CY4GATE S.P.A.

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURE

pursuant to Art. 123-bis of Italian Legislative Decree No. 58 of February 24, 1998

(Traditional management and control model)

year ended December 31, 2024

https://www.cy4gate.com/it/

This report on corporate governance and ownership structure of CY4Gate S.p.A. was approved by the Board of Directors on March 12, 2025

TABLE OF CONTENTS 3
GLOSSARY5
FOREWORD8
1. ISSUER PROFILE9
2. INFORMATION ON OWNERSHIP STRUCTURE (PURSUANT TO ART. 123- , PARAGRAPH BIS 1, OF THE TUF) AS AT THE REPORT DATE 11
a) Share capital structure (pursuant to Art. 123-bis, paragraph 1.a, of the TUF) 11
b) Restrictions on the transfer of securities (pursuant to Art. 123-bis, paragraph 1.b, of the TUF)12
c) Significant shareholdings in the capital (pursuant to Art. 123-bis, paragraph 1.c, of the TUF)12
d) Securities that confer special rights (pursuant to Art. 123-bis, paragraph 1.d, of the TUF)12
e) Employee shareholding: mechanism for exercising voting rights (pursuant to Art. 123-bis, paragraph 1.e, of the TUF)13
f) Restrictions on voting rights (pursuant to Art. 123-bis, paragraph 1.f), of the TUF) 13
g) Shareholder agreements (pursuant to Art. 123-bis, paragraph 1.g, of the TUF) 14
h) Change of control clauses (pursuant to Art. 123-bis, paragraph 1.h of the TUF) and statutory provisions on takeover bids (pursuant to Arts. 104, paragraph 1-ter, and 104-bis, paragraph 1, of the TUF) 14
i) Powers of attorney to increase the share capital and authorization to purchase treasury shares (pursuant to Art. 123-bis, paragraph 1.m, of the TUF) 14
l) Management and coordination activities (pursuant to Arts. 2497 et seq. of the Civil Code)15
3. COMPLIANCE (PURSUANT TO ART. 123- , PARAGRAPH 2.A), FIRST PART, OF THE BIS TUF)18
4. BOARD OF DIRECTORS19
4.1 ROLE OF THE BOARD OF DIRECTORS19
4.2 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123-BIS, PARAGRAPH 1.L), FIRST PART, OF THE TUF)23
4.3 COMPOSITION (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) AND 2.D-BIS) OF THE TUF) 27
4.4 OPERATION OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF)33
4.5 ROLE OF THE CHAIRPERSON OF THE BOARD OF DIRECTORS 35

4.6 EXECUTIVE DIRECTORS36
4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR40
5. CORPORATE INFORMATION MANAGEMENT 42
6. BOARD COMMITTEES (PURSUANT TO ART. 123- , PARAGRAPH 2.D) OF THE TUF) .42 BIS
7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE 47
7.1 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS 47
7.2 APPOINTMENTS COMMITTEE48
8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE49
8.1 REMUNERATION OF DIRECTORS49
8.2 REMUNERATION COMMITTEE 49
9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM – CONTROL AND RISK COMMITTEE51
9.1 CHIEF EXECUTIVE OFFICER56
9.2 CONTROL, RISK AND SUSTAINABILITY COMMITTEE 57
9.3 HEAD OF INTERNAL AUDIT 59
9.4 ORGANIZATIONAL MODEL PURSUANT TO ITALIAN LEGISLATIVE DECREE 231/2001 60
9.5 AUDITING FIRM61
9.6 FINANCIAL REPORTING OFFICER AND OTHER CORPORATE ROLES AND FUNCTIONS 61
9.7 COORDINATION OF THE PARTIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM62
10. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS63
11. BOARD OF STATUTORY AUDITORS64
11.1 APPOINTMENT AND REPLACEMENT 64
11.2 COMPOSITION AND OPERATION OF THE BOARD OF STATUTORY AUDITORS (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) AND 2.D-BIS) OF THE TUF)66
11.3 ROLE OF THE BOARD OF STATUTORY AUDITORS70
12. RELATIONS WITH SHAREHOLDERS AND OTHER RELEVANT STAKEHOLDERS72
13. MEETINGS73
14. ADDITIONAL CORPORATE GOVERNANCE PROCEDURES (PURSUANT TO ART. 123- , BIS PARAGRAPH 2.A), SECOND PART, OF THE TUF) 76
15. CHANGES AFTER THE END OF THE YEAR76
16. CONSIDERATIONS ON THE LETTER FROM THE CHAIRPERSON OF THE CORPORATE GOVERNANCE COMMITTEE76

GLOSSARY

Chief Executive Officer	The chief executive officer of the Company.
Shareholders' Meeting	The shareholders' meeting of the Company.
Borsa Italiana	Borsa Italiana S.p.A., based in Milan, Piazza Affari No. 6.
Code/CG Code	The Corporate Governance Code for Listed Companies approved in January 2020 by the Italian Corporate Governance Committee.
Civil Code	The Italian Civil Code.
Board of Statutory Auditors	The Company's Board of Statutory Auditors.
Corporate Governance Committee	The Italian Corporate Governance Committee of Listed Companies, promoted not only by Borsa Italiana S.p.A. but also by ABI, Ania, Assogestioni, Assonime and Confindustria.
CONSOB	The Italian National Commission for Companies and the Stock Exchange ( Commissione Nazionale per le Società e la ) in Rome, Via Martini No. 3. Borsa
Board of Directors or Board	The board of directors of the Issuer.
Report Date	March 12, 2025, the date of approval of the Report by the Issuer's Board of Directors.
Decree 231	Italian Legislative Decree No. 231 of June 8, 2001.
Financial Reporting Officer	The executive responsible for preparing the Company's corporate accounting documents pursuant to Article 154- of TUF (Consolidated Finance Act). bis
Issuer, CY4 or Company	CY4Gate S.p.A., with registered office in Rome (RM), Via Coponia No. 8, enrolled to the Register of Companies of Rome under number, tax code, VAT and registration number 13129151000, R.E.A. (Economic and Administrative

	Register) of Rome No. 1426295, LEI code 8156005DEB4D90F3E360.
Year	The fiscal year ended December 31, 2024 to which the Report refers.
ESRS	The sustainability reporting standards defined in Commission Delegated Regulation (EU) 2023/2772 of July 31, 2023.
EXM	Euronext Milan, a regulated market organized and managed by Borsa Italiana S.p.A.
Group	CY4Gate S.p.A. and its subsidiaries collectively pursuant to Article 2359 of the Civil Code and Article 93 of the TUF.
231 Model	The organization, management and control model adopted by the Company pursuant to Italian Legislative Decree No. 231 of June 8, 2001.
RPT Procedure	It has the meaning set out in Paragraph 10 of the Report.
Issuers' Regulation	The Regulation issued by CONSOB with resolution No. 11971 of May 14, 1999 on issuers, as amended and supplemented.
Related-Party Regulation or RPT Regulation	The Regulation issued by CONSOB with resolution No. 17221 of March 12, 2010 on related-party transactions, as amended and supplemented.
Report	This corporate governance report prepared pursuant to Articles 123- of the TUF and 89- of the Issuers' bis bis Regulation.
ICRMS	The Internal Control and Risk Management System adopted by the Company.
Bylaws	The Issuer's bylaws in effect as at the Report Date.
TUF (or Consolidated Finance Act)	Italian Legislative Decree No. 58 of February 24, 1998, as amended and supplemented.

Unless otherwise stated, the CG Code's definitions of directors, executive directors, independent directors, significant shareholder, chief executive officer (CEO), management body, control body, business plan, concentrated ownership company, large company, sustainable success, top management should be considered by reference.

In addition, unless otherwise specified, the sections referencing the content of the relevant ESRS should also be considered as incorporating by reference the definitions provided in the ESRS, especially those pertaining to: lobbying, value chain, affected communities, corruption and bribery, corporate culture, consumers, sustainability statement, employee, discrimination, suppliers, own workforce, impacts, sustainabilityrelated impacts, workers in the value chain, non-employee workers, independent board members, metrics, business model, harassment, target, opportunities, sustainabilityrelated opportunities, administrative management and supervisory bodies, policy, indigenous peoples, stakeholders, sustainability issues, materiality, risks, sustainabilityrelated risks, end-users.

FOREWORD

The Report, approved by the Board of Directors on March 12, 2025, aims to provide a general and comprehensive overview of the corporate governance system adopted by the Company in order to ensure fairness and transparency in corporate disclosures.

This document has been drawn up in accordance with Art. 123bis of the TUF and in light of the recommendations of the Corporate Governance Code, as well as taking into account the document "Format per la relazione sul governo societario e gli assetti proprietari" (Format for the Report on Corporate Governance and Ownership Structure) issued by Borsa Italiana and made available to issuers in December 2024.

On May 2, 2023, the Board of Directors resolved to endorse the CG Code. The Report aims, among other things, to provide information to the market on how CY4 is implementing the CG Code.

As at the Report Date, CY4 is listed on EXM - STAR Segment.

The Report is published on the Company's website https://www.cy4gate.com/en, Governancesection.

1. ISSUER PROFILE

The corporate governance structure of CY4, which adopts the traditional management and control system, consists of the following corporate bodies:

(i) the Board of Directors, which is responsible for the corporate management;
(ii) the Board of Statutory Auditors, which is responsible for supervising (i) compliance with the law and the Bylaws and the observance of the principles of sound administration, (ii) the adequacy of the internal control system and the managementaccounting system, as well as the latter's reliability in correctly representing operating events, (iii) the concrete implementation of the corporate governance rules provided for in codes of conduct drawn up by regulated markets management companies or by trade associations, which the Company, by means of public disclosures, declares it complies with, (iv) the adequacy of the instructions given to subsidiaries in relation to the obligations to disclose inside information, and (v) the financial reporting process, the effectiveness of the internal control, internal audit, and risk management systems, the statutory audit of the annual and consolidated accounts, and the independence of the auditing firm;
(iii) the Shareholders' Meeting, which is competent to pass resolutions on matters reserved to it by the law or the Bylaws.

Three committees are established within the Board of Directors:

(i) the Control, Risk and Sustainability Committee, which has the task of assisting the Board of Directors, with investigative, proposal and advisory functions, in evaluations and decisions related to the internal control and risk management system, as well as in matters concerning the Company's sustainability issues.
(ii) the Appointments and Remuneration Committee, which performs tasks, of an appraisal, proposal and advisory nature toward the Board of Directors regarding: (a) appointments, supporting the Board of Directors inter alia - by expressing opinions regarding the size, optimal composition and actual functioning of the Board of Directors and its Committees, as well as recommendations regarding the managerial and professional figures whose presence is deemed appropriate; and (b) remuneration, by, among other things, drafting a proposal for the Company's remuneration policy and submitting proposals or expressing opinions on the remuneration of executive directors and other directors who hold special offices as well as on setting performance targets related to the variable component of such remuneration; and, more generally, supporting the management body in its selfassessment and that of its Committees.
(iii) the Related-Party Transactions Committee, which performs the functions assigned to it by the RPT Procedure (to which reference is hereby made).

Each committee – which operates on the basis of internal regulations that establish its rules of operation – is composed of three non-executive directors, the majority of whom are independent (according to the independence requirements set out by Corporate Governance Code). The Chairperson is chosen from among the independent directors.

In addition, within the management body, the Strategic Committee is established to assist the Board of Directors and the Company's delegated bodies with appraisal, proposal, and advisory functions. It supports evaluations and decisions related to: (i) the development of the Company's business in terms of growth by internal lines and support for product and technological strategies; and (ii) preparatory activities for the identification of companies of interest with which to initiate corporate acquisition and/or integration processes.

The Committee consists of four members, appointed by, and chosen from among the members of, the Board of Directors. The Chief Executive Officer is an ex officio member of the Committee.

Auditing is entrusted to an Auditing firm enrolled in the statutory auditors register, appointed by the Shareholders' Meeting upon a reasoned proposal from the Board of Statutory Auditors.

In addition to the foregoing, in compliance with the provisions of the CG Code, as well as applicable regulations, the Issuer has:

a) appointed three independent directors out of nine members of the Board of Directors;
b) defined the guidelines of the internal control and risk management system and appointed the persons in charge of internal control;
c) adopted a procedure for handling inside information and maintaining the insider register, and a procedure on internal dealing;
d) adopted a procedure for related-party transactions in accordance with Article 4 of the Related-Party Regulation;
e) appointed the Investor Relator as the person in charge of managing shareholder relations;
f) adopted regulations for the operation of the Board of Directors and Board Committees;
g) adopted a Code of Ethics;
h) adopted an organizational, management and control model pursuant to Decree 231 and a Supervisory Body.

The Board of Directors fulfills its role in guiding the Issuer in compliance with the principles and recommendations set out by the Code with the aim of pursuing its sustainable success; this target translates into the creation of long-term value for the benefit of shareholders, while taking into account the interests of other Issuer stakeholders.

On this point, please refer to the Sections of the Report where the following are explained: (i) how this target is integrated into strategies (see Section 4.1 of the Report), remuneration policies (see Section 8 of the Report) and the internal control and risk management system (see Section 9 of the Report); (ii) the corporate governance measures specifically taken in this regard (see Section 6 and Section 9 of the Report,

with reference to the establishment of the Control, Risk, and Sustainability Committee with the task of supporting the Board in analyzing issues relevant to long-term value generation).

More generally, the Group is committed to making strategic choices that also focus on sustainability.

As at the closing date of the financial statements for the year ended December 31, 2024, the Group falls within the scope of Italian Legislative Decree 125/2024, enacted to implement Directive 2022/2464/EU of the European Parliament and of the Council of December 14, 2022 (CSRD). Consequently, with regard to the Year, the Issuer complied with the sustainability reporting requirements set out by the aforementioned regulations. In this regard, please refer to the relevant documentation, made available on the Company's website https://www.cy4gate.com/en/, Investor Relations/Financial Statements section.

As at the Report Date, due to the capitalization recorded during the 2024 fiscal year, the Issuer falls within the definition of a listed SME pursuant to Article 1, paragraph 1, letter w-quater.1), of the TUF, as amended by Article 2 of Italian Law No. 21 of March 5, 2024, and Article 2ter of the Issuers' Regulation, as reflected in the list of SMEs published by CONSOB on its website pursuant to Article 2ter, paragraph 2, of the Issuers' Regulation. As at the Report Date, the capitalization of the Issuer is approximately Euro 106.5 million.

2. INFORMATION ON OWNERSHIP STRUCTURE (PURSUANT TO ART. 123-BIS, PARAGRAPH 1, OF THE TUF) AS AT THE REPORT DATE

a) Share capital structure (pursuant to Art. 123-bis, paragraph 1.a, of the TUF)

As at the Report Date, CY4's subscribed and paid-up share capital amounted to Euro 1,441,499.94 and was represented by 23,571,428 ordinary shares with no par value.

The shares are subject to dematerialization under Articles 83bis et seq. of the TUF. Shares are freely transferable and confer the same rights, both in equity and administrative terms, as established by law and the Bylaws, except as provided for in Article 8 of the Bylaws.

As at the Report Date, the Company has not issued any other class of shares, or financial instruments convertible into or exchangeable for shares.

For more information on the share capital structure, see Table 1 in the appendix.

For the sake of completeness, it should be noted that on March 23, 2023, the Board of Directors approved a stock grant incentive plan for the 2023-2025 three-year period, aimed at the executive directors and top management of the Company (the "Plan"), which was amended at the board meeting of June 13, 2023 in order to introduce – along with financial and market targets – an annual target related to ESG issues and, in particular, to obtaining and maintaining the Gender Equality Certification. The Plan entails, the free allocation of CY4 shares for beneficiaries upon achievement of the Targets (as defined under the Plan).

For further details, please refer to the report on remuneration policy and compensation paid, prepared in accordance with Articles 123-ter TUF and 84quater of the Issuers' Regulation, made available to the public on the Company's website https://www.cy4gate.com/en/, Governance Section, and in the other manners provided for by current regulations.

b) Restrictions on the transfer of securities (pursuant to Art. 123-bis, paragraph 1.b, of the TUF)

Except as detailed below, as at the Report Date, there are no restrictions on the transfer of shares, including but not limited to ownership limits or the requirement to obtain approval from the Issuer or other security holders.

c) Significant shareholdings in the capital (pursuant to Art. 123-bis, paragraph 1.c, of the TUF)

[As at the Report Date, based on the shareholder register and taking into account the notices received pursuant to Article 120 of the TUF and other information available to the Company, the persons listed in Table 1 in the appendix held Company shares representing 5% or more of the share capital, namely:

(i) Elettronica, holder of 9,045,912 ordinary CY4 shares, corresponding to 38.38% of the Company's share capital and voting rights;
(ii) TEC Cyber, holder of 3,809,524 ordinary CY4 shares, corresponding to 16.16% of the Company's share capital and voting rights;
(iii) First SICAF S.p.A., holder 1.249.993 ordinary CY4 shares, corresponding of a 5.30% stake in the Company's share capital and voting rights.

d) Securities that confer special rights (pursuant to Art. 123-bis, paragraph 1.d, of the TUF)

As at the Report Date, the Company has not issued securities that confer special rights of control, nor do the Bylaws provide special powers for certain shareholders or holders of particular classes of shares.

In light of its business sector, the Group is subject to the regulations outlined in Italian Decree Law No. 21 of March 15, 2012 – converted with amendments by Italian Law No. 56 of May 11, 2012, as updated and amended – aimed at regulating certain special powers of the State with respect to companies operating in sectors of strategic importance to the national interest (the "golden power" regulation). These powers primarily include the right to:

a) veto resolutions, actions, and transactions that – resulting in changes in the ownership, control, or availability of the assets of strategic companies, or altering their purpose – create an exceptional situation not covered by national and European industry regulations, potentially causing significant harm to public interests related to the safety and functioning of networks and facilities, as well as the continuity of supply;

b) ensure the effectiveness of a purchase, for any reason, by an entity outside the European Union of shareholdings of such importance as to result in the stable establishment of the purchaser through the assumption of control of the company whose shareholding is being purchased, pursuant to Article 2359 of the Civil Code and the TUF, provided that such purchase poses a threat of serious harm to public interests related to the safety and operation of networks and facilities, as well as the continuity of supply, conditional on the purchaser's commitment to safeguarding these interests;
c) oppose the purchase referred to in b) above, if such purchase poses exceptional risks to the protection of public interests related to the safety and operation of networks and facilities, as well as the continuity of supply, which cannot be eliminated by the purchaser's commitment to safeguarding these interests.

For the sake of completeness, it should be noted that the business carried out by the Issuer and the Group is not subject to supervision by specific industry authorities, it being understood that sales of "dual use" products (related to the cyber intelligence sector) in non-EU countries – due to the nature of these products, which can potentially be used for both civilian and military applications – are subject to a specific export authorization procedure conducted by the UAMA (Unit for the Authorization of Armament Materials) office of the Italian Ministry of Foreign Affairs and International Cooperation.

e) Employee shareholding: mechanism for exercising voting rights (pursuant to Art. 123- bis, paragraph 1.e, of the TUF)

As at the Report Date, the Company has not adopted a specific employee shareholding system that provides a mechanism for exercising voting rights.

With reference to the Plan, please refer to the report on the remuneration policy and compensation paid, prepared pursuant to Articles 123-ter of the TUF and 84-quater of the Issuers' Regulation, made available to the public on the Company's website https://www.cy4gate.com/en/ and in the other manners required by current regulations.

f) Restrictions on voting rights (pursuant to Art. 123-bis, paragraph 1.f), of the TUF)

The Bylaws do not include any particular provisions that would result in restrictions on voting rights, such as limitations on voting rights to a certain percentage or number of votes, time limits imposed on the exercise of voting rights, or systems in which, with the cooperation of the Issuer, the financial rights attached to securities are separated from their ownership.

g) Shareholder agreements (pursuant to Art. 123-bis, paragraph 1.g, of the TUF)

As at the Report Date, no shareholder agreements are known to the Company.

h) Change of control clauses (pursuant to Art. 123-bis, paragraph 1.h of the TUF) and statutory provisions on takeover bids (pursuant to Arts. 104, paragraph 1-ter, and 104- bis, paragraph 1, of the TUF)

As at the Report Date, the Company has not entered into any significant agreements that take effect, are amended, or terminate upon a change of control of the Company or its subsidiaries, except as detailed below.

