Skip to main content

AI assistant

Sign in to chat with this filing

The assistant answers questions, extracts KPIs, and summarises risk factors directly from the filing text.

Sign up Log in

CY4GATE S.p.A. Governance Information 2026

Mar 31, 2026

6295_rns_2026-03-31_c59dd0a9-e609-4ba2-9491-ad4f756deb9d.pdf

Governance Information

Open in viewer

Opens in your device viewer

CY4GATE S.P.A.

REPORT ON CORPORATE GOVERNANCE AND OWNERSHIP STRUCTURE

pursuant to Art. 123-bis of Italian Legislative Decree No. 58 of February 24, 1998 (Traditional management and control model)

year ended December 31, 2025

https://www.cy4gate.com/en/

This report on corporate governance and ownership structure of CY4GATE S.p.A. was approved by the Board of Directors on March 12, 2026

TABLE OF CONTENTS

TABLE OF CONTENTS2
GLOSSARY4
FOREWORD 6
ISSUER PROFILE 71.
2. INFORMATION ON OWNERSHIP STRUCTURE (PURSUANT TO ART. 123-BIS, PARAGRAPH 1,OF THE TUF) AT THE REPORT DATE 9
a) Share capital structure (pursuant to Art. 123-bis, paragraph 1.a, of the TUF)9
b) Restrictions on the transfer of securities (pursuant to Art. 123-bis, paragraph 1.b, of the TUF)9
c) Significant shareholdings in the capital (pursuant to Art. 123-bis, paragraph 1.c, of the TUF)9
d) Securities that confer special rights (pursuant to Art. 123-bis, paragraph 1.d, of the TUF)10
e) Employee shareholding: mechanism for exercising voting rights (pursuant to Art. 123-bis,paragraph 1.e, of the TUF)10
f) Restrictions on voting rights (pursuant to Art. 123-bis, paragraph 1.f), of the TUF)11
g) Shareholder agreements (pursuant to Art. 123-bis, paragraph 1.g, of the TUF) 11
h) Change of control clauses (pursuant to Art. 123-bis, paragraph 1.h of the TUF) and statutoryprovisions on takeover bids (pursuant to Arts. 104, paragraph 1-ter, and 104-bis, paragraph 1, of theTUF) 11
i) Powers of attorney to increase the share capital and authorization to repurchase treasury shares(pursuant to Art. 123-bis, paragraph 1.m, of the TUF)11
l) Management and coordination activities (pursuant to Arts. 2497 et seq. of the Civil Code) 12
3. COMPLIANCE (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.A), FIRST PART, OF THE TUF) 14
4. BOARD OF DIRECTORS 53
4.1 ROLE OF THE BOARD OF DIRECTORS 53
4.2 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123-BIS, PARAGRAPH1.L), FIRST PART, OF THE TUF)57
4.3 COMPOSITION (PURSUANT TO ART. 123-BIS, PARAGRAPHS 2.D) AND 2.D-BIS) OFTHE TUF) 60
4.4 OPERATION OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123-BIS,PARAGRAPH 2.D) OF THE TUF)66
4.5 ROLE OF THE EXECUTIVE CHAIRPERSON OF THE BOARD OF DIRECTORS69
4.6 OTHER EXECUTIVE DIRECTORS70
4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR71
5. CORPORATE INFORMATION MANAGEMENT 73
6. BOARD COMMITTEES (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF) 73
7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE77
7.1 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS77
7.2 APPOINTMENTS COMMITTEE78
8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE79
8.1 REMUNERATION OF DIRECTORS79
8.2 REMUNERATION COMMITTEE79
9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM –CONTROL AND RISKCOMMITTEE80
9.1 CHIEF EXECUTIVE OFFICER85
9.2 CONTROL, RISK AND SUSTAINABILITY COMMITTEE 86
9.3 HEAD OF INTERNAL AUDIT87
9.4 ORGANIZATIONAL MODEL PURSUANT TO ITALIAN LEGISLATIVE DECREE231/200188
9.5 AUDITORS 89
9.6 FINANCIAL REPORTING OFFICER AND OTHER CORPORATE ROLES ANDFUNCTIONS90
9.7 COORDINATION OF THE PARTIES INVOLVED IN THE INTERNAL CONTROLAND RISK MANAGEMENT SYSTEM 91
10. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS 91
11. BOARD OF STATUTORY AUDITORS 92
11.1 APPOINTMENT AND REPLACEMENT92
11.2 COMPOSITION AND OPERATION OF THE BOARD OF STATUTORY AUDITORS(PURSUANT TO ART. 123-BIS, PARAGRAPHS 2.D) AND 2.D-BIS) OF THE TUF) 94
11.3 ROLE OF THE BOARD OF STATUTORY AUDITORS99
12. RELATIONS WITH SHAREHOLDERS AND OTHER RELEVANT STAKEHOLDERS 101
13. SHAREHOLDERS' MEETINGS102
14. ADDITIONAL CORPORATE GOVERNANCE PROCEDURES (PURSUANT TO ART. 123-BIS,PARAGRAPH 2.A), SECOND PART, OF THE TUF)104
15. CHANGES AFTER THE END OF THE YEAR 104
16. CONSIDERATIONS ON THE LETTER FROM THE CHAIRPERSON OF THE CORPORATEGOVERNANCE COMMITTEE 104
TABLE 1: INFORMATION ON THE OWNERSHIP STRUCTURES AT 03/12/2026 53
TABLE 2: STRUCTURE OF THE BOARD OF DIRECTORS AT THE END OF THE YEAR 55
TABLE 3: BOARD COMMITTEE STRUCTURE AT THE END OF THE YEAR58
TABLE 4: STRUCTURE OF THE BOARD OF STATUTORY AUDITORS AT THE END OFTHE YEAR 61

GLOSSARY

Chief ExecutiveOfficer The Company's Chief Executive Officer.
Shareholders'Meeting The Company's Shareholders'Meeting.
Borsa Italiana Borsa ItalianaS.p.A., based in Milan, Piazza Affari No. 6.
Code/CG Code The Corporate Governance Code for Listed CompaniesapprovedinJanuary2020bytheItalianCorporateGovernance Committee.
Civil Code The Italian Civil Code.
Board ofStatutoryAuditors The Company's Board of Statutory Auditors.
CorporateGovernanceCommittee The Italian Corporate Governance Committee of ListedCompanies, promoted not only by Borsa Italiana S.p.A. butalso by ABI, Ania, Assogestioni, Assonime and Confindustria.
CONSOB TheItalianNationalCommissionforCompaniesandtheStock Exchange (Commissione Nazionale per le Società e laBorsa) in Rome, Via Martini No. 3.
Board ofDirectors orBoard The Issuer's Board of Directors.
Report Date March 12, 2026, the date of approval of the Report by theIssuer's Board of Directors.
Decree 231 Italian Legislative Decree No. 231 of June 8, 2001.
FinancialReportingOfficer The executive responsible for preparing the Company'scorporate accounting documents pursuant to Article 154-bisof the TUF.
Issuer, CY4 orCompany CY4GATE S.p.A., with registered office in Rome (RM), ViaCoponia No. 8, enrolled to the Register of Companies ofRome under number, tax code, VAT number 13129151000,R.E.A. (Economic and Administrative Register) of Rome No.1426295, LEI code 8156005DEB4D90F3E360.
Year The fiscal year ended December 31, 2025 to which the Reportrefers.
ESRSs The sustainability reporting principles defined in CommissionDelegated Regulation (EU) 2023/2772 of July 31, 2023.
EXM Euronext Milan, a regulated market organized and managedby Borsa Italiana S.p.A.
Group CY4GATE S.p.A. and its subsidiaries, collectively, pursuantto Article 2359 of the Civil Code and Article 93 of the TUF.
231 Model The organization, management and control model adopted bythe Company pursuant to Italian Legislative Decree No. 231of June 8, 2001.
RPT Procedure It has the meaning set out in Paragraph 10 of the Report.
Issuers'Regulation TheRegulationissuedbyCONSOBwithresolutionNo.11971 of May 14, 1999 on issuers, as amended andsupplemented.
Related-PartyRegulation orRPT Regulation The Regulation issued by CONSOB with resolution No.17221 of March 12, 2010 on related-party transactions, asamended and supplemented.
Report This Report on Corporate Governance prepared pursuant toArticles 123-bisof the TUF and 89-bisof the Issuers'Regulation.
ICRMS The Internal Control and Risk Management System adoptedby the Company.
Bylaws The Issuer's bylaws in effect at the Report Date.
TUF Italian Legislative Decree No. 58 of February 24, 1998,asamended and supplemented.

Unless otherwise specified, the definitions set out in the CG Code relating to the following shall be considered to be incorporated herein by reference: Directors, Executive Directors, Independent Directors, Significant Shareholder, Chief Executive Officer (CEO), Administrative Body, Control Body, Business Plan, Company with Concentrated Ownership, Large Company, Sustainable Success, Top Management.

Furthermore, unless otherwise specified, any sections referring to the content of the applicable ESRSs shall also be deemed to incorporate by reference the definitions set out therein, in particular those relating to: lobbying activities, value chain, affected communities, bribery and corruption, corporate culture, consumers, sustainability statement, employee, discrimination, suppliers, own workforce, impacts, sustainability impacts, workers in the value chain, workers who are not employees, independent members of the board of directors, metrics, business model, harassment, target, opportunities, sustainability opportunities, management and control bodies, policy, deprived populations, stakeholders, sustainability issues, materiality, risks, sustainability risks, end users.

FOREWORD

The Report, approved by the Board of Directors on March 12, 2026, aims to provide a general and comprehensive overview of the corporate governance system adopted by CY4GATE S.p.A., in order to ensure fairness and transparency in corporate disclosures.

This document has been drawn up in accordance with Art. 123-bis of the TUF and in light of the recommendations of the Corporate Governance Code, as well as taking into account the document "Format per la relazione sul governo societario e gli assetti proprietari" (Format for the report on corporate governance and ownership structure) issued by Borsa Italiana and made available to issuers in December 2024.

On May 2, 2023, the Board of Directors resolved to endorse the CG Code. The Report aims, among other things, to provide disclosure to the market on how CY4 is implementing the CG Code.

At the Report Date, CY4 is listed in the EXM - STAR Segment.

The Report is published on the Company's website at https://www.cy4gate.com/en/governance/, Governance Section.

1. ISSUER PROFILE

The corporate governance structure of CY4, which adopts the traditional management and control system, consists of the following corporate bodies:

  • (i) the Board of Directors, which is responsible for the corporate management;
  • (ii) the Board of Statutory Auditors, which is responsible for supervising (i) compliance with the law and the Bylaws and the observance of the principles of sound administration, (ii) the adequacy of the internal control system and the managementaccounting system, as well as the latter's reliability in correctly representing operating events, (iii) the concrete implementation of the corporate governance rules provided for in codes of conduct drawn up by regulated markets management companies or by trade associations, which the Company, by means of public disclosures, declares it complies with, (iv) the adequacy of the instructions given to subsidiaries in relation to the obligations to disclose inside information, and (v) the financial reporting process, the effectiveness of the internal control, internal audit, and risk management systems, the statutory audit of the annual and consolidated accounts, and the independence of the auditors;
  • (iii) the Shareholders' Meeting, which is competent to pass resolutions on matters reserved to it by the law or the Bylaws.

Three committees are established within the Board of Directors:

  • (i) the Control, Risk and Sustainability Committee, which has the task of assisting the Board of Directors, with investigative, proposal and advisory functions, in evaluations and decisions related to the internal control and risk management system, as well as in matters concerning the Company's sustainability issues.
  • (ii) the Appointments and Remuneration Committee, which performs appraisal, proposal, and advisory functions for the Board of Directors, with respect to: (a) appointments, supporting the Board of Directors - inter alia - by expressing opinions regarding the size, optimal composition and actual functioning of the Board of Directors and its Committees, as well as recommendations regarding the managerial and professional positions whose presence is deemed appropriate; and (b) remuneration, by, among other things, drafting a proposal for the Company's remuneration policy and submitting proposals or expressing opinions on the remuneration of executive directors and other directors who hold special offices as well as on setting performance targets related to the variable component of such remuneration; and, more generally, supporting the management body in its self-assessment and that of its Committees;
  • (iii) the Related-Party Transactions Committee, which performs the functions assigned to it by the RPT Procedure (to which reference is hereby made).

Each committee – which operates on the basis of internal regulations that establish its rules of operation – is composed of three non-executive Directors, the majority of whom are Independent (according to the independence requirements set out by Corporate Governance Code). The Chairperson is chosen from among the Independent Directors.

Additionally, the Strategic Committee has been established within the management body. Its task is to assist the Board of Directors and the Company's delegated bodies with investigative, proposal and advisory functions in assessments and decisions relating to: (i) the development of the Company's business in terms of internal growth and support for product and technology strategies; and (ii) the performance of preparatory activities for identifying companies of interest with which to initiate corporate acquisition and/or integration processes.

The Committee is composed of five members, appointed by and selected from among the members of, the Board of Directors. The Chief Executive Officer is an ex officio member of the Committee.

Auditing is entrusted to an Auditor enrolled in the statutory auditors register, appointed by the Shareholders' Meeting upon a reasoned proposal from the Board of Statutory Auditors.

In addition to the foregoing, in compliance with the provisions of the CG Code, as well as applicable regulations, the Issuer has inter alia:

  • a) appointed three Independent Directors out of nine members of the Board of Directors;
  • b) appointed the Lead Independent Director in accordance with Recommendations 13 and 14 of the Code;
  • c) defined the guidelines of the internal control and risk management system and appointed the persons in charge of internal control;
  • d) adopted a procedure for handling inside information and maintaining the insider register, and a procedure on internal dealing;
  • e) adopted the Procedure for Related-Party Transactions pursuant to Article 4 of the Related-Party Regulation;
  • f) appointed the Investor Relator as the person in charge of managing shareholder relations;
  • g) adopted regulations for the operation of the Board of Directors and Board Committees;
  • h) adopted a Code of Ethics;
  • i) adopted an organizational, management and control model pursuant to Decree 231 and a Supervisory Body.

The Board of Directors fulfills its role in guiding the Issuer in compliance with the principles and recommendations set out by the Code with the aim of pursuing its sustainable success; this objective translates into the creation of long-term value for the benefit of shareholders, while taking into account the interests of other Issuer's stakeholders.

On this point, please refer to the Sections of the Report where the following are explained: (i) how this objective is integrated into strategies (see Paragraph 4.1 of the Report), remuneration policies (see Section 8 of the Report) and the internal control and risk management system (see Section 9 of the Report); (ii) the corporate governance measures specifically taken in this regard (see Section 6 and Section 9 of the Report, with reference to the establishment of the Control, Risk and Sustainability Committee with the task of supporting the Board in analyzing issues relevant to long-term value generation).

The Group is committed to making strategic choices that also focus on sustainability. Specifically, at the closing date of the financial statements for the year ended December 31, 2025, the Group falls within the scope of Italian Legislative Decree 125/2024 – issued pursuant to Directive 2022/2464/EU of the European Parliament and of the Council of December 14, 2022 – with regard to corporate sustainability reporting (CSRD). The Issuer publishes the integrated financial report on its website at https://www.cy4gate.com/en/, Investor Relations / Financial Statements section.

At the Report Date, due to the capitalization recorded during the 2025 fiscal year, the Issuer falls within the definition of a listed SME pursuant to Article 1, paragraph 1, letter w-quater.1), of the TUF, as amended by Article 2 of Italian Law No. 21 of March 5, 2024, and Article 2-ter of the Issuers' Regulation, as reflected in the list of SMEs published by CONSOB on its website pursuant to Article 2-ter, paragraph 2, of the Issuers' Regulation. At the Report Date, the capitalization of the Issuer is approximately EUR 176,785,710.

2. INFORMATION ON OWNERSHIP STRUCTURE (PURSUANT TO ART. 123-BIS, PARAGRAPH 1, OF THE TUF) AT THE REPORT DATE

a) Share capital structure (pursuant to Art. 123-bis, paragraph 1.a, of the TUF)

At December 31, 2025, CY4's subscribed and paid-up share capital amounted to EUR 1,441,499.94 and was represented by 23,571,428 ordinary shares with no par value.

The shares are subject to dematerialization under Articles 83-bis et seq. of the TUF. Shares are freely transferable and confer the same rights, both in equity and administrative terms, as established by law and the Bylaws, except as provided for in Article 8 of the Bylaws.

At the Report Date, the Company has not issued any other class of shares, or financial instruments convertible into or exchangeable for shares.

For more information on the share capital structure, see Table 1 in the appendix.

For the sake of completeness, it should be noted that on March 23, 2023, the Board of Directors approved a stock grant incentive plan for the 2023-2025 three-year period, aimed at the executive directors and top management of the Company (the "Plan"), which was amended at the board meeting of June 13, 2023 in order to introduce – along with financial and market targets – an annual target related to ESG issues and, in particular, to obtaining and maintaining the "Gender Equality Certification". The Plan entails, the free allocation of CY4 shares for beneficiaries upon achievement of the Targets (as defined under the Plan).

For further details, please refer to the report on remuneration policy and compensation paid, prepared in accordance with Articles 123*-ter* of the TUF and 84-quater of the Issuers' Regulation, made available to the public on the Company's website at https://www.cy4gate.com/en/, Governance Section, and in the other manners provided for by current regulations.

b) Restrictions on the transfer of securities (pursuant to Art. 123-bis, paragraph 1.b, of the TUF)

Except as detailed below, at the Report Date, there are no restrictions on the transfer of shares, including but not limited to ownership limits or the requirement to obtain approval from the Issuer or other security holders.

c) Significant shareholdings in the capital (pursuant to Art. 123-bis, paragraph 1.c, of the TUF)

At the Report Date, based on the shareholders' register and taking into account the notifications received pursuant to Article 120 of the TUF and other information available to the Company, the persons indicated in Table 1 attached hereto, to which reference should be made, owned shares in the Company equal to or greater than 5% of the share capital, and, more specifically:

  • (i) Elettronica, holder of 9,045,912 ordinary CY4 shares, corresponding to 38.38% of the Company's share capital and voting rights;
  • (ii) TEC Cyber, holder of 3,809,524 ordinary CY4 shares, corresponding to 16.16% of the Company's share capital and voting rights;
  • (iii) First SICAF S.p.A., holder of a 5.30% stake in the Company's share capital and voting rights.

d) Securities that confer special rights (pursuant to Art. 123-bis, paragraph 1.d, of the TUF)

At the Report Date, the Company has not issued securities that confer special rights of control, nor do the Bylaws provide special powers for certain shareholders or holders of particular classes of shares.

In light of its business sector, the Group is subject to the regulations outlined in Italian Decree Law No. 21 of March 15, 2012 – converted with amendments by Italian Law No. 56 of May 11, 2012, as updated and amended – aimed at regulating certain special powers of the State with respect to companies operating in sectors of strategic importance to the national interest (the "golden power" regulation). These powers primarily include the right to:

  • a) veto resolutions, actions, and transactions that resulting in changes in the ownership, control, or availability of the assets of strategic companies, or altering their purpose – create an exceptional situation not covered by national and European industry regulations, potentially causing significant harm to public interests related to the safety and functioning of networks and facilities, as well as the continuity of supply;
  • b) ensure the effectiveness of a purchase, for any reason, by an entity outside the European Union of shareholdings of such importance as to result in the stable establishment of the purchaser through the assumption of control of the company whose shareholding is being purchased, pursuant to Article 2359 of the Civil Code and the TUF, provided that such purchase poses a threat of serious harm to public interests related to the safety and operation of networks and facilities, as well as the continuity of supply, conditional on the purchaser's commitment to safeguarding these interests;
  • c) oppose the purchase referred to in b) above, if such purchase poses exceptional risks to the protection of public interests related to the safety and operation of networks and facilities, as well as the continuity of supply, which cannot be eliminated by the purchaser's commitment to safeguarding these interests.

For the sake of completeness, it should be noted that the business carried out by the Issuer and the Group is not subject to supervision by specific industry authorities, it being understood that sales of "dual use" products (related to the cyber intelligence sector) in non-EU countries – due to the nature of these products, which can potentially be used for both civilian and military applications – are subject to a specific export authorization procedure conducted by the UAMA (Unit for the Authorization of Armament Materials) office of the Italian Ministry of Foreign Affairs and International Cooperation.

e) Employee shareholding: mechanism for exercising voting rights (pursuant to Art. 123-bis, paragraph 1.e, of the TUF)

At the Report Date, the Company has not adopted a specific employee shareholding system that provides a mechanism for exercising voting rights.

With reference to the Plan, please refer to the report on the remuneration policy and compensation paid, prepared pursuant to Articles 123*-ter* of the TUF and 84*-quater* of the Issuers' Regulation, made available to the public on the Company's website at https://www.cy4gate.com/en/ and in the other manners required by current regulations.

f) Restrictions on voting rights (pursuant to Art. 123-bis, paragraph 1.f), of the TUF)

The Bylaws do not include any particular provisions that would result in restrictions on voting rights, such as limitations on voting rights to a certain percentage or number of votes, time limits imposed on the exercise of voting rights, or systems in which, with the cooperation of the Issuer, the financial rights attached to securities are separated from their ownership.

g) Shareholder agreements (pursuant to Art. 123-bis, paragraph 1.g, of the TUF)

At the Report Date, no shareholder agreements are known to the Company.

h) Change of control clauses (pursuant to Art. 123-bis, paragraph 1.h of the TUF) and statutory provisions on takeover bids (pursuant to Arts. 104, paragraph 1-ter, and 104 bis, paragraph 1, of the TUF)

At the Report Date, the Company has not entered into any significant agreements that take effect, are amended, or terminate upon a change of control of the Company or its subsidiaries, except as detailed below.

The Company has a loan agreement in place, signed on March 29, 2022, which provides for certain conditions for full mandatory early repayment in the event of – inter alia – a change of control. For more information, please refer to the Listing Prospectus available at the Issuer's website at https://www.cy4gate.com/en/, IPO Section.

The Bylaws do not provide for exceptions to the passivity rule provisions of Article 104, paragraphs 1 and 1-bis of the TUF, nor do they provide for the application of the neutralization rules set out in Article 104-bis, paragraphs 2 and 3, of the TUF.

i) Powers of attorney to increase the share capital and authorization to repurchase treasury shares (pursuant to Art. 123-bis, paragraph 1.m, of the TUF)

At December 31, 2025, there are no powers of attorney to increase the share capital pursuant to Article 2443 of the Civil Code.

Pursuant to Article 6 of the Bylaws, the share capital may also be increased by a resolution of the Shareholders' Meeting by issuing shares with rights other than those attached to ordinary shares and by contributions other than cash or by offsetting liquid and collectible Company receivables, in accordance with and to the extent permitted by law. In the resolutions to increase the share capital against contribution, pre-emptive rights may be excluded up to a maximum of 10% of the existing share capital, pursuant to and in accordance with Article 2441, fourth paragraph, second sentence, of the Civil Code. The Extraordinary Shareholders' Meeting of the Company may grant the directors, pursuant to Article 2443 of the Civil Code, the power to increase, in one or more tranches, the share capital up to a specified amount and for a maximum period of five years from the date of the resolution, also with the exclusion or limitation of pre-emptive rights.

On November 26, 2024, the Shareholders' Meeting resolved to grant the Board of Directors the authorization, pursuant to and within the limits of Articles 2357 et seq. of the Civil Code, to purchase and dispose of treasury shares, including in several tranches, leading the Company to purchase, if the purchase option is exercised in full, a number of shares not exceeding 450,000 (four hundred and fifty thousand), representing overall approximately 2% (two percent) of the Company's share capital as at the date of the Shareholders' Meeting called to approve the authorization to purchase and dispose of the treasury shares in question (i.e., the Shareholders' Meeting held on November 26, 2024), for the purpose of:

  • (i) using the shares in the portfolio (including through exchange, swap, contribution, transfer, or other disposal transaction) as part of non-recurring transactions related to the implementation of industrial and financial projects or as part of extraordinary finance transactions, consistent with the strategic guidelines that the Company intends to pursue;
  • (ii) fulfilling obligations arising from share option programs or other grants of shares to employees or members of the management or control bodies of the Company or its subsidiaries or affiliates, under existing and any future share-based incentive plans, consistent with the remuneration policies adopted by the Company;
  • (iii) increasing value for shareholders by improving the Company's financial structure and by any subsequent cancellation of treasury shares without reduction of share capital, subject to the necessary corporate compliance; and
  • (iv) carrying out transactions to support the liquidity of the Company's shares, aimed at ensuring smooth trading and preventing price fluctuations that do not align with market trends, as well as regularizing trading and price movements in the presence of temporary distortions caused by excessive volatility or low trading liquidity.

Authorization to purchase was given for the maximum duration set forth by Article 2357, paragraph 2, of the Civil Code and, therefore, for a period of eighteen months from the date of authorization by the Shareholders' Meeting.

Authorization to dispose of any treasury shares purchased was granted without time limits, in accordance with current regulations, thus allowing the Board of Directors to make use of maximum flexibility, including in terms of timing, to carry out the disposal of the shares.

At December 31, 2025, the closing date of the Year, the Company held 450,000 treasury shares; at the Report Date, the Company held 450,000 treasury shares.

l) Management and coordination activities (pursuant to Arts. 2497 et seq. of the Civil Code)

The Company is controlled, pursuant to Article 2359 of the Civil Code and Article 93 of the TUF, by Elettronica, as the latter has sufficient voting rights to exercise a dominant influence at CY4's Ordinary Shareholders' Meeting. However, the Company is not subject to management and coordination by Elettronica pursuant to Articles 2497 et seq. of the Civil Code. CY4 believes, in fact, that none of the activities typically evidencing management and coordination pursuant to Articles 2497 et seq. of the Civil Code exist, in view of, but not limited to, the following circumstances:

  • (i) CY4 and its Directors maintain complete operational autonomy and remain separate and independent centers of responsibility;

  • (ii) Elettronica does not centralize any functions, such as treasury or management, to itself;

  • (iii) CY4 has autonomous negotiating capacity in dealing with customers and suppliers;

  • (iv) CY4 operates in a condition of corporate and business autonomy from Elettronica; and

  • (v) CY4 has autonomy in defining its strategic and development lines.

The following table shows a graphical representation of the companies forming part of the Group, specifying the shareholdings held by the Issuer in each of them as at the Report Date.

It should be noted that:

  • a) the information required by Art. 123-bis, paragraph 1.i) of the TUF ("agreements between the company and the directors [...] providing for indemnities in the event of resignation or dismissal without just cause or if their employment ceases as a result of a takeover bid") is illustrated in the report on remuneration policy and compensation paid published pursuant to Article 123*-ter* of the TUF on the Company's website at (https://www.cy4gate.com/en/) and in the other manners required by current regulations;
  • b) the information required by Art. 123-bis, paragraph 1.l), first part, of the TUF ("the rules applicable to the appointment and replacement of directors [...] if different from the laws and regulations applicable by way of supplementary provisions") is explained in the Section of the Report devoted to the Board of Directors (see Section 4.2 of the Report);
  • c) the information required by Art. 123-bis, paragraph 1.l), second part, of the TUF ("the rules applicable [...] to the amendment of the bylaws, if different from the laws and regulations applicable by way of supplementary provisions") is explained in the Section of the Report devoted to the Shareholders' Meeting (see Section 13 of the Report).

3. COMPLIANCE (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.A), FIRST PART, OF THE TUF)

The Company complies with the provisions of the CG Code.

The CG Code is available to the public on the Corporate Governance Committee's website at https://www.borsaitaliana.it/comitato-corporate-governance/codice/2020.pdf.

***

Neither the Issuer nor its subsidiaries (including strategically significant subsidiaries) are subject to non-Italian legal provisions affecting their corporate governance structure.

The following are the main governance tools the Company has adopted, in compliance with the latest laws and regulations, the provisions of the Code, and national and international best practices:

  • Bylaws;
  • Organization, Management and Control Model pursuant to Decree 231 and Supervisory Body;
  • Code of Ethics;
  • Corporate internal control functions and Investor Relations Manager;
  • Regulations of the Board of Directors;
  • Regulations of the Control, Risk and Sustainability Committee;
  • Regulations of the Appointments and Remuneration Committee;
  • Regulations of the Related-Party Transactions Committee;
  • Related-Party Transactions Procedure;
  • Procedure for handling inside information and maintaining the insider register;
  • Procedure on internal dealing.

4. BOARD OF DIRECTORS

4.1 ROLE OF THE BOARD OF DIRECTORS

The Board of Directors guides the Issuer by pursuing its sustainable success, which translates into the creation of long-term value for the benefit of Shareholders, taking into account the interests of other key Stakeholders for the Company.

In this regard, the Board of Directors defines the strategies of the Issuer and the Group in accordance with the pursuit of sustainable success, monitoring their implementation, as well as the corporate governance system that is most functional for the conduct of the company's business and the pursuit of its strategies, taking into account the areas of autonomy offered by the legal system and, if necessary, evaluating and promoting appropriate changes, submitting them, when applicable, to the Shareholders' Meeting.

In addition, the Board of Directors promotes, in the most appropriate forms, dialogue with the Issuer's Shareholders and other key Stakeholders.

Pursuant to Article 19 of the Company's Bylaws, the Board of Directors is vested with the following powers:

  • a) merger resolution in the cases referred to in Articles 2505, 2505-bis, 2506-ter last paragraph of the Civil Code, as well as the resolution referred to in Article 2506.1 of the Civil Code;
  • b) the establishment and dissolution of secondary branches;
  • c) the determination of which directors are authorized to represent the Company;
  • d) the reduction of share capital in case of a shareholder's withdrawal;
  • e) the adaptation of the Bylaws to comply with regulatory provisions;
  • f) the relocation of the registered office to another municipality within Italy;
  • g) the issuance of non-convertible bonds;
  • h) the reduction of the share capital if more than one-third of it is lost and the Company has issued shares without par value;
  • i) the creation of assets allocated to a specific business under Articles 2447-bis et seq. of the Civil Code.

In addition to the above, in order to enable the concrete application of the above principles, including by established corporate practice, the Board of Directors is also vested with:

  • − the review and approval of the business plan of the Issuer and the Group, including based on the analysis of issues relevant to long-term value generation;
  • − the periodic monitoring of the business plan implementation, as well as the evaluation of the general management performance, periodically comparing the results achieved with those planned;
  • − the definition of the nature and level of risk compatible with the Issuer's strategic targets, including in its assessments all elements that may be relevant in terms of the Issuer's sustainable success;
  • − the definition of the Issuer's corporate governance system and the structure of its Group;
  • − the adequacy assessment of the organizational, management and accounting structure of the Issuer and strategically important subsidiaries, with particular reference to the internal control and risk management system (see Section 9 of the Report);
  • − the deliberation on transactions of the Issuer and its subsidiaries that are of significant strategic, economic, equity or financial importance to the Issuer, establishing general criteria for identifying significant transactions;

− the adoption, at the proposal of the Chairperson, in agreement with the Chief Executive Officer, of a procedure for the internal management and external communication of documents and information concerning the Issuer, with particular reference to inside information (see Section 5 of the Report).

The following are the main activities carried out by the Board of Directors in relation to the areas mentioned above during the Year and, in any case, up to the Report Date.

The Board of Directors has reviewed and approved the annual budget, including the analysis of issues relevant to long-term value generation. In defining the nature and level of risk that is compatible with the Issuer's strategic targets, the Group has included in its assessments the factors that may be relevant from the perspective of the Issuer's sustainable success. During the Year, the Board of Directors monitored the implementation of the annual budget on a regular basis and assessed the general management performance, based on the exhaustive and regular information received from the delegated bodies at each meeting of the Board of Directors, as well as periodically comparing the results achieved with those planned.

On March 12, 2026, the Board of Directors, also taking into account the reports by the Chairperson of the Control, Risk and Sustainability Committee, as well as the assessments made by the Chief Executive Officer, evaluated positively the adequacy of the organizational, administrative and accounting structure of the Company and its Group (including subsidiaries with strategic importance), with particular reference to the internal control and risk management system.

In addition, the Board of Directors meeting held on the same date decided that it did not need to establish in advance general criteria for identifying transactions that have significant strategic, economic, equity or financial importance for the Company and its subsidiaries, believing it preferable to make this assessment from time to time on the basis of information received from the executive directors. On March 12, 2026, the Board of Directors also deemed it unnecessary to elaborate reasoned proposals to be submitted to the Shareholders' Meeting for the definition of a different system of corporate governance, evaluating the current corporate governance system of the Issuer and the structure of its Group as already adequate and functional for these needs (see Section 13 of the Report).

Finally, it should be noted, regarding the management of dialogue with Shareholders, that the Company has adopted a procedure for the internal management and external communication of documents and information concerning the Issuer (see Sections 5 and 12 of the Report). More generally, the Company ensures the systematic dissemination to investors, the market and the media of comprehensive and timely disclosures on its activities, subject to the confidentiality requirements of certain information. Such disclosures are ensured through press releases, regular meetings with institutional investors, the financial community and the press, and extensive documentation and numerous publications made available and constantly updated on the Company's website at https://www.cy4gate.com/en/, Investor Relations Section.

For more information on the Board's additional powers regarding its composition, operation, appointment and self-assessment, remuneration policy, and internal control and risk management system, please refer to the additional paragraphs in Section 4, as well as to Sections 7, 8, and 9 of the Report, respectively.

In addition to the above, more specifically with regard to the roles and responsibilities of the management and control bodies in overseeing the procedures designed to manage significant risks, impacts and opportunities, it should be noted that the Board of Directors defines the principles, values and strategies of the Group, which are formalized, in particular, in the Group's business plan, whereas the Board Committees direct, with the role of strategic oversight, the corporate dynamics of the Company, according to the tasks set by the respective internal regulations approved by the Board of Directors.

With respect to the foregoing, the Chief Executive Officer, as a Director with executive powers, within the scope of their mandate, and also in their capacity as General Manager, is responsible – although not on the basis of specific formalized procedures – for assessing the environmental and social risks of all Group activities, reporting to the Board of Directors about their work at the earliest opportunity. All of this according to the strategic targets of the company and the actions to be taken in order to achieve those targets in line with the chosen level of risk exposure, with a view to promoting the Company's sustainable success.

On this point, it should be noted that the Group adopts responsible business conduct, with an integrated, risk assessment-based management approach. To ensure adequate oversight of sustainability issues, a Control, Risk and Sustainability Committee has been established within the Parent Board of Directors, with proposal and advisory functions to the Board of Directors on sustainability matters.

At the organizational structure level, a working group dedicated to ESG issues has also been established with the following responsibilities:

  • monitoring and management of ESG issues;
  • integration of ESG criteria into corporate processes;
  • preparation of sustainability reporting, submitted to the Control, Risk and Sustainability Committee for review and subsequently consulted and approved by the governance body.

The evolution of the context and the management performance in relation to the strategies and objectives connected to the impacts, risks, and significant opportunities, as well as the progress made in achieving them in terms of social responsibility and sustainability, are monitored periodically, at board meetings and within the meetings of the Board Committees (during which, as appropriate, the heads of the management "bodies" are invited to participate). This is done within the framework of the strategic planning processes, by regularly comparing the results achieved with those planned, and taking into account, among other things, the analyses of the assessments of rating agencies and analysts, and also considering the indicators managed within the so-called Sustainability Report – see Section 1 of the Report –, prepared by the Board of Directors and, likewise, by the Board of Statutory Auditors, which regularly participates in board meetings, in accordance with market best practices, with the role of overseeing (i) compliance with laws, regulations, and the Bylaws, (ii) proper administration, and (iii) the adequacy of the Company's organizational and accounting structures.

For the sake of completeness, it should be noted that, given the business activities conducted by the Company and the Group, and in light of the current economic climate, the main sustainability aspects monitored with regard to environmental, social, or governance issues that the Company may face, are described below.

As mentioned, the findings of the activities carried out on sustainability issues and how they were addressed during the reporting period constitute the subject of discussion at Board of Directors meetings. Specifically, at the board meeting, the administrative, management and control bodies are briefed by the Chief Executive Officer on the relevant impacts, risks, and opportunities, their implementation in accordance with due diligence, and the results and effectiveness of the policies, actions, metrics, and objectives adopted to address them, which have previously been discussed in other Board of Directors meetings.

The Company's corporate bodies and top management, each for their respective roles in implementing the business strategy, take into account impacts, risks, and opportunities, balancing their decisions according to a relationship that considers, on the one hand, the long-term strategies and objectives for the Company's sustainable success, and, on the other, continuously measuring risk situations and the resulting necessary actions to deal with them.

The Group is oriented toward preventing negative impacts and risks, favoring the generation of opportunities and positive spin-offs: this approach guides the development of technological solutions as well as the definition of organizational strategies and solutions.

The frequency with which the above information is provided varies according to its nature and relevance. Generally, the more strategic and general information is discussed at the Board of Directors level at least annually, during the approval of the sustainability report. More operational and detailed information, on the other hand, may be the subject of periodic reports or more frequent discussions at the level of specific committees, such as the Control, Risk and Sustainability Committee.

The Group is committed to maintaining a system that fosters the achievement of corporate objectives and the pursuit of ESG values and goals. It has established a solid governance structure, with a Board of Directors whose characteristics and expertise ensure competence, independence, and the ability to guide the Group's development from a sustainability perspective.

To ensure adequate oversight of sustainability issues, the Control, Risk and Sustainability Committee has been established, with proposal and advisory functions to the Board of Directors on sustainability matters. Roles and responsibilities have been defined for this Committee to acquire and analyze key information related to:

  • economic, environmental and social context;
  • economic and financial risks;
  • regulatory compliance;
  • ESG (Environmental, Social, Governance) issues.

At the organizational structure level, a working group dedicated to ESG issues has also been established with the following responsibilities:

  • monitoring and management of ESG issues;
  • integration of ESG criteria into corporate processes;
  • preparation of sustainability reporting, submitted to the Control, Risk and Sustainability Committee for review and subsequently consulted and approved by the governance body.

Furthermore, Management plays a crucial role in governance processes, controls, and procedures aimed at monitoring, managing, and overseeing impacts, risks, and opportunities. It is responsible for implementing an effective risk management system, which includes identifying, assessing, and mitigating risks, as well as monitoring performance and impacts.

Management defines a three-year commitment plan, updated annually, based on an analysis of significant impacts for the organization. This plan defines specific, measurable, achievable, relevant, and time-bound (SMART) objectives and concrete actions to address challenges and seize opportunities related to sustainability.

The Control, Risk and Sustainability Committee, composed of Independent Directors, plays a key role in this process, providing advice and support to the Board of Directors on sustainability issues, monitoring the effectiveness of the risk management system, and making recommendations for its continuous improvement.

4.2 APPOINTMENT AND REPLACEMENT (PURSUANT TO ART. 123-BIS, PARAGRAPH 1.L), FIRST PART, OF THE TUF)

Pursuant to Articles 18 et seq. of the Bylaws, the Company is governed by a Board of Directors composed of a minimum of 7 (seven) and a maximum of 9 (nine) members.

The Directors hold office for a term not exceeding three financial years and may be re-elected pursuant to Article 2383 of the Civil Code. They cease office on the date of the Shareholders' Meeting called to approve the financial statements for the last year of their term.

The Directors are appointed by the Shareholders' Meeting, in accordance with the provisions of the law and the Bylaws, on the basis of lists submitted by the Shareholders. The lists submitted and signed by the Shareholder or Shareholders submitting them (including by proxy to one of them) must be filed at the Company's registered office within the terms established by the laws and regulations in force at the time indicated in the call notice, or by remote communication, as indicated in the call notice, and made available to the public within the terms and in the manner established by the laws and regulations in force at the time.

A list for the appointment of Directors may be submitted by: (i) Shareholders holding, at the time of submission of the list, individually or jointly, a number of shares at least equal to the proportion determined by CONSOB pursuant to applicable statutory and regulatory provisions, and (ii) the Board of Directors. The ownership of the minimum proportion provided for in the previous sentence of this paragraph at point (i) shall be determined having regard to the shares that are registered in favor of the shareholder on the day on which the list is filed with the Company, it being understood that the relevant certification may also be produced after the filing, provided that it is within the deadline for the publication of the list.

Any list submitted by the Board of Directors shall (i) be filed and made public, in accordance with the procedures established by the legislation applicable from time to time to lists submitted by shareholders, no later than the thirtieth day prior to the date of the first or single call of the Shareholders' Meeting, without prejudice to the terms established by law for filing with regard to subsequent calls, and must be made available to the public in accordance with the laws in force from time to time for shareholder lists, and (ii) satisfy, mutatis mutandis, the requirements established for the submission of lists by the Shareholders.

Each Shareholder, including those belonging to the same group and those participating in a shareholders' agreement pursuant to Article 122 of the TUF, may not submit or participate in the submission, even through a third party or trust company, of more than one list, nor may they vote for different lists. Each shareholder entitled to vote may vote for only one list. Each Shareholder's vote will apply to the list and therefore to all candidates listed therein, without the possibility of changes or exclusions. Votes cast in violation of this prohibition will not be attributed to any list.

Each candidate may be on only one list, under penalty of ineligibility.

Each list:

  • ‒ shall contain no more than 9 (nine) candidates, listed according to sequential numbering;
  • ‒ shall contain and expressly indicate a minimum number of Directors, corresponding to the minimum provided for by the regulations in force at the time, who meet the independence requirements provided for by the law and by the corporate governance codes with which the company has declared to comply (the "Independence Requirements");
  • ‒ for the period of application of the legislation and regulations in force on gender balance, shall also include candidates belonging to both genders, at least in the minimum proportion required by the legislation including regulations in force, as specified in the call notice of the Shareholders' Meeting, where there are a number of candidates equal to or greater than 3 (three);
  • ‒ shall contain as attachments the documentation required by the Bylaws, as well as any additional or different statements, disclosures and/or documents required by applicable law and regulations.
  • A) If two or more lists have been submitted, the submitted lists shall be voted on and the Board of Directors shall be formed according to the following provisions:
    • a) from the list that has obtained the highest number of votes cast (the "Majority List") a number of directors equal to the total number of members to be elected shall be drawn, according to the sequential order of presentation, with the exception of any directors to be drawn from other lists pursuant to points b) and c) below;
    • b) from the list that has obtained the second highest number of votes cast (provided that such number of votes corresponds to at least half of the percentage of share capital required for the submission of a list) (the "Second List") the following are taken: (i) 2 (two) directors, according to the order indicated in said list, if the number of votes obtained by said list is at least equal to 10% (ten percent) of the share capital or (ii) 1 (one) director, according to the order indicated in said list, if the number of votes obtained by said list is less than 10% (ten percent) of the share capital;
    • c) from the list that obtained the third highest number of votes cast (provided that such number of votes corresponds to at least half of the percentage of share capital required for the submission of a list), and provided that such list is not connected even indirectly with the shareholders who submitted the Majority List and/or the Second List (the "Third List"), 1 (one) director shall be drawn in the person of the candidate indicated with the first number on said list;
    • d) it is understood that (i) in the absence of the Second List and/or the Third List and/or (ii) in the event that one and/or both of these lists have not obtained a percentage of votes at least equal to half of that required for its submission, the remaining directors to be elected shall be drawn from among the candidates in the Majority List according to the order indicated therein.

In the event that the Majority List does not include a sufficient number of candidates to ensure the attainment of the number of directors to be elected, it being understood that all the candidates listed therein will be taken from the Majority List, in the sequential order indicated in said list, pursuant to letter a) above, and that – where the requirements are met: (i) one or two directors (as per letter b) above) will be taken from the Second List, and (ii) one director will be taken from the Third List (as per letter c) above), the remaining directors will be appointed by resolution of the Shareholders' Meeting, based on nominations proposed by Shareholders within the terms and procedures established by the applicable regulations for submitting resolutions on matters already on the agenda. This appointment process will depend on whether eligible parties can intervene and exercise their voting rights directly at the Shareholders' Meeting or exclusively through the designated representative. The appointment will be in compliance with the legal requirement to maintain the minimum number of Independent Directors and in adherence to the applicable laws and regulations on gender balance.

In the event of a tie between lists, the Shareholders' Meeting will conduct a new vote, focusing only on the tied lists, with the list receiving the highest number of votes in this round will prevail.

In addition:

  • in the event that a sufficient number of Directors meeting the Independence Requirements established by the applicable law and regulations is not elected, the candidate who does not meet these requirements and is elected last in numerical order from the list with the highest number of votes will be excluded. This candidate will be replaced by the next candidate from the same list who meets the Independence Requirements. This procedure, if necessary, will be repeated until the number of independent directors to be elected is achieved;
  • furthermore, where the candidates elected as specified above do not ensure that the composition of the Board of Directors comply with the law and regulations in force from time to time, regarding gender balance, the candidate of the most represented gender, elected last in numerical order from the list with the highest number of votes, will be replaced by the first candidate of the least represented gender, who has not been elected, from the same list, according to the numerical order. This replacement procedure will take place until the composition of the board of directors complies with the regulations on gender balance;
  • if, finally, the above procedure does not ensure the election of a sufficient number of Directors meeting the Independence Requirements and/or the composition of the Board of Directors in compliance with the regulations regarding gender balance, the replacement will occur through a resolution passed by the Shareholders' Meeting by relative majority. This will be based on nominations of individuals meeting the Independence Requirements and/or, where applicable, from the less represented gender, proposed by the shareholders within the terms and in the manner set forth by the regulations governing the submission of proposals for resolutions on matters already on the agenda. This will depend on whether the eligible individuals can intervene and exercise voting rights directly at the Shareholders' Meeting or exclusively through the designated representative.
  • B) If only one list has been submitted, the entire Board of Directors shall be drawn from it, in compliance with the provisions of the law and regulations in force, as well as with the provisions on gender balance set forth above, and the provisions of the law and the Bylaws regarding the appointment of independent directors.

C) If no list has been submitted, or if the number of Directors elected based on the submitted lists is less than the number of members to be elected, or if the entire Board of Directors is not to be renewed, or if for any reason it is not possible to proceed with the appointment of the Board of Directors as described above, the members of the Board of Directors shall be appointed by the Shareholders' Meeting with ordinary majorities, without the application of the list voting mechanism, based on nominations proposed by the shareholders within the terms and in the manner provided by the regulations in force for the submission of proposals for resolutions on matters already on the agenda, depending on whether the intervention and exercise of voting rights by the eligible parties can take place directly at the Shareholders' Meeting or exclusively through the designated representative, without prejudice to the minimum number of directors meeting the Independence Requirements and compliance with the gender balance provisions mentioned above.

The Board of Directors, at the first meeting following its appointment, elects a Chairperson from among its members, if the Shareholders' Meeting has not already done so. The Board of Directors may elect a Vice-Chairperson, who replaces the Chairperson in cases of absence or impediment.

Should one or more directors leave office during the fiscal year for any reason:

  • (i) the Board of Directors shall replace them by co-opting the first non-elected candidate (if available) from the same list to which the outgoing director belonged;
  • (ii) if it is not possible to integrate the board of directors pursuant to point (i) above, the Board of Directors shall co-opt replacements by means of majorities by law.

In any case, the Board of Directors and the Shareholders' Meeting will respectively co-opt and make the above appointments in such a way as to ensure (i) the minimum total number of Independent Directors required by the regulations in force, and (ii) compliance with the regulations pertaining to gender balance.

The Issuer is not subject to additional rules regarding the composition of the Board of Directors.

For information on the role of the Board of Directors and Board Committees in the directors self-assessment, appointment, and succession processes, see Section 7 of the Report.

4.3 COMPOSITION (PURSUANT TO ART. 123-BIS, PARAGRAPHS 2.D) AND 2.D-BIS) OF THE TUF)

The Company is managed by a Board of Directors composed of an odd number of members ranging from a minimum of 7 to a maximum of 9 members, as provided for by Article 25 of the Bylaws.

First and last name Position
Domitilla Benigni Chairwoman of the Board of Directors
Emanuele Galtieri Chief Executive Officer(*)
Roberto Ferraresi Director
Enrico Peruzzi Director
Alberto Luigi SangiovanniVincentelli Director
Paolo Izzo Director

On April 27, 2023, the Shareholders' Meeting set the number of members of the management body at 9 (nine), which was composed as follows:

Alessandra Bucci Independent Director(**)
Cinzia Parolini Independent Director(**)
Maria Giovanna Calloni Independent Director(**)

(*) Director with operating powers.

(**) Independent director pursuant to Article 148, par. 3 of the TUF, as referred to in Article 147-ter, par. 4 of the TUF, and Article 2 of the CG Code.

In this regard, it should be noted that the Directors Domitilla Benigni, Emanuele Galtieri, Enrico Peruzzi, Alberto Luigi Sangiovanni Vincentelli, Paolo Izzo, Alessandra Bucci, and Cinzia Parolini were taken from the majority list presented by the Shareholder Elettronica, while Roberto Ferraresi and Maria Giovanna Calloni were taken from the minority list presented by the Shareholder TEC Cyber.

Subsequently, on July 26, 2023, having acknowledged the resignation – with immediate effect, and due to unexpected work commitments – of Director Enrico Peruzzi, and the waiver of the "non-elected" candidates belonging to Mr. Peruzzi's list, the Board of Directors, after a favorable opinion from the Appointments and Remuneration Committee, resolved to appoint by co-optation Alessandro Chimenton as a new non-independent and non-executive member of the management body. At the same board meeting, the management body, supported by the preliminary activity of the Appointments and Remuneration Committee, ascertained that Mr. Chimenton meets the professionalism and integrity requirements and complies with the criteria of competence, fairness and dedication of time set out by the regulations in force.

In accordance with Article 2386 of the Civil Code, the Shareholders' Meeting called to approve the financial statements for the year ended December 31, 2023 confirmed the appointment of Alessandro Chimenton.

At its meeting on May 12, 2025, the Board of Directors assessed the independence of its Directors pursuant to and in accordance with Article 148, paragraph 3 of the TUF (as referred to in Article 147-ter, paragraph 4, of the TUF) and Article 2 of the CG Code, verifying the presence of an adequate number of Non-Executive and Independent Directors in order to comply with the recommendations of the Corporate Governance Code. Specifically, the Board of Directors deemed that Directors Alessandra Bucci, Cinzia Parolini and Maria Giovanna Calloni met the above independence requirements.

On June 9, 2025, the Board of Directors acknowledged the resignation of Alberto Luigi Sangiovanni Vincitelli from his position as a Director. Furthermore, it is noted that, at the same Board meeting, Benigni resigned from his position as Chairperson of the Board of Directors.

In light of the above, the Board of Directors resolved to co-opt Enrico Peruzzi as new member of the Board of Directors, appointing him Executive Chairman of the Company.

First and lastname Position Date of birth Seniority in
office (§)
Executive Chairman of the April 29, 1967 1 year
Enrico Peruzzi Board of Directors (*)
Emanuele Galtieri Chief Executive Officer (*) October 23, 1974 4 years
Roberto Ferraresi Director July 3, 1975 3 years
Alessandro Chimenton Director December 7, 1961 2 years
Domitilla Benigni Director April 4, 1969 5 years

Therefore, as at the Report Date, the Board of Directors was composed as follows:

Paolo Izzo Director June 15, 1973 3 years
Alessandra Bucci Independent Director (**) July 30, 1966 2 years
Cinzia Parolini Independent Director (**) January 27, 1959 3 years
Maria Giovanna Calloni Independent Director (**) December 26, 1964 2 years

(*) Director with operating powers.

(**) Independent director pursuant to Article 148, par. 3 of the TUF, as referred to in Article 147-ter, par. 4 of the TUF, and Article 2 of the CG Code.

(§) Reference is made to the date of first appointment.

The Company's Board of Directors is composed of executive and non-executive directors, all of whom have professionalism and capabilities appropriate to the tasks entrusted to them. The number and expertise of the non-executive directors are such as to ensure that they have significant weight in taking board resolutions and to guarantee effective monitoring of management; a significant part, 3 out of 9 non-executive directors, is independent.

The Board of Directors remains in office for a period of three fiscal years, and, therefore, until the approval of the financial statements at December 31, 2025.

A summary of the main professional capabilities and characteristics of individual Board of Directors members is hereby provided.

Enrico Peruzzi

A top executive with thirty years of proven experience, he has held key roles in the Aerospace & Defense sector, where he worked in structured national and international environments and held positions in cross-functional and strategic roles of increasing complexity, bringing valuable expertise aimed at consolidating overall efficiency, growth, and competitiveness in markets, with particular reference to the Defense sector.

Emanuele Galtieri

He is Chief Executive Officer and General Manager of CY4, where he previously served as "deputy CEO" and general manager. He worked at Elettronica from 2008 to 2020, where he held various roles with increasing responsibility in foreign markets business, he was Corporate HR Head as well as Head of communications and corporate digital transformation. A former Carabinieri officer engaged in various operational assignments, he attended the Nunziatella Military School and the Modena Military Academy, earning a law degree from the University of Rome, a degree in political science from the University of Trieste and an MBA from the Luiss Business School in Rome.

Domitilla Benigni

An electronics engineer with extensive experience in strategic planning and business development, she is CEO and COO of Elettronica, an international leader in the electronic defense sector.

She is a founding member of the Women4cyber Foundation and Chairwoman of Capitolo italiano.

She is a member of the Scientific Technical Committee of the National Cybersecurity Agency and the Scientific Technical Committee of the Center for Aerospace Military Studies (CESMA).

LinkedIn Top Voices (Aerospace & Defense).

Roberto Ferraresi

A graduate in economics from Luigi Bocconi University in Milan, he started his career with UBS in London in 1998. From 2004 to 2018, he had a long run at PAI Partners where he completed major leveraged buy-out operations. Since 2018, he has been founder and Chief Executive Officer of The Equity Club S.r.l., a club deal initiative promoted together with Mediobanca that has involved more than 90 families of entrepreneurs in Italy and has to date completed 6 significant investment transactions.

Paolo Izzo

He has a solid academic background, with a Bachelor's degree in Political Science from the University of Turin, a Master's degree in Business Administration from the University of Modena and Reggio Emilia, and a Master's degree in Business Administration (MBA) from the Graduate School of Business at the University of Strathclyde, in Glasgow, UK. He joined Elettronica in 2007, bringing with him considerable military and managerial experience. Previously, in fact, he served as a Military Officer holding command positions. Throughout his career, he stood out for his ability to create and manage successful global business relationships and develop effective business strategies. At the Report Date, he is a special attorney for Elettronica.

Alessandro Chimenton

Graduated in Business Administration, at Arthur Andersen & Co. s.a.s. since 1986 and since 1990 at Arthur Andersen MBA s.r.l. - Management & Business Advisors, he has held numerous positions with companies in the manufacturing and financial sectors (banking, leases, factoring). He has held the position of executive since 1991, working mainly in Corporate Finance and Financial Industry. He has gained significant professional experience through professional services provided in the following areas: appraisals, valuations of companies and Corporate Groups, valuations of trademarks and intangible assets, business disposals and acquisitions, due diligence, arbitrations, budget analysis, preparation of strategic plans and business plans, feasibility studies, industrial projects/business integrations, and management reporting. Partner since 1999 of Enterprise Partners & Co. S.r.l. and since 2014 of C&P ADVISORY, both management consulting companies, operating in the above-mentioned services. He is a Certified Public Accountant and Statutory Auditor.

Cinzia Parolini

Graduated in Business Administration from the Luigi Bocconi University in Milan, she has been a lecturer and head of Business Administration teaching since the beginning of her university career, first at Bocconi University and later at the Faculty of Economics of the University of Modena and Reggio Emilia. Since the early 1990s, she has taught Strategy and Business Planning. Since 2023, she has been the Chairwoman of the Joint Faculty-Student Committee of the Department of Economics at Unimore, and for the same Department, she was Director of the Master's Degree program in "Business Management and Consulting" and a member of the planning committee for the Master's Degree program in "Data Analysis for Economics and Management". She has made numerous publications.

Alessandra Bucci

A senior executive with over 30 years of management experience in marketing, sales, and operations, beginning in consumer goods (Unilever), then in the pharmaceutical sector (Bristol Myers Squibb), and developing primarily in services, telecommunications (TIM), and transportation (Trenitalia).

She has gained corporate governance experience as an Independent Director on Boards of Directors and Chairwoman of board committees (Appointments and Remuneration, and Sustainability) of listed and state-owned companies: Unieuro, ATAC, Unidata, Ferrovie dello Stato. She serves as a strategic consultant for large- and medium-sized enterprises, serving as Chairwoman and Partner of Join Group, a business advisory benefit corporation.

She is an adjunct lecturer of International Marketing at La Sapienza University of Rome.

Maria Giovanna Calloni

She graduated summa cum laude in Business Administration from Luigi Bocconi University in Milan in 1987. From 1987 to 1990, she worked as an analyst at Memorex Telex with assignments in Milan, London, and New York. In 1992, she earned a Master of Business Administration with honors from the Leonard Stern School of Business, New York University, and was hired as an associate at the investment bank Merrill Lynch in the New York office. From 1992 to 2002, she held positions of increasing responsibility within the investment banking team, and subsequently as a director of equity capital markets. Since returning to Italy, she has been involved in investment activities with holdings in unlisted companies focusing on the renewable energy, fintech, and technology sectors. She also conducts business consulting related to capital market and M&A processes for portfolio companies. She currently also sits on the Boards of Directors of Industrie De Nora (DNR:MI) and EuroGroup Laminations (EGLA:MI).

Given the above, it is further specified that the members of the Strategic Committee (i.e., as at the Report Date, Domitilla Benigni (Chairwoman), Roberto Ferraresi, Enrico Peruzzi, Paolo Izzo, and Emanuele Galtieri (ex officio member in his capacity as Chief Executive Officer of the Company) possess experience and expertise in the Company's business sector appropriate to the duties they are called upon to perform, the assessment of which is delegated to the Board of Directors at the time of the appointment.

For further information on the Strategic Committee, see Section 6, paragraph on Additional Committees (other than those required by law or recommended by the Code).

In addition to the above, the members of the Board of Directors regularly participate in initiatives aimed at updating their knowledge regarding the business sector in which the Group operates, the drivers for the development of the products and services offered (including the relevant profiles related to compliance with current ESG regulations), and the money laundering and terrorist financing risks, considering, among other things, the geographical areas of reference.

The gender composition of the Parent's Board of Directors is shown in the following table:

Board of Directors of CY4GATE
Members of the Board of Directors No. %
Female Directors 4 44%
Male Directors 5 56%

Gender composition of the

The age composition of the Parent's Board of Directors is shown in the following table:

Members of the Board of Directors No. %
Directors under 30 years old 0 0%
Directors between 30 and 50 years old 2 22%
Directors > 50 years old 7 78%

Age composition of the Board of Directors of CY4GATE

The characteristics, professional experience, and educational backgrounds of the Board of Directors ensure their competence, independence, and ability to guide the Group's development from a sustainability perspective. The members of the Board of Directors have the following expertise relevant to the sectors, products, and geographical areas in which the Group operates:

AREA NO. OF MEMBERS
A) Strategic planning 9
B) Risk management 6
C) Innovation and technology 7
C) Digital IT and cybersecurity 4
E) Finance and business management 9
F) Environmental sustainability 4
G) Social sustainability 5
H) Human Resource management 1
I) Legal 1

More information on the composition of the Board of Directors can be found in Table 2 in the Appendix.

The Report also contains, as an appendix, a list of all offices held by the Directors in other companies at the Report Date, according to the criteria set forth therein.

Diversity criteria and policies relating to board composition and corporate organization

The provisions requiring the allocation of the members of the Board of Directors to be elected based on a criterion ensuring gender balance, in accordance with applicable legal provisions, have been included in the Issuer's Bylaws. In this regard, it should be noted that although Article 147-ter, paragraph 1-ter of the TUF, as amended by Italian Law No. 160 of December 27, 2019, specifies that the provisions on gender balance shall apply as of the first renewal of the Board of Directors following the listing, providing that the less represented gender obtains at least one-fifth of the total number of directors elected on the occasion of the first renewal and at least two-fifths in the next five consecutive terms (in any case rounded up), the composition of the Issuer's Board of Directors, on a voluntary basis, already complies with said requirements for renewals after the first one.

In addition, it is worth noting how the issue of gender diversity also was integrated within the managerial choices that characterized CY4's corporate dynamics during the Year.

In particular, it is reiterated how, as part of the identification of the Plan Targets, the Company defined an annual target related to ESG issues and, in particular, to obtaining and maintaining "Gender Equality Certification" (see Section 2 of the Report).

The composition of the Company's management body reflects an adequate degree of diversification. In fact, the Issuer pays great attention to governance issues; specifically, at the Report Date, 44.44% of the Board of Directors members is female, and, more generally, the Board members have a heterogeneous portfolio of experience, as evidenced in more detail in the summary of their respective resumes. Likewise, the age brackets and seniority of office of the members – please refer to the Table on the Composition of the Board of Directors at the Report Date in Section 4.3 above – are appropriately differentiated.

In 2025, CY4GATE renewed its Gender Equality Management System certification (PdR 125), and its largest Subsidiary, RCS EMT Sicurezza S.p.a., obtained this certification.

Maximum number of positions held in other companies

It should be noted that, Recommendation No. 15 of the Code – intended only for "large companies" – which requires the board of directors to express "its orientation on the maximum number of positions on the boards of directors or boards of statutory auditors in other listed or large companies that can be considered compatible with effective performance as a director of the company, taking into account the commitment resulting from the position held", does not apply to the Company.

In any case, the Board of Directors believes that the number and quality of positions held by its members in other companies does not interfere and is, therefore, compatible with the effective performance of their duties as directors of the Issuer.

4.4 OPERATION OF THE BOARD OF DIRECTORS (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF)

The Board of Directors plays a central role in the guidance and management of the Issuer: pursuant to Article 19 of the Bylaws, the management of the company is exclusively entrusted to the management body, which carries out all operations necessary to achieve the corporate purpose, in compliance with the law and the Bylaws.

In order to define the rules and procedures for its operation, the Board of Directors has adopted its own regulations (for the purposes of this section, the "Regulations").

The Regulations are concerned with – among other things – the management of disclosure to Directors, the manner of taking minutes of meetings, and the manner of protecting the confidentiality of the data and information provided, so as not to affect the timeliness and completeness of information flows.

Specifically, the Regulations stipulate, among other things:

  • the call notice shall be sent to each director by e-mail, telefax or other means deemed appropriate at least 5 (five) days before the date set for the meeting, or, in case of urgency, at least 1 (one) day before the meeting, and must contain the date, time, list of items on the agenda and the place of the meeting;
  • it is possible for meetings of the Board of Directors to be held by audio or video conference provided that all participants can be identified and are allowed to follow the discussion and intervene in real time in the discussion of the topics addressed;
  • the documentation supporting the decisions to be taken, containing any proposals for resolutions and suitable information to support the work of the Board of Directors, shall be made available to the directors at least 5 (five) days before the date set for the meeting, except in cases of urgency, in which the documentation shall be made available to the members of the Board of Directors at the latest at the same time as the call notice; where this is not possible, the Chairperson (or their deputy), with the assistance of the Secretary of the meeting, may see to it that appropriate and timely details are provided during the board meetings. The documentation is made available by sending via e-mail;
  • minutes are taken at each meeting, and are signed by the Chairperson and the Secretary;
  • once approved, the minutes are transcribed in the company book, are stored by the relevant corporate departments, and can be consulted, if requested, by each Director, as well as by other entitled parties in accordance with the regulatory provisions applicable from time to time;

• the meetings are confidential. Disclosure of news pertaining to the meetings (except for legitimate reasons related to the performance of the position) is prohibited, and minutes and resolutions are considered confidential documents. Minutes, resolutions, mails and documents belonging to directors are subject to confidentiality obligations and, if not collected by the directors at the end of the meeting, they must be collected and stored by the secretary. Unauthorized individuals are prohibited from accessing the Board of Directors documents.

The Board of Directors shall be convened by the Executive Chairperson as often as he/she deems necessary, or as requested by at least two of its members. The power to convene the Board of Directors meeting is also vested, in accordance with Article 151 of the TUF, in the Board of Statutory Auditors or even individually in each standing auditor.

The Board of Directors is duly constituted by a majority of the Directors in office and resolves with the majorities established by the Bylaws: (a) with the favorable vote of the majority of the Directors present; and (b) with the favorable vote of the absolute majority of the Directors in office in the event of the establishment of assets allocated to a specific business.

For the sake of completeness, it should be noted that, pursuant to Article 24, paragraphs 4 and 5 of the Bylaws, the approval of board resolutions concerning any actions involving the disposal, whether permanent or temporary, of patented and non-patented industrial property rights (including know-how, programs, software, databases, data, and industrial and commercial information, whether or not subject to confidentiality regime) related to the technologies used by the Company in its ordinary course of business shall require, in any event, the favorable vote of all directors appointed from the Majority List. Additionally, if the Second List is submitted by shareholders collectively holding at least 35% (thirty-five percent) of the share capital, the favorable vote of all directors appointed from said Second List shall also be required.

In the event that 2 (two) directors are drawn from the Second List, the favorable vote of at least 1 (one) director drawn from the Second List shall be required in any case for the approval of board resolutions pertaining to:

  • a) the approval of merger and demerger projects, except for those referred to in Articles 2505 and 2505-bis of the Civil Code;
  • b) the acquisition of property and/or equity investment worth more than EUR 10,000,000.00;
  • c) taking on financial debt of more than EUR 20.000.000,00.

The Board of Directors performs the aforementioned tasks, as well as the additional tasks attributed to it as per the CG Code, availing itself – where applicable – of the support of the committees established within it.

During the Year, the Directors have ensured the effective performance of their duties, devoting the time necessary for the most efficient functioning of the management body; this is attested, considering the significant number of Board meetings held during the Year, by the high percentage of Directors attendance.

During the Year, the Board of Directors met 8 times. At the Report Date, 3 meetings of the management body have been held, including the one at which the Report was approved.

The average duration of the meetings of the Board of Directors during the Year, as a whole, was approximately 2 hours and 15 minutes. Meetings took place both in presence and via audio-video conference link.

Please refer to Table 2 in the appendix of the Report for more details on this matter.

4.5 ROLE OF THE EXECUTIVE CHAIRPERSON OF THE BOARD OF DIRECTORS

On June 9, 2025, the Board of Directors resolved, among other things, to appoint Enrico Peruzzi as Executive Chairperson of the Board of Directors, granting him powers and responsibilities in the following areas: (i) Supervision of Operations and Strategic Direction of the Company, (ii) Relations with Institutions and Administrations, (iii) Management of the Company.

In addition, during the Year, the Executive Chairperson, in addition to guaranteeing the effective functioning of the Board's work, ensured:

  • (i) the suitability of the pre-board disclosure, as well as of the additional information provided during board meetings, to enable directors to act in an informed manner in the performance of their role, ensuring that each item on the agenda was given the necessary time to examine it, along with every issue that was the subject of board meetings, encouraging constructive and wide-ranging debate, contributions, and discussion by all directors;
  • (ii) the coordination of the activity of the Board Committees with the activity of the Board, serving as a link between their work and that of the management body;
  • (iii) in agreement with the Chief Executive Officer, the attendance at board meetings also at the request of individual Directors – of the executives of the Company and the Group companies responsible for the relevant corporate departments according to the subject matter, in order to provide the appropriate insights into the items on the agenda. During the Year, persons external to the Board were sometimes invited to take part in Board meetings, in particular Issuer executives, heads of competent corporate functions, depending on the items on the agenda, in order to ensure that all Directors and Statutory Auditors had the opportunity to discuss the topics in depth;
  • (iv) the participation of the members of the management and control bodies, subsequent to their appointment and during their term of office, in initiatives aimed at providing them with adequate knowledge of the business sectors in which the Issuer operates, of corporate dynamics, and their development, also with a view to the sustainable success of the Issuer, as well as of the sound risk management principles and of the relevant regulatory and self-regulatory framework.

The Executive Chairperson of the Board of Directors is not the Controlling Shareholder of the Issuer.

For more information regarding the responsibilities and capabilities of the administrative, management and control bodies on sustainability issues or access to such responsibilities and capabilities, as well as how the administrative, management and control bodies determine whether appropriate skills and capabilities are available or will be developed to monitor sustainability issues, see Section 4.3 of the Report.

With regard to (i) the Board's self-assessment process and (ii) the dialogue that took place with Shareholders, please refer to Section 7 and Section 12 of the Report, respectively.

Board Secretary

For the organization of its activities, the Board of Directors is supported by a Secretary.

The Secretary, appointed at each Board meeting upon the proposal of the Chairperson, may also be chosen from outside the members of the Board of Directors, among individuals of proven professionalism.

The Secretary supports the work of the Chairperson and provides impartial assistance and advice to the Board of Directors on any matter relevant to the proper functioning of the corporate governance system. They also assist the Chairperson in preparing the minutes of each meeting and signs them together with the Chairperson.

During the Year, the Secretary supported the activities of the Chairperson of the Board (particularly in relation to the aspects indicated in Section 4.5 "Role of the Executive Chairperson of the Board of Directors" above) and provided impartial assistance and advice to the Board on any aspect relevant to the proper functioning of the corporate governance system.

4.6 OTHER EXECUTIVE DIRECTORS

Chief Executive Officer

The Board of Directors consists of executive and non-executive Directors.

Pursuant to the Bylaws, the Board of Directors may delegate part of its powers to one or more of its members, determining their powers and remuneration.

On May 2, 2023, the Board of Directors appointed Emanuele Galtieri as Chief Executive Officer, and on November 13, 2025, the Board of Directors granted him powers and responsibilities in the following areas: (i) Relations with Institutions and Administrations, (ii) Management of the Company.

The Chief Executive Officer, who is entrusted with defining projects and objectives for the growth of the Company and the Group, in accordance with the relevant general, programmatic and strategic guidelines, reports to the Board of Directors (and the Board of Statutory Auditors), at the first useful meeting, on the activities carried out within the scope of their assigned powers and proxies.

For more information regarding the roles and responsibilities of the administrative, management and control bodies in overseeing procedures to manage relevant risks, impacts and opportunities, as well as how the administrative, management and control bodies are informed about sustainability issues and how these issues were addressed during the reporting period, see Section 4.1 of the Report.

Executive Committee (pursuant to Art. 123-bis, paragraph 2.d) of the TUF)

Pursuant to the Bylaws, the Board of Directors may provide for the establishment of an executive committee of which the Chairperson, as well as all executive directors, will be members ex officio. The rules for the convening, constitution and operation of the executive committee are the same as for the Board of Directors, and resolutions are passed by a majority of votes of those present and voting.

At the Report Date, no executive committee has been appointed.

Disclosures to the Board by Directors/delegated bodies

At the first useful meeting, the executive directors report to the Board on the activities carried out in the exercise of the powers delegated to them and in particular on atypical, unusual or related-party transactions, as well as on those of major economic, financial and equity significance, carried out by the Company or its subsidiaries.

There are no other directors on the Board of Directors who should be classified as executive directors because: (i) they hold management positions within the Issuer; (ii) they serve as the chairperson of a strategically significant subsidiary of the Issuer with delegated powers related to management or corporate strategy development; or (iii) they hold the role of chief executive officer or other executive positions in a strategically significant subsidiary of the Issuer or in its parent, where such roles also pertain to the Issuer.

4.7 INDEPENDENT DIRECTORS AND LEAD INDEPENDENT DIRECTOR

Independent Directors

At the Report Date, out of 9 (nine) members of the Board of Directors, 3 (three) qualify as independent under the TUF and the CG Code: Alessandra Bucci, Cinzia Parolini and Maria Giovanna Calloni.

At its meeting on March 12, 2025, the Board of Directors assessed the independence of its Directors pursuant to and for the purposes of Article 148, par. 3 of the TUF (as referred to in Article 147-ter, par. 4 of the TUF) and Article 2 of the Corporate Governance Code, and also taking into account the quantitative and qualitative criteria for the assessment of the significance of the relationships between the directors (and statutory auditors) on the one hand, and the Company and/or the Group, on the other, pursuant to Recommendation 7 of the CG Code set forth in the document entitled "Criteri applicativi per la valutazione dell'indipendenza ai sensi del Codice di Corporate Governance" (Application criteria for assessing independence pursuant to the corporate governance code) (referred to below) approved, subject to the favorable opinion of the Appointments and Remuneration Committee, by the Board of Directors on March 8, 2024, verifying the presence of an adequate number of nonexecutive and independent Directors in order to comply with the recommendations of the CG Code.

In particular, in accordance with the provisions of the "Application criteria for assessing independence pursuant to the corporate governance code" adopted by the Company – which also apply, with appropriate distinctions, to the assessment of the independence of the members of the Board of Statutory Auditors (which is the latter's responsibility) – the assessment of independence of the members of the Board of Directors is carried out bearing in mind that the circumstances that compromise, or appear to compromise, the independence of a Director are usually as follows:

  • a) if they are a significant shareholder of the Company, where "significant shareholder" is defined as a person who, directly or indirectly (through subsidiaries, trustees or intermediaries), controls the Company or is able to exercise significant influence over it or who participates, directly or indirectly, in a shareholders' agreement through which one or more persons exercise control or significant influence over the Company;

  • b) if they are, or have been in the previous three fiscal years, an Executive Director or an employee:

    • − of the Company, a company controlled by it, or a company under common control; or
    • − of a significant shareholder of the Company (according to the definition of "significant shareholder" in subsection a) above);

  • c) if, directly or indirectly (e.g., through subsidiaries or companies of which they are an executive director, or as a partner in a professional or consulting firm), they have, or have had in the previous three fiscal years, a business, financial, or professional relationship:

    • (i) with the Company or its subsidiaries, or its executive directors or top management. For the purposes of the foregoing, top management is defined as senior executives who are not members of the Company's Board of Directors and have the power and responsibility for planning, managing and controlling the activities of the Company and its Group;

  • (ii) with a person who, including together with others through a shareholders' agreement, controls the Company or, if the controlling party is a company or entity, with its executive directors or top management;

  • d) if they receive, or have received in the previous three fiscal years, from the Company, one of its subsidiaries, or the parent company, any remuneration in addition to the fixed remuneration approved by the Company's bodies for the Company office or for participating in the board committees;

  • e) if they have been a Director of the Company for more than nine fiscal years, including non-consecutive, in the last twelve fiscal years;

  • f) if they hold the position of Executive Director in another company in which an Executive Director of the Company holds a directorship;

  • (g) if they are a partner or director of a company or entity belonging to the network of the company entrusted with the statutory audit of the Company;

  • (h) if they are a close family member of a person who is in one of the situations mentioned in the previous points. For the purposes of the foregoing, "close family members" means spouse not legally separated, relatives and relatives-in-law within the fourth degree (for Executive Directors and/or significant shareholders) and within the second degree for others and domestic partners.

It should be noted that, on March 14, 2025, the Board of Statutory Auditors – as part of the duties attributed to it by law – verified the proper application of the aforementioned criteria and assessment procedures adopted by the Board of Directors for evaluating the independence of the Directors in office at the Report Date.

The number of CY4's Independent Directors and their skills are adequate for the needs of the business and the operation of the Board of Directors, as well as for the purposes of establishing the relevant Committees.

At the Report Date, with the assistance of the Appointments and Remuneration Committee, the Board of Directors has assessed the existence of the independence requirements, provided for by current regulations, of each of the non-executive directors, who have provided all the elements necessary or useful for the Board's assessments.

Directors' independence requirements are in any case subject to evaluation by the Board of Directors during the course of their term of office upon the occurrence of circumstances relevant to independence and, in any case, at least every three years. In this context, the Board of Statutory Auditors verifies the proper application of the assessment criteria and procedures adopted by the Board to evaluate the independence of its members.

Lead Independent Director

Following the appointment of Enrico Peruzzi as Executive Chairperson of the Company, it became necessary, pursuant to Recommendation 13, letter a, of the Code, to appoint a Lead Independent Director ("LID"). This role will serve as the point of reference and coordination for the requests and contributions of the non-executive and independent Directors, coordinating their meetings.

In this regard, the Board of Directors, with a resolution dated July 31, 2025, appointed Maria Giovanna Calloni as LID.

5. CORPORATE INFORMATION MANAGEMENT

Procedure for handling Inside Information and maintaining the Insider Register

On May 18, 2023, the Board of Directors adopted a procedure for the management and processing of inside information and the external disclosure of documents and information, as well as for keeping and updating the register of persons with access to inside information.

For more information, please refer to the procedure, available on the Company's website at https://www.cy4gate.com/en/, Governance/Documents Section.

6. BOARD COMMITTEES (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.D) OF THE TUF)

On May 18, 2023, in order to ensure the effective performance of its functions in line with the provisions of Article 3, Recommendation 16 of the Code, the Board of Directors resolved to establish the following board committees: (i) the Control, Risk and Sustainability Committee; (ii) the Appointments and Remuneration Committee; and (iii) the Related-Party Transactions Committee (see Section 10 of the Report).

The Control, Risk and Sustainability Committee consists of 3 members, 2 of whom (including the Chairperson) are non-executive and independent, namely:

  • Cinzia Parolini (Chairwoman);
  • Alessandra Bucci;
  • Roberto Ferraresi.

Within the scope of its responsibilities, the Control, Risk and Sustainability Committee:

  • a) assesses, after consultation with the Financial Reporting Officer, the auditors and the Board of Statutory Auditors, the correct use of accounting standards and, in the case of groups, their uniformity for the purposes of preparing the consolidated financial statements;
  • b) assesses the suitability of periodic and financial information to fairly represent the Company's business model, strategies, the impact of its activities, and the performance achieved;
  • c) expresses opinions on specific aspects inherent in the identification of major business risks and supports the Board of Directors' assessments and decisions relating to the management of risks arising from prejudicial facts of which it has become aware;
  • d) examines periodic reports and reports of special significance prepared by Internal Audit;
  • e) monitors the autonomy, adequacy, effectiveness and efficiency of Internal Audit;
  • f) may task Internal Audit to conduct audits of specific operational areas, simultaneously notifying the Chairperson of the Board of Statutory Auditors;
  • g) reports to the Board of Directors, at least half-yearly, when the annual and interim financial reports are approved, on its activities as well as on the adequacy of the internal control and risk management system;
  • h) performs such additional duties as may be assigned by the Board of Directors.

In addition, as the body responsible for sustainability, the Committee:

  • a) performs support and advisory functions to the Board of Directors on sustainability matters, meaning the processes, initiatives and activities aimed at ensuring the Company's commitment to sustainable development along the value chain;
  • b) examines the content of periodic non-financial information relevant to the internal control and risk management system;
  • c) examines and evaluates the sustainability policies adopted by the Company, aimed at ensuring the creation of value over time for the generality of shareholders and all other stakeholders relevant to it over a medium- to long-term horizon in compliance with the principles of sustainable development, as well as the sustainability guidelines, objectives, and consequent sustainability processes, and the sustainability reporting submitted annually to the Board of Directors, including, in particular, the Sustainability Report.

The main activities carried out by the Control, Risk and Sustainability Committee during the Year and up to the Report Date are summarized below:

  • analysis and evaluation regarding ESG issues with a view to promoting the sustainable success of the Company;
  • meetings with the Supervisory Body and Internal Audit as part of the information flows between the corporate areas involved in the Company's internal control and risk management system;
  • meetings with the Company's Financial Reporting Officer and CFO, and the auditors dealing with issues related to the annual and interim financial statements of the Company and the Group;
  • assessment of risk profiles related to corporate operations;
  • examination and evaluation of the impairment testing;
  • assessment of the organizational structure, the suitability of periodic and financial information to fairly represent the Company's business model, strategies, the impact of its activities and the performance achieved.

The Appointments and Remuneration Committee consists of 3 members, 2 of whom (including the Chairperson) are non-executive and independent, namely:

  • Alessandra Bucci (Chairwoman);
  • Maria Giovanna Calloni;
  • Paolo Izzo.

In its function as the Appointments Committee, the Committee assists the Board of Directors in:

  • (a) the periodic self-assessment of the Board of Directors and its committees, overseeing the process and providing the background for any assignment to an outside consultant;

  • (b) the definition of the optimal composition of the Board of Directors and its committees;

  • (c) the identification of director candidates in cases of co-option;

  • (d) in view of the renewal of the Board of Directors, the potential submission of a list by the outgoing management body to be carried out in a manner that ensures its transparent formation and presentation;

  • (e) the preparation, updating and implementation of succession plans for the Chief Executive Officer, other executive directors, if the Board of Directors has considered adopting such plans;

  • (f) making proposals or expressing opinions in relation to resource development policy.

In its function as the Remuneration Committee, the Committee is responsible for:

  • (a) developing a proposed remuneration policy for approval from the Board of Directors;
  • (b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors holding special offices as well as on the setting of performance targets related to the variable component of such remuneration;
  • (c) monitoring the actual implementation of the remuneration policy with particular reference to the achievement of performance targets;
  • (d) periodically assessing the adequacy and overall consistency of the policy for the remuneration of directors and top management, where appropriate making proposals to the Board of Directors on the matter;
  • (e) expressing an opinion on particular and specific matters in the field of economic treatment for which the Board of Directors has requested an assessment.

The main activities carried out by the Appointments and Remuneration Committee during the Year and up to the Report Date are summarized below:

  • analysis of performance targets related to the variable component of the Company General Manager's remuneration;
  • analysis of performance targets related to the variable component of the remuneration of the Company's sales managers;
  • examination of the directors' independence criteria;
  • examination of the corporate organizational chart and organizational structure of the Issuer and the Group.

The Related-Party Transactions Committee is composed of 3 non-executive and independent members, namely:

  • Maria Giovanna Calloni (Chairwoman);
  • Cinzia Parolini;
  • Alessandra Bucci.

This Committee performs the functions assigned to it as per the RPT Procedure. In particular, the Committee:

  • (a) is called upon to express a non-binding reasoned opinion on the Issuer's interest in the completion of the Transactions of Lesser Significance (as defined within the RPT Procedure), as well as on the appropriateness and substantive fairness of their terms;
  • (b) shall be involved in the negotiation and preliminary phase in the case of Transactions of Greater Significance (as defined within the RPT Procedure) and, thereafter, it is called upon to express a binding reasoned opinion on the Company's interest in the completion of the transaction, as well as on the appropriateness and substantive fairness of the terms.

The main activities carried out by the Related-Party Transactions Committee during the Year and up to the Report Date are summarized below:

  • analyzing the mapping of the Company's related parties;
  • analyzing related-party transactions;
  • analyzing the safeguards adopted by the Company in relation to transactions with related parties.

The Board has determined the composition of the Committees by giving priority to the expertise and experience of their members.

Each Committee reports periodically to the Board of Directors on its activities.

In relation to each Committee, the Board of Directors has adopted regulations that define its rules of operation, including how to take minutes of meetings (at the care of the meeting secretary) and procedures for handling disclosure to the directors who are members of the committees.

During the Year, meetings were generally held after all members of the Committees had been sent, approximately 5 days before the date of the meeting, documentation supporting the discussion of the items on the agenda.

Additional committees (other than those required by regulation or recommended by the Code)

On May 18, 2023, the Board of Directors established the Strategic Committee from among its members, with the task of assisting the Board of Directors and the Company's delegated bodies with appraisal, proposal and advisory functions in the evaluations and decisions of the Board of Directors, in accordance with the specific powers attributed to it, it being understood that the evaluation regarding the approval of any transactions proposed by the Committee is exclusively entrusted to the Board of Directors.

Specifically, the Committee supports the Board of Directors in carrying out tasks related to:

  • (i) the expansion of the Company's business in terms of internal lines growth and support for product and technology strategies;
  • (ii) the performance of activities aimed at identifying potential companies of interest for initiating corporate acquisition and/or integration processes, including research and scouting for M&A opportunities.

The Strategic Committee is composed of the following Directors, as per the Board of Directors' resolution of June 9, 2025: Domitilla Benigni (Chairwoman), Roberto Ferraresi, Paolo Izzo and Emanuele Galtieri (member ex officio as the Company's Chief Executive Officer).

The main activities carried out by the Strategic Committee during the Year and up to the Report Date are summarized below:

  • analyses of medium- to long-term strategies related to the Cybersecurity segment and evaluation of potential growth operations by external lines;
  • analyses and evaluation regarding corporate operations;
  • analyses and evaluations of issues related to the development of the Issuer's and Group's business.

7. SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS – APPOINTMENTS COMMITTEE

7.1 SELF-ASSESSMENT AND SUCCESSION OF DIRECTORS

The Board of Directors regularly evaluates the effectiveness of its activities and the contribution made by its individual members, through formalized procedures whose implementation it oversees.

In particular, at least every three years – in preparation for renewal – the Board conducts a self-assessment involving itself and its Committees, taking into account, among other things, the role played by the management body in setting strategies and monitoring management performance, and the adequacy of the internal control and risk management system.

The relevant procedure – which falls under the remit of the Appointments and Remuneration Committee – is carried out in accordance with the principles and recommendations set forth in the CG Code, as well as with market best practices.

In implementation of the above, during the Year, the management body has carried out the evaluation of the Board and its Committees, in terms of operation, size, composition, and remuneration.

The Board Evaluation process was conducted by the Appointments and Remuneration Committee, acting as the Appointments Committee.

The Board of Directors decided to engage the support of the independent advisor Crisci & Partners to conduct its self-assessment. This is a firm recognized for its experience in governance practices and possesses the necessary requirements of competence, independence, objectivity, and neutrality.

The process, launched in February 2026, consisted of two phases: a preliminary questionnaire, completed anonymously by all directors on an online platform with the required security and confidentiality measures; and subsequent individual interviews with the Directors, aimed at further exploring and contextualizing the assessments expressed in the questionnaires, integrating them with the initial findings from the survey.

The results of the self-assessment – positive overall – were shared and reviewed by the Board of Directors at its meeting on March 12, 2026. Based on the process's findings and the disclosure provided by the Appointments and Remuneration Committee, the Board deemed the functioning, size, composition, and remuneration of the management body and its Committees to be adequate, taking into account the professional, managerial, and gender skills, as well as the seniority of office of its members.

In view of the new term of office, the Board of Directors also formulated specific recommendations aimed at strengthening the articulation of responsibilities, defining the priorities of the Board's agenda and its related scheduling, and identifying areas for improvement in processes and information flows, with the aim of further consolidating the already solid guidance and monitoring ability of the Board of Directors and its Committees.

Although not required – pursuant to Art. 4, Recommendation 23 of the Corporate Governance Code – given the size and ownership structure of the Company and the Group, the Board of Directors deemed it appropriate to include in the self-assessment process also the preparation of a Guidance Opinion for Shareholders, drafted by the same independent advisor, aimed at providing guidance regarding the optimal quantitative and qualitative composition of the Board.

In addition, Article 4, Recommendation 24 of the CG Code, in recommending the establishment of a succession plan for the chief executive officer and executive directors, and the establishment of appropriate procedures for the succession of top management, addresses "large companies", a category in which the Issuer is not included. Therefore, the Company – not falling under that definition – has decided not to have a succession plan for the Chief Executive Officer and the executive directors.

7.2 APPOINTMENTS COMMITTEE

Composition and operation of the Appointments Committee (pursuant to Art. 123-bis, paragraph 2.d) of the TUF)

On May 18, 2023, the Board of Directors established the Appointments and Remuneration Committee, composed of 3 members, 2 of whom (including the Chairperson) are non-executive and independent, namely:

  • Alessandra Bucci (Chairwoman);
  • Maria Giovanna Calloni;
  • Paolo Izzo.

The Committee meets as convened and coordinated by its Chairwoman, Alessandra Bucci. Meetings are duly minuted and the Chairwoman informs the Board of Directors and the Board of Statutory Auditors at the first subsequent meeting.

During the Year, the Appointments and Remuneration Committee acting as the Appointments Committee met 7 times, with the participation of the Board of Statutory Auditors in addition to its members.

During the Year, at the invitation of Bucci as Chairwoman, directors and representatives of corporate departments who are not members of the Committee attended meetings of the Appointments Committee.

The average duration of the Appointments Committee meetings was one hour and thirty minutes.

For the current year, the Appointments Committee has scheduled at least 4 meetings, which have already been held at the Report Date.

For more information on this, please refer to Table 3 in the appendix of the Report.

Functions of the Appointments Committee

The Appointments Committee performs functions, of a proposal and advisory nature and, in particular, assists the Board of Directors in:

  • (a) the periodic self-assessment of the Board of Directors and its committees, overseeing the process and providing the background for any assignment to an outside consultant;

  • (b) the definition of the optimal composition of the Board of Directors and its committees;

  • (c) the identification of director candidates in cases of co-option;

  • (d) in view of the renewal of the Board of Directors, the potential submission of a list by the outgoing management body to be carried out in a manner that ensures its transparent formation and presentation;

  • (e) the preparation, updating and implementation of succession plans for the Chief Executive Officer, other executive directors, if the Board of Directors has considered adopting such plans;

  • (f) making proposals or expressing opinions in relation to resource development policy.

Please refer to Section 6 of the Report for the main activities carried out by the Appointments Committee during the Year.

The Appointments Committee, in carrying out its functions, has had the opportunity to access corporate information and functions necessary for the performance of its duties, as well as to have financial resources and make use of external consultants, under the terms established by the Board of Directors.

8. REMUNERATION OF DIRECTORS – REMUNERATION COMMITTEE 8.1 REMUNERATION OF DIRECTORS

Information relating to this Section of the Report is contained in the report on the remuneration policy and compensation paid, to which reference is made, prepared pursuant to Articles 123-ter of the TUF and 84-quater of the Issuers' Regulation, as well as, in accordance with the recommendations of Article 5 of the Code, being made available to the public on the Company's website (https://www.cy4gate.com/en/) and in the other manner provided for by current regulations.

8.2 REMUNERATION COMMITTEE

Except as noted below, for information regarding this Section, please refer to the relevant parts of the report on the remuneration policy and compensation paid published pursuant to Article 123-ter of the TUF.

Composition and operation of the Remuneration Committee (pursuant to Art. 123-bis, paragraph 2.d) of the TUF)

On May 18, 2023, the Board of Directors established the Appointments and Remuneration Committee, composed of 3 members, 2 of whom (including the Chairperson) are nonexecutive and independent, namely:

  • Alessandra Bucci (Chairwoman);
  • Maria Giovanna Calloni;
  • Paolo Izzo.

All members of the Appointments and Remuneration Committee have knowledge and experience in financial or remuneration policies, as deemed appropriate by the Board of Directors at the time of appointment.

In accordance with Recommendation 26, directors shall abstain from attending meetings of the Appointments and Remuneration Committee at which proposals on their own remuneration are made to the Board of Directors.

The Committee meets as convened and coordinated by its Chairwoman, Alessandra Bucci. Meetings are duly minuted and the Chairwoman informs the Board of Directors and the Board of Statutory Auditors at the first subsequent meeting.

During the Year, the Appointments and Remuneration Committee acting as the Remuneration Committee met 7 times, with the attendance of the Board of Statutory Auditors in addition to its members.

The average duration of Remuneration Committee meetings was one hour and thirty minutes.

For the current year, the Appointments Committee has scheduled 4 meetings, which have already been held at the Report Date.

For more information on this, please refer to Table 3 in the appendix of the Report.

Functions of the Remuneration Committee

The Remuneration Committee performs functions, of a proposal and advisory nature, providing, among other things, support to the Board of Directors in the development of the remuneration policy for directors and key executives and in the periodic evaluation regarding the adequacy, overall consistency and concrete application of the policy adopted.

Specifically, as indicated above, the Remuneration Committee is entrusted with the following tasks:

  • (a) developing a proposed remuneration policy for approval from the Board of Directors;
  • (b) submitting proposals or expressing opinions on the remuneration of executive directors and other directors holding special offices as well as on the setting of performance targets related to the variable component of such remuneration;
  • (c) monitoring the actual implementation of the remuneration policy with particular reference to the achievement of performance targets;
  • (d) periodically assessing the adequacy and overall consistency of the policy for the remuneration of directors and top management, where appropriate making proposals to the Board of Directors on the matter;
  • (e) expressing an opinion on particular and specific matters in the field of economic treatment for which the Board of Directors has requested an assessment.

Please refer to Section 6 of the Report for the main activities carried out by the Remuneration Committee during the Year.

In carrying out its functions, the Remuneration Committee has had the opportunity to access corporate information and functions necessary for the performance of its duties, as well as to have access to financial resources and make use of external consultants, under the terms established by the Board of Directors.

9. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM – CONTROL AND RISK COMMITTEE

The Board of Directors has defined the guidelines of the internal control and risk management system – consisting of the set of rules, procedures and organizational structures aimed at the effective and efficient identification, measurement, management, and monitoring of the main risks, in order to contribute to the Issuer's sustainable success – in accordance with the Issuer's strategies.

The Company's internal control and risk management system is designed to contribute to the conduct of the business consistent with the targets set by the Board of Directors, by identifying, managing, and monitoring the main risks within the Company. This system is inspired by national and international models and best practices, such as the Code.

Responsibility for the adoption of an adequate internal control and risk management system lies with the Board of Directors, which, with the help of the Control, Risk and Sustainability Committee, carries out the tasks assigned to it as per the Code, including:

  • (a) defining the guidelines of the internal control and risk management system, so that the main risks pertaining to the Company and its subsidiaries – including the various risks that may be relevant from a long-term sustainability perspective – are correctly identified, as well as adequately measured, managed and monitored, also determining the degree of compatibility of these risks with a management of the company consistent with the identified strategic targets;
  • (b) evaluating, at least annually the adequacy of the internal control and risk management system with respect to the company characteristics and the risk profile, as well as its effectiveness, barring unforeseen events during the course of the company's life that may require extraordinary in-depth investigations aimed at verifying the effectiveness of controls in relation to particular situations;
  • (c) approving, at least annually, the work plan prepared by the Head of Internal Audit, after consultation with the Board of Statutory Auditors and the Chief Executive Officer;
  • (d) describing, in the Report on Corporate Governance, the main features of the internal control and risk management system, including the mechanisms for coordinating the parties involved, providing an assessment of its adequacy.

The other structures/actors involved in the Issuer's ICRMS are:

  • (i) the Chief Executive Officer, in charge of establishing and maintaining the ICRMS, who oversees the design and functionality of the ICRMS;
  • (ii) the Control, Risk and Sustainability Committee, with the task of supporting the Board's assessments and decisions related to the internal control and risk management system and the approval of periodic financial and non-financial reports;
  • (iii) the Board of Statutory Auditors, which is responsible for supervising compliance with the law and the articles of incorporation, compliance with the principles of sound administration, the adequacy of the organizational structure, the financial and nonfinancial reporting process, and the effectiveness of the ICRMS;
  • (iv) the Head of Internal Audit who is responsible for verifying that the ICRMS is functioning, adequate and consistent with the guidelines set by the Board of Directors;
  • (v) the Supervisory Body, which has the task of supervising the operation of and compliance with the 231 Model, as well as ensuring that it is updated;
  • (vi) the Financial Reporting Officer, who plays a proactive role in the continuous implementation and evolutionary maintenance of the existing internal control risk management system in relation to the financial reporting process, periodically checking the status of its activities and the results of testing activities;
  • (vii) the auditors that carry out the auditing of the separate and consolidated financial statements;
  • (viii) corporate departments tasked with identifying, assessing, managing and monitoring risks specific to their areas of responsibility, as well as corporate control departments responsible for ensuring the proper implementation of a structured process of risk analysis and management (i.e., the Coordination and Consultation Body for the Prevention of Corruption and the Whistleblowing Committee, also operating in the anti-corruption and anti-bribery field).

Main characteristics of the existing risk management and internal control system in relation to the financial reporting process (pursuant to Art. 123-bis, paragraph 2.b) of the TUF)

Foreword

The Group's system of internal control and risk management over financial reporting, defined as the set of activities aimed at identifying and assessing actions and events whose occurrence or absence could compromise - partially or totally - the achievement of the objectives of reliability, accuracy, trustworthiness and timeliness of financial disclosure, is designed to ensure that the administrative-accounting procedures adopted and their application are adequate to ensure the achievement of these objectives, in accordance with the reference Accounting standards.

The system of internal control and risk management on financial reporting has been defined in accordance with commonly accepted frameworks and best practices, and is subject to constant monitoring, as well as periodic evaluation and review to ensure the proper design, operation, and application of the relevant safeguards and controls.

It is the responsibility of the Control, Risk and Sustainability Committee to assist the Board of Directors in defining the guidelines for the internal control and risk management system, in line with the Group's strategies, so that the main risks run to the Company and its subsidiaries are correctly identified, adequately measured, managed and monitored, by determining the criteria for compatibility between the risks thus identified and a sound and proper management of the Group, consistently with the identified strategic targets, in order to contribute to the Group's sustainable success.

Characteristics of the Group's internal control and risk management system

The Group's internal control and risk management system has been gradually updated over the years to incorporate the Group's organizational and structural development, as well as to align with best practices and the applicable regulatory framework. It is structured in line with the Group's organizational, operational and governance configuration, taking into account the specific regulatory framework of the sector, as well as in compliance with the standards required for the multinational entity listed on Euronext Milan, STAR segment.

The main elements that identify and characterize the Group's control environment are:

  • the ethical values expressed in the Organization, Management and Control Model prepared pursuant to Italian Legislative Decree 231/2001 as amended, on which the Supervisory Body exercises independent powers of initiative and control;
  • the adoption and dissemination of the Code of Ethics, which defines the core principles of the Organizational Model, through a system of rules of conduct aimed at preventing the commission of offenses under Italian Legislative Decree No. 231/2001;
  • the Management's focus on internal controls aimed at mitigating risks that may hinder the achievement of set objectives.

Below are the phases of the Group's internal control and risk management system, as well as the roles and functions involved.

The Group's organizational structure contributes to the effectiveness of the internal control environment, also through a system of responsibilities outlined, inter alia, by the Group's Functional Organization Chart, and governed by internal procedures that explain the organizational model and define the main subjects involved in the organizational structure, as well as the assignment of the main subjects to different functions.

On March 12, 2025, the Board of Directors of CY4GATE S.p.A. appointed Arianna Ciccolella as the Group's Financial Reporting Officer, pursuant to Article 154-bis of the TUF, effective from the first day of listing on Euronext Milan – STAR Segment.

Ms. Ciccolella, for the execution of her activities as Financial Reporting Officer, relies on an operational structure directly reporting to her for the analysis and monitoring of business processes, in compliance with the administrative and accounting procedures of the Group, aimed at overseeing the preparation of the annual financial statements, the consolidated financial statements, and any other financial communication. During the year 2025, the transition to SAP4Hana was completed for the Parent and RCS S.p.A., which will allow for the strengthening of the controls.

The characteristics of the system adopted are described below, with particular reference to (a) the steps of the risk management and internal control system in relation to the financial reporting process, and (b) the roles and functions involved, and the coordination methods of the parties involved therein, all in accordance with the relevant regulations.

Steps of the existing Risk Management and Internal Control System in relation to the financial reporting process

  • Identification of financial reporting risks: this step focuses on establishing the criteria for defining the scope of companies and processes relevant to the 2025 financial reporting and related control system, in terms of the potential impact on the financial reporting of risks arising from any deficiencies or weaknesses in the management and control system. These risks encompass both unintentional errors and fraud, both of which could materially affect financial reporting.
  • Risk assessment of financial reporting: this step outlines the Group's administrative and accounting risk assessment process, which seeks to identify and evaluate the primary risks that could influence financial reporting. Risks are first identified based on the relevant business processes and then further broken down according to the activities of the companies within the scope and then assessed at the level of "inherent risk" ("control-free") and divided by (i) impact ("magnitude") and (ii) probability. Based on the risk identification and assessment, the components of the internal control system with respect to financial reporting are analyzed through:
    • a) a macro analysis, at the business process level;
    • b) a more granular analysis, which, starting from the business process dimension, maps risks at the level of significant financial statement items for financial reporting purposes, as well as at the level of the financial reporting itself.
  • Identification of controls against identified risks: a detailed Risk Management system is in place within the Group (with quarterly review and reporting) for the identification, description, measurement, definition of probability of occurrence, assessment of impacts and recovery actions of the main risks deemed applicable.

Based on the risk assessment, specific control activities are identified to mitigate risks, grouped into the following clusters:

  • controls applicable across the entire Group, covering the control perimeter ("Entity Level Controls");
  • controls specific to individual business processes ("Process Level Controls");
  • controls related to IT systems, aimed at ensuring their proper operation and security of information and data ("IT General Controls") for which the Chief Information Security Officer is responsible.

These controls, whatever the cluster, are then categorized as "key" and "non-key" controls, based on the magnitude and probability of occurrence of the risks they are intended to prevent or mitigate.

• Evaluation of controls against the identified risks: once these risks have been defined and evaluated for the above two dimensions, they are linked to the Group management and control system to ensure that all risks are appropriately mitigated by controls – either preemptive or detective – to ensure that financial reporting remains free of material impacts arising from the risks, which are prevented or identified in a timely manner and monitored consistently. Where necessary, controls are modified/expanded from time to time to ensure comprehensive and continuous coverage of risks that could significantly impact financial reporting. The process for evaluating controls, both in design and operational effectiveness, is conducted periodically. In order to verify and ensure the operation of the internal control system on financial reporting, periodic monitoring is carried out by the process owners, the Financial Reporting Officer, corporate bodies, and third parties (Internal Audit, Protiviti). The Financial Reporting Officer periodically provides the Group's Control, Risk and Sustainability Committee and Supervisory Body with information related to economic and financial reporting as well as administrative and accounting processes and the related control activities carried out, and offers support to these bodies, including through the relevant operating structure, in their activities regarding administrative controls over the preparation of corporate accounting documents. Indeed, it is the responsibility of the Control, Risk and Sustainability Committee to periodically assess – at least annually – the adequacy of the internal control and risk management system with respect to the characteristics of the Company and the risk profile, as well as its effectiveness.

Any deficiencies or weaknesses in the design or operation of controls are reported to process owners and the Financial Reporting Officer, and followed up with a remediation plan that is monitored along with the periodic review described above.

In addition, as required by Article 154-bis, paragraph 5 of the TUF, the Financial Reporting Officer, along with the Chief Executive Officer, provides the explanatory report and related certification required by the role.

Roles and functions involved:

  • the Board of Directors: is entrusted to guide and evaluate the adequacy of the management and control system and includes within it the Chief Financial Officer (CFO) who is responsible for establishing and maintaining the internal control and risk management system. The Group CFO, Arianna Ciccolella, is also the Financial Reporting Officer;

  • the Control, Risk and Sustainability Committee: assists the Board of Directors, with investigative, proposal, and advisory functions, in the latter's evaluations and decisions related to the internal control and risk management system, as well as in matters concerning the Company's sustainability issues;

  • the Head of Internal Audit (outsourced by the Group to the company Protiviti) is responsible for verifying that the internal control and risk management system is functioning and adequate for reporting purposes;

  • the Board of Statutory Auditors supervises in the interest of third parties compliance with the law, the bylaws, and the principles of sound administration;

  • the Financial Reporting Officer, established into the corporate organization in accordance with Article 154-bis of the TUF, is responsible for the preparation of accounting and corporate documents, appointed by the Board of Directors, in consultation with the Chief Executive Officer and, as mentioned above, is responsible for designing, implementing, and approving the accounting and administrative management and control model, as well as evaluating its application, issuing a report and certification to financial and sustainability reporting.]

At the Board meeting held on March 12, 2026, the Board of Directors – after receiving a favorable opinion from the Control, Risk and Sustainability Committee – assessed positively the adequacy of the internal control and risk management system in relation to the characteristics of the company and its risk profile, as well as its effectiveness, in accordance with Recommendation 33, letter a) of the CG Code. This assessment was conducted on the basis of the information and evidence gathered with the support of the preliminary activity carried out by the Control, Risk and Sustainability Committee, and with the input of the Company's management and the Head of Internal Audit.

During the Year, the Board of Directors, including in the context of the ICRMS evaluation carried out with the help of the Control, Risk and Sustainability Committee, did not identify or highlight any situations that would require changes in expertise and resources or the adoption of specific measures to ensure the effectiveness and impartiality of the aforementioned corporate functions involved in controls.

9.1 CHIEF EXECUTIVE OFFICER

On May 2, 2023, the Board of Directors appointed Emanuele Galtieri as Chief Executive Officer and, therefore, pursuant to the Code, he was designated as the person in charge of establishing and maintaining the internal control and risk management system.

The Chief Executive Officer, during the Year:

  • (i) identified the main business risks, taking into account the characteristics of the activities carried out by the Issuer and its subsidiaries, and submitted them periodically to the Board of Directors for review;
  • (ii) implemented the guidelines set by the Board of Directors, taking care of the design, implementation, and management of the ICRMS and constantly checking its adequacy and effectiveness, as well as taking care of its adaptation to operating conditions and the legislative and regulatory landscape;
  • (iii) entrusted Internal Audit with conducting audits of specific operational areas and compliance with internal rules and procedures in the execution of corporate transactions, simultaneously notifying the Chairperson of the Control, Risk and Sustainability Committee and the Chairperson of the Board of Statutory Auditors;
  • (iv) reported promptly to the Control, Risk and Sustainability Committee on problems and critical issues that had arisen in the course of his work or of which he had otherwise become aware, so that said Committee could take appropriate action.

9.2 CONTROL, RISK AND SUSTAINABILITY COMMITTEE

Composition and operation of the Control, Risk and Sustainability Committee (pursuant to Art. 123-bis, paragraph 2.d) of the TUF)

On May 18, 2023, the Board of Directors established the Control, Risk and Sustainability Committee, composed of 3 people, 2 of whom (including the Chairperson) are non-executive and independent, namely:

  • Cinzia Parolini (Chairwoman);
  • Alessandra Bucci;
  • Roberto Ferraresi.

All members have expertise in the sector in which the Issuer operates, which is functional in assessing the risks to which the Issuer is exposed. Specifically, all members of the Committee have adequate knowledge and experience in accounting and finance and/or risk management, as assessed by the Board of Directors at the time of appointment.

The Control, Risk and Sustainability Committee meets when convened and coordinated by its Chairwoman, Cinzia Parolini. Meetings are duly minuted and the Chairperson of the Control, Risk and Sustainability Committee informs the Board of Directors and the Board of Statutory Auditors at the first useful meeting.

During the Year, the Control, Risk and Sustainability Committee met 11 times, with the participation of the Board of Statutory Auditors in addition to its members.

During the Year, at the invitation of Cinzia Parolini as Chairwoman, directors and representatives of corporate functions who are not members of the Committee attended meetings of the Control, Risk and Sustainability Committee.

The average duration of the Control, Risk and Sustainability Committee meetings was one hour and forty-five minutes.

For the current year, the Control, Risk and Sustainability Committee has scheduled 3 meetings, which have already been held at the Report Date.

For more information on this, please refer to Table 3 in the appendix of the Report.

Functions assigned to the Control, Risk and Sustainability Committee

The Control, Risk and Sustainability Committee provides support to the Board of Directors in evaluating and making decisions regarding the internal control and risk management system, as well as in decisions related to the approval of periodic financial reports.

Specifically, the Committee supports the Board of Directors in carrying out tasks related to the following matters:

  • (i) defining the guidelines of the internal control and risk management system, consistent with the Company's strategies and so that the main risks pertaining to the Company and its subsidiaries are correctly identified, adequately measured, managed and monitored, determining the compatibility criteria between the risks thus identified and a sound and proper management of the Company consistent with the identified strategic objectives, in order to contribute to the sustainable success of the Company;

  • (ii) periodically assessing, at least annually, the adequacy of the internal control and risk management system with respect to the Company's characteristics and risk profile, as well as its effectiveness;

  • (iii) appointing and dismissing the Head of Internal Audit, defining the relative remuneration in line with company policies, and assessing the adequacy of the resources available to them, as well as verifying, if the Internal Audit is entrusted, as a whole or for specific audit activities, to a person external to the Company, that the same person meets professional, independence, and organizational requirements;

  • (iv) approving at least annually the work plan prepared by the Head of Internal Audit, after consultation with the Board of Statutory Auditors and the Chief Executive Officer;

  • (v) assessing whether measures should be taken to ensure the effectiveness and impartial judgment of other corporate departments that may be involved in the controls indicated in Recommendation 32, letter e) of the Corporate Governance Code, verifying that they have adequate professionalism and resources;

  • (vi) assigning to the Board of Statutory Auditors or a specially constituted body the supervisory functions under Article 6, paragraph 1.b) of Italian Legislative Decree No. 231/2001;

  • (vii) evaluating, in consultation with the Board of Statutory Auditors, the results set forth by the auditors in any letter of suggestions and in the additional report addressed to the Board of Statutory Auditors;

  • (viii) describing in the corporate governance report, the main features of the internal control and risk management system and the coordination methods between the parties involved, indicating the national and international reference models and best practices, its overall assessment of the system adequacy, and an explanation of the choices made regarding the composition of the supervisory body referred to in point (vi) above.

Please refer to Section 6 of the Report for the main activities carried out by the Control, Risk and Sustainability Committee during the Year.

In carrying out its functions, the Control, Risk and Sustainability Committee has had the opportunity to corporate access information and departments necessary for the performance of its duties, as well as to have access to financial resources and make use of external consultants, under the terms established by the Board of Directors.

9.3 HEAD OF INTERNAL AUDIT

Also in support of the Issuer's internal control and risk management system, in accordance with the provisions contained in the Code, on June 23, 2023, the Company's Board of Directors entrusted Internal Audit – in charge of verifying that the internal control and risk management system is functioning, adequate, and consistent with the guidelines defined by the Board – in full outsourcing mode to the company Protiviti in the person of Cristina Peano (Managing Director and Head of Services in the Audit and Compliance unit of Protiviti Italia). The mandate was then renewed, after the favorable opinion of the Control, Risk and Sustainability Committee, at the board meeting on May 14, 2024.

It should be noted that Peano is not responsible for any operational area of the Issuer, reports to the Board of Directors, and has direct access to all information relevant to the performance of her duties.

The Control, Risk and Sustainability Committee has positively evaluated this mandate, finding it to be in line with market practices and applicable regulations, as well as consistent with the needs of the Company.

The Board of Directors ensured that Cristina Peano met the professionalism, independence, and organizational requirements, and defined her remuneration in line with company policies, as well as ensuring that she was provided with adequate resources to carry out her duties.

The Board of Directors, after the positive opinion of the Control, Risk and Sustainability Committee, approved the Plan, finding it to be in line with Company needs.

The Head of Internal Audit*,* from the date of appointment and up to the Report Date has:

  • developed the Audit Plan following a structured process of analysis and prioritization of the main risks for the Company's structure – which was then submitted for approval to the Board of Directors, in consultation with the Control, Risk and Sustainability Committee;
  • initiated the execution of internal audit measures, reporting the results to the Board of Directors, in consultation with the Control, Risk and Sustainability Committee;
  • monitored the corrective measures agreed upon in the audit, in order to verify the overcoming of the critical issues found;
  • periodically updated the Chief Executive Officer and the CRSC Chairperson on the progress of her activities;
  • reported periodically on the progress of activities to the Control, Risk and Sustainability Committee;
  • met with the Supervisory Body and the Board of Statutory Auditors.

9.4 ORGANIZATIONAL MODEL PURSUANT TO ITALIAN LEGISLATIVE DECREE 231/2001

By resolution of the Board of Directors dated September 22, 2021, the Issuer adopted the 231 Model, later amended on September 13, 2023 and updated on July 31, 2025, which is the Italian reference legislation on corporate criminal liability.

The Issuer's 231 Model was drafted with the aim of preventing the offences set out in Decree 231, also taking into consideration the principles expressed in the guidelines for the drafting of Organizational Models issued by Confindustria and other relevant trade associations. The 231 Model consists of a general part and a special part. The general part explains the contents of Decree 231, the purposes of the 231 Model and its governance rules, how the Supervisory Body is established and functions, as well as the penalties system and staff training. The special part describes, for each business activity assessed as "sensitive" under Decree 231, the relevant types of offences, the principles of conduct to be observed and the control protocols adopted by the Company to prevent the possible occurrence of any of the offenses referred to in Decree 231 (including, but not limited to, offences against the Public Administration, corporate offences, tax offences and organized crime offenses).

The general part of the 231 Model is published on the Company's website at https://www.cy4gate.com/en/, Governance/Documents Section.

Control over the implementation of the 231 Model has been entrusted to a speciallyestablished Supervisory Body, appointed pursuant to Article 6 of Decree 231 by the Board of Directors on September 22, 2021, with the task of supervising its effectiveness and efficacy and proposing updates or amendments to it in order to align with the corporate structure and regulatory changes, including through periodic verification of areas at risk of offences. The Supervisory Body is also in charge of monitoring compliance with, the proper functioning of, and the enforcement of the 231 Model, and is the recipient of any requests for information and reports of violations of the 231 Model.

In this regard, the Issuer is committed, particularly within its area of responsibility, to countering any form of corruption; this offence, moreover, is included among the "predicate offenses" falling within the scope of Italian Legislative Decree 231/2001, which governs the administrative liability of companies, and in accordance with it the Issuer has adopted its own 231 Model. Regarding the management of relationships with suppliers, contractual clauses are included requiring compliance with the provisions of the Code of Ethics and the Organizational Model adopted by the Company.

At the Report Date, the Supervisory Body is composed of Asa Peronace (Chairperson), Stefano Fiorini (member of the Board of Statutory Auditors), and Alessandro Agus (Group Head of Legal and Corporate Affairs, internal member of the SB).

The ESRS G1 specifies disclosure requirements that enable users of corporate sustainability statements to understand the company's strategy and approach, processes and procedures, as well as its conduct performance (section 1). According to section 2, the standard focuses on the following issues, collectively referred to therein as "business conduct or business conduct matters": a) business ethics and corporate culture, including anti-corruption and anti-bribery, the protection of whistleblowers, and animal welfare; b) the management of relationships with suppliers, including payment practices, especially with regard to late payment to small and medium-sized undertakings; c) activities and commitments of the undertaking related to exerting its political influence, including its lobbying activities.

9.5 AUDITORS

The company in charge of the statutory audit of the Issuer's accounts is KPMG S.p.A. (the "Auditors"), with registered office in Milan, via Vittor Pisani, No. 25, Tax Code and VAT No. 00709600159, enrolled in the register of statutory auditors and auditing companies kept at the Italian Ministry of Economy and Finance under No. 70623.

On April 14, 2022, the Ordinary Shareholders' Meeting of the Issuer, upon the proposal of the Board of Statutory Auditors, appointed the Auditors to audit the separate and consolidated financial statements pursuant to Article 13 of Italian Legislative Decree No. 39/2010 for the three-year period 2022-2024 until the approval of the financial statements for the year ended December 31, 2024, prepared in accordance with IAS/IFRS.

On April 27, 2023, the Shareholders' Meeting, in view of the admission to trading of ordinary shares on EXM – STAR Segment and the consequent acquisition by the Issuer of the status of "public interest entity" pursuant to Art. 16 of Italian Legislative Decree no. 39/2010, resolved to appoint the Auditors, pursuant to Articles 13 and 17 of Italian Legislative Decree 39/2010, effective from the Trading Start Date, to: (i) audit the Company's financial statements and the consolidated financial statements for each of the nine fiscal years ending December 31, 2023 to December 31, 2031; (ii) verify during the financial year that the Company's accounts are properly kept and that the operating events are correctly recorded in the accounting records; (iii) verify the consistency of the management report with the financial statements and the consolidated financial statements; and (iv) audit, on a limited basis, the condensed interim consolidated financial statements for the six-month periods ending June 30, 2023 to June 30, 2031.

It should be noted that the appointment of the Auditors was made in consideration of the Board of Statutory Auditors proposal made following the selection procedure prepared by the Company in compliance with the provisions of Article 16 of Regulation (EU) No. 537/2014.

9.6 FINANCIAL REPORTING OFFICER AND OTHER CORPORATE ROLES AND FUNCTIONS

On March 12, 2025, the Board of Directors appointed the Issuer's Chief Financial Officer, Arianna Ciccolella, as the Financial Reporting Officer.

On that occasion, the Board of Directors recognized Arianna Ciccolella as the suitable person to hold this position, also in view of the requirements stipulated by the applicable regulations and the Bylaws, including significant professional experience in accounting, economics, and finance for at least 3 years.

The Financial Reporting Officer is appointed from among individuals who have significant professional experience in accounting, economics, and finance for at least 3 years and any additional requirements established by the Board of Directors and/or applicable legal and regulatory framework.

The Financial Reporting Officer, pursuant to Article 154-bis of the TUF, shall: (a) prepare written accompanying statements for the Company's deeds and communications disseminated to the market and relating to accounting information, including infra-annual information; (b) prepare adequate administrative and accounting procedures for the preparation of the separate financial statements and, where applicable, the consolidated financial statements, as well as any other financial disclosure; and (c) certify in an appropriate report on the separate financial statements, the condensed interim financial statements and, where prepared, the consolidated financial statements (i) the adequacy and effective application of the administrative and accounting procedures for the preparation of the financial statements, (ii) that the documents are prepared in accordance with applicable international accounting standards recognized in the European Community pursuant to Regulation (EC) No. 1606/2002 of the European Parliament and of the Council of July 19, 2002, (iii) that the documents correspond to the results in the accounting books and records, (iv) the suitability of the documents to provide a true and fair representation of the assets and liabilities, economic and financial situation of the Issuer and the set of companies within the consolidation scope, (v) for the separate financial statements and the consolidated financial statements, that the management report includes a reliable analysis of the performance and results of operations, as well as the situation of the Issuer and the set of companies within the consolidation scope, together with a description of the main risks and uncertainties to which they are exposed, and (vi) for the condensed interim financial statements, that the interim management report contains a reliable analysis of the information referred to in Art. 154-ter, paragraph 4, of the TUF.

The Board of Directors shall ensure that the Financial Reporting Officer has adequate means and powers to perform the duties assigned to them in accordance with the law, as well as compliance with administrative and accounting procedures.

At the Report Date, the Financial Reporting Officer reports directly to the Chief Executive Officer and General Manager, has the Finance Area reporting directly to them, enabling them to maintain constant oversight of the financial reporting process and ensure the reliability and integrity of accounting and operational information, including consolidated information.

9.7 COORDINATION OF THE PARTIES INVOLVED IN THE INTERNAL CONTROL AND RISK MANAGEMENT SYSTEM

The parties involved in the internal control and risk management system operate consistently with the Company, aimed at maximizing the efficiency of the internal control and risk management system, reducing duplication of activities, and ensuring the effective performance of the Board of Statutory Auditors own duties.

In particular, the Board of Statutory Auditors and the Control, Risk and Sustainability Committee exchange information relevant to the performance of their respective duties on a timely basis, and all members of the Board of Statutory Auditors participate in the work of the Control, Risk and Sustainability Committee as well as, for issues of interest, the Chief Executive Officer, the Financial Reporting Officer, the Head of Internal Audit and the members of the Supervisory Body. The Chairperson of the Control, Risk and Sustainability Committee sees to the continuity and completeness of the information flow to the Board of Directors in matters within the Committee's competence.

10. DIRECTORS' INTERESTS AND RELATED-PARTY TRANSACTIONS

In order to adapt the Companies' corporate governance system to the legal and regulatory standards applicable to companies with shares listed on a regulated market, also taking into account the guidelines provided by CONSOB Communication No. DEM/10078683 of September 24, 2010, the Board of Directors, on May 18, 2023, resolved to adopt the RPT Procedure, then subsequently updated on September 12, 2024, available in its full version on the Company's website at https://www.cy4gate.com/en/, Governance/Documents Section.

The Related-Party Transactions Committee consists of 3 non-executive independent members, namely:

  • Maria Giovanna Calloni (Chairwoman);
  • Cinzia Parolini;
  • Alessandra Bucci.

This Committee performs the functions assigned to it as per the RPT Procedure.

In particular, the Committee:

  • (i) is called upon to express a non-binding reasoned opinion on the Issuer's interest in the completion of the Transactions of Lesser Significance (as defined within the RPT Regulation), as well as on the appropriateness and substantive fairness of their terms; and
  • (ii) shall be involved in the negotiation and preliminary phase in the case of Transactions of Greater Significance (as defined within the RPT Regulation) and, thereafter, it is called upon to express a binding reasoned opinion on the Company's interest in the completion of the transaction, as well as on the appropriateness and substantive fairness of the terms.

The work of the Related-Party Transactions Committee is coordinated by its Chairperson. Meetings are duly minuted and the Chairwoman informs the Board of Directors and the Board of Statutory Auditors at the first subsequent meeting.

During the Year, the Related-Party Transactions Committee met 6 times, with the participation of the Board of Statutory Auditors in addition to its members.

The average duration of the Related-Party Transactions Committee meetings was approximately one hour and twenty minutes.

For the current year, the Related-Party Transactions Committee has scheduled 2 meetings, which have already been held at the Report Date.

Please refer to Section 6 of the Report for the main activities carried out by the Related-Party Transactions Committee during the Year.

Except as provided in applicable provisions, there are no specific obligations on directors in cases where they have an interest on their own behalf or on behalf of third parties in a particular transaction of the Company. Before taking each resolution, the Board of Directors shall ask the members of the Board of Directors whether they have their own interests or the interests of third parties in the transaction that is under resolution.

11. BOARD OF STATUTORY AUDITORS

11.1 APPOINTMENT AND REPLACEMENT

The Board of Statutory Auditors consists of 3 (three) standing auditors and 2 (two) alternate auditors.

The members of the Board of Statutory Auditors shall meet the requirements of integrity, professionalism, independence and those related to the maximum number of positions provided for by applicable law and regulations. For the purposes of Article 1, paragraph 2.b) and c) of Italian Minister for Justice Decree No. 162 of March 30, 2000, subjects pertaining to commercial law, corporate law, tax law, business economics, corporate finance, disciplines with similar or assimilated subject matter, and finally subjects and fields of activity inherent to that of the Company are considered to be closely related to the Company's field of business.

If, in the composition of the Board of Statutory Auditors, the application of the gender balance criterion does not result in a whole number of candidates belonging to the less represented gender, such number is rounded on the basis of the criterion provided for by the legislation and regulations in force.

Statutory auditors serve three-year terms, are eligible for reappointment, and their terms expire on the date of the shareholders' meeting called to approve the financial statements for their third year in office.

Pursuant to Article 27 of the Bylaws, statutory auditors are appointed by the shareholders' meeting on the basis of lists submitted by shareholders.

In particular:

(i) shareholders who, at the time of submitting the list, held, individually or jointly, a number of shares at least equal to the same proportion as determined by CONSOB, pursuant to applicable statutory and regulatory provisions, for the purpose of submitting lists for the appointment of the board of directors of companies with shares traded on regulated markets (Articles 144-quater and 144-sexies of CONSOB Resolution No. 11971 of May 14, 1999) may submit a list for the appointment of statutory auditors. The ownership of the minimum proportion shall be determined having regard to the shares that are registered in favor of the shareholder on the day on which the list is filed with the Company, it being understood that the relevant certification may also be produced after the filing, provided that it is within the deadline for the publication of the list;

  • (ii) the lists are filed with the Company within the terms provided for by the laws and regulations in force, which are indicated in the call notice at the Company's registered office or also through a remote means of communication as indicated in the call notice, and made available to the public within the terms and in the manner provided for by the laws and regulations in force;
  • (iii) in the event that only one list has been filed by the expiration date of the deadline for the submission of lists, or only lists submitted by shareholders who are connected with each other under the laws and regulations in force, additional lists may be submitted, up to the third day following that date, by shareholders who, at the time of the submission of the list, held, individually or jointly, a number of shares at least equal to half of the minimum share required by point (i) above.

In addition:

  • candidates are listed, within the lists, by a sequential number and in a number not exceeding the members of the body to be elected;
  • lists are divided into two sections: one for candidates for the office of standing auditor and the other for candidates for the office of alternate auditor. The first of the candidates in each section shall be registered as a statutory auditor and have practiced statutory auditing for a period of at least three years;
  • the list of candidates in both sections shall be such as to ensure that the composition of the Board of Statutory Auditors, in both the standing and the alternate components, complies with the provisions of the law and regulations in force regarding gender balance, it being understood that if the application of the gender balance criterion does not result in a whole number, the number shall be rounded up to the next higher unit, except in the case where the board of auditors consists of three standing auditors for which rounding down shall be made to the next lower unit;

Each shareholder, as well as shareholders belonging to the same group and shareholders who are parties to a shareholders' agreement relevant under Article 122 of the TUF, may not submit or participate in the submission, even though a third party or trust, more than one list, nor may they vote for different lists.

Each candidate may be on only one list, under penalty of ineligibility.

  • A) Where two or more lists have been submitted, the election of members of the Board of Statutory Auditors shall be conducted as follows:
  • a) from the list that obtained the highest number of votes cast (the "Majority List") the majority of standing and alternate auditors to be elected except one are drawn in the sequential order of presentation;
  • b) the remaining standing auditor and the remaining alternate auditor are taken from the second list that obtained the highest number of votes and that is not connected even indirectly with the shareholders who submitted the list that ranked first in number of votes (the "Minority List").

The chair of the Board of Statutory Auditors shall be held by the standing auditor drawn from the Minority List pursuant to letter b) above; in case of replacement of the chairperson, this office shall be held by the alternate auditor drawn from the Minority List pursuant to letter b) above. In the event that all the statutory auditors are drawn from a single list, the chair goes to the first candidate on that list.

If, in the manner indicated above, the legal and regulatory provisions in force regarding gender balance are not complied with, the candidate for the office of standing or alternate auditor of the most represented gender who was elected as last in numerical order from the Majority List shall be excluded and shall be replaced by the next candidate for the office of standing or alternate auditor, drawn from the same list, belonging to the other gender.

  • B) If only one list has been submitted, the shareholders' meeting shall vote on it, and if it obtains a majority of votes, three standing auditors and two alternate auditors named in the list as candidates for such offices shall be elected, in accordance with the laws and regulations in force, including those on gender balance.
  • C) In the absence of lists, or if it is not possible for any reason to proceed with the appointment of the Board of Statutory Auditors in the manner provided for in this article, the three standing auditors and the two alternate auditors shall be appointed by the Shareholders' Meeting, on the basis of nominations proposed by the shareholders within the terms and in the manner provided by the regulations in force for the submission of proposals for resolutions on matters already on the agenda, depending on whether the intervention and exercise of voting rights by the eligible persons can take place directly at the Shareholders' Meeting or exclusively through the designated representative, in accordance with the statutory and regulatory provisions in force, including on gender balance.

In the event of the termination of office, for any reason, of a standing auditor, and in compliance with the applicable legal and regulatory provisions on gender balance, the following procedure shall apply: (i) if a standing auditor from the Majority List of the Board of Statutory Auditors vacates the position, they shall be replaced by the alternate auditor from the Majority List, (ii) if the auditor from the Minority List, or the chairperson of the Board of Statutory Auditors, ceases to hold office, they shall be replaced by the alternate auditor from the Minority List, who will also assume the role of chairperson. If, for any reason, it is not possible to proceed within the above-mentioned deadlines, a shareholders' meeting must be convened to allow for the integration of the Board of Statutory Auditors through the ordinary procedures and majorities, without the application of the list voting mechanism, while ensuring compliance with the applicable legal and regulatory provisions on gender balance.

Statutory auditors act autonomously and independently also with respect to the Shareholders who elected them.

11.2 COMPOSITION AND OPERATION OF THE BOARD OF STATUTORY AUDITORS (PURSUANT TO ART. 123-BIS, PARAGRAPHS 2.D) AND 2.D-BIS) OF THE TUF)

The Company's Board of Statutory Auditors at the Report Date was appointed by the Shareholders' Meeting held on April 27, 2023, and then supplemented at the Shareholders' Meeting held on April 22, 2024 (as further detailed below), and is composed as follows:

First and last Position Date of birth Seniority in office (§)
name
Stefano Fiorini Chairman of the Boardof Statutory Auditors July 15, 1969 6 years
Paolo Grecco Standing Auditor May 10, 1958 6 years
DanielaDelfrate Standing Auditor August 12, 1965 5 years
Allegra Piccini Alternate Auditor April 12, 1975 /
AlbertoTrabucchi Alternate Auditor October 20, 1970 /

(§) Reference is made to the date of first appointment.

In this regard, it should be noted that the Standing Auditors Paolo Grecco and Daniela Delfrate, as well as the Alternate Auditor Allegra Piccini, were taken from the majority list submitted by the shareholder Elettronica. While on the other hand, Standing Auditor Stefano Fiorini was drawn from the minority slate submitted by shareholder TEC Cyber.

On May 18, 2023, Alternate Auditor Sebastiano Bonanno resigned, effective immediately, for personal reasons. The integration of the Board of Statutory Auditors, with the appointment of an Alternate Auditor to replace Bonanno, took place, in accordance with the law, at the Shareholders' Meeting called to approve the financial statements for the year ended December 31, 2023, with the appointment of Alberto Trabucchi, whose candidacy was submitted by the shareholder Elettronica.

The statutory auditors meet the requirements of integrity, professionalism and independence set forth by law, the Bylaws and the Code.

A summary of the personal and professional characteristics of the members of the Board of Statutory Auditors is hereby provided.

Stefano Fiorini

Graduated in economics and business administration, he is a statutory auditor and enrolled in the Register of Technical Consultants of the Civil Court of Rome, the Register of Experts of the Criminal Court of Rome, the Register of Judicial Administrators, ordinary section, and the Register of Practitioners for Business Crisis. He has gained significant experience in major sectors of industrial and service business. He worked in auditing at KPMG S.p.A. (until the year 1997) and Arthur Andersen S.p.A. (in 1998), and debt restructuring at Gallo & C. S.p.A. He has served as investment director of PM & Partners and ABN Amro Capital Investments NV. He is a consultant in connection with extraordinary finance transactions and in civil and criminal proceedings involving disputes in economic-business and financial matters. He holds, and has held, roles in corporate governance of companies, including listed ones. He was an associate of NedCommunity, the Italian association of non-executive and independent directors. At the Report Date, Fiorini serves as a Certified Public Accountant and Statutory Auditor at Studio Fiorini STP S.r.l.

Paolo Grecco

Graduated in economics and business administration at LUISS University in Rome, he was a tax consultant at Studio Pirola from 1984 to 1996 and a tax consultant at Deloitte & Touché S.p.A. from 1996 to 2004. He is currently self-employed. At the Report Date, Grecco is not a member or partner of an associated professional firm.

Daniela Delfrate

Graduated in Economics and Business Administration from the Cattolica University in Milan, she is enrolled in the Register of Certified Public Accountant in Milan, as well as in the register of statutory auditors. Delfrate has significant experience with professional consulting firms and as a statutory auditor of several companies. At the Report Date, Delfrate is a partner in AndPartners Tax and Law Firm.

Allegra Piccini

Graduated in economics and business administration at LUISS University in Rome and licensed as a Certified Public Accountant, she has worked as a Certified Public Accountant at Studio Piccini & Associati since 2003 and until the Report Date and specializes in corporate law, tax law, business consulting, and taxation.

Alberto Trabucchi

Graduated in Economics and Business Administration from LUISS University in Rome, he is an auditor, independent director, and has served as a member of the boards of statutory auditors of major financial institutions and public institutions. He has decades of professional experience, as part of which he has assisted large companies, providing tax advice on particularly complex issues.

In addition to the above, as is the case of the members of the Board of Directors, the members of the Board of Statutory Auditors regularly participate in initiatives aimed at updating their knowledge regarding the business sector in which the Group operates, the drivers for the development of the products and services offered (including the relevant profiles related to compliance with current ESG regulations), and the money laundering and terrorist financing risks, considering, among other things, the geographical areas of reference.

The Board of Statutory Auditors is convened and meets at the initiative of any one of the statutory auditors. It is validly constituted with the presence of the majority of auditors and passes resolutions by the favorable vote of an absolute majority of those present.

During the Year, the Board of Statutory Auditors met 13 times. At the Report Date, 3 meetings of the control body were held.

The average duration of the Board of Statutory Auditors meetings during the Year was, as a whole, approximately one hour and forty minutes. The meetings took place both in physical presence and by audio-video conference link.

Please refer to Table 4 in the appendix of the Report for more details on this.

Diversity criteria and policies

The Board of Statutory Auditors composition complies with the provisions on gender quotas in corporate bodies of listed companies.

In particular, legal and regulatory provisions requiring that the allocation of the members of the Board of Statutory Auditors to be elected be made according to a criterion that ensures gender balance have been included in the Bylaws. Although Article 148, paragraph 1-bis of the TUF, as amended by Italian Law No. 160 of December 27, 2019, specifies that the provisions on gender balance shall apply as of the first renewal of the Board of Statutory Auditors following the listing, providing that the less represented gender obtains at least onefifth of the total number auditors elected on the occasion of the first renewal and at least two-fifths in the next five consecutive terms (in any case rounded up, with the exception of corporate bodies consisting of three members for which there is rounding down is to the lower unit), the composition of the Issuer's Board of Statutory Auditors, on a voluntary basis, already complies with the requirements for renewals after the first, as well as with Recommendation 8 of the CG Code.

Notwithstanding the foregoing, the Issuer has not formally adopted specific diversity policies in relation to the composition of the control body with regard to aspects such as gender or, again, age, and educational and professional background. However, at the Report Date, the composition of the Company's control body reflects an adequate degree of diversification with regard to the terms represented above.

Although the Issuer, at the Report Date, has not formally adopted specific diversity policies in relation to the composition of the Board of Statutory Auditors with respect to aspects as age, gender composition, disability, or educational and professional background, the composition of the Company's Board of Statutory Auditors reflects an adequate degree of diversity. In fact, the Issuer pays great attention to governance issues; specifically, at the Report Date, 40% of the Board of Statutory Auditors is female, and, more generally, the members of the control body have a heterogeneous portfolio of experience, as evidenced in more detail in the summary of their respective resumes. Likewise, the age brackets and seniority of office of the members – please refer to the Table on the Composition of the Board of Statutory Auditors at the Report Date in Section 11.2 above – are appropriately differentiated.

The Issuer's Board of Statutory Auditors has adopted its own Regulations for governing the composition, operation and powers of the body, in accordance with the principles enshrined in the applicable laws and regulations, as well as the Corporate Governance Code.

Independence

On March 12, 2025, after the favorable opinion of the Appointments and Remuneration Committee, the Board of Directors approved the Quantitative and Qualitative Criteria for the process of verifying the independence of the Company's directors and statutory auditors, for the assessment of the significance of the relationships between these parties and the Company and/or the Group, pursuant to Recommendation 7 of the CG Code (see Section 4.7 of the Report).

The Board of Directors and the Board of Statutory Auditors on March 12, 2026 assessed the independence of their members.

Specifically, the Board of Statutory Auditors assessed the independence requirements of its members, with each member providing additional information regarding:

  • personal and professional characteristics;
  • factors used to assess independence, with particular reference to the professional, commercial, and financial relationships with the Company and the Group;
  • their ability to perform their duties appropriately and in a timely manner.

Based on the declarations made, the available information, and the additional information provided by each member, the Board of Statutory Auditors ascertained:

  • that each member meets the requirements of integrity, professionalism, competence, and expertise, including in areas directly related to the company's business, as established by the bylaws and applicable legislation;

  • that all members are listed in the register of auditors and have practiced statutory auditing for a period of no less than three years;

  • that none of the causes for ineligibility, incompatibility, or forfeiture provided for by current legislation and the bylaws apply to any of them;

  • that each member meets the independence requirements established under penalty of ineligibility and forfeiture – by Article 2399, paragraph 1, of the Civil Code and Article 148, paragraph 3, of the TUF, and more specifically:

  • they do not fall under the conditions set forth in Article 2382 of the Civil Code;

  • they are not spouses or relatives or in-laws within the fourth degree of kinship of any of the Company's directors;

  • they are not directors of a subsidiary of the Company or of a parent of the Company or of another company under joint control;

  • they are not spouses or relatives or in-laws within the fourth degree of kinship of any of the directors of a subsidiary of the Company or of a parent of the Company or of another company under joint control;

  • they are not linked to the Company or its subsidiaries, parent companies, or jointly controlled companies, or to the Company's directors and the persons referred to in points ii), iii), and iv) by a self-employed or subordinate employment relationship, or by a continuous consultancy or paid service relationship, or by other financial relationships that compromise their independence; and

  • they do not hold any positions and have not carried out, in the last three financial years, nor will they carry out currently or in future (due to ongoing negotiations), directly or indirectly – through third-party companies/professional firms – activities or services for the Company, the companies belonging to the CY4GATE Group, and its major shareholders (direct and indirect);

  • they do not have and have not had in the recent past (not even through the professional firm with which they are associated or through its partners, where applicable) any self-employed or financial or professional relationships with the Company, the companies belonging to the Group, or its major shareholders (direct and indirect);

  • each member complies with the regulatory provisions regarding the evaluation of the number of positions held (accumulation of positions), in relation to industry regulations;

  • the composition of the board of statutory auditors is adequate with regard to gender (at least one-third of the standing members are statutory auditors of the less represented gender) and age of the members;

  • each member guarantees the availability of time to carry out their duties, including attendance, which may take place via means of telecommunication, at meetings of the board of statutory auditors, other bodies, and internal board committees;

  • the composition of the board of statutory auditors is adequate, also with regard to the methods of carrying out the planned supervisory activity;

  • all statutory auditors are insured for civil liability against professional risks and those arising from the activity of statutory auditor and/or auditor.

The Board of Statutory Auditors, during its mandate, has never encountered circumstances that could compromise the independence identified by the TUF and the CG Code (Recommendation 6, as referenced in Recommendation 9).

The Board of Statutory Auditors, in its Regulations (Article 5.2), has explicitly provided that "In any case, any auditor who, on their own behalf or on behalf of third parties, has an interest in a specific transaction of the Company shall promptly and comprehensively inform the other auditors and the Chairperson of the Board of Directors of the nature, terms, origin, and scope of their interest".

Remuneration

The remuneration of the Statutory Auditors, as provided for in Article 2402 of the Civil Code, was determined by the Shareholders' Meeting at the time of their appointment and was revised upwards by resolution of the Shareholders' Meeting on April 22, 2024, and is commensurate with the commitment required, the importance of the role covered as well as the dimensional and sectoral characteristics of the Company.

For details on the remuneration of statutory auditors, please refer to the report on the remuneration policy and compensation paid, prepared pursuant to Article 123-ter of the TUF and the Article 84-quater of the Issuers' Regulation, as well as in accordance with the recommendations of Article 5 of the Code, being made available to the public on the Company's website athttps://www.cy4gate.com/en/ and in the other manners required by current regulations.

Interest management

No specific obligations are imposed on the Statutory Auditors in cases where they have an interest on their own behalf or on behalf of third parties in a given Company transaction. Prior to the adoption of each resolution, the Board of Directors asks the members of the Board of Statutory Auditors whether they have an interest of their own in the transaction that is the subject of the resolution. A statutory auditor who, on their own behalf or on behalf of a third party, has an interest in a particular transaction of the Issuer shall promptly and fully inform the other statutory auditors and the Chairperson of the Board of the nature, terms, origin, and extent of their interest.

11.3 ROLE OF THE BOARD OF STATUTORY AUDITORS

The supervisory activities of the Board of Statutory Auditors are carried out in accordance with the provisions of Article 2403 of the Civil Code, Italian Legislative Decree 58/1998 (TUF) and the relevant rules issued by the Supervisory Authorities, in compliance with the recommendations issued by CONSOB and the Rules of Conduct for the Board of Statutory Auditors of Listed Companies prepared by the National Board of Certified Public Accountants and Accounting Experts.

As part of its control activities, the Board of Statutory Auditors acquires the information necessary and useful for assessing the general performance of operations and foreseeable evolution, the adequacy of the organizational system, the internal control and risk management system, and the administrative accounting system, also by attending the Boards of Directors and the Board Committees meetings, as well as examining the information flows prepared by the individual company functions and the audit functions.

During the year, the Board carries out its supervisory activities:

  • on compliance with relevant statutory and regulatory requirements;

  • on compliance with the Law and the Bylaws and the principles of sound administration regarding the transactions carried out by the Company, including intra-group transactions and those with related parties;

  • on the Company's governance system and the implementation of corporate governance rules, as also set forth in the Corporate Governance Code promoted by Borsa Italiana and adopted by the Company;

  • on the degree of adequacy of the Company's organizational structure, including its interactions, relationships and connections with its Subsidiaries, through direct surveys, collection of information from the heads of the functions concerned, and exchanges of data and information with the Auditors;

  • on the functioning of the administrative and accounting system in order to assess its adequacy with respect to management needs and reliability in the representation of operating events, through direct appraisals of company documents, obtaining information from the heads of the respective functions, and analyzing the results of the work carried out by the Auditors;

  • on compliance with control procedures related to the administrative and accounting system, through contacts with the Chief Financial Officer and Financial Reporting Officer, and on the financial reporting process, also in relation to the activities promoted by the Group in the area of sustainability and social-environmental impact;

  • on the completeness, adequacy, functionality and reliability of the internal control and risk management system at the Group level, by gathering information and documentation, as well as through periodic meetings with Top Management, the control functions (Compliance, Anti-Money Laundering, Risk Management, Internal Audit), the Financial Reporting Officer, also through constant participation in the works of the Control and Risk Committee;

  • on the strategic and management control performed by the Company in its capacity as Parent.

During the year, the Board of Statutory Auditors carries out its activities as the Internal Control and Audit Committee, particularly in monitoring the financial reporting process and assessing organizational safeguards aimed at fully implementing regulatory provisions designed to strengthen audit quality and the independence of the auditors.

The Board maintains periodic contacts with the corresponding bodies of the Italian subsidiaries and carries out the in-depth investigations on the Group's foreign scope, including in the framework of its periodic meetings with the departments in charge of controls.

The Board of Statutory Auditors takes note of the activities carried out by the Supervisory Body, appointed to ensure the adequacy, compliance and updating of the organization and management model pursuant to Italian Legislative Decree 231/01, and supervises the requirements of efficiency and independence related to it by means of periodic meetings.

Please refer to the report prepared by the Board to the Shareholders' Meeting pursuant to Article 153 of the TUF.

For more information regarding the roles and responsibilities of the boards of directors, management and control bodies in overseeing procedures to manage relevant risks, impacts and opportunities, as well as how the boards of directors, management and control bodies are informed about sustainability issues and how these issues were addressed during the reporting period, see Section 4.3 of the Report.

12. RELATIONS WITH SHAREHOLDERS AND OTHER RELEVANT STAKEHOLDERS

The Issuer considers it to be in its own specific interest – as well as a duty to the market – to ensure a constant and open relationship with shareholders, institutional investors, other relevant stakeholders and, in general, operators in the financial community, with the aim of increasing the level of understanding about the activities carried out by the Company and the Group in compliance with the internal rules and procedures governing the disclosure of inside information. In this context, the Board of Directors strives for the systematic dissemination of correct, exhaustive and timely information about the Group to shareholders, investors, and more generally to all stakeholders interested in the Issuer and the Group, also in light of the indications formulated by CONSOB on the subject, the principles expressed by the Code and market best practices.

Access to information

The Issuer has established an easily identifiable and accessible special section within its website in which information concerning the Issuer that is relevant to its shareholders is made available, so that shareholders can exercise their rights in an informed manner.

On March 12, 2025, the Board of Directors appointed Arianna Ciccolella as Chief Financial Officer and Alessia Pisoni as Investor Relator Manager of the Issuer.

For more information, please refer to the Issuer's website at https://www.cy4gate.com/en/, Investor Relations section.

Dialogue with shareholders

The Board of Directors strives to establish an ongoing dialogue with shareholders. In particular, the Issuer ensures the systematic dissemination – to investors, the market and the media – of comprehensive and timely information on its activities, in accordance with the Company's well-established practice, in line with market best practices, and subject to the confidentiality requirements that certain information may present. Such disclosures are ensured through press releases, regular meetings with institutional investors, the financial community and the press, and extensive documentation and numerous publications made available and constantly updated on the Company's website at https://www.cy4gate.com/en/, specifically in the Investor Relations Section. Further information can also always be requested via e-mail to [email protected].

The Chief Executive Officer ensures that the Board is informed, in any case by the first useful meeting, of the development and significant contents of the dialogue that has taken place with the Group's shareholders and stakeholders.

In addition to the above, on May 18, 2023, the Issuer adopted a policy for managing dialogue with shareholders (the "Policy"), prepared in adherence to the principles and recommendations set forth in the Code and considering market best practices. The Policy aims to pursue the aim of raising the level of transparency and investor engagement, in accordance with the principles outlined in the Shareholder Rights Directive II, and serves as a functional tool to promote the success of the Issuer through the creation of long-term value for the benefit of Shareholders, also taking into account the interests of stakeholders, as well as the environmental, social, and economic impacts of its business.

During the Year, in order to consider and analyze the interests and opinions of stakeholders in the business strategy and business model, the Company participated in industry conferences and meetings, organized meetings and met with institutional investors at roadshows, one to one meetings, and virtual and physical conferences.

To enable maximum shareholder involvement, the disclosure documents prepared by the Company on these occasions were made available on its website*.*

The Company identifies the Group's relevant stakeholders, understood as those "groups and individuals who have specific interests on which the Group's activities have an effect and/or who contribute in various ways to the Group's business and very existence". For each stakeholder category, the Board of Directors, which, for this purpose, is supported by the Control, Risk and Sustainability Committee, examines the relevant issues and related risks and opportunities within the various areas of sustainability, which are to be taken into account when defining management strategies and targets. The findings of such "discussions" may be relevant in the implementation of the Company's sustainable success, where they are in accordance with the business strategy outlined by the Board of Directors and, likewise, matching the interest of shareholders, including minority shareholders.

In particular, the Company pays special attention to understanding the interests and opinions of key stakeholders, which are taken into account in its future programs, including with regard to the profiles of the company's sustainability-related impacts.

13. SHAREHOLDERS' MEETINGS

Shareholders' meetings, whether in ordinary or extraordinary session, are held in a single call, pursuant to Article 2369, par. 1 of the Civil Code. However, the Board of Directors may establish, if it deems it advisable and giving express indication in the call notice, that the Ordinary Shareholders' Meeting be held in two calls and the Extraordinary Shareholders' Meeting in two or three calls, applying the majorities respectively established by the laws and regulations in force.

The power to convene the Shareholders' Meeting rests with the Board of Directors, without prejudice to the right of the Board of Statutory Auditors or at least two members of it to do so, pursuant to Article 151 of the TUF and other applicable laws and regulations.

The operation of the Meeting is regulated by the Bylaws in accordance with applicable legal provisions.

Entitlement to participate in the meeting is attested by a communication to the Company, made by the intermediary authorized to keep accounts in accordance with the law, based on the evidence of its accounting records on the end of the accounting day of the seventh open market day prior to the date set for the meeting in a single call, and received by the Company within the legal deadline.

Those who are entitled to vote may be represented at the meeting by proxy issued in the manner prescribed by current regulations. The proxy may also be notified to the Company electronically in the manner specified in the notice of the meeting.

The Company may designate, for each meeting, with an indication contained in the notice of the meeting, a person to whom the shareholders may grant proxy with voting instructions on all or some of the proposals on the agenda, within the terms and in the manner prescribed by law.

The Meeting may be held with attendees located in more than one place, whether contiguous or distant, audio/video connected, provided that the collegial method and the principles of good faith and equal treatment of members, as well as the additional conