not material
in Its Upstream and Downstream Value	✓
Chain, Paragraph 36
ESRS S3-1 Political Commitments on Human			Not material
Rights, Paragraph 16	✓
ESRS S3-1 Failure to Comply with the United			Not material
Nations Guiding Principles on Business and
Human Rights, ILO Principles, or the OECD	✓	✓
Guidelines, Paragraph 17
ESRSS3-4HumanRightsIssuesand			Not material
Incidents, Paragraph 36	✓

ESRS S4-1 Consumer and End-User Policies,	✓		Not material
Paragraph 16
ESRS S4-1 Failure to Comply with the			Not material
PrinciplesUnitedNationsGuidanceon	✓	✓
Business and Human Rights and the OECD
Guidelines, paragraph 17
ESRSS4-4HumanRightsIssuesand	✓		Not material
Incidents, paragraph 35
ESRSG1-1UnitedNationsConvention	✓
against Corruption, paragraph 10(b)			G1-1
ESRSG1-1WhistleblowerProtection,
paragraph 10(d)	✓		G1-1
ESRS G1-4 Fines Imposed for Violations of
LawsAgainstBriberyandCorruption,	✓	✓
paragraph 24(a)			G1-4
ESRS G1-4 Standards for Combating Bribery
and Corruption, paragraph 24(b)	✓		G1-4

The relevant information is disclosed in a transparent and accessible manner through this document, which contains:

the description of the material issues.
relevant policies, objectives and metrics.
the strategies and actions taken to manage the material issues.

The Group monitors the effectiveness of the disclosure process and is committed to improving it, taking into account stakeholder feedback and changes in the regulatory and market environment.

The Group's policies, actions, metrics and objectives related to each material issue are set out in more detail in the respective section of the document.

2. ENVIRONMENTAL DISCLOSURES

Taxonomy Regulation (information pursuant to ART. 8 EU Reg. 852/2020)

The European Taxonomy, a key element of the EU strategy for sustainable finance, is a classification system that defines uniform environmental criteria to identify economic activities that can contribute to the achievement of the EU's climate and environmental objectives.

The Cy4Gate Group has decided to continue adopting the model already used in the first sustainability reporting cycle, in accordance with the disclosure pursuant to ART. 8 of EU Regulation 852/2020. Consequently, it has used the provisions contained in Delegated Regulations (EU) 2021/2178, (EU) 2021/2139, and (EU) 2023/2486 as applicable as of December 31, 2025, for the financial year beginning between January 1, 2025, and December 31, 2025.

Companies falling within the scope of Legislative Decree 125/2024 must disclose the extent to which their activities are aligned with the European Taxonomy. This provides stakeholders with crucial information on the sustainability of business operations and their contribution to the EU's environmental objectives.

The Taxonomy identifies six environmental objectives:

1. Climate change mitigation.
1. Climate change adaptation.
1. Sustainable use and protection of water and marine resources.
1. Transition to a circular economy.
1. Pollution prevention and control.
1. Protection and restoration of biodiversity and ecosystems.

To be considered "environmentally sustainable," an economic activity must contribute substantially to at least one of these objectives, without significantly harming any others, and comply with minimum safeguards.

The taxonomic reporting process is represented by the following steps:

● Preliminary screening of potentially eligible economic activities: this activity involves a rigorous selection process, carried out on the basis of the technical annexes of the Delegated Acts. The screening is conducted using both the ATECO code of each Group company and the specific description of the activities covered in the annexes. Based on the aforementioned analyses, a list of eligible economic activities is established.

● Detailed assessment of the alignment of identified eligible economic activities: each economic activity is assessed based on how it is conducted with respect to the technical screening criteria defined by the legislator. Compliance with the Minimum Safeguards is also verified. This assessment determines whether the various economic activities are aligned.

● KPIs for reporting: extraction of the KPIs required for reporting in accordance with the Taxonomy, based on the criteria outlined in Annex I and following the template in Annex II of the Delegated Regulation.

Eligibility and alignment analysis

The analysis carried out shows that the Group's activities covered by the delegated acts on climate change adaptation and mitigation are not aligned.

Specifically, the following emerges with regard to eligibility.

Climate Change Mitigation:

Permissible 8.1 Data Processing, Hosting, and Related Activities

The Group has not implemented all the relevant practices listed as "expected practices" in the most recent version of the European Code of Conduct on Energy Efficiency of Data Centers or in the CEN-CENELEC CLC TR50600-99-1 document "Data Center Facilities and Infrastructures." The Group operates some data centers that are not owned by it, due to logistical constraints beyond its control. Furthermore, it was not possible to verify the global warming potential of the refrigerants used in the data center's cooling system.

Permissible 6.5 Transportation by Motorcycles, Passenger Cars, and Light Commercial Vehicles relating to the Purchase, financing, rental, leasing, and management of vehicles belonging to categories M1 (253) and N1 (254), both of which fall within the scope of Regulation (EC) No. 715/2007 of the European Parliament and of the Council (255), or L (two- and three-wheel vehicles and quadricycles).

Transition to a circular economy:

Eligible 4.1 Provision of IT/OT (information technology/data-driven operational technology) solutions

Activities associated with the remaining objectives other than mitigation and circular economy are not eligible as they are not relevant to the activities of the Group companies.

The accounting information reported in the tables is reconciled with the values reported in the financial statements. Specifically, regarding revenues, please refer to section "7. Operating revenues"; regarding Capex, please refer to sections "16. Intangible assets, 17. Property, plant and equipment, 18. Right-of-use assets".

Furthermore, OpEx refers to site maintenance and short-term rental costs excluded from IFRS 16.

In accordance Pursuant to Article 18 of EU Regulation 2020/852, the Company verified compliance with the Minimum Safeguards. This analysis confirmed the adoption of appropriate procedures to ensure alignment with the OECD Guidelines and the United Nations Guiding Principles, as referred to in the Code of Ethics and the due diligence process adopted by the Group.

Proportion of turnover from products or services associated with Taxonomy-aligned economic activities - 2025

Financial year2025		2025					Substantial contribution					DNSH
ACTIVITIES	Code	Total turnover	Proportionof turnover	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Minimumsafeguards	Taxonomyofturnoveraligned(A.1.) ortaxonomyeligible(A.2.),year 2024	Enablingactivity	Transitionalactivity

		currency	%	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	%	E	T
A. TAXONOMY ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (taxonomy-aligned)
Activity 1			%	N/E	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%
Activity1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Activity2			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%		T
Turnover ofenvironmentallysustainableactivities(taxonomyaligned)A.1		0	0%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%

Financial year 2025		2025					Substantial contribution					DNSH
ACTIVITIES	Code	Total turnover	Proportionof turnover	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Minimumsafeguards	Taxonomyofturnoveraligned(A.1.) ortaxonomyeligible(A.2.),year2024	Enablingactivity	Transitionalactivity
Enabling			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Transitional			%	%						Y	Y	Y	Y	Y	Y	Y	%		T

A.2. Taxonomy eligible activities, not Environmentally sustainable (activities not aligned to Taxonomy)

				E;N/E	E;N/E	E;N/E	E;N/E	E;N/E	E;N/E
Activity1		€	%
Data processing,hosting andrelatedactivities:ForensicIntelligence andDecision Intelligence	CCM8.1	79.815.218,00 €	81%	E	N/E	N/E	N/E	N/E	N/E
Provision of datadrivenIT/OT(informationtechnology/operationaltechnology) solutions	CE4.1	14.283.709,18 €	14%	N/E	N/E	N/E	N/E	E	N/E
ROU -Transportation	CCM6.5	0	0%	N/E	N/E	N/E	N/E	N/E	N/E

Financial year2025		2025	Substantial contribution					DNSH
ACTIVITIES	Code	Total turnover	Proportionof turnover	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity& ecosystems	Climatechangemitigation	Climate change adaptation	Waree	Pollution	Circulareconomy	Biodiversity& ecosystems	Minimumsafeguards	Taxonomyofturnoveraligned(A.1.) ortaxonomyeligible(A.2.), year2024	Enablingactivity	Transitionalactivity
Turnover ofactivities eligiblefor the taxonomybut notenvironmentallysustainable(activities notaligned with thetaxonomy) (A.2)		94.098.927,18€	95%	81%	%	%	$%$	14%	$%$								86%
Turnover ofTaxonomyeligible activities$(A.1 + A.2)$		94.098.927,18€	95%	81%	%	%	%	14%	%								86%

B. TAXONOMY-NON-ELIGIBLE ACTIVITIES
Turnover ofTaxonomy NON-eligible activities		5.035.020,00 €	5%
ΤΟΤΑL		99.133.947,18€	100%

		Portion of turnover/total turnover
	Taxononomy aligned per objective	Taxononomy eligible per objective
CCM	0%	81%
CCA	%	%
WTR	%	%
CE	0%	14%
PPC	%	%
BIO	%	%

Portion of capital expenditure arising from products or services associated with economic activities aligned with the taxonomy- 2025

Financial year2025		2025					Substantial contribution						DNSH
ACTIVITIES	Code	Total capital expenditure	Poexrtiopenndofitucapreital	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Minimumsafeguards	Portion ofCapExTaxonomyaligned(A.1.) ortaxonomyeligible(A.2.), year2024	Eligibleactivity	Transitionalactivity
		curre	%	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	%	E	T
		ncy		N/E	N/E	N/E	N/E	N/E	N/E
A. TAXONOMY ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (taxonomy-aligned)
Activity 1				%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%
Activity1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Activity2			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%		T
CapEx ofEnvironmentallysustainableactivities(taxonomyaligned)A.1		0	0%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	0%

Financial year 2025		2025	Substantial contribution				DNSH
ACTIVITIES	Code	Total capital expenditure	Portionofcapital expenditure	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Minimumsafeguards	PortionofCapExTaxonomyaligned(A.1.)ortaxonomyeligible(A.2.),year2024	Eligibleactivity	Transitionalactivity
Enabling			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Transitional			%	%						Y	Y	Y	Y	Y	Y	Y	%		T
A.2. Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)
				E;N/E	E;N/E	E;N/E	E;N/E		E;E;N/EN/E
Activity 1		€	%
Data processing,hosting andrelatedactivities:ForensicIntelligence andDecision Intelligence	CCM8.1	4.292.298,00 €	27%	E	N/E	N/E	N/E		N/EN/E								25%
Provision of datadrivenIT/OT(information	CE4.1	1.555.180,00 €	10%	N/E	N/E	N/E	N/E		EN/E								7%

technology/operationaltechnology) solutions
ROU -Transportation	CCM6.5	470.253,00 €	3%	E	N/E	N/E	N/E	N/E	N/E	3%
CapEx of Taxonomyeligibleactivities butnotenvironmentallysustainableactivities(notTaxonomyaligned activities)(A.2)		6.317.731,00 €	40%	30%	%	%	%	10%	%	35%
CapEx of Taxonomyeligibleactivities(A.1+ A.2)		6.317.731,00 €	40%	30%	%	%	%	10%	%	35%
		B. TAXONOMY NOT ELIGIBLE ACTIVITIES

CapEx of NOTTaxonomyeligible activities B	9.435.124,00 €	60%
TOTAL	15.752.855,00€	100%

		Portion of CapEx / total CapEx
	Taxnonomy aligned per objective	Tanonomy eligible per objective
CCM	0%	30%
CCA	%	%
WTR	%	%
CE	0%	10%
PPC	%	%
BIO	%	%

Portion of opex associated with Taxonomy-aligned economic activities - 2025

Financial year 2025		2025				Substantial contribution							DNSH
ACTIVITIES	Code	OpEx	PortionofOpEx	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Minimumsafeguards	Portion ofCapExTaxonomyaligned(A.1.) ortaxonomyeligible(A.2.), year2024	Eligibleactivity	Transitionalactivity

		currency	%	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;N/E	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	Y/N;	%	E	T
A. TAXONOMY ELIGIBLE ACTIVITIES
A.1. Environmentally sustainable activities (taxonomy-aligned)
Activity 1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%
Activity1			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Activity2			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%		T
OpEx ofEnvironmentallysustainableactivities(taxonomy-aligned)A.1		0	%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%

Financial year 2025		2025					Substantial contribution						DNSH
ACTIVITIES	Code	OpEx	PortionofOpEx	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Climatechangemitigation	Climatechangeadaptation	Waree	Pollution	Circulareconomy	Biodiversity&ecosystems	Minimumsafeguards	PortionofCapExTaxonomyaligned(A.1.) ortaxonomyeligible(A.2.),year 2024	Eligibleactivity	Transitionalactivity
Enabling			%	%	%	%	%	%	%	Y	Y	Y	Y	Y	Y	Y	%	E
Transitional			%	%						Y	Y	Y	Y	Y	Y	Y	%		T
A.2. Taxonomy-eligible but not environmentally sustainable activities (not Taxonomy-aligned activities)
				E;N/E	E;N/E	E;N/E	E;N/E	E;N/E	E;N/E
Activity1		€	%														%
Data processing,hostingandrelated activities:ForensicIntelligence andDecision Intelligence	CCM8.1	0 €	0%	N/E	N/E	N/E	N/E	N/E	N/E								0%
Provision of data-drivenIT/OT (informationtechnology/operationaltechnology) solutions	CE4.1	0 €	0%	N/E	N/E	N/E	N/E	N/E	N/E								0%

B. TAXONOMY NOT ELIGIBLE ACTIVITIES

OpEx of NOTTaxonomyeligible activities B	983.100,00€	100%
TOTAL	983.100,00€	100%

	Portion of Opex / Total Opex
	Taxnonomy aligned per objective	Tanonomy eligible per objective
CCM	%	0%
CCA	%	%
WTR	%	%
CE	%	0%
PPC	%	%
BIO	%	%

Below the KPIs: ANNEX XII Model 1 - Nuclear and Fossil Gas Activities

	Nuclear activities
1	The company carries out, finances or has exposures to research, development,demonstration and implementationof innovative power generation plants that produceenergy from nuclear processes with a minimum amount of fuelcycle waste.	NO
2	The company carries out, finances or has exposures to the construction and safe operationof new nuclear power plants for the generation of electricity or process heat, including fordistrict heating purposes or for industrial processes such as hydrogen production, andimprovements in their safety with the help of the best available technology.	NO
3	The company carries out, finances or has exposures to the safe operation of existing nuclearpower plants that generate electricity or process heat, including for district heating orindustrial processes such as the production of hydrogen from nuclear energy, andimprovements to their safety.	NO

	Fossil Gas activities
4	The company carries out, finances or has exposures to the construction or operation ofpower generation plants using gaseous fossil fuels.	NO
5	The company carries out, finances or has exposures to the construction, upgrading andoperation of combined heat/cool and power generation plants using gaseous fossil fuels.	NO

ESRS E1 – Climate change

E1-1 Transition Plan for Climate Change Mitigation

Currently, a transition plan for climate change mitigation has not been adopted, as the scope for direct intervention on consumption, conditioned by the use of leased properties, is limited. However, as part of its 2026-2030 Sustainability Plan, the Group has identified the following actions: the development and implementation of a consumption and emissions monitoring system, with the following objectives:

reduce direct and indirect CO2 emissions to below 10 tCO2/€ million location-based and <13 tCO2/€ million market-based in 2026, and below 9 tCO2/€ million and 12 tCO2/€ million, respectively, in 2030.
reduce energy consumption to below 18 MWh per million euros of revenue in 2026, and below 16 MWh per million euros of revenue in 2030.

The aforementioned objectives will be pursued through the implementation of a series of actions, in addition to the implementation of monitoring systems:

For Scope 2 (electricity), evaluate:

Switching to supply contracts with 100% renewable Certificates of Guarantee of Origin (GO).
Rescheduling smart working days for peak temperatures (summer/winter) to reduce operational energy consumption at physical locations.
Possible energy optimization methods for servers and data centers.

For Scope 1 (mobility and heating), evaluate:

• Adopting a policy that favors, under the same economic conditions, fully electric or plug-in vehicles for new leasing contracts.

E1.SBM-3 Impacts, risks and opportunities and their interaction with the strategy and business model

Within the double materiality assessment, the impacts, risks and opportunities (IROs) associated with climate change were identified and examined. The assessment shows that the Group's business model, current assets, and operating sites present an overall low level of exposure to climate risks, demonstrating a high degree of resilience.

Specifically, negative impacts were identified within the theme of climate change mitigation, due to greenhouse gas emissions generated by the heating of corporate premises and the circulation of vehicles in the corporate fleet (Scope 1) and by energy consumption (Scope 2). Although these were not assessed as material, they were included in the list of relevant impacts, recognizing the importance attributed to actions aimed at reducing emissions.

Within the theme of climate change adaptation, a positive impact was identified relating to the adoption of measures to prevent and reduce damage in the event of extreme weather events, ensuring the security of information systems for the benefit of the entire value chain. Linked to this positive impact is a physical risk, highlighting that, in the absence of strengthened security solutions, the Group's digital infrastructure could suffer damage with consequent service interruption. Although this risk was not assessed as material, it was also included in the list of relevant risks in order to ensure that adaptation measures already in place are actively monitored to prevent the risk from becoming material in the future.

Finally, among the material impacts is the increase in energy consumption and the carbon footprint of the company or the supply chain that may result from the greater computing power and data processing required by the use of artificial intelligence and digital technologies in business processes, thereby contributing to climate change.

Additional climate risks were identified in relation to the business model, operating sites, or corporate activities; however, these were not assessed as relevant by the analysis conducted, as detailed in the following section.

The double materiality assessment and the risk analysis were conducted from October 2025 and concluded in December 2025.

The analysis considered impacts over short-, medium-, and long-term time horizons, focusing on activities within our direct area of competence and knowledge. However, the perspective on potential risks arising from the value chain remains more limited, although such factors are considered unlikely to significantly affect financial soundness or business performance.

In light of the assessments carried out, the majority of identified impacts and risks do not directly influence the business model or corporate strategy in the short, medium, or long term.

With regard to impacts and risks assessed as relevant:

The main adaptation strategy consists of securing infrastructure (backup generators and data centers) and, consequently, information systems, in order to ensure continuity in the operation of cybersecurity software solutions, for the benefit of the entire value chain, including in the event of extreme weather events.

With respect to reducing emissions and energy consumption, monitoring represents a tool enabling in-year verification and assessment, placing the Group in a position to evaluate potential interventions to bring energy consumption back within defined targets.

Cy4gate and all companies controlled by Cy4gate have all-risks property insurance coverage extended to catastrophic risks, covering both buildings and movable assets, including additional costs.

E1.IRO-1 Process to identify and assess climate-related impacts, risks and opportunities

Within the framework of risk analysis and treatment provided for under the company's integrated management system and in accordance with ISO 31000 "Risk Management" principles and guidelines, a thorough assessment of our sites and business activities was conducted. This assessment identified a significantly elevated risk of destruction and/or alteration due to natural or environmental events (earthquakes, floods, fires, atmospheric and meteorological events), concentrated exclusively in Data Centers/Server Farms.

CY4Gate assesses the physical risk related to climate change during the risk assessment conducted under ISO 27001. The methodology followed is described in the ATR Model – Risk Analysis and Treatment – based on the following phases:

Risk identification
Risk analysis
Risk treatment
Risk monitoring and control

The Risk Assessment for the identification and evaluation of risks is carried out at intervals defined by the Risk Manager. The results are presented and shared with the relevant corporate functions and submitted to the Administration, Management, and Control bodies.

The outcomes of the periodic assessment are approved by Management and discussed during Management Review. The result of the latest risk assessment concerning the risk of "Destruction and/or alteration due to natural or environmental events (earthquakes, floods, fires, atmospheric and meteorological events)" states that "Management has adopted a strategy of acceptance of residual risk, although it remains classified as to be treated, as mitigation interventions would be excessively burdensome relative to the company's business needs."

We believe that the approach adopted is adequate to assess and understand our risk context, particularly considering that our potential exposures are limited. However, we will continue to evaluate the opportunity for future updates, including the implementation of additional analyses based on climate scenarios.

At present, the identification of transition events and the assessment of exposure and sensitivity have not been based on high-emission climate scenario analyses, and no climate assumptions are included in the financial statements.

The Group has not screened assets and business activities to determine whether they may be exposed to climate-related transition events.

The Group has not identified assets and business activities that are incompatible with the transition to a climate-neutral economy or that require significant efforts to become compatible with such transition.

E1-2 Policies related to climate change mitigation and adaptation

The Group, including environmental protection among its objectives as a matter of common interest, implements strategies aimed at ensuring an appropriate balance between business needs and ecology.

Attention to reducing energy consumption, CO₂ emissions, and strengthening infrastructure resilience in response to climate change represents priority sustainability topics addressed within environmental protection policies and objectives.

Environmental protection is first and foremost one of the general ethical principles guiding the Group's conduct. The inclusion of this principle in the Group's Code of Ethics constitutes a formal and strategic commitment that goes beyond mere regulatory compliance, defining a framework of rules and ethical conduct to which executives, employees, all those acting in the name and on behalf of the Group, as well as all external parties maintaining contractual relations with it, must adhere.

This principle and ethical framework are then implemented through environmental procedures and systems. Specifically, CY4Gate, within the 2025 update of the MOG 231/2001, adopted a specific procedure aimed at identifying organizational principles and operational methods for implementing the environmental system, which provides in detail for:

Identification of parties within the environmental system
General environmental protection measures
Phases and records provided for under the system
Information flows to the Supervisory Body (in italian: l'OdV or Organismo di Vigilanza)

These principles and procedures are also communicated and adopted by the other Group companies which, within the integrated Group control and management system, are required to align their Organization, Management and Control Models with the Parent Company's guidance and, where they do not have their own Model, to comply with the Parent Company's provisions.

Among the Group companies, RCS, in addition to having its own MOG 231/2001, has also adopted an integrated policy on quality, environment, health, and safety. The Environmental Management System adopted complies with the UNI EN ISO 14001 international standard, for which RCS renewed certification in 2025.

E1-3 Actions and resources in relation to climate change policies

In line with the climate change topics and objectives identified as priorities, and within the framework of the policies and instruments adopted, the Group has implemented a range of actions for climate change mitigation and adaptation. In particular, in 2025 the Group implemented the following actions:

Expansion of the measurement of energy consumption and GHG emissions, using directly measured consumption data and reducing the share of estimated data.
Maintenance of ISO 14001 Environmental Management System certification for RCS.
Adoption of Protocol PT6 "Occupational Health and Safety Management and Environmental Protection" within the update of the MOG 231/2001 dated 31/07/2025 of CY4Gate.
Periodic assessment of climate change-related risks within the ISO 27001 framework.
At CY4GATE, participation in the 2025 "Mi illumino di meno" initiative on 21/02/2025.
Confirmation of support for the initiative "100 trees planted in the Treedom forest," contributing to a reduction of 17 tons of CO₂.

The decarbonization levers, implemented starting from the 2025 financial year and considered within the planning of future actions, mainly concern energy efficiency measures and consumption reduction.

In this direction, although the Group has not yet defined specific consumption and emission reduction targets, within the Sustainability Plan 2026–2030 it has planned to develop monitoring plans for energy consumption and emissions and has set, as targets for 2026 and 2030, not to exceed sector average values for both emissions intensity and energy intensity per net revenues. These measurements and monitoring activities will support, by 2030, the evaluation of the adoption of a transition plan.

With reference to the medium- to long-term period, the Group commits to evaluating the adoption of electric or hybrid vehicles, replacing diesel and gasoline vehicles; it also commits to ensuring the use of recyclable materials at corporate events.

Through its actions, the Group covers all topics assessed as material.

E1-4 Climate change targets

SpecificSustainabilityTopics	Objectives	Actions	KPI	Baseline2025	Target2026	Target2030
Mitigation	Reduce theincidence ofgreenhousegas emissions(SCOPE 1 andSCOPE 2)	Develop anemissionsmonitoringplan	Direct CO₂emissions(Scope 1) andindirect CO₂emissions(Scope 2) permillion euros ofrevenue	10,12tCO2/€millionlocationbased13,97tCO2/€millionmarketbased	< 10tCO2/€millionlocationbased< 13tCO2/€millionmarketbased	< 9 tCO2/€millionlocationbased< 12tCO2/€marketbased
Energy	Reduce theincidence ofenergyconsumptionper millioneuros ofrevenue	Develop anenergyconsumptionmonitoringplan	MWhconsumptionper millioneuros ofrevenue	18,84Mwh/€million	< 18Mwh/€million	< 16Mwh/€million

E1-5 Energy consumption and mix

Below are the Group's electricity consumption* figures for 2025, compared with 2024.

ID	Energy consumption and energy mix within the Group	uom	2024	2025
E1-5_02	Total energy consumption from fossil sources	MWh	7202,01	4118,85
E1-5_15	% of fossil sources in total energy consumption	%	99,71	98,85
E1-5_03	Total energy consumption from nuclear sources	MWh	0	0
E1-5_04	% of energy consumption from nuclear sources in totalenergy consumption		0	0
E1-5_06	Fuel consumption from renewable sources, includedbiomass	MWh	21,22	48,06
E1-5_07	Consumption of purchased or acquired electricity,heat, steam, and cooling from renewable sources	MWh	0	0
E1-5_08	Consumption of self-generated non-fuel renewableenergy	MWh	0	0
E1-5_05	Total energy consumption from renewable sources	MWh	21,22	48,06
E1-5_09	% of renewable sources in total energy consumption		0,29	1,15
E1-5_01	Total energy consumption related to own operations	MWh	7223,23	4166,91

*Consumption is calculated on the basis of measured and estimated values. Estimates are defined according to the number of employees, using the proportionality coefficient of CY4GATE, a company operating in the same business. Specifically, the value of E1-5_02 is determined, for both 2024 and 2025, by the estimated value for XTN and the measured values of the other companies.

Energy from renewable sources is represented by guarantees of origin certificates.

The Group does not produce energy.

E1-6 Gross Scopes 1, 2, 3 and Total GHG emissions

	GHG Inventory – Scope 1
--	-------------------------	--	--

ID	Emissions	2024	2025
E1-6_07	Gross Scope 1 greenhousegas emissions	1068,99	633,91
E1-6_08	% of Scope 1 GHGemissions from regulatedemission tradingschemes	n.a.	n.a.

*Values are calculated on the basis of measured and estimated data. Estimates are defined according to the number of employees, using the proportionality coefficient of CY4GATE, a company operating in the same business. For 2024, estimated data refer to DARS, STIL, Tykelab S.r.l., Diateam S.A.S., and XTN, while for CY4Gate and RCS values are calculated based on actual consumption. For 2025, estimated data refer to DARS, Tykelab S.r.l., and Diateam S.A.S., while for XTN values are calculated based on actual consumption, as for CY4Gate and RCS. STIL was merged by incorporation into the direct parent company RCS.

GHG Inventory – Scope 2

ID	Emissions	2024	2025
E1-6_09	Gross location-based Scope 2greenhouse gas emissions	437,74	392,76
E1-6_10	Gross market-based Scope 2greenhouse gas emissions	837,18	784,91

Emissions – Own Operations (Scope 1 & Scope 2)

ID	2024	2025
Total Scope 1 e 2 (location-based)	1506,43	1026,68
Total Scope 1 e 2 (market-based)	1905,87	1418,82

*The total emissions value includes the estimated values as previously indicated.

Greenhouse gas emissions disaggregated by geographical area

Scope 1
ID	Emissions	Year	Total Group	Italy*	France**	Spain***
E1-6_07	Gross Scope 1greenhouse gasemissions	2024	1068,99	1011,24	27,58	30,17
		2025	633,91	593,53	17,07	23,32
E1-6_08	% of Scope 1 GHGemissions fromregulated emissiontrading schemes	20242025	n. a	n.a	n.a	n.a

Scope 2
ID	Emissions	Year	Total Group	Italy*	France**	Spain***

	Gross location	2024	437,74	430,41	3,2	4,13
E1-6_09	based Scope 2greenhouse gasemissions	2025	392,76	385,93	2,74	4,09
	Gross market	2024	837,18	825,44	3,14	8,6
E1-6_10	based Scope 2greenhouse gasemissions	2025	784,91	782,80	2,11	0

Emissions – Own Operations (Scope 1 & Scope 2)

ID	Year	Total Group	Italy*	France**	Spain***
Total Scope 1 e 2(location-based)	2024	1506,73	1441,65	30,78	34,30
	2025	1026,68	979,46	19,81	27,41
Total Scope 1 e 2	2024	1906,17	1836,68	30,72	38,77
(location-based)	2025	1418,82	1376,32	19,18	23,32

*Data refer to emissions produced by companies with offices in Italy: Cy4Gate, RCS, STIL (2024 only), Tykelab S.r.l., and XTN.

**Data refer to emissions produced by companies with offices in France: Diateam S.A.S.

***Data refer to emissions produced by companies with offices in Spain: DARS.

Below are the methodologies applied for the calculation of emissions:

Scope 1: The emission factors used for the calculation are based on the Fifth Assessment Report (AR5) of the Intergovernmental Panel on Climate Change (IPCC), considering a 100-year time horizon, in order to ensure that conversion factors are consistent with current national and international reporting requirements.

The quantities of greenhouse gases emitted per liter of fuel consumed are indicated. The calculation was performed by multiplying tracked consumption by the relevant emission factors, thus obtaining an estimate of greenhouse gas emissions expressed in tons of CO₂ equivalent (tCO₂e).

Scope 2: Emissions are calculated by multiplying energy consumption expressed in MWh by the relevant emission factor, thus obtaining an estimate of greenhouse gas emissions expressed in tons of CO₂ equivalent (tCO₂e). The location-based method uses the average emission factor of the national or regional electricity grid. The market-based method uses the specific emission factor associated with the purchase of electricity, where certified by guarantees of origin (GO). In the absence of such certification, the residual mix emission factor calculated by AIB is applied.

No significant events or changes in circumstances (relevant to GHG emissions) are known to have occurred between the reporting dates of entities in the value chain and the date of the company's general financial statements.

No biogenic CO₂ emissions resulting from combustion or biodegradation of biomass, not included in Scope 1 GHG emissions, were identified.

No volume of biogenic CO₂ emissions resulting from combustion or biodegradation of biomass, not included in Scope 2 GHG emissions, was identified.

33% of total energy, or 100% for Tykelab and DARS, comes from renewable sources, with guarantees of origin certificates. Emissions were calculated using both market-based and location-based approaches, as reported in the previous disclosure tables.

Emissions intensity relative to net revenues (location-based and market-based) is presented in the following table.

ID	Unit	2024	2025

GHG emissions intensity, location-based(total GHG emissions per net revenue)	tCO₂ /€ milioni	20,06	10,11
GHG emissions intensity, market-based(total GHG emissions per net revenue)	tCO₂ /€ milioni	25,37	13,97

The Group does not use carbon credits or greenhouse gas removal and storage activities.

The Group does not use internal carbon pricing mechanisms.

3. SOCIAL DISCLOSURES

ESRS S1 – Own workforce

All members of the own workforce on whom the Group could generate material impacts are included within the scope of reporting in accordance with ESRS 2.

The Group is mainly composed of employees with technical skills, such as developers and system engineers, who constitute the majority of the workforce. Therefore, although the vast majority of people working within the Group's companies are employees, the Group also relies on highly specialized consultants for specific needs.

The Group recognizes the importance of safeguarding the working conditions of its employees and collaborators; these may include aspects such as health and safety, working hours, adequate remuneration, and work-life balance, as well as processes and practices for engagement and listening to their needs. The failure to apply such safeguards could have a negative impact on workers. To prevent this, the Group is committed to sharing and implementing the directives and policies of the Parent Company regarding labor protection.

Activities that generate significant positive impacts include training initiatives, corporate well-being programs, and inclusion policies. The beneficiaries of such benefits, whether employees or external collaborators, vary depending on the business and geographical context.

The Group is committed to promoting an inclusive work environment that respects diversity, ensuring equal employment opportunities and inclusion for persons with disabilities. Furthermore, the Group ensures equal pay for work of equal value, contributing to generating a positive impact on the working community.

Through initiatives aimed at combating discrimination, violence, and harassment in the workplace, the Group promotes a healthy and safe working environment, with a positive impact on the well-being and productivity of its employees and collaborators.

The Group generates a positive impact on its own workforce also through the prohibition of child labor and forced labor, ensuring respect for the fundamental rights of workers.

By adopting policies for staff travel that include spending limits adequate to ensure appropriate accommodation during business travel, the Group is committed to safeguarding the well-being of its employees also while traveling for work. Finally, the Group, through its management system for the protection of the confidentiality of employee data and information, ensures the protection of privacy and the security of workers' personal information, generating a positive impact on their sense of security and trust.

The Group recognizes that financial success is closely linked to the quality of its human resources and to its ability to innovate and develop new technologies.

On the one hand, it is recognized that the shortage of trained and qualified personnel represents a significant risk for growth, and the difficulty in finding talent with the necessary skills could slow technological development and compromise the ability to remain competitive in the market. This could result in a negative financial effect, with lost revenues and growth opportunities. In this regard, reference is made to what is discussed in the paragraph "Main risks and uncertainties" in the Management Report.

On the other hand, investing in employee well-being represents a successful strategy for the Group. A stimulating and inclusive work environment, where employees feel valued and appreciated, generates greater satisfaction, loyalty, and staff retention. This translates into greater resource stability, reduced turnover costs, and a positive working environment that fosters productivity and innovation. Consequently, this generates a positive financial effect, with improved business performance and a greater ability to attract and retain top talent.

The market is increasingly oriented toward software solutions that ensure the confidentiality of personal data; this trend represents an important opportunity for the Group's companies. The ability to develop and offer innovative solutions in this field may generate a significant competitive advantage and a positive financial effect, with increased revenues and market share.

The Group's strategy also consists in carefully balancing the risks and opportunities related to human resources and technology. The Group invests in employee training and development to ensure the availability of qualified personnel, promotes a positive and inclusive work environment to support staff retention, and remains constantly attentive to market needs in order to develop innovative solutions that address the challenges of personal data protection. The Group believes that this strategic approach will enable it to maximize positive financial effects and mitigate risks, ensuring sustainable and long-term growth.

There are no operations within the Group that are at significant risk of incidents of forced or compulsory labor.

From the double materiality assessment and internal evaluations, no critical situations have emerged for the own workforce.

The shortage of personnel with an adequate level of training and specialized skills constitutes a serious obstacle to the Group's expansion. The difficulties encountered in recruiting professionals with the required skills could slow technological progress and jeopardize the ability to compete effectively in the market. This could have negative financial repercussions, with consequent lost revenues and missed growth opportunities.

S1-1 The Group's policies

Work-life balance

The Group has introduced flexible working hours to promote work-life balance, allowing its employees to benefit from more free time to spend with their families. Since 2023, overtime has decreased and a management-by-objectives approach has been introduced. In addition, the Group has a smart working policy that provides for 8 days per month of remote work. For new mothers, the days are extended to 12 until the child's first year of life.

This policy applies to all employees in Italy, Spain, and France, and responsibility for its implementation lies with the Chief Executive Officer and the Human Resources Director. The policy is available to all employees.

Adequate wages

To ensure balance in remuneration, the Group has adopted a market survey prepared by WTW (Willis Towers Watson), which, by associating roles with specific professional families, provides an external market benchmark for compensation linked to the role and the expertise of the resource. The use of this methodology, called "Global Grading," allows the Group to implement balanced and fair remuneration policies.

15% of the eligible population received a salary increase or performance bonus.

A short- to medium-term remuneration policy, with a 2026 target, will also be extended to XTN.

For CY4Gate, RCS, and Tykelab: adoption of the global grading system provided by Willis Towers Watson and establishment of remuneration policies that include two evaluation moments:

March for the merit-based policy, i.e. the evaluation of performance for the previous year. The evaluation is carried out by assessing the achievement of assigned objectives, providing feedback to the resource regarding their performance.

July for the salary policy. The employee's position is assessed based on a survey that provides the average remuneration offered by the market for the position held. The adoption of this system allows the employee to have defined timelines for the reassessment of both their position and their performance.

Gender equality

The Group believes in and invests in gender equality, having obtained gender equality certification for two Group companies: CY4Gate since 2023 and RCS since 2024, both renewed in 2025.

The policy relating to gender equality provides for equal pay and positioning for both genders, with the objective of ensuring equal treatment.

Occupational health and safety policy

The Group considers the protection of workers' health and safety a fundamental and essential value. In this regard, the Group has adopted an occupational health and safety management system in line with the provisions of Legislative Decree No. 81/2008, the Consolidated Law on health and safety in the workplace. This system has been developed with reference to the UNI-INAIL Guidelines, an authoritative reference for structuring effective management systems in this area.

The occupational health and safety management system of the CY4Gate Group is structured into several key elements. The safety and health of workers are an absolute priority for the Group, which has adopted an occupational health and safety policy aimed at ensuring a safe and healthy working environment for all employees and collaborators. This policy is based on compliance with occupational health and safety regulations and on the promotion of a culture of prevention and safety. The occupational health and safety policy is structured across several aspects, including risk assessment, staff training, provision of personal protective equipment, and emergency management.

The policies concern and are applied to the own workforce as a whole.

The Group is committed to acting in compliance with all applicable regulations concerning its own workforce.

Respect for human rights, including labor rights, of the own workforce is ensured through the Code of Ethics, internal rules and procedures that guide and manage relationships, as well as through the regulatory framework of the CCNL (Contratto Collettivo Nazionale di Lavoro) of reference concerning the rights of the own workforce and human rights. To involve its workers in initiatives, the Group adopts a communication approach based on emails and training courses. The Group is committed to acting in compliance with all applicable regulations concerning its own workforce.

Respect for human rights, namely the principles expressed in the United Nations Universal Declaration, the Conventions of the International Labour Organization, the OECD Guidelines, the Charter of Fundamental Rights of the European Union, and any other applicable regulations.

It should be noted that, as of the date of this reporting, the Group has not formalized specific policies explicitly addressing human trafficking, forced or compulsory labor, and child labor. However, these aspects are not considered relevant for the Group.

The Group has a policy for accident management, in compliance with applicable regulations.

It should be noted that, as of the date of this reporting, the Group does not have formalized policies explicitly addressing the grounds of discrimination, nor have specific commitments been adopted regarding inclusion or positive actions aimed at groups particularly at risk of vulnerability within the own workforce, for which the Group complies with applicable regulations, with the exception of gender identity, which is instead addressed through specific policies. Similarly, no dedicated procedures have been identified for the implementation and monitoring of such policies aimed at the prevention, mitigation, or management of potential discriminatory incidents, nor initiatives aimed at actively promoting diversity and inclusion.

The policies adopted cover all sustainability matters.

S1-2 Processes for engaging with the own workforce and workers' representatives regarding impacts

At present, the Group does not have a formalized written procedure; however, it is committed to actively listening to its own workforce through regular consultations and structured dialogue, integrating feedback into business decisions as a characteristic element of the Group. The levels of engagement are of various types, from site meetings to discussions at company level, and resources are allocated to support these activities. This ensures that decisions reflect the needs and perspectives of employees. The Group had planned to implement this process by 2025. However, following regulatory developments and emerging priorities of the Group, the implementation will be assessed in future reporting periods.

S1-3 Processes to remediate negative impacts and channels for the own workforce to raise concerns

In the event of negative impacts on the own workforce, the Group is committed to identifying the source of the issue and removing its cause. Once the cause has been identified and removed, an internal verification is carried out to assess whether the issue has been resolved and its effectiveness.

The Group has activated fully anonymous reporting channels that allow employees to report any type of issue. The issue is then analyzed in order to implement the necessary actions to resolve it.

Any potential or actual issues or violations that may have negative effects on the Group or on people's well-being are identified through the whistleblowing system, a platform that ensures secure and confidential access for all stakeholders. Reports can be submitted through the platform and/or directly to an impartial and specifically trained person/function appointed within the Group's companies, as well as to the Chair of the Supervisory Body (OdV).

Internal training and audit activities allow the Group to assess whether its own workforce is aware of the structures or processes available to raise concerns or needs and whether they trust them.

The Group has adopted and applies a procedure for the protection of whistleblowers.

S1-4 Actions on material impacts for the own workforce and approaches to managing material risks and pursuing material opportunities related to the own workforce, as well as the effectiveness of such actions

Below are the actions and resources implemented to manage material impacts, risks, and opportunities related to the own workforce.

Training and skills development

A training plan has been adopted that provides for the prior collection of needs and subsequently, within the available budget, the implementation of the requested training courses.

Time horizon: short term

Work-life balance

The Group strongly believes in a balanced work-life balance and promotes the use of smart working through the application of a flexible policy that meets employees' needs. Employees of the Group benefit from at least 2 days of smart working per week.

Time horizon: short term

Gender equality

The Group strongly believes in gender equality. In 2023 and 2024, the main companies of the Group obtained certification, and in 2025 the certification was renewed for the main Group companies. Time horizon: short, medium, long term

S1-5 Targets related to the management of material negative impacts, the enhancement of positive impacts, and the management of material risks and opportunities

Gender equality (PdR 125)

The Group pursues the objective of ensuring pay and gender equity, maintaining and strengthening its commitments to equal opportunities, including through maintaining the Gender Equality Certification for CY4Gate and RCS, and promoting gender equality and equal pay for work of equal value across all Group organizations.

For the following three-year period, the objective is to maintain these certifications through the application of management systems and the implementation of internal monitoring audits.

Employees, as internal stakeholders, were involved in the process of defining the targets through training initiatives, email communications, and dedicated surveys.

Skills development

The Group aims to promote the development of specialized technical skills through high-tech training initiatives for its employees. The objective is to foster value creation through the sharing of know-how and collaboration with universities and public institutions.

Employee involvement took place through activities aimed at identifying training needs, supporting the definition of targets.

Work-life balance

The Group is committed to ensuring an effective balance between professional and personal life, also through the adoption of a flexible smart working policy that meets employees' needs.

Monitoring is carried out on a semi-annual basis, based on attendance evaluation.

Employees were involved in defining the target through the sharing and discussion of the policy.

The Group, through its targets, covers all material sustainability matters.

S1-6 Characteristics of the undertaking's employees

Below is the composition of the workforce as at December 31, 2025.

Headcount	2024	2025
Men	456	448
Women	96	93
Other	0	0
Not reported	0	0
Total	552	541

Characteristics of the undertaking's employees: breakdown by countries with 50 or more employees representing at least 10% of the total number of employees.

Employees in France and Spain are not presented as they do not meet the indicated threshold.

CY4Gate Group

Country	Number of employees 2024	Number of employees 2025
Italy	485	470
France	0	0
Spain	0	0

The breakdown by type of contract is identified as fixed-term or permanent by number of employees (headcount). Characteristics of the undertaking's employees: breakdown by number of employees by gender (headcount).

Gruppo CY4Gate						Gruppo CY4Gate
2024				2025
FEMALE	MALE	OTHER	NOT DETECTED	TOTAL	FEMALE	MALE	OTHER	NOT DETECTED	TOTAL
Number of employees (n° / HC)					Number of employees (n° / HC)
96	456	0		552	93	448	0		541
			Number of permanent employees (n° / HC)					Number of permanent employees (n° / HC)
94	453	0		547	89	445	0		534
			Number of fixed-term employees (n° / HC)		Number of fixed-term employees (n° / HC)
2	3	0		5	4	3	0		7
Numberofguaranteed (n° / HC)	employees	with	unsecured	hoursnon	Numberofguaranteed (n° / HC)	employees	with	unsecured	hoursnon
0	0	0	0	0	0	0	0		0
Number of full time employees (n° / HC)			Number of full time employees (n° / HC)
83	449	0		532	81	438	0		519
Number of part time employees (n° / HC)			Number of part time employees (n° / HC)
13	7	0		20	12	10	0		22

During 2025, the number of employees (headcount) who left the Group amounted to 74. The Group's turnover rate is equal to 13,7%.

Methodology used for calculation

To calculate turnover, the number of employees (according to the head-count system) who left the Group was considered, in relation to the total number of employees as of December 31, 2025.

S1-8 Collective bargaining coverage and social dialogue

100% of the Group's employees are covered by collective labor agreements, as better represented in the table below.

CY4Gate GROUP – Collective bargaining coverage and social dialogue

	Collective bargaining coverage	Social dialogue
	Employees – EEA	Employees – Non-EEA	Workplace representation (EEAonly)
Coverage rate	(for countries with more than50 employees representingmore than 10% of the totalemployees	(estimate for regions withmore than 50 employeesrepresenting more than 10%of total employees)	(for countries with more than 50employees representing more than10% of the total employees)
0 -19 %	-	-	-
20 -39 %	-	-	-
40 -59 %	-	-	-
60 -79 %	-	-	-
80 - 100 %	100%		0%

Employees in France and Spain are not presented as they do not meet the indicated threshold.

The Group has not entered into agreements with its employees for representation by a European Works Council (EWC), a Works Council of a European Company (SE), or a Works Council of a European Cooperative Society (SCE).

S1-9 Diversity metrics

Below is the gender distribution in number and percentage of employees (total headcount) at senior management level*.

Top Management	CY4Gate Group2024	CY4Gate Group2025
Male	20	21
Male (%)	80%	84%
Female	5	4
Female (%)	20%	16%
Other
Other (%)
Not reported
Not reported (%)
Total	25	25

* Top Management refers to executives who report directly to the Group's Chief Executive Officer.

Below is the breakdown of employees by age group

Age group	CY4Gate Group2024	CY4Gate Group2025
Employees aged < 30 years	103	94
Employees aged between 30 and 50years	339	338
Employees aged > 50 years	110	109

S1-10 Adequate wages

All employees receive remuneration in line with the levels provided for by the applicable CCNL, ensuring adequacy with respect to sectoral and regulatory reference parameters.

In no country do employees earn below the reference threshold for adequate remuneration.

S1-13 Training and skills development metrics

Below are the performance reviews conducted during the reporting period of this sustainability statement and the corresponding percentage of employees, broken down by gender, who participated in such reviews. For periodic review, a single annual evaluation per employee of the Group who participated in the evaluation process is intended, consisting of a series of stages that are part of the process itself.

Gender	Year	Total number ofemployees	Number of employeeswho participated inperiodic reviews	Participation rate (%)
	2024	456	149	33%
Male	2025	448	389	86,83%
Female	2024	96	39	41%
	2025	93	87	93,55%
	2024	0	0	0
Other/Not disclosed	2025	0	0	0
Total	2024	552	188	34%
	2025	541	476	88%

Average number of training hours per employee

The table below shows, for the reporting period covered by this sustainability statement, the average number of training hours provided per employee of the Group. The figure has been calculated as the ratio between the total number of training hours provided during the period and the total number of employees. In 2025, the decrease in the average number of training hours per employee is due to the update of the Training Plan to be implemented over the two-year period 2025–2026.

Gender	Average number of training hoursCy4Gate Group 2024	Average number of training hoursCy4Gate Group 2025
Male	10	7
Female	24	4
Other / Not disclosed	0	0
Average number of hours peremployee	12	6

S1-14 Health and safety metrics

100% of employees are covered by a health management system, as provided for under the applicable CCNL. No cases of death were recorded.

In 2025, with reference to the entire own workforce of the Group, 2 accidents were recorded, with a work-related accident rate equal to 2.15 per million hours worked.

The number of hours worked by the Group was calculated based on the estimate of standard working hours, equal to 1,720, multiplied by the number of employees of the Group.

In 2025, the number of recordable cases relating to work-related illnesses is equal to 0.

In 2025, the number of working days lost due to injuries and fatalities resulting from work-related accidents, workrelated illnesses, and deaths following illnesses is equal to 0.

S1-15 Work-life balance metrics

All employees are entitled to leave for family reasons pursuant to social policy and/or collective labor agreements. Below is the breakdown by gender.

Gender	Percentage ofemployees entitledto family leave (%)2024	Percentage ofemployees who tookfamily leave (%) 2024*	Percentage ofemployees entitledto family leave (%)2025	Percentage ofemployees who tookfamily leave (%) 2025
Male	100%	2%	100%	3%
Female	100%	4%	100%	13%
Other/Not		0
disclosed
Total	100%	3%	100%	5%

*Group data estimated based on the projection of the parent company's figures.

S1-16 Remuneration metrics (pay gap and total remuneration)

In 2025, the average pay gap will be -0.75%, a reduction compared to 2024, when it stood at -1.72%. It is calculated as the difference between the average gross hourly wage paid to male and female workers, expressed as a percentage of the average wage level of male workers.

In 2025, the ratio between the annual total remuneration of the individual receiving the highest salary and the median annual total remuneration of all employees is equal to 4.34, compared to 4.23 recorded in 2024.

S1-17 Incidents, complaints, and severe human rights impacts

No reports relating to incidents of discrimination, including harassment or complaints submitted through the designated channels, were recorded in both 2024 and 2025.

4. GOVERNANCE DISCLOSURES

ESRS G1 – Business conduct

Responsible management of the business represents an integrated approach to corporate management that considers environmental, social, and governance factors as essential elements for long-term success. These are an integral part of the decision-making process and actions, from the definition of strategy to the management of daily operations.

This vision translates into an integrated management approach, where sustainability matters are not isolated elements, but an integral part of the company's decision-making and operational processes. It begins with an accurate assessment of impacts, risks and opportunities, with the aim of integrating them into planning and control systems.

Responsible management implies the adoption of shared rules of conduct that guide the actions of all members of the organization. This is accompanied by management systems that ensure compliance with regulations, transparency of information toward stakeholders, and fairness in business conduct and relationships. Particular attention is paid to the prevention of anti-competitive behavior, the quality of services and products offered, and the well-being of workers, which are fundamental elements for the creation of a healthy and productive working environment.

The primary objective is to prevent compliance risks and untimely management of economic, social, and environmental impacts. In this way, The Group not only protects itself from potential issues, but also actively contributes to the creation of value for all stakeholders, from employees to investors, from the local community to the environment.

The administrative body, as the strategic guide of the company, is responsible for defining the vision and strategy, integrates environmental, social, and governance factors into the strategic decision-making process, identifying risks and opportunities and ensuring that they are adequately managed. Furthermore, it oversees the implementation of the strategy, monitoring performance and progress toward sustainability objectives and reporting to stakeholders on the results achieved.

Management, in turn, translates the strategy into concrete actions:

defines specific objectives, implementation plans, and performance metrics, integrating sustainability matters into the company's daily operations.
actively engages stakeholders in the process of defining and implementing the strategy, creating an open and constructive dialogue.
communicates performance in a transparent manner, reporting on progress achieved and challenges faced.

The control bodies, finally, perform a guarantee and verification role:

verify that business conduct complies with laws, regulations, and codes of conduct, assess impacts, risks and opportunities related to sustainability, providing an independent opinion on their adequacy and management.
support the Board of Directors in overseeing risk management and in evaluating sustainability performance.

In summary, the administrative, management, and control bodies, each with their own responsibilities and competencies, collaborate to ensure that responsible management of the business is effectively integrated into all company activities.

This approach makes it possible to create value for The Group and for all its stakeholders, contributing to a more sustainable future.

The competencies relevant for the purposes of the sustainable governance of the company are appropriately distributed among the members of the administrative, management, and control bodies of CY4Gate. For further details, reference should be made to section GOV-1 – Role of the administrative, management and supervisory bodies of this document.

The Group adopts a structured and dynamic approach to the management of impacts, risks and opportunities related to corporate culture and business conduct, through a set of integrated policies and tools. For further details regarding the description of the processes for identifying and assessing relevant impacts, risks and opportunities, reference should be made to section IRO-1 – Description of the processes to identify and assess material impacts, risks and opportunities and the involvement of internal and external stakeholders.

At the core of this approach is a three-year action plan, updated annually, which defines objectives and concrete actions to address challenges and maximize opportunities related to corporate culture and business conduct. This plan is the result of an in-depth analysis and continuous review of impacts, enabling The Group to proactively adapt its strategies and respond to changes in the context.

A key element of this system is the internal Control, Risk and Sustainability Committee (CCRS), which plays a crucial role by providing advice and proposals to the Board of Directors on sustainability matters. The CCRS not only assesses risks and opportunities, but also actively contributes to shaping The Group's strategy, ensuring that principles of responsibility and sustainability are integrated into every decision.

It is important to emphasize that this system is not static, but continuously evolving.

The annual update of the three-year action plan and the ongoing monitoring activities of the CCRS enable The Group to adapt to changes in the context and to continuously improve its performance in relation to corporate culture and business conduct.

The Group is concretely committed to managing impacts, risks and opportunities related to corporate culture and business conduct, through an integrated and dynamic approach that actively involves the administrative, management, and control bodies.

The semi-annual report of the CCRS to the Board of Directors ensures transparent communication and continuous monitoring of progress achieved. This mechanism allows the Board of Directors to be fully informed on sustainabilityrelated matters and to exercise effective oversight of the management of risks and opportunities.

Consistent with its commitment to responsible management of the business, The Group CY4Gate has adopted a set of policies aimed at promoting an ethical corporate culture and ensuring the quality of its products and services.

G1-1 Policies related to corporate culture and business conduct

Code of Ethics

The Code of Ethics, updated in July 2025, represents the cornerstone of the system of values and principles that guide The Group's actions. This document, an integral part of contractual documentation with both customers and suppliers, is structured into three main sections:

General ethical principles: defines the principles that inspire the Company's conduct, in line with the corporate Vision.
Ethical principles in internal relations: establishes the principles and rules of conduct that the Company adopts in personnel management and corporate governance, safeguarding dignity, legality, and transparency.
Ethical principles in relations with third parties: establishes the principles and rules of conduct that the Company adopts in its relations with customers, partners, suppliers, and institutions, contributing to the achievement of the corporate Mission.

The Code of Ethics applies at all levels of the organization, from administrative and control bodies to employees and collaborators, and to anyone who has relations with The Group.

In this way, The Group is committed to promoting a corporate culture based on integrity, transparency, and responsibility.

Quality Policy (ISO 9001) adopted by CY4Gate and RCS

Within the framework of risk management and with the objective of ensuring the quality of its products and services, the companies have implemented a quality management system certified in accordance with ISO 9001:2015. This system focuses on several crucial aspects:

Quality of products and services: ensuring that the products and services offered meet the highest quality standards.
Customer satisfaction: ensuring customer satisfaction throughout the entire contract lifecycle, from the design phase to delivery and post-sales support.
Technological innovation: ensuring an adequate level of innovation and technological content in the products and services offered, in order to remain competitive in the market.

Through the implementation of these policies, a concrete commitment is demonstrated to promoting a corporate culture that is ethical and responsible, oriented toward quality, innovation, and customer satisfaction.

Environmental Policy (ISO 14001) adopted by RCS

An environmental policy has been adopted in line with the international ISO 14001 standard, which defines environmental objectives, the actions to be undertaken to achieve them, and the responsibilities of each member of the organization, and which is periodically updated.

The environmental policy is structured across several areas, including waste management, energy saving, emission reduction, and raising employee awareness on environmental matters. It should be noted that this policy, as well as The Group's consumption, is aligned with the policy of the parent company Elettronica S.p.A.

Occupational Health and Safety Policy, as detailed in the Group Policies section.

Gender Equality Policy (PdR 125)

The gender equality policy represents a formal and strategic commitment to the creation of an inclusive, equitable, and respectful working environment, where all individuals, regardless of gender, have equal opportunities for professional and personal growth.

This policy is based on the principles of non-discrimination, equal opportunities, equal pay, work-life balance, enhancement of diversity, and the prevention of all forms of violence or harassment.

Information Security Policy (ISO 27001) adopted by CY4Gate, RCS, and XTN

The information security policy is based on the international ISO 27001 standard, a globally recognized standard for information security management.

This policy is structured across several areas, including physical, logical, and communications security, risk management, and employee training and awareness.

At the same time, in line with the General Data Protection Regulation (GDPR), a specific personal data protection policy has been adopted, aimed at ensuring compliance with privacy regulations and safeguarding the rights of natural persons with regard to the processing of their personal data.

The personal data protection policy is structured across several aspects, including the definition of responsibilities, impact assessment, security measures, breach management, and information notices and consent of data subjects.

To ensure the implementation of this policy, a Data Protection Officer (DPO) has been appointed, a professional figure with expertise in personal data protection. The DPO is responsible for informing and advising the data controller, the data processor, and employees on the provisions of the GDPR and best practices in personal data protection, verifying compliance of personal data processing with the GDPR and other applicable regulations, cooperating with the supervisory authority (Italian Data Protection Authority) on matters relating to personal data processing, and acting as a contact point for data subjects and the supervisory authority.

The information security and personal data protection policy represents a concrete commitment to the protection of information assets and the safeguarding of individuals' rights. The adoption of international standards such as ISO 27001 and compliance with privacy regulations demonstrate a focus on creating a secure and responsible working environment.

Governance and Remuneration

The appointment of the Board of Directors takes place as described in section GOV-1 – Composition and role of the administrative, management and supervisory bodies.

The Remuneration Policy provides for a Stock Grant plan as indicated in section GOV-3 – Incentive schemes linked to sustainability objectives, the renewal of which is scheduled for April 2026.

Risk management

The internal control and risk management system of The Group CY4Gate is a structured set of rules, procedures, and organizational structures aimed at ensuring the effective identification, measurement, management, and monitoring of the main business risks.

This integrated system is fundamental for sustainable success, as it provides a solid framework for the proactive management of risks and supports an informed and aware decision-making process. Among the main parties involved in this system, a key role is played by the Internal Audit function, established in 2023 following the transition of The Group from the Euronext Growth Milan segment to the STAR segment.

The Internal Audit function, through its independent and objective assurance activities, verifies the adequacy and effectiveness of the internal control and risk management system, contributing to strengthening corporate governance and safeguarding value for stakeholders.

Organization, management and control model (MOG)

The organization, management and control model (MOG) pursuant to Legislative Decree 231/2001 and implemented by The Group represents a fundamental pillar of its governance strategy, outlining a system of rules and tools aimed at preventing the commission of offenses and promoting a corporate culture based on legality and transparency.

This document, aligned with best practices and continuously updated to reflect legislative and organizational developments, defines general principles, identifies risk areas, establishes rules of conduct, implements a control system, establishes a Supervisory Body, and provides for a disciplinary system.

The document was updated in 2025 to take into account legislative developments and the expansion of The Group, further strengthening its commitment to responsible and transparent management.

It consists of four sections and five annexes.

In particular:

Section I, which outlines the contents of Legislative Decree 231/2001 and its subsequent updates, with the aim of providing the recipients of the document with an overview of the regulatory framework within which the Company's organizational model operates;
- Section II, which describes the structure, contents, and articulation of the Model, with particular reference to the description of the Company, the identification of risk activities, the methods for managing financial flows, the functioning of the Supervisory Body, information flows, training and communication activities, and the procedures for updating the Model;
Section III, which contains the description of the disciplinary system applicable in the event of noncompliance with the behavioral rules set out in the Model;
Section IV, which contains the Special Section and the Protocols to be observed in order to eliminate or, at least, reduce to an acceptable level the risk of conduct constituting one of the offenses that may trigger the application of the sanctions provided for by Legislative Decree no. 231 of June 8, 2001, as

subsequently amended and supplemented.

Below is a list of annexes:

Annex 1 Catalogue of Offenses and Administrative Violations
Annex 2 Information Flows to the Supervisory Body
Annex 3 Code of Ethics (for details, reference should be made to the dedicated section)
Annex 4 Anti-Money Laundering Code (to be described below)
Annex 5 Anti-Corruption Code (to be described below)

Customers, suppliers, and partners are required to formally commit to compliance with the MOG, with immediate termination of the contract in the event of violation, demonstrating its crucial importance for The Group.

Anti-Corruption Code

The anti-corruption prevention system, formalized in the Anti-Corruption Code as updated in 2025, represents a fundamental pillar of its commitment to integrity and transparency.

This structured and coherent system of principles aims to prevent and counter the risks of unlawful practices, promoting a corporate culture based on honesty, ethics, and compliance with laws.

In particular, the Anti-Corruption Code defines general principles of conduct, clear rules of behavior, appropriate control procedures, an internal reporting mechanism, and disciplinary sanctions for any violations.

Adopted by the Board of Directors and applied at all levels of the organization, including employees, collaborators, directors, partners, and suppliers, the Anti-Corruption Code is periodically updated to reflect legislative developments and best practices.

A Coordination and Consultation Body for the Prevention of Corruption has been established, composed of the Chairperson pro tempore and the Chairs of the Board of Statutory Auditors and of the Supervisory Body pursuant to Legislative Decree 231/2001, which reports annually on the activities carried out to the Board of Directors, the Board of Statutory Auditors, and the Supervisory Body pursuant to Legislative Decree 231/2001.

Furthermore, a Whistleblowings Committee has been established, composed of the Heads of the Legal and Administration, Finance and Control organizational units, responsible for managing the preliminary assessment phase and reporting on received reports. The Committee prepares, on a semi-annual basis, a summary report of the activities carried out and the progress status of the action plans relating to reports concerning conduct relevant to corruption risk.

Anti-Money Laundering Policy

In 2025, The Group updated its Anti-Money Laundering Code, within which a structured organizational model is defined to mitigate the risks of money laundering and terrorist financing, in line with national and international regulations.

The model provides for a set of preventive and control measures, including a dedicated Anti-Money Laundering function, which is responsible for identifying and assessing risks, defining procedures, monitoring transactions, reporting suspicious transactions, and training personnel. In addition, the model includes other key measures such as customer due diligence, document retention, internal control, and periodic audits.

The Group is committed to maintaining an effective and up-to-date prevention system, recognizing the importance of this area for its reputation and for the prevention of unlawful activities. The adoption of a robust organizational model and the establishment of the Anti-Money Laundering function demonstrate its commitment to legality, transparency, and social responsibility.

Transparency of financial transactions

The Group places strong emphasis on the transparency of financial transactions, adopting rigorous procedures for the management of transactions with related parties, internal dealing, and the prevention of market abuse. The primary objective is to prevent and mitigate potential conflicts of interest, while ensuring clear and complete communication to investors.

With regard to transactions with related parties, The Group has implemented a specific procedure that provides for the identification of related parties, the assessment of transactions to verify their appropriateness and correctness, the approval of transactions of greater significance by the Board of Directors, and transparent and timely disclosure to the market.

With regard to internal dealing, The Group has adopted a specific procedure that defines relevant persons, provides for disclosure obligations for transactions carried out on The Group's shares, and ensures the publication of relevant information.

The Group is particularly attentive to the prevention of market abuse, having adopted a Code of Ethics that defines the principles and rules to be followed to prevent insider trading, market manipulation, and other unlawful practices.

Finally, The Group is committed to providing the market with complete, accurate, and timely information, in compliance with disclosure obligations established by law and regulations.

Information relating to The Group's economic and financial position, transactions with related parties, internal dealing, and other relevant events is communicated through official channels and submitted to Consob.

The transparency of financial transactions is a fundamental element for the creation of a relationship of trust with investors and for safeguarding The Group's reputation.

The procedures adopted for the management of transactions with related parties, internal dealing, and the prevention of market abuse demonstrate a commitment to sound and responsible governance.

Group Directive – MOG 231 Guidelines

Through the sharing of its Code of Ethics and its Organization, Management and Control Model (MOG 231), The Group is committed to promoting a corporate culture deeply rooted in the principles of legality, transparency, ethics, correctness, and compliance with rules.

This sharing is not merely a formality, but a declaration of intent that underscores the importance of these fundamental values for The Group.

Consistent with the most rigorous principles adopted, The Group does not limit itself to declaring these values, but actively integrates them into every aspect of its activities.

The commitment to legality is reflected in the scrupulous compliance with laws and regulations, both at national and international level, while transparency is expressed through open and complete communication with all stakeholders. Ethics guides every business decision, ensuring that actions are always inspired by integrity and honesty. Correctness in relations with customers, suppliers, and partners is considered an essential value, as is compliance with internal rules and corporate procedures, which are essential elements for ensuring operational efficiency and effectiveness.

The sharing of the Code of Ethics and the MOG 231 therefore represents a fundamental step in strengthening a corporate culture based on solid and shared values, with the objective of ensuring sustainable success over time and the creation of value for all stakeholders.

The Sole Director, the Chief Executive Officer, or the Board of Directors (BoD), depending on the governance structure adopted, represents the highest managerial level responsible for the implementation of corporate policy.

Aspects relating to corporate culture are considered and discussed by the administrative, management, and control bodies. The main aspects are promoted and disseminated to stakeholders (internal and/or external to The Group) as part of the corporate culture. In addition, specific tools are in place for employees to promote and encourage the corporate culture.

The Group has adopted an integrated management system aimed at ensuring respect for and integration of sustainability matters, which includes various mechanisms to identify, report, and investigate unlawful conduct or conduct not compliant with the Code of Ethics and internal regulations. The Group recognizes the importance of the contribution of all stakeholders, both internal and external, for the continuous improvement of the management system and for the prevention of unlawful conduct.

Reporting and Investigation mechanisms

● Whistleblowing Procedure: allows employees and third parties to report, including anonymously, potential or actual violations of the Code of Ethics, the Organizational Model 231, or other internal regulations. Reports are collected and managed by an independent function, which assesses their substantiation and initiates the necessary investigations.

● Whistleblowings Committee: composed of the Heads of the Group Legal and Group Accounting, Finance, Controlling and Procurement organizational units, responsible for managing the preliminary assessment and reporting phase of the whistleblowings received. Every six months, The Committee prepares a report summarising the activities carried out and the progress of the Action Plans concerning conduct relevant to the corruption risk**.**

Reports are handled with the utmost confidentiality and diligence.

The Whistleblowings Committee assesses the substantiation of reports and, in the event of confirmed violations, proposes corrective and disciplinary actions.

The Group is committed to ensuring that there is no retaliation against good faith reporters.

An additional oversight mechanism is ensured by the Control, Risk and Sustainability Committee (CCRS), which expresses opinions on specific aspects relating to the identification of the main corporate risks, including risks related to the internal system for the prevention of corruption, and supports the assessments and decisions of the Board of Directors relating to the management of risks arising from harmful events of which it has become aware.

The Group adopts policies on combating active and passive corruption consistent with the United Nations Convention against Corruption.

The Group has implemented a comprehensive and secure reporting system for violations, aimed at ensuring that all stakeholders can report, in a confidential and protected manner, any issues or violations that may have a negative impact on The Group or on people's well-being. A dedicated online platform is made available to all stakeholders, accessible in a secure and confidential manner, which allows violations to be reported easily and intuitively, following a guided procedure, and ensures the anonymity of the reporter and the confidentiality of the information transmitted.

Reporting may be carried out through the platform and/or directly through an impartial function, specifically trained and responsible for managing reports, as well as through the Chair of the Supervisory Body (OdV), who is responsible for handling reports.

The Group has policies in place for the protection of whistleblowers, as outlined above.

The Group has structured an integrated management system to promote a corporate culture based on integrity, transparency, and accountability, with a particular focus on the prevention of corruption, money laundering, and respect for human rights, as detailed in the Policies section.

The Group has implemented a structured and articulated integrated management system, which includes policies, control bodies, and specific procedures to promote a culture of integrity and transparency, prevent unlawful conduct, and ensure regulatory compliance across various areas, from combating corruption to respecting human rights.

The Company has also adopted the Internal Training Delivery Procedure, relating to the annual planning of training activities for employees.

With reference to the Organizational Model pursuant to Legislative Decree 231/2001, the functions most exposed to active and passive corruption risk are Human Resources, Sales, Marketing, and Procurement.

G1-2 – Management of relationships with suppliers

The payment policy is currently not managed through a Group procedure; however, each company, also depending on the type of its suppliers and relationships, seeks to ensure compliance with contractually agreed payment terms, also acting on the monitoring of collections to maintain financial balance.

The approaches adopted in relationships with suppliers, taking into account risks related to the supply chain and impacts on sustainability matters, are defined at Group level through the adoption of the Organizational Model 231/2001 and the Code of Ethics.

Cy4gate requires suppliers registered in the vendor register to sign the Commitment to social responsibility for ethical and sustainable development and carries out ongoing assessment activities regarding regulatory compliance requirements, including adherence to environmental programs and the possession of any certifications by suppliers.

Within the Sustainability Plan 2026–2030, the strengthening of systems for evaluating the environmental and social performance of suppliers represents an objective to be pursued through increasing the number of suppliers assessed according to ESG criteria or adhering to Cy4gate's ESG Policy.

G1-3 Prevention and detection of active and passive corruption

The Group has implemented a comprehensive system to prevent, identify, and manage potential cases of corruption, both active and passive.

All companies of The Group have been subject to a corruption risk assessment over the last two years, covering 100% of the Group's operating sites. This assessment has made it possible to identify and analyze the most vulnerable areas and to implement targeted preventive measures.

To date, no cases of active or passive corruption have emerged within The Group. This result demonstrates the effectiveness of the preventive measures adopted and The Group's commitment to promoting a culture of integrity and transparency.

In the event of any corruption incidents, The Group relies on an Anti-Corruption Code. This Code defines the guidelines and procedures to be followed to manage effectively and promptly any report or case of corruption, ensuring a uniform and rigorous approach across all companies of The Group.

All companies of The Group have been subject to corruption risk assessment, i.e., 100% of the Group's operating sites, over the last two years.

No cases of active or passive corruption have emerged; however, should any arise, The Group is equipped with an Anti-Corruption Code.

The Whistleblowings Committee, composed of the Heads of the Group Legal and Group Accounting, Finance, Controlling and Procurement organizational units, is responsible for managing the preliminary assessment and reporting phase of the reports received.

The Committee prepares, on a semi-annual basis, for the Coordination Body, a summary report on the activities carried out and on the status of progress of the Action Plans relating to reports concerning conduct relevant for corruption risk.

The Company has adopted and disseminated, through its website and corporate intranet, the following documents:

Organizational, Management and Control Model pursuant to Legislative Decree 231/2001;
Code of Ethics;
Anti-Corruption Code;
Anti-Money Laundering Policy.

The Company also provides, contractually, for clauses that require customers and suppliers to comply with these documents.

Training programs are extended to the Board of Directors, the Board of Statutory Auditors, Executives, Middle Managers, Employees, and Apprentices.

Training is provided to 100% of functions at risk. With reference to these risk profiles in relation to corruption and extortion, based on the analysis of business processes and areas of operation, The Group has identified the functions potentially most exposed in relationships with third parties or with public administrations. These areas include, as a priority, commercial processes and procurement and supplier selection processes, institutional relations, activities related to participation in tenders and calls for bids, as well as processes for the selection and management of human resources.

Training on corruption has been delivered to employees, Management, and Top Management as part of general and specific training on Model 231, anti-corruption, and whistleblowing.

G1-4 Cases of active or passive corruption

The Group has not identified any cases of active or passive corruption, violations of procedures, or, consequently, the application of sanctions.

CY4Gate S.p.A. has also transmitted to the companies of The Group, through a Directive, the Code of Ethics and the Anti-Corruption Code.

The Group has adopted the following actions to manage material impacts, risks, and opportunities related to active and passive corruption:

Anti-Corruption Code;
Appointment within CY4Gate of the Control, Risk and Sustainability Committee;
Appointment within CY4Gate of the Coordination and Consultation Body for the Prevention of Corruption and of the Whistleblowings Committee;
Sharing with subsidiaries of CY4Gate's Code of Ethics and adoption of contractual clauses that require stakeholders to comply with the Code of Ethics.

In addition, in 2025 the following were implemented:

Maintenance of CY4Gate S.p.A.'s legality rating with a score of three stars, corresponding to the maximum obtainable score;
Update of the Organizational and Management Model of CY4Gate and RCS pursuant to Legislative Decree 231/2001;
Obtaining ISO 37001 certification for CY4Gate's Anti-Corruption Management System.

No convictions for violations of laws against active and passive corruption have been recorded, as also evidenced by the reports of the Whistleblowings Committee.

There have been no cases of violations of procedures and, consequently, no sanctions have been applied.

G1-6 Payment practices, in particular with regard to delays in payments to small and medium-sized enterprises (SMEs)

The Group defines the contractual terms for the payment of suppliers in purchase orders.

In general, these terms provide for payment upon presentation of an invoice and subject to authorization for payment by the requesting function.

The average time taken by the undertaking to pay an invoice from the date on which the contractual or legal payment term begins to be calculated, expressed in number of days and by product category, is not available and is expected to be measured from 2026.

There are currently no legal proceedings pending due to payment delays.

KPMG S.p.A. Revisione e organizzazione contabile Via Curtatone, 3 00185 ROMA RM Telefono +39 06 80961.1 Email [email protected] PEC [email protected]

(This independent auditors' report has been translated into English solely for the convenience of international readers. Accordingly, only the original Italian version is authoritative.)

Independent auditors' limited assurance report on the consolidated sustainability statement pursuant to article 14-bis of Legislative decree no. 39 of 27 January 2010

To the shareholders of CY4Gate S.p.A.

Conclusion

Pursuant to articles 8 and 18.1 of Legislative decree no. 125 of 6 September 2024 (the "decree"), we have been engaged to perform a limited assurance engagement on the 2025 consolidated sustainability statement of the CY4Gate Group (the "group") prepared in accordance with article 4 of the decree, presented in the specific section of the management report (the "consolidated sustainability statement").

Based on the procedures performed, nothing has come to our attention that causes us to believe that:

the group's 2025 consolidated sustainability statement has not been prepared, in all material respects, in accordance with the reporting standards endorsed by the European Commission pursuant to Directive 2013/34/EU (the European Sustainability Reporting Standards, "ESRS");
the information presented in the "Taxonomy Regulation (information pursuant to ART. 8 EU Reg. 852/2020)" section of the consolidated sustainability statement has not been prepared, in all material respects, in accordance with article 8 of Regulation (EU) 852 of 18 June 2020 (the "taxonomy regulation").

Basis for conclusion

We have performed the limited assurance engagement in accordance with the Standard on Sustainability Assurance Engagements - SSAE (Italia). The procedures performed in a limited assurance engagement vary in nature and timing from, and are less in extent than for, a reasonable assurance engagement. Consequently, the level of assurance obtained in a limited assurance engagement is substantially lower than the assurance that would have been obtained had a reasonable assurance engagement been performed. Our responsibilities under that standard are further described in the "Auditors' responsibilities for the sustainability assurance engagement" section of our report.

We are independent in accordance with the ethics and independence rules and standards applicable in Italy to sustainability assurance engagements.

KPMG S.p.A. è una società per azioni di diritto italiano e fa parte del network KPMG di entità indipendenti affiliate a KPMG International Limited, società di diritto inglese.

Ancona Bari Bergamo Bologna Bolzano Brescia Catania Como Firenze Genova Lecce Milano Napoli Novara Padova Palermo Parma Perugia Pescara Roma Torino Treviso Trieste Varese Verona

Società per azioni Capitale sociale Euro 10.415.500,00 i.v. Registro Imprese Milano Monza Brianza Lodi e Codice Fiscale N. 00709600159 R.E.A. Milano N. 512867 Partita IVA 00709600159 VAT number IT00709600159 Sede legale: Via Giovanni Battista Pirelli, 38 20124 Milano MI ITALIA

Our company applies International Standard on Quality Management 1 (ISQM Italia 1) and, accordingly, is required to design, implement and operate a system of quality management including policies or procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

We believe that the evidence we have acquired is sufficient and appropriate to provide a basis for our conclusion.

Responsibilities of the directors and board of statutory auditors ("Collegio Sindacale") of CY4Gate S.p.A. (the "parent") for the consolidated sustainability statement

The directors are responsible for designing and implementing the procedures to identify the information included in the consolidated sustainability statement in accordance with the ESRS (the "materiality assessment process") and for the description of these procedures in the "IRO-1 Process applied for the materiality assessment, involvement of internal and external stakeholders" section of the consolidated sustainability statement.

The directors are also responsible for the preparation of a consolidated sustainability statement in accordance with article 4 of the decree, which contains the information identified through the materiality assessment process, including:

compliance with the ESRS;
compliance of the information presented in the "Taxonomy Regulation (information pursuant to ART. 8 EU Reg. 852/2020)" section with article 8 of the taxonomy regulation.

Moreover, the directors are responsible, within the terms established by the Italian law, for designing, implementing and maintaining such internal controls as they determine is necessary to enable the preparation of a consolidated sustainability statement in accordance with article 4 of the decree that is free from material misstatement, whether due to fraud or error. They are also responsible for selecting and applying appropriate methods to produce disclosures and formulating assumptions and estimates about specific information on sustainability matters that are reasonable in the circumstances.

The Collegio Sindacale is responsible for overseeing, within the terms established by the Italian law, compliance with the decree's provisions.

Inherent limitations in preparing the consolidated sustainability statement

For the purpose of disclosing forward-looking information in accordance with the ESRS, the directors are required to prepare such information based on assumptions, described in the consolidated sustainability statement, regarding future events and the group's actions that are not necessarily expected to occur. Actual results are likely to be different from the forecast sustainability information since anticipated events frequently do not occur as expected and the variation could be material.

Auditors' responsibilities for the sustainability assurance engagement

Our objectives are to plan and perform procedures in order to obtain limited assurance about whether the consolidated sustainability statement is free from material misstatement, whether due to fraud or error, and to issue an assurance report that includes our conclusion. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence decisions of intended users taken on the basis of the consolidated sustainability statement.

As part of a limited assurance engagement in accordance with SSAE (Italia), we exercise professional judgement and maintain professional scepticism throughout the engagement.

Independent auditors' report 31 December 2025

Our responsibilities include:

considering risks to identify disclosures where a material misstatement is likely to occur, whether due to fraud or error;
designing and performing procedures to address disclosures where a material misstatement is likely to occur. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control;
directing, supervising and performing the sustainability limited assurance engagement and assuming full responsibility for the conclusion on the consolidated sustainability statement.

Summary of the work performed

A limited assurance engagement involves carrying out procedures to obtain evidence as a basis for our conclusion.

The procedures performed are based on our professional judgement and include inquiries, primarily of the parent's personnel responsible for the preparation of the information presented in the consolidated sustainability statement, documental analyses, recalculations and other evidence gathering procedures, as appropriate.

We have performed the following main procedures:

we gained an understanding of the group's business model, strategies and operating environment with regard to sustainability matters;
we gained an understanding of the process adopted by the group to identify and assess material sustainability-related impacts, risks and opportunities (IROs), based on the double materiality principle. Moreover, on the basis of the information acquired, we evaluated any emerging inconsistencies that may indicate the presence of sustainability matters not addressed by the group in its materiality assessment process; Specifically, mostly through inquiries, observations and inspections, we gained an understanding of how the group:
- considered the interests and opinions of the stakeholders involved;
- identified its sustainability-related IROs, assessing their consistency with our knowledge of the group and its sector;
- defined and assessed material IROs by analysing the qualitative and quantitative materiality thresholds it determined, assessing their consistency with the outcomes of the ERM process;
we gained an understanding of the processes underlying the generation, recording and management of the qualitative and quantitative information disclosed in the consolidated sustainability statement, including of the reporting boundary, through interviews and discussions with the group's personnel and selected procedures on documentation;
we identified the disclosures associated with a risk of material misstatement, whether due to fraud or error;
we designed and performed procedures at group level, based on our professional judgement, to respond to identified risks of material misstatement, including:
- with reference to qualitative information and, in particular, the sustainability-related policies, actions and targets, we held inquiries and performed limited procedures on documentation;

with reference to quantitative information, we carried out analytical procedures, inspections, observations and recalculations on a sample basis, including by obtaining documentary evidence;
we gained an understanding of the process adopted by the group to determine taxonomy-eligible exposures and whether they were aligned under the taxonomy regulation and checked the related disclosures presented in the sustainability statement;
we checked the consistency of the disclosures contained in the consolidated sustainability statement with those included in the group's consolidated financial statements pursuant to the applicable financial reporting framework, the underlying accounting records or management accounts;
we checked the compliance of the structure and presentation of disclosures included in the consolidated sustainability statement with the ESRS;
we obtained the representation letter.

Rome, 31 March 2026

KPMG S.p.A.

(signed on the original)

Matteo Ferrucci Director of Audit CONSOLIDATED FINANCIAL STATEMENTS AS OF AND FOR THE YEAR ENDED DECEMBER 31, 2025

Consolidated Financial Statements as of and for the year ended December 31, 2025

CY4GATE S.p.A. Headquarters in VIA COPONIA, 8 00131 ROME Company registration no. 13129151000 – REA no. 1426295

General Information 9
Basis of Presentation 9





Financial Risk Management 25
Estimates and Assumptions 29
Business Combinations 31
Segment Reporting 33
Revenue 33
Other revenue and income 35
Purchases, services and personnel expenses 35
Amortization and depreciation 37
Other operating costs 37
Financial income and expense 37
Taxes 38
Earnings/(Loss) per share and Diluted Earnings/(Loss) per share 39
Goodwill 39
Intangible assets 40
Property, plant and equipment 42
Right-of-Use Assets 43
	Consolidated Statement of Profit and Loss 4Consolidated Statement of Comprehensive Income 5Consolidated Statement of Financial Position 6Consolidated Statement of Cash Flows 7Consolidated Statement of Changes in Equity 82.1. Basis of Preparation 92.2. Scope of consolidation 102.3. Basis of Consolidation 112.4. Accounting policies 122.5. Recently issued accounting standards 22

19.	Inventories 44
20.	Trade receivables 45
21.	Current tax assets and liabilities 45
22.	Other current and non-current assets 46
23.	Cash and cash equivalents 46
24.	Current and non-current financial assets 46
25.	Equity-accounted investments 47
26.	Contract assets and liabilities 47
27.	Equity 47
28.	Current and non-current financial and lease liabilities 49
29.	Employee benefits 54
30.	Provisions for risk and charges 56
31.	Deferred tax assets and liabilities 56
32.	Trade payables 57
33.	Other current and non-current liabilities 57
34.	Other Information 58
35.	Transactions with Related Parties 60
36.	Significant events of the year 62
37.	Subsequent events 62

Consolidated Statement of Profit and Loss

			For the year ended December 31
(in Euro)	Note	2025	of which withrelatedparties:	2024	of which withrelatedparties:
Revenue	7	99,133,947	7,378,922	72,364,427	10,175,965
Other revenue and income	8	2,409,702	57,703	2,714,371	586,697
Purchases, services and personnel expenses	9	(80,077,854)	(368,557)	(62,499,848)	(217,165)
Amortization and depreciation	10/16/17	(19,817,031)	(252,958)	(20,945,274)	(245,532)
Impairment losses on financial assets	16/20	(5,495,042)	-	(552,515)	-
Accrual to provision for risks and charges	30	(150,000)	-	-	-
Other operating costs	11	(704,805)	-	(959,599)	-
Operating loss		(4,701,084)	6,815,111	(9,878,437)	10,299,965
Financial income	12	1,396,724	-	822,100	-
Financial expense	12	(3,745,474)	-	(2,961,029)	-
Share of profit/(loss) of equity-accountedinvestments, net of tax effects	12	(407,736)	-	(227,840)	-
Pre-tax loss		(7,457,570)	6,815,111	(12,245,206)	10,299,965
Taxes	13	(536,425)	-	6,606,696	-
Loss for the year		(7,993,995)	6,815,111	(5,638,510)	10,299,965
of which:
Profit attributable to non-controlling interests		2,000,547		1,763,176
Loss attributable to the owners of the parent		(9,994,542)		(7,401,686)
Basic and diluted earnings/(loss) per share		(0.34)		(0.24)

Consolidated Statement of Comprehensive Income

		For the year ended December 31
(in Euro)	Note	2025	2024
Loss for the year		(7,993,995)	(5,638,510)
Actuarial gains/(losses) on defined benefit plans	29	114,031	(209,499)
Actuarial gains/(losses) on defined benefit plans - related tax	29	(28,871)	51,731
Items that will not be subsequently reclassified to profit or loss insubsequent years		85,160	(157,768)
Net fair value losses on cash flow hedges	27	(43,588)	(214,269)
Net fair value gain/(losses) on cash flow hedges - related tax	27	8,436	51,425
Items that may be subsequently reclassified to profit or loss		(35,151)	(162,844)
Other comprehensive income/(expense), net of related tax		50,009	(320,612)
Comprehensive expense		(7,943,986)	(5,959,122)
of which:
Comprehensive income attributable to non-controlling interests		2,000,547	1,763,176
Comprehensive expense attributable to the owners of the parent		(9,944,533)	(7,684,662)

Consolidated Statement of Financial Position

Noteof which withof which with(in Euro)20252024related parties:related parties:Intangible assets and goodwill15-1674,358,862-81,191,711-Goodwill1549,190,205-49,190,205-Intangible assets1625,168,657-32,001,506-Property, plant and equipment1710,310,283-9,850,247-Right-of-use assets184,613,860464,1865,694,377712,970Non-current financial assets241,912,040994,000502,251419,000Equity-accounted investments25822,178-1,229,915-Deferred tax assets3110,858,807-10,460,187-Other non-current assets221,295,436-1,031,789-Non-current assets104,171,4671,458,186109,960,4761,131,970Inventories193,024,960-973,830-Contract assets267,512,9242,636,4068,429,1812,430,044Trade receivables2068,065,0091,940,44949,940,5665,627,842Current tax assets2144,495-79,225-Other current assets2216,847,486-5,680,942-Current financial assets241,384,012-970,732-Cash and cash equivalents2322,984,153-14,537,530-Current assets119,863,0394,576,85580,612,0058,057,886Total assets224,034,5056,035,040190,572,4819,189,857Share capital1,441,500-1,441,500-Share premium reserve108,539,944-108,539,944-Reserves(10,663,888)-(3,479,508)-Loss for the year(9,994,542)-(7,401,686)-Equity attributable to the owners of the parent89,323,014-99,100,250-Equity attributable to non-controlling interests3,518,048-3,192,583-Equity2792,841,061-102,292,833-Employee benefits - non-current295,450,497-4,739,373-Other non-current liabilities334,479,889-3,559,998-Non-current financial liabilities2813,481,743-24,216,798-Non-current financial and lease liabilities283,384,227249,6014,227,281474,237Deferred tax liabilities31905,383-1,375,380-Total non-current liabilities27,701,739249,60138,118,830474,237Provisions for risk and charges30150,000---Trade payables3213,918,804217,86411,918,3983,172Current financial liabilities2821,729,047-16,853,988-Current lease liabilities281,458,667295,4021,631,866256,718Contract liabilities2644,412,474457,0404,299,053535,808Tax liabilities21150,873-278,023-Other current liabilities3321,671,838-15,179,490-Total current liabilities103,491,703970,30650,160,818795,698Total liabilities131,193,4431,219,90788,279,6481,269,935Total equity and liabilities224,034,5051,219,907190,572,4811,269,935		As of December 31

Consolidated Statement of Cash Flows

		For the year ended December 31
(in Euro)	Note	2025	2024
Pre-tax loss		(7,457,570)	(12,245,206)
Adjustments for:
Amortization and depreciation of intangible assets and property, plant andequipment	10/16/17	19,817,032	20,945,274
Impairment losses	16/20	5,495,042	552,515
Expenses for employee share-based incentives	29	156,683	213,712
Accruals to provisions for risks and charges	30	150,000	-
Net interest income and expense	12	2,348,748	2,366,770
Other non-cash items		346,806	358,987
Cash flows from operating activities before changes in net working capital		20,856,739	12,192,052
Change in inventories	19	(2,051,130)	(214,765)
Change in trade receivables	20	(23,619,485)	5,004,784
Change in trade payables	32	1,477,234	(5,569,629)
Change in other assets/liabilities	22/33	37,226,107	8,492,932
Payment of employee benefits	29	(347,081)	(404,392)
Interest paid	12	(2,544,831)	(2,146,468)
Income tax paid		(1,831,619)	(5,574,247)
Net cash flows from operating activities		29,165,934	11,780,267
Net investment in intangible assets	16	(7,144,065)	(12,143,676)
Net investment in property, plant and equipment	17	(3,926,012)	(3,585,295)
Acquisition of subsidiaries net of cash and cash equivalents	5	(1,588,927)	(5,863,246)
Net cash flows used in investing activities		(12,659,004)	(21,592,217)
Repurchase of treasury shares		-	(1,606,906)
Dividends distributed		(1,712,152)	(2,015,411)
Net cash flows from investing activities		(744,220)	(228,682)
Net utilizations of credit facilities	28	(3,816,922)	12,593,098
Repayment of lease liabilities	28	(1,787,014)	(1,953,811)
Net cash flows from (used in) financing activities		(8,060,309)	6,788,290
Total change in cash and cash equivalents		8,446,623	(3,023,660)
Opening cash and cash equivalents	23	14,537,530	17,561,190
Closing cash and cash equivalents	23	22,984,153	14,537,530

Consolidated Statement of Changes in Equity

(in Euro)	Sharecapital	Share premiumreserve	Reserves	Profit/(loss) forthe year	Total equityattributableto theowners ofthe parent	Total equityattributableto noncontrollinginterests	Total equity
As of January 1, 2024	1,441,500	108,539,944	9,272,847	(10,704,682)	108,549,609	2,575,691	111,125,300
Profit/(loss) for the period	-	-	-	(7,401,686)	(7,401,686)	1,763,176	(5,638,510)
Actuarial losses on defined benefit plans	-	-	(157,768)	-	(157,768)	-	(157,768)
Fair value losses on cash flow hedges	-	-	(162,844)	-	(162,844)	-	(162,844)
Comprehensive income/(expense)	-	-	(320,612)	(7,401,686)	(7,722,298)	1,763,176	(5,959,122)
Coverage of previous year result	-	-	(10,704,682)	10,704,682	-	-	-
Repurchase of treasury shares	-	-	(1,606,906)	-	(1,606,906)	-	(1,606,906)
Other changes	-	-	(139,618)	-	(139,618)	-	(139,618)
Distribution of dividends to noncontrolling interests	-	-	(194,250)	-	(194,250)	(1,821,161)	(2,015,411)
Acquisition of equity investments	-	-	-	-	-	674,877	674,877
Share-based payments	-	-	213,713	-	213,713	-	213,713
As of December 31, 2024	1,441,500	108,539,944	(3,479,508)	(7,401,686)	99,100,250	3,192,583	102,292,833
Profit/(loss) for the period	-	-	-	(9,994,542)	(9,994,542)	2,000,547	(7,993,995)
Actuarial gains on defined benefit plans	-	-	85,160	-	85,160	-	85,160
Fair value losses on cash flow hedges	-	-	(35,151)	-	(35,151)	-	(35,151)
Comprehensive income/(expense)	-	-	50,009	(9,994,542)	(9,944,533)	2,000,547	(7,943,986)
Coverage of previous year result	-	-	(7,401,686)	7,401,686	-	-	-
Repurchase of treasury shares	-	-	-	-	-	-	-
Other changes	-	-	47,682	-	47,682	-	47,682
Distribution of dividends to noncontrolling interests	-	-	(37,069)	-	(37,069)	(1,675,083)	(1,712,152)
Acquisition of equity investments	-	-	-	-	-		-
Share-based payments	-	-	156,683	-	156,683	-	156,683
As of December 31, 2025	1,441,500	108,539,944	(10,663,888)	(9,994,542)	89,323,014	3,518,048	92,841,061

Notes to the Financial Statements

1. General Information

CY4Gate S.p.A. (hereinafter "CY4GATE" or the "Company" and, together with its subsidiaries, the "Group") is a company established and domiciled in Italy, with its registered office in Rome (RM), at 8, Coponia Street and organized according to the legal system of the Italian Republic. The Group is primarily engaged in the design, development and production of technologies, products, systems and services for the Armed Forces, Law Enforcement Agencies and Italian and foreign companies. Since June 26, 2023, the shares of CY4GATE S.p.A. have been traded in the Euronext STAR Milan market segment of the Italian Stock Exchange (shares were traded in the Euronext Growth Milan market segment from 2020 up until the above date).

The Company is controlled by Elettronica S.p.A., with a registered office in Rome, which prepares the consolidated financial statements of the largest group of companies to which the Company belongs. In compliance with point 22 quinquies of Article 2475 of the Civil Code, it is communicated that a copy of the consolidated financial statements is kept at the headquarters of the ultimate parent company in Via Tiburtina Km 13,700.

As of the date of preparation of these consolidated financial statements, the Company is not subject to direction and coordination of any of its shareholders, as the Board of Directors of the Company assumes in full and complete autonomy and independence the most appropriate decision relating to the management of the Company's activities.

Authorization for publication

These Consolidated Financial Statements were approved and authorized for publication by the Board of Directors of CY4GATE S.p.A. on March 12, 2026 and are audited by KPMG S.p.A.

The publication of these consolidated financial statements is carried out in accordance with the Delegated Regulation of the European Commission 2019/815 and subsequent amendments.

2. Basis of Presentation

This section provides a description of the most relevant accounting policies adopted for the preparation of these Consolidated Financial Statements as of and for the year ended December 31, 2025 (hereinafter the "Consolidated Financial Statements"). These principles have been applied consistently for all periods presented.

2.1. Basis of Preparation

These Consolidated Financial Statements, prepared in compliance with the provisions of Article 154-ter of Legislative Decree no. 58/98 - T.U.F. - and subsequent amendments and additions, has been prepared in accordance with the EU IFRS, meaning by this all the International Financial Reporting Standards (IFRS), all the International Accounting Standards (IAS), all interpretations of the International Financial Reporting Interpretations Committee (IFRIC), formerly the Standing Interpretations Committee (SIC) that, as of the reporting date of the Consolidated Financial Statements, have been endorsed by the European Union in accordance with the procedure provided for by Regulation (EC) No. 1606/2002 of the European Parliament and of the European Council of July 19, 2002. IFRS have been applied consistently to all periods reported in this document. Furthermore, reference was made to the provisions issued by Consob (Italian National Commission for listed companies) in implementation of paragraph 3 of Article 9 of Legislative Decree 38/2005.

The Consolidated Financial Statements have been prepared on a going concern basis, as the Directors have verified the absence of financial, managerial or other indicators that could signal difficulties regarding the Group's ability to meet its obligations in the foreseeable future and in particular in the next 12 months, in relation to the date of these Consolidated Financial Statements. The description of the ways in which the Group manages financial risks is illustrated in the subsequent Note 3 related to "Financial Risk Management".

The Consolidated Financial Statement have been prepared and presented in Euro, which represents the currency of the predominant economic environment in which the Group operates. All amounts included in this document, unless otherwise indicated, are expressed in Euro.

The following are the financial statements formats and the relative classification criteria adopted by the Group, within the options provided by IAS 1 Presentation of financial statements:

the Consolidated Statement of Financial Position has been prepared by classifying assets and liabilities according to the "current/non-current" criterion;
the Consolidated Statement of Profit and Loss has been prepared by classifying operating costs by nature;
the Consolidated Statement of Profit and Loss, in addition to the profit (loss) for the period resulting from the Statement of Profit and Loss, includes income and expense that are not recognized in profit or loss as required by IFRS;
the Consolidated Statement of changes in equity, prepared in accordance with IAS 1;
the Consolidated Statement of Cash Flows has been prepared by presenting cash flows resulting from operating activities according to the "indirect method".

The Consolidated Financial Statements were prepared based on the conventional criterion of the historical cost, except for the measurement of financial assets and liabilities, in cases where the application of the criterion of the fair value criterion is mandatory.

It should be noted that the Directors have reclassified the balances of certain items for the comparative year, in order to better represent the financial statements amounts. In particular, the affected items are "Other current liabilities" and "Contract liabilities". The directors have not considered these reclassifications significant for disclosure purposes.

2.2. Scope of consolidation

The list of companies included in the scope of consolidation as of December 31, 2025 is indicated in the following table:

Company name	Registered office	Share/quota	% direct	% Group	Method of	As of December31
		capital	investment	investment	consolidation	2025	2024
CY4GATE S.p.A. (ParentCompany)	Rome (Italy) - via Coponia 8	EUR 1,441,500	-	-	-	x	x
Subsidiaries
RCS ETM Sicurezza S.p.A.(in brief, RCS)	Milan (Italy) - Via Caldera 21	EUR 7,000,000	100%	100%	Line-by-lineconsolidation	x	x
Dars Telecom SL	Madrid (Spain) - Paseo PintorRosales 44	EUR 4,808	65%	65%	Line-by-lineconsolidation	x	x
Diateam S.a.S. *	Brest (France) - 31 rue YvesCollet	EUR 300,000	85.33%	100.00%	Line-by-lineconsolidation	x	x
Tykelab S.r.l.	Rome (Italy) - Via BenedettoCroce 10	EUR 10,000	90%	90%	Line-by-lineconsolidation	x	x
XTN Cognitive Security S.r.l.(in short, XTN) **	Arco (Italy) - via S. Caterina 95	EUR 10,000	77.80%	80.00%	Line-by-lineconsolidation	x	x

Andrézieux-Bouthéon (France)- Bvd P. Desgrange 5	EUR 500,000	25%	25%	Equity	x	x
Joint Venture
Rome (Italy) - Via Cassiodoro1/a	EUR 120,000	50%	50%	Equity	x	x

*It is noted that the Group contribution rate is 100%, which reflects Diateam's contribution to equity attributable to the owners of the parent following the registration of additional interests which arose from the accounting treatment of Put options granted to non-controlling interests on their quotas.

** It is noted that the Group contribution rate is 80%, which includes XTN's contribution to equity following the registration of additional interests. This resulted from the accounting of Put options granted to certain non-controlling interests on their quotas, representing 2.20% of the quota capital of the investee.

On July 30, 2025, following the exercise of the Put & Call option agreements, CY4GATE S.p.A. signed the closing for the purchase of an additional 14.67% of the French investee, thus reaching 85.33% of its share capital. For more information, please refer to the paragraph "Significant events of the year".

It is specified that the Company excluded the following subsidiaries from the consolidation scope, as they are immaterial to the Consolidated Financial Statements due to their limited operations.

Company name	Registered office	Share capital	%directinvestment
Aurora France S.A.S.	Paris (France) - 9 Rue Parrot	EUR 10,000	100%
RCS LAB GMBH	Lebach (Germany) - Scheuernstraße 24	EUR 25,000	70%
XTN Inc.	New York - Madison Ave 509	USD 30,500	100%

The financial statements of the subsidiaries are included in the Consolidated Financial Statements from the date on which the Parent company begins to exercise control and until the date on which such control ceases.

The financial statements of the consolidated companies, prepared for consolidation purposes by the respective competent bodies, have been appropriately harmonized and reclassified in order to align them with the accounting standards and measurement criteria of the Group, as described below.

The subsidiaries are consolidated on a line-by-line basis from the date on which control was effectively acquired and cease to be consolidated on the date on which control is transferred to third parties.

2.3. Basis of Consolidation

The Consolidated Financial Statements as of and for the year ended December 31, 2025 were prepared by consolidating on a line-by-line basis the financial statements as of and for the year ended December 31, 2025 of the Parent Company and of the Italian and foreign companies of which CY4GATE holds control, either directly or indirectly.

Subsidiaries are those companies over which the Group exercises control. The Group controls a company when it is exposed, or has rights, to the variability of the subsidiary's results based on its involvement with the subsidiary itself and has the ability to influence those results through the exercise of its power.

Control can be exercised either by direct or indirect ownership of the majority of voting shares or by contractual or legal agreements, regardless of shareholding relationships. The existence of potential voting rights exercisable at the reporting date is considered for the purpose of determining control.

In general, control is presumed to exist when the Group holds, directly or indirectly, more than half of the voting rights.

The criteria adopted for line-by-line consolidation are as follows:

the assets and liabilities, expenses and income of the fully consolidated entities are included line by line, in their total amount, regardless of the ownership share held, attributing to non-controlling interests, where applicable, their share of equity and profit or loss for the period due to them; these shares are shown separately in the equity and consolidated statement of profit or loss;
business combinations are recorded, in accordance with the provisions contained in IFRS 3, using the acquisition method. According to this method, the consideration transferred in a business combination is measured at fair value, calculated as the sum of the fair values of the assets transferred and the liabilities assumed by the Group at the acquisition date and of the equity instruments issued in exchange for control of the acquired entity. Transaction costs are generally recognized in the Statement of Profit and Loss when they are incurred. Identifiable assets acquired and liabilities assumed are recorded at fair value at the acquisition date; exceptions are the following items, which are instead measured according to their reference principle: (i) deferred tax assets and liabilities, (ii) employee benefit assets and liabilities and (iii) assets held for sale. In the event that the fair values of assets, liabilities and potential liabilities can only be determined provisionally, the business combination is recorded using these provisional values. Any adjustments resulting from the completion of the measurement process are recognized within twelve months from the acquisition date;
if a component of the price is linked to the realization of future events, such component is considered in the estimate of fair value at the time of the business combination;
significant profits and losses, along with their tax effects, resulting from transactions carried out between fully consolidated companies and not yet realized with third parties, are eliminated, except for losses that are not eliminated if the transaction provides evidence of an impairment of the transferred asset. If significant, reciprocal liabilities and assets, costs and revenue, as well as financial expense and financial income are eliminated;
the purchase of additional equity shares in subsidiaries and the sale of equity shares that do not imply the loss of control are considered owner transactions; as such, the accounting effects of the said operations are recorded directly in equity.

2.4. Accounting policies

The following briefly describes the accounting policies and most significant measurement criteria used for the preparation of the Consolidated Financial Statements.

INTANGIBLE ASSETS

Intangible assets consist of identifiable non-monetary items without physical substance, which are controllable and capable of generating future economic benefits. These elements are initially recognized at purchase and/or development cost, including directly attributable expenses to prepare the asset for use. Any interest expense accrued during and for the development of intangible assets is considered part of the purchase cost. Specifically, the following main intangible assets can be identified:

(a) Goodwill

Goodwill is classified as an intangible asset with an indefinite useful life and is initially recorded at cost, as described above, and subsequently subjected to an assessment, at least annually, aimed at identifying any losses in value (impairment test). The reversal of impairment loss is not permitted, even if the reasons that led to the impairment cease to exist.

(b) Other intangible assets with a finite useful life

Intangible assets with a finite useful life are recognized at cost, as described above, net of accumulated amortization and any impairment losses.

Amortization begins when the asset is available for use and is systematically allocated in relation to its residual possibility of use, i.e., based on the estimated useful life.

The estimated useful life for the various categories of intangible assets is as follows:

Class of intangible asset	Useful life in years
Industrial patents and intellectual property rights	3-5
Concessions, licenses, trademarks and similar rights	3-10
Other intangible assets	3-9
Development costs	3

PROPERTY, PLANT AND EQUIPMENT

Property, plant and equipment are recorded at purchase or production cost, net of accumulated depreciation and any impairment losses. The purchase or production cost includes the costs directly incurred to prepare the assets for use, as well as any dismantling and removal costs that will be incurred as a result of contractual obligations that require the asset to be restored to its original condition. Financial expense directly attributable to the acquisition, construction or production of qualified assets are capitalized and amortized based on the useful life of the asset to which refer.

The costs incurred for maintenance and repairs of an ordinary and/or cyclical nature are charged to the statement of profit and loss when incurred. The capitalization of the costs related to the expansion, modernization or improvement of the structural elements owned or used by third parties is carried out to the extent that they meet the requirements to be separately classified as an asset or part of an asset. The assets recognized in relation to leasehold improvements are depreciated based on the duration of the lease, or on the basis of the specific useful life of the asset, if lower.

Depreciation is calculated on a straight-line basis using rates that allow assets to be depreciated until the end of their useful life. When the asset being depreciated is composed of distinctly identifiable elements, whose useful life differs significantly from that of the other parts that make up the asset, the depreciation is carried out separately for each of these parts, in application of the "component approach" method.

The indicative useful life, estimated for the various categories of property, plant and equipment, is as follows:

Class of property, plant and equipment	Useful life in years
Plant and machinery	3-7
Industrial and commercial equipment	5-7
Other assets	5-9

The useful life of property, plant and equipment is reviewed and updated, where necessary, at least at the end of each financial year.

Leased assets

The Group has entered into lease agreements relating to property, vehicles and industrial equipment. Lease contracts are generally entered into for fixed periods of 6 months to 6 years with extension options, as described below. Contracts can contain both lease components and components other than leases.

The Group attributes the consideration in the contract to components other than lease on the basis of the stand-alone selling price (SSP) for each obligation. When an SSP does not exist, the Group estimates the SSP using an adjusted market approach.

Lease contracts are recognized as right-of-use assets and liabilities corresponding to the date on which the asset is available for use by the Group.

The assets and liabilities deriving from a lease are initially measured on the basis of their present value. Lease liabilities include the net present value of the following lease payments:

fixed payments (including fixed payments in substance), net of any lease incentives;
variable payments based on an index or rate, initially measured using the index or rate as of the start date;
the exercise price of a purchase option if the Group is reasonably certain to exercise such option;
the payment of penalties for early termination; and
payments due in an optional renewal period if the Group is reasonably certain to exercise the renewal option.

The lease payments are discounted using the lease's implicit interest rate. If this rate cannot be easily determined, which is generally the case with leases held by the Group, the lessee's incremental borrowing rate is used, being the rate that the Group should pay to borrow the funds needed to obtain assets of similar value to the right-of-use asset in a similar economic environment with similar terms, guarantees and conditions.

The right-of-use asset is depreciated on a straight-line basis over the lease term, unless the contract provides for the transfer of ownership at the end of the lease term or the lease cost reflects the fact that the lessee will exercise the purchase option. In this case, the depreciation shall be the shorter of the useful life of the asset and the lease term. The estimated useful lives of the assets consisting of the right of use are calculated according to the same criterion applied to the items of property, plant and equipment. In addition, the right-of-use asset is reduced by any impairment losses and adjusted to reflect the remeasurement of the lease liability.

In the Statement of Financial Position, the Group presents right-of-use assets under property, plant and equipment and lease liabilities under current and non-current financial liabilities.

In the Statement of profit and loss, interest expense on lease liabilities constitutes a component of financial expense and is presented separately from the depreciation of right-of-use assets.

The Group avails itself of the exemptions provided by the IFRS 16 - Leases principle with reference to lease contracts lasting less than 12 months and contracts related to so-called low value assets, overall not significant.

The Group recognizes deferred tax on right-of-use assets and lease liabilities. Finally, it should be noted that the Group does not have any lease contracts as a lessor.

FOREIGN CURRENCY TRANSLATION

Transactions in currency other than the functional currency are recorded at the exchange rate in force at the date of the transaction. Monetary assets and liabilities denominated in currency other than the Euro are subsequently adjusted to the exchange rate in force at the end date of the financial year. Non-monetary assets and liabilities denominated in a currency other than the Euro are recorded at historical cost using the exchange rate in effect on the initial date of the transaction. Any exchange differences that may arise are reflected in profit and loss.

IMPAIRMENT OF INTANGIBLE ASSETS AND PROPERTY, PLANT AND EQUIPMENT

(a) Goodwill

Goodwill is not amortized but is rather tested for impairment annually or more frequently whenever there are indicators that may lead one to believe that it be impaired.

The impairment test is carried out with reference to the cash generating unit ("CGU") to which the goodwill was allocated. Any reduction in the value of goodwill is recognized if its recoverable amount is less than its carrying amount. Recoverable amount means the greater of the fair value of the CGU, net of disposal costs, and the related value in use, meaning the present value of the estimated future cash flows for this asset. In determining the value in use, the expected future cash flows are discounted using a pre-tax discount rate that reflects the current market valuations of the cost of money, compared to the investment period and the specific risks of the asset. In the event that the reduction in value resulting from the impairment test is greater than the value of the goodwill allocated to the CGU, the residual surplus is allocated to the assets included in the CGU in proportion to their carrying amount. The minimum limit of this allocation is the higher of the following:

the fair value of the asset net of selling costs;
the value in use, as defined above; and
zero.

The original value of goodwill cannot be reinstated if the reasons that led to the impairment cease to exist.

(b) Assets (intangible assets and property, plant and equipment) with a finite useful life

At each reporting date, a review is performed to ascertain whether there are any indicators that property, plant and equipment and/or intangible assets may have suffered an impairment. To this end, both internal and external sources of information are considered. With regard to the first, the following are considered: the obsolescence or physical deterioration of the asset, any significant changes in the use of the asset and the economic performance of the asset compared to what was expected. With regard to external sources, the following are considered: the trend of market prices of assets, any technological, market or regulatory discontinuities, the trend in market interest rates or the cost of capital used to measure investments.

If the presence of these indicators is identified, the recoverable amount of the aforementioned assets is estimated, allocating any impairment loss with respect to the relative carrying amount to profit or loss. The recoverable amount of an asset is represented by the higher of the fair value, net of ancillary sales costs, and the related value in use, meaning the present value of the estimated future cash flows for this asset. In determining the value in use, the expected future cash flows are discounted using a pre-tax discount rate that reflects the current market valuations of the cost of money, compared to the investment period and the specific risks of the asset. For an asset that does not generate largely independent cash flows, the recoverable amount is determined in relation to the CGU to which the asset belongs.

An impairment loss is recognized in profit or loss if the carrying amount of the asset, or of the related CGU to which it is allocated, is higher than its recoverable amount. Impairment losses on CGUs are charged first against the carrying amount of any goodwill attributed to them and then, as a reduction of other assets, in proportion to their carrying amount and within the limits of the related recoverable amount. If the reasons that led to the impairment cease to exist, the carrying amount of the asset is reinstated with recognition in the Statement of Profit and Loss, within the limits of the net carrying amount that the asset would have had if the impairment loss had not occurred and the related amortization and depreciation had been charged.

EQUITY INVESTMENTS

In the presence of evidence of impairment, recoverability is verified by comparing the carrying amount and the higher of the value in use, determined by discounting the prospective cash flows, where possible, of the investment, and the hypothetical sale value, determined on the basis of recent transactions or market multiples. The share of losses exceeding the carrying amount is recognized as a specific liability to the extent that the Group believes there are legal or implicit obligations to cover the losses and in any case within the limits of the equity. If the subsequent performance of the investment subject to impairment presents an improvement such that the reasons for the impairments made are no longer present, the investments are revalued within the limits of the impairments recognized in the previous years. Dividend income is recognized in the Statement of Profit and Loss when the right to receive payment is established.

INVENTORIES

Inventories are recorded at the lower of purchase or production cost and net realizable value, represented by the amount the Group expects to obtain from its sale in the normal course of business, net of selling costs.

The cost of finished products and semi-finished products includes raw materials, direct labor costs and other production costs (determined on the basis of normal operating capacity). Financial expense is not included in the measurement of inventories. It is charged to the profit or loss when incurred, as it does not meet the timing requirements for capitalization.

Inventories of raw materials and semi-finished products that can no longer be used in the production cycle and inventories of unsaleable finished products are impaired. The impairment is eliminated in subsequent years if the reasons for it cease to exist.

CASH AND CASH EQUIVALENTS

Cash and cash equivalents include cash, bank deposits or balances with other credit institutions available for current operations, postal accounts and other equivalent values, as well as investments with maturities of up to three months from the acquisition date. The items included in cash and cash equivalents are initially measured at fair value and then at amortized cost.

TRADE RECEIVABLES AND CURRENT FINANCIAL ASSETS

Trade receivables, other current assets and current financial assets are generated through the ordinary course of the business and held for the purpose of collecting the contractual cash flows, that consist of "solely capital payments and interest" according to the criterion set out in IFRS 9. Consequently, they are initially recognized at fair value adjusted for the directly attributable transaction costs and subsequently measured at amortized cost based on the effective interest rate method (i.e., the rate that makes the present value of expected cash flows and the carrying amount equal, at the time of initial recognition), appropriately adjusted to take account of any impairment losses, by recognizing a loss allowance. Trade receivables, other current assets and financial assets are included in current assets, with the exception of those with a contractual maturity of more than twelve months after the reporting date, which are classified in noncurrent assets.

Assets with due dates over 12 months and without significant financial components are presented at their present value.

IMPAIRMENT OF ASSETS

At each reporting date, financial assets, with the exception of those measured at fair value through profit or loss, are analyzed to verify the existence of indicators of impairment. According to IFRS 9, a model for forecasting expected credit losses must be applied when assessing an impairment. In carrying out this assessment, the Group applies a simplified approach provided by IFRS 9 to estimate the lifetime expected credit losses and takes into account its historically gained experience regarding credit losses, adjusted for specific prospective factors, the nature of the Group's receivables and the economic context. If there is evidence of impairment, the loss is recognized in the Statement of Profit and Loss under the item "Net impairment losses on financial assets and contract assets".

Trade receivables and financial assets are impaired when there is no rational expectation of them being recovered. The signs that indicate the absence of rational recovery expectations include, among others, the inability of a creditor to engage in a recovery plan with the Group, and the inability to make contractual payments for a significant period of time.

For financial assets accounted for at amortized cost, when an impairment loss has been identified, its value is measured as the difference between the carrying amount of the asset and the present value of expected future cash flows, discounted at the original effective interest rate. This impairment loss is recognized in the statement of profit and loss.

DERECOGNITION OF FINANCIAL ASSETS AND LIABILITIES

Financial assets are derecognized when one of the following conditions is met:

the contractual right to receive the cash flows from the asset has expired;
the Group has substantially transferred all the risks and benefits associated with the asset, transferred its rights to receive cash flows from the assets or assumed a contractual obligation to transfer the cash flows received to one or more potential beneficiaries by virtue of a contract that meets the requirements of the standard ("pass through test");

• the Group has neither transferred nor substantially maintained all the risks and benefits associated with the financial asset but has ceded control of it.

Financial liabilities are derecognized when they are extinguished, that is, when the contractual obligation is fulfilled, canceled or prescribed. An exchange of debt instruments with substantially different contractual terms must be accounted for as an extinction of the original financial liability and the recognition of a new financial liability. Similarly, a substantial change in the contractual terms of an existing financial liability, even partial, must be accounted for as an extinction of the original financial liability and the recognition of a new financial liability.

OFFSETTING OF FINANCIAL ASSETS AND LIABILITIES

The Group offsets financial assets and liabilities if and only if:

there is a legally exercisable right to offset the amounts recognized in the financial statements;
there is an intention either to offset on a net basis or to realize the asset and settle the liability simultaneously.

FINANCIAL LIABILITIES AND TRADE PAYABLES

Financial liabilities and trade payables are recognized when the Group becomes a party to the related contractual clauses. They are initially measured at fair value, adjusted for directly attributable transaction costs and, except for derivative financial instruments, are subsequently measured at amortized cost using the effective interest rate method.

Financial liabilities are derecognized when and only when they are extinguished (that is, when the obligation specified in the contract is remitted, canceled or expires).

DERIVATIVE FINANCIAL INSTRUMENTS

Derivative financial instruments are used as economic hedging only to reduce interest rate risk. All derivative financial instruments are measured at fair value.

If financial instruments are not accounted for, under IFRS 9, as hedging instruments, changes in fair value detected subsequent to initial recognition are treated as components of the profit or loss.

When derivative financial instruments qualify for hedge accounting, the following accounting treatments apply.

Cash flow hedge instruments

When a derivative financial instrument is designated as a hedging instrument for the exposure to the variability of future cash flows of an asset or liability recognized in the financial statements or a highly probable expected transaction and can impact profit or loss, the effective portion of any profit or loss on the derivative financial instrument is recognized directly in the Statement of comprehensive income through a specific capital reserve ("Cash flow hedge reserve"). The cumulative profit or loss is reclassified from the statement of comprehensive income to the statement of profit and loss when the economic effects deriving from the hedged item impact profit or loss. The profit or loss associated with a hedge or part of the hedge that has become ineffective is recognized in the Statement of Profit and Loss immediately under financial income or financial expense, respectively. When an instrument or a hedging relationship expires (for example, the derivative is sold, reaches its expiry or the hedging relationship no longer qualifies as effective), but the Group expects the hedged transaction to happen in the future, the cumulative gain or loss at the time of extinction remains in the statement of comprehensive income and is recognized in the statement of profit or loss when the underlying transaction takes place. If the underlying transaction is no longer probable, the cumulative gain or loss present in the Statement of comprehensive income is immediately recognized in profit or loss.

The Group makes use of hedging derivatives to face the interest rate risk on loan agreements entered into by the parent company and its subsidiaries.

If hedge accounting cannot be applied, the fair value gains or losses on the derivative financial instruments are recognized immediately in financial income or financial expenses, respectively.

EMPLOYEE BENEFITS

Short-term benefits are represented by wages and salaries, social security contributions, compensation for vacation and incentives paid in the form of bonuses payable in the twelve months from the reporting date. These benefits are accounted for as components of personnel expenses in the period in which the work is performed.

TFR

In defined benefit plans, including the post-employment benefits due to employees pursuant to Article 2120 of Italian Civil Code ("TFR"), the amount of the benefit to be paid to the employee can be quantified only after the termination of the employment relationship, and is linked to one or more factors such as age, years of service and remuneration; therefore the related expense is charged to profit or loss on the basis of an actuarial calculation. The liability recorded in the financial statements for defined benefit plans corresponds to the present value of the obligation at the reporting date. The present value of the defined benefit plan is determined by discounting the future cash flows at an interest rate equal to that of bonds (high-quality corporate) issued in Euro and which takes into account the duration of the related pension plan. Actuarial gains and losses deriving from the aforementioned adjustments and changes in actuarial assumptions are recognized in comprehensive income.

Starting from January 1, 2007 the so-called 2007 Budget Law and the related implementation decrees have introduced significant changes to the post-employment benefit regulations, including the choice of the employee regarding the allocation of the accruing TFR. In particular, the new TFR flows may be directed by the worker to selected pension forms or maintained in the company. In the case of allocation to external pension schemes, only a defined contribution to the selected fund is paid by the Group, and from that date the newly accrued shares are defined contribution plans not subject to actuarial measurement.

SHARE-BASED PAYMENTS

In relation to share-based payments, the Group recognizes, where the conditions are met, the cost of the services acquired during the period in which they are rendered as a counter entry to an increase in equity or a liability, depending on the transaction settlement methods and, in particular, if the obligation is settled through shares (equity-settled plan) or with cash payment (cash-settled plan).

These plans are measured on the date the rights are assigned, through financial measurement techniques including market conditions in the measurement, and adjusting the number of rights that are expected to be assigned at each reporting date. The initial fair value of these rights is updated depending on whether the plan is classified as cash-settled or equity-settled respectively.

The Parent Company has provided for the Group's executives an Incentive Plan that consists of the free allocation of the Company's shares, upon reaching certain financial objectives. The Stock Grant Plan, as structured, falls within the scope of IFRS 2 in the "equity settled" transactions category.

The cost of the incentive plan is spread over the period to which the incentive refers (known as the vesting period) and is determined with reference to the fair value of the right assigned to the beneficiaries at the date of commitment, in order to reflect the market conditions existing at that date.

At each reporting date, the assumptions regarding the number of Stock Grants that are expected to mature are verified. The expense for the year is recognized in profit or loss, among the personnel expenses, and an equity reserve is recognized as a counter entry.

PROVISIONS

Provisions are recorded for losses and charges of a specific nature, of certain or probable existence, for which, however, the amount and/or date of occurrence cannot be determined. They are only recognized when there is a current obligation, legal or implicit, for a future outflow of economic resources as a result of past events and it is probable that this outflow is required for the fulfillment of the obligation. This amount represents the best estimate of the costs to settle the obligation. The rate used in determining the present value of the liability reflects current market values and takes into account the specific risk associated with each liability.

When the time value of money is significant and the payment dates of the obligations can be reliably estimated, the provisions are measured at the present value of the expected cash outflows using a rate that reflects the market conditions, the change in the cost of money over time and the specific risk linked to the obligation. The increase in the amount of the provision, determined by changes in the cost of money over time, is accounted for as an interest expense.

The risks for which the emergence of a liability is only possible are indicated in the specific section regarding contingent liabilities, and no provision is made for these.

RECOGNITION OF REVENUE FROM CONTRACTS WITH CUSTOMERS

The Group's revenue is mainly generated by the sale of technologies, products, systems and cyber security and cyber intelligence services.

Revenue from product sales is recognized at the time of transfer of control of the asset, i.e., of the risks and benefits, which normally coincides with the delivery or shipment of the goods, or at the time of transfer of the service to the customer, taking into account the value of any commercial discounts, allowances and expected returns. Revenue of a financial nature and revenue from services are recognized on an accruals basis. Revenue and income, costs and expenses related to foreign currency transactions are determined at the current exchange rate on the date on which the related transaction is carried out.

Contracts that meet the requirements for revenue recognition "over time" are classified among "contract assets" or "contract liabilities" depending on the relationship between the status of fulfillment of the performance by the Group and the payments received from the customer. In particular:

"contract assets" represent the right to consideration for goods or services that have already been transferred to the customer;
"contract liabilities" represent the Group's obligation to transfer goods or services to the customer for which a consideration has already been received (or the right to receive has already arisen).

Where more than one performance obligation is present within a contract, representing a contractual promise to transfer a distinct good or service to the customer (or a series of distinct goods or services that are substantially the same and are transferred in the same way), the classification between assets and liabilities is made at the overall level and not at the level of a single performance obligation.

Contract assets and liabilities are recognized using the percentage of completion as the methodology for measuring progress; according to this methodology, costs, revenue and the margin are recognized based on the progress of the activity, determined by referring to the ratio between costs incurred at the measurement date and total expected costs included in the relevant order budgets. The Company systematically updates the assumptions that are the basis of the order budgets in order to reflect in the financial statements the most reasonable estimate of the contractual considerations accrued and the economic result of the order.

Conversely, in the event that the requirements for recognition over a period of time are not met, revenue is recognized at a specific point in time ("at a point in time"), that is when the customer gains control of the promised goods or services.

Contract assets are presented net of any impairment losses. Periodic updates of estimates are made and any economic effects are accounted for in the year in which the updates are made.

The Group enters into contracts that are generally able to be distinguished and accounted for as separate performance obligations. The recognized revenue is limited to the amount of consideration that the Group expects to receive. The Group allocates the transaction price to performance obligations based on the stand-alone selling prices (SSP) for each obligation. When an SSP does not exist, the Group estimates it using a market-adjusted approach.

GRANTS

Government grants are recorded at fair value, when there is reasonable certainty that they will be received and all conditions relating to them are satisfied. When the grants are related to cost components, they are recognized as revenue, but are systematically allocated over the years to match the costs they intend to compensate. In the case where the contribution is related to an asset, the fair value is brought to decrease the asset itself. It is also suspended in liabilities if the asset to which it is related is not operational, or is under construction and the relative amount does not fit into the value of the asset itself.

DIVIDENDS

Dividends are recognized when the Shareholders' right to receive payment arises, which normally corresponds to the shareholders' meeting resolution on the distribution of dividends. The distribution of dividends to Shareholders is recorded as a liability in the financial statements in the period in which their distribution is approved by the Shareholders' Meeting and reflected as a change in equity.

TAXES

Current taxes are determined based on an estimate of taxable income, in compliance with the applicable tax legislation.

Deferred tax assets and deferred tax liabilities are calculated against all the differences that emerge between the tax base of an asset or liability and the related carrying amount, with the exception of goodwill upon initial recognition. Deferred tax assets, including those relating to previous tax losses, for the portion not offset by deferred tax liabilities, are recognized to the extent that it is probable that future taxable income will be available against which they can be recovered. Deferred tax assets and liabilities are determined using the tax rates that are expected to be applicable in the years in which the differences will be realized or settled.

The amount of deferred tax assets is reviewed at each reporting date and possibly reduced to the extent that it is no longer likely that sufficient taxable profits will be available in the future to allow all or part of the related credit to be utilized. Unrecognized deferred tax assets are reviewed annually at the reporting date and are recognized to the extent that it has become likely that the taxable profit is sufficient to allow such deferred tax assets to be recovered.

Current taxes, deferred tax assets and deferred tax liabilities are recognized in the statement of profit and loss under the item "Taxes", with the exception of those relating to items recognized in the Statement of comprehensive income other than profit and those relating to items directly debited or credited to equity. In these latter cases, deferred taxes are recognized in the Statement of comprehensive income and directly in equity. Deferred tax assets and deferred tax liabilities are offset when they are applied by the same tax authority, there is a legal right to offset them, and a settlement of the net balance is expected.

Other taxes not related to income, such as indirect taxes, are included in the statement of profit and loss item "Other operating costs".

EARNINGS/(LOSS) PER SHARE

The basic earnings (loss) per share are calculated by dividing the profit or loss attributable to the holders of ordinary shares of the Company by the weighted average of ordinary shares in circulation during the year, adjusted to take into account the treasury shares owned. The diluted earnings (loss) per share are calculated by adjusting the profit or loss attributable to the holders of ordinary shares, as well as the weighted average of shares in circulation, as defined above, to take into account the effects of all potential ordinary shares with dilutive effect.

2.5. Recently issued accounting standards

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS IN EFFECT AS OF JANUARY 1, 2025

The following summarizes the newly issued accounting standards, amendments, and interpretations that came into effect on January 1, 2025.

Amendments IAS 21 — The Effects of Changes in Foreign Exchange Rates: Lack of Exchangeability

In August 2023, the IASB issued amendments to IAS 21 — The Effects of Changes in Foreign Exchange Rates: Lack of Exchangeability, to clarify how an entity has to apply a consistent approach to assessing whether a currency is exchangeable into another currency and, when it is not, to determine the exchange rate to use and the disclosures to provide. These amendments came into effect on or after January 1, 2025.

There were no significant impacts on the Consolidated Financial Statements resulting from the adoption of the above amendments.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS ENDORSED BY THE EUROPEAN UNION BUT NOT YET APPLICABLE

The following summarizes the accounting standards, amendments and interpretations approved by the European Union but not yet applicable as of December 31, 2025; effective from January 1, 2026 or at a later date. The Group is assessing the effects that the adoption of these changes could have on its own Consolidated Financial Statements. As of the date of preparation of these Consolidated Financial Statements, significant impacts are expected from the entry into force of IFRS 18 Presentation and Disclosure in Financial Statements, which will enter into force on January 1, 2027, the financial statements of which must be presented in consistency with IFRS 18 also with reference to comparative balances. With reference to the other standards, amendments, interpretations in the list, the assessment of any impacts that their application could determine on future financial statements is ongoing and no significant impacts are expected to date.

IFRS 18 – Presentation and Disclosure in Financial Statements In April 2024, the IASB published a new accounting standard, which will replace the IAS 1 Presentation of Financial Statements, to improve the reporting of the financial performance. The IFRS 18 Presentation and Disclosure in Financial Statements will improve the quality of financial reporting through requirements on: (i) subtotals defined in the income statement; (ii) disclosure on performance measures defined by the Management; and (iii) addition of new principles regarding aggregation and disaggregation of information. The standard will enter into force on January 1, 2027. Annual Improvements Volume 11 Issued in July 2024. The document contains formal amendments and clarifications to some existing standards. In detail, the following principles have been amended: (i) "IAS 7 – Cost method", the amendment eliminates the term "cost method", no longer defined in the IFRS accounting standards; (ii) "IFRS 9 – Lessee derecognition of lease liabilities", the amendment solves a potential lack of clarity relating to the way in which a lessee accounts for the derecognition of a lease liability, clarifying that any resulting gain or loss must be recognized in the Income Statement; (iii) "IFRS 9 – Transaction price", the amendment removes the reference, in Appendix A of IFRS 9, to the definition of "transaction price" contained in IFRS 15, considering that the term is used in particular paragraphs of IFRS 9 with a meaning not necessarily consistent with the definition of that term in IFRS 15; (iv) "IFRS 7 – Gain or loss on derecognition", the amendment clarifies a potential confusion arising from an obsolete reference to a paragraph that was deleted from the standard at the time of issue of "IFRS 13 – Fair Value Measurement"; (v) "IFRS 7 – Disclosure of delayed difference between fair value and transactions price", the amendment clarifies an inconsistency between the standard and the related application guidelines, recognized when a change, consequent to the issuance of IFRS 13, was made to the standard, but not to the corresponding paragraph of the implementing guidelines; (vi) "IFRS 7 - Introduction and credit risk disclosures", the amendment solves a potential confusion by clarifying how to apply the relevant application guide and simplifying certain explanations; (vii) "IFRS 10 - Determination of a 'de facto agent'", the amendment clarifies how an investor must determine whether another person acts on its behalf; (viii) "IFRS 1 - hedge accounting by a first-time adopter"; the change improves the consistency between the hedge accounting requirements provided for in IFRS 9 and IFRS 1. Each of the amendments will be applicable from the financial years beginning on or after January 1, 2026.

Amendments to the Classification and Measurement of Financial Instruments – Amendment to IFRS 9 and IFRS 7

In May 2024, the IASB published the Amendments to the classification and measurement of financial instruments that amended IFRS 9 Financial Instruments and IFRS 7 Financial Instruments: disclosures. In detail, the IASB amended the provisions relating to: (i) clarify the date of recognition and derecognition of some financial assets and liabilities, with a new exception provided for some financial liabilities settled through an electronic money transfer system; (ii) clarify and add further indications in assessing whether a financial asset meets the criterion of solely payments of principal and interest (SPPI); (iii) add new disclosure for some instruments with contractual terms that may change cash flows (for example, some financial instruments with characteristics linked to the achievement of environmental, social and governance objectives) and (iv) update the disclosure on equity instruments measured at fair value recorded in Other Comprehensive Income (FVOCI). These amendments are effective from January 1, 2026.

Contracts Referencing Nature-dependent Electricity Amendments to IFRS 9 and IFRS 7

In December 2024, the IASB published amendments aimed at supporting companies to better report the financial effects of nature-dependent electricity agreements, often structured as Power Purchase Agreements (PPAs). Nature-dependent electricity contracts help companies to ensure their own supply of electricity from sources such as wind and solar energy, and current accounting requirements may not adequately capture how these contracts affect a company's performance. To enable companies to better reflect these contracts in the financial statements, the amendments to IASB will focus on IFRS 9 Financial Instruments and IFRS 7 Financial Instruments: Disclosure, and will include: (i) to clarify the application of "own use" requirements; (ii) allow hedges to be accounted for if these contracts are used as hedging instruments; and (iii) add new disclosure requirements to allow investors to understand the effect of these contracts on a company's financial performance and cash flows. These amendments are effective from January 1, 2026.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS NOT YET ENDORSED BY THE EUROPEAN UNION

Below are the newly issued accounting standards, amendments and interpretations, not yet endorsed by the European Union. The Group is assessing the effects that the adoption of these changes could have on its own Consolidated Financial Statements. As of the drafting date of these Consolidated Financial Statements, no significant impacts are expected.

IFRS 19 Subsidiaries without Public Accountability: Disclosures In May 2024, the IASB issued IFRS 19 Subsidiaries without Public Accountability: Disclosures: The standard, which enters into force on January 1, 2027 - subject to approval - allows subsidiaries without public responsibility to apply the requirements for the recognition and measurement of IFRS while maintaining a reduced supplementary disclosure regime. Amendments to IAS 21 The Effects of Changes in Foreign Exchange Rates: Translation to a Hyperinflationary Presentation Currency In November 2025, the IASB published the amendment "Translation to a Hyperinflationary Presentation Currency (Amendments to IAS 21)". These amendments clarify the methods for converting the financial statements from a non-hyperinflationary functional currency to a hyperinflationary presentation currency, requiring the use of the closing rate at the date of the last statement of financial position for all amounts (including comparative). It is expected to enter into force on years beginning on or after January 1, 2027, with the right of early application.

Amendments to IFRS 19 Subsidiaries without Public Accountability: Disclosures

Applicable from January 1, 2027, published in May 2024, the standard will introduce reduced obligations regarding the disclosure of financial statements of subsidiaries, allowing suitable subsidiaries to apply IFRS Accounting Standards with reduced disclosure, in addition to including reduced disclosure requirements for other standards or amendments issued between February 2021 and May 2024.

3. Financial Risk Management

The Group's activities are exposed to the following financial risks: i) market risk, defined as currency risk, interest rate risk and price risk, ii) credit risk, iii) liquidity risk and iv) capital risk.

The Group's risk management strategy is aimed at minimizing potential negative effects on the Group's financial performance.

Currently and based on the estimates made, no problems of business continuity or impairment emerge.

INTEREST RATE RISK

The Group has entered into "Interest Rate Swaps" hedging the risk of fluctuationsin the interest rates applied to variable rate loans. The following tables provide details of the instruments held as of December 31, 2025 and 2024:

Bank loans as of December 31, 2025		Cash Flow hedges
	Principal		Principal as of December 31, 2025
(in Euro)		IRS	Total
Variable rate loans	43,000,000	15,500,000	15,500,000
Fixed rate loans	6,097,858	-	-
Total	49,097,858	15,500,000	15,500,000

Bank loans as of December 31, 2024		Cash Flow hedges
	Principal	Principal as of December 31, 2024
(in Euro)		IRS	Total
Variable rate loans	48,500,000	18,500,000	18,500,000

Fixed rate loans	500,000	-	-
Total	49,000,000	18,500,000	18,500,000

The Group, in choosing financing and investment operations, has adopted criteria of prudence and limited risk and has not carried out speculative transactions.

CURRENCY RISK

The Group believes that it is not significantly exposed to fluctuations in exchange rates, therefore it does not carry out operations in derivative financial instruments to hedge against currency risk. In particular, despite the Group conducting its business abroad, exposure to foreign countries is limited and there are no financial liabilities in currencies other than the Euro.

PRICE RISK

The Group believes it is not significantly exposed to the movements of raw material and commodity prices used in the production process and the resulting influence of these on operating margins.

CREDIT RISK

Credit risk is essentially derived from trade receivables. To mitigate credit risk related to counterparties in trade transactions, the Group has implemented procedures aimed at limiting the concentration of exposures to single counterparties or groups, through a creditworthiness analysis. Constant credit monitoring allows the Group to promptly verify any defaults or worsening of the creditworthiness of the counterparts and to adopt the relative mitigating actions.

It should also be specified that the credit risk is further limited considering the characteristics of the customers, largely public entities.

The Group applies the simplified approach provided by IFRS 9 for the estimate of the recoverability of its trade receivables. The adjustment of the estimates that results from this takes into account the risk of non-collectability of receivables through the differentiation of the ECL (Expected Credit Losses) applied to groups of homogeneous receivables with respect to the risk profile and age, or depending on the progress of the actions taken for the recoverability of bad debts. The amount of financial assets considered unlikely to be recovered is not significant and is, in any case, covered by appropriate allocations to the loss allowance. See Note 20 for more details about the loss allowance.

LIQUIDITY RISK

CAPITAL RISK

The Group's objective in managing capital risk is mainly to safeguard the going concern in order to guarantee returns to shareholders and benefits to all stakeholders. The Group also aims to maintain an optimal capital structure in order to reduce the cost of indebtedness.

FINANCIAL ASSETS AND LIABILITIES BY CATEGORY

The fair value of financial assets, financial liabilities and loans, recorded among the "current" items of the statement of financial position and evaluated with the amortized cost method, being mainly assets underlying relationships whose settlement is expected in the short term, does not differ from the amounts recognized in the financial statements as of and for the years ended December 31, 2025 and 2024.

Non-current financial assets and liabilities are settled or measured at market rates and it is believed, therefore, that the fair value of the same is substantially in line with current carrying amounts.

The following is a classification of financial assets and liabilities by category as of December 31, 2025 and 2024 identified based on the requirements of IFRS 7.

As of December 31, 2025(in Euro)	Financialassets /liabilities atamortized cost	Fair value ofhedginginstruments	Assets /liabilities at fairvalue throughprofit or loss	Non-financialassets /liabilities	Total
Assets
Non-current financial assets	1,890,250	21,790		-	1,912,040
Current financial assets	1,349,366	34,646		-	1,384,012
Cash and cash equivalents	22,984,153		-	-	22,984,153
Total assets	26,223,768	56,437	-		- 26,280,205
Liabilities
Non-current financial liabilities	12,805,939	806	674,998		- 13,481,743
Non-current lease liabilities	3,384,227		-	-	3,384,227
Current financial liabilities	20,578,260	1,720	1,149,067		- 21,729,047
Current lease liabilities	1,458,667		-	-	1,458,667
Total liabilities	38,227,093	2,526	1,832,754		- 40,053,684

As of December 31, 2024(in Euro)	Financialassets /liabilities atamortized cost	Fair value ofhedginginstruments	Assets /liabilities at fairvalue throughprofit or loss	Non-financialassets /liabilities	Total
Assets
Non-current financial assets	442,719	59,532		-	502,251
Current financial assets	920,352	50,380		-	970,732
Cash and cash equivalents	14,537,530		-	-	14,537,530
Total assets	15,900,601	109,912	-	-	16,010,513
Liabilities
Non-current financial liabilities	21,819,661	5,292	2,391,845	-	24,216,798
Non-current lease liabilities	4,227,281		-	-	4,227,281

Current financial liabilities	15,069,400	2,635	1,781,953	-16,853,988
Current lease liabilities	1,631,866		-	-1,631,866
Total liabilities	42,748,208	7,927	4,173,798	-46,929,933

FAIR VALUE MEASUREMENT

The fair value of financial instruments listed on an active market is based on market prices at the reporting date. The fair value of instruments that are not listed on an active market is determined using measurement techniques based on a series of methods and assumptions related to market conditions at the reporting date.

The following is the classification of the fair values of financial instruments based on the following hierarchical levels:

Level 1: Fair value determined with reference to listed prices (not adjusted) on active markets for identical financial instruments;
Level 2: Fair value determined with measurement techniques with reference to observable variables on active markets;
Level 3: Fair value determined with measurement techniques with reference to unobservable market variables.

The following tables present the classification of the fair value of current financial instruments, as of December 31, 2025 and 2024. The amounts refer to interest rate hedging derivatives entered into by the Group and the put options recognized in relation to the acquisition of Diateam and XTN. For more information, please refer to Note 5.

As of December 31, 2025		Fair Value
(in Euro)	Level 1	Level 2	Level 3	Total
Non-current assets	-	21,790	-	21,790
Derivative financial instruments	-	21,790	-	21,790
Current assets	-	34,646	-	34,646
Derivative financial instruments	-	34,646	-	34,646
Non-current liabilities	-	(806)	-	(806)
Derivative financial instruments	-	(806)	-	(806)
Current liabilities	-	(1,720)	-	(1,720)
Derivative financial instruments	-	(1,720)	-	(1,720)
Current and non-current financial liabilities	-	-	(1,824,065)	(1,824,065)
Put options on business combinations	-	-	(1,824,065)	(1,824,065)
Total	-	53,911	(1,824,065)	(1,770,155)

As of December 31, 2024	Fair Value
(in Euro)	Level 1		Level 2	Level 3	Total
Non-current assets		-	59,532	114,977	174,509
Derivative financial instruments		-	59,532	114,977	174,509
Current assets		-	50,380	252,572	302,952
Derivative financial instruments		-	50,380	252,572	302,952
Non-current liabilities		-	(5,292)	-	(5,292)
Derivative financial instruments		-	(5,292)	-	(5,292)
Current liabilities		-	(2,635)	-	(2,635)
Derivative financial instruments		-	(2,635)	-	(2,635)

Current and non-current financial liabilities	-	-	(4,173,798)	(4,173,798)
Put options on business combinations	-	-	(4,173,798)	(4,173,798)
Total	-	101,985	(3,806,249)	(3,704,264)

Measurement techniques and inputs used

The financial liability on business combinations, amounting to EUR 1,833 thousand, is related to the accounting, under the anticipated acquisition method provided by IFRS 3 - Business Combinations, of the liabilities related to the acquisition of control of and of XTN deriving from the put options provided in favor of the non-controlling interests (sellers) of Diatream on the remaining share of 14.67% and of some non-controlling interests of XTN on a further share amounting to 2.2% of the share capital, as provided by the acquisition contracts.

The present value of this liability was calculated in accordance with the contractual provisions and is based on the 2025 EBITDA value of the subsidiary Diateam, to which an valuation by multiples is applied.

For XTN, the liability was determined equal to the current value of the amount to be paid at the contractual due date, based on the fair market value, against the purchase of the interests of the non-controlling investors themselves.

The changes in the present value of the aforementioned liability are recognized by the Group in the income statement, under "financial expense" or "financial income". For more information, please refer to note 12.

4. Estimates and Assumptions

The preparation of the financial statements requires the Directors to apply accounting principles and methods which, in certain circumstances, are based on difficult and subjective assessments and estimates based on historical experience and assumptions that are considered reasonable from time to time and realistic according to the relative circumstances. The application of these estimates and assumptions affects the amounts reported in the financial statements, in the statement of financial position, in the statement of profit and loss, in the statement of comprehensive income, in the statement of cash flows, in the statement of changes in equity, as well as in the disclosure provided. The estimates are based on the most recent information that the Directors have at the time of drafting these financial statements.

The final results of the financial statements items for which the aforementioned estimates and assumptions have been used may differ from those reported in the financial statements that reflect the effects of the occurrence of the event subject to estimation, due to the uncertainty that characterizes the assumptions and conditions on which the estimates are based.

The areas that require more subjectivity on the part of the Directors in preparing the estimates, and for which a change in the conditions underlying the assumptions used could have a significant impact on the financial data, are briefly described below.

(a) Impairment of assets

In accordance with the accounting standards applied by the Group, property plant and equipment, intangible assets and goodwill are subject to tested for impairment, which must be recognized through an impairment loss, when there are indicators that suggest difficulties in recovering the related net carrying amount, represented by the higher between fair value less cost of disposal and value in use. The verification of the existence of the aforementioned indicators requires the Directors to make subjective assessments based on the information available within the Group and on the market, as well as from historical experience. Furthermore, if it is determined that a potential impairment may have occurred, the companies of the Group proceed with the determination of the impairment using measurement techniques deemed appropriate. The correct identification of the elements indicating the existence of a potential impairment of property, plant and equipment and intangible assets, as well as the estimates for their determination, depend on factors that may vary over time, influencing the assessments and estimates made by the Directors.

With particular reference to the estimation of the value in use through a method based on the discounting of expected cash flows, it is highlighted that this methodology is characterized by a high degree of complexity and the use of estimates, by their uncertain and subjective nature, about:

the expected flows of the CGU, determined taking into account the general economic trend and the specific industry, the actual cash flows achieved in the last few years and the forecast growth rates;
the financial parameters used for the determination of the discount rate.

(b) Purchase Price Allocation

In the context of business combinations, for the consideration transferred for the acquisition of control of a company, the identifiable assets acquired and liabilities assumed are recognized in the consolidated financial statements at present values (fair value) at the date of acquisition, through a process of allocation of the price paid (Purchase Price Allocation). Generally, the Group determines the fair value of the acquired assets and liabilities assumed through methodologies based on the discounting of expected cash flows. This method is characterized by a high degree of complexity and the use of estimates, by their uncertain and subjective nature, about:

the expected cash flows, determined taking into account the economic trend of the acquired companies and their respective industry, the cash flows accounted for in the last few years and the forecast growth rates;
the financial parameters used for the determination of the discount rate.

(c) Amortization and depreciation

The cost of property, plant and equipment, intangible assets and right-of-use assets is amortized/depreciated on a straight-line basis over the estimated useful life of the related assets. The useful economic life of these assets is determined by the Directors when they are purchased; it is based on historical experience for similar assets, market conditions, and expectations regarding future events that could have an impact on the useful life of the assets, including changes in technology. Therefore, the actual economic life may differ from the estimated useful life.

(d) Fair value measurement

In measuring the fair value of an asset or a liability, the Group makes use of observable market data as far as possible. Fair values are distinguished into various hierarchical levels based on the input data used in measurement techniques, as better described in the previous paragraph "Fair value measurement".

(e) Provisions for risks and charges

The Group identifies in the provisions for risk and charges the likely liabilities attributable to personnel expenses, suppliers, third parties and, in general, other expenses arising from obligations undertaken; the provisions recorded are representative of the risk of negative outcome associated with the listed cases. The amount of the provisions recorded in the financial statements relating to these risks represents the best estimate at the date made by the Directors. This estimate involves the adoption of assumptions which depend on factors that may change over time and that could, therefore, have significant effects compared to the current estimates made by the Directors for the preparation of the Group's financial statements.

(f) Loss allowance

The loss allowance reflects the estimates of losses for the Group's loan portfolio. Provisions were made for expected losses on receivables, estimated based on past experience with reference to receivables with similar credit risk, to current and historical unpaid amounts, as well as to the careful monitoring of the quality of the loan portfolio and the current and expected conditions of the economy and the reference markets. Estimates and assumptions are periodically reviewed and the effects of any change are reflected in the Statement of Profit and Loss in the relevant year.

(g) Contract assets and liabilities

Contract assets and liabilities: in the measurement of contract assets and liabilities, the Group determines whether contract revenue should be recognized at a point in time or over time and estimates the percentage of completion based on the method of cost to cost.

(h) Provisions for employee benefit plans

Defined benefit plans: the actuarial measurement of employee benefits requires the elaboration of various assumptions that can differ from actual future developments. The results depend on the technical bases adopted such as, among others, the discount rate, the inflation rate, the wage increase rate and the expected turnover. All assumptions are reviewed annually.

(i) Deferred tax assets

DDeferred tax assets must be recognized for all deductible temporary differences or for tax losses if it is likely that taxable income will be realized against which deductible temporary difference or tax losses can be used exist. The Group assesses the possibility to recognize deferred tax assets based on future economic projections. The estimates and assumptions underlying such future economic projections are reviewed periodically.

(l) Lease liabilities

The measurement of lease liabilities is influenced by the duration of the lease as the non-cancelable period of the lease, to which both the following periods are to be added: a) periods covered by a lease extension option, if the lessee is reasonably certain to exercise the option; and b) periods covered by the lease termination option, if the lessee is reasonably certain not to exercise the option. The measurement of the lease duration involves the assumption of estimates that depend on factors that can change over time with potentially significant effects compared to the assessments made by the Directors.

5. Business Combinations

2025

No business combination was carried out in the year ended December 31, 2025.

2024

On January 16, 2024, CY4GATE, following the signing of the Preliminary Agreement on November 14, 2023 in partnership with Alfa Group, signed the contract for the total purchase of 97.8% of XTN Cognitive Security S.r.l., according to the following proportions:

CY4GATE has purchased a stake equivalent to 77.8% of the share capital;
Alfa Group has purchased a stake equivalent to 20% of the share capital;
The remaining 2.2% stake is held by the Management of the subsidiary.

The total consideration for the operation amounted to EUR 12.2 million. As of the date of preparation of this document, 80% of the total consideration has been paid; the remaining 20% will be paid by 30 June 2027 and this amount may decrease within the limits of 20% based on the results of the investee as of December 31, 2026. The acquisition contract also provides that (i) a portion of the consideration equal to 20% is paid by CY4GATE and on a deferred basis and (ii) a put and call mechanism such as to allow CY4GATE to obtain an additional 2.2% of the share capital of XTN, to be exercised during the period between June 1, 2027 and June 30, 2027.

In particular, the fair value of the consideration transferred by CY4GATE at the acquisition date consists of:

a fixed amount of EUR 8.7 million in upfront payment to the acquisition;
a deferred price to be paid by June 30, 2027, amounting to EUR 973 thousand, whose present value was estimated at EUR 805 thousand as at January 1, 2024; date of acquisition of control (EUR 941 thousand as at December 31, 2025). As mentioned above, the amount of deferment of payment may decrease, up to a maximum of 20% thereof, based on the results of the subsidiary as of December, 31 2026; and
put options on an additional 2.2%, whose present value was estimated at EUR 274 thousand as at January 1, 2024 (present value of EUR 675 thousand as of December 31, 2025).

In this regard, it is specified that the Group, as permitted by the reference accounting standards, has adopted the anticipated acquisition method for accounting for the put options provided for in the acquisition contract. This method also involved the consideration, in the determination of the transferred consideration for the acquisition of control, of the present value of the liability arising from the put options provided in favor of the non-controlling interests (sellers) on the remaining 2.2% stake as provided for in the acquisition contract. Consequently, the recognition of the XTN business combination resulted in the recognition of NCI (non-controlling interests) in these Consolidated Financial Statements for a 20% share of the share capital of XTN, corresponding to the share of the company Alfa Group, not affected by option rights by the Group.

2023

On October 20, 2022, CY4GATE signed a preliminary agreement for the purchase of 55.33% of Diateam S.a.S. and the closing of the transaction took place on January 30, 2023. The acquisition contract also includes a put and call mechanism that allows CY4GATE to obtain 100% control of Diateam by 2026. In 2024, CY4GATE purchased a 15.33% share of Diateam's share capital, and a further 14.67% stake was acquired during the year, again through the exercise of put and call options. On the remaining 14.67% owned by the selling shareholders, put and call option rights are in fact provided, exercisable in 2026, after the approval of the 2025 financial statements. Also with reference to the subsidiary Diateam, the Group has adopted the anticipated acquisition method for accounting for the put options provided on the remaining share of the share capital. Consequently, the recognition of the business combination did not result in the recognition of NCI (non-controlling interests).

6. Segment Reporting

IFRS 8 defines an operating segment as a component i) that involves business activities generating revenue and costs, ii) whose operating results are periodically reviewed at the highest decision-making level and iii) for which separate financial-economic data are available. For the purposes of IFRS 8, the activity carried out by the Group is identifiable in a single operating segment, that of the development and marketing of cyber intelligence and cyber security products.

7. Revenue

This item mainly refers to the sale of products and can be detailed as follows:

	For the year ended December 31
(in Euro)	2025	2024

Revenue from sales and services	93,526,332	67,388,250
Change in contract work in progress	5,607,615	4,976,177
Total	99,133,947	72,364,427

Revenue recorded in 2025 shows an increase compared to the previous period of EUR 26,769 thousand, mainly related to RCS Group.

The item "Change in contract work in progress" can be traced back to the sum of revenue related to ongoing contracts recognized "over time", mainly acquired in the last few months of 2025, and revenue resulting from the closure of certain contracts completed during the year.

The following table presents the breakdown of revenue recognized "at a point in time" (i.e. upon delivery of the good, license or service) and "over time".

	For the year ended December 31
(in Euro)	2025	2024
Recognized at point in time	18,541,273	7,057,140
Recognized over time	74,985,059	60,331,110
Total	93,526,332	67,388,250

Within each contract, the reference element for revenue recognition is the individual performance obligation. For each obligation to act, separately identified, the Group recognizes revenue when (or as) it fulfills the obligation itself, transferring the promised good/service (i.e. the asset) to the customer. The asset is transferred when (or as) the customer takes control of it. For obligations to be fulfilled over time, revenue is recognized over time (over time), evaluating at the end of each year the progress made towards the complete fulfillment of the obligation. For the evaluation of progress, the Group uses the method based on inputs (cost to cost method). Revenue is recognized based on the inputs used to fulfill the obligation to date, compared to the total inputs assumed to fulfill the entire obligation. When the inputs are distributed uniformly over time, the Group linearly recognizes the corresponding revenue. In certain circumstances, when it is not possible to reasonably assess the outcome of the obligation to act, revenue is recognized only up to the extent of the costs incurred.

The following table presents revenue broken down by geographic segment:

		For the year ended December 31
(in Euro)	2025	2024

Italy	48,492,050	46,928,906
Outside Italy	50,641,896	25,435,521
Total	99,133,947	72,364,427

8. Other revenue and income

This item can be detailed as follows:

		For the year ended December 31
(in Euro)	2025	2024

Tax benefits	365,408	708,687
Grants	737,208	989,512
Others	1,307,086	1,016,172
Total	2,409,702	2,714,371

2025 revenue from tax benefits, as well as for the comparative year, refers entirely to the tax credit for research and development. The item "Contributions" mainly refers to the subsidiary RCS, for EUR 416 thousand and by the Parent Company, for EUR 181 thousand, for contributions for investments in capital goods. The item "Other" mainly includes revenue from research projects financed by different European entities of the Parent Company.

9. Purchases, services and personnel expenses

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2025	2024

Costs for raw materials and goods	5,599,579	3,940,704
Total costs for raw materials	5,599,579	3,940,704

Legal and consultancy services	1,628,730	1,703,851
Utilities and telephone	3,721,082	3,768,371
Technical and commercial services	1,171,945	1,063,640
Management and administration services	508,475	1,199,360
Maintenance	7,686,045	3,006,638
Rentals and accessory expenses	934,933	923,878
Software licenses	2,281,614	1,840,341
Entertainment and promotion expenses	1,711,594	2,104,095

Remuneration of corporate bodies	1,416,489	1,251,860
Services of third-party providers on orders	12,510,147	5,834,804
Other costs	3,573,731	3,070,492
Total services	37,144,785	25,767,329

Wages and salaries	25,907,412	21,726,483
Social security contributions	8,973,676	8,732,937
Post-employment benefits	1,232,108	1,510,825
Retirement benefits and similar obligations	181,314	175,116
Share-based payments	156,683	213,712
Other costs	882,297	432,742
Total personnel expenses	37,333,490	32,791,815
Total purchases, services and personnel expenses	80,077,854	62,499,848

The increase in costs for raw materials, services and personnel reflects the increase in revenue compared to the previous year. During the year, as usual, the Group made use of services from third-party providers, an item also increased due to higher business volumes, especially the subsidiary DARS. Also mainly attributable to the increase in DARS's business volumes is the increase in maintenance costs, increased by EUR 4,679 thousand of which EUR 2,577 thousand related to the Spanish subsidiary. In addition to this, RCS also noted an increase in maintenance costs, amounting to approximately EUR 1,655 thousand, due to the increase in revenue. With reference to personnel expenses, the increase is mainly related to lower capitalizations made in the year compared to 2024 - as better commented below - as well as the allocation of bonuses for MBO and the increase in the national bargaining agreement.

Service costs and personnel expenses are presented net of capitalizations made for development costs. Such capitalizations amount to EUR 1,058 thousand and EUR 4,716 thousand respectively for the year ended December 31, 2025 (EUR 1,560 thousand and EUR 6,303 thousand for the year ended December 31, 2024). For more information, please refer to Note 16.

The item "share-based payments", included in personnel expenses, refers to the recognition of the expense for the year related to the stock grant plan approved by the parent company. The recognition of this expense implied the recognition of an equity reserve. The main features of the plan are described below.

The stock grant plan approved by the parent company consists in the award to the beneficiaries, free of charge, of shares of the parent company, over an allocation cycle of the shares referred to the three-year period 2023-2025. The maximum number of shares that can be allocated collectively to the beneficiaries is 427,500, throughout the entire duration of the plan cycle. Each year, the allocation of shares is subject to the Company's achievement of financial performance and qualitative objectives defined in the plan regulations. For the purposes of the regulation, the date of share allocation is the date of the resolution by which the Board of Directors ascertains the achievement of the aforementioned objectives. In relation to what has been described so far, the measurement of the plan has determined, for the year under review, a cost of EUR 156 thousand and implied the recognition of an equity reserve for the same amount.

The following is the average number of the Group's employees:

		For the year ended December 31
(in Units)	2025	2024
Executive managers	24	25
Middle managers	81	81
Employees	438	443
Total	544	549

10. Amortization and depreciation

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2025	2024
Amortization of intangible assets	14,924,467	16,355,427
Depreciation of property, plant and equipment	3,041,596	2,614,133
Depreciation of right-of-use assets	1,850,968	1,975,714
Total	19,817,031	20,945,274

11.Other operating costs

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2025	2024

Capital losses and prior year expense	73,314	122,067
Contributions and membership fees	92,178	80,690
Taxes and other indirect taxes	34,245	18,207
Other operating costs	505,068	738,635
Total	704,805	959,599

"Other operating costs" are mainly related to the management costs of company cars.

12.Financial income and expense

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2025	2024

Interest income	32,679	291,229
Other financial income	1,301,545	355,871
Financial income	1,396,724	822,100

Bank interest expense	(2,823,331)	(2,762,908)
Interest expense on lease contracts	(190,608)	(125,628)
Net exchange profits (losses)	(87,481)	(14,487)
Interest expense on employee benefits	(153,341)	(23,388)
Other interest and financial expense	(898,448)	(262,459)
Financial expense	(4,153,210)	(3,188,870)

The change in financial income is mainly attributable to the change in the present value of the financial liability related to the put options related to the non-controlling shareholding of the subsidiary Diateam compared to December 31, 2024.

The item "Other interest expense and financial expense" increased by EUR 636 thousand mainly due to the change in the present value of the financial liability of the put options on an additional 2.2% of the share capital of the subsidiary XTN, as well as to the recognition of the expense of EUR 408 thousand recorded with reference to the loss for the year of Helmon, accounted for using the equity method.

13.Taxes

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	20252024

Current taxes	(1,459,289)	(1,485,033)
Taxes relating to previous periods	-	-
Deferred taxes	922,858	8,091,730
Total	(536,425)

The change in deferred taxation compared to 2024 is mainly related to assessments of the allocation, in the 2025 year, of deferred tax assets on tax losses. In the year 2025, the companies allocated deferred tax assets on deductible temporary differences, while they did not recognize deferred tax assets on tax losses. The deferred tax assets recognized at December 31, 2025 are considered recoverable against the 2026-2030 Business Plan of the Group approved by the Board of Directors on March 5, 2026. The amount of tax losses for the period for which no deferred tax assets were recognised is equal to Euro 17,044 thousand.

In addition, the item includes the reversal of deferred taxes, amounting to EUR 402 thousand (EUR 1,309 thousand in 2024), recognized on the capital gains allocated as part of the allocation of the price paid for the acquisition of Diateam in 2023 and XTN in 2024. The amount of the comparative period also included the reversal of deferred taxes concerning the business combination of RCS Group - acquired in 2022 - completed in 2025. For more information, please refer to Note 5, "Business Combinations".

CY4GATE, as the consolidating entity, and its subsidiaries RCS ETM Sicurezza S.p.A., Tykelab S.r.l., and XTN Cognitive Security S.r.l., as consolidated entities, participate in the National Fiscal Consolidation in force for the 2023-2025 threeyear period. The relationships between the consolidating and consolidated entities are governed by the National Fiscal Consolidation Regulation of the Group, inspired by criteria of homogeneity and neutrality.

The following table presents the reconciliation of the theoretical tax charge with the effective tax charge for the year ended December 31, 2025 and for the year ended December 31, 2024:

	For the year ended December 31
(in Euro)	2025	2024

Loss before taxes	(7,457,570)	(12,234,589)
Theoretical IRES taxes	(1,789,817)	(2,936,301)
Lower taxes
Other	(2,808,526)	(1,825,606)
Higher taxes
Other	1,372,620	303,018
Total current income taxes (IRES)	11,918	183,387
IRAP	41,260	39,287
Foreign income taxes	1,406,102	1,262,359
Taxes relating to previous periods
Deferred taxes	(922,858)	(8,089,555)
Total income taxes	536,425	(6,606,696)

14.Earnings/(Loss) per share and Diluted Earnings/(Loss) per share

The loss per share amounts to EUR 0.34, calculated by dividing the loss for the year (EUR 8,003 thousand) by the average number of shares in the reference period (23,571,428). The loss per share coincides with the diluted loss per share.

15.Goodwill

Goodwill, amounting to EUR 49,190,205 as at December 31, 2025, unchanged compared to December 31, 2024, was recognized following the business combinations concluded in previous years.

Goodwill was allocated to the XTN CGU (EUR 7,110 thousand), to the Diateam CGU (EUR 6,282 thousand) and to the RCS Group CGU (EUR 35,798 thousand) at the time of acquiring control of each individual company or group of companies.

The recoverable amount of goodwill allocated to the above CGUs was determined by estimating the value in use considering the flows forecasted based on the Group's Business Plan prepared for the time horizon 2026-2030, which reports the projections related to sales, investments, margins, as well as the trend of the main market variables (e.g., inflation, nominal interest rates and exchange rates). It should be noted that for the preparation of the goodwill impairment test, the Group's Management made use of the specific advice of an external expert.

The value in use was determined using the discounted cash flow method, in the unlevered version, applied to the forecast data prepared by the Group's Directors for the five-year period from 2026 to 2030. The cash flows used to determine the value in use are related to operations and do not include financial expense and non-recurring items. As indicated, an explicit period of five years was used beyond which the above flows were projected according to the perpetual annuity method (Terminal value) using a growth rate (g-rate) expected for the reference market of 2%, corresponding to the ECB's inflation growth forecasts in the medium-long term.

The aforementioned cash flows have been updated using a post-tax WACC of 6.63% in relation to the goodwill allocated to the RCS Group; of 9.86% for goodwill allocated to Diateam, and 8.89% for goodwill allocated to XTN. It is noted that the difference in rates is due to the additional risk of the Diateam CGU and XTN due to the reduced size of their respective business - small size premium.

The risk free rate for goodwill allocated to the RCS and XTN Group, equal in both cases to 3.50%, was assumed through an average of 6 months, compared to the valuation date, of the ten-year benchmark returns of BTPs issued by the State. The 5.50% market risk premium was estimated on the basis of observations of share returns in relation to AAA-rated countries exceeding the return on government bonds. The unlevered beta index was determined considering a basket of companies operating in the same sector of RCS, equal to 0.62; made levered on the basis of the RCS financial structure and the tax rate through the application of the Hamada formula, obtaining a levered beta of 0.73. With reference to the RCS Group, no size premium was considered as the company has a comparable size to the companies in the sector. The fair net profit rate was therefore 7.51%. On the other hand, with reference to the XTN CGU, a small-scale risk premium of 2.66 percentage points was estimated.

With regard to the goodwill allocated to Diateam, the risk free rate, equal to 3.45%, was assumed through an average of 6 months, compared to the valuation date, of the 10-year benchmark returns on French government bonds. The 5.50% market risk premium was estimated on the basis of observations of share returns in relation to AAA-rated countries exceeding the return on government bonds. The unlevered beta index was calculated by considering a basket of companies operating in the same sector as Diateam, equal to 0.81. This value was made levered equal to 0.92 to reflect a target financial structure consistent with the reference sector, reflecting the debt component by applying the Hamada formula. In addition, a small-scale risk premium of 2.66 percentage points was estimated, in view of the difference between expected returns of companies of different sizes (in France), specifically comparing the size of the company being valued with the average size of comparable companies used to estimate the cost of capital. The fair net profit rate was therefore 11.19%.

The plans underlying the above-mentioned impairment tests were approved by the Board of Directors of the Parent Company on March 5, 2026.

Following the impairment test carried out on the basis of the above considerations, it is noted that the recoverable amount of each CGU exceeds the corresponding carrying amount as of December 31, 2025.

Sensitivity analyses were also carried out to verify the effects of the change in some significant parameters on the results of the impairment test, such as: an increase in the WACC of 0.5% (i.e., up to 7.13% for the RCS Group, up to 10.36% for Diateam and up to 9.39% for XTN) and a reduction in the growth rate to 1%. From these sensitivity analyses, even if considered jointly, no impairment of the goodwill of the related CGU was necessary.

16.Intangible assets

This item and its movement can be detailed as follows:

(in Euro)	t costs	patents andintellectualpropertyrights	licenses,trademarksand similarrights	development andpayments onaccount	intangibleassets
Balance as of January 1, 2024	9,444,509	10,000,332	11,653,086	1,797,573	1,453,292	34,348,792
Of which:
- historical cost	27,609,762	16,568,695	21,332,964	1,797,573	4,191,335	71,500,329
- accumulated amortization	(18,165,253)	(6,568,363)	(9,679,878)	-		(2,738,043) (37,151,537)
Change in scope of consolidation	578,493	-	1,841,348	-	-	2,419,841
Investments	7,883,063	676,864	2,411,968	-	985,153	11,957,048
Disposals	-	-	-	-	(368,748)	(368,748)
Amortization	(5,746,015)	(2,995,554)	(6,722,776)	-		(891,082) (16,355,427)
Reclassifications	-	1,044,641	633,507	(1,678,148)	-	-
Balance as of December 31, 2024	12,160,050	8,726,283	9,817,133	119,425	1,178,615	32,001,506
Of which:
- historical cost	35,624,631	19,293,030	23,286,588	119,425	3,826,444	82,150,118
- accumulated depreciation		(23,464,580) (10,566,747) (13,469,455)		-		(2,768,407) (50,269,189)
Change in scope of consolidation	-	-	-	-	-	-
Investments	5,847,478	321,362	3,826,420	406,975	716,066	11,118,301
Disposals	-	-	(2,789,534)	-	(237,981)	(3,027,515)
Amortization	(6,761,443)	(4,008,209)	(3,819,064)	-		(335,751) (14,924,467)
Reclassifications	-	-	-	-	-	-
Balance as of December 31, 2025	11,246,085	5,039,436	7,034,955	526,400	1,321,780	25,168,657
Of which:
- historical cost	41,472,109	19,614,392	23,676,691	526,400	4,129,493	89,419,085
- accumulated amortization		(30,226,023) (14,574,956) (16,641,736)		-		(2,807,713) (64,250,428)

Development costs include costs related to the application of the results of research or other knowledge to a plan or project aimed at the production of new or substantially advanced applications, devices and software systems prior to the start of commercialization, for which the future production of economic benefits can be demonstrated.

Intangible assets recognized as of December 31, 2025, amount to EUR 25,168,656 and show a net increase compared to the previous year of EUR 6,832,850 attributable to investments, amortization and impairment losses in the year. Investments amounting to EUR 11,118 thousand, are mainly attributable to development costs (EUR 5,847 thousand) for which, following appropriate analyses, the Directors deemed that there were all requirements for the related capitalization and acquisition of licenses (EUR 3,826 thousand).

Consistent with the new commercial and development strategies reflected by the Directors in the new 2026-2030 Plan approved by the Board of Directors on March 5, 2026, some assets deemed no longer functional for the Group's activities, as they can no longer be integrated with marketed technological platforms, were subject to specific impairment during 2025 for an amount of EUR 2,790 thousand.

As regards the recoverability of the intangible assets with finite useful lives, considering the performance of certain CGUs and the new approved 2026-2030 Business Plan, the Directors have tested all the CGUs in the consolidated financial statements with the assistance of an external expert. These impairment tests did not reveal the existence of impairment nor, therefore, the need to proceed with further impairment losses. With reference to the impairment test carried out on the RCS Group CGU, the Diateam CGU and the XTN CGU please refer to the previous "Goodwill" paragraph of these notes.

With reference to the CY4GATE CGU, inclusive of the parent's assets and liabilities, the recoverable amount was determined by estimating the value in use considering the flows forecasted in the Business Plan prepared for the period 2026-2030, which reports the sales projections, investments, margins, as well as the trend of the main market variables (e.g., inflation, nominal interest rates and exchange rates). It is specified that even for the preparation of the impairment test of the net assets of the CY4GATE CGU, the directors of the parent company have used the specific advice of an external expert.

As mentioned above, an explicit period of five years was used, beyond which the above flows were projected using the method of the perpetual annuity (terminal value) using a growth rate (g-rate) forecasted for the reference market was to 2% corresponding to the ECB inflation growth forecasts in the medium-long term.

The above cash flows were discounted using a post-tax WACC of 6.78%.

The discount rate was assumed by means of a 6-month average of the yields of BTPs issued by the Italian state. The 5.50% market risk premium was estimated on the basis of observations of share returns in relation to AAA-rated countries exceeding the return on government bonds. The unlevered beta index of 0.62 was determined considering a basket of companies operating in the same sector as the Parent Company, made levered equal to 0.73 based on CY4GATE's financial structure and tax rate through the application of the Hamada formula. The fair net profit rate was therefore 7.51%.

The plans underlying the above-mentioned impairment tests were approved by the Board of Directors of the parent company on March 5, 2026.

Following the impairment test carried out on the basis of the above considerations, it is noted that the recoverable amount of each CY4GATE CGU exceeds the corresponding carrying amount as of December 31, 2025.

In addition, the following sensitivity analyses were carried out to verify the effects of the change in certain significant parameters on the results of the impairment test, such as: an increase in the WACC of 0.5%, up to 7.28%, and a reduction in the growth rate to 1%. From these sensitivity analyses, even if considered jointly, no impairment of the CGU's goodwill was necessary.

17.Property, plant and equipment

This item and its movement can be detailed as follows:

(in Euro)	Plant andmachinery	Industrial andcommercialequipment	Other assets	Land andbuildings	Assets underconstructionand paymentson account	Total
Balance as of January 1, 2024	421,911	3,962,895	2,500,139	328,959	81,219	7,295,123
Of which:
- historical cost	2,107,192	14,984,636	9,365,512	554,208	81,219	27,092,767
- accumulated depreciation	(1,685,281)	(11,021,740)	(6,865,373)	(225,249)	-	(19,797,643)
Changes in scope of consolidation	-	21,765	-	-	-	21,765
Investments	660,516	3,175,287	1,727,177	-	218,066	5,781,046
Disposals	(633,554)	-	-	-	-	(633,554)
Depreciation	(169,518)	(1,850,287)	(539,750)	(54,578)	-	(2,614,133)
Balance as of December 31, 2024	279,355	5,309,660	3,687,566	274,380	299,286	9,850,247
Of which:
- historical cost	1,473,638	18,181,688	11,092,689	554,208	299,286	31,601,509
- accumulated depreciation	(1,194,283)	(12,872,028)	(7,405,123)	(279,827)	-	(21,751,261)
Changes in scope of consolidation	-	-	-	-	-	-
Investments	64,672	2,935,230	272,727	9,676	513,927	3,796,233
Disposals	-	(288,799)	(5,803)	-	-	(294,602)
Amortization and depreciation	(80,847)	(2,145,435)	(760,900)	(54,414)	-	(3,041,596)
Balance as of December 31, 2025	263,180	6,380,207	3,193,590	229,642	243,663	10,310,283
Of which:
- historical cost	1,538,310	20,786,302	11,359,613	563,884	243,663	34,491,772
- accumulated depreciation	(1,275,130)	(14,406,095)	(8,166,023)	(334,241)	-	(24,181,489)

The item "Property, plant and equipment" as of December 31, 2025 amounts to EUR 10,310,282 and shows a net increase compared to the previous year of EUR 460,035.

Disposals refer to assets that were impaired in the year because they are no longer functional to the business.

With reference to the recoverability of the item Plant and Machinery, impairment tests on the identified CGUs, carried out by the Directors of the Parent Company with the help of an external expert, described in the previous paragraphs of these notes, have demonstrated the recoverability of the item "Property, plant and equipment" commented on and therefore the absence of impairment losses to be recognized in the Consolidated Financial Statements as of and for the year ended December 31, 2025.

18.Right-of-Use Assets

This item can be detailed as follows:

	As of December 31
(in Euro)	20252024
Property	3,377,466	4,366,485
Hardware	264,460	326,480

Vehicles	971,933	1,001,412
Total right-of-use assets	4,613,860	5,694,377

Below are the amounts included in the Statement of Profit and Loss for the year ended on December 31, 2025 and 2024:

	As of December 31
(in Euro)	2025

Depreciation of right-of-use assets	1,850,968	1,975,714
Interest expense on lease contracts	190,608	125,628
Rentals and accessory expenses	934,933	923,878
Total	2,976,509	3,025,220

This item is mainly attributable to the lease of the Group's offices, as well as the rental of hardware used in the ordinary operations of the RCS Group, and of vehicles.

The depreciation period of right-of-use assets is 6 years for buildings, 5 years for hardware and 4 years for cars. It should also be noted that the Group has chosen to exclude from the scope of application leases with a duration of less than 12 months and those concerning goods of modest value whose effects, therefore, are recorded under the item "Purchases, services and personnel expenses".

With reference to the recoverability of the right-of-use assets, the impairment tests on the identified CGUs, carried out by the Directors of the Parent Company with the help of an external expert, discussed in the previous paragraphs of these notes, have demonstrated the recoverability of the right-of-use assets commented on and therefore the absence of impairment losses to be recognized in the Consolidated Financial Statements as of and for the year ended December 31, 2025.

19.Inventories

This item can be detailed as follows:

	As of December 31
(in Euro)	2025	2024
Finished products and goods	3,024,960	973,830
Total	3,024,960	973,830

The item is mainly attributable to the inventories of finished products and goods of the RCS Group (EUR 2,891 thousand), mainly consisting of external hard drives and other similar products currently used in the RCS Group's business. The item also comprises the inventories of the subsidiary Diateam (EUR 134 thousand). The increase compared to the previous year refers to the inventories of the subsidiary DARS.

20.Trade receivables

This item can be detailed as follows:

		As of December 31
(in Euro)	2025	2024

From customers	69,829,432	45,940,377
From parent companies	1,882,745	5,662,699
Loss allowance	(3,647,168)	(1,662,510)
Total	68,065,009	49,940,566

	As of December 31
(in Euro)	20252024

From customers (Italy)	39,014,827	40,740,339
From customers (outside Italy)	32,697,351	10,862,737
Loss allowance	(3,647,168)	(1,662,510)
Total	68,065,009	49,940,566

The following table presents the movement of the loss allowance:

(in Euro)	Loss allowance
Balance as of January 1, 2024	(1,127,391)
Provision	(535,119)
Utilization	-
Balance as of December 31, 2024	(1,662,510)
Provision	(1,984,685)
Utilization	-
Balance as of December 31, 2025	(3,647,168)

21.Current tax assets and liabilities

The items "current tax assets" and "current tax liabilities", respectively amounting to, as of December 31, 2025, EUR 44 thousand and EUR 151 thousand (EUR 79 thousand and EUR 278 thousand as of December 31, 2024), refer entirely to assets and liabilities to the Tax Authorities for IRES and IRAP.

22.Other current and non-current assets

The item other current and non-current assets can be detailed as follows:

		As of December 31
(in Euro)	2025	2024

Advances and accrued income	14,280,408	1,926,526
VAT assets	976,913	1,708,386
Tax credits for capital expenditure	63,445	517,987
Tax credits for research and development	641,755	1,032,037
Other receivables and current assets	884,965	496,006
Total other current assets	16,847,486	5,680,942
Tax credits for capital expenditure	-	62,999
Tax receivables for research and development	396,068	570,852
Others	899,368	397,938
Total other non-current assets	1,295,436	1,031,789
Total other current and non-current assets	18,142,922	6,712,731

Please note that the items "Tax credits for capital expenditure" and "Tax credits for research and development" refer to tax assets recognized following the conduct of a technical expert appraisal.

Advances and accrued income mostly consist of contractual advances to suppliers.

23.Cash and cash equivalents

As of December 31, 2025, cash and cash equivalents amount to EUR 22,984,153 (EUR 14,537,530 as of December 31, 2024) and are essentially made up of deposits in Euro at leading financial institutions.

24.Current and non-current financial assets

This item can be detailed as follows:

	As of December 31		As of December 31
	2025		2024
(in Euro)	Current	Non-current	Current	Non-current

Guarantee deposits	110,513	374,937	93,860	42,704
Derivative financial instruments	473,499	562,087	50,380	59,532
Policies on active contracts	-	-	26,492	-
Securities	800,000	-	800,000	-
Loan to Helmon	-	975,000	-	400,000
Others	-	15	-	15
Total current and non-current financial assets	1,384,012	1,912,040	970,732	502,251

The item "derivative financial instruments" refers to hedging derivatives on interest rates entered into to hedge the interest rate risk on loan agreements of the Parent Company and its subsidiaries; these instruments will expire in 2028, respectively, for those of the Parent Company, and in 2026, for those of the subsidiaries. The item "loan to Helmon" relates to an interest-free loan to the Helmon joint venture, signed at the time the company was established and disbursed in two tranches, the second of which amounted to EUR 575,000 in 2025. The item "securities" refers to liquidity investments of the subsidiary Diateam.

25. Equity-accounted investments

The decrease in the item "Equity-accounted investments" of EUR 408 thousand relates to the accounting of the Helmon S.r.l. joint venture. The investment was recorded at the fair value of the asset contributed by the Parent Company upon the establishment of the investee, (determined by an independent expert appraisal) recorded to the extent of the interest of other investors in the investee - as required by the relevant accounting framework (IAS 28) - net of the Group's share of the profit for the year.

26. Contract assets and liabilities

Contract assets include the net amount of activities carried out for amounts exceeding the payments on account received from customers. Similarly, contract liabilities accommodate the opposite case.

The net balance of contract assets is composed as follows:

	As of December 31
(in Euro)	2025	2024

Gross contract assets	13,933,099	9,031,355
Contract liabilities	(6,404,732)	(584,817)
IFRS 9 loss allowance	(15,443)	(17,357)
Contract assets	7,512,924	8,429,181
Gross contract liabilities	(46,945,326)	(4,458,203)
Contract assets	2,532,853	159,150
Contract liabilities	(44,412,474)	(4,299,053)
Total net amount	(36,899,550)	4,130,128

The item "Contract liabilities", amounting to EUR 44,412 thousand, shows an increase amounting to EUR 40,113 thousand, mainly attributable to new contracts acquired during the year by the RCS Group, of which EUR 31,520 by the subsidiary DARS, which involved the payment of advance payments and invoicing of the services subject to the contracts. The decrease in contract assets, amounting to EUR 916 thousand, is mainly attributable to the processing and invoicing of existing orders.

27.Equity

Share capital

As of December 31, 2025 and 2024, the Company's share capital, fully subscribed and paid up, amounts to EUR 1,441,500.

Other reserves and retained earnings

The item "Reserves" can be detailed as follows:

(in Euro)	Reserve fortreasuryshares	Other Reserves	Retainedearnings (losses)	Total Reserves

As of January 1, 2024	(1,591,981)	(2,497,543)	13,362,371	9,272,847
Actuarial losses on defined benefit plans	-	(157,768)	-	(157,768)
Fair value losses on cash flow hedges	-	(162,844)	-	(162,844)
Comprehensive expense	-	(320,612)	-	(320,612)
Coverage of previous year loss	-	-	(10,704,682)	(10,704,682)
Repurchase of treasury shares	(1,606,906)	-	-	(1,606,906)
Other changes	-	(139,618)	-	(139,618)
Distribution of dividends	-	(194,250)	-	(194,250)
Share-based payments	-	213,713	-	213,713
As of December 31, 2024	(3,198,887)	(2,938,310)	2,657,689	(3,479,508)
Actuarial gains on defined benefit plans		85,160	-	85,160
Fair value losses on cash flow hedges		(35,151)	-	(35,151)
Comprehensive income		50,009	-	50,009
Coverage of previous year result		-	(7,401,686)	(7,401,686)
Other changes		47,682	-	47,682
Distribution of dividends		37,069	-	(37,069)
Share-based payments		156,683	-	156,683
As of December 31, 2025	(3,198,887)	(2,721,006)	(4,743,997)	(10,663,888)

Share-based payments

For further details on share-based payments, please refer to Note 9 on personnel expenses.

28.Current and non-current financial and lease liabilities

The following table provides details of the item as of December 31, 2025 and 2024:

As of December 31, 2025(in Euro)	Within 12 months	Between 1 and 5years	Over 5 years	Total
Bank loans and borrowings	17,959,039	12,521,078	-	30,480,117
Other loans and borrowings	2,661,048	245,563	-	2,906,611
Lease liabilities	1,458,667	3,384,227	-	4,842,894
Put options on business combinations	1,149,067	675,000	-	1,832,754
Total	23,227,821	16,825,866	-	40,053,686

As of December 31, 2024(in Euro)	Within 12 months	Between 1 and 5years	Over 5 years	Total
Bank loans and borrowings	14,932,527	21,819,952	-	36,752,478
Other loans and borrowings	139,509	5,000	-	144,509
Lease liabilities	1,631,866	4,227,281	-	5,859,147
Put options on business combinations	1,781,953	2,391,845	-	4,173,798
Total	18,485,854	28,444,078	-	46,929,933

The table below summarizes the information on bank loans and borrowings:

Loan	Funding entity	Rate applied	Maturity date	Originalprincipalamount	Carrying amountas of December 31,2025	of whichcurrent
"Bank syndicate" loanLine A	Credit Agricole,ICCREA	Euribor 6m + 200bp	03/29/2028	12,500,000	6,199,778	2,314,824
"Bank syndicate" loanCapex Line	Credit Agricole,ICCREA	Euribor 6m + 200bp	03/29/2028	25,000,000	14,062,500	6,250,000
Short-term loan	Credit Agricole	3m Euribor + 120bp	01/29/2026	1,500,000	1,500,000	1,500,000
Short-term loan	Credit Agricole	3m Euribor + 120bp	02/24/2026	2,000,000	2,000,000	2,000,000
Advance Bill	Intesa San Paolo	3m Euribor M/360	04/30/2026	2,597,858	2,597,858	2,597,858
Intesa San Paolo loan	Intesa San Paolo	6m Euribor + 132bp	11/30/2026	3,000,000	1,000,830	500,000
"Bank syndicate" loanRevolving Line	Credit Agricole,ICCREA	6m Euribor + 200bp	03/29/2028	2,500,000	2,500,000	2,500,000
Credit Mutuel Bretagneloan	Credit MutuelBretagne	3m Euribor + 1.15%	06/17/2029	550,000	203,346	55,553
MediocreditoInvestitionsBank	MediocreditoTrentino AltoAdige SpA	2.90%	07/31/2027	700,000	350,000	175,000

Other loans	n.a.	n.a.	n.a.	n.a.	65,805	65,805
Total				55,847,858	30,480,117	17,959,039

Non-current financial liabilities mainly refer to bank loans and borrowings, for EUR 12,521 thousand, predominantly consisting of:

the non-current portion (EUR 3,885 thousand) of Line A of the loan agreement entered into with Credit Agricole Italia S.p.A., head of a bank syndicate, for a maximum total amount of EUR 45,000,000 (the "Loan Agreement"). This amount takes into account the effect related to the application of the amortized cost criterion and the installments based on the amortization plan provided for in the contract;
the non-current portion (EUR 7,813 thousand) of the Acquisition/Capex line of the aforementioned Loan Agreement.
the non-current portion (EUR 501 thousand) of a loan to support the working capital and investments of the investee RCS.

In addition to bank loans and borrowings, non-current financial liabilities mainly include EUR 3,384 thousand of noncurrent lease liabilities and EUR 683 thousand representing the non-current portion of the financial liability recognized pursuant to the put options included in the acquisition agreements of XTN, exercisable by the non-controlling interests, in accordance with the anticipated acquisition method adopted by the Group for this type of arrangement - in 2027 in order to allow the parent company CY4GATE S.p.A. to acquire an additional 2.2% of XTN's capital.

Current financial liabilities mainly refer to bank loans and borrowings for EUR 17,957 thousand, predominantly comprised of:

the current portion of the aforementioned Loan Agreement attributable to CY4GATE S.p.A., amounting to EUR 8,564 thousand;
the current portion of three loans to support working capital of CY4GATE, amounting to EUR 6,098 thousand
the current portion of the two loans of the investee RCS to support working capital and investments, for EUR 3,000 thousand.

In addition to bank loans and borrowings, current financial liabilities include EUR 1,459 thousand of current lease liabilities and EUR 1,149 thousand representing the current portion of the financial liability recognized pursuant to the put options included in the acquisition agreement of Diateam SaS.

The loan agreement entered into with Credit Agricole Italia S.p.A., acting as lead bank of a bank syndicate, provides, for Line A, the repayment of the principal by the relative maturity date, in 11 semi-annual installments according to the contractually agreed amortization plan. Furthermore, CY4GATE will pay the interest accrued from time to time, for each interest period, on the amounts disbursed and not repaid, at an interest rate amounting to the 6M EURIBOR/360 rate increased by a spread of 250 b.p. for which derivatives were agreed to cover 100% of the amount in terms of risk.

It is also noted that according to the loan agreement, the spread to be applied to the reference rate for each credit line can vary semi-annually, either increasing or decreasing, depending on the change of the "Net Financial Indebtedness/EBITDA (NFP/EBITDA)" ("financial covenant") ratio calculated based on the consolidated financial statements data or the consolidated half-yearly report, starting from a base ratio of 2x. The Parent Company, therefore, has committed to respect the aforementioned NFP/EBITDA financial parameter, accepting that the financing banks and the agent bank may take the actions and remedies contractually provided, among others the repayment of the amounts not yet paid and the relative interests, in the event that the initial financial situation at consolidated level does not comply with said parameter.

The compliance with the aforementioned financial parameter is checked every six months on a "rolling" basis (i.e., with reference to the data related to the previous twelve months), starting from that relating to for the year ended December 31, 2022. The covenant was complied with as of December 31, 2025.

In addition, it should be noted that such a loan agreement provides certain limitations on the distribution of profits and/or dividends to the parent company, in particular, the parent company will not be able to proceed with the distribution of profits and/or dividends, nor payments of any amount under any title and in any form to its shareholders, except for payments under commercial contracts and/or subordinate employment relations (including, for example, as capital payment, interest or other utilities on shareholders' loans also in bond form, or as consideration for services rendered and/or management fees) (each operation, a "Distribution"), if not subject to the occurrence of all the following conditions:

the first Distribution is subsequent to the approval of the Issuer's financial statements as of December 31, 2022;
for the entire duration of the Loan Agreement, each Distribution does not exceed 50% (fifty percent) of the profits resulting from the Issuer's separate financial statements related to the year immediately before the one in which the related Distribution must be made;
at the date of the Distribution there is no Significant Event and such Distribution does not in itself determine a Significant Event (as defined in the Loan Agreement).

The remaining portion of the loan, currently unused, provides for the possibility of activating a medium-to-long-term revolving credit line, available as a cash line on a revolving basis, up to a maximum of EUR 5,000,000 (the "Revolving Line") aimed at financing the cash needs related to the treasury needs of the Group.

The item also includes financial liabilities related to bank loans and borrowings held by Diateam under an existing loan agreement with Credit Mutuel Bretagne, as well as financial liabilities of XTN arising from a minibond agreement. It should be noted that in relation to the loans of the RCS Group, Diateam and XTN, there are no financial covenants.

Net financial indebtedness

The following table illustrates the detail of the Group's Net Financial Position, with the analysis of debt and credit positions towards related parties, highlighting the net financial indebtedness determined according to Consob communication n. DEM/6064293 of July 28, 2006 and the Warning n. 5/21 issued by Consob on April 29, 2021 with reference to ESMA Guidance 32-382-1138 of March 4, 2021.

	As of December 31
(in Euro)	2025	of whichwith relatedparties	2024	of whichwithrelatedparties

A. Cash	(22,984,153)	-	(14,537,530)	-
B. Cash equivalents	-	-	-	-
C. Other current financial assets	(1,349,366)	(19,000)	(667,780)	(419,000)
D. Liquidity (A+B+C)	(24,333,519)	(19,000)	(15,205,310)	(419,000)

9,812,729	-	5,295,877	-
13,386,447	295,402	12,887,026	256,718
23,199,175	295,402	18,182,902	256,718
(1,134,344)	276,402	2,977,592	(162,282)
16,798,077	249,601	28,269,571	474,237
-	-	-	-
-	-	-	-
16,798,077	249,601	28,269,570	474,237
15,663,733	526,003	31,247,162	311,955
(1,890,250)	(975,000)	(327,742)	-
13,773,484	(448,997)	30,919,422	311,955

The item "C. Other current financial assets" includes the item in the Consolidated Financial Statements as of December 31, 2025 of current financial assets (EUR 1,384 thousand) excluding derivative financial instruments classified in this item (EUR 35 thousand).

The item "E. Current financial debt" includes the current portion of the items in the Consolidated Financial Statements as of December 31, 2025 related to loans (EUR 8,595 thousand) and other loans and borrowings (EUR 66 thousand), as well as the liability connected to the Diateam put options, exercisable in 2026 (EUR 1,149 thousand).

The item "F. Current portion of non-current financial debt" includes the current portion of the item in the Consolidated Financial Statements as of December 31, 2025 relating to loan (EUR 9,295 thousand), to current financial liabilities for factoring (EUR 2,616 thousand), and the current portion of the item in the Consolidated Financial Statements as of December 31, 2025 relating to current lease liabilities (EUR 1,459 thousand), as well as the current portion of derivative financial assets (EUR 35 thousand).

The item "I. Non-current financial debt" includes the items in the Consolidated Financial Statements as of December 31, 2025 related to non-current financial liabilities related to loan (EUR 12,521 thousand), to non-current financial liabilities for factoring (EUR 239 thousand), to the financial liability relating to the put options included in the acquisition contract of the subsidiary XTN (EUR 675 thousand); to the non-current financial and lease liabilities (EUR 3,384 thousand), as well as the non-current portion of financial derivative assets (EUR 22 thousand).

Lease financial liabilities

The item "lease financial liabilities" can be detailed as follows:

	As of December 31
(in Euro)	2025	2024
Property	3,687,875	4,462,217
Hardware	269,605	998,365
Vehicles	885,415	398,566
Total	4,842,894	5,859,147

The item "lease financial liabilities", amounting in total to EUR 4,843 thousand, refers to the lease liabilities recorded as a counterpart to the recognition of the right-of-use assets, for the existing lease contracts for the buildings in which the Group's offices are located, for hardware and cars.

29.Employee benefits

The item includes the provision for post-employment benefits (TFR) for Group employees.

TFR

The movement of the item can be detailed as follows:

(in Euro)	2025	2024
Balance as of January 1	4,739,373	3,581,384
Change in scope of consolidation	-	202,344
Transfers to Pension Funds / Treasury Fund / Taxation	19,535	-
Current service cost	999,360	1,022,451
Service financial expense	153,341	128,088
Uses of post-employment benefits	(347,082)	(404,392)
Actuarial (gains)/losses	(114,031)	209,499
Balance as of December 31	5,450,497	4,739,373

The actuarial assumptions for the calculation purposes of the defined benefit pension plans are detailed in the following table:

As of December 31, 2025 As of December 31, 2024

Economic assumptions
Inflation rate	2.00%	2.00%
Discount rate	3.37%	3.18%
Salary growth rate	1.00%	1.00%

Demographic assumptions are based on actuarial expectations, in accordance with relevant and published industry statistical data, applied on the average of the personnel in service during the periods.

The following is a sensitivity analysis related to defined benefit pension plans based on changes in the main assumptions as of December 31, 2025 and 2024:

As of December 31, 2025		Impact on the liability
(in Euro)	Changes inassumptions	increase inassumptions	decrease inassumptions
Economic assumptions
Inflation rate	1.00%	697,063	685,571
Discount rate	0.25%	693,891	689,300
Salary growth rate	0.25%	688,197	695,039

As of December 31, 2024		Impact on the liability
(in Euro)	Changes inassumptions	increase inassumptions	decrease inassumptions
Economic assumptions
Inflation rate	0.25%	56,220	55,083
Discount rate	0.25%	(68,376)	70,439
Salary growth rate	1.00%	8,964	(10,242)

The sensitivity reported above is conducted based on changes in individual assumptions, keeping the others unchanged, although in practice any changes in an assumption can generally also reflect in the others due to potential correlations. The sensitivity presented above was calculated using the same methodology (projected unit credit method) used to define the liability recognized in the Statement of Financial Position.

Through its defined benefit pension plans, the Group is exposed to certain risks, the most significant of which are described below.

Discount rate and inflation risk

The present value of defined benefit pension plans is calculated using a discount rate determined using the rate of high quality corporate bond. A decrease in the discount rate would result in an increase in the liability. A decrease in the inflation rate would result in a decrease in the liability.

Employee resignation and anticipation probability

The present value of defined benefit pension plans is calculated using the best estimate of resignations and advances. An increase in the rate of resignations and advances would result in an increase in the liability.

30.Provisions for risk and charges

The movement of the items can be detailed as follows:

(in Euro)	Product warrantyprovision	Total
As of January 1, 2024	78,660	78,660
Net provision	-	-
Utilization	(78,660)	(78,660)
As of December 31, 2024	-	-
Net provision	150,000	150,000
Utilization	-	-
As of December 31, 2025	150,000	150,000

This item changed due to a provision relating to a dispute that arose during the year.

31.Deferred tax assets and liabilities

The net movement of this item can be detailed as follows:

(in Euro)	2025	2024
Balance as of January 1	9,084,807	1,234,349
Of which:
- deferred tax assets	10,460,187	3,518,420
- deferred tax liabilities	(1,375,380)	(2,284,071)
Change in scope of consolidation		(445,581)
Effect on profit or loss	922,858	8,091,730
Effect on comprehensive income	(54,239)	204,307
Balance as of December 31	9,953,426	9,084,807
Of which:
- deferred tax assets	10,858,807	10,460,187
- deferred tax liabilities	(905,383)	(1,375,380)

The item "Deferred tax assets" mainly refers to tax losses. Deferred tax liabilities mainly refer to deferred taxation recognized on assets arising from PPA of the RCS Group, Diateam and XTN. It is specified that when recognizing deferred taxes, the Directors verify their full recoverability based on the future taxable income that the Group will be able to achieve in the coming years.

The item "Deferred tax liabilities" is mainly related to the recognition of deferred taxation on the capital gains allocated as part of the price paid for the acquisition of the RCS Group, in 2022, and of Diateam SaS, in 2023, and XTN in 2024, as more fully described in Note 5, "Business Combinations".

32.Trade payables

This item can be detailed as follows:

	As of December 31
(in Euro)	2025	2024

Suppliers	13,918,804	11,918,398
Parent companies	-	-
Total trade payables	13,918,804	11,918,398

The geographical breakdown of trade payables is reported below:

		As of December 31
(in Euro)	2025	2024

Italy	10,591,557	10,384,098
Outside Italy	3,327,247	1,534,300
Total	13,918,804	11,918,398

33.Other current and non-current liabilities

This item can be detailed as follows:

		As of December 31
(in Euro)	2025	2024

Accrued expenses and deferred income	4,479,889	3,559,998
Total other non-current liabilities	4,479,889	3,559,998
Accrued expenses and deferred income	6,732,366	4,438,084
Other liabilities	3,642,318	3,199,307
Employees	5,230,502	3,954,489
Social security and welfare institutions	1,583,884	1,596,657
VAT liabilities	4,300,751	1,048,291
Income tax liabilities	182,017	169,036
Advances on grants	-	773,625
Total other current liabilities	21,671,838	15,179,490
Total other current and non-current liabilities	26,151,718	18,739,488

The item "Other current liabilities" amounts to EUR 21,672 thousand and shows an increase compared to the previous year of EUR 6,493 thousand, mainly attributable to the increase in deferred income, , VAT liabilities and the increase in amounts due to employees for the MBO allocation.

Accrued expenses and deferred income mainly consist of revenue relating to subsequent years for services invoiced in advance, in accordance with contractual terms, but not yet collected.

34.Other Information

Guarantees

As of December 31, 2025, the following guarantees are highlighted:

advance bond issued by Creval in September 2018 for EUR 70,000 relating to a contract towards an end user in a Middle Eastern country;
bid bond issued by Creval in October 2021 for EUR 30,000 for participation in a tender in a Middle Eastern country;
guarantees issued by Credit Institutions on behalf of the subsidiary RCS ETM Sicurezza for EUR 165,000, of which EUR 135,000 relating to a foreign order and EUR 30,000 as a security deposit for a leased property;
guarantees, referred to the SME Guarantee Fund, issued by Mediocredito Centrale for an amount of EUR 1,017,018 issued in relation to loans obtained by the subsidiary RCS in previous years.

The following describes the pledges on equity investments established (or to be established) under the Loan Agreement signed on March 29, 2022 between CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A., following its adherence to the agreement, and a syndicate of lending banks led by Crédit Agricole Italia S.p.A.

RCS Group: on March 29, 2022, CY4GATE S.p.A., in its capacity as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of Aurora S.p.A. as a guarantee of the correct, full and timely fulfillment of all present and/or future monetary obligations of CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks, arising from any title from the loan agreement signed on March 29, 2022 between CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks. It is noted that this pledge flowed to RCS following the reverse merger completed on November 15, 2022;
RCS ETM Sicurezza pledge: on March 29, 2022, Aurora S.p.A., as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of RCS ETM Sicurezza S.p.A., as a guarantee of the correct, full and timely fulfillment of the monetary obligations (within the limits expressly provided for in the relevant pledge deed) of CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks arising from any title from the loan agreement signed on March 29, 2022 between CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks.

Business performance patterns

The business sector in which the Group operates is characterized by the concentration of deliveries and cash flow from customers in the last months of the year. This aspect of collections affects both intra-annual cash flows and the variability of the Group's debt situation in different periods of the financial year, characterized by substantial improvements in the last few months of the calendar year.

Judicial and arbitration proceedings

As of the date of these consolidated financial statements, the Group is not a party to significant administrative, judicial or arbitration proceedings that may have or have had significant repercussions on the financial situation or profitability of the Parent Company and/or the Group in the recent past. For the sake of completeness, it should be noted that during the first half of 2021, the Public Prosecutors' Offices of Naples and Florence opened investigations against the members of the Board of Directors of RCS at the time of the disputed events and the then technical engineer in charge of the subsidiary. These investigations refer to the activity of active electronic interception carried out on behalf of the Prosecutor's Office of Perugia by the subsidiary RCS and, in particular, had concerned the storage of the data captured on a transit server located in Naples and owned by the subsidiary RCS, before their final transfer to another server in use by the competent Prosecutor's Office located in Rome. As of the preparation date of these consolidated financial statements, the Naples proceedings have been dismissed by order of February 18, 2025 (Case No. 11408/2021). Similarly, the Public Prosecutor's Office of Florence requested the dismissal of the proceedings in January 2025, a hearing held in June 2025, and archived on September 4, 2025 (Case No. 2518/2021). None of the Group companies have ever been involved, as an entity, in criminal proceedings pursuant to Italian Legislative Decree No. 231/2001. The proceedings confirmed the technical and legal soundness of the RCS systems, with expert technical analyses validating the integrity of the systems and their compliance with interception regulations. The established case law of the Italian Supreme Court of Cassation (Division 6, No. 10611/2024) has further confirmed the legitimacy of interception technologies that use intermediate servers.

Fees of the directors and statutory auditors

The following table presents the fees of the Directors and Statutory Auditors of the Group for the years ended December 31, 2025 and 2024:

	For the year ended December 31
(in Euro)	2025	2024

Directors' fees	830,000	668,421
Statutory auditors' fees	145,000	160,972
Total	975,000	829,393

Fees of the independent auditor

Below, as required by Article 149-duodecies of the Implementation Regulation of Legislative Decree of February 24, 1998 n. 58 ("Consob Issuers Regulation"), the details of the fees to the Independent Auditor and the entities belonging to its network are reported. The fees presented in the table, for the year ended 2025, are the contractual fees, including any indexing (excluding out-of-pocket expenses and VAT).

(in Euro thousand)		Fees
Type of services	Entity that provided the service	2025
CY4GATE S.p.A.
Auditing	KPMG S.p.A.	115
Attestation services (*)	KPMG S.p.A.	59
Total CY4GATE S.p.A.		174
Subsidiaries
Auditing	KPMG S.p.A.	94
Attestation services (*)	KPMG S.p.A.	15
Total subsidiaries		109
Total		283

(*) Attestation services refer to (i) the limited assurance of the Consolidated Sustainability Statement pursuant to Legislative Decree no. 125/2024; (ii) tax returns; (iii) the audit of the statement of costs incurred for research and development activities.

It should be noted that the subsidiary XTN is audited by a single auditor whose remuneration, for the financial year 2025, was equal to EUR 5 thousand.

35. Transactions with Related Parties

The Group's transactions with related parties are both commercial and financial in nature.

It should be noted that in January 2025, CY4GATE S.p.A. disbursed EUR 575 thousand of a non-interest-bearing loan to the subsidiary Helmon S.r.l. The remaining transactions are shown in the table below and the Group believes that these transactions with related parties are regulated at market conditions.

(in Euro)	ParentCompany	JointVenture	Total relatedparties	Consolidated financialstatements item	Impact(%)
Impact of transactions on profit and
loss
Revenue and other income
Year ended December 31, 2025	7,378,922	57,703	7,436,625	101,543,647	7%
Year ended December 31, 2024	10,175,965	586,697	10,762,662	75,078,798	14%
Services
Year ended December 31, 2025	(232,357)	(136,200)	(368,557)	(37,144,785)	1%
Year ended December 31, 2024	(214,565)	(2,600)	(217,165)	(25,767,329)	1%
Amortization and depreciation
Year ended December 31, 2025	(252,958)	-	(252,958)	(19,817,032)	1%
Year ended December 31, 2024	(245,532)	-	(245,532)	(20,945,274)	1%

Impact of transactions on the statement of financial position Current and non-current financial

assets
As of December 31, 2025	19,000	975,000	994,000	3,296,052	30%
As of December 31, 2024	19,000	400,000	419,000	1,472,983	28%
Trade receivables
As of December 31, 2025	1,882,745	57,703	1,940,449	68,065,009	3%
As of December 31, 2024	5,302,682	325,160	5,627,842	49,940,566	11%
Right-of-use assets
As of December 31, 2025	464,186	-	464,186	4,613,860	10%
As of December 31, 2024	712,970	-	712,970	5,694,377	13%
Contract assets
As of December 31, 2025	2,636,406	-	2,636,406	7,512,924	35%
As of December 31, 2024	2,430,044	-	2,430,044	8,429,181	29%
Lease liabilities
As of December 31, 2025	545,003	-	545,003	4,842,894	11%
As of December 31, 2024	730,955	-	730,955	5,859,147	12%
Trade payables
As of December 31, 2025	51,700	166,164	217,864	14,053,654	2%
As of December 31, 2024	-	3,172	3,172	11,918,398	0%
Contract liabilities
As of December 31, 2025	457,040	-	457,040	44,412,474	1%
As of December 31, 2024	535,808	-	535,808	4,299,053	12%

Atypical and/or unusual events and transactions

During 2025, no significant atypical or unusual operations were carried out, either with third parties or with related parties.

Impacts of the macroeconomic situation

In the preparation of these Consolidated Financial Statements as of and for the year ended December 31, 2025, in accordance with IFRS and the recent notices released by the financial market supervisory authorities, The Group has analyzed the impacts of global geopolitical instability - with particular reference to the ongoing conflict in Ukraine and the escalation of tensions in the Middle East - on its financial position, performance, and cash flows. The Group recognizes that the international scenario is undergoing a rapid and complex evolution, characterized by an increase in volatility and potential risks of further escalation on a global scale. These dynamics are monitored to assess any impacts on the Group and at present it is considered that there are no significant impacts on the Group's resources and business, nor are they expected in the near future, it being understood that the Group maintains an active monitoring of the identification of emerging risks, in order to possibly adapt its operational strategies to significant changes in the international macroeconomic framework.

Climate Related Matters

In continuity with what has been reported in previous financial years and in line with CONSOB Warning no. 1/25 of February 11, 2025, the Group has considered ESMA's supervisory priorities for the 2025 Financial Statements, which confirm the centrality of disclosures on climate issues and the necessary connectivity between financial information and sustainability information. In this regard, for the specific disclosure on the Group's climate impacts, please refer to the Consolidated Sustainability Statement, prepared in accordance with the ESRS (European Sustainability Reporting Standards).

It is specified that, considering the Group's business, no significant impacts of climate factors are detected on the estimation and measurement processes used by the Directors for the preparation of the consolidated financial statements (described in the paragraph "Estimates and Recruitments"), nor on the useful life or recoverability of the assets recorded in the Financial Statements.

State aid disclosures pursuant to Law no. 124/2017

With reference to the transparency obligations establised by Article 1 paragraphs from 125 to 129 of the Law 124/2017, it is noted that during 2025, the CY4GATE Group did not receive any government grants pursuant to the aforementioned law.

36.Significant events of the year

Purchase of an additional stake in Diateam S.a.S.

On July 30, 2025, following the exercise of the "Put & Call" options exercisable in the three-year period 2024-2026 and signed at the time of the purchase of the first 55.33% of Diateam S.a.S., CY4GATE S.p.A. signed the closing for the purchase of an additional 14.67% of the subsidiary at the price of EUR 1.6 million, thus increasing its interest to 85.33% of the subsidiary. In 2024, CY4GATE had already purchased a 15.33% stake in the company.

Entry of XTN Cognitive Security S.r.l. into the National Tax Consolidation Scheme

On March 6, 2025, the Company's Board of Directors approved the inclusion of XTN Cognitive Security S.r.l. in the National Tax Consolidation Scheme of CY4GATE S.p.A. for the three-year period 2025-2027.

37. Subsequent events

No significant events occurred after the end of the year.

Rome, March 12, 2026

On behalf of the Board of Directors

(Dr. Enrico Peruzzi)

(Dr. Emanuele Galtieri)

Statement pursuant to Article 154-bis of Legislative decree no. 58 of February 24, 1998, "Italian Consolidated Law on Financial Intermediation", as amended

The undersigned Emanuele Galtieri and Arianna Ciccolella, respectively Chief Executive Officer and Manager in charge of the preparation of the corporate accounting documents of CY4GATE S.p.A. hereby certify, also taking into account the provisions envisaged by Article 154-bis, paragraphs 3, 4 and 5, of the Italian Legislative Decree No. 58 of February 24, 1998:

• the adequacy in relation to the characteristics of the company (also considering any changes occurred during 2025) and

• the effective application of administrative and accounting procedures for the preparation of the consolidated financial statements as of and for the year ended December 31, 2025.

From the application of the administrative and accounting procedures for the preparation of the Consolidated Financial Statements as of and for the year ended December 31, 2025, no significant issue emerged.
It is also certified that:

3.1 the Financial Statements as of and for the year ended December 31, 2025:

a) are prepared in compliance with the applicable International Financial Reporting Standards recognized in the European Community under Regulation (EC) No. 1606/2002 of the European Parliament and of the Council of July 19, 2002;

b) are consistent with the underlying accounting books and records;

c) provide a true and correct view of the financial performance, financial position and cash flows of the issuer and of all the companies included in the consolidation.

3.2 The Management Report and the Corporate Governance Report include a reliable analysis of the performance and the result of operations, as well as the situation of the issuer and of all the companies included in the consolidation, together with a description of the main risks and uncertainties they are exposed to.

3.3 The Consolidated Sustainability Statement included in the Management Report has been prepared in accordance with the reporting standards applied pursuant to Directive 2013/34/EU of the European Parliament and of the Council of June 26, 2013 and Legislative Decree No. 125 of September 6, 2024 and with the specifications adopted pursuant to Article 8 paragraph 4 of Regulation (EU) 2020/852 of the European Parliament and of the Council of June 18, 2020.

Rome, March 12, 2026

Chief Executive Officer Manager in charge of the preparation of the corporate accounting documents

KPMG S.p.A. Revisione e organizzazione contabile Via Curtatone, 3 00185 ROMA RM Telefono +39 06 80961.1 Email [email protected] PEC [email protected]

(The accompanying translated consolidated financial statements of the CY4Gate Group constitute a nonofficial version which is not compliant with the provisions of the Commission Delegated Regulation (EU) 2019/815. This independent auditors' report has been translated into English solely for the convenience of international readers. Accordingly, only the original Italian version is authoritative.)

Independent auditors' report pursuant to article 14 of Legislative decree no. 39 of 27 January 2010 and article 10 of Regulation (EU) no. 537 of 16 April 2014

To the shareholders of CY4Gate S.p.A.

Report on the audit of the consolidated financial statements

Opinion

We have audited the consolidated financial statements of the CY4Gate Group (the "group"), which comprise the statement of financial position as at 31 December 2025, the statements of profit or loss, comprehensive income, changes in equity and cash flows for the year then ended and notes thereto, which include material information on the accounting policies.

In our opinion, the consolidated financial statements give a true and fair view of the financial position of the CY4Gate Group as at 31 December 2025 and of its financial performance and cash flows for the year then ended in accordance with the IFRS Accounting Standards as issued by the International Accounting Standards Board and endorsed by the European Union, as well as the Italian regulations implementing article 9 of Legislative decree no. 38/05.

Basis for opinion

We conducted our audit in accordance with International Standards on Auditing (ISA Italia). Our responsibilities under those standards are further described in the "Auditors' responsibilities for the audit of the consolidated financial statements" section of our report. We are independent of CY4Gate S.p.A. (the "parent") in accordance with the ethics and independence rules and standards applicable in Italy to audits of financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Key audit matters

Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the consolidated financial statements of the current year. These matters were addressed in the context of our audit of the consolidated financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

KPMG S.p.A. è una società per azioni di diritto italiano e fa parte del network KPMG di entità indipendenti affiliate a KPMG International Limited, società di diritto inglese.

Ancona Bari Bergamo Bologna Bolzano Brescia Catania Como Firenze Genova Lecce Milano Napoli Novara Padova Palermo Parma Perugia Pescara Roma Torino Treviso Trieste Varese Verona

Recoverability of goodwill and intangible assets

Notes to the consolidated financial statements: notes 2.4 "Accounting policies - Intangible assets", 4 "Estimates and assumptions", 15 "Goodwill" and 16 "Intangible assets"

Key audit matter

Audit procedures addressing the key audit matter

The consolidated financial statements at 31 December2025 include goodwill of €49,190 thousand andintangible assets with a finite useful life of €25,169thousand under the caption "Intangible assets andgoodwill".Assisted by an external expert, the directors tested thecash-generating units (CGUs) to which goodwill andintangible assets with a finite useful life are allocatedfor impairment, in order to identify any impairmentlosses compared to their recoverable amount.They estimated the recoverable amount based onvalue in use, calculated using the discounted cash flowmodel. The model is very complex and entails the useof estimates which, by their very nature, are uncertainand subjective about:•the CGUs' expected cash flows, calculated bytaking into account the general economicperformance and that of their sector, the actualcash flows for recent years and the projectedgrowth rates;•the financial parameters used to calculate thediscount rate.For the above reasons, we believe that therecoverability of goodwill and intangible assets with afinite useful life is a key audit matter.

Our audit procedures included:•understanding the process adopted for impairmenttesting approved by the parent's board of directors;•analysing the criteria used to identify the CGUsand tracing the amount of the CGU assets andliabilities to the relevant carrying amounts in theconsolidated financial statements;•understanding the process adopted for preparingthe 2026-2030 business plan approved by theparent's board of directors (the "2026-2030 plan")from which the expected cash flows used forimpairment testing have been derived;•analysing the reasonableness of the assumptionsused by the directors and the external expert toprepare the impairment test;•analysing the most significant discrepanciesbetween the previous year business plans' figuresand actual figures, in order to check the accuracyof the estimation process adopted by the directors;•comparing the expected cash flows used forimpairment testing to the cash flows forecast in the2026-2030 plan and analysing any discrepancies;•involving experts of the KPMG network in theassessment of the reasonableness of theimpairment testing model and related assumptions,including by means of a comparison with externaldata and information;•assessing the appropriateness of the disclosuresprovided in the notes about goodwill and intangibleassets with a finite useful life and relatedimpairment tests.

Responsibilities of the parent's directors and board of statutory auditors ("Collegio Sindacale") for the consolidated financial statements

The directors are responsible for the preparation of consolidated financial statements that give a true and fair view in accordance with the IFRS Accounting Standards as issued by the International Accounting Standards Board and endorsed by the European Union, as well as the Italian regulations implementing article 9 of Legislative decree no. 38/05 and, within the terms established by the Italian law, for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

The directors are responsible for assessing the group's ability to continue as a going concern and for the appropriate use of the going concern basis in the preparation of the consolidated financial statements and for the adequacy of the related disclosures. The use of this basis of accounting is appropriate unless

the directors believe that the conditions for liquidating the parent or ceasing operations exist, or have no realistic alternative but to do so.

The Collegio Sindacale is responsible for overseeing, within the terms established by the Italian law, the group's financial reporting process.

Auditors' responsibilities for the audit of the consolidated financial statements

Our objectives are to obtain reasonable assurance about whether the consolidated financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors' report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISA Italia will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these consolidated financial statements.

As part of an audit in accordance with ISA Italia, we exercise professional judgement and maintain professional scepticism throughout the audit. We also:

identify and assess the risks of material misstatement of the consolidated financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control;
obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the group's internal control;
evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the directors;
conclude on the appropriateness of the directors' use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the group's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors' report to the related disclosures in the consolidated financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors' report. However, future events or conditions may cause the group to cease to continue as a going concern;
evaluate the overall presentation, structure and content of the consolidated financial statements, including the disclosures, and whether the consolidated financial statements represent the underlying transactions and events in a manner that achieves fair presentation;
obtain sufficient appropriate audit evidence regarding the financial information of the entities or business activities within the group to express an opinion on the consolidated financial statements. We are responsible for the direction, supervision and performance of the group audit. We remain solely responsible for our audit opinion.

We communicate with those charged with governance, identified at the appropriate level required by ISA Italia, regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

We also provide those charged with governance with a statement that we have complied with the ethics and independence rules and standards applicable in Italy and communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, the measures taken to eliminate those threats or the safeguards applied.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the consolidated financial statements of the current year and are, therefore, the key audit matters. We describe these matters in our auditors' report.

Report on other legal and regulatory requirements

Opinion on the compliance with the provisions of Commission Delegated Regulation (EU) 2019/815

The parent's directors are responsible for the application of the provisions of Commission Delegated Regulation (EU) 2019/815 with regard to regulatory technical standards on the specification of a single electronic reporting format (ESEF) to the consolidated financial statements at 31 December 2025 to be included in the annual financial report.

We have performed the procedures required by Standard on Auditing (SA Italia) 700B in order to express an opinion on the compliance of the consolidated financial statements with Commission Delegated Regulation (EU) 2019/815.

In our opinion, the consolidated financial statements at 31 December 2025 have been prepared in XHTML format and have been marked up, in all material respects, in compliance with the provisions of Commission Delegated Regulation (EU) 2019/815.

Opinion and statement pursuant to article 14.2.e)/e-bis)/e-ter) of Legislative decree no. 39/10 and article 123-bis.4 of Legislative decree no. 58/98

The parent's directors are responsible for the preparation of the group's management report and report on corporate governance and ownership structure at 31 December 2025 and for the consistency of such reports with the related consolidated financial statements and their compliance with the applicable law.

We have performed the procedures required by Standard on Auditing (SA Italia) 720B in order to:

• express an opinion on the consistency of the management report and certain specific information presented in the report on corporate governance and ownership structure required by article 123 bis.4 of Legislative decree no. 58/98 with the consolidated financial statements;

express an opinion on the consistency of the management report, excluding the section that includes the consolidated sustainability statement, and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 with the applicable law;
issue a statement of any material misstatements in the management report and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98.

In our opinion, the management report and the specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 are consistent with the group's consolidated financial statements at 31 December 2025.

Moreover, in our opinion, excluding the section which includes the consolidated sustainability statement, the management report and the specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 have been prepared in compliance with the applicable law.

With reference to the above statement required by article 14.2.e-ter) of Legislative decree no. 39/10, based on our knowledge and understanding of the entity and its environment obtained through our audit, we have nothing to report.

Our opinion on compliance with the applicable law does not extend to the section of the management report which includes the consolidated sustainability statement. Our conclusion on the compliance of this section with the legislation governing its preparation and with the disclosure requirements of article 8 of Regulation (EU) 2020/852 is included in the assurance report prepared in accordance with article 14-bis of Legislative decree no. 39/10.

Rome, 31 March 2026

KPMG S.p.A.

(signed on the original)

Matteo Ferrucci Director of Audit SEPARATED FINANCIAL STATEMENTS AS OF AND FOR THE YEAR ENDED DECEMBER 31, 2025

Financial Statements as of and for the year ended December 31, 2025

CY4GATE S.p.A. Headquarters in VIA COPONIA, 8 00131 ROME Company registration no. 13129151000 – Rea no. 1426295

	Statement of Profit and Loss 4
	Statement of Comprehensive Income 5
	Statement of Financial Position 6
	Statement of Cash Flows 7
	Statement of Changes in Equity 8
1.	General Information 9
2.	Basis of Presentation 9
	2.1. Basis of Preparation 9
	2.2. Accounting Policies 10
	2.3. Recently issued accounting standards 20
3.	Financial Risk Management 22
4.	Estimates and Assumptions 26
5.	Revenue 29
6.	Other revenue and income 30
7.	Purchases, services and personnel expenses 30
8.	Amortization and depreciation 31
9.	Other operating costs 32
10.	Financial income and expense 32
11.	Taxes 32
12.	Intangible assets 33
13.	Property, plant and equipment 35
14.	Right-of-Use Assets 35
15.	Equity Investments 36
16.	Trade receivables 39
17.	Other current and non-current assets 40
18.	Cash and cash equivalents 40
19.	Current and non-current financial assets 41
20.	Contract assets and liabilities 41
21.	Equity 42
22.	Current and non-current financial liabilities 43
23.	Employee benefits 46
24.	Provisions for risk and charges 48

25.	Deferred tax assets and liabilities 48
26.	Trade payables 49
27.	Other current and non-current liabilities 49
28.	Other Information 50
29.	Transactions with Related Parties 51
30.	Significant events of the year 53
31.	Subsequent events 53
	Proposal of the Board of Directors to the Shareholders' Meeting 54

Statement of Profit and Loss

		For the year ended December 31
	Note		of which with		of which with
(in Euro)		2025	related parties:	2024	related parties:

Revenue	5	17,940,971	7,378,922	22,038,832	11,416,529
Other revenue and income	6	2,007,470	776,517	2,825,055	1,173,394
Purchases, services and personnel
expenses	7	(24,380,150)	(3,609,034)	(23,559,397)	(5,150,048)
Amortization and depreciation	8/12/13	(7,218,483)	(288,565)	(8,485,681)
Impairment losses of assets	16	(1,979,542)		(526,446)
Accrual to provision for risks and charges	24	(150,000)		-
Other operating costs	9	(331,109)		(229,423)
Operating loss		(14,110,843)	4,257,841	(7,937,060)	7,439,875
Financial income	10	1,836,831	1,225,792	1,402,035	773,201
Financial expense	10	(2,264,776)	(17,265)	(2,404,059)
Pre-tax loss		(14,538,788)	5,466,368	(8,939,084)	8,213,076
Taxes	11	667,026	191,936	2,974,129
Loss for the year		(13,871,762)	5,658,304	(5,964,955)	8,213,076

Statement of Comprehensive Income

(in Euro)		For the year ended December 31
		2025	2024

Loss for the year		(13,871,762)	(5,964,955)
Actuarial gains/(losses) on defined benefit plans		31,203	(30,098)
Actuarial gains/(losses) on defined benefit plans - related tax	23	(8,993)	8,674
Items that will not be subsequently reclassified to profit or loss		22,210	(21,424)
Net fair value losses on cash flow hedges		(49,338)	(175,440)
Net fair value gains on cash flow hedges - related tax	21	11,841	42,106
Items that may be subsequently reclassified to profit or loss		(37,497)	(133,334)
Comprehensive expense		(13,887,049)	(6,119,713)

Statement of Financial Position

		As of December 31
(in Euro)	Note	2025	of which withrelated parties:	2024	of which withrelated parties:
Intangible assets	12	7,351,253	-	12,527,476	-
Property, plant and equipment	13	470,427	-	706,520	-
Right-of-use assets	14	1,031,692	464,186	988,071	712,970
Non-current financial assets	19	992,559	975,000	593,011	19,000
Equity investments	15	96,274,441		94,619,779	-
Deferred tax assets	25	5,899,390		5,433,292	-
Other non-current assets	17	335,345		200,908	-
Non-current assets		112,355,108	1,439,186	115,069,057	731,970
Contract assets	20	5,421,103	2,636,406	8,218,926	2,430,044
Trade receivables	16	14,956,558	2,470,485	17,769,237	5,627,842
Current tax assets		22,136		9,228	-
Other current assets	17	1,466,673		2,384,863	471,600
Current financial assets	19	1,839,568	153,851	2,799,313	2,500,000
Cash and cash equivalents	18	2,271,510		3,277,133	-
Current assets		25,977,548	5,260,741	34,458,700	11,029,486
Total assets		138,332,656	6,699,927	149,527,757	11,761,457
Share capital		1,441,500		1,441,500	-
Share premium reserve		108,539,944		108,539,944	-
Reserves		(6,344,142)		(521,165)	-
Loss for the year		(13,871,762)		(5,964,955)	-
Equity	21	89,765,540		103,495,324	-
Employee benefits - non-current	23	992,012		873,440	-
Other non-current liabilities	27	1,425,343		1,503,613	-
Non-current financial liabilities	22	11,697,487		20,261,315	-
Non-current financial and lease liabilities	22	608,716	282,067	666,490	474,237
Deferred tax liabilities	25	13,456		25,386	-
Total non-current liabilities		14,737,014	282,067	23,330,244	474,237
Provisions for risk and charges	24	150,000		-	-
Trade payables	26	8,219,521	3,824,362	8,497,683	2,227,291
Current financial liabilities	22	14,725,403	-	9,074,837	-
Current lease liabilities	22	423,130	262,936	349,160	256,718
Contract liabilities	20	2,592,316	457,040	713,482	535,808
Other current liabilities	27	7,719,733		4,067,027	-
Total current liabilities		33,830,103	4,544,338	22,702,189	3,491,417
Total liabilities		48,567,117	4,826,405	46,032,433	3,965,654
Total equity and liabilities		138,332,656	4,826,405	149,527,757	3,965,654

Statement of Cash Flows

		For the year ended December 31
(in Euro)	Note	2025	2024
Pre-tax loss		(14,538,788)	(8,939,084)
Adjustments for:
Amortization and depreciation of intangible assets and property, plant and equipment	8/12/13	7,218,483	8,485,681
Impairment losses	16	1,979,542	526,446
Expenses for employee share-based incentives	23	90,947	147,976
Accruals to provisions for risks and charges	24	150,000	-
Net interest income and expense		(882,962)	228,823
Other non-cash items		(838,136)	212,638
Cash flows from (used in) operating activities before changes in net working capital		(6,820,914)	662,480
Change in inventories		-	-
Change in trade receivables	16	833,137	14,726,885
Change in trade payables	26	(278,162)	(1,943,852)
Change in other assets/liabilities	17/27	11,068,437	(5,264,926)
Payment of employee benefits	23	(140,733)	(116,199)
Interest paid		(1,725,813)	(1,021,945)
Net cash flows from operating activities		2,935,952	7,042,443
Equity investments	15	(1,588,926)	(10,411,233)
Dividends received		1,310,907	773,201
Net investment in intangible assets	12	(1,295,742)	(4,063,264)
Net investment in property, plant and equipment	13	(64,333)	(24,647)
Changes in financial assets	19	1,336,558	(3,224,417)
Net cash flows used in investing activities		(301,987)	(16,950,360)
Repurchase of treasury shares	30	-	(1,606,906)
Net utilizations of credit facilities	22	(3,164,035)	12,580,336
Repayment of lease liabilities	22	(475,552)	(367,536)
Net cash flows from (used in) financing activities		(3,639,587)	10,605,894
Total change in cash and cash equivalents		(1,005,623)	697,977
Opening cash and cash equivalents	18	3,277,133	2,579,157
Closing cash and cash equivalents	18	2,271,510	3,277,133

Statement of Changes in Equity

(in Euro)	Share capital	Sharepremiumreserve	Reserves	Profit/(loss)for the year	Total equity
As of January 1, 2024	1,441,500	108,539,944	12,130,939	(11,104,148)	111,008,235
Loss for the year	-	-	-	(5,964,955)	(5,964,955)
Actuarial losses on defined benefit plans	-	-	(21,424)	-	(21,424)
Net fair value losses on cash flow hedges	-	-	(133,335)	-	(133,335)
Comprehensive expense	-	-	(154,759)	(5,964,955)	(6,119,714)
Coverage of previous year result	-	-	(11,104,148)	11,104,148	-
Repurchase of treasury shares	-	-	(1,606,906)	-	(1,606,906)
Share-based payments	-	-	213,709	-	213,709
As of December 31, 2024	1,441,500	108,539,944	(521,165)	(5,964,955)	103,495,324
Loss for the year	-	-	-	(13,871,762)	(13,871,762)
Actuarial gains on defined benefit plans	-	-	22,210	-	22,210
Net fair value losses on cash flow hedges	-	-	(37,497)	-	(37,497)
Comprehensive expense	-	-	(15,287)	(13,871,762)	(13,887,049)
Coverage of previous year result	-	-	(5,964,955)	5,964,955	-
Repurchase of treasury shares	-	-	-	-	-
Share-based payments	-	-	156,683	-	156,683
Other changes	-	-	577	-	577
As of December 31, 2025	1,441,500	108,539,944	(6,344,142)	(13,871,762)	89,765,540

Notes to the Financial Statements

1. General Information

CY4GATE S.p.A. (hereinafter "CY4GATE" or the "Company") is a company established and domiciled in Italy, with registered office in Rome (RM), at Via Coponia, 8 and organized under the legal system of the Italian Republic. The Company is primarily active in the design, development and production of technologies, products, systems and services for the Armed Forces, Law Enforcement Agencies and Italian and foreign companies. Since June 26, 2023, the shares of CY4GATE S.p.A. have been traded in the Euronext STAR Milan market segment of the Italian Stock Exchange (shares were traded in the Euronext Growth Milan market segment from 2020 up until the above date).

The Company is controlled by Elettronica S.p.A., with a registered office in Rome, which prepares the consolidated financial statements of the largest group of companies to which the Company belongs. In compliance with point 22-quinquies of Article 2475 of the Italian Civil Code, it is communicated that a copy of the consolidated financial statements is kept at the headquarters of the ultimate parent company in Via Tiburtina Km 13,700.

As of the date of preparation of these financial statements, the Company is not subject to direction and coordination of any of its shareholders, as the Board of Directors of the Company assumes in full and complete autonomy and independence the most appropriate decision relating to the management of the Company's activities.

Authorization for publication

These Financial Statements were approved and authorized for publication by the Board of Directors of CY4GATE S.p.A. on March 12, 2026, and are audited by KPMG S.p.A.

The publication of these consolidated financial statements is carried out in accordance with the Delegated Regulation of the European Commission 2019/815 and subsequent amendments.

2. Basis of Presentation

This section provides a description of the most relevant accounting policies adopted for the preparation of these financial statements as of and for the year ended on December 31, 2025 (hereinafter the "Financial Statements"). These principles have been applied consistently for all periods presented.

2.1. Basis of Preparation

These Financial Statements have been prepared in accordance with the "EU IFRS", meaning by this all the "International Financial Reporting Standards", all "International Accounting Standards" (IAS), all interpretations of the "International Financial Reporting Interpretations Committee" (IFRIC), formerly the "Standing Interpretations Committee" (SIC), that, as of the reporting date of the Financial Statements, have been endorsed by the European Union in accordance with the procedure provided forth in Regulation (EC) No. 1606/2002 of the European Parliament and the European Council of July 19, 2002. IFRS have been applied consistently to all periods reported in this document. Furthermore, reference was made to the provisions issued by Consob (Italian National Commission for listed companies) in implementation of paragraph 3 of Article 9 of Legislative Decree 38/2005.

These Financial Statements have been prepared on a going concern basis, as the Directors have verified that there are no financial, managerial or other indicators that could indicate critical issues regarding the Company's ability to meet its obligations in the foreseeable future and in particular over the next 12 months. A description of the ways in which the Company manages financial risks is illustrated in Note 3 related to "Financial Risk Management".

These Financial Statements have been prepared and presented in Euro, which represents the functional currency of the predominant economic environment in which the Company operates. All amounts included in this document, unless otherwise indicated, are expressed in Euro.

The following are the financial statements formats and the relative classification criteria adopted by the Company, within the options provided by IAS 1 Presentation of financial statements:

the Statement of Financial Position has been prepared by classifying assets and liabilities according to the "current/non-current" criterion;
The Statement of profit and loss has been prepared by classifying operating costs by nature;
The Statement of Comprehensive Income, in addition to the profit of loss for the yearresulting from the statement or profit and loss, includes income and expense that are not recognized in profit or loss as required by IFRS;
The Statement of Changes in Equity, prepared in accordance with IAS 1;
The Statement of Cash Flows has been prepared by presenting cash flows resulting from operating activities according to the "indirect method".

These Financial Statements have been prepared on the basis of the conventional historical cost criterion, except for the measurement of financial assets and liabilities, in cases where the application of the fair value criterion is mandatory.

It should be noted that the Directors have reclassified the balances of certain items for the comparative year in order to better represent the financial statements amount. In particular, the affected items are "Interest income and expense" and "Dividends received" in the statement of cash flows. The directors have not considered these reclassifications material for disclosure purposes.

2.2. Accounting policies

The following briefly describes the accounting policies and most significant measurement criteria used for the preparation of the Financial Statements.

INTANGIBLE ASSETS

Intangible assets with a finite useful life

Intangible assets with a finite useful life are recognized at cost, as described above, net of accumulated amortization and any impairment losses.

Amortization begins when the asset is available for use and is systematically allocated in relation to its residual possibility of use, i.e., based on the estimated useful life.

The estimated useful life for the various categories of intangible assets is as follows:

Class of intangible asset	Useful life in years
Industrial patents and intellectual property rights	3-5
Concessions, licenses, trademarks and similar rights	3-5
Other intangible assets	3-5
Development costs	3-5

PROPERTY, PLANT AND EQUIPMENT

The indicative useful life, estimated for the various categories of property, plant and equipment, is as follows:

Class of property, plant and equipment	Useful life in years
Plant and machinery	3-5
Industrial and commercial equipment	6-7
Other assets	5-9

The useful life of property, plant and equipment is reviewed and updated, where necessary, at least at the end of each financial year.

Leased assets

The Company has entered into lease agreements relating to property, vehicles and industrial equipment. Lease contracts are generally entered into for fixed periods of 6 months to 6 years with extension options, as described below. Contracts can contain both lease components and components other than leases.

The Company attributes the consideration in the contract to components other than lease on the basis of the standalone selling price (SSP) for each obligation. When an SSP does not exist, the Company estimates the SSP using an adjusted market approach.

Lease contracts are recognized as right-of-use assets and liabilities corresponding to the date on which the asset is available for use by the Company.

The assets and liabilities deriving from a lease are initially measured on the basis of their present value. Lease liabilities include the net present value of the following lease payments:

fixed payments (including fixed payments in substance), net of any lease incentives;
variable payments based on an index or rate, initially measured using the index or rate as of the start date;
the exercise price of a purchase option if the Company is reasonably certain to exercise such option;
the payment of penalties for early termination; and
payments due in an optional renewal period if the Company is reasonably certain to exercise the renewal option.

The lease payments are discounted using the lease's implicit interest rate. If this rate cannot be easily determined, which is generally the case with leases held by the Company, the lessee's incremental borrowing rate is used, being the rate that the Company should pay to borrow the funds needed to obtain assets of similar value to the right-of-use asset in a similar economic environment with similar terms, guarantees and conditions.

In the statement of financial position, the Company presents right-of-use assets within property, plant and equipment and lease liabilities within current and non-current financial liabilities.

In the statement of profit and loss, interest expense on lease liabilities constitutes a component of financial expense and is presented separately from the depreciation of right-of-use assets.

The Company avails itself of the exemptions provided by the IFRS 16 – Lease principle with reference to lease contracts of less than 12 months and contracts relating to so-called "low value assets", collectively not significant. The Company recognizes deferred taxation on right-of-use assets and lease liabilities.

FOREIGN CURRENCY TRANSLATION

IMPAIRMENT OF INTANGIBLE ASSETS AND PROPERTY, PLANT AND EQUIPMENT

Assets (intangible assets and property plant and equipment) with a finite useful life

An impairment loss is recognized in profit or loss if the carrying amount of the asset, or of the related CGU to which it is allocated, is higher than its recoverable amount. Impairment losses on CGUs are charged first against the carrying amount of any goodwill attributed to them and then, as a reduction of other assets, in proportion to their carrying amount and within the limits of the related recoverable amount. If the reasons that led to the impairment cease to exist, the carrying amount of the asset is reinstated with recognition in the statement of profit and loss, within the limits of the net carrying amount that the asset would have had if the impairment loss had not occurred and the related amortization and depreciation had been charged.

EQUITY INVESTMENTS

Investments in subsidiaries are recorded at acquisition cost, inclusive of directly attributable ancillary charges, adjusted in the presence of any impairments, which are charged to the statement of profit and loss. They are restored if the reasons for the impairments carried out no longer exist. Subsidiaries are the ones over which CY4 has the power to determine, directly or indirectly, the financial and operational policies in order to obtain the benefits arising from their activities.

In the presence of impairment indicators, equity investments are subject to verification in order to ascertain the existence of any impairments to be recognized in the statement of profit and loss. In particular, the aforementioned verification involves the determination of the recoverable amount of the participation by estimating its related use value or the fair value net of disposal costs; if this recoverable amount is lower than the carrying amount, an impairment loss on the investment must be recognized.

In the presence of evidence of impairment, recoverability is verified by comparing the carrying amount and the higher of the value in use, determined by discounting the prospective cash flows, where possible, of the investment, and the hypothetical sale value, determined on the basis of recent transactions or market multiples. The share of losses exceeding the carrying amount is recognized as a specific liability to the extent that the Company believes there are legal or implicit obligations to cover the losses and in any case within the limits of the equity. If the subsequent performance of the investment subject to impairment presents an improvement such that the reasons for the impairments made are no longer present, the investments are revalued within the limits of the impairments recognized in the previous years. Dividend income is recognized in the Statement of profit and loss when the right to receive payment is established.

Company name	Registered office	Share/quota	Equity	% equity investmentsas of December 31		Carrying amountas of December
	capital			2024	2024	31, 2025
Subsidiaries
RCS ETM Sicurezza S.p.A.("RCS")	Milan (Italy) - Via Caldera 21	EUR 7,000,000	EUR 37,216,981	100%	100%	76,377,378
Diateam S.a.S. *	Brest (France) - 31 rue Yves Collet	EUR 300,000	EUR 3,212,692	85.33%	70.66%	8,846,894
XTN Cognitive Security S.r.l.("XTN")	Arco (Italy) - via S. Caterina 95	EUR 10,000	EUR 3,845,700	77.80%	77.80%	9,612,170
Joint Venture
Helmon S.r.l. (formerlyProntocyber Plus S.r.l.)	Rome (Italy) - Via Cassiodoro 1/a	EUR 120,000	EUR 1,630,852	50%	-	1,478,000

* On July 30, 2025, CY4GATE signed the closing for the purchase of a further 14.67% of the company at a price of EUR 1.6 million, increasing its interest to 85.33% of the company, following the exercise of the put & call option exercisable in the three-year period 2024 - 2026 and signed at the purchase of the first 55.33% of Diateam S.a.S., which will allow CY4GATE to acquire 100% of the company in the three-year period.

INVENTORIES

Inventories are recorded at the lower of purchase or production cost and net realizable value, represented by the amount the Company expects to obtain from its sale in the normal course of business, net of selling costs.

The cost of finished products and semi-finished products includes raw materials, direct labor costs and other production costs (determined on the basis of normal operating capacity). Financial expense is not included in the measurement of inventories. It is charged to profit or loss when incurred, as it does not meet the timing requirements for capitalization.

CASH AND CASH EQUIVALENTS

TRADE RECEIVABLES AND CURRENT FINANCIAL ASSETS

Assets with due dates over 12 months and without significant financial components are presented at their present value.

IMPAIRMENT OF FINANCIAL ASSETS

At each reporting date, financial assets, with the exception of those measured at fair value through profit or loss, are analyzed to verify the existence of indicators of impairment. According to IFRS 9, a model for forecasting expected credit losses must be applied when assessing an impairment. In carrying out this assessment, the Company applies a standard simplified approach according to the IFRS 9 standard to estimate the lifetime expected credit losses and takes into account its historically gained experience regarding credit losses, adjusted for specific prospective factors, the nature of the Company's receivables and the economic context. If there is evidence of impairment, the loss is recognized in the statement of profit and loss under the item "Net impairment losses on financial assets and contract assets".

Trade receivables and financial assets are impaired when there is no rational expectation of them being recovered. The signs that indicate the absence of rational recovery expectations include, among others, the inability of a creditor to engage in a recovery plan with the Company, and the inability to make contractual payments for a significant period of time.

DERECOGNITION OF FINANCIAL ASSETS AND LIABILITIES

Financial assets are derecognized when one of the following conditions is met:

the contractual right to receive the cash flows from the asset has expired;
the Company has substantially transferred all the risks and benefits associated with the asset, transferred its rights to receive cash flows from the assets or assumed a contractual obligation to transfer the cash flows received to one or more potential beneficiaries by virtue of a contract that meets the requirements of the standard ("pass through test*"*);

• the Company has neither transferred nor substantially maintained all the risks and benefits associated with the financial asset but has ceded control of it.

OFFSETTING OF FINANCIAL ASSETS AND LIABILITIES

The Company offsets financial assets and liabilities if and only if:

there is a legally exercisable right to offset the amounts recognized in the financial statements;
there is an intention either to offset on a net basis or to realize the asset and settle the liability simultaneously.

FINANCIAL LIABILITIES AND TRADE PAYABLES

Financial liabilities and trade payables are recognized when the Company becomes a party to the related contractual clauses. They are initially measured at fair value, adjusted for directly attributable transaction costs, and, except for derivative financial instruments, are subsequently measured at amortized cost using the effective interest rate method.

Financial liabilities are derecognized when and only when they are extinguished (that is, when the obligation specified in the contract is remitted, canceled or expires).

DERIVATIVE FINANCIAL INSTRUMENTS

Derivative financial instruments are used as economic hedging only to reduce interest rate risk. All derivative financial instruments are measured at fair value.

If financial instruments are not accounted for, under IFRS 9, as hedging instruments, changes in fair value detected subsequent to initial recognition are treated as components of profit or loss.

When derivative financial instruments qualify for hedge accounting , the following accounting treatments apply.

Cash flow hedge instruments

When a derivative financial instrument is designated as a hedging instrument for the exposure to the variability of future cash flows of an asset or liability recognized in the financial statements or a highly probable expected transaction and can impact profit or loss, the effective portion of any profit or loss on the derivative financial instrument is recognized directly in the Statement of comprehensive income through a specific capital reserve ("Cash flow hedge reserve"). The cumulative profit or loss is reclassified from the statement of comprehensive income to the statement of profit and loss when the economic effects deriving from the hedged item impact profit or loss. The profit or loss associated with a hedge or part of the hedge that has become ineffective is recognized in the Statement of Profit and Loss immediately under financial income or financial expense, respectively. When an instrument or a hedging relationship expires (for example, the derivative is sold, reaches its expiry or the hedging relationship no longer qualifies as effective), but the Company expects the hedged transaction to happen in the future, the cumulative gain or loss at the time of extinction remains in the Statement of comprehensive income and is recognized in profit or loss when the underlying transaction takes place. If the underlying transaction is no longer probable, the cumulative gain or loss present in the Statement of Comprehensive Income is immediately recognized in profit or loss.

The Company makes use of hedging derivatives entered into to face the interest rate risk on the loan agreements it has stipulated.

If hedge accounting cannot be applied, the fair value gains or losses on the derivative financial instruments are recognized immediately in financial income or financial expenses, respectively.

EMPLOYEE BENEFITS

Short-term benefits are represented by wages and salaries, social security contributions, compensation for vacation and incentives paid in the form of bonuses payable in the twelve months of the reporting date. These benefits are accounted for as components of personnel expenses in the period in which the work is performed.

TFR

Starting from January 1, 2007 the so-called 2007 Budget Law and the related implementation decrees have introduced significant changes to the post-employment benefit regulations, including the choice of the employee regarding the allocation of the accruing TFR. In particular, the new TFR flows may be directed by the worker to selected pension forms or maintained in the company. In the case of allocation to external pension schemes, only a defined contribution to the selected fund is paid, and from that date the newly accrued shares are defined contribution plans not subject to actuarial measurement.

SHARE-BASED PAYMENTS

In relation to share-based payments, the Company recognizes, if the conditions exist, the cost of the services acquired during the period in which it receives the service in exchange for an increase in equity or a liability, depending on the transaction settlement methods and, in particular, if the obligation is settled through shares (equity-settled plan) or with cash payment (cash-settled plan).

The Company has planned for its managers and for managers and other top figures of the subsidiaries, an Incentive Plan which consists in the assignment, free of charge, of the Company's shares, upon reaching certain economic-financial objectives. The Stock Grant Plan, as structured, falls within the scope of IFRS 2 in the "equity settled" transactions category.

At each reporting date, the assumptions regarding the number of Stock Grants that are expected to mature are checked. The expense for the year is recognized in profit or loss, among the personnel expenses, and an equity reserve is recognized as a counter entry.

PROVISIONS

The risks for which the emergence of a liability is only possible are indicated in the specific section regarding contingent liabilities, and no provision is made for these.

RECOGNITION OF REVENUE FROM CONTRACTS WITH CUSTOMERS

The Company's revenue is mainly generated from the sale of cyber security and cyber intelligence technologies, products, systems, and services.

Contracts that meet the requirements for revenue recognition "over time" are classified among "contract assets" or among "contract liabilities" depending on the relationship between the status of fulfillment of the performance by the Company and the payments received from the customer. In particular:

"contract assets" represent the right to consideration for goods or services that have already been transferred to the customer;
"contract liabilities" represent the Company's obligation to transfer goods or services to the customer for which a consideration has already been received (or the right to receive has already arisen).

Contract assets are presented net of any impairment losses. Periodic updates of estimates are made and any economic effects are accounted for in the year in which the updates are made.

The Company enters into contracts that are generally able to be distinguished and accounted for as separate performance obligations. The recognized revenue is limited to the amount of consideration that the Company expects to receive. The Company attributes the transaction price to the performance obligations on the basis of the stand-alone selling prices (SSP) for each obligation. When an SSP does not exist, the Company estimates the SSP using an adjusted market approach.

GRANTS

DIVIDENDS

TAXES

Current taxes are determined based on an estimate of taxable income, in compliance with the applicable tax legislation.

Other taxes not related to income, such as indirect taxes, are included in the statement of profit and loss item "Other operating costs".

2.3. Recently issued accounting standards

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS IN EFFECT AS OF JANUARY 1, 2025

The following summarizes the newly issued accounting standards, amendments, and interpretations that came into effect on January 1, 2025.

Amendments IAS 21 — The Effects of Changes in Foreign Exchange Rates: Lack of Exchangeability

Volume 11

There were no significant effects on the Financial Statements resulting from the adoption of the above amendments.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS ENDORSED BY THE EUROPEAN UNION BUT NOT YET APPLICABLE

The following summarizes the accounting standards, amendments and interpretations endorsed by the European Union but not yet applicable as of December 31, 2025; effective from January 1, 2026 or at a later date. The Company is assessing the effects that the adoption of these changes could have on its own Financial Statements. As of the date of preparation of these Financial Statements, significant impacts are expected from the entry into force of IFRS 18 Presentation and Disclosure in Financial Statements, which will enter into force on 1 January 2027, the financial statements of which must be presented in accordance with IFRS 18 also with reference to comparative balances. With reference to the other standards, amendments, interpretations in the list, the assessment of any impacts that their application could determine on future financial statements is ongoing and no significant impacts are expected to date.

Annual Improvements Issued in July 2024. The document contains formal amendments and clarifications to some existing standards. In detail, the following principles have been amended: (i) "IAS 7 – Cost method", the amendment eliminates the term "cost method", no longer defined in the IFRS accounting standards; (ii) "IFRS 9 – Lessee derecognition of lease liabilities", the amendment solves a potential lack of clarity relating to the way in which a lessee accounts for the derecognition of a lease liability, clarifying that any resulting gain or loss must be recognized in the Income Statement; (iii) "IFRS 9 – Transaction price", the amendment removes the reference, in Appendix A of IFRS 9, to the definition of "transaction price" contained in IFRS 15, considering that the term is used in particular paragraphs of IFRS 9 with a meaning not necessarily consistent with the definition of that term in IFRS 15; (iv) "IFRS 7 – Gain or loss on derecognition", the amendment clarifies a potential confusion arising from an obsolete reference to a paragraph that was deleted from the standard at the time of issue of "IFRS 13 – Fair Value Measurement"; (v) "IFRS 7 – Disclosure of delayed difference between fair value and transactions price", the amendment clarifies an inconsistency between the standard and the related application guidelines, recognized when a change, consequent to the issuance of IFRS 13, was made to the standard, but not to the

corresponding paragraph of the implementing guidelines; (vi) "IFRS 7 - Introduction and credit risk disclosures", the amendment solves a potential confusion by clarifying how to apply the relevant application guide and simplifying certain explanations; (vii) "IFRS 10 - Determination of a 'de facto agent'", the amendment clarifies how an investor must determine whether another person acts on its behalf; (viii) "IFRS 1 hedge accounting by a first-time adopter"; the change improves the consistency between the hedge accounting requirements provided for in IFRS 9 and IFRS 1. Each of the amendments will be applicable from the financial years beginning on or after January 1, 2026. Amendments to the Classification and Measurement of Financial Instruments – Amendment to IFRS 9 and IFRS 7 In May 2024, the IASB published the Amendments to the classification and measurement of financial instruments that amended IFRS 9 Financial Instruments and IFRS 7 Financial Instruments: disclosures. In detail, the IASB amended the provisions relating to: (i) clarify the date of recognition and derecognition of some financial assets and liabilities, with a new exception provided for some financial liabilities settled through an electronic money transfer system; (ii) clarify and add further indications in assessing whether a financial asset meets the criterion of solely payments of principal and interest (SPPI); (iii) add new disclosure for some instruments with contractual terms that may change cash flows (for example, some financial instruments with characteristics linked to the achievement of environmental, social and governance objectives) and (iv) update the disclosure on equity instruments measured at fair value recorded in Other Comprehensive Income (FVOCI). These amendments are effective from January 1, 2026. Contracts Referencing Nature-dependent Electricity Amendments to IFRS 9 and IFRS 7 In December 2024, the IASB published amendments aimed at supporting companies to better report the financial effects of nature-dependent electricity agreements, often structured as Power Purchase Agreements (PPAs). Nature-dependent electricity contracts help companies to ensure their own supply of electricity from sources such as wind and solar energy, and current accounting requirements may not adequately capture how these contracts affect a company's performance. To enable companies to better reflect these contracts in the financial statements, the amendments to IASB will focus on IFRS 9 Financial Instruments and IFRS 7 Financial Instruments: Disclosure, and will include: (i) to clarify the application of "own use" requirements; (ii) allow hedges to be accounted for if these contracts are used as hedging instruments; and (iii) add new disclosure requirements to allow investors to understand the effect of these contracts on a company's financial performance and cash flows. These amendments are effective from January 1, 2026.

Please note that the Company has not adopted, in advance, accounting standards and amendments with an effective date in subsequent years.

ACCOUNTING STANDARDS, AMENDMENTS AND INTERPRETATIONS NOT YET ENDORSED BY THE EUROPEAN UNION

Below are the newly issued accounting standards, amendments and interpretations, not yet endorsed by the European Union. The Company is assessing the effects that the adoption of these changes could have on its own Financial Statements. As of the drafting date of these Financial Statements, no significant impacts are expected.

IFRS 19 Subsidiaries without Public Accountability: Disclosures

In May 2024, the IASB issued IFRS 19 Subsidiaries without Public Accountability: Disclosures: The standard, which enters into force on January 1, 2027 - subject to approval - allows subsidiaries without public responsibility to apply the requirements for the recognition and measurement of IFRS while maintaining a reduced supplementary disclosure regime.

Amendments to IAS 21 The Effects of Changes in Foreign Exchange Rates: Translation to a Hyperinflationary Presentation Currency

In November 2025, the IASB published the amendment "Translation to a Hyperinflationary Presentation Currency (Amendments to IAS 21)". These amendments clarify the methods for converting the financial statements from a nonhyperinflationary functional currency to a hyperinflationary presentation currency, requiring the use of the closing rate at the date of the last statement of financial position for all amounts (including comparative). It is expected to enter into force on years beginning on or after January 1, 2027, with the right of early application.

3. Financial Risk Management

The Company's activities are exposed to the following financial risks: i) market risk, defined as currency risk, interest rate risk and price risk, ii) credit risk, iii) liquidity risk and iv) capital risk.

The Company's risk management strategy is aimed at minimizing potential negative effects on the Company's financial performance.

Currently and based on the estimates made, no problems of business continuity or impairment emerge.

INTEREST RATE RISK

The Company has entered into "Interest Rate Swaps" hedging the risk of fluctuations of the interest rate applied to variable rate loans. The following tables provide details of the instruments held as of December 31, 2024 and 2023:

Bank loans as of December 31, 2025		Cash Flow hedgesPrincipal as of December 31, 2025
(in Euro)	Principal	IRS	Total
Variable rate loans	37,500,000	12,500,000	12,500,000
Fixed rate loans	6,097,858	-	-
Total	43,597,858	12,500,000	12,500,000

Bank loans as of December 31, 2024		Cash Flow hedgesPrincipal as of December 31, 2024
(in Euro)	Principal	IRS	(in Euro)
Variable rate loans	37,500,000	12,500,000	12,500,000
Fixed rate loans	500,000	-	-
Total	38,000,000	12,500,000	12,500,000

The Company, in choosing financing and investment operations, has adopted criteria of prudence and limited risk and has not carried out speculative transactions.

CURRENCY RISK

The Company believes that it is not significantly exposed to fluctuations in exchange rates, therefore it does not carry out operations in derivative financial instruments to hedge against currency risk. In particular, despite the Company conducting its business abroad, exposure to foreign countries is limited and there are no financial liabilities in currencies other than the Euro.

PRICE RISK

The Company believes it is not significantly exposed to movements in the prices of raw materials and commodities used in the production process and the consequent influence of these on operating margins.

CREDIT RISK

Credit risk is essentially derived from trade receivables. To mitigate credit risk related to counterparties in trade transactions, the Group has implemented procedures aimed at limiting the concentration of exposures to single counterparts or groups, through a creditworthiness analysis. Constant credit monitoring allows the Group to promptly verify any defaults or worsening of the creditworthiness of the counterparts and to adopt the relative mitigating actions.

It should also be specified that the credit risk is further limited considering the characteristics of the customers, largely public entities.

The Company applies the simplified approach provided by IFRS 9 for the estimate of the recoverability of its trade receivables. The adjustment of the estimates that results from this takes into account the risk of non-collectability of receivables through the differentiation of the ECL (Expected Credit Losses) applied to groups of homogeneous receivables with respect to the risk profile and age, or depending on the progress of the actions taken for the recoverability of doubtful receivables. The amount of financial assets considered doubtful for recovery is not significant and is, in any case, covered by appropriate allocations to the loss allowance. See Note 16 for more details about the loss allowance.

LIQUIDITY RISK

The liquidity risk is associated with the Company's ability to meet commitments deriving mainly from financial liabilities. A prudent management of the liquidity risk originating from the Company's normal operations involves maintaining an adequate level of cash availability and the availability of liquidity obtainable through an adequate amount of credit lines. Cash flows, financing needs and liquidity are constantly monitored and managed with the aim of ensuring effective and efficient management of the financial resources.

With reference to liquidity risk management, the Company has undrawn credit lines of Euro 5 million, as also commented in Note 22. Furthermore, the other Group companies have significant liquidity available as of December 31, 2025.

CAPITAL RISK

The Company's objective in the context of capital risk management is mainly to safeguard the going concern in order to guarantee returns to shareholders and benefits to all stakeholders. The Company also aims to maintain an optimal capital structure so as to reduce the cost of borrowing.

FINANCIAL ASSETS AND LIABILITIES BY CATEGORY

The fair value of financial assets and liabilities and loans, recorded among the "current" items of the statement of financial position and evaluated with the amortized cost method, being mainly assets underlying commercial relationships whose settlement is expected in the short term, does not differ from the amounts recognized in the Financial Statements as of and for the years ended December 31, 2025 and 2024.

The following is a classification of financial assets and liabilities by category as of December 31, 2024 and 2023 identified based on the requirements of IFRS 7.

As of December 31, 2025	Financial assets /liabilities at	Fair valueof hedging	Assets /liabilitiesat fairvalue	Nonfinancial	Total
(in Euro)	amortized cost	instruments	throughprofit orloss	assets /liabilities
Assets
Non-current financial assets	1,660,250	-	-	-	1,660,250
Current financial assets	469,540	34,646	667,691	-	1,171,877
Cash and cash equivalents	2,271,510	-	-	-	2,271,510
Total assets	4,401,300	34,646	667,691	-	5,103,637
Liabilities
Non-current financial liabilities	11,697,487	-	-	-	11,697,487
Non-current lease financial liabilities	608,716	-	-	-	608,716
Current financial liabilities	14,725,403				14,725,403
Current lease financial liabilities	423,130	-	-	-	423,130
Total liabilities	27,454,736	-	-	-	27,454,736

As of December 31, 2024(in Euro)	Financial assets/ liabilities atamortized cost	Fair value ofhedginginstruments	Assets /liabilities at fairvalue throughprofit or loss	Nonfinancialassets /liabilities	Total
Assets
Non-current financial assets	419,000	59,034	114,977	-	593,011
Current financial assets	2,500,000	46,741	252,572	-	2,799,313
Cash and cash equivalents	3,277,133	-	-	-	3,277,133
Total assets	6,196,133	105,775	367,549	-	6,669,457
Liabilities
Non-current financial liabilities	20,261,315	-	-		- 20,261,315
Non-current lease financial liabilities	666,490	-	-	-	666,490
Current financial liabilities	9,074,838	-	-	-	9,074,838
Current lease financial liabilities	349,160	-	-	-	349,160
Total liabilities	30,351,803	-	-		- 30,351,803

FAIR VALUE MEASUREMENT

The fair value of financial instruments listed on an active market is based on market prices at the financial statements' reporting date. The fair value of instruments that are not listed on an active market is determined using measurement techniques based on a series of methods and assumptions related to market conditions at the reporting date.

The following is the classification of the fair values of financial instruments based on the following hierarchical levels:

Level 1: Fair value determined with reference to listed prices (not adjusted) on active markets for identical financial instruments;

Level 2: Fair value determined with measurement techniques with reference to observable variables on active markets;

Level 3: Fair value determined with measurement techniques with reference to unobservable market variables.

Among the assets measured at fair value the value of the call option held for the acquisition of 14.67% of the share capital of Diateam S.a.S is recorded. For more information, please refer to Note 15.

As of December 31, 2025 and 2024, there are also interest rate derivatives with positive fair value. For more information, please refer to Note 19.

The following tables presents the classification of the fair value of the aforementioned financial assets as of December 31, 2025 and 2024.

As of December 31, 2025	Fair Value
(in Euro)	Level 1	Level 2	Level 3	Total
Non-current assets	-	21,790	-	21,790
Derivative financial instruments	-	21,790	-	21,790
Current assets	-	34,646	667,691	702,337
Derivative financial instruments	-	34,646	667,691	702,337
Total	-	56,437	1,335,382	724,128

As of December 31, 2024		Fair Value
(in Euro)	Level 1	Level 2	Level 3	Total
Non-current assets	-	59,034	114,977	174,011
Derivative financial instruments	-	59,034	114,977	174,011
Current assets	-	46,741	252,572	299,313
Derivative financial instruments	-	46,741	252,572	299,313
Total	-	105,775	367,549	473,324

Measurement techniques and inputs used

The present value of the option for the acquisition of the non-controlling interest in Diateam was calculated by implementing a Monte Carlo simulation model, simulating a large number of future prospective scenarios of the Equity Value and EBITDA of the subsidiary Diateam. The prospective amounts of Equity Value and EBITDA were simulated through a normal model (Bachelier framework), starting from the value realized in the 2025 by the subsidiary Diateam and from the values forecasted in the Business Plan of the subsidiary, for the year 2026.

For each scenario of simulated Equity Value and EBITDA, the value of the Strike Price at the date of exercise of the option was calculated, taking into account the contractually defined constraints. In each scenario, the present value of the option was therefore obtained as the sum of the values, discounted to the cost of equity, of the Strike Prices relating to the different tranches. The present value of the option was calculated as an arithmetic average, across all scenarios, of the relative simulated magnitudes.

The simulation model was implemented based on the following assumptions:

for the calculation of the present value of the option, the cost of equity of the Company was considered as the discount rate;
the volatility parameter of Diateam's Equity Value was calculated based on the relative historical series of CY4GATE's Equity Value;
the volatility parameter of Diateam's EBITDA was from the time series of EBITDA for comparable companies.

The variations of the present value option, amounting to EUR 300 thousand, are recorded by the Company in the Statement of Profit and Loss, under the item "Net financial income". For more information, please refer to Note 10.

It should be noted that there is also a call option held for the purchase of 2.2% of the share capital of XTN by some noncontrolling investors, whose current estimated value as at December 31, 2025 is zero.

4. Estimates and Assumptions

The preparation of the financial statements requires the Directors to apply accounting principles and methods which, in certain circumstances, are based on difficult and subjective assessments and estimates based on historical experience and assumptions that are considered reasonable from time to time and realistic according to the relative circumstances. The application of these estimates and assumptions affects the amounts reported in the financial statements, in the Statement of Financial Position, in the Statement of Profit and Loss, in the Statement of Comprehensive Income, in the Statement of Cash Flows, in the Statement of Changes in Equity, as well as in the disclosure provided. Cash flows, financing needs and liquidity are constantly monitored and managed with the aim of ensuring effective and efficient management of the financial resources.

(a) Impairment of assets

In accordance with the accounting standards applied by the companies of the Company, property, plant and equipment and intangible assets are subject to verification in order to ascertain whether they are impaired, which must be recognized through an impairment, when there are indicators that suggest difficulties in recovering the related net carrying amount, represented by the higher between fair value less cost of disposal and value in use. The verification of the existence of the aforementioned indicators requires the directors to make subjective assessments based on the information available within the Company and on the market, as well as from historical experience. Furthermore, if it is determined that a potential impairment may have occurred, the Company proceeds to determine it using measurement techniques deemed appropriate. The correct identification of the elements indicating the existence of a potential impairment of property, plant and equipment and intangible assets, as well as the estimates for their determination, depend on factors that may vary over time, influencing the assessments and estimates made by the Directors.

the expected flows, determined taking into account the general economic trend and the specific industry, the cash flows produced in the last few years and the forecast growth rates;
the financial parameters to be used for the discounting of the above mentioned flows.

(b) Equity investments

In accordance with the accounting standards applied by the Company, equity investments are subject to verification to ascertain whether an impairment has occurred, which must be recorded through an impairment loss, when there are indicators that predict difficulties in recovering the relative net carrying amount represented by the greater of the fair value, net of selling costs, and the value in use. The verification of the existence of the aforementioned indicators requires the directors to make subjective assessments based on the information available within the Company and on the market, as well as from historical experience. Furthermore, if it is determined that a potential impairment may have occurred, the Company proceeds to determine it using measurement techniques deemed appropriate. The correct identification of the indicative elements of the existence of a potential impairment of equity investments, as well as the estimates for the determination of the same, depend on factors that can vary over time, influencing the evaluations and estimates made by the Directors.

The determination of the recoverable amount of equity investments involves the assumption of estimates that depend on factors that may change over time, with potential significant effects compared to the evaluations carried out by the Directors. Particularly with reference to the determination of the value in use with the methodology of discounting expected future cash flows, it should be noted that this methodology is characterized by a high degree of complexity and the use of estimates, by their uncertain and subjective nature, about:

the expected cash flows of these investees, determined taking into account the general economic trend, the Company's industry, the cash flows accounted for in the last few years and the forecast growth rates;
the financial parameters used for the determination of the discount rate.

(c) Amortization and depreciation

(d) Fair value measurement

In measuring the fair value of an asset or a liability, the Company makes use of observable market data as far as possible. Fair values are distinguished into various hierarchical levels based on the input data used in measurement techniques, as better described in the previous paragraph "Fair value measurement".

(e) Provisions for risks and charges

The Company identifies in the provisions for risk and charges the likely liabilities attributable to personnel expenses, suppliers, third parties and, in general, other expenses arising from obligations undertaken; the provisions recorded are representative of the risk of negative outcome associated with the listed cases. The amount of the provisions recorded in the financial statements relating to these risks represents the best estimate at the date made by the Directors. This estimate involves the adoption of assumptions which depend on factors that may change over time and that could, therefore, have significant effects compared to the current estimates made by the Directors for the preparation of the Company's financial statements.

(f) Loss allowance

The loss allowance reflects the estimates of estimated losses for the Company's loan portfolio. Provisions were made for expected losses on receivables, estimated based on past experience with reference to receivables with similar credit risk, to current and historical unpaid amounts, as well as to the careful monitoring of the quality of the loan portfolio and the current and expected conditions of the economy and the reference markets. Estimates and assumptions are periodically reviewed and the effects of any change are reflected in the Statement of Profit and Loss in the relevant year.

(g) Contract assets and liabilities

Contract assets and liabilities: in measuring contract assets and liabilities the Company determines whether revenue from contracts must be recognized at a specific time or over time and estimates the percentage of completion based on the cost to cost method.

(h) Provisions for employee benefit plans

(i) Deferred tax assets

Deferred tax assets: deferred tax assets must be recognized for all deductible temporary differences or for tax losses if it is likely that taxable income will be realized against which deductible temporary difference or tax losses can be used exist. The Company assesses the possibility to recognize deferred tax assets based on future economic projections. The estimates and assumptions underlying such future economic projections are reviewed periodically.

(l) Lease liabilities

5. Revenue

This item mainly refers to the sale of products and can be detailed as follows:

	For the year ended December 31
(in Euro)	2025	2024

Revenue from sales and services	19,404,531	17,327,272
Change in contract work in progress	(1,463,560)	4,711,560
Total	17,940,971	22,038,832

Revenue, amounting to EUR 17,941 thousand, shows a decrease of EUR 4,098 thousand.

The negative change in contract work in progress in the financial year 2025 of EUR 6,175 thousand is related to the discharge of progress on orders.

The following table presents the breakdown of revenue recognized "at a point in time" (i.e., upon delivery of the good, license or service) or "over time".

	For the year ended December 31
(in Euro)	2025	2024

Recognized at point in time	2,557,970	2,811,730
Recognized over time	16,846,561	14,515,542
Total	19,404,531	17,327,272

Within each contract, the reference element for revenue recognition is the individual performance obligation. For each separately identified obligation, the Company recognizes revenue when (or as) it fulfills the obligation itself, transferring the promised good/service (i.e., the asset) to the customer. The asset is transferred when (or as) the customer takes control of it.

For obligations to be fulfilled over time, revenue is recognized over time (over time), evaluating at the end of each year the progress made towards the complete fulfillment of the obligation. For the evaluation of progress, the Company uses the method based on inputs (cost to cost method). Revenue is recognized based on the inputs used to fulfill the obligation to date, compared to the total inputs assumed to fulfill the entire obligation. When the inputs are distributed evenly over time, the Company linearly recognizes the corresponding revenue. In certain circumstances, when it is not possible to reasonably assess the outcome of the obligation to act, revenue is recognized only up to the extent of the costs incurred.

The following table presents revenue broken down by geographic segment:

		For the year ended December 31
(in Euro)2025		2024

Italy	12,144,441	16,547,110
Outside Italy	5,796,530	5,491,722
Total	17,940,971	22,038,832

6. Other revenue and income

This item can be detailed as follows:

		For the year ended December 31
(in Euro)	2025

Tax benefits	85,601	112,893
Grants	181,410	474,622
Other	1,740,459	2,237,540
Total	2,007,470	2,825,055

The income from "tax benefits" mainly refers to tax assets for research and development and grants for capital expenditure. The item "Other" mainly relates to revenue for research projects financed by various European bodies as well as intercompany re-charging for seconded personnel.

7. Purchases, services and personnel expenses

This item can be detailed as follows:

		For the year ended December 31
(in Euro)	2025	2024

Costs for raw materials and goods	2,062,453	1,982,787
Total costs for raw materials	2,062,453	1,982,787

Legal and consultancy services	864,833	1,112,099
Technical and commercial services	375,753	227,774
Management and administration services	77,142	218,976
Rentals and accessory expenses	485,638	433,296
Software licenses	3,207,109	2,697,175
Entertainment and promotion expenses	370,987	546,420
Remuneration of corporate bodies	1,125,122	742,701
Services of third-party providers on orders	3,604,277	5,058,505
Maintenance	687,093	555,531
Other costs	1,344,411	1,070,440
Total services	12,142,365	12,662,917

Wages and salaries	7,332,846	6,023,274
Social security contributions	1,940,310	1,902,778
Post-employment benefits	300,265	324,038
Retirement benefits and similar obligations	181,314	175,116
Other costs	329,650	340,511
Share-based payments	90,947	147,976
Total personnel expenses	10,175,332	8,913,693
Total purchases, services and personnel expenses	24,380,150	23,559,397

Services and personnel expenses are presented net of capitalizations made for development costs. Such capitalizations amount to EUR 238 thousand and EUR 988 thousand respectively for the year ended December 31, 2025 (EUR 547 thousand and EUR 1,487 thousand for the year ended December 31, 2024). For more information, please refer to Note 12.

The item "Services of third-party providers on orders" is related to the entry of lower contract orders in the year compared to the previous year.

The increase in personnel expenses is mainly related to lower capitalizations made in the year compared to 2024, as well as the allocation of bonuses for and the increase in the national bargaining agreement.

The item "share-based payments", included in personnel expenses, refers to the recognition of the expense related to the stock grant plan approved by the Company. The recognition of this expense entailed the recognition of an equity reserve. The main features of the plan are described below.

The stock grant plan approved by the parent company consists in the award to the beneficiaries, free of charge, of shares of the parent company, over an allocation cycle of the shares referred to the three-year period 2023-2025. The maximum number of shares that can be allocated collectively to the beneficiaries is 427,500, throughout the entire duration of the plan cycle. Each year, the allocation of shares is subject to the Company's achievement of financial performance and qualitative objectives defined in the plan regulations. For the purposes of the regulation, the date of share allocation is the date of the resolution by which the Board of Directors ascertains the achievement of the aforementioned objectives. In relation to what has been described so far, the measurement of the plan has determined, for the year, a cost of EUR 91 thousand and entailed the recognition of an equity reserve for the same amount.

The following is the average number of the Company's employees:

	For the year ended December 31
(in Units)	2025	2024
Executive managers	12	12
Middle managers	26	27
Employees	80	83
Total	118	122

8. Amortization and depreciation

This item can be detailed as follows:

		As of December 31
(in Euro)	2025	2024
Amortization of intangible assets	6,471,965	7,752,741
Depreciation of property, plant and equipment	300,876	354,098
Depreciation of right-of-use assets	445,642	378,842
Total	7,218,483	8,485,681

The change is due to lower investments in intangible assets for the year compared to the previous year.

9. Other operating costs

This item can be detailed as follows:

	For the year ended December 31
(in Euro)	2025	2024

Capital losses and prior year expense	43,390	52,695
Contributions and membership fees	83,921	77,759
Other operating costs	203,798	98,969
Total	331,109	229,423

10.Financial income and expense

This item can be detailed as follows:

		For the year ended December 31
(in Euro)	2025	2024

Interest income	155,831	394,224
Other financial income	1,681,000	1,007,811
Financial income	1,836,831	1,402,035
Bank interest expense	(2,182,383)	(2,363,862)
Interest expense on lease contracts	(39,400)	(6,271)
Net exchange losses	(15,866)	(10,538)
Interest expense on employee benefits	(27,127)	(23,388)
Financial expense	(2,264,776)	(2,404,059)
Net financial expense	(427,945)	(1,002,024)

The increase in Other financial income is mainly due to dividends paid during the year by the subsidiary XTN amounting to EUR 1,311 thousand. The item also includes receivables on derivative instruments, for EUR 62 thousand.

11.Taxes

This item can be detailed as follows:

		For the year ended December 31
(in Euro)	2025	2024
Current taxes	(191,936)	-
Deferred taxes	(475,090)	(2,974,129)
Total	(667,026)	(2,974,129)

The Company ended the 2025 financial year with a tax loss and, therefore, no current tax for IRES and IRAP purposes was recognized, except for EUR 192 thousand in IRES tax due to the accounting of the benefit from tax consolidation relating to the investee company XTN. Deferred tax liabilities for 2025 are calculated on temporary differences while, in the previous year, they also referred to the allocation of deferred tax assets on tax losses. The amount of the tax loss for the period for which no deferred tax assets were recognised is equal to Euro 15,191 thousand.

The following table presents the reconciliation of the theoretical tax charge with the effective tax charge for the year ended December 31, 2025 and for the period ended December 31, 2024:

	For the year ended December 31
(in Euro)	20252024

Loss before taxes	(14,538,789)	(8,939,084)
Theoretical IRES taxes	3,489,309	2,145,380
Lower taxes
Other	871,005	(1,622,238)
Higher taxes
Other	554,240	201,806
Total current taxes	(191,936)	-
Total deferred taxes	(475,090)	(2,974,129)
Total income taxes	(667,026)(2,974,129)

12.Intangible assets

This item and its movement can be detailed as follows:

		Industrial	Assets under
		patents and	developmen	Other
	Developmen	intellectual	t and	intangible	Total
	t costs	property	payments on	assets
(in Euro)		rights	account
Balance as of January 1, 2024	4,223,194	9,401,318	1,044,641	1,433,094	16,102,247
Of which:
- historical cost	12,743,254	15,943,853	1,044,641	1,539,678	31,271,426
- accumulated amortization	(8,520,060)	(6,542,535)	-		(106,584) (15,169,179)
Investments	2,033,520	2,513,197	-	-	4,546,717
Disposals	-	-	-	(368,748)	(368,748)
Amortization	(2,826,167)	(4,111,622)	-	(814,951)	(7,752,741)
Reclassifications	-	1,044,641	(1,044,641)	-	-
Balance as of December 31, 2024	3,430,547	8,847,534	-	249,395	12,527,476
Of which:
- historical cost	14,776,774	19,457,699	-	251,195	34,485,668
- accumulated amortization		(11,346,227) (10,610,165)	-		(1,800) (21,958,192)
Investments	1,226,167	250,900	-	-	1,477,067
Disposals	(25,714)	(156,102)	-	-	(181,816)
Amortization	(2,241,084)	(3,992,900)	-	(237,981)	(6,471,965)
Reclassifications	-	-	-	-	-
Balance as of December 31, 2024	2,389,916	4,949,432	-	11,906	7,351,253
Of which:
- historical cost	15,977,203	19,469,399	-	13,706	35,460,308

Intangible assets recognized as of December 31, 2025, amount to EUR 7,351,253 and show a net increase compared to the previous year of EUR 5,176,223 attributable to mainly attributable to amortization and depreciation for the period.

With reference to the recoverability of the intangible assets with a finite useful life discussed above, considering the company's performance and the new approved 2026-2030 Business Plan, the Directors have tested the CY4Gate CGU, which coincides with the company's perimeter, with the assistance of an external expert. The impairment test did not reveal the existence of impairment and therefore the need to proceed with impairment losses.

With reference to this impairment test, it is specified that the Directors proceeded to determine the recoverable amount of the net assets of CY4GATE, excluding only the equity investments that were subject to a separate impairment test, as extensively described in Note 15 "Equity investments" of these notes, by estimating the value in use considering the flows expected based on the Business Plan prepared for the period 2026-2030, which reports the projections related to sales, investments, margins, as well as the trend of the main market variables (e.g., inflation, nominal interest rates and exchange rates). The value in use was determined using the discounted cash flow method, in the unlevered version, applied to the forecast data for the five-year period from 2026 to 2030. The cash flows used to determine the value in use relate to the standalone operations of CY4GATE S.p.A., and do not include financial expense and non-recurring items; they include the investments provided for in the plans and cash changes attributable to working capital. As mentioned above, an explicit period of five years was used beyond which the above flows were projected according to the perpetual annuity method (Terminal value) using a growth rate (g-rate) expected for the reference market of 2%, corresponding to the ECB's inflation growth forecasts in the medium-long term.

The above cash flows have been discounted using a post-tax WACC of 6.78%, assumed through an average of 6 months of the returns of the BTP issued by the Italian State. The 5.50% market risk premium was estimated on the basis of observations of share returns in relation to AAA-rated countries exceeding the return on government bonds. The unlevered beta index of 0.62 was determined considering a basket of companies operating in the same sector; made levered equal to 0.73 based on CY4GATE's financial structure and tax rate through the application of the Hamada formula. The fair net profit rate was therefore 7.51%.

The plan underlying the above-mentioned impairment test was approved by the Board of Directors of the Company on March 5, 2026.

In addition, the following sensitivity analyses were carried out to verify the effects of the change in certain significant parameters on the results of the impairment test, such as: an increase in the WACC of 0.5%, up to 7.28%, and a reduction in the growth rate to 1%. Even in the described sensitivity scenarios, there was no need to record an impairment of intangible assets with a finite useful life.

13.Property, plant and equipment

This item and its movement can be detailed as follows:

Property, plant andequipment(in Euro)		Industrial andcommercialequipment	Other assets	Total
Balance as of January 1, 2024	23,734	26,579	960,939	1,011,252
Of which:
- historical cost	82,692	411,192	2,032,997	2,526,881
- accumulated depreciation	(58,958)	(384,613)	(1,072,058)	(1,515,629)
Investments	-	-	72,366	72,366
Disposals	-	-	(22,999)	(22,999)
Amortization and depreciation	(14,427)	(17,729)	(321,943)	(354,098)
Balance as of December 31, 2024	9,307	8,850	688,363	706,520
Of which:
- historical cost	82,692	411,191	2,105,363	2,599,246
- accumulated depreciation	(73,385)	(402,341)	(1,417,000)	(1,892,726)
Investments	-	-	64,333	64,333
Disposals	-	-		-
Amortization and depreciation	(9,307)	(5,888)	(285,231)	(300,876)
Balance as of December 31, 2025	-	2,962	467,465	470,428
Of which:
- historical cost	82,692	411,191	2,169,696	2,663,579
- accumulated depreciation	(82,692)	(408,229)	(1,702,231)	(2,193,152)

Property, plant and equipment as at December 31, 2025, amounted to EUR 470,428 and show a net decrease compared to the previous year mainly attributable to amortization and depreciation for the period.

Regarding the recoverability of the item, the impairment test carried out by the Company's Directors with the help of an external expert, commented in the previous paragraph "Intangible Assets" of these notes, demonstrated the recoverability of the above mentioned item and therefore the non-existence of impairment losses to be recognized in the Financial Statements as of and for the year ended December 31, 2025.

14.Right-of-Use Assets

This item can be detailed as follows:

		As of December 31
(in Euro)	2025	2024
Property	484,921	744,150
Hardware	218,150	-
Vehicles	328,621	243,921
Total	1,031,692	988,071

As of December 31, 2025 the amount of right-of-use assets in place amounted to EUR 1,032 thousand, mainly related to the rental of the Company's offices. The item "Hardware" relates to a new lease contract concerning office hardware.

Below are the amounts included in the Statement of Profit and Loss for the year ended on December 31, 2025 and 2024:

	As of December 31
(in Euro)	2025	2024

Depreciation of right-of-use assets	445,642	378,842
Rentals and accessory expenses	181,295	433,296
Interest expense on lease contracts	39,400	6,271
Total	666,337	818,409

During the year, rents and leases were adjusted for EUR 446 thousand (EUR 379 thousand for the year ended December 31, 2024).

With reference to the recoverability of the right-of-use assets, the impairment test carried out by the Company's Directors with the help of an external expert, discussed in the previous paragraph "Intangible Assets" of these notes, has demonstrated the recoverability of the item and therefore the absence of impairment losses for the year ended December 31, 2025.

15.Equity Investments

The following table presents the movement of the "Equity investments" item as of December 31, 2025 and December 31, 2024:

(in Euro)	RCS ETM SicurezzaS.p.A.	Diateam S.a.S.	XTN CognitiveSecurity S.r.l.	Total
Balance as of January 1, 2024	76,220,734	5,638,856	-	81,859,590
Investments		1,604,283	9,612,170	11,216,453
Share-based payments	58,322	7,414	-	65,736
Balance as of December 31, 2024	76,279,056	7,250,553	9,612,170	93,141,779
Investments	-	1,588,927	-	1,588,927
Share-based payments	58,322	7,414	-	65,736
Balance as of December 31, 2025	76,337,378	8,846,894	9,612,170	94,796,442

Equity investments in subsidiaries

The following table shows the reconciliation between the carrying amounts of the equity investments and the corresponding share of accounting shareholders' equity as at December 31, 2025 and December 31, 2024:

As of December 31, 2025
(in Euro)	Equity		Share of	Carrying	Difference between
Company name		% heldequity		amount	carrying amount andshare of equity
RCS ETM Sicurezza S.p.A.	37,216,981	100%	37,216,981	76,337,378	39,120,397
Diateam S.a.S.	3,212,692	85.33%	2,741,390	8,846,894	6,105,504
XTN Cognitive Security S.r.l.	3,845,700	77.80%	2,991,955	9,612,170	6,620,215
Balance as of December 31,
2025	44,275,373		42,950,326	94,796,442	51,846,116

As of December 31, 2024

(in Euro)Company name	Equity	% held	Share ofequity	Carryingamount	Difference betweencarrying amount andshare of equity
RCS ETM Sicurezza S.p.A.	34,831,074	100%	34,831,074	76,279,056	41,447,982
Diateam S.a.S.	2,897,788	70.66%	2,047,577	7,250,553	5,202,976
XTN Cognitive Security S.r.l.	3,004,050	77.80%	2,337,151	9,612,170	7,275,019
Balance as of December 31,
2025	40,732,912		39,215,802	93,141,779	53,925,977

Interests in Joint Ventures

(in Euro)	Helmon S.r.l.(formerlyProntoCyber PlusS.r.l.)	Total
Balance as of December 31, 2023	-	-
Investments	1,478,000	1,478,000
Balance as of December 31, 2024	1,478,000	1,478,000
Investments	-	-
Balance as of December 31, 2025	1,478,000	1,478,000

Investments

On July 30, 2025, following the exercise of the "Put & Call" options exercisable in the three-year period 2024-2026 and signed at the time of the purchase of the first 55.33% of Diateam S.a.S., CY4GATE signed the closing for the purchase of an additional 14.67% of the subsidiary at the price of EUR 1.6 million, thus increasing its interest to 85.33% of this subsidiary. In 2024, CY4GATE had already purchased a 15.33% stake in the company. The put and call options on the remaining 14.67% owned by the selling investors are exercisable in 2026, after the approval of the 2025 Financial Statements.

As of December 31, 2025 the Company proceeded to determine the present value of these options, by implementing a Montecarlo type valuation model, from which a positive fair value of EUR 668 thousand emerged, recorded in the item "current financial assets" with a balancing entry in the statement of profit and loss, in the item "financial income".

With reference to the subsidiary XTN, it should be noted that as of today 80% of the 12.7 million total consideration has been paid; 69.7% by CY4GATE and 10.3% by Alfa Group. The remaining 20% will be paid by June 30, 2027 and this amount may decrease within the limits of 20% based on the investee's profit (loss) for 2026. The present value of the deferred price, to be paid by June 30, 2027, was estimated at EUR 941 thousand as at December 31, 2025. The acquisition contract also provides for a put and call mechanism that allows CY4GATE to obtain an additional 2.2% of the share capital of XTN. For CY4GATE, therefore, a derivative representative of the current value of the option is recorded whose fair value as at December 31, 2025 is zero.

Share-based payments

The increase in the carrying amount of the equity investments for share-based payments refers to the recognition of the expense for the year 2025 for the stock grant plan approved by the Company, also applicable to Directors and employees of the subsidiaries. Such expense, totaling EUR 66 thousand, was recognized as an increase in equity investments with a corresponding impact in the company's equity reserve.

Carrying amount

Considering the differences between the carrying amounts of equity investments and the corresponding portions of equity held, the Directors have proceeded to determine the recoverable amount of the investments recorded in RCS, Diateam and XTN through specific impairment tests. In this context, the related recoverable amount was determined by estimating the value in use, considering the forecasted flows based on the Business Plan of the RCS Group, the Diateam company and XTN, included in the Company's Business Plan for the period 2026-2030, which report the projections related to sales, investments, margins, as well as the trend of the main market variables (e.g., inflation, nominal interest rates and exchange rates). It is specified that for the preparation of the impairment tests, the Directors used the specific consultancy of an external expert.

The value in use was determined using the discounted cash flow method, in the unlevered version, applied to the forecast data for the five-year period from 2026 to 2030. The cash flows used for the determination of the value in use are related to the operating management of the RCS Group, Diateam and XTN and do not include the net financial expense and non-recurring items; they include the investments planned in the plans and the cash changes attributable to working capital. As mentioned above, an explicit period of five years was used beyond which the above flows were projected according to the perpetual annuity method (Terminal value) using a growth rate (g-rate) expected for the reference market of 2%, corresponding to the ECB's inflation growth forecasts in the medium-long term.

The aforementioned cash flows have been discounted using a post-tax WACC of 9.86% for Diateam, and 6.63% for RCS and 8.89% for XTN. It is noted that the difference in rates is due to the additional risk of Diateam and XTN due to the reduced size of its respective business - small size premium.

The risk free rate for equity investments in the RCS Group and XTN, equal in both cases to 3.50%, was assumed through an average of 6 months, compared to the valuation date, of the ten-year benchmark returns of BTPs issued by the State. The 5.50% market risk premium was estimated on the basis of observations of share returns in relation to AAA-rated countries exceeding the return on government bonds. The unlevered beta index was determined considering a basket of companies operating in the same sector of RCS, equal to 0.62; made levered on the basis of the RCS financial structure and the tax rate through the application of the Hamada formula, obtaining a levered beta of 0.73. With reference to the RCS Group, no size premium was considered as the company has a comparable size to the companies in the sector. The fair net profit rate was therefore 7.51%. With regard to XTN, however, a small risk premium of 2.66 percentage points was estimated and the fair net profit rate was 10.17%.

With regard to Diateam, the risk free rate, equal to 3.45%, was assumed through an average of 6 months, compared to the valuation date, of the ten-year benchmark yields of French government bonds. The 5.50% market risk premium was estimated on the basis of observations of share returns in relation to AAA-rated countries exceeding the return on government bonds. The unlevered beta index was calculated by considering a basket of companies operating in the same sector as Diateam, equal to 0.81. This value was made levered equal to 0.92 to reflect a target financial structure consistent with the reference sector, reflecting the debt component by applying the Hamada formula. In addition, a small-scale risk premium of 2.66 percentage points was estimated, in view of the difference between expected returns of companies of different sizes (in France), specifically comparing the size of the company being valued with the average size of comparable companies used to estimate the cost of capital. The fair net profit rate was therefore 11.19%.

The plans underlying the above-mentioned impairment tests were approved by the Board of Directors of the Company on March 5, 2026.

Sensitivity analyses were also carried out to verify the effects of the change in some significant parameters on the test results, such as: an increase in the WACC of 0.5% (i.e., up to 7.13% for the RCS Group, up to 10.36% for Diateam and up to 9.39% for XTN) and a reduction in the growth rate to 1%. From these sensitivity analyses, even if considered jointly, no impairment was necessary.

Following the impairment test carried out on the basis of the considerations illustrated above, it is noted that the recoverable amount of each equity investment exceeds its carrying amount as of December 31, 2025 and this is also true in the sensitivity scenarios described above. For this reason, no impairment was necessary on investments in this year's Financial Statements.

16.Trade receivables

This item can be detailed as follows:

	As of December 31
(in Euro)	2025	2024

From customers	15,864,423	13,207,615
From parent companies	1,882,745	5,302,682
From subsidiaries	365,431	427,465
Loss allowance	(3,156,041)	(1,168,525)
Total	14,956,558	17,769,237

		As of December 31
(in Euro)	2025	2024

From customers (Italy)	10,751,668	14,333,428
From customers (outside Italy)	7,360,931	4,604,334
Loss allowance	(3,156,041)	(1,168,525)
Total	14,956,558	17,769,237

The decrease in trade receivables from parent companies is due to collections during the year. On the other hand, trade receivables from customers increased mainly due to the invoicing of significant foreign orders, which were not collected by the reporting date.

The following table presents the movement of the loss allowance:

Loss allowance

(in Euro)
Balance as of January 1, 2024	(658,671)
Accrual	(509,854)
Balance as of December 31, 2024	(1,168,525)
Accrual	(1,979,542)
Balance as of December 31, 2025	(3,148,067)

The increase in the loss allowance refers to the impairment losses on certain trade receivables depending on the seniority of the positions and specific assessments on counterparties.

17.Other current and non-current assets

The item other current and non-current assets can be detailed as follows:

	As of December 31
(in Euro)	2025	2024

Accrued income	715,554	889,578
VAT assets	189,803	854,615
Tax credits for capital expenditures	63,000	232,352
Tax receivables for research and development	133,509	306,138
Other receivables and current assets	364,807	102,180
Total other current assets	1,466,673	2,384,863
Accrued income	214,756	-
Tax credits for capital goods	-	62,999
Tax credits for research and development	94,699	137,909
Other assets and non-current assets	25,890	-
Total other non-current assets	335,345	200,908
Total other current and non-current assets	1,802,018	2,585,771

Please note that the items "Tax credits for capital expenditures" and "Tax credits for research and development" refer to tax receivables recognized following the conduct of a technical expert appraisal. The change in the item "Other assets and current assets" is mainly due to the increase in assets from tax consolidation.

18.Cash and cash equivalents

As of December 31, 2025, cash and cash equivalents amount to EUR 2,271,510 (EUR 3,277,133 as of December 31, 2024) and are essentially made up of deposits in Euro at leading financial institutions.

19.Current and non-current financial assets

This item can be detailed as follows:

	As of December 31		As of December 31
	20252024
(in Euro)	Current	Non-current	Current	Non-current

Guarantee deposits	19,000	-	-	19,000
Derivative financial instruments	706,568	17,559	299,313	174,011
Contract-related current account	1,114,000	-	-	-
RCS correspondence current account	-	-	2,500,000	-
Loans to Helmon	-	975,000	-	400,000
Total financial assets	1,839,568	992,559	2,799,313	593,011

The total current and non-current financial assets amount to EUR 2,832 thousand as of December 31, 2025, showing a decrease compared to the previous year of EUR 236 thousand.

The item "Contract-related current account" relates to a contractual link on an important order acquired during the year. The item "RCS correspondence current account" refers to a current account of correspondence between the Company and the investee RCS, interest-bearing, functional to regulating the due dates of financial remittances between the parties, extinguished during the year. Finally, the item "Loan to Helmon" includes the amount disbursed to the Helmon joint venture as the first tranche in 2024 and, in 2025, as the second tranche of non-interest-bearing shareholders' loan, signed at the time the company was established.

The item "derivative financial instruments" item refers to i) hedging derivatives on interest rates entered into to hedge the interest rate risk on loan agreements (these instruments will expire in 2028) and ii) the present value of the call option held for the acquisition of 14.67% of the share capital of Diateam, to be exercised in 2026. It should be noted that CY4GATE S.p.A. also holds a derivative representing the present value of the option connected to the purchase of the remaining 2.2% of XTN's share capital, the fair value of which as of December 31, 2025 is zero. For further information on derivative instruments, please refer to Note 3.

20. Contract assets and liabilities

Contract assets include the net amount of activities carried out for amounts exceeding the payments on account received from customers. Similarly, contract liabilities accommodate the opposite case.

The net balance of contract assets is composed as follows:

	As of December 31
(in Euro)	2025	2024

Gross contract assets	8,041,593	8,495,975
Contract liabilities	(2,606,683)	(259,692)
IFRS 9 impairment provision	(13,807)	(17,357)
Net contract assets	5,421,103	8,218,926
Gross contract liabilities	(2,612,191)	(832,543)
Contract assets	19,875	119,061
Net contract liabilities	(2,592,316)	(713,482)
Net amount	2,828,787	7,505,444

The decrease in net contract assets, amounting to EUR 2,798 thousand, is due to the increase in contract liabilities for advances invoiced during the year. The increase in net contract liabilities is due to invoicing on orders that have not yet been fully processed.

21.Equity

Share capital

As of December 31, 2025 and 2024, the Company's share capital, fully subscribed and paid up, amounts to EUR 1,441,500.

Other reserves and retained earnings

The item "Reserves" can be detailed as follows:

(in Euro)	Other reserves	Retainedearnings(losses)	Total reserves
As of January 1, 2024	(3,552,173)	15,683,112	12,130,939
Actuarial losses on defined benefit plans	(21,424)	-	(21,424)
Fair value losses on cash flow hedges	(133,335)	-	(133,335)
Comprehensive expense	(154,759)	-	(154,759)
Coverage of previous year result	-	(11,104,148)	(11,104,148)
Repurchase of treasury shares	(1,606,906)	-	(1,606,906)
Share-based payments	213,709	-	213,709
As of December 31, 2024	(5,100,129)	4,578,964	(521,165)
Actuarial losses on defined benefit plans	22,210	-	22,210
Fair value losses on cash flow hedges	(37,497)	-	(37,497)
Comprehensive expense	(15,287)	-	(15,287)
Coverage of previous year result	-	(5,964,555)	(5,964,555)
Share-based payments	156,683	-	156,683
Other changes	87	490	577
As of December 31, 2025	(4,958,641)	(1,385,501)	(6,344,142)

The following table presents the items of equity as of December 31, 2025, detailed by origin, the possibility of use and distribution:

	As of December
(in Euro)	31, 2025	Possibility of use*	Available portion

Share capital	1,441,500
Share Premium reserve	108,539,944	A, B, C	108,539,944
Legal reserve	355,592	B
Other reserves	(5,314,231)	A, B	-
Total other reserves	103,581,303		108,895,534
Retained earnings (losses)	(1,385,501)	A, B, C	-
Loss for the year	(13,871,762)
Total equity	89,765,540		108,895,534

* Legend - A = for capital increase, B = for loss allowance, C = for distribution to shareholders, D = for other statutory constraints

22.Current and non-current financial liabilities

The following table provides details of the item as of December 31, 2024 and 2023:

As of December 31, 2025(in Euro)	Within 12 months	Between 1 and5 years	Over 5 years	Total
Bank loans and borrowings	14,725,403	11,697,487	-	26,422,890
Lease liabilities	423,130	608,717	-	1,031,847
Total	15,148,533	12,306,204	-	27,454,737

As of December 31, 2024(in Euro)	Within 12 months	Between 1 and5 years	Over 5 years	Total
Bank loans and borrowings	9,074,838	20,261,313	-	29,336,151
Lease liabilities	349,160	666,490	-	1,015,650
Total	9,423,998	20,927,803	-	30,351,801

The table below summarizes the information on bank loans and borrowings:

Loan	Funding entity	Rate applied	Maturity date	Originalprincipalamount	Carryingamount as ofDecember 31,2025	of whichcurrent
"Bank syndicate" loan Line A	Credit Agricole,ICCREA	Euribor 6m +200bp	03/29/2028	12,500,000	6,199,778	2,314,824
"Bank syndicate" loanAcquisition / Capex Line	Credit Agricole,ICCREA	Euribor 6m +200bp	03/29/2028	25,000,000	14,062,500	6,250,000
Short-term loan	Credit Agricole	3m Euribor +120bp	01/29/2026	1,500,000	1,500,000	1,500,000
Short-term loan	Credit Agricole	3m Euribor +120bp	02/24/2026	2,000,000	2,000,000	2,000,000
Advance Bill	Intesa SanPaolo	3m/360 Euribor	04/30/2026	2,597,858	2,597,858	2,597,858
Other loans	Amex, Nexi	n.a.	n.a.	n.a.	62,754	62,754
Total				43,597,858	26,422,890	14,725,436

Non-current financial liabilities mainly refer to:

the non-current portion (EUR 3,885 thousand) of Line A of the loan agreement signed with Credit Agricole Italia S.p.A., head of a bank syndicate, for a maximum total amount of EUR 45,000,000 (the "Loan Agreement"). This amount takes into account the effect related to the application of the amortized cost criterion and the installments based on the amortization plan provided for in the contract;
the non-current portion of the Acquisition/CAPEX Line of the aforementioned Loan Agreement, amounting to EUR 7,813 thousand.

Current financial liabilities refer to:

the current portion of the Loan Agreement commented above;
two loans agreed during the year with Credit Agricole for a total nominal value of EUR 3,500,000 to support working capital;
EUR 2,598 thousand in advances on invoices at Intesa San Paolo;
EUR 63 thousand in payables for American Express and Nexi credit cards.

The Loan Agreement provides, for Line A, the repayment of the principal by the relative maturity date, in 11 semi-annual installments according to the contractually agreed amortization plan.

Furthermore, CY4GATE will pay the interest accrued from time to time, for each interest period, on the amounts disbursed and not repaid, at an interest rate amounting to the EURIBOR 6M/360 rate increased by a spread of 250 b.p. for which two derivative instruments were entered into to cover 100% of the amount in terms of risk.

It is also noted that according to the Loan Agreement, the spread to be applied to the reference rate for each credit line can vary semi-annually, either increasing or decreasing, depending on the change of the "Net Financial Indebtedness/EBITDA (NFP/EBITDA)" ("financial covenant") ratio calculated based on the consolidated financial statements data or the consolidated half-yearly report, starting from a base ratio of 2x. The Company, therefore, has committed to respect the aforementioned NFP/EBITDA financial parameter, accepting that the financing banks and the agent bank may take the actions and remedies contractually provided, among others the repayment of the amounts not yet paid and the relative interests, in the event that the initial financial situation at consolidated level does not comply with said parameter.

The compliance with the aforementioned financial parameter will be checked every six months on a "rolling" basis (i.e., with reference to the data related to the previous twelve months), starting from that relating to for the year ended on December 31, 2022. The covenant was complied with as of December 31, 2025.

In addition, it should be noted that this loan agreement includes certain restrictions on the distribution of profits and/or dividends by the Company, in particular, the Company will not be able to distribute profits and/or dividends, nor make payments of any amount for any reason and in any form to its shareholders, except for payments under commercial contracts and/or employment relationships (including, for example, as payment of capital, interest or other benefits on shareholder loans, also in bond form, or as compensation for services rendered and/or management fees) (each operation, a "Distribution"), unless all the following conditions occur:

the first Distribution is subsequent to the approval of the Issuer's financial statements as of December 31, 2022;
for the entire duration of the Loan Agreement, each Distribution does not exceed 50% (fifty percent) of the profits resulting from the Issuer's separate financial statements related to the year immediately before the one in which the related Distribution must be made;
at the date of the Distribution there is no Significant Event and such Distribution does not in itself determine a Significant Event (as defined in the Loan Agreement).

Net financial indebtedness

The following table presents the details of the Net Financial Position, with the analysis of debit and credit positions towards related parties, according to Consob communication no. DEM/6064293 of July 28, 2006 and the Warning no. 5/21 issued by Consob on April 29, 2021 with reference to the ESMA Orientation 32-382-1138 of March 4, 2021.

	As of December 31
(in Euro)	2025	of which withrelatedparties:	2024	of which withrelatedparties:
A. Cash	(2,271,510)	-	(3,277,133)	-
B. Cash equivalents	-	-	-	-
C. Other current financial assets	(469,540)		(2,500,000)	(2,500,000)
D. Liquidity (A+B+C)	(2,741,051)		(5,777,133)	(2,500,000)
E. Current financial debt (including debt instruments, butexcluding the current portion of non-current financial debt)	6,160,612	-	577,132	-
F. Current portion of non-current financial debt	8,285,617	295,402	8,547,552	256,718
G. Current financial indebtedness (E+F)	14,446,229	295,402	9,124,684	256,718
H. Net current financial indebtedness (G+D)	11,705,178	295,402	3,347,551	(2,243,282)
I. Non-current financial debt (excluding current portion and debtinstruments)	12,284,380	249,601	20,753,793	474,237
J. Debt instruments	-	-	-	-
K. Non-current trade and other payables	-	-	-	-
L. Non-current net financial indebtedness (I+J+K)	12,284,380	249,601	20,753,793	474,237
M. Total financial indebtedness (H+L)	23,989,558	545,003	24,101,344	(1,769,045)
N. Non-current financial assets	(1,638,461)	(994,000)	(419,000)	(419,000)
Net Financial Position (M+N)	22,351,099	(448,997)	23,682,344	(2,188,045)

The item "E. Current financial debt" includes the current portion of the items of the Financial Statements as of December 31, 2025 for loans (EUR 6,161 thousand). The item "F. Current portion of non-current financial liabilities" includes the current portion of the item in the Financial Statements as of December 31, 2025 relating to loans due in more than 12 months (EUR 8,565 thousand), the current portion of the item in the Financial Statements as of December 31, 2025 relating to current lease liabilities (EUR 423 thousand), as well as the current portion of financial derivative assets (EUR 702 thousand). The item "I. Non-current financial debt" includes the items in the Financial Statements as of December 31, 2025 relating to non-current financial liabilities relating to loans due after 12 months (EUR 11,697 thousand), to noncurrent financial and lease liabilities (EUR 609 thousand), as well as the non-current portion of financial derivative assets (EUR 22 thousand). The item "N. Non-current financial assets" corresponds to the item in the Financial Statements as of December 31, 2025 relating to non-current financial assets (EUR 1,660 thousand), excluding hedging derivatives classified in this item (EUR 22 thousand).

Lease liabilities

The item "lease liabilities" can be detailed as follows:

		As of December 31
(in Euro)	2025	2024
Property	565,873	761,835
Hardware	219,734	-
Vehicles	246,239	253,815
Total	1,031,846	1,015,650

23.Employee benefits

The item includes the provision for post-employment benefits (TFR) for the Company's employees.

TFR

The movement of the item can be detailed as follows:

(in Euro)		As of December 31
	2025	2024
Balance as of January 1	873,440	737,944
Uses for indemnities paid and advances	(140,733)	(116,199)
Transfers to Pension Funds / Treasury / Taxation	(29,887)	(93,089)
Service costs	293,268	291,298
Interest expense	27,127	23,388
Actuarial losses (profits)	(31,203)	30,098
Balance as of December 31	992,012	873,440

The actuarial assumptions for the calculation purposes of the defined benefit pension plans are detailed in the following table:

	As of December 31
	2025	2024
Economic assumptions
Inflation rate	2.00%	2.00%
Discount rate	3.37%	3.18%
Salary growth rate	1.00%	1.00%

The following is a sensitivity analysis related to defined benefit pension plans based on changes in the main assumptions as of December 31, 2025 and 2024:

As of December 31, 2025		Impact on the liability
(in Euro)	Changes inassumptions	increase inassumptions	decrease inassumptions
Economic assumptions
Inflation rate	0.25%	245,635	241,912
Discount rate	0.25%	254,516	231,595
Salary growth rate	1.00%	237,437	249,088

As of December 31, 2024		Impact on the liability
(in Euro)	Changes inassumptions	increase inassumptions	decrease inassumptions
Economic assumptions
Inflation rate	0.25%	10,513	(10,297)
Discount rate	0.25%	(12,288)	12,660
Salary growth rate	1.00%	2,490	(2,795)

Through its defined benefit pension plans, the Company is exposed to certain risks, the most significant of which are described below.

Discount rate and inflation risk

Employee resignation and anticipation probability

24.Provisions for risk and charges

The movement of the items can be detailed as follows:

	Product warranty provision	Total
(in Euro)

As of January 1, 2024	78,660	78,660
Releases	(78,660)	(78,660)
As of December 31, 2024	-	-
Accruals	150,000	150,000
As of December 31, 2025	150,000	150,000

This item changed due to a provision relating to a dispute that arose during the year.

25.Deferred tax assets and liabilities

The net movement of this item can be detailed as follows:

(in Euro)	2025	2024
Balance as of January 1	5,407,906	2,382,997
Of which:
- deferred tax assets	5,433,292	2,450,489
- deferred tax liabilities	(25,386)	(67,492)
Effects on profit or loss	475,090	2,974,129
Effects on comprehensive income	2,938	50,780
Balance as of December 31	5,885,934	5,407,906
Of which:
- deferred tax assets	5,899,390	5,433,292
- deferred tax liabilities	(13,456)	(25,386)

The item "Deferred tax assets" mainly refers to the deferred taxation recognized by the Company in previous years on IRES tax losses, as well as other temporary increases that are expected to be reversed in the coming years. Deferred tax assets are recognized following the assessment made by the Company's Directors about their full recoverability based on the future taxable income that will be realized in the coming years.

26.Trade payables

This item can be detailed as follows:

	As of December 31
(in Euro)	2025	2024
Suppliers	5,836,676	6,218,364
Parent companies	-	-
Subsidiaries	2,382,845	2,279,319
Total	8,219,521	8,497,683

Trade payables to parent companies relate to services provided by the parent company Elettronica S.p.A. mainly for canteen services and for ancillary services to the rental of the property in office use by the Company.

		As of December 31
(in Euro)	2025	2024

Italy	6,990,634	7,268,796
Outside Italy	1,228,887	1,228,887
Total	8,219,521	8,497,683

27.Other current and non-current liabilities

This item can be detailed as follows:

	As of December 31
(in Euro)	2025	2024

Accrued expenses and deferred income	1,425,344	1,503,613
Total other non-current liabilities	1,425,344	1,503,613
Accrued expenses and deferred income	2,901,198	25,541
Other liabilities	2,353,945	2,096,772
Employees	2,041,218	800,318
Social security and welfare institutions	358,055	370,175
Tax Authorities for VAT	-	592
Advances on grants	7,719,732	773,629
Total other current liabilities	9,145,076	4,067,027
Total other current and non-current liabilities	1,425,344	5,570,640

The increase in accrued expenses and deferred income is mainly due to deferred income for items pertaining to future periods.

The increase in amounts due to employees is mainly due to the MBO allocation during the year.

28.Other Information

Guarantees

As of December 31, 2025, the following guarantees were given by the Company:

advance bond issued by Creval in September 2018 for EUR 70,000 relating to a contract towards an end user in a Middle Eastern country;
bid bond issued by Creval in October 2021 for EUR 30,000 for participation in a tender in a Middle Eastern country.

The following describes the pledges on equity investments established (or to be established) under the Loan Agreement signed on March 29, 2022 from CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. with a syndicate of lending banks led by Crédit Agricole Italia S.p.A.

RCS Group: on March 29, 2022, CY4GATE S.p.A., in its capacity as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of Aurora S.p.A. as a guarantee of the correct, full and timely fulfillment of all present and/or future monetary obligations of CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks, arising from any title from the loan agreement signed on March 29, 2022 between CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks. It is noted that this pledge flowed to RCS following the reverse merger of Aurora S.p.A. completed on November 15, 2022;
RCS ETM Sicurezza pledge: on March 29, 2022, Aurora S.p.A., as grantor, pledged in favor of Crédit Agricole Italia S.p.A., Creval S.p.A., ICCREA Banca S.p.A., Banca di Credito Cooperativo di Milano – Soc. Coop. (the "Lending Banks"), 100% of the share capital of RCS ETM Sicurezza S.p.A., as a guarantee of the correct, full and timely fulfillment of the monetary obligations (within the limits expressly provided for in the relevant pledge deed) of CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. towards the Lending Banks arising from any title from the loan agreement signed on March 29, 2022 between CY4GATE S.p.A. and RCS ETM Sicurezza S.p.A. and the Lending Banks.

Business performance patterns

The business sector in which the Company operates is characterized by the concentration of deliveries and cash flow from customers in the last months of the year. This aspect of the inflows affects both the intra-annual cash flows and the variability of the Company's debt situation in different periods of the year, characterized by substantial improvements in the last few months of the calendar year.

Fees of the directors and statutory auditors

The following presents the fees of the Directors and Statutory Auditors of the Company for the year ended December 31, 2025 and 2024:

	For the year ended December 3120252024
(in Euro)

Directors' fees	592,083	358,500
Statutory auditors' fees	104,000	104,000
Total	696,083	462,500

Fees of the independent auditor

(in Euro thousand)

		Fees
Type of services	Entity that provided the service	2025
Auditing	KPMG S.p.A.	115
Attestation services (*)	KPMG S.p.A.	59
Total		174

(*) Attestation services refer to the auditing of the statement of costs incurred for research and development activities and tax returns.

29. Transactions with Related Parties

The Company's transactions with related parties are both commercial and financial in nature.

It should be noted that in January 2025, CY4GATE S.p.A. disbursed EUR 575 thousand of a non-interest-bearing loan to the subsidiary Helmon S.r.l. The remaining transactions are shown in the table below and the Company believes that these transactions with related parties are regulated at market conditions.

In addition to the above transaction, the transactions with related parties are specifically with Elettronica S.p.A., the RCS Group, Diateam S.a.S. and XTN. These transactions, which do not constitute atypical and/or unusual operations, are regulated by normal market conditions and follow a physiological development with respect for contractual commitments and payment conditions.

Specifically, the contract assets (EUR 2,636 thousand) and the trade receivables (EUR 2,470 thousand) refer mainly to the activities closely linked to the sales that the Company makes to the parent company for EUR 4,519 thousand, not yet collected at the reporting date. Financial assets (EUR 1,129 thousand) mainly refer to the above-mentioned payment to Helmon. The lease liabilities (EUR 545 thousand) refer to the properties leased by the parent company and used as offices. The contract liabilities (EUR 457 thousand) refer to the net balances for which the payments received from customers are higher than the services provided by the entity and which are presented among the liabilities in accordance with the requirements of the international accounting standards. Finally, trade payables (amounting to EUR 3,824 thousand) mainly refer to the costs incurred for services provided by the subsidiaries. Taxes (EUR 192 thousand) refer to the recognition of the benefit from tax consolidation concerning the investee XTN. The other income statement balances recorded during the financial year represent the income counterpart of what was previously commented on.

	Subsidiaries	Parent Company	JointVenture	Totalrelatedparties	Financialstatementsitem	Impact(%)
(in Euro)
Impact of transactions on profit and
loss
Revenue and other income
Year ended December 31, 2025	718,814	7,378,922	57,703	8,155,439	19,948,441	41%
Year ended December 31, 2024	1,240,564	10,175,965	586,697	12,003,226	24,863,887	48%
Raw materials
Year ended December 31, 2025		-	-	-	2,062,453	0%
Year ended December 31, 2024	-	-	-	-	1,982,787	0%
Personnel Expenses
Year ended December 31, 2025		-	-	-	10,175,332	0%
Year ended December 31, 2024	-	-	-	-	8,913,693	0%

Services
Year ended December 31, 2025	(3,240,477)	(232,357)	(136,200)	(3,609,034)	12,142,365	30%
Year ended December 31, 2024	(4,932,883)	(214,565)	(2,600)	(5,150,048)	12,662,917	41%
Amortization and depreciation
Year ended December 31, 2025	(35,607)	(252,958)	-	(288,565)	7,218,483	4%
Year ended December 31, 2024	-	(245,532)	-	(245,532)	8,485,681	3%
Financial income (expense)
Year ended December 31, 2025	1,208,527	-	-	1,208,527	1,836,831	66%
Year ended December 31, 2024	773,201	-	-	773,201	1,402,035	55%
Taxes
Year ended December 31, 2025	191,936	-	-	191,936	667,026	29%
Year ended December 31, 2024	-	-	-	-	2,974,129	0%
Impact of transactions on the
statement of financial position
Current and non-current financial
assets
As of December 31, 2025	134,851	19,000	975,000	1,128,851	2,832,127	40%
As of December 31, 2024	2,500,000	19,000	400,000	2,919,000	3,392,324	86%
Trade receivables
As of December 31, 2025	530,036	1,882,745	57,703	2,470,485	14,956,558	17%
As of December 31, 2024	-	5,302,682	325,160	5,627,842	17,769,237	32%
Right-of-use assets
As of December 31, 2025	-	464,186	-	464,186	1,031,692	45%
As of December 31, 2024	-	712,970	-	712,970	988,071	72%
Contract assets
As of December 31, 2025	-	2,636,406	-	2,636,406	5,421,103	49%
As of December 31, 2024	-	2,430,044	-	2,430,044	8,218,926	30%
Other current assets
As of December 31, 2025	-	-	-	-	1,466,673	0%
As of December 31, 2024	471,600	-	-	471,600	2,384,863	20%
Lease liabilities
As of December 31, 2025	-	545,003	-	545,003	1,031,846	53%
As of December 31, 2024	-	730,955	-	730,955	9,164,173	8%
Trade payables
As of December 31, 2025	3,606,498	51,700	166,164	3,824,362	8,219,521	47%
As of December 31, 2024	2,224,119	-	3,172	2,227,291	8,497,683	26%
Contract liabilities
As of December 31, 2025	-	457,040	-	457,040	2,592,316	18%
As of December 31, 2024	-	535,808	-	535,808	2,592,316	21%

Atypical and/or unusual events and transactions

During 2025, no significant atypical or unusual operations were carried out, either with third parties or with related parties.

Impacts of the macroeconomic situation

In preparing these consolidated financial statements as at December 31, 2025, in accordance with IFRS and recent notices released by financial market supervisors, the Company has analyzed the impacts arising from global geopolitical instability - with particular reference to the continuing conflict in Ukraine and the tightening of tensions in the Middle East - on financial position, performance and cash flows. The Company recognizes that the international scenario is undergoing a rapid and complex evolution, characterized by an increase in volatility and potential risks of further escalation on a global scale. These dynamics are monitored to assess any impacts on the Company and at present it is believed that there are no significant impacts on the Company's resources and business, nor are they expected in the near future, it being understood that the Company maintains an active monitoring of the identification of emerging risks, in order to possibly adapt its operational strategies in the face of significant changes in the international macroeconomic framework.

Climate Related Matters

In continuity with what has been reported in previous financial years and in line with CONSOB Warning no. 1/25 of February 11, 2025, the Company has considered ESMA's supervisory priorities for 2025 financial statements, which confirm the centrality of disclosures on climate issues and the necessary connectivity between financial and sustainability information. In this regard, for the specific disclosure on the company's climate impacts, please refer to the Consolidated Sustainability Reporting, prepared in accordance with ESRS (European Sustainability Reporting Standards).

It is specified that, considering the Company's business, no significant impacts of climate factors are detected on the estimation and measurement processes used by the Directors for the preparation of the financial statements (described in the paragraph "Estimates and Recruitments"), nor on the useful life or recoverability of the assets recorded in the financial statements.

State aid disclosures pursuant to Law no. 124/2017

With reference to the transparency obligations established by Article 1 paragraphs from 125 to 129 of L. 124/2017, it is reported that in the year 2025 the Company did not receive any government grants pursuant to the aforementioned rule.

30.Significant events of the year

Purchase of an additional stake in Diateam S.a.S.

On July 30, 2025, following the exercise of the "Put & Call" options exercisable in the three-year period 2024-2026 and signed at the time of the purchase of the first 55.33% of Diateam S.a.S., CY4GATE S.p.A. signed the closing for the purchase of an additional 14.67% of the subsidiary at the price of EUR 1.6 million, thus increasing its interest to 85.33% of this subsidiary. In 2024, CY4GATE had already purchased a 15.33% stake in the company.

Entry of XTN Cognitive Security S.r.l. into the National Tax Consolidation Scheme

31.Subsequent events

No significant events occurred after the end of the year.

Proposal of the Board of Directors to the Shareholders' Meeting

Dear Shareholders,

The Board of Directors proposes you to:

approve the Financial Statements as of and for the year ended December 31, 2025 of CY4GATE S.p.A. with a loss for the year of EUR 13,871,762.00;
to carry forward the loss for the year of EUR 13,871,762.00.

Rome, March 12, 2026

On behalf of the Board of Directors

(Emanuele Galtieri)

(Enrico Peruzzi)

Statement pursuant to Article 154-bis of Legislative decree no. 58 of February 24, 1998, "Italian Consolidated Law on Financial Intermediation", as amended

The undersigned Emanuele Galtieri and Arianna Ciccolella, respectively Chief Executive Officer and Manager in charge of the preparation of the corporate accounting documents of CY4GATE S.p.A. hereby certify, also taking into account the provisions envisaged by Article 154-bis, paragraphs 3, 4 and 5, of the Italian Legislative Decree No. 58 of February 24, 1998:

• the adequacy in relation to the characteristics of the company (also considering any changes occurred during 2025) and

• the effective application of administrative and accounting procedures for the preparation of the financial statements as of and for the year ended December 31, 2025 during 2025.

From the application of administrative and accounting procedures for the preparation of the financial statements as of and for the year ended December 31, 2025, no significant issue emerged.
It is also certified that:

3.1 the Financial Statements as of and for the year ended December 31, 2025:

b) are consistent with the underlying accounting books and records;

c) provide a true and correct view of the Company's financial performance, financial position and cash flows.

3.2 The Management Report and the Corporate Governance Report include a reliable analysis of the performance and results of operations, as well as the situation of the Company, together with a description of the main risks and uncertainties it is exposed to.

3.3 The Consolidated Sustainability Statement included in the Management Report were prepared in accordance with the reporting standards applied pursuant to Directive 2013/34/EU of the European Parliament and of the Council of June 26, 2013 and Legislative Decree No. 125 of September 6, 2024 and with the specifications adopted pursuant to Article 8 paragraph 4 of Regulation (EU) 2020/852 of the European Parliament and of the Council of June 18, 2020.

Rome, March 12, 2026

Chief Executive Officer Manager in charge of the preparation of the corporate accounting documents

KPMG S.p.A. Revisione e organizzazione contabile Via Curtatone, 3 00185 ROMA RM Telefono +39 06 80961.1 Email [email protected] PEC [email protected]

(The accompanying translated separate financial statements of CY4Gate S.p.A. constitute a non-official version which is not compliant with the provisions of the Commission Delegated Regulation (EU) 2019/815. This independent auditors' report has been translated into English solely for the convenience of international readers. Accordingly, only the original Italian version is authoritative.)

Independent auditors' report pursuant to article 14 of Legislative decree no. 39 of 27 January 2010 and article 10 of Regulation (EU) no. 537 of 16 April 2014

To the shareholders of CY4Gate S.p.A.

Report on the audit of the separate financial statements

Opinion

We have audited the separate financial statements of CY4Gate S.p.A. (the "company"), which comprise the statement of financial position as at 31 December 2025, the statements of profit or loss, comprehensive income, changes in equity and cash flows for the year then ended and notes thereto, which include material information on the accounting policies.

In our opinion, the separate financial statements give a true and fair view of the financial position of CY4Gate S.p.A. as at 31 December 2025 and of its financial performance and cash flows for the year then ended in accordance with the IFRS Accounting Standards as issued by the International Accounting Standards Board and endorsed by the European Union, as well as the Italian regulations implementing article 9 of Legislative decree no. 38/05.

Basis for opinion

We conducted our audit in accordance with International Standards on Auditing (ISA Italia). Our responsibilities under those standards are further described in the "Auditors' responsibilities for the audit of the separate financial statements" section of our report. We are independent of the company in accordance with the ethics and independence rules and standards applicable in Italy to audits of financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Key audit matters

Key audit matters are those matters that, in our professional judgement, were of most significance in the audit of the separate financial statements of the current year. These matters were addressed in the context of our audit of the separate financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters.

KPMG S.p.A. è una società per azioni di diritto italiano e fa parte del network KPMG di entità indipendenti affiliate a KPMG International Limited, società di diritto inglese.

Ancona Bari Bergamo Bologna Bolzano Brescia Catania Como Firenze Genova Lecce Milano Napoli Novara Padova Palermo Parma Perugia Pescara Roma Torino Treviso Trieste Varese Verona

Recoverability of the carrying amount of investments in subsidiaries

Notes to the separate financial statements: notes 2.2 "Accounting policies - Equity investments", 4 "Estimates and assumptions" and 15 "Equity investments"

Key audit matter	Audit procedures addressing the key audit matter
In the caption "Equity investments" of €96,274thousand, the separate financial statements at31 December 2025 include investments in subsidiariesrecognised at cost of €94,796.	Our audit procedures included:•understanding the process adopted for impairmenttesting approved by the company's board ofdirectors;
The directors identified indicators of impairment and,with the assistance of an external expert, tested theseequity investments for impairment, checking theirrecoverability by comparing their carrying amounts withtheir value in use calculated using the discounted cashflow model. The model is very complex and entails theuse of estimates which, by their very nature, areuncertain and subjective about:•the investees' expected cash flows, calculated bytaking into account the general economicperformance and that of their sector, the cashflows generated in recent years and the projectedgrowth rates;•the financial parameters used to calculate thediscount rate.For the above reasons, we believe that therecoverability of the carrying amount of investments insubsidiaries is a key audit matter.	•understanding the process adopted to prepare the2026-2030 business plan approved by thecompany's board of directors (the "2026-2030plan") from which the investees' expected futurecash flows used for impairment testing have beenderived;
	•analysing the reasonableness of the assumptionsused by the directors and the external expert toprepare the impairment test;
	•analysing the most significant discrepanciesbetween the previous year business plans' figuresand actual figures, in order to check the accuracyof the estimation process adopted by the directors;
	•comparing the cash flows used for impairmenttesting to the investees' cash flows forecast in the2026-2030 plan and analysing any discrepancies;
	•involving experts of the KPMG network in theassessment of the reasonableness of theimpairment testing model and related assumptions,including by means of a comparison with externaldata and information;
	•assessing the appropriateness of the disclosuresprovided in the notes about the measurement ofinvestments in subsidiaries.

Recoverability of intangible assets

Notes to the separate financial statements: notes 2.2 "Accounting policies - Intangible assets", 4 "Estimates and assumptions" and 12 "Intangible assets"

Key audit matter	Audit procedures addressing the key audit matter
The separate financial statements at 31 December	Our audit procedures included:
2025 include intangible assets with finite useful life of	•
€7,351 thousand under the caption "Intangible assets".	understanding the process adopted to prepare the
The directors identified indicators of impairment and,	impairment test approved by the company's board
with the assistance of an external expert, tested these	of directors;
intangible assets for impairment, checking their	•
recoverability by comparing their carrying amounts with	understanding the process adopted for preparing
their value in use calculated using the discounted cash	the 2026-2030 business plan approved by the
flow model. The model is very complex and entails the	company's board of directors (the "2026-2030
use of estimates which, by their very nature, are	plan") from which the expected future cash flows
uncertain and subjective about:	used for impairment testing have been derived;

Key audit matter	Audit procedures addressing the key audit matter
•the company's expected future cash flows,calculated by taking into account the generaleconomic performance and that of its sector, the	•analysing the reasonableness of the assumptionsused by the directors and the external expert toprepare the impairment test;
actual cash flows for recent years and theprojected growth rates;	•analysing the most significant discrepanciesbetween the previous year business plans' figures
•the financial parameters used to calculate thediscount rate.	and actual figures, in order to check the accuracyof the estimation process adopted by the directors;
For the above reasons, we believe that therecoverability of the carrying amount of intangibleassets is a key audit matter.	•comparing the cash flows used for impairmenttesting to the company's cash flows forecast in the2026-2030 plan and analysing any discrepancies;
	•involving experts of the KPMG network in theassessment of the reasonableness of theimpairment testing model and related assumptions,

including by means of a comparison with external data and information; • assessing the appropriateness of the disclosures provided in the notes about the measurement of

intangible assets.

Responsibilities of the company's directors and board of statutory auditors ("Collegio Sindacale") for the separate financial statements

The directors are responsible for the preparation of separate financial statements that give a true and fair view in accordance with the IFRS Accounting Standards as issued by the International Accounting Standards Board and endorsed by the European Union, as well as the Italian regulations implementing article 9 of Legislative decree no. 38/05 and, within the terms established by the Italian law, for such internal control as they determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

The directors are responsible for assessing the company's ability to continue as a going concern and for the appropriate use of the going concern basis in the preparation of the separate financial statements and for the adequacy of the related disclosures. The use of this basis of accounting is appropriate unless the directors believe that the conditions for liquidating the company or ceasing operations exist, or have no realistic alternative but to do so.

The Collegio Sindacale is responsible for overseeing, within the terms established by the Italian law, the company's financial reporting process.

Auditors' responsibilities for the audit of the separate financial statements

Our objectives are to obtain reasonable assurance about whether the separate financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors' report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISA Italia will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these separate financial statements.

As part of an audit in accordance with ISA Italia, we exercise professional judgement and maintain professional scepticism throughout the audit. We also:

31 December 2025

identify and assess the risks of material misstatement of the separate financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control;
obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the company's internal control;
evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the directors;
conclude on the appropriateness of the directors' use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the company's ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors' report to the related disclosures in the separate financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors' report. However, future events or conditions may cause the company to cease to continue as a going concern;
evaluate the overall presentation, structure and content of the separate financial statements, including the disclosures, and whether the separate financial statements represent the underlying transactions and events in a manner that achieves fair presentation.

From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the separate financial statements of the current year and are, therefore, the key audit matters. We describe these matters in our auditors' report.

Report on other legal and regulatory requirements

Opinion on the compliance with the provisions of Commission Delegated Regulation (EU) 2019/815

The company's directors are responsible for the application of the provisions of Commission Delegated Regulation (EU) 2019/815 with regard to regulatory technical standards on the specification of a single electronic reporting format (ESEF) to the separate financial statements at 31 December 2025 to be included in the annual financial report.

We have performed the procedures required by Standard on Auditing (SA Italia) 700B in order to express an opinion on the compliance of the separate financial statements with Commission Delegated Regulation (EU) 2019/815.

In our opinion, the separate financial statements at 31 December 2025 have been prepared in XHTML format in compliance with the provisions of Commission Delegated Regulation (EU) 2019/815.

Opinion and statement pursuant to article 14.2.e)/e-bis)/e-ter) of Legislative decree no. 39/10 and article 123-bis.4 of Legislative decree no. 58/98

The company's directors are responsible for the preparation of a management report and a report on corporate governance and ownership structure at 31 December 2025 and for the consistency of such reports with the related separate financial statements and their compliance with the applicable law.

We have performed the procedures required by Standard on Auditing (SA Italia) 720B in order to:

express an opinion on the consistency of the management report and certain specific information presented in the report on corporate governance and ownership structure required by article 123 bis.4 of Legislative decree no. 58/98 with the separate financial statements;
express an opinion on the consistency of the management report, excluding the section that includes the consolidated sustainability statement, and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 with the applicable law;
issue a statement of any material misstatements in the management report and certain specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98.

In our opinion, the management report and the specific information presented in the report on corporate governance and ownership structure required by article 123-bis.4 of Legislative decree no. 58/98 are consistent with the company's separate financial statements at 31 December 2025.

Rome, 31 March 2026

KPMG S.p.A.

(signed on the original)

Matteo Ferrucci Director of Audit

AI assistant

CY4GATE S.p.A. — Annual Report 2025

6295_10-k_2026-03-31_78e2401a-332e-4900-b0e9-af13589ceff8.pdf

CY4GATE S.P.A. 2025 ANNUAL REPORT

BOARO OF OIRECTORS:

BOARO OF STATUTORY AUOITORS:

INDEPENDENT AUDITORS

Management Report

GENERAL INFORMATION

Economic overview and reference markets

Overview of the markets in which the CY4GATE Group operates (Cyber Intelligence and Cyber Security)

SIGNIFICANT EVENTS OF THE YEAR

Purchase of an additional stake in Diateam S.a.S.

Entry of XTN Cognitive Security S.r.l. into the National Tax Consolidation Scheme

Other significant events

FINANCIAL RESULTS OF THE GROUP AND KEY PERFORMANCE INDICATORS

MAIN ALTERNATIVE INDICATORS OF THE GROUP'S PERFORMANCE

RECLASSIFIED CONSOLIDATED STATEMENT OF PROFIT AND LOSS

RECLASSIFIED STATEMENT OF FINANCIAL POSITION

CONSOLIDATED NET FINANCIAL INDEBTEDNESS

CONSOLIDATED STATEMENT OF CASH FLOWS

HUMAN RESOURCES

SUBSEQUENT EVENTS

BUSINESS OUTLOOK

DEFENSE

SECURITY & LAW ENFORCEMENT

EU and ITALIAN CORPORATE MARKET

MAIN RISKS AND UNCERTAINTIES

RISK MANAGEMENT

INTEREST RATE RISK

CURRENCY RISK

PRICE RISK

CREDIT RISK

LIQUIDITY RISK

CAPITAL RISK

AUTHORIZATION RISK

REPUTATIONAL RISK

HUMAN RESOURCES RISK

TECHNOLOGICAL RISK

TRANSACTIONS WITH RELATED PARTIES

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURES

OTHER INFORMATION

Purchases or sales of shares of parent companies shares during the year

Research and development activities

Treasury shares

Management and coordination

Significant non-recurring, atypical and/or unusual events and operations

Assets designated for a specific transaction

Remuneration Report

CONSOLIDATED SUSTAINABILY STATEMENT

CY4Gate Group Consolidated Sustainability Statement Year 2025

1. GENERAL DISCLOSURES (ESRS 2)

BP-1 General information on the preparation of this document

Group structure:

BP-2 Disclosure on specific situations

Transitional provisions in accordance with Appendix C of ESRS 1

ESRS S3 – Affected communities

ESRS S4 – Consumers and end-users

Governance

GOV-1 Composition and role of the administrative, management and supervisory bodies

The Board of Directors of CY4Gate

Administration, management and control bodies of CY4Gate

GOV-2 Information provided to and sustainability matters addressed by the undertaking's administrative, management and supervisory bodies

GOV-3 Incentive scheme linked to sustainability targets

GOV-4 Statement on due diligence on sustainability matters

GOV-5 Risk management systems and internal controls related to the Consolidated Sustainability Statement

Strategy

SBM-1 Strategy, value chain and business model

UPSTREAM VALUE CHAIN

DOWNSTREAM VALUE CHAIN

PARTNERSHIP

European Projects:

Relations with business partners:

SBM-2 Interests and views of stakeholders.

Formal Communication Channels

Shareholders' Meetings

Board of Directors Meetings

Periodic Reports

Website

Events and Conferences

CY4GATE S.p.A. Annual Report 2025