The Company has a loan agreement in place, signed on March 29, 2022, which provides for certain conditions for full mandatory early repayment in the event of – inter alia – a change of control. For more information, please refer to the Listing Prospectus available at the Issuer's website https://www.cy4gate.com/en/, IPO Section.

The Bylaws do not provide for exceptions to the passivity rule provisions of Article 104, paragraphs 1 and 1bis of the TUF, nor do they provide for the application of the neutralization rules set out in Article 104bis, paragraphs 2 and 3, of the TUF.

i) Powers of attorney to increase the share capital and authorization to purchase treasury shares (pursuant to Art. 123-bis, paragraph 1.m, of the TUF)

As at December 31, 2024, there are no powers of attorney to increase the share capital pursuant to Article 2443 of the Civil Code.

Pursuant to Article 6 of the Bylaws, the share capital may also be increased by a resolution of the Shareholders' Meeting by issuing shares with rights other than those attached to ordinary shares and by contributions other than cash or by offsetting liquid and collectible Company receivables, in accordance with and to the extent permitted by law. In the resolutions to increase the share capital against contribution, pre-emptive rights may be excluded up to a maximum of 10% of the existing share capital, pursuant to and in accordance with Article 2441, fourth paragraph, second sentence, of the Civil Code. The Extraordinary Shareholders' Meeting of the Company may grant the directors, pursuant to Article 2443 of the Civil Code, the power to increase, in one or more tranches, the share capital up to a specified amount and for a maximum period of five years from the date of the resolution, also with the exclusion or limitation of pre-emptive rights.

On November 26, 2024, the Shareholders' Meeting resolved to grant the Board of Directors the authorization, pursuant to and within the limits of Articles 2357 et seq. of the Civil Code, to purchase and dispose of treasury shares, including in several tranches, leading the Company to purchase, if the purchase option is exercised in full, a number of shares not exceeding 450,000 (four hundred and fifty thousand), representing overall approximately 2% (two percent) of the Company's share capital as at the date of the Shareholders' Meeting called to approve the authorization to purchase and dispose of the treasury shares in question (i.e., the Shareholders' Meeting held on November 26, 2024), for the purpose of:

(i) using the shares in the portfolio (including through exchange, swap, contribution, transfer, or other disposal transaction) as part of extraordinary transactions related to the implementation of industrial and financial projects or as part of extraordinary finance transactions, consistent with the strategic guidelines that the Company intends to pursue;
(ii) fulfilling obligations arising from share option programs or other grants of shares to employees or members of the management or control bodies of the Company or its subsidiaries or affiliates, under existing and any future sharebased incentive plans, consistent with the remuneration policies adopted by the Company;
(iii) increasing value for shareholders by improving the Company's financial structure and by any subsequent cancellation of treasury shares without reduction of share capital, subject to the necessary corporate compliance; and
(iv) carrying out transactions to support the liquidity of the Company's shares, aimed at ensuring smooth trading and preventing price fluctuations that do not align with market trends, as well as regularizing trading and price movements in the presence of temporary distortions caused by excessive volatility or low trading liquidity.

Authorization to purchase was given for the maximum duration set forth by Article 2357, paragraph 2, of the Civil Code and, therefore, for a period of eighteen months from the date of authorization by the Shareholders' Meeting.

Authorization to dispose of any treasury shares purchased was granted without time limits, in accordance with current regulations, thus allowing the Board of Directors to make use of maximum flexibility, including in terms of timing, to carry out the disposal of the shares.

As at December 31, 2024, the closing date of the Year, the Company held 450,000 treasury shares; as at the Report Date, the Company held 450,000 treasury shares.

l) Management and coordination activities (pursuant to Arts. 2497 et seq. of the Civil Code)

The Company is controlled, pursuant to Article 2359 of the Civil Code and Article 93 of the TUF, by Elettronica, as the latter has sufficient voting rights to exercise a dominant influence at CY4's Ordinary Shareholders' Meeting. However, the Company is not subject to management and coordination by Elettronica pursuant to Articles 2497 et seq. of the Civil Code. CY4 believes, in fact, that none of the activities typically evidencing management and coordination pursuant to Articles 2497 et seq. of the Civil Code exist, in view of, but not limited to, the following circumstances:

(i) CY4 and its Directors maintain complete operational autonomy and remain separate and independent centers of responsibility;

(ii) Elettronica does not centralize any functions, such as treasury or management, to itself;
(iii) CY4 has autonomous negotiating capacity in dealing with customers and suppliers;
(iv) CY4 operates in a condition of corporate and business autonomy from Elettronica; and
(v) CY4 has autonomy in defining its strategic and development lines.

The following table provides a graphical representation of the companies that are part of the Group, showing the Issuer's shareholdings in each of them as at the Report Date.

It should be noted that:

a) the information required by Art. 123-bis, paragraph 1.i) of the TUF ("agreements between the company and the directors [...] providing for considerations in the event of resignation or dismissal without just cause or if their employment ceases as a result of a takeover bid") is set out in the report on remuneration policy and compensation paid published pursuant to Article 123-ter of the TUF on the Company's website (https://www.cy4gate.com/en/) and in the other manners required by current regulations;

***

b) the information required by Art. 123-bis, paragraph 1.l), first part, of the TUF ("the rules applicable to the appointment and replacement of directors [...] if different from the legislative and regulatory rules applicable by way of supplement") is explained in the Section of the Report devoted to the Board of Directors (see Section 4.2 of the Report);

c) the information required by Art. 123bis, paragraph 1.l), second part, of the TUF ("the rules applicable [...] to the amendment of the bylaws, if different from the legislative and regulatory rules applicable by way of supplement") is explained in the Section of the Report devoted to the Shareholders' Meeting (see Section 13 of the Report).

3. COMPLIANCE (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.A), FIRST PART, OF THE TUF)

The Company complies with the provisions of the CG Code.

The CG Code is available to the public on the Corporate Governance Committee's website at https://www.borsaitaliana.it/comitato-corporate-governance/codice/2020.pdf.

***

Although there are companies incorporated under non-Italian law in the Group, neither the Issuer nor its subsidiaries (including strategically significant subsidiaries, i.e., companies whose turnover exceeds 25% of the group's consolidated turnover, as resolved at the board meeting held on March 8, 2024) are subject to non-Italian legal provisions affecting their corporate governance structure.

The following are the main governance tools the Company has adopted, in compliance with the latest laws and regulations, the provisions of the Code, and national and international best practices:

Bylaws;
Organization, management and control model pursuant to Decree 231 and Supervisory Body;
Code of Ethics;
Corporate internal control functions and Investor Relations Manager;
Regulations of the Board of Directors;
Regulations of the Control, Risk and Sustainability Committee;
Regulations of the Appointments and Remuneration Committee;
Regulations of the Related-Party Transactions Committee;
Regulations of the Strategic Committee;
Related-Party Transactions Procedure;
Procedure for handling insider information and maintaining the insider register;
Procedure on internal dealing.

4. BOARD OF DIRECTORS

4.1 ROLE OF THE BOARD OF DIRECTORS

The Board of Directors guides the Issuer by pursuing its sustainable success, which translates into the creation of long-term value for the benefit of shareholders, taking into account the interests of other stakeholders.

In this regard, the Board of Directors defines the strategies of the Issuer and its Group in accordance with the pursuit of sustainable success, monitoring their implementation, as well as the corporate governance system that is most functional for the conduct of the company's business and the pursuit of its strategies, taking into account the areas of autonomy offered by the legal system and, if necessary, evaluating and promoting appropriate changes, submitting them, when applicable, to the Shareholders' Meeting.

In addition, the Board of Directors promotes, in the most appropriate forms, dialogue with the Issuer's shareholders and other stakeholders.

Pursuant to Article 19 of the Company's Bylaws, the Board of Directors is vested with the following powers:

a) the merger resolution in the cases referred to in Articles 2505, 2505bis, 2506 ter last paragraph of the Civil Code, as well as the resolution referred to in Article 2506.1 of the Civil Code;
b) the establishment and dissolution of secondary branches;
c) the determination of which directors are authorized to represent the Company;
d) the reduction of share capital in case of a shareholder's withdrawal;
e) the adaptation of the Bylaws to comply with regulatory provisions;
f) the relocation of the registered office to another municipality within Italy;
g) the issuance of non-convertible bonds;
h) the reduction of the share capital if more than one-third of it is lost and the Company has issued shares without par value;
i) the creation of assets allocated to a specific business under Articles 2447bis et seq. of the Civil Code.

In addition to the above, in order to enable the concrete application of the above principles, including by established corporate practice, the Board of Directors is also vested with:

− the review and approval of the business plan of the Issuer and its Group, including based on the analysis of issues relevant to long-term value generation;
− the periodic monitoring of the business plan implementation, as well as the evaluation of the general management performance, periodically comparing the results achieved with those planned;
− the definition of the nature and level of risk compatible with the Issuer's strategic targets, including in its assessments all elements that may be relevant in terms of the Issuer's sustainable success;
− the definition of the Issuer's corporate governance system and the structure of its Group;
− the adequacy assessment of the organizational, management and accounting structure of the Issuer and strategically important subsidiaries, with particular reference to the internal control and risk management system (see Section 9 of the Report);
− the deliberation on transactions of the Issuer and its subsidiaries that are of significant strategic, economic, equity or financial importance to the Issuer, establishing general criteria for identifying significant transactions;
− the adoption, at the proposal of the Chairperson, in agreement with the Chief Executive Officer, of a procedure for the internal management and external communication of documents and information concerning the Issuer, with particular reference to inside information (see Section 5 of the Report).

The following are the main activities carried out by the Board of Directors in relation to the areas mentioned above during the Year and, in any case, up to the Report Date.

The Board of Directors has reviewed and approved the annual budget, including the analysis of issues relevant to long-term value generation. In defining the nature and level of risk that is compatible with the Issuer's strategic targets, the Group has included in its assessments the elements that may be relevant from the perspective of the Issuer's sustainable success. During the Year, the Board of Directors monitored the implementation of the annual budget and assessed the general operational trend based on the comprehensive regular information received from the delegated bodies at each meeting of the Board of Directors, as well as periodically comparing the results achieved with those planned.

On March 12, 2025, the Board of Directors, also taking into account the reports by the Chairperson of the Control, Risk and Sustainability Committee, as well as the assessments made by the Chief Executive Officer, evaluated positively the adequacy of the organizational, administrative and accounting structure of the Company and its Group (including subsidiaries with strategic importance), with particular reference to the internal control and risk management system.

In addition, the Board of Directors meeting held on the same date decided that it did not need to establish in advance general criteria for identifying transactions that have significant strategic, economic, equity or financial importance for the Company and its subsidiaries, believing it preferable to make this assessment from time to time on the basis of information received from the executive directors. On March 12, 2025, the Board of Directors also deemed it unnecessary to elaborate reasoned proposals to be submitted to the Shareholders' Meeting for the definition of a different system of corporate governance, evaluating the current corporate governance system of the Issuer and the structure of the Group it heads as already adequate and functional for these needs (see Section 13 of the Report).

Finally, it should be noted, regarding the management of dialogue with shareholders, that the Company has adopted a procedure for the internal management and external communication of documents and information concerning the Issuer (see Sections 5 and 12 of the Report). More generally, the Company ensures the systematic dissemination to investors, the market and the media of comprehensive and timely disclosures on its activities, subject to the confidentiality requirements of certain information. Such disclosures are ensured through press releases, regular meetings with institutional investors, the financial community and the press, and extensive documentation and numerous publications made available and constantly updated on the Company's website https://www.cy4gate.com/en/, Investor Relations Section.

For more information on the Board's additional powers regarding its composition, operation, appointment and self-assessment, remuneration policy, and internal control and risk management system, please refer to the additional paragraphs in Section 4, as well as to Sections 7, 8, and 9 of the Report, respectively.

In addition to the above, more specifically with regard to the roles and responsibilities of the management and control bodies in overseeing the procedures designed to manage significant risks, impacts and opportunities, it should be noted that the Board of Directors defines the principles, values and strategies of the Group, which are formalized, in particular, in the relevant business plan, whereas the Board Committees direct, with the role of strategic oversight, the corporate dynamics of the Company, according to the tasks set by the respective internal regulations approved by the Board of Directors.

With respect to the foregoing, the Chief Executive Officer, as a Director with executive powers, within the scope of his/her mandate, and also in his/her capacity as General Manager, is responsible – although not on the basis of specific formalized procedures – for assessing the environmental and social risks of all Group activities, reporting to the Board of Directors about his/her work at the earliest opportunity. All of this according to the strategic targets of the company and the actions to be taken in order to achieve those targets in line with the chosen level of risk exposure, with a view to promoting the Company's sustainable success.

On this point, it should be noted that the Group adopts responsible business conduct, with an integrated, risk-assessment-based management approach. The Control, Risk and Sustainability Committee, established within the Board of Directors, is responsible for ensuring adequate oversight of sustainability issues, advising and making proposals to the management body.

Roles and responsibilities have been defined for this committee for the purpose of acquiring and analyzing key information related to:

economic, environmental and social context;
economic and financial risks;
regulatory compliance;
ESG (Environmental, Social, Governance) issues.

More generally, at the organizational structure level, a group dedicated to ESG issues has also been established with the following responsibilities:

• monitoring and management of ESG issues;

integration of ESG criteria within business processes;
preparation of sustainability reporting, which is submitted to the Control, Risk and Sustainability Committee for review and then subjected for the evaluation and subsequent approval by the Board of Directors.

The evolution of the context and operations in relation to strategies and objectives linked to significant impacts, risks, and opportunities, as well as the progress made in achieving them concerning social responsibility and sustainability, is periodically monitored during Board meetings and Board Committee meetings (where heads of management bodies are invited to participate as necessary). This is done within the framework of the strategic planning processes, by regularly comparing achieved results with planned ones, and taking into account, among other factors, the analysis of ratings from rating agencies and analysts by the Board of Directors and, likewise, the Board of Statutory Auditors, which regularly participates, according to market best practices, in board meetings, with the role of supervising compliance with the law, regulations, bylaws, sound administration, and the adequacy of the Company's organizational and accounting structures.

As mentioned, the findings of the activities carried out on sustainability issues and how they were addressed during the reporting period constitute the subject of discussion at Board of Directors meetings. Specifically, at the board meeting, the administrative, management and control bodies are briefed by the Chief Executive Officer on the relevant impacts, risks, and opportunities, their implementation in accordance with due diligence, and the results and effectiveness of the policies, actions, metrics, and objectives adopted to address them, which have previously been discussed in other Board of Directors meetings.

The frequency with which the above information is provided varies according to its nature and relevance. In general, more strategic and general information is discussed by the Board of Directors at least annually, when the sustainability reporting is approved. More operational and detailed information, on the other hand, may be the subject of periodic reports or more frequent discussions at the level of, for example, the Control, Risk and Sustainability Committee.

In addition, Management plays a crucial role in governance processes, controls, and procedures designed to monitor, manage, and supervise relevant impacts, risks, and opportunities, being responsible, in particular, for implementing an effective risk management system, including identifying, assessing, and mitigating risks, as well as monitoring performance and impacts.

Significantly, Management establishes a three-year commitment plan, with annual updates, based on analysis of significant impacts to the organization. This plan identifies specific, measurable, achievable, relevant, and time-bound (SMART) targets and concrete actions to address challenges and seize opportunities related to sustainability. The Control, Risk and Sustainability Committee, composed of independent directors, plays a key role in this process, advising and supporting the Board of Directors on sustainability issues, monitoring the effectiveness of the risk management system and making recommendations for its constant improvement.

The corporate bodies and Management of the Company, each in its own duties in implementing the business strategy, take into account the impacts, risks and opportunities, balancing their decisions according to a rationale that considers, on the one hand, the long-term strategies and targets for the sustainable success of the Company and, on the other hand, measuring on an ongoing basis the risk situations and the consequent required activities to deal with them.

More generally, the Group is committed to maintaining a system that fosters the achievement of corporate targets and the pursuit of ESG values and goals, and has equipped itself with a solid governance structure, the characteristics of which ensure competence and the ability to direct the Group's development from a sustainability perspective.

4.2 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123-BIS, PARAGRAPH 1.L), FIRST PART, OF THE TUF)

Pursuant to Articles 18 et seq. of the Bylaws, the Company is managed by a board of directors with a minimum of 7 (seven) and a maximum of 9 (nine) members.

Directors hold office for a period not exceeding three fiscal years and are eligible for reelection in accordance with Article 2383 of the Civil Code. Their terms expire on the date of the shareholders' meeting called to approve the financial statements for the last year of their term of office.

Directors are appointed by the Shareholders' Meeting, in accordance with the provisions of the law and the Bylaws, on the basis of lists submitted by shareholders. Lists submitted by shareholders, signed by the shareholder(s) submitting them (including by proxy to one of them), must be filed with the Company's registered office within the terms provided for by the applicable laws and regulations in force, which are indicated in the call notice or also via remote means of communication as indicated in the call notice, and made available to the public within the terms and in the manner provided for by the applicable laws and regulations in force.

The following may submit a list for the appointment of directors: (i) shareholders holding, at the time of submission of the list, individually or jointly, a number of shares at least equal to the proportion determined by CONSOB pursuant to applicable statutory and regulatory provisions, and (ii) the board of directors. The ownership of the minimum proportion provided for in the previous sentence of this paragraph at point (i) shall be determined having regard to the shares that are registered in favor of the shareholder on the day on which the list is filed with the Company, it being understood that the relevant certification may also be produced after the filing, provided that it is within the deadline for the publication of the list.

Any list submitted by the board of directors shall (i) be filed and made public, in the manner prescribed by the regulations applicable to lists submitted by shareholders, no later than the thirtieth day prior to the date of the shareholders' meeting on first or single call, without prejudice to the deadlines established by law for filing with regard to calls subsequent to the first call, and shall be made available to the public in accordance with the legal regulations in force for shareholders' lists, and (ii) shall meet, mutatis mutandis, the requirements established for the submission of lists by shareholders.

Each shareholder, as well as shareholders belonging to the same group and shareholders who are parties to a shareholders' agreement relevant under Article 122 of the TUF, may not submit or participate in the submission, even though a third party or trust, more than one list, nor may they vote for different lists. Each shareholder entitled to vote may vote for only one list. Each shareholder's vote will relate to the list and thus all the candidates on it, with no possibility of variations or exclusions. Votes cast in violation of this prohibition will not be attributed to any list.

Each candidate may be on only one list, under penalty of ineligibility.

Each list:

shall contain no more than 9 (nine) candidates, listed according to sequential numbering;
shall contain and expressly indicate a minimum number of directors, corresponding to the minimum provided for by the regulations in force, who meet the independence requirements provided for by the law and by the corporate governance codes to which the company has declared to comply with (the "Independence Requirements");
for the period of application of the legislation and regulations in force on gender balance, shall also include candidates belonging to both genders, at least in the minimum proportion required by the legislation including regulations in force, as specified in the call notice of the Shareholders' Meeting, where there are a number of candidates equal to or greater than 3 (three);
shall contain as attachments the documentation required by the Bylaws, as well as any additional or different statements, disclosures and/or documents required by law and applicable regulations.
A) If two or more lists have been submitted, the submitted lists shall be voted on and the Board of Directors shall be formed according to the following provisions:
- a) from the list that has obtained the highest number of votes cast (the "Majority List") a number of directors equal to the total number of members to be elected shall be drawn, according to the sequential order of presentation, with the exception of any directors to be drawn from other lists pursuant to points b) and c) below;
- b) from the list that has obtained the second highest number of votes cast (provided that such number of votes corresponds to at least half of the percentage of share capital required for the submission of a list) (the "Second List") the following are taken: (i) 2 (two) directors, according to the

order indicated in said list, if the number of votes obtained by said list is at least equal to 10% (ten percent) of the share capital or (ii) 1 (one) director, according to the order indicated in said list, if the number of votes obtained by said list is less than 10% (ten percent) of the share capital;

c) from the list that obtained the third highest number of votes (provided that such number of votes corresponds to at least half of the percentage of share capital required for the submission of a list), and provided that such list is not connected even indirectly with the shareholders who submitted the Majority List and/or the Second List (the "Third List"), 1 (one) director shall be drawn in the person of the candidate indicated with the first number on said list;
d) it is understood that (i) in the absence of the Second List and/or the Third List and/or (ii) in the event that one and/or both of these lists have not obtained a percentage of votes at least equal to half of that required for its submission, the remaining directors to be elected shall be drawn from among the candidates in the Majority List according to the order indicated therein.

In the event that the Majority List does not present a sufficient number of candidates to ensure the full election of directors, it is understood that all candidates from the Majority List will be taken according to their order on the list, as per letter a) above. If the conditions are met: (i) one or two directors (as per letter b) above) will be taken from the Second List, and (ii) one director will be taken from the Third List (as per letter c) above), the remaining directors will be appointed by resolution of the Shareholders' Meeting, based on nominations proposed by shareholders within the terms and procedures established by the applicable regulations for submitting resolutions on matters already on the agenda. This appointment process will depend on whether eligible parties can intervene and exercise their voting rights directly at the Shareholders' Meeting or exclusively through the designated representative. The appointment will be in compliance with the legal requirement to maintain the minimum number of independent directors and in adherence to the applicable laws and regulations on gender balance.

In the event of a tie between lists, the meeting will conduct a new vote, focusing only on the tied lists, with the list receiving the highest number of votes in this round will prevail.

In addition:

in the event that a sufficient number of directors meeting the Independence Requirements established by the applicable legal and regulatory framework are not elected, the candidate who does not meet these requirements and is elected last in numerical order from the list with the highest number of votes will be excluded. This candidate will be replaced by the next candidate from the same list who meets the Independence Requirements. This procedure, if necessary, will be repeated until the number of independent directors to be elected is achieved;
if, in addition, with the candidates elected in the manner indicated above, the composition of the board of directors does not comply with the gender balance

requirements set forth by the applicable legal and regulatory provisions, the candidate of the most represented gender, elected last in numerical order from the list with the highest number of votes, will be replaced by the first candidate of the least represented gender, who has not been elected, from the same list, according to the numerical order. This replacement procedure will take place until the composition of the board of directors complies with the regulations on gender balance;

if, finally, the above procedure does not ensure the election of a sufficient number of directors meeting the Independence Requirements and/or the composition of the Board of Directors in compliance with the regulations regarding gender balance, the replacement will occur through a resolution passed by the Shareholders' Meeting by relative majority. This will be based on nominations of individuals meeting the Independence Requirements and/or, where applicable, from the less represented gender, proposed by the shareholders within the terms and in the manner set forth by the regulations governing the submission of proposals for resolutions on matters already on the agenda. This will depend on whether the eligible individuals can intervene and exercise voting rights directly at the Shareholders' Meeting or exclusively through the designated representative.
B) If only one list has been submitted, the entire Board of Directors shall be drawn from it, in compliance with the provisions of the law and regulations in force, as well as with the provisions on gender balance set forth above, and the provisions of the law and the Bylaws regarding the appointment of independent directors.
C) If no list has been submitted, or if the number of directors elected based on the submitted lists is less than the number of members to be elected, or if the entire board of directors is not to be renewed, or if for any reason it is not possible to proceed with the appointment of the board of directors as described above, the members of the board of directors shall be appointed by the shareholders' meeting with ordinary majorities, without the application of the list voting mechanism, based on nominations proposed by the shareholders within the terms and in the manner provided by the regulations in force for the submission of proposals for resolutions on matters already on the agenda, depending on whether the intervention and exercise of voting rights by the eligible parties can take place directly at the Shareholders' Meeting or exclusively through the designated representative, without prejudice to the minimum number of directors meeting the Independence Requirements and compliance with the gender balance provisions mentioned above.

The Board of Directors, at the first meeting following its appointment, elects a chairperson from among its members, if the ordinary shareholders' meeting has not already made the appointment. The Board of Directors may elect a vice-chairperson, who replaces the chairperson in cases of absence or impediment.

Should one or more directors leave office during the fiscal year for any reason:

(i) the Board of Directors shall replace them by co-opting the first non-elected candidate (if available) from the same list to which the outgoing director belonged;
(ii) if it is not possible to integrate the board of directors pursuant to point (i) above, the Board of Directors shall co-opt replacements by means of majorities by law.

In any case, the Board of Directors and the Shareholders' Meeting will respectively coopt and make the above appointments in such a way as to ensure (i) the minimum total number of independent directors required by the regulations in force, and (ii) compliance with the regulations pertaining to gender balance.

The Issuer is not subject to additional rules regarding the composition of the Board of Directors.

For information on the role of the Board of Directors and Board Committees in the selfassessment, appointment, and succession of directors processes, see Section 7 of the Report.

4.3 COMPOSITION (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) AND 2.D-BIS) OF THE TUF)

The Company is managed by a Board of Directors composed of an odd number of members ranging from a minimum of 7 to a maximum of 9 members, as provided for by Article 25 of the Bylaws.

On April 27, 2023, the Shareholders' Meeting set the number of members of the management body at 9 (nine), which was composed as follows:

First and last name	Position
Domitilla Benigni	Chairwoman of the Board of Directors
Emanuele Galtieri	Chief Executive Officer(*)
Roberto Ferraresi	Director
Enrico Peruzzi	Director
Alberto Luigi Sangiovanni
Vincentelli	Director
Paolo Izzo	Director
Alessandra Bucci	Independent Director(**)
Cinzia Parolini	Independent Director(**)
Maria Giovanna Calloni	Independent Director(**)

(*) Director with operating powers.

(**) Independent director pursuant to Article 148, par. 3 of the TUF, as referred to in Article 147ter, par. 4 of the TUF, and Article 2 of the CG Code.

In this regard, it should be noted that directors Domitilla Benigni, Emanuele Galtieri, Enrico Peruzzi, Alberto Luigi Sangiovanni Vincentelli, Paolo Izzo, Alessandra Bucci and Cinzia Parolini were taken from the majority list presented by the shareholder Elettronica, while directors Roberto Ferraresi and Maria Giovanna Calloni were taken from the minority list presented by the shareholder TEC Cyber.

At its meeting on May 2, 2023, the Board of Directors assessed the independence of its Directors pursuant to and in accordance with Article 148, paragraph 3 of the TUF (as referred to in Article 147ter, paragraph 4, of the TUF) and Article 2 of the CG Code, verifying the presence of an adequate number of non-executive independent Directors in order to comply with the recommendations of the Corporate Governance Code. Specifically, the Board of Directors deemed that Directors Alessandra Bucci, Cinzia Parolini and Maria Giovanna Calloni met the above independence requirements.

Subsequently, on July 26, 2023, having acknowledged the resignation – with immediate effect, and due to unexpected work commitments – of Director Enrico Peruzzi, and the waiver of the "non-elected" candidates belonging to Mr. Peruzzi's list of origin, the Board of Directors, after a favorable opinion from the Appointments and Remuneration Committee, resolved to appoint by co-optation Mr. Alessandro Chimenton as a new nonindependent and non-executive member of the management body. At the same board meeting, the management body, supported by the preliminary activity of the Appointments and Remuneration Committee, ascertained that Mr. Chimenton meets the professionalism and integrity requirements and complies with the criteria of competence, fairness and dedication of time set out by the regulations in force.

First and last name	Position	Date of birth	Seniority in office (§)
Domitilla Benigni	Chairwoman of the Board of	April 4, 1969	5 years
	Directors
Emanuele Galtieri	Chief Executive Officer(*)	October 23, 1974	4 years
Roberto Ferraresi	Director	July 3, 1975	3 years
Alessandro Chimenton	Director	December 7, 1961	1 year
Alberto Luigi		June 23, 1947	5 years
Sangiovanni Vincentelli	Director
Paolo Izzo	Director	June 15, 1973	3 years
Alessandra Bucci	Independent Director(**)	July 30, 1966	2 years
Cinzia Parolini	Independent Director(**)	January 27, 1959	3 years
Maria Giovanna Calloni	Independent Director(**)	December 26, 1964	2 years

Therefore, as at the Report Date, the Board of Directors was composed as follows:

(*) Director with operating powers.

(**) Independent director pursuant to Article 148, par. 3 of the TUF, as referred to in Article 147ter, par. 4 of the TUF, and Article 2 of the CG Code.

(§) Reference is made to the date of first appointment.

In accordance with Article 2386 of the Civil Code, the Shareholders' Meeting called to approve the financial statements for the year ended December 31, 2023 confirmed the appointment of Mr. Alessandro Chimenton.

The Board of Directors remains in office for a period of three fiscal years, and, therefore, until the approval of the financial statements as at December 31, 2025.

The Company's Board of Directors is composed of executive and non-executive directors, all of whom have professionalism and skills appropriate to the tasks entrusted to them. The number and expertise of the non-executive directors are such as to ensure that they have significant weight in taking board resolutions and to guarantee effective monitoring of management; a significant part, 3 out of 9 non-executive directors, is independent.

A summary of the main professional skills and characteristics of individual Board of Directors members is hereby provided.

Domitilla Benigni

She has been chairwoman of the CY4 Board of Directors since 2020, and general manager and chief executive officer of Elettronica. She started her career at Elettronica in 1996 after graduating in electrical engineering. She has gained extensive experience in areas such as strategic planning, business development, and engineering. She has been a member of the Technical Scientific Committee of the Italian National Cybersecurity Agency since June 2022.

Emanuele Galtieri

He is Chief Executive Officer and General Manager of CY4, where he previously served as "deputy CEO" and general manager. He worked at Elettronica from 2008 to 2020, where he held various roles with increasing responsibility in foreign markets business, he was Corporate HR Head as well as Head of communications and corporate digital transformation. A former Carabinieri officer engaged in various operational assignments, he attended the Nunziatella Military School and the Modena Military Academy, earning a law degree from the University of Rome, a degree in political science from the University of Trieste and an MBA from the Luiss Business School in Rome.

Roberto Ferraresi

A graduate in economics from the Luigi Bocconi University in Milan, he started his career with UBS in London in 1998. From 2004 to 2018, he had a long run at PAI Partners where he completed major leveraged buy-out operations. Since 2018, he has been founder and chief executive officer of The Equity Club S.r.l. a club deal initiative promoted together with Mediobanca that has involved more than 90 entrepreneurial households in Italy and has completed 6 significant investment deals to date.

Paolo Izzo

He boasts a strong academic background, with a bachelor's degree in Political Science from the University of Turin, a master's degree in Business Administration from the University of Modena and Reggio Emilia, and a Master's degree in Business Administration (MBA) from the Graduate School of Business at the University of Strathclyde, in Glasgow, UK. He joined Elettronica in 2007, bringing with him considerable military and managerial experience. Previously, in fact, he served as a Military Officer holding command positions. Throughout his career, he stood out for his ability to create and manage successful global business relationships and develop effective business strategies. As at the Report Date, he is a special attorney for Elettronica.

Alessandro Chimenton

Graduated in Business Administration, at Arthur Andersen & Co. s.a.s. since 1986 and since 1990 at Arthur Andersen MBA s.r.l. - Management & Business Advisors, he has held numerous positions with companies in the manufacturing and financial sectors (banking, leasing, factoring). He has held the position of executive since 1991, working mainly in Corporate Finance and Financial Industry. He has gained significant professional experience by means of professional services rendered in the following areas: appraisals, valuations of companies and Corporate Groups, valuations of trademarks and intangible assets, business disposals and acquisitions, due diligence, arbitrations, budget analysis, preparation of strategic plans and business plans, feasibility studies, industrial projects/business integrations, and management reporting. Partner since 1999 of Enterprise Partners & Co. S.r.l. and since 2014 of C&P ADVISORY, both management consulting companies, operating in the above-mentioned services. He is a Certified Public Accountant and Statutory Auditor.

Alberto Luigi Sangiovanni Vincentelli

Graduate in electrical engineering from Politecnico University in Milan, from 1974 to 1977 he was a professor for the electronics department at the same university, while from 1976 until the Report Date he has been a professor at Berkeley University, California. He co-founded the companies Cadence Design Systems and Synopsys, both listed on NASDAQ. From 1982 to 1991 he was a consultant to IBM while, from 1978 to 2010, he was a consultant to the CEO of ST Microelectronics. Author of various publications, he has been an advisor and board member of several companies.

Cinzia Parolini

Graduated in Business Administration from the Luigi Bocconi University in Milan, she has been a lecturer and head of Business Administration teaching since the beginning of her university career, first at Bocconi University and later at the Faculty of Economics of the University of Modena and Reggio Emilia. Since the early 1990s, she has been a lecturer in Strategy and Business Planning. Since 2023, she has served as chairwoman of the Joint Teachers-Students Committee of the Unimore Department of Economics. She is also a member of the planning committee for the master's degree course "Analisi dei Dati per l'Economia e il Management" (Data Analysis for Economics and Management) for the Unimore Department of Economics. She has made numerous publications.

Alessandra Bucci

Senior manager with more than 25 years of management experience in marketing, sales, and operations, which began in FMCG (Unilever), then in pharmaceuticals (Bristol Myers Squibb), and developed mainly in services, telecommunications (TIM), and transportation (Trenitalia). Having studied marketing and trade marketing issues in depth, Bucci has developed extensive experience in telecommunications, where she manages all the levers of marketing, customer relations and sales policies, planning, and customer experience. She also gained significant experience as sales manager in Trenitalia. As at the Report Date, she serves as a strategic advisor to large- and medium-sized service companies and is a member of boards of directors of major listed companies or those in which the Italian Ministry of Economy and Finance (MEF) holds a stake. She supports EBRI science foundation in marketing and fundraising. She is an adjunct lecturer of International Marketing at La Sapienza University of Rome.

Maria Giovanna Calloni

She graduated in 1987 with a degree in Business Administration summa cum laude from the Luigi Bocconi University in Milan. From 1987 to 1990 she worked as an analyst at Memorex Telex with assignments in Milan, London, and New York. In 1992 she earned a Business Administration Master's Degree with honors from New York University and was hired as an associate at the investment bank Merrill Lynch in the New York office. This was followed by positions of increasing responsibility within the investment banking team and later as director of equity capital markets. Since returning to Italy, she has been involved in investment activities with holdings in unlisted companies focusing on the renewable energy, fintech and technology sectors. She also conducts business consulting related to capital market and M&A processes for portfolio companies.

That being said, it is further specified that the members of the Strategic Committee (namely, as at the Report Date, Alberto Luigi Sangiovanni Vincentelli (Chairman), Roberto Ferraresi, Paolo Izzo and Emanuele Galtieri (ex officio member as Chief Executive Officer of the Company) possess experience and expertise in the Company business sector that are adequate to the tasks they are called upon to perform, the assessment of which pertains to the Board of Directors at the time of their appointment. For more detailed information on the Strategic Committee, see Section 6 of the Report, paragraph on Additional Committees (other than those required by law or recommended by the Code).

In addition to the above, the members of the Board of Directors regularly participate in initiatives aimed at updating their knowledge regarding the business sector in which the Group operates, the drivers for the development of the products and services offered (including the relevant profiles related to compliance with current ESG regulations), and the money laundering and terrorist financing risks, considering, among other things, the geographical areas of reference.

The Report also contains, as an appendix, a list of all offices held by the Directors in other companies as at the Report Date, according to the criteria set forth therein.

Diversity criteria and policies in board composition and corporate organization

The provisions requiring the allocation of the members of the Board of Directors to be elected based on a criterion ensuring gender balance, in accordance with applicable legal provisions, have been included in the Issuer's Bylaws. In this regard, it should be noted that although Article 147ter, paragraph 1ter of the TUF, as amended by Italian Law No. 160 of December 27, 2019, specifies that the provisions on gender balance shall apply as of the first renewal of the Board of Directors following the listing, providing that the less represented gender obtains at least one-fifth of the total number directors elected on the occasion of the first renewal and at least two-fifths in the next five consecutive terms (in any case rounded up), the composition of the Issuer's Board of Directors, on a voluntary basis, already complies with said requirements for renewals after the first one.

In addition, it is worth noting how the issue of gender diversity also found a place within the managerial choices that characterized CY4's corporate dynamics during the Year. In particular, it is reiterated how, as part of the identification of the Plan Targets, the Company defined an annual target related to ESG issues and, in particular, to obtaining and maintaining "Gender Equality Certification" (see Section 2 of the Report).

The composition of the Company's management body reflects an appropriate degree of diversification, as represented in more detail below and in the following tables. In fact, the Issuer pays great attention to governance issues; specifically, as at the Report Date, 44.44% of the Board of Directors members is female, and, more generally, the Board Members have a heterogeneous portfolio of experience, as evidenced in more detail in the summary of their respective resumes. Likewise, the age brackets and seniority of office of the members – please refer to the Table on the Composition of the Board of Directors as at the Report Date in Section 4.3 above – are appropriately differentiated.

The following table shows the composition by gender of the Company's Board of Directors:

Members of the Board of Directors	No.	%
Female Directors	4	44%
Male Directors	5	56%

The following table shows the composition by age bracket of the Company's Board of Directors:

Members of the Board of Directors	No.	%
Directors under 30 years old	0	0%
Directors between 30 and 50 years old	2	22%
Directors > 50 years old	7	78%

The following table shows the relevant skills for the industries, products, and geographic areas in which the Group operates that the members of the Company's Board of Directors possess:

Area	No. of members
A) Strategic planning	9
B) Risk management	6
C) Innovation and technology	7
C) Digital IT and cybersecurity	4
E) Finance and business management	9
F) Environmental sustainability	4
G) Social sustainability	5
H) Human Resource management	1
I) Legal	1

More information on the composition of the Board of Directors can be found in Table 2 in the Appendix.

As a side note, for the sake of completeness, it should be noted that in 2024 the Company renewed the certification of the Gender Equality Management System (PdR 125), and the main subsidiary RCS Etm Sicurezza S.p.A. has obtained it.

Maximum number of positions held in other companies

It should be noted that, Recommendation No. 15 of the Code – intended only for "large companies" – which requires the board of directors to express "its orientation on the maximum number of positions on the boards of directors or boards of statutory auditors in other listed or large companies that can be considered compatible with effective performance as a director of the company, taking into account the commitment resulting from the position held", does not apply to the Company.

In any case, the Board of Directors believes that the number and quality of positions held by its members in other companies does not interfere and is, therefore, compatible with the effective performance of their duties as directors of the Issuer.

4.4 OPERATION OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF)

The Board of Directors plays a central role in the guidance and management of the Issuer: pursuant to Article 19 of the Bylaws, the management of the company is exclusively entrusted to the management body, which carries out all operations necessary to achieve the corporate purpose, in compliance with the law and the Bylaws.

In order to define the rules and procedures for its operation, the Board of Directors has adopted its own regulations (for the purposes of this section, the "Regulations").

The Regulations are concerned with – among other things – the management of information to directors, the manner of taking minutes of meetings, and the manner of protecting the confidentiality of the data and information provided, so as not to affect the timeliness and completeness of information flows.

Specifically, the Regulations stipulate, among other things:

the call notice shall be sent to each director by e-mail, telefax or other means deemed appropriate at least 5 (five) days before the date set for the meeting, or, in case of urgency, at least 1 (one) day before the meeting, and must contain the date, time, list of items on the agenda and the place of the meeting;
it is possible for meetings of the Board of Directors to be held by audio or video conference provided that all participants can be identified and are allowed to follow the discussion and intervene in real time in the discussion of the topics addressed;
the documentation supporting the decisions to be taken, containing any proposals for resolutions and suitable information to support the work of the Board of Directors, shall be made available to the directors at least 3 (three) days before the date set for the meeting, except in cases of urgency, in which the documentation shall be made available to the members of the Board of Directors at the latest at the same time as the call notice; where this is not possible, the Chairperson (or his/her deputy), with the assistance of the secretary of the meeting, may see to it

that appropriate and timely details are provided during the board meetings. The documentation is made available by sending via e-mail;

minutes are taken at each meeting, and are signed by the Chairperson and the secretary;
once approved, the minutes are transcribed in the company book, are stored by the relevant corporate departments, and can be consulted, if requested, by each Director, as well as by other entitled parties in accordance with the regulatory provisions applicable from time to time;
the meetings are confidential. Disclosure of news pertaining to the meetings (except for legitimate reasons related to the performance of the position) is prohibited, and minutes and resolutions are considered confidential documents. Minutes, resolutions, mails and documents belonging to directors are subject to confidentiality obligations and, if not collected by the directors at the end of the meeting, they must be collected and stored by the secretary. Unauthorized individuals are prohibited from accessing the Board of Directors documents.

The Board of Directors shall be convened by the Chairperson as often as he/she deems necessary, or as requested by at least two of its members. The power to convene the Board of Directors meeting is also vested, in accordance with Article 151 of the TUF, in the Board of Statutory Auditors or even individually in each standing auditor.

The Board of Directors is duly constituted with the majority of the directors in office and passes resolutions by the majorities provided for in the Bylaws: (a) with the favorable vote of the majority of the directors present; and (b) with the favorable vote of the absolute majority of the directors in office in the event of the establishment of assets allocated to a specific business.

For the sake of completeness, it should be noted that, pursuant to Article 24, paragraphs 4 and 5 of the Bylaws, the approval of board resolutions concerning any actions involving the disposal, whether permanent or temporary, of patented and non-patented industrial property rights (including know-how, programs, software, databases, data, and industrial and commercial information, whether or not subject to confidentiality regime) related to the technologies used by the Company in its ordinary course of business shall require, in any event, the favorable vote of all directors appointed from the Majority List. Additionally, if the Second List is submitted by shareholders collectively holding at least 35% (thirty-five percent) of the share capital, the favorable vote of all directors appointed from said Second List shall also be required.

In the sole event that 2 (two) directors are drawn from the Second List, the favorable vote of at least 1 (one) director drawn from the Second List shall be required in any case for the approval of board resolutions pertaining to:

a) the approval of merger and demerger projects, except for those referred to in Articles 2505 and 2505bisof the Civil Code;
b) the acquisition of buildings and/or equity investment worth more than Euro 10,000,000.00;
c) taking on financial debt of more than Euro 20.000.000,00.

The Board of Directors performs the aforementioned tasks, as well as the additional tasks attributed to it by the CG Code, availing itself – where applicable – of the support of the committees established within it.

During the Year, the Directors have ensured the effective performance of their duties, devoting the time necessary for the most efficient functioning of the management body; this is attested, considering the significant number of Board meetings held during the Year, by the high percentage of Directors attendance.

During the Year, the Board of Directors met 9 times. As at the Report Date, 3 meetings of the management body have been held, including the one at which the Report was approved.

The average duration of the Board of Directors' meetings during the Year, as collectively considered, was approximately one hour and forty-five minutes. Meetings took place both in presence and via audio-video conference link.

Please refer to Table 2 in the appendix of the Report for more details on this matter.

4.5 ROLE OF THE CHAIRPERSON OF THE BOARD OF DIRECTORS

On May 2, 2023, the management body resolved, among other things, to appoint Domitilla Benigni as Chairperson of the Board of Directors.

The Chairperson of the Board plays a liaison role between the executive and nonexecutive directors and ensures the effective functioning of the board proceedings.

In particular, the Chairperson of the Board of Directors, during the Year, oversaw:

(i) the suitability of the pre-board disclosure, as well as of the additional information provided during board meetings, to enable directors to act in an informed manner in the performance of their role, ensuring that each item on the agenda was given the necessary time to examine it, along with every issue that was the subject of board meetings, encouraging constructive and wide-ranging debate, contributions, and discussion by all directors;
(ii) the coordination of the activity of the Board Committees with the activity of the Board, serving as a link between their work and that of the management body;
(iii) in agreement with the Chief Executive Officer, the attendance at board meetings also at the request of individual directors – of the executive managers of the Company and the Group companies responsible for the relevant corporate departments according to the subject matter, in order to provide the appropriate insights into the items on the agenda. During the Year, individuals from outside the Board, in particular executive managers of the Issuer, heads of relevant corporate departments, were sometimes invited to attend Board meetings, depending on the matter on the agenda, in order to ensure that all Directors and Statutory Auditors had appropriate insights into the issues;
(iv) the participation of the members of the management and control bodies, subsequent to their appointment and during their term of office, in initiatives aimed at providing

them with adequate knowledge of the business sectors in which the Issuer operates, of corporate dynamics, and their development, also with a view to the sustainable success of the Issuer, as well as of the sound risk management principles and of the relevant regulatory and self-regulatory framework.

For more information regarding the responsibilities and capabilities of the administrative, management and control bodies on sustainability issues or access to such responsibilities and capabilities, as well as how the administrative, management and control bodies determine whether appropriate skills and capabilities are available or will be developed to oversee sustainability issues, see Section 4.3 of the Report.

With regard to (i) the Board's self-assessment process and (ii) the dialogue that took place with shareholders, please refer to Section 7 and Section 12 of the Report, respectively.

Board Secretary

For the organization of its activities, the Board of Directors is supported by a secretary.

The secretary, appointed at each Board meeting upon the proposal of the Chairperson, may also be chosen from outside the members of the Board of Directors, among individuals of proven professionalism.

The Secretary supports the work of the Chairperson and provides impartial assistance and advice to the Board of Directors on any matter relevant to the proper functioning of the corporate governance system. He/she also assists the Chairperson in preparing the minutes of each meeting and signs them together with the Chairperson.

During the Year, the Secretary has supported the activities of the Chairperson of the Board (particularly in relation to the aspects indicated in Section 4.5 "Role of the Chairperson of the Board of Directors" above) and provided impartial assistance and advice to the Board on any aspect relevant to the proper functioning of the corporate governance system.

4.6 EXECUTIVE DIRECTORS

Chief Executive Officers

The Board of Directors consists of executive and non-executive directors.

Pursuant to the Bylaws, the Board of Directors may delegate part of its powers to one or more of its members, determining their powers and remuneration.

On May 2, 2023, the Board of Directors appointed Emanuele Galtieri as Chief Executive Officer, granting him the following powers and proxies:

A. General representation of the Company

This includes, but is not limited, to every power necessary for (i) signing the Company's correspondence; (ii) fulfilling the Company's corporate obligations as required by law, handling dealings with any administrative authority, court or office (including the Register of Companies and Financial Offices), relations with the Company's shareholders, consultants, Certification and Auditing Companies (if appointed); (iii) representing the Company in any transaction or ordinary administration activity with signatory powers; (iv) filing and renewing trademarks, filing patents, registering, renewing or deleting internet domains as well as granting and taking in use any form of industrial property rights; (v) representing the Company in the Shareholders' Meetings of Subsidiaries and/or Investees.

B. Relations with Authorities and Administrations

This includes, but is not limited, to every power necessary for (i) representing the Company before any independent administrative authority (expressly including the Commissione Nazionale per le Società e la Borsa (CONSOB), the Autorità Garante della Concorrenza e del Mercato (Italian Competition Authority) and the Autorità Garante per la protezione dei dati personali (Italian Data Protection Authority)), by signing and submitting, in the name and on behalf of the Company, all communications, declarations, clarifications and requests that, by law or voluntarily, should be made to the authority (ii) representing the Company before any public or private entity, or any administrative or financial authority, with the Bank of Italy, land credit institutions, customs, railway, tramways, shipping and transport companies, post and telegraph offices, in all transactions with said entities, authorities, offices and companies, submitting petitions, deeds, declarations and documents, collecting and paying sums, obtaining and issuing valid receipts and discharges (iii) authorizing the payment of fines, oblations, concessionary charges, income taxes, fees and other charges due to the Public Authorities.

C. Representation in Litigation

This includes, but is not limited, to every power necessary for (i) representing the Company vis-à-vis third parties and in court, both as plaintiff and defendant, before any judicial, arbitration or administrative authority, in any venue and level of jurisdiction – declaratory, executive, precautionary or voluntary jurisdiction – including for judgments before the Court of Cassation and the Council of State, appointing attorneys and general or special attorneys with all the necessary powers, with the ability to delegate authority and choose addresses for service; (ii) representing the Company before tax offices, tax commissions at all levels, and any administrative, union, etc. authorities; filing petitions, grievances, appeals and counter-appeals; signing agreements, applications for licenses, permits, authorizations and administrative concessions of all kinds; appointing and revoking attorneys as well as other licensed professionals for the abovementioned acts and proceedings, with the ability to delegate authority and choose addresses for service; (iii) constituting himself/herself as plaintiff in criminal trials, in the name and interest of the Company; filing and waiving complaints and lawsuits.

D. Management of the Company

This includes, but is not limited, to every power necessary for (i) managing the Company in accordance with the instructions and resolutions of the Board of Directors; implementing said instructions and resolutions; (ii) putting into practice the commercial, marketing and communication policies, as well as supporting the development strategies established by the Board of Directors; (iii) except for what is reserved pursuant to the law for the Board of Directors or the Shareholders' Meeting, carrying out any act of ordinary and extraordinary management concerning the Company's business that involves, even as aggregate, a liability commitment not exceeding Euro 3,000,000.00 per transaction, and/or an active commitment not exceeding Euro 10,000,000.00 per transaction. Exceeding this limit will necessitate a resolution of the Board of Directors or, where required, a resolution of the Shareholders' Meeting.

The Chief Executive Officer, who is entrusted with defining projects and objectives for the growth of the Company and the Group, in accordance with the relevant general, programmatic and strategic guidelines, reports to the Board of Directors (and the Board of Statutory Auditors), at the first useful meeting, on the activities carried out within the scope of his/her assigned powers and proxies.

Chairwoman of the Board of Directors

On May 2, 2023, the Board of Directors appointed Domitilla Benigni as Chairwoman of the Board of Directors, granting her the following powers and proxies:

A. General representation of the Company

This includes, but is not limited, to every power necessary for (i) signing the Company's correspondence; (ii) fulfilling the Company's corporate obligations as required by law, handling dealings with any administrative authority, court or office (including the Register of Companies), relations with the Company's shareholders, consultants, Certification and Auditing Companies (if appointed); (iii) representing the Company in any transaction or ordinary administration activity with signatory powers; (iv) filing and renewing trademarks, filing patents, registering, renewing or deleting internet domains as well as granting and taking in use any form of industrial property rights.

B. Relations with Authorities and Administrations

C. Representation in Litigation

D. Management of the Company

This includes, but is not limited to, every power necessary for (i) verifying and monitoring the implementation of the resolutions of the Board of Directors; (ii) supporting the Chief Executive Officer in the preparation of the Company's commercial, marketing and communication policies, which will, however, remain the sole responsibility of the Chief Executive Officer; (iii) supporting the Chief Executive Officer in the preparation of corporate strategies to be submitted to the Board of Directors for approval.

The Chairperson of the Board of Directors is not the controlling shareholder of the Issuer.

For more information regarding the roles and responsibilities of the boards of directors, management and control bodies in overseeing procedures to manage relevant risks, impacts and opportunities, as well as how the boards of directors, management and control bodies are informed about sustainability issues and how these issues were addressed during the reporting period, see Section 4.1 of the Report.

Executive Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

Pursuant to the Bylaws, the Board of Directors may provide for the establishment of an executive committee of which the Chairperson, as well as all executive directors, will be members ex officio. The rules for the convening, constitution and operation of the executive committee are the same as for the Board of Directors, and resolutions are passed by a majority of votes of those present and voting.

As at the Report Date, no executive committee has been appointed.

Disclosures to the Board by directors/delegated bodies

At the first useful meeting, the executive directors report to the Board on the activities carried out in the exercise of the powers delegated to them and in particular on atypical, unusual or related-party transactions, as well as on those of major economic, financial and equity significance, carried out by the Company or its subsidiaries.

Other executive directors

There are no other directors on the Board of Directors who should be classified as executive because they do not: (i) hold management positions within the Issuer; (ii) serve as the chairperson of a strategically significant subsidiary of the Issuer with delegated powers related to management or corporate strategy development; or (iii) hold the role of chief executive officer or other executive positions in a strategically significant subsidiary of the Issuer or in its parent company, where such roles also pertain to the Issuer.

4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR

Independent directors

As at the Report Date, out of 9 (nine) members of the Board of Directors, 3 (three) qualify as independent under the TUF and the CG Code: Alessandra Bucci, Cinzia Parolini and Maria Giovanna Calloni.

At its meeting on March 14, 2024, the Board of Directors assessed the independence of its directors pursuant to and for the purposes of Article 148, par. 3 of the TUF (as referred to in Article 147ter, par. 4 of the TUF) and Article 2 of the Corporate Governance Code, and also taking into account the quantitative and qualitative criteria for the assessment of the significance of the relationships between the directors (and statutory auditors) on the one hand, and the Company and/or the Group, on the other, pursuant to Recommendation 7 of the CG Code set forth in the document entitled "Criteri applicativi per la valutazione dell'indipendenza ai sensi del Codice di Corporate Governance" (Application Criteria for the Assessment of Independence Pursuant to the Corporate Governance Code) (referred to below) approved, subject to the favorable opinion of the Appointments and Remuneration Committee, by the Board of Directors on March 8, 2024, verifying the presence of an adequate number of non-executive independent Directors in order to comply with the recommendations of the CG Code.

In particular, in accordance with the provisions of the "Application Criteria for Assessing Independence Pursuant to the Corporate Governance Code" adopted by the Company – which also apply, with appropriate distinctions, to the assessment of the independence of the members of the Board of Statutory Auditors (which is the latter's responsibility) – the assessment of independence of the members of the Board of Directors is carried out bearing in mind that the circumstances that compromise, or appear to compromise, the independence of a Director are usually as follows:

a) if he/she is a significant shareholder of the Company, where "significant shareholder" is defined as a person who, directly or indirectly (through subsidiaries, trustees or intermediaries), controls the Company or is able to exercise significant influence over it or who participates, directly or indirectly, in a shareholders' agreement through which one or more persons exercise control or significant influence over the Company;
b) if he/she is, or has been in the previous three fiscal years, an Executive Director or an employee:
- − of the Company, a company controlled by it, or a company under common control; or
- − of a significant shareholder of the Company (according to the definition of "significant shareholder" in subsection a) above);
c) if, directly or indirectly (e.g., through subsidiaries or companies of which he/she is an executive director, or as a partner in a professional or consulting firm), he/she has, or has had in the previous three fiscal years, a business, financial, or professional relationship:
- (i) with the Company or its subsidiaries, or its executive directors or top management. For the purposes of the foregoing, top management is defined as senior executive managers who are not members of the Company's Board of Directors and have the power and responsibility for planning, managing and controlling the activities of the Company and its Group;
- (ii) with a person who, including together with others through a shareholders' agreement, controls the Company or, if the controlling party is a company or entity, with its executive directors or top management;
d) if he/she receives, or has received in the previous three fiscal years, from the Company, one of its subsidiaries, or the parent company, any remuneration in addition to the fixed remuneration approved by the Company's bodies for the Company office or for participating in the board committees;
e) if he/she has been a Director of the Company for more than nine fiscal years, including non-consecutive, in the last twelve fiscal years;
f) if he/she holds the position of Executive Director in another company in which an Executive Director of the Company holds a directorship;
(g) if he/she is a partner or director of a company or entity belonging to the network of the company entrusted with the statutory audit of the Company;
(h) if he/she is a close family member of a person who is in one of the situations mentioned in the previous points. For the purposes of the foregoing, "close family members" means spouse not legally separated, relatives and relatives-in-law

within the fourth degree (for Executive Directors and/or significant shareholders) and within the second degree for others and domestic partners.

It should be noted that, on March 14, 2024, the Board of Statutory Auditors – as part of the duties attributed to it by law – verified the proper application of the aforementioned criteria and assessment procedures adopted by the Board of Directors for evaluating the independence of directors in office as at the Report Date.

The number of CY4's independent directors and their skills are adequate for the needs of the business and the operation of the Board of Directors, as well as for the purposes of establishing the relevant Committees.

As at the Report Date, with the assistance of the Appointments and Remuneration Committee, the Board of Directors has assessed the existence of the independence requirements, provided for by current regulations, of each of the non-executive directors, who have provided all the elements necessary or useful for the Board's assessments.

Directors' independence requirements are in any case subject to evaluation by the Board of Directors during the course of their term of office upon the occurrence of circumstances relevant to independence and, in any case, at least every three years. In this context, the Board of Statutory Auditors verifies the proper application of the assessment criteria and procedures adopted by the Board to evaluate the independence of its members.

Lead Independent Director

Since the prerequisites under the CG Code are not in place, the Issuer has considered – based on the recommendations set out in the CG Code – not to establish such a position at present.

5. CORPORATE INFORMATION MANAGEMENT

Procedure for handling Inside Information and maintaining the Insider Register

On May 18, 2023, the Board of Directors adopted a procedure for the management and processing of insider information and the external disclosure of documents and information, as well as for keeping and updating the register of persons with access to inside information.

For more information, please refer to the procedure, available on the Company's website at https://www.cy4gate.com/en/, Governance/Documents section.

6. BOARD COMMITTEES (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF)

On May 18, 2023, in order to ensure the effective performance of its functions in line with the provisions of Article 3, Recommendation 16 of the Code, the Board of Directors resolved to establish the following board committees: (i) the Control, Risk and Sustainability Committee; (ii) the Appointments and Remuneration Committee; and (iii) the Related-Party Transactions Committee (see Section 10 of the Report).

The Control, Risk and Sustainability Committee consists of 3 members, 2 of whom (including the Chairperson) are non-executive and independent, namely:

Cinzia Parolini (Chairwoman);
Alessandra Bucci;
Roberto Ferraresi.

Within the scope of its responsibilities, the Control, Risk and Sustainability Committee:

a) assesses, after consultation with the Financial Reporting Officer, the auditing firm and the Board of Statutory Auditors, the correct use of accounting standards and, in the case of groups, their uniformity for the purposes of preparing the consolidated financial statements;
b) assesses the suitability of periodic and financial information to fairly represent the Company's business model, strategies, the impact of its activities, and the performance achieved;
c) expresses opinions on specific aspects inherent in the identification of major business risks and supports the Board of Directors' assessments and decisions relating to the management of risks arising from prejudicial facts of which it has become aware;
d) examines periodic reports and reports of special significance prepared by Internal Audit;
e) monitors the autonomy, adequacy, effectiveness and efficiency of Internal Audit;
f) may task Internal Audit to conduct audits of specific operational areas, simultaneously notifying the Chairperson of the Board of Statutory Auditors;
g) reports to the Board of Directors, at least half-yearly, when the annual and interim financial reports are approved, on its activities as well as on the adequacy of the internal control and risk management system;
h) performs such additional duties as may be assigned by the Board of Directors.

In addition, as the body responsible for sustainability, the Committee:

a) performs support and advisory functions to the Board of Directors on sustainability matters, meaning the processes, initiatives and activities aimed at ensuring the Company's commitment to sustainable development along the value chain;
b) examines the content of periodic non-financial information relevant to the internal control and risk management system;
c) examines and evaluates the sustainability policies adopted by the Company, aimed at ensuring the creation of value over time for the generality of shareholders and all other stakeholders relevant to it over a medium- to long-

term horizon in compliance with the principles of sustainable development, as well as the sustainability guidelines, objectives, and consequent sustainability processes, and the sustainability reporting submitted annually to the Board of Directors, including, in particular, the Sustainability Report.

The main activities carried out by the Control, Risk and Sustainability Committee during the Year and up to the Report Date are summarized below:

analysis and evaluation regarding ESG issues with a view to promoting the sustainable success of the Company;
meetings with the Supervisory Body and Internal Audit as part of the information flows between the corporate areas involved in the Company's internal control and risk management system;
meetings with the Company's Financial Reporting Officer and CFO, and the auditing firm dealing with issues related to the annual and interim financial statements of the Company and the Group;
assessment of risk profiles related to corporate operations;
examination and evaluation of the impairment testing;
assessment of the organizational structure, the suitability of periodic and financial information to fairly represent the Company's business model, strategies, the impact of its activities and the performance achieved.

The Appointments and Remuneration Committee consists of 3 members, 2 of whom (including the Chairperson) are non-executive and independent, namely:

Alessandra Bucci (Chairwoman);
Maria Giovanna Calloni;
Paolo Izzo.

In its function as the Appointments Committee, the Committee assists the Board of Directors in:

(a) the periodic self-assessment of the Board of Directors and its committees, overseeing the process and providing the background for any assignment to an outside consultant;
(b) the definition of the optimal composition of the Board of Directors and its committees;
(c) the identification of director candidates in cases of co-option;
(d) in view of the renewal of the Board of Directors, the potential submission of a list by the outgoing management body to be carried out in a manner that ensures its transparent formation and presentation;
(e) the preparation, updating and implementation of succession plans for the Chief Executive Officer, other executive directors, if the Board of Directors has considered adopting such plans;
(f) making proposals or expressing opinions in relation to resource development policy.

In its function as the Remuneration Committee, the Committee is responsible for:

(a) developing a proposed remuneration policy for approval from the Board of Directors;
(b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors holding special offices as well as on the setting of performance targets related to the variable component of such remuneration;
(c) monitoring the actual implementation of the remuneration policy with particular reference to the achievement of performance targets;
(d) periodically assessing the adequacy and overall consistency of the policy for the remuneration of directors and top management, where appropriate making proposals to the Board of Directors on the matter;
(e) expressing an opinion on particular and specific matters in the field of economic treatment for which the Board of Directors has requested an assessment.

The main activities carried out by the Appointments and Remuneration Committee during the Year and up to the Report Date are summarized below:

analysis of performance targets related to the variable component of the Company General Manager's remuneration;
analysis of performance targets related to the variable component of the remuneration of the Company's sales managers;
examination of the directors' independence criteria;
examination of the corporate organizational chart and organizational structure of the Issuer and the Group.

The Related-Party Transactions Committee, composed of 3 non-executive independent members, namely:

Maria Giovanna Calloni (Chairwoman);
Cinzia Parolini;
Alessandra Bucci.

This Committee performs the functions assigned to it by the RPT Procedure. In particular, the Committee:

(a) is called upon to express a non-binding reasoned opinion on the Issuer's interest in the completion of the Transactions of Lesser Significance (as defined within the RPT Procedure), as well as on the appropriateness and substantive fairness of their terms;
(b) shall be involved in the negotiation and preliminary phase in the case of Transactions of Greater Significance (as defined within the RPT Procedure) and, thereafter, it is called upon to express a binding reasoned opinion on the Company's interest in the completion of the transaction, as well as on the appropriateness and substantive fairness of the terms.

The main activities carried out by the Related-Party Transactions Committee during the Year and up to the Report Date are summarized below:

analyzing the mapping of the Company's related parties;
analyzing related-party transactions;
analyzing the safeguards adopted by the Company in relation to transactions with related parties.

The Board has determined the composition of the Committees by giving priority to the expertise and experience of their members.

Each Committee reports periodically to the Board of Directors on its activities.

In relation to each Committee, the Board of Directors has adopted regulations that define its rules of operation, including how to take minutes of meetings (at the care of the meeting secretary) and procedures for handling reporting to the directors who are members of the committees.

During the Year, meetings were generally held after all members of the Committees had been sent, approximately 5 days before the date of the meeting, documentation supporting the discussion of the items on the agenda.

Additional committees (other than those required by regulation or recommended by the Code)

On May 18, 2023, the Board of Directors established the Strategic Committee from among its members, with the task of assisting the Board of Directors and the Company's delegated bodies with appraisal, proposal and advisory functions in the evaluations and decisions of the Board of Directors, in accordance with the specific powers attributed to it, it being understood that the evaluation regarding the approval of any transactions proposed by the Committee is exclusively entrusted to the Board of Directors.

Specifically, the Committee supports the Board of Directors in carrying out tasks related to:

(i) the expansion of the Company's business in terms of internal lines growth and support for product and technology strategies;
(ii) the performance of activities aimed at identifying potential companies of interest for initiating corporate acquisition and/or integration processes, including research and scouting for M&A opportunities.

The Strategic Committee consists of the following Directors: Alberto Luigi Sangiovanni Vincentelli (Chairman), Roberto Ferraresi, Paolo Izzo and Emanuele Galtieri (member ex officio as Company's Chief Executive Officer).

The main activities carried out by the Strategic Committee during the Year and up to the Report Date are summarized below:

analysis of medium- to long-term strategies related to the Cyber Security segment and evaluation of potential growth operations by external lines;
analyses and evaluation regarding corporate operations;
analyses and evaluations of issues related to the development of the Issuer's and Group's business.

7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE

7.1 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS

The Board of Directors regularly evaluates the effectiveness of its activities and the contribution made by its individual members, through formalized procedures whose implementation it oversees.

In particular, at least every three years – in preparation for renewal – the Board conducts a self-assessment involving itself and its Committees, taking into account, among other things, the role played by the management body in setting strategies and monitoring management performance, and the adequacy of the internal control and risk management system.

The relevant procedure – which falls under the remit of the Appointments and Remuneration Committee – is carried out in accordance with the principles and recommendations set forth in the CG Code, as well as with market best practices.

In implementation of the above, during the Year, the management body has carried out the evaluation of the Board and its Committees, in terms of operation, size, composition, and remuneration.

The entire board evaluation was handled by the Appointments and Remuneration Committee, acting as the Appointments Committee. Specifically, the process was initiated in June 2024 through the preparation of a special questionnaire taking into account the principles and recommendations set forth in the CG Code, as well as market best practices, that was then sent to all directors for completion anonymously.

The outcomes of the self-assessment – which were positive overall – were then shared and examined during the board deliberations of July 16, 2024. On the same date, on the basis of the findings of the self-assessment, as well as the information provided on the self-assessment process by the Appointments and Remuneration Committee, acting as the Appointments Committee, the Board of Directors assessed as adequate the actual functioning, size, composition, and remuneration of the management body and its Committees, also taking into account aspects as the professional, experience (including managerial), and gender characteristics of its members, as well as their seniority in office.

With reference to Article 4, Recommendation 23 of the CG Code, the Board of Directors – considering its own functioning, size, and the ownership structure of the Company and the Group – has decided not to adopt, in view of each of its renewals, any guidelines regarding its quantitative and qualitative composition, which was deemed optimal. In this regard, however, it should be noted that, particularly in view of the structure of the Issuer's ownership structure, the Board of Directors can be swiftly convened to make the necessary decisions on the matter.

In addition, Article 4, Recommendation 24 of the CG Code, in recommending the establishment of a succession plan for the chief executive officer and executive directors, and the establishment of appropriate procedures for the succession of top management, addresses "large companies", a category in which the Issuer is not included. Therefore, the Company – not falling under that definition – has decided not to have a succession plan for the Chief Executive Officer and the executive directors.

7.2 APPOINTMENTS COMMITTEE

Composition and operation of the Appointments Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

On May 18, 2023, the Board of Directors established the Appointments and Remuneration Committee, composed of 3 members, 2 of whom (including the Chairperson) are non-executive and independent, namely:

Alessandra Bucci (Chairwoman);
Maria Giovanna Calloni;
Paolo Izzo.

The Committee meets as convened and coordinated by its Chairwoman, Alessandra Bucci. Meetings are duly minuted and the Chairwoman informs the Board of Directors and the Board of Statutory Auditors at the first subsequent meeting.

During the Year, the Appointments and Remuneration Committee acting as the Appointments Committee met 5 times, with the participation of the Board of Statutory Auditors in addition to its members.

During the Year, at the invitation of Bucci as Chairwoman, directors and representatives of corporate departments who are not members of the Committee attended meetings of the Appointments Committee.

The average duration of the Appointments Committee meetings was one hour and thirty minutes.

For the current fiscal year, the Appointments Committee has scheduled at least 5 meetings, 2 of which have already been held as at the Report Date.

For more information on this, please refer to Table 3 in the appendix of the Report.

Functions of the Appointments Committee

The Appointments Committee performs functions, of a proposal and advisory nature and, in particular, assists the Board of Directors in:

(a) the periodic self-assessment of the Board of Directors and its committees, overseeing the process and providing the background for any assignment to an outside consultant;
(b) the definition of the optimal composition of the Board of Directors and its committees;
(c) the identification of director candidates in cases of co-option;
(d) in view of the renewal of the Board of Directors, the potential submission of a list by the outgoing management body to be carried out in a manner that ensures its transparent formation and presentation;
(e) the preparation, updating and implementation of succession plans for the Chief Executive Officer, other executive directors, if the Board of Directors has considered adopting such plans;
(f) making proposals or expressing opinions in relation to resource development policy.

Please refer to Section 6 of the Report for the main activities carried out by the Appointments Committee during the Year.

The Appointments Committee, in carrying out its functions, has had the opportunity to access corporate information and departments necessary for the performance of its duties, as well as to have financial resources and make use of external consultants, under the terms established by the Board of Directors.

8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE

8.1 REMUNERATION OF DIRECTORS

Information relating to this Section of the Report is contained in the report on remuneration policy and compensation paid, to which reference is made, prepared pursuant to Articles 123ter of the TUF and 84quater of the Issuers' Regulation, as well as, in accordance with the recommendations of Article 5 of the Code, being made available to the public on the Company's website (https://www.cy4gate.com/en/) and in the other manner provided for by current regulations.

8.2 REMUNERATION COMMITTEE

Except as noted below, for information regarding this Section, please refer to the relevant parts of the report on remuneration and compensation paid published pursuant to Article 123terof the TUF.

Composition and operation of the Remuneration Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

Alessandra Bucci (Chairwoman);
Maria Giovanna Calloni;
Paolo Izzo.

All members of the Appointments and Remuneration Committee have knowledge and experience in financial or compensation policies, as deemed appropriate by the Board of Directors at the time of appointment.

In accordance with Recommendation 26, directors shall abstain from attending meetings of the Appointments and Remuneration Committee at which proposals on their own remuneration are made to the Board of Directors.

During the Year, the Appointments and Remuneration Committee acting as the Remuneration Committee met 5 times, with the participation of the Board of Statutory Auditors in addition to its members.

The average duration of Remuneration Committee meetings was one hour and thirty minutes.

For the current fiscal year, the Remuneration Committee has scheduled at least 5 meetings, 2 of which have already been held as at the Report Date.

For more information on this, please refer to Table 3 in the appendix of the Report.

Functions of the Remuneration Committee

The Remuneration Committee performs functions, of a proposal and advisory nature, providing, among other things, support to the Board of Directors in the development of the remuneration policy for directors and key executive managers and in the periodic evaluation regarding the adequacy, overall consistency and concrete application of the policy adopted.

Specifically, the Remuneration Committee is entrusted with the following tasks:

(a) developing a proposed remuneration policy for approval from the Board of Directors;
(b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors holding special offices as well as on the setting of performance targets related to the variable component of such remuneration;
(c) monitoring the actual implementation of the remuneration policy with particular reference to the achievement of performance targets;
(d) periodically assessing the adequacy and overall consistency of the policy for the remuneration of directors and top management, where appropriate making proposals to the Board of Directors on the matter;
(e) expressing an opinion on particular and specific matters in the field of economic treatment for which the Board of Directors has requested an assessment.

Please refer to Section 6 of the Report for the main activities carried out by the Remuneration Committee during the Year.

In carrying out its functions, the Remuneration Committee has had the opportunity to

access corporate information and departments necessary for the performance of its duties, as well as to have access to financial resources and make use of external consultants, under the terms established by the Board of Directors.

9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM – CONTROL AND RISK COMMITTEE

The Board of Directors has defined the guidelines of the internal control and risk management system – consisting of the set of rules, procedures and organizational structures aimed at the effective and efficient identification, measurement, management, and monitoring of the main risks, in order to contribute to the Issuer's sustainable success – in accordance with the Issuer's strategies.

The Company's internal control and risk management system is designed to contribute to the conduct of the business consistent with the targets set by the Board of Directors, by identifying, managing, and monitoring the main risks within the Company. This system is inspired by national and international models and best practices, such as the Code.

Responsibility for the adoption of an adequate internal control and risk management system lies with the Board of Directors, which, with the help of the Control, Risk and Sustainability Committee, carries out the tasks assigned to it by the Code, including:

(a) defining the guidelines of the internal control and risk management system, so that the main risks pertaining to the Company and its subsidiaries – including the various risks that may be relevant from a long-term sustainability perspective – are correctly identified, as well as adequately measured, managed and monitored, also determining the degree of compatibility of these risks with a management of the company consistent with the identified strategic targets;
(b) evaluating, at least annually the adequacy of the internal control and risk management system with respect to the company characteristics and the risk profile, as well as its effectiveness, barring unforeseen events during the course of the company's life that may require extraordinary in-depth investigations aimed at verifying the effectiveness of controls in relation to particular situations;
(c) approving, at least annually, the work plan prepared by the Head of Internal Audit, after consultation with the Board of Statutory Auditors and the Chief Executive Officer;
(d) describing, in the Report on Corporate Governance, the main features of the internal control and risk management system, including the mechanisms for coordinating the parties involved, providing an assessment of its adequacy.

The other structures/actors involved in the Issuer's ICRMS are:

(i) the Chief Executive Officer, in charge of establishing and maintaining the ICRMS, who oversees the design and functionality of the ICRMS;

(ii) the Control, Risk and Sustainability Committee, with the task of supporting the board's assessments and decisions related to the internal control and risk management system and the approval of periodic financial and non-financial reports;
(iii) the Board of Statutory Auditors, which is responsible for supervising compliance with the law and the articles of incorporation, compliance with the principles of sound administration, the adequacy of the organizational structure, the financial and non-financial reporting process, and the effectiveness of the ICRMS;
(iv) the Head of Internal Audit who is responsible for verifying that the ICRMS is functioning, adequate and consistent with the guidelines set by the Board of Directors;
(v) the Supervisory Body, which has the task of supervising the operation of and compliance with the 231 Model, as well as ensuring that it is updated;
(vi) the Financial Reporting Officer, who plays a proactive role in the continuous implementation and evolutionary maintenance of the existing internal control risk management system in relation to the financial reporting process, periodically checking the status of its activities and the results of testing activities;
(vii) the auditing firm that carries out the auditing of the statutory and consolidated financial statements;
(viii) corporate departments tasked with identifying, assessing, managing and monitoring risks specific to their areas of responsibility, as well as corporate control departments responsible for ensuring the proper implementation of a structured process of risk analysis and management (i.e., the Coordination and Consultation Body for the Prevention of Corruption and the Whistleblowing Committee, also operating in the anti-corruption and anti-bribery field).

Main characteristics of the existing risk management and internal control system in relation to the financial reporting process (pursuant to Art. 123-bis, paragraph 2.b) of the TUF)

Foreword

[The Group's internal control and risk management system on financial reporting is defined as the set of activities aimed at identifying and assessing actions and events whose occurrence, or absence, could partially or fully compromise the achievement of the objectives related to the reliability, accuracy, dependability and timeliness of financial information. It is designed to ensure that the administrative and accounting procedures adopted and their application are adequate to achieve these objectives, in accordance with the relevant accounting standards.

The system of internal control and risk management on financial reporting has been defined in accordance with commonly accepted frameworks and best practices, and is subject to constant monitoring, as well as periodic evaluation and review to ensure the proper design, operation, and application of the relevant safeguards and controls.

It is the responsibility of the Control, Risk and Sustainability Committee to assist the Board of Directors in defining the guidelines for the internal control and risk management system, in line with the Group's strategies, so that the main risks run to the Company and its subsidiaries are correctly identified, adequately measured, managed and monitored, by determining the criteria for compatibility between the risks thus identified and a sound and proper management of the Group, consistently with the identified strategic targets, in order to contribute to the Group's sustainable success.

Characteristics of the Group's internal control and risk management system

The Group's internal control and risk management system has been gradually updated over the years to incorporate the Group's organizational and structural development, as well as to align with best practices and the applicable regulatory framework. It is structured in line with the Group's organizational, operational and governance configuration, taking into account the specific regulatory framework of the sector, as well as in compliance with the standards required for the multinational entity listed on Euronext Milan, STAR segment.

The main elements that identify and characterize the Group's control environment are:

the ethical values expressed in the Organization, Management and Control Model prepared pursuant to Italian Legislative Decree 231/2001 as amended, on which the Supervisory Body exercises independent powers of initiative and control;
the adoption and dissemination of the Code of Ethics, which defines the core principles of the Organizational Model, through a system of rules of conduct aimed at preventing the commission of offenses under Italian Legislative Decree No. 231/2001;
the Management's focus on internal controls aimed at mitigating risks that may hinder the achievement of set objectives.

Below are the phases of the Group's internal control and risk management system, as well as the roles and functions involved.

The Group's organizational structure contributes to the effectiveness of the internal control environment, also through a system of responsibilities outlined, among other things, by the Group's Functional Organization Chart, and governed by internal procedures that explain the organizational model and define the main subjects involved in the organizational structure, as well as the assignment of the main subjects to different functions.

On May 2, 2023, the Board of Directors of CY4Gate S.p.A. appointed Marco Latini as the Group's Financial Reporting Officer, pursuant to Article 154bis of the TUF, effective from the first day of listing on Euronext Milan - STAR Segment. Subsequently, on 12 March 2025, the Board of Directors, following the consensual termination of Mr. Latini's employment relationship, appointed Ms. Arianna Ciccolella as the Financial Reporting Officer pursuant to Article 154-bis of the Consolidated Law on Finance.

For the execution of his activities, the Financial Reporting Officer, relies on an operational structure directly reporting to him for the analysis and monitoring of business processes, in compliance with the administrative and accounting procedures of the Group, aimed at overseeing the preparation of the annual financial statements, the consolidated financial statements, and any other financial communication. During FY2024, the transition to SAP4Hana was implemented for the parent company and RCS S.p.A., aimed at strengthening safeguards.

The characteristics of the system adopted are described below, with particular reference to (a) the steps of the risk management and internal control system in relation to the financial reporting process, and (b) the roles, functions, and coordination methods of the involved parties, all in accordance with the relevant regulations.

Steps of the existing Risk Management and Internal Control System in relation to the financial reporting process

Identification of financial reporting risks: this step focuses on establishing the criteria for defining the scope of companies and processes relevant to the 2024 financial reporting and related control system. The aim is to identify risks that could potentially impact the financial reporting, whether due to weaknesses or deficiencies in the management and control system. These risks encompass both unintentional errors and fraud, both of which could materially affect financial reporting.
Risk assessment of financial reporting: this step outlines the Group's administrative and accounting risk assessment process, which seeks to identify and evaluate the primary risks that could influence financial reporting. Risks are first identified based on the relevant business processes and then further broken down according to the activities of the companies within the scope and then assessed at the level of "inherent risk" ("control-free") and divided by (i) impact ("magnitude") and (ii) probability. Based on the risk identification and assessment, the components of the internal control system with respect to financial reporting are analyzed through:
- a) a macro analysis, at the business process level;
- b) a granular analysis, where risks at the business process level are broken down into significant financial statement items and financial reporting itself.
Identification of controls for the identified risks: the Group has a detailed Risk Management system (with review and related reporting system) for identifying, describing, measuring, defining the probability of occurrence, assessing the impact, and determining remedial actions for the main applicable risks.

Based on the risk assessment, specific control activities are identified to mitigate risks, grouped into the following clusters:

controls applicable across the entire Group, covering the control perimeter ("Entity Level Controls");
controls specific to individual business processes ("Process Level Controls");
controls related to IT systems, aimed at ensuring their proper operation and security of information and data ("IT General Controls") for which the Chief Information Security Officer is responsible.

These controls, whatever the cluster, are then categorized as "key" and "non-key" controls, based on the magnitude and probability of occurrence of the risks they are intended to prevent or mitigate.

• Evaluation of controls for the identified risks: once these risks have been defined and evaluated for the above two dimensions, they are linked to the Group management and control system to ensure that all risks are appropriately mitigated by controls – either preemptive or detective – to ensure that financial reporting remains free of material impacts arising from the risks, which are prevented or identified in a timely manner and monitored consistently. Where necessary, controls are modified/expanded from time to time to ensure comprehensive and continuous coverage of risks that could significantly impact financial reporting. The process for evaluating controls, both in design and operational effectiveness, is conducted periodically. In order to verify and ensure the operation of the internal control system on financial reporting, periodic monitoring is carried out by the process owners, the Financial Reporting Officer, corporate bodies, and third parties (Internal Audit, Protiviti). The Financial Reporting Officer periodically provides the Group's Control, Risk and Sustainability Committee and Supervisory Body with information related to economic and financial reporting as well as administrative and accounting processes and the related control activities carried out, and offers support to these bodies, including through his/her operating structure, in their activities regarding administrative controls over the preparation of corporate accounting documents. Indeed, it is the responsibility of the Control, Risk and Sustainability Committee to periodically assess – at least annually – the adequacy of the internal control and risk management system with respect to the characteristics of the Company and the risk profile, as well as its effectiveness.

Any deficiencies or weaknesses in the design or operation of controls are reported to process owners and the Financial Reporting Officer, and followed up with a remediation plan that is monitored along with the periodic review described above.

In addition, as required by Article 154bis, paragraph 5 of the TUF, the Financial Reporting Officer, along with the Chief Executive Officer, provides his/her own explanatory report and related certification required by the role.

Roles and functions involved:

the Board of Directors is entrusted to guide and evaluate the adequacy of the management and control system and includes within it the Chief Executive Officer (CFO) who is responsible for establishing and maintaining the internal control and risk management system. The Group's CFO is also the Financial Reporting Officer;
the Control, Risk and Sustainability Committee assists the Board of Directors, with investigative, proposal, and advisory functions, in the latter's evaluations and decisions related to the internal control and risk management system, as well as in matters concerning the Company's sustainability issues;
the Head of Internal Audit (outsourced by the Group to the company Protiviti) is responsible for verifying that the internal control and risk management system is functioning and adequate for reporting purposes;
the Board of Statutory Auditors supervises in the interest of third parties compliance with the law, the bylaws, and the principles of sound administration;
the Financial Reporting Officer, established into the corporate organization in accordance with Article 154bis of the TUF, is responsible for the preparation of accounting and corporate documents, appointed by the Board of Directors, in consultation with the Chief Executive Officer and, as mentioned above, is responsible for designing, implementing, and approving the accounting and administrative management and control model, as well as evaluating its application, issuing a report and certification to financial and sustainability reporting.]

At the Board meeting held on March 12, 2025, the Board of Directors – after receiving a favorable opinion from the Control, Risk and Sustainability Committee – assessed positively the adequacy of the internal control and risk management system in relation to the characteristics of the company and its risk profile, as well as its effectiveness, in accordance with Recommendation 33, letter a) of the CG Code. This assessment was conducted on the basis of the information and evidence gathered with the support of the preliminary activity carried out by the Control, Risk and Sustainability Committee, and with the input of the Company's management and the Head of Internal Audit.

During the Year, the Board of Directors, including in the context of the ICRMS evaluation carried out with the help of the Control, Risk and Sustainability Committee, did not identify or highlight any situations that would require changes in expertise and resources or the adoption of specific measures to ensure the effectiveness and impartiality of the aforementioned corporate functions involved in controls.

9.1 CHIEF EXECUTIVE OFFICER

On May 2, 2023, the Board of Directors appointed Emanuele Galtieri as Chief Executive Officer and, therefore, pursuant to the Code, he was designated as the person in charge of establishing and maintaining the internal control and risk management system.

The Chief Executive Officer, during the Year:

(i) identified the main business risks, taking into account the characteristics of the activities carried out by the Issuer and its subsidiaries, and submitted them periodically to the Board of Directors for review;
(ii) implemented the guidelines set by the Board of Directors, taking care of the design, implementation, and management of the ICRMS and constantly checking its adequacy and effectiveness, as well as taking care of its adaptation to operating conditions and the legislative and regulatory landscape;
(iii) entrusted Internal Audit with conducting audits of specific operational areas and compliance with internal rules and procedures in the execution of corporate

transactions, simultaneously notifying the Chairperson of the Control, Risk and Sustainability Committee and the Chairperson of the Board of Statutory Auditors;

(iv) reported promptly to the Control, Risk and Sustainability Committee on problems and critical issues that had arisen in the course of his work or of which he had otherwise become aware, so that said Committee could take appropriate action.

9.2 CONTROL, RISK AND SUSTAINABILITY COMMITTEE

Composition and operation of the Control, Risk and Sustainability Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

On May 18, 2023, the Board of Directors established the Control, Risk and Sustainability Committee, composed of 3 people, 2 of whom (including the Chairperson) are nonexecutive and independent, namely:

Cinzia Parolini (Chairwoman);
Alessandra Bucci;
Roberto Ferraresi.

All members have expertise in the business sector in which the Issuer operates, which is functional in assessing the risks to which the Issuer is exposed. Specifically, all members of the Committee have adequate knowledge and experience in accounting and finance and/or risk management, as assessed by the Board of Directors at the time of appointment.

The Control, Risk and Sustainability Committee meets when convened by its Chairwoman, Cinzia Parolini. Meetings are duly minuted and the Chairperson of the Control, Risk and Sustainability Committee informs the Board of Directors and the Board of Statutory Auditors at the first useful meeting.

During the Year, the Control, Risk and Sustainability Committee has met 9 times, with the participation of the Board of Statutory Auditors in addition to its members.

During the Year, at the invitation of Cinzia Parolini as Chairwoman, directors and representatives of corporate functions who are not members of the Committee attended meetings of the Control, Risk and Sustainability Committee.

The average duration of the Control, Risk and Sustainability Committee meetings was one hour and forty minutes.

For the current year, the Control, Risk and Sustainability Committee has scheduled at least 9 meetings, 4 of which have already been held as at the Report Date.

For more information on this, please refer to Table 3 in the appendix of the Report.

Functions assigned to the Control, Risk and Sustainability Committee

The Control, Risk and Sustainability Committee provides support to the Board of Directors in evaluating and making decisions regarding the internal control and risk management system, as well as in decisions related to the approval of periodic financial reports.

Specifically, the Committee supports the Board of Directors in carrying out tasks related to the following matters:

(i) defining the guidelines of the internal control and risk management system, consistent with the Company's strategies and so that the main risks pertaining to the Company and its subsidiaries are correctly identified, adequately measured, managed and monitored, determining the compatibility criteria between the risks thus identified and a sound and proper management of the Company consistent with the identified strategic objectives, in order to contribute to the sustainable success of the Company;
(ii) periodically assessing, at least annually, the adequacy of the internal control and risk management system with respect to the Company's characteristics and risk profile, as well as its effectiveness;
(iii) appointing and dismissing the head of internal audit, defining the relative remuneration in line with company policies, and assessing the adequacy of the resources available to him/her, as well as verifying, if the internal audit is entrusted, as a whole or for specific audit activities, to a person external to the Company, that the same person meets professional, independence, and organizational requirements;
(iv) approving at least annually the work plan prepared by the head of internal audit, after consultation with the Board of Statutory Auditors and the Chief Executive Officer;
(v) assessing whether measures should be taken to ensure the effectiveness and impartial judgment of other corporate departments that may be involved in the controls indicated in Recommendation 32, letter e) of the Corporate Governance Code, verifying that they have adequate professionalism and resources;
(vi) assigning to the Board of Statutory Auditors or a specially constituted body the supervisory functions under Article 6, paragraph 1, letter b) of Italian Legislative Decree No. 231/2001;
(vii) evaluating, in consultation with the Board of Statutory Auditors, the results set forth by the auditing firm in any letter of suggestions and in the additional report addressed to the Board of Statutory Auditors;
(viii) describing in the corporate governance report, the main features of the internal control and risk management system and the coordination methods between the parties involved, indicating the national and international reference models and best practices, its overall assessment of the system adequacy, and an explanation of the choices made regarding the composition of the supervisory body referred to in point (vi) above.

Please refer to Section 6 of the Report for the main activities carried out by the Control, Risk and Sustainability Committee during the Year.

In carrying out its functions, the Control, Risk and Sustainability Committee has had the opportunity to corporate access information and departments necessary for the performance of its duties, as well as to have access to financial resources and make use of external consultants, under the terms established by the Board of Directors.

9.3 HEAD OF INTERNAL AUDIT

Also in support of the Issuer's internal control and risk management system, in accordance with the provisions contained in the Code, on June 23, 2023, the Company's Board of Directors entrusted Internal Audit – in charge of verifying that the internal control and risk management system is functioning, adequate, and consistent with the guidelines defined by the Board – in full outsourcing mode to the company Protiviti in the person of Cristina Peano (Managing Director and Head of Services in the Audit and Compliance unit of Protiviti Italia). The mandate was then renewed, after the favorable opinion of the Control, Risk and Sustainability Committee, at the board meeting on May 14, 2024.

It should be noted that Peano is not responsible for any operational area of the Issuer, reports to the Board of Directors, and has direct access to all information relevant to the performance of her duties.

The Control, Risk and Sustainability Committee has positively evaluated this mandate, finding it to be in line with market practices and applicable regulations, as well as consistent with the needs of the Company.

The Board of Directors has ensured that Cristina Peano met the professionalism, independence, and organizational requirements, and defined her remuneration in line with company policies, as well as ensuring that she was provided with adequate resources to carry out her duties.

The Board of Directors, after the positive opinion of the Control, Risk and Sustainability Committee, approved the Plan, finding it to be in line with Company needs.

The Head of Internal Audit, from the date of appointment and up to the Report Date has:

developed the Audit Plan following a structured process of analysis and prioritization of the main risks for the Company's structure – which was then submitted for approval to the Board of Directors, in consultation with the Control, Risk and Sustainability Committee;
initiated the execution of internal audit measures, reporting the results to the Board of Directors, in consultation with the Control, Risk and Sustainability Committee;
monitored the corrective actions agreed upon in the audit, in order to verify the overcoming of the critical issues found;
periodically updated the Chief Executive Officer and the CRSC Chairperson on the progress of her activities;
reported periodically on the progress of activities to the Control, Risk and Sustainability Committee;
met with the Supervisory Body and the Board of Statutory Auditors.

9.4 ORGANIZATIONAL MODEL PURSUANT TO ITALIAN LEGISLATIVE DECREE 231/2001

By a Board of Directors resolution on September 22, 2021, the Issuer adopted the 231 Model, later amended on September 13, 2023, which is the Italian reference legislation on corporate criminal liability.

The Issuer's 231 Model was drafted with the aim of preventing the offences set out in Decree 231, also taking into consideration the principles expressed in the guidelines for the drafting of Organizational Models issued by Confindustria and other relevant trade associations. The 231 Model consists of a general part and a special part. The general part explains the contents of Decree 231, the purposes of the 231 Model and its governance rules, how the Supervisory Body is established and functions, as well as the penalties system and staff training. The special part describes, for each business activity assessed as "sensitive" under Decree 231, the relevant types of offences, the principles of conduct to be observed and the control protocols adopted by the Company to prevent the commission of one of the offences referred to in Decree 231 (including, but not limited to, offences against the Public Administration, corporate offences, tax offences and organized crime offenses).

The general part of the 231 Model is published on the Company's website https://www.cy4gate.com/en/, Governance/Documents section.

Control over the implementation of the 231 Model has been entrusted to a speciallyestablished Supervisory Body, appointed pursuant to Article 6 of Decree 231 by the Board of Directors on September 22, 2021, with the task of supervising its effectiveness and efficacy and proposing updates or amendments to it in order to align with the corporate structure and regulatory changes, including through periodic verification of areas at risk of offences. The Supervisory Body is also in charge of monitoring compliance with, the proper functioning of, and the enforcement of the 231 Model, and is the recipient of any requests for information and reports of violations of the 231 Model.

In this regard, the Issuer is committed, particularly within its area of responsibility, to countering any form of corruption; this offence, moreover, is included among the "predicate offenses" falling within the scope of Italian Legislative Decree 231/2001, which governs the administrative liability of companies, and in accordance with it the Issuer has adopted its own 231 Model. On the other hand, with regard to the management of relations with suppliers, the Company is committed to maintaining fair and timely payment terms, in compliance with EU directives on late payments.

The Supervisory Body in office during the Year consisted of Attilio Soriano (Chairman), Stefano Fiorini (member of the Board of Statutory Auditors) and Rosa Maria Caprino (external consultant member).

The Supervisory Body in office as at the Report Date consists of Asa Peronace (Chairman), Stefano Fiorini (member of the Board of Statutory Auditors) and Rosa Maria Caprino (external consultant member), being appointed by the board meeting held on September 12, 2024.

9.5 AUDITING FIRM

The company in charge of the statutory audit of the Issuer's accounts is KPMG S.p.A. (the "Auditing Firm"), with registered office in Milan, via Vittor Pisani, No. 25, Tax Code and VAT No. 00709600159, enrolled in the register of statutory auditors and auditing companies kept at the Italian Ministry of Economy and Finance under No. 70623.

On April 14, 2022, the Ordinary Shareholders' Meeting of the Issuer, upon the proposal of the Board of Statutory Auditors, appointed the Auditing Firm to audit the separate and consolidated financial statements pursuant to Article 13 of Italian Legislative Decree No. 39/2010 for the three-year period 2022-2024 until the approval of the financial statements for the year ended December 31, 2024, prepared in accordance with IAS/IFRS.

On April 27, 2023, the Shareholders' Meeting, in view of the admission to trading of the ordinary shares on EXM – STAR Segment and the consequent acquisition by the Issuer of the status of "public interest entity" pursuant to Article 16 of Italian Legislative Decree No. 39/2010, resolved to appoint the Auditing Firm, pursuant to Articles 13 and 17 said Legislative Decree, effective as of the Trading Starting Date, to perform: (i) the auditing of the Company's financial statements and the consolidated financial statements for each of the nine fiscal years ending December 31, 2023 to December 31, 2031; (ii) verifying during the fiscal year that the Company's accounts are kept properly and that the operating events are correctly recorded in the accounting records; (iii) verifying the consistency of the management report with the financial statements and the consolidated financial statements; and (iv) the limited auditing of the condensed interim consolidated financial statement for the six-month periods ending June 30, 2023 to June 30, 2031.

It should be noted that the appointment of the Auditing Firm was made in consideration of the Board of Statutory Auditors proposal made following the selection procedure prepared by the Company in compliance with the provisions of Article 16 of Regulation (EU) No. 537/2014.

9.6 FINANCIAL REPORTING OFFICER AND OTHER CORPORATE ROLES AND FUNCTIONS

On May 2, 2023, the Board of Directors appointed, effective as of the Trading Starting Date, the Issuer's Chief Financial Officer, Marco Latini, as the Financial Reporting Officer.

Subsequently, on 12 March 2025, the Board of Directors, following the consensual termination of Mr. Latini's employment relationship, appointed Ms. Arianna Ciccolella as the Financial Reporting Officer pursuant to Article 154-bis of the Consolidated Law on Finance.

The Financial Reporting Officer is appointed from among individuals who have significant professional experience in accounting, economics, and finance for at least 3 years and any additional requirements established by the Board of Directors and/or applicable legal and regulatory framework.

The Financial Reporting Officer, pursuant to Article 154bis of the TUF, shall: (a) prepare written accompanying statements for the Company's deeds and communications disseminated to the market and relating to accounting information, including infraannual information; (b) prepare adequate administrative and accounting procedures for the preparation of the annual financial statements and, where applicable, the consolidated financial statements, as well as any other financial disclosure; and (c) certify in an appropriate report on the annual financial statements, the condensed interim financial statements and, where prepared, the consolidated financial statements (i) the adequacy and effective application of the administrative and accounting procedures for the preparation of the annual financial statements, (ii) that the documents are prepared in accordance with applicable international accounting standards recognized in the European Community pursuant to Regulation (EC) No. 1606/2002 of the European Parliament and of the Council of July 19, 2002, (iii) that the documents correspond to the results in the accounting books and records, (iv) the suitability of the documents to provide a true and fair representation of the assets and liabilities, economic and financial situation of the Issuer and the set of companies within the consolidation scope, (v) for the annual financial statements and the consolidated financial statements, that the management report includes a reliable analysis of the performance and results of operations, as well as the situation of the Issuer and the set of companies within the consolidation scope, together with a description of the main risks and uncertainties to which they are exposed, and (vi) for the condensed half-yearly financial statements, that the interim management report contains a reliable analysis of the information referred to in Art. 154ter, paragraph 4, of the TUF.

The Board of Directors shall ensure that the Financial Reporting Officer has adequate means and powers to perform the duties assigned to him in accordance with the law, as well as compliance with administrative and accounting procedures.

As at the Report Date, the Financial Reporting Officer reports directly to the Chief Executive Officer and General Manager, and has reporting directly to him the Finance Area, so that he can maintain constant oversight over the financial reporting process, in order to ensure the reliability and integrity of accounting and operational information, including consolidated information.

9.7 COORDINATION OF THE PARTIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

The parties involved in the internal control and risk management system operate in ways that are shared with the Company, aimed at maximizing the efficiency of the internal control and risk management system, reducing duplication of activities, and ensuring the effective performance of the Board of Statutory Auditors own duties.

In particular, the Board of Statutory Auditors and the Control, Risk and Sustainability Committee exchange information relevant to the performance of their respective duties on a timely basis, and all members of the Board of Statutory Auditors participate in the work of the Control, Risk and Sustainability Committee as well as, for issues of interest, the Chief Executive Officer, the Financial Reporting Officer, the Head of Internal Audit

and the members of the Supervisory Body. The Chairperson of the Control, Risk and Sustainability Committee sees to the continuity and completeness of the information flow to the Board of Directors in matters within the Committee's competence.

10. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS

In order to adapt the Companies' corporate governance system to the legal and regulatory standards applicable to companies with shares listed on a regulated market, also taking into account the guidelines provided by CONSOB Communication No. DEM/10078683 of September 24, 2010, the Board of Directors, on May 18, 2023, resolved to adopt the RPT Procedure, then subsequently updated on September 12, 2024, available in its full version on the Company's website at https://www.cy4gate.com/en/, Governance/Documents Section.

The Related-Party Transactions Committee consists of 3 non-executive independent members, namely:

Maria Giovanna Calloni (Chairwoman);
Cinzia Parolini;
Alessandra Bucci.

This Committee performs the functions assigned to it by the RPT Procedure.

In particular, the Committee:

(i) is called upon to express a non-binding reasoned opinion on the Issuer's interest in the completion of the Transactions of Lesser Significance (as defined within the RPT Regulation), as well as on the appropriateness and substantive fairness of their terms; and
(ii) shall be involved in the negotiation and preliminary phase in the case of Transactions of Greater Significance (as defined within the RPT Regulation) and, thereafter, it is called upon to express a binding reasoned opinion on the Company's interest in the completion of the transaction, as well as on the appropriateness and substantive fairness of the terms.

The work of the Related-Party Transactions Committee is coordinated by its Chairperson. Meetings are duly minuted and the Chairwoman informs the Board of Directors and the Board of Statutory Auditors at the first subsequent meeting.

During the Year, the Related-Party Transactions Committee met 7 times, with the participation of the Board of Statutory Auditors in addition to its members.

The average duration of the Related-Party Transactions Committee meetings was approximately one hour and twenty minutes.

For the current year, the Related-Party Transactions Committee has scheduled at least 5 meetings, 2 of which have already been held as at the Report Date.

Please refer to Section 6 of the Report for the main activities carried out by the Related-Party Transactions Committee during the Year.

Except as provided in applicable provisions, there are no specific obligations on directors in cases where they have an interest on their own behalf or on behalf of third parties in a particular transaction of the Company. Before taking each resolution, the Board of Directors shall ask the members of the Board of Directors whether they have their own interests or the interests of third parties in the transaction that is under resolution.

11. BOARD OF STATUTORY AUDITORS

11.1 APPOINTMENT AND REPLACEMENT

The Board of Statutory Auditors consists of 3 (three) standing auditors and 2 (two) alternate auditors.

The members of the Board of Statutory Auditors shall meet the requirements of integrity, professionalism, independence and those related to the maximum number of positions provided for by applicable law and regulations. For the purposes of Article 1, par. 2, points b) and (c) of Italian Minister for Justice Decree No. 162 of March 30, 2000, subjects pertaining to commercial law, corporate law, tax law, business economics, corporate finance, disciplines with similar or assimilated subject matter, and finally subjects and fields of activity inherent to that of the Company are considered to be closely related to the Company's field of business.

If, in the composition of the Board of Statutory Auditors, the application of the gender balance criterion does not result in a whole number of candidates belonging to the less represented gender, such number is rounded on the basis of the criterion provided for by the legislation and regulations in force.

Statutory auditors serve three-year terms, are eligible for reappointment, and their terms expire on the date of the shareholders' meeting called to approve the financial statements for their third year in office.

Pursuant to Article 27 of the Bylaws, statutory auditors are appointed by the shareholders' meeting on the basis of lists submitted by shareholders.

In particular:

(i) shareholders who, at the time of submitting the list, held, individually or jointly, a number of shares at least equal to the same proportion as determined by CONSOB, pursuant to applicable statutory and regulatory provisions, for the purpose of submitting lists for the appointment of the board of directors of companies with shares traded on regulated markets (Articles 144quater and 144sexies of CONSOB Resolution No. 11971 of May 14, 1999) may submit a list for the appointment of statutory auditors. The ownership of the minimum proportion shall be determined having regard to the shares that are registered in favor of the shareholder on the day on which the list is filed with the Company, it being understood that the relevant certification may also be produced after the filing, provided that it is within the deadline for the publication of the list;
(ii) the lists are filed with the Company within the terms provided for by the laws and regulations in force, which are indicated in the call notice at the Company's

registered office or also through a remote means of communication as indicated in the call notice, and made available to the public within the terms and in the manner provided for by the laws and regulations in force;

(iii) in the event that only one list has been filed by the expiration date of the deadline for the submission of lists, or only lists submitted by shareholders who are connected with each other under the laws and regulations in force, additional lists may be submitted, up to the third day following that date, by shareholders who, at the time of the submission of the list, held, individually or jointly, a number of shares at least equal to half of the minimum share required by point (i) above.

In addition:

candidates are listed, within the lists, by a sequential number and in a number not exceeding the members of the body to be elected;
lists are divided into two sections: one for candidates for the office of standing auditor and the other for candidates for the office of alternate auditor. The first of the candidates in each section shall be registered as a statutory auditor and have practiced statutory auditing for a period of at least three years;
the list of candidates in both sections shall be such as to ensure that the composition of the Board of Statutory Auditors, in both the standing and the alternate components, complies with the provisions of the law and regulations in force regarding gender balance, it being understood that if the application of the gender balance criterion does not result in a whole number, the number shall be rounded up to the next higher unit, except in the case where the board of auditors consists of three standing auditors for which rounding down shall be made to the next lower unit;

Each candidate may be on only one list, under penalty of ineligibility.

A) Where two or more lists have been submitted, the election of members of the Board of Statutory Auditors shall be conducted as follows:
a) from the list that obtained the highest number of votes cast (the "Majority List") the majority of standing and alternate auditors to be elected except one are drawn in the sequential order of presentation;
b) the remaining standing auditor and the remaining alternate auditor are taken from the second list that obtained the highest number of votes and that is not connected even indirectly with the shareholders who submitted the list that ranked first in number of votes (the "Minority List").

The chair of the Board of Statutory Auditors shall be held by the standing auditor drawn from the Minority List pursuant to letter b) above; in case of replacement of the chairperson, this office shall be held by the alternate auditor drawn from the Minority List pursuant to letter b) above. In the event that all the statutory auditors are drawn from a single list, the chair goes to the first candidate on that list.

If, in the manner indicated above, the legal and regulatory provisions in force regarding gender balance are not complied with, the candidate for the office of standing or alternate auditor of the most represented gender who was elected as last in numerical order from the Majority List shall be excluded and shall be replaced by the next candidate for the office of standing or alternate auditor, drawn from the same list, belonging to the other gender.

B) If only one list has been submitted, the shareholders' meeting shall vote on it, and if it obtains a majority of votes, three standing auditors and two alternate auditors named in the list as candidates for such offices shall be elected, in accordance with the laws and regulations in force, including those on gender balance.
C) In the absence of lists, or if it is not possible for any reason to proceed with the appointment of the Board of Statutory Auditors in the manner provided for in this article, the three standing auditors and the two alternate auditors shall be appointed by the Shareholders' Meeting, on the basis of nominations proposed by the shareholders within the terms and in the manner provided by the regulations in force for the submission of proposals for resolutions on matters already on the agenda, depending on whether the intervention and exercise of voting rights by the eligible persons can take place directly at the Shareholders' Meeting or exclusively through the designated representative, in accordance with the statutory and regulatory provisions in force, including on gender balance.

In the event of the termination of office, for any reason, of a standing auditor, and in compliance with the applicable legal and regulatory provisions on gender balance, the following procedure shall apply: (i) if a standing auditor from the Majority List of the Board of Statutory Auditors vacates the position, they shall be replaced by the alternate auditor from the Majority List, (ii) if the auditor from the Minority List, or the chairperson of the Board of Statutory Auditors, ceases to hold office, they shall be replaced by the alternate auditor from the Minority List, who will also assume the role of chairperson. If, for any reason, it is not possible to proceed within the above-mentioned deadlines, a shareholders' meeting must be convened to allow for the integration of the Board of Statutory Auditors through the ordinary procedures and majorities, without the application of the list voting mechanism, while ensuring compliance with the applicable legal and regulatory provisions on gender balance.

Statutory auditors act autonomously and independently also with respect to the Shareholders who elected them.

11.2 COMPOSITION AND OPERATION OF THE BOARD OF STATUTORY AUDITORS (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) AND 2.D-BIS) OF THE TUF)

The Company's Board of Statutory Auditors as at the Report Date was appointed by the Shareholders' Meeting held on April 27, 2023, and then supplemented at the Shareholders' Meeting held on April 22, 2024 (as further detailed below), and is composed as follows:

First and last	Position	Date of birth	Seniority in office (§)
name
	Chairman of the Board	July 15, 1969	5 years
Stefano Fiorini	of Statutory Auditors
Paolo Grecco	Standing auditor	May 10, 1958	5 years
Daniela Delfrate	Standing auditor	August 12, 1965	4 years
Allegra Piccini	Alternate auditor	April 12, 1975	/
Alberto		October 20, 1970	/
Trabucchi	Alternate auditor

(§) Reference is made to the date of first appointment.

In this regard, it should be noted that Standing Auditors Paolo Grecco and Daniela Delfrate, as well as Alternate Auditor Allegra Piccini, were drawn from the majority list submitted by the shareholder Elettronica. Whereas Standing Auditor Stefano Fiorini was drawn from the minority list submitted by the shareholder TEC Cyber.

On May 18, 2023, Alternate Auditor Sebastiano Bonanno resigned, effective immediately, for personal reasons. The integration of the Board of Statutory Auditors, with the appointment of an Alternate Auditor to replace Bonanno, took place, in accordance with the law, at the Shareholders' Meeting called to approve the financial statements for the year ended December 31, 2023, with the appointment of Alberto Trabucchi, whose candidacy was submitted by the shareholder Elettronica.

The statutory auditors meet the requirements of integrity, professionalism and independence set forth by law, the Bylaws and the Code.

A summary of the personal and professional characteristics of the members of the Board of Statutory Auditors is hereby provided.

Stefano Fiorini

He holds a degree in economics and business administration, is a statutory auditor and enrolled in the Register of Technical Consultants of the Civil Court of Rome, the Register of Experts of the Criminal Court of Rome and the Register of Judicial Administrators, ordinary section. He has gained significant experience in major sectors of industrial and service business. He worked in auditing at KPMG S.p.A. (until the year 1997) and Arthur Andersen S.p.A. (in 1998), and debt restructuring at Gallo & C. S.p.A. He has served as investment director of PM & Partners and ABN Amro Capital Investments NV. He is a consultant in connection with extraordinary finance transactions and in civil and criminal proceedings involving disputes in economic-business and financial matters. He holds, and has held, roles in corporate governance of companies, including listed ones. He is an associate of NedCommunity, the Italian association of non-executive independent directors. As at the Report Date, Fiorini serves as a Certified Public Accountant and Statutory Auditor at Studio Fiorini.

Paolo Grecco

Graduated in economics and business administration at LUISS University in Rome, he was a tax consultant at Studio Pirola from 1984 to 1996 and a tax consultant at Deloitte & Touché S.p.A. from 1996 to 2004. He is currently self-employed. As at the Report Date, Grecco is not a member or partner of an associated professional firm.

Daniela Delfrate

With a degree in Economics and Business Administration from the Cattolica University in Milan and enrolled in the Register of Certified Public Accountant in Milan, as well as in the register of statutory auditors, Delfrate has significant experience with professional consulting firms and as a statutory auditor of several companies. As at the Report Date, Delfrate is a partner in AndPartners Tax and Law Firm.

Allegra Piccini

Graduated in economics and business administration at LUISS University in Rome and licensed as a Certified Public Accountant, she has worked as a Certified Public Accountant at Studio Piccini & Associati since 2003 and until the Report Date and specializes in corporate law, tax law, business consulting, and taxation.

Alberto Trabucchi

Graduated in Economics and Business Administration at LUISS University in Rome, he is an auditor, independent director, and has served as a member of the board of statutory auditors of major financial institutions and public institutions. He has decades of professional experience, as part of which he has assisted large companies, providing tax advice on particularly complex issues.

In addition to the above, as is the case of the members of the Board of Directors, the members of the Board of Statutory Auditors regularly participate in initiatives aimed at updating their knowledge regarding the business sector in which the Group operates, the drivers for the development of the products and services offered (including the relevant profiles related to compliance with current ESG regulations), and the money laundering and terrorist financing risks, considering, among other things, the geographical areas of reference.

The Board of Statutory Auditors is convened and meets at the initiative of any one of the statutory auditors. It is validly constituted with the presence of the majority of auditors and passes resolutions by the favorable vote of an absolute majority of those present.

During the Year, the Board of Statutory Auditors met 17 times. As at the Report Date, 3 meetings of the control body were held.

The average duration of the Board of Statutory Auditors meetings during the Year was approximately one hour and forty minutes. The meetings took place both in physical presence and by audio-video conference link.

Please refer to Table 4 in the appendix of the Report for more details on this.

Diversity criteria and policies

The Board of Statutory Auditors composition complies with the provisions on gender quotas in corporate bodies of listed companies.

In particular, legal and regulatory provisions requiring that the allocation of the members of the Board of Statutory Auditors to be elected be made according to a criterion that ensures gender balance have been included in the Bylaws. Although Article 148, paragraph 1bis of the TUF, as amended by Italian Law No. 160 of December 27, 2019, specifies that the provisions on gender balance shall apply as of the first renewal of the Board of Statutory Auditors following the listing, providing that the less represented gender obtains at least one-fifth of the total number auditors elected on the occasion of the first renewal and at least two-fifths in the next five consecutive terms (in any case rounded up, with the exception of corporate bodies consisting of three members for which there is rounding down is to the lower unit), the composition of the Issuer's Board of Statutory Auditors, on a voluntary basis, already complies with the requirements for renewals after the first, as well as with Recommendation 8 of the CG Code.

Although the Issuer, as at the Report Date, has not formally adopted specific diversity policies in relation to the composition of the Board of Statutory Auditors with respect to aspects as age, gender composition, disability, or educational and professional background, the composition of the Company's Board of Statutory Auditors reflects an adequate degree of diversity. In fact, the Issuer pays great attention to governance issues; specifically, as at the Report Date, 40% of the Board of Statutory Auditors is female, and, more generally, the members of the control body have a heterogeneous portfolio of experience, as evidenced in more detail in the summary of their respective resumes. Likewise, the age brackets and seniority of office of the members – please refer to the Table on the Composition of the Board of Statutory Auditors as at the Report Date in Section 11.2 above – are appropriately differentiated.

Without prejudice to the foregoing, for the sake of completeness, it should be noted that the Board of Statutory Auditors of the Issuer has adopted its own Regulations for regulating the composition, operating procedures and powers of the body, in accordance with the principles enshrined in the applicable laws and regulations, as well as the Corporate Governance Code.

Independence

On March 14, 2024, after the favorable opinion of the Appointments and Remuneration Committee, the Board of Directors approved the Quantitative and Qualitative Criteria for the process of verifying the independence of the Company's directors and statutory auditors, for the assessment of the significance of the relationships between these parties and the Company and/or the Group, pursuant to Recommendation 7 of the CG Code (see Section 4.7 of the Report).

The Board of Directors and the Board of Statutory Auditors on March 14, 2024 and February 21, 2024, respectively, assessed the independence of their members.

The assessment about the independence of the Independent Directors was subsequently repeated at the March 12, 2025 board meeting. As part of the same board meeting, the Board of Statutory Auditors announced that it too had verified – after a self-assessment formulated by each statutory auditor – the independence requirements of its members.

Remuneration

The remuneration of statutory auditors – determined by the Shareholders' Meeting at the time of appointment as provided for in Article 2402 of the Civil Code and then revised upward by resolution of the Shareholders' Meeting of April 22, 2024 – is commensurate with the commitment required, the relevance of the role held, as well as the size and sectorial characteristics of the Company.

For details on the remuneration of statutory auditors, please refer to the report on remuneration policy and compensation paid, prepared pursuant to Article 123ter of the TUF and the Article 84quater of the Issuers' Regulation, as well as in accordance with the recommendations of Article 5 of the Code, being made available to the public on the Company's websitehttps://www.cy4gate.com/en/ and in the other ways required by current regulations.

Interest management

There are no specific obligations on statutory auditors in cases where they have an interest on their own behalf or on behalf of third parties in a particular transaction of the Company. Before taking each resolution, the Board of Directors shall ask the members of the Board of Statutory Auditors whether they have their own interests in the transaction that is under resolution. A statutory auditor who, on his own behalf or on behalf of a third party, has an interest in a particular transaction of the Issuer shall promptly and fully inform the other statutory auditors and the Chairperson of the Board of the nature, terms, origin, and extent of his/her interest.

11.3 ROLE OF THE BOARD OF STATUTORY AUDITORS

The supervisory activities of the Board of Statutory Auditors are carried out in accordance with the provisions of Article 2403 of the Civil Code, the Italian Legislative Decree 58/1998 (TUF) and the relevant provisions issued by the Supervisory Authorities, in compliance with the recommendations issued by CONSOB and the Rules of Conduct for the Board of Statutory Auditors of Listed Companies prepared by the National Board of Certified Public Accountants and Accounting Experts.

As part of its control activities, the Board of Statutory Auditors acquires the information necessary and useful for assessing the general performance of operations and foreseeable evolution, the adequacy of the organizational system, the internal control and risk management system, and the administrative accounting system, also by attending the Boards of Directors and the Board Committees meetings, as well as examining the information flows prepared by the individual company functions and the audit functions.

In addition to the above, the Board of Statutory Auditors carries out its activities as the Internal Control and Audit Committee, particularly in monitoring the financial reporting process and assessing organizational safeguards aimed at fully implementing regulatory provisions designed to strengthen audit quality and the independence of the auditing firm.

In addition, the Board maintains periodic contacts with the corresponding bodies of the Italian subsidiaries and carries out the in-depth investigations on the Group's foreign scope, including in the framework of its periodic meetings with the departments in charge of controls.

Lastly, the Board of Statutory Auditors takes note of the activities carried out by the Supervisory Body, appointed to ensure the adequacy, compliance and updating of the organization and management model pursuant to Italian Legislative Decree 231/01, and supervises the requirements of efficiency and independence related to it by means of periodic meetings.

During the Year, the Board of Statutory Auditors carried out its supervisory activities, in particular:

on compliance with relevant statutory and regulatory requirements;
on compliance with the Law and the Bylaws and the principles of sound administration regarding the transactions carried out by the Company, including intra-group transactions and those with related parties;
on the Company's governance system and the implementation of corporate governance rules, as also set forth in the Corporate Governance Code promoted by Borsa Italiana and adopted by the Company;
on the degree of adequacy of the Company's organizational structure, including its interactions, relationships and connections with its Subsidiaries, through direct surveys, collection of information from the heads of the functions concerned, and exchanges of data and information with the Auditing Firm;
on the functioning of the administrative and accounting system in order to assess its adequacy with respect to management needs and reliability in the representation of operating events, through direct appraisals of company documents, obtaining information from the heads of the respective functions, and analyzing the results of the work carried out by the Auditing Firm;
on compliance with control procedures related to the administrative and accounting system, through contacts with the Chief Financial Officer and Financial Reporting Officer, and on the financial reporting process, also in relation to the activities promoted by the Group in the area of sustainability and social-environmental impact;
on the completeness, adequacy, functionality and reliability of the internal control and risk management system at the Group level, by gathering information and documentation, as well as through periodic meetings with Top Management, the Control Functions (Compliance, Anti-Money Laundering, Risk Management, Internal Audit), the Financial Reporting Officer, also through constant participation in the works of the Control, Risk and Sustainability Committee;
on the strategic and management control performed by the Company in its capacity as parent company.

For more detailed information on the above, please refer to the report prepared by the Board of Statutory Auditors pursuant to Article 153 of the TUF to be submitted to the Shareholders' Meeting scheduled for April 28, 2025.

12. RELATIONS WITH SHAREHOLDERS AND OTHER RELEVANT STAKEHOLDERS

The Issuer considers it to be in its own specific interest – as well as a duty to the market – to ensure a constant and open relationship with shareholders, institutional investors, other relevant stakeholders and, in general, operators in the financial community, with the aim of increasing the level of understanding about the activities carried out by the Company and the Group in compliance with the internal rules and procedures governing the disclosure of inside information. In this context, the Board of Directors strives for the systematic dissemination of correct, exhaustive and timely information about the Group to shareholders, investors, and more generally to all stakeholders interested in the Issuer and the Group, also in light of the indications formulated by CONSOB on the subject, the principles expressed by the Code and market best practices.

Access to information

The Issuer has established an easily identifiable and accessible special section within its website in which information concerning the Issuer that is relevant to its shareholders is made available, so that shareholders can exercise their rights in an informed manner.

On September 22, 2021, the Board of Directors appointed Marco Latini as Chief Financial Officer and Investor Relator.

Subsequently, on 12 March 2025, the Board of Directors, following the consensual termination of Mr. Latini's employment relationship, appointed Ms. Arianna Ciccolella as Chief Financial Officer and the Financial Reporting Officer pursuant to Article 154-bis of the Consolidated Law on Finance and Alessia Pisoni as Investor Relator.

For more information, please refer to the Issuer's website https://www.cy4gate.com/en/, Investor Relations section.

Dialogue with shareholders

The Board of Directors strives to establish an ongoing dialogue with shareholders. In particular, the Issuer ensures the systematic dissemination – to investors, the market and the media – of comprehensive and timely information on its activities, in accordance with the Company's well-established practice, in line with market best practices, and subject to the confidentiality requirements that certain information may present. Such disclosures are ensured through press releases, regular meetings with institutional investors, the financial community and the press, and extensive documentation and numerous publications made available and constantly updated on the Company's website https://www.cy4gate.com/en/, specifically in Investor Relations Section. Further information can also always be requested via e-mail to [email protected].

The Chief Executive Officer ensures that the Board is informed, in any case by the first useful meeting, of the development and significant contents of the dialogue that has taken place with the Group's shareholders and stakeholders.

In addition to the above, on May 18, 2023, the Issuer adopted a policy for managing dialogue with shareholders (the "Policy"), prepared in adherence to the principles and recommendations set forth in the Code and considering market best practices. The Policy aims to pursue the aim of raising the level of transparency and investor engagement, in accordance with the principles outlined in the Shareholder Rights Directive II, and serves as a functional tool to promote the success of the Issuer through the creation of long-term value for the benefit of Shareholders, also taking into account the interests of stakeholders, as well as the environmental, social, and economic impacts of its business.

During the Year, in order to consider and analyze the interests and opinions of stakeholders in the business strategy and business model, the Company participated in industry conferences and meetings, organized meetings and met with institutional investors at roadshows, one to one, virtual and physical conferences.

To enable maximum shareholder involvement, the disclosure documents prepared by the Company on these occasions were made available on its website.

The Company identifies the Group's relevant stakeholders, understood as those "groups and individuals who have specific interests on which the Group's activities have an effect and/or who contribute in various ways to the Group's business and very existence". For each stakeholder category, the Board of Directors, which, for this purpose, is supported by the Control, Risk and Sustainability Committee, examines the relevant issues and related risks and opportunities within the various areas of sustainability, which are to be taken into account when defining management strategies and targets. The findings of such "discussions" may be relevant in the implementation of the Company's sustainable success, where they are in accordance with the business strategy outlined by the Board of Directors and, likewise, matching the interest of shareholders, including minority shareholders.

In particular, the Company pays special attention to understanding the interests and opinions of key stakeholders, which are taken into account in its future programs, including with regard to the profiles of the company's sustainability-related impacts.

13. SHAREHOLDERS MEETINGS

Shareholders' meetings, whether in ordinary or extraordinary session, are held in a single call, pursuant to Article 2369, par. 1 of the Civil Code. However, the Board of Directors may establish, if it deems it advisable and giving express indication in the call notice, that the Ordinary Shareholders' Meeting be held in two calls and the Extraordinary Shareholders' Meeting in two or three calls, applying the majorities respectively established by the laws and regulations in force.

The power to convene the Shareholders' Meeting rests with the Board of Directors, without prejudice to the right of the Board of Statutory Auditors or at least two members of it to do so, pursuant to Article 151 of the TUF and other applicable laws and regulations.

The operation of the Meeting is regulated by the Bylaws in accordance with applicable legal provisions.

Entitlement to participate in the meeting is attested by a communication to the Company, made by the intermediary authorized to keep accounts in accordance with the law, based on the evidence of its accounting records on the end of the accounting day of the seventh open market day prior to the date set for the meeting in a single call, and received by the Company within the legal deadline.

Those who are entitled to vote may be represented at the meeting by proxy issued in the manner prescribed by current regulations. The proxy may also be notified to the Company electronically in the manner specified in the notice of the meeting.

The Company may designate, for each meeting, with an indication contained in the notice of the meeting, a person to whom the shareholders may grant proxy with voting instructions on all or some of the proposals on the agenda, within the terms and in the manner prescribed by law.

The Meeting may be held with attendees located in more than one place, whether contiguous or distant, audio/video connected, provided that the collegial method and the principles of good faith and equal treatment of members, as well as the additional conditions provided for in the Bylaws, are respected.

The Bylaws provide that, where provided for and/or permitted by the regulations in force, the Company may provide in the call notice that attendance and the exercise of voting rights at the meeting shall take place exclusively through the granting of proxies pursuant to Article 135undecies of the TUF (as well as proxies or sub-proxies pursuant to Article 135novies of the TUF, as an exception to Article 135undecies, paragraph 4, of the TUF) to the representative designated pursuant to Article 135-undecies.1 of the TUF.

In the event that the Company's Board of Directors makes use of the option referred to in the preceding paragraph, it may provide that participation in the shareholders' meeting by the entitled parties (directors, statutory auditors, representatives of the auditing firm, the Notary Public, the designated representative, and other persons who are allowed to attend the meeting pursuant to the law and the Company's Bylaws, other than those who are entitled to vote) may also or only take place by means of telecommunications that ensure their identification, without the need for the Chairperson, Secretary and/or Notary to be in the same place, provided that the conditions set forth in the Bylaws are met.

The Meeting shall act in ordinary and extraordinary session on matters reserved to it by law and the Bylaws, under the majorities established by law.

Each share confers the right to one vote at ordinary and extraordinary meetings of the Company.

The Shareholders' Meeting is chaired by the Chairperson of the Board of Directors or, in his/her absence or impediment, by the vice chairperson where appointed or, in his/her absence or impediment, by another person delegated by the Board of Directors or, in the alternative, by the person designated by a majority vote of those present, where applicable.

Function, powers and duties of the Chairperson are regulated by law.

Pursuant to Article 15 of the Bylaws, the Chairperson is assisted by a secretary who may also be a non-director and/or non-shareholder and, if necessary, one or more tellers, who may also be non-directors and/or non-shareholders, tasked for this purpose by the Board of Directors. The assistance of the secretary is not required if the minutes are prepared by a notary public.

Meetings are governed by law and the Bylaws.

During the Year, the Shareholders' Meeting met twice.

These meetings were attended by 8 and 6 directors and 1 and 3 members of the Board of Statutory Auditors, respectively.

The Board endeavored to ensure that shareholders were adequately informed, publishing on its website the documents to be submitted to the Shareholders' Meeting for review and approval within the legal deadlines, so that they could contribute to the meeting's decisions in an informed manner.

The Board did not deem it necessary during the Year to develop proposals to submit to the Shareholders' Meeting regarding the choice and characteristics of the corporate model (deeming the current one to be adequate), nor regarding issues related to administrative and equity rights of shares and percentages for the exercise of prerogatives placed to protect minority shareholders.

More generally, the Board of Directors reports to the Shareholders' Meeting on the activities carried out and planned, and endeavors to ensure that the shareholders are adequately informed about the necessary elements so that they are duly informed to take the decisions within the competence of the Shareholders' Meeting. In particular, in the context of the emergency related to the COVID-19 pandemic, by virtue of the provisions of Article 106, paragraph 4, of Italian Decree Law No. 18 of March 17, 2020 (the "Cura Italia" Decree), as extended several times over the past four years, the ways through which the Board performs its duties in terms of reporting to the Meeting have evolved, so that the Meeting can carry out its informational and debate function. Said modes are basically divided into three distinct moments:

(i) the presentation by the Board of Directors of proposed resolutions to the Meeting;
(ii) making reports and relevant documentation available to the public;
(iii) the expression of the shareholder's vote on the proposed resolutions formulated by the Board of Directors, developed at a time prior to the shareholders' meeting,

possibly also as a result of, among other things, direct meetings with the Chairperson and Management in application of the engagement policies, which provide for constantly open channels of communication between shareholders and the Company.

The Chairperson of each Board Committee reports to the Shareholders on how the works of the Committee are being carried out.

14. ADDITIONAL CORPORATE GOVERNANCE PROCEDURES (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.A), SECOND PART, OF THE TUF)

As at the Report Date, no additional corporate governance procedures, if any, have been adopted beyond those already stated in the Report.

15. CHANGES AFTER THE END OF THE YEAR

Except as explained in the Report, there have been no changes in the Issuer's corporate governance structure from the closing date of the Year to the Report Date.

16. CONSIDERATIONS ON THE LETTER FROM THE CHAIRPERSON OF THE CORPORATE GOVERNANCE COMMITTEE

On December 17, 2024, the Company received the letter from the Chairperson of the Corporate Governance Committee. The recommendations for 2024, contained in the letter, were brought to the attention of the Board of Directors at the January 24, 2025 meeting.

The recommendations made in the aforementioned letter were then reviewed and specifically considered by the management body at its meeting on March 12, 2025, when approving the Report. There, the following emerged.

Completeness and timeliness of pre-meeting information

With reference to the recommendation to provide all useful information on how to apply Recommendation 11 of the CG Code, and considering that the failure to set deadlines for the prior submission of information to the board and committees, and/or the failure to provide information on the actual compliance with the deadlines and/or the provision, included in the board regulations or adopted in practice, allowing for derogating from the timeliness of the information for reasons of confidentiality may constitute the disapplication of Recommendation 11 of the CG Code, the following should be noted: the Board of Directors has adopted its own regulations governing its operation as well as regulations for each of the Board committees. Among the provisions included within these documents are specific regulations regarding complete and exhaustive pre-board meeting information, the manner and terms for making available documentation in support of each meeting (typically after the meeting has been called), with limited exceptions to making documentation available well in advance due to urgent situations, among which it seems appropriate to include those attributable to reasons of confidentiality. For the year ended December 31, 2024, the timelines stipulated in the

aforementioned regulations on the operation of the Board were met with a few exceptions.

Transparency and effectiveness of remuneration policy

With regard to the recommendation to provide comprehensive information on how Recommendation 27 of the CG Code is applied, and considering that including variable components in the remuneration policy linked to broad sustainability objectives without specific evaluation parameters, or extraordinary one-off payments with undefined nature, objectives, and lacking adequate deliberative procedures, may lead to the disapplication of Recommendation 27, the following should be noted: as detailed in the report on the remuneration policy and compensation paid, prepared pursuant to articles 123ter of the TUF and 84quater of the Issuers' Regulation, the remuneration policy for executive directors and top management applied by the Company provides for an adequate balance between the fixed component and the variable component and is defined in line with the Company's strategic objectives, as well as the provision of performance-related targets, to which the disbursement of the variable components is linked, the latter being predetermined, measurable and linked in significant part to a long-term timeframe. Specifically, the Board of Directors approved an incentive plan called the "Share-Based Incentive Plan 2023-2025", consisting of the granting of rights that give beneficiaries the opportunity to receive ordinary shares of the Company free of charge, based on the year's ratio (expected to be 1:1), upon the achievement of certain financial and ESG targets.

Executive role of the Chairperson

With reference to the recommendation to provide all relevant information on how Recommendation 4 of the CG Code should be applied, bearing in mind that the lack of an adequately reasoned explanation of the choice to give the Chairperson significant managerial authority (whether he/she is the CEO or not) may constitute a disapplication of Recommendation 4 of the Code. In the event of actual disapplication, companies are therefore asked to clearly state this in the corporate governance report, explaining: the reasons, how the decision to disapply this was made within the company, and how it is intended to ensure compliance with Principles V and X of the Code, it should be noted that the said recommendation is deemed inapplicable since the Chairperson of the Board of Directors of the Company has not been granted managerial authority.

The recommendations made in the Letter from the Chairperson of the Corporate Governance Committee have also been brought to the attention, to the extent of its competence, of the Board of Statutory Auditors, which has taken note of them.

* * *

Rome, March 12, 2025

CY4Gate S.p.A. The Chief Executive Officer Emanuele Galtieri

TABLE 1: INFORMATION ON OWNERSHIP STRUCTURE AS AT 12/03/2025

SHARE CAPITAL STRUCTUR
	Shares	NVoting rights	Listed	Rights and obligations
Azioni ordinarie (*)	23.571.428	23.571.428	Listed at Euronext STAR Milan	No increase in voting rights is envisaged
Preferred Shares	/	/	/	/
Multiple-vote shares	/	/	/	/
Other categories of shares with multiple voting rights	/	/	/	/
Saving shares	/	/	/	/
Convertible savings shares	/	/	/	/
Other non-voting share classes	/	/	/	/
Other	/	/	/	/

(*) For the sake of completeness, please note that, as of the Report Date, the Company holds 450,0000 treasury shares.

OTHER FINANCIAL INSTRUMENTS (granting the right to subscribe for newly issued shares)
	Listed	No. of instruments in circulation	Category of shares serving the conversion/exercise	No. of shares for conversion/ exercise
Convertible Bonds	/	/	/	/
Warrant	/	/	/	/

SIGNIFICANT SHAREHOLDINGS IN THE CAPITAL
Declarant	Direct Shareholder	% share of ordinary share capital	% share of voting capital
Elettronica S.p.A	Elettronica S.p.A.	38,38%	38,38%
TEC Cyber S.p.A.	TEC Cyber S.p.A.	16,16%	16,16%
First Capital S.p.A.	First SICAF S.p.A.	5,30%	5,30%

Board of Directors
Role	Member	Year of birth	Date of first appointme nt (*)	In office from	In office until	List (**)	List (M/m) (***)	Executiv e	Non executiv e	Indepen dent Code	Indepen dent. TUF	Other appointments (****)	Parteicipatio n (*)
Chairman	Domitilla Benigni	4 April 1969	15 May 2020	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	M	X (§)				TIM	9/9
Chief Exectuive Officer	Emanuele Galtieri	23 October 1974	31 March 2021	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	M	X					9/9
Director	Roberto Ferraresi	3 July 1975	7 February 2022	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	m		X			Philogen	8/9
Director	Alessandro Chimenton	7 December 1961	26 July 2023	26 July 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	M		X				9/9
Director	Alberto Luigi Sangiovanni Vincentelli	23 June 1947	22 June 2020	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	M		X			Cadence Design System, Board Member and co-Founder, Finance Committee, Governance and Nomination Committee, NASDAQ.	9/9

TABLE 2: STRUCTURE OF THE BOARD OF DIRECTORS AT THE END OF THE FINANCIAL YEAR

												KPIT Technologies, Board member, Remuneration and Nominating Committee, Indian Stock Exchange
Director	Paolo Izzo	15 June 1973	4 November 2022	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	M		X				8/9
Director	Alessandra Bucci	30 July 1966	27 April 2023	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	M		X	X	X	Unidata	9/9
Director	Cinzia Parolini	27 January 1959	4 August 2021	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	M		X	X	X		9/9
Director	Maria Giovanna Calloni	26 December 1964	27 April 2023	27 April 2023	until the approval of the financial statements as at 31 December 2025	Shareholders	m		X	X	X	DeNora EuroGroup Laminations Philogen	9/9
			--------------------------------			Directors terminated during the financial year --------------------------------
Director	/	/	/	/	/	/	/	/	/	/	/	/	/

NOTES

The following symbols are to be inserted in the 'Charge' column:

This symbol indicates the director in charge of the internal control and risk management system.
This symbol indicates the Lead Independent Director (LID).
(*) The date of first appointment of each director means the date on which the director was appointed to the Issuer's Board of Directors for the first time (ever).
(**) This column indicates whether the list from which each director was drawn was presented by shareholders (indicating 'Shareholders') or by the BoD (indicating 'BoD').
(***) This column indicates whether the list from which each director was drawn is 'majority' (indicating 'M') or "minority" (indicating 'm').
(****) This column indicates the number of directorships or auditor appointments held by the person concerned in other listed companies or companies of significant size. In the Corporate Governance Report, the offices are indicated in full.

(*****) This column indicates the attendance of directors at meetings of the Board of Directors (indicate the number of meetings attended with respect to the total number of meetings that could have been attended; e.g. 6/8; 8/8 etc.). (§) Not in possession of management proxies.

Consiglio di Amministrazione			Executive Committee		Related Parties Committee		Risk, Control and Sustainability Committee		Remuneration Committee		Nomination Committee		Strategic Committee	Other
Role	Member	(*)	(**)	(*)	(**)	(*)	(**)	(*)	(**)	(*)	(**)	(*)	(**)	(*)	(**)
Chairman (§)	Domitilla Benigni
Chief Executive Officer	Emanuele Galtieri												M
Non-independent non-executive director	Roberto Ferraresi						M						M
Non-independent non-executive director	Alessandro Chimenton
Non-independent non-executive director	Alberto Luigi Sangiovanni Vincentelli												P
Non-independent non-executive director	Paolo Izzo								M		M		M
Independent non executive director	Alessandra Bucci				M		M		P		P
Independent non executive director	Cinzia Parolini				M		P
Independent non executive director	Maria Giovanna Calloni				P				M		M
				--------------------------------						Directors terminated during the financial year --------------------------------
	/	/	/	/	/	/	/	/	/	/	/	/	/	/	/
NOTES

TABLE 3: BOARD COMMITTEES STRUCTURE AT THE END OF THE FINANCIAL YEAR

(*) This column indicates the directors' participation in committee meetings (indicate the number of meetings attended out of the total number of meetings attended; e.g. 6/8; 8/8 etc.).

(**) This column indicates the qualification of the director within the committee: 'P': chairman; 'M': member.

(§) Not in possession of management proxies.

	STATUTORY AUDITORS
Role	Member	Year of birth	Data di prima nomina (*)	In office from	In office until	List Independence (M/m) (**)		Partecipation (***)	No of other appointments (****)
Chairman	Stefano Fiorini	15.07.1969	15.05.2020	27.04.2023	until the approval of the financial statements as at 31 December 2025	m	x	17/17	23
Acting Auditor	Paolo Grecco	10.05.1958	15.05.2020	27.04.2023	until the approval of the financial statements as at 31 December 2025	M	x	17/17	7
Acting Auditor	Daniela Delfrate	12.08.1965	4.08.2021	27.04.2023	until the approval of the financial statements as at 31 December 2025	M	x	17/17	11
Alternate Auditor	Allegra Piccini	12.04.1975	27.04.2023	27.04.2023	until the approval of the financial statements as at 31 December 2025	M	x	N/A	0
Alternate Auditor	Alberto Trabucchi	20.10.1970	22.04.2024	27.04.2023	until the approval of the financial statements as at 31 December 2025	M	x	N/A	1
					-----------------SINDACI CESSATI DURANTE L'ESERCIZIO -----------------
/	/	/	/	/	/	/	/	/	/

TABLE 4: STRUCTURE OF THE STATUTORY AUDITORS AT THE END OF THE FINANCIAL YEAR

NOTES

(*) The date of first appointment of each auditor means the date on which the auditor was appointed to the Issuer's board of statutory auditors for the first time (ever).

(**) This column indicates whether the list from which each statutory auditor was drawn is 'majority' (indicating 'M'), or "minority" (indicating 'm'),

(***) This column indicates the participation of the statutory auditors in the meetings of the board of statutory auditors (indicating the number of meetings attended with respect to the total number of meetings that could have been attended; e.g. 6/8; 8/8 etc.).

(****) This column indicates the number of directorships or auditor appointments held by the person concerned pursuant to Article 148-bis of the Consolidated Law on Finance and its implementing provisions contained in the Consob Issuers' Regulations. The complete list of offices is published by Consob on its website pursuant to Article 144-quinquiesdecies of the Consob Issuers' Regulations.

AI Terminal

CY4GATE S.p.A.

6295_rns_2025-04-04_695e8372-06cf-47d3-9dc3-1451ab7b970f.pdf

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURE

TABLE OF CONTENTS

GLOSSARY

FOREWORD

1. ISSUER PROFILE

2. INFORMATION ON OWNERSHIP STRUCTURE (PURSUANT TO ART. 123-BIS, PARAGRAPH 1, OF THE TUF) AS AT THE REPORT DATE

a) Share capital structure (pursuant to Art. 123-bis, paragraph 1.a, of the TUF)

b) Restrictions on the transfer of securities (pursuant to Art. 123-bis, paragraph 1.b, of the TUF)

c) Significant shareholdings in the capital (pursuant to Art. 123-bis, paragraph 1.c, of the TUF)

d) Securities that confer special rights (pursuant to Art. 123-bis, paragraph 1.d, of the TUF)

e) Employee shareholding: mechanism for exercising voting rights (pursuant to Art. 123- bis, paragraph 1.e, of the TUF)

f) Restrictions on voting rights (pursuant to Art. 123-bis, paragraph 1.f), of the TUF)

g) Shareholder agreements (pursuant to Art. 123-bis, paragraph 1.g, of the TUF)

h) Change of control clauses (pursuant to Art. 123-bis, paragraph 1.h of the TUF) and statutory provisions on takeover bids (pursuant to Arts. 104, paragraph 1-ter, and 104- bis, paragraph 1, of the TUF)

i) Powers of attorney to increase the share capital and authorization to purchase treasury shares (pursuant to Art. 123-bis, paragraph 1.m, of the TUF)

l) Management and coordination activities (pursuant to Arts. 2497 et seq. of the Civil Code)

3. COMPLIANCE (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.A), FIRST PART, OF THE TUF)

4. BOARD OF DIRECTORS

4.1 ROLE OF THE BOARD OF DIRECTORS

4.2 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123-BIS, PARAGRAPH 1.L), FIRST PART, OF THE TUF)

4.3 COMPOSITION (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) AND 2.D-BIS) OF THE TUF)

Domitilla Benigni

Emanuele Galtieri

Roberto Ferraresi

Paolo Izzo

Alessandro Chimenton

Alberto Luigi Sangiovanni Vincentelli

Cinzia Parolini

Alessandra Bucci

Maria Giovanna Calloni

Diversity criteria and policies in board composition and corporate organization

Maximum number of positions held in other companies

4.4 OPERATION OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF)

4.5 ROLE OF THE CHAIRPERSON OF THE BOARD OF DIRECTORS

Board Secretary

4.6 EXECUTIVE DIRECTORS

Chief Executive Officers

A. General representation of the Company

B. Relations with Authorities and Administrations

C. Representation in Litigation

D. Management of the Company

Chairwoman of the Board of Directors

A. General representation of the Company

B. Relations with Authorities and Administrations

C. Representation in Litigation

D. Management of the Company

Executive Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

Disclosures to the Board by directors/delegated bodies

Other executive directors

4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR

Independent directors

Lead Independent Director

5. CORPORATE INFORMATION MANAGEMENT

Procedure for handling Inside Information and maintaining the Insider Register

6. BOARD COMMITTEES (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF)

Additional committees (other than those required by regulation or recommended by the Code)

7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE

7.1 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS

7.2 APPOINTMENTS COMMITTEE

Composition and operation of the Appointments Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

Functions of the Appointments Committee

8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE

8.1 REMUNERATION OF DIRECTORS

8.2 REMUNERATION COMMITTEE

Composition and operation of the Remuneration Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

Functions of the Remuneration Committee

9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM – CONTROL AND RISK COMMITTEE

Main characteristics of the existing risk management and internal control system in relation to the financial reporting process (pursuant to Art. 123-bis, paragraph 2.b) of the TUF)

Foreword

Characteristics of the Group's internal control and risk management system

Roles and functions involved:

9.1 CHIEF EXECUTIVE OFFICER

9.2 CONTROL, RISK AND SUSTAINABILITY COMMITTEE

Composition and operation of the Control, Risk and Sustainability Committee (pursuant to Art. 123bis, paragraph 2.d) of the TUF)

Functions assigned to the Control, Risk and Sustainability Committee

9.3 HEAD OF INTERNAL AUDIT

9.4 ORGANIZATIONAL MODEL PURSUANT TO ITALIAN LEGISLATIVE DECREE 231/2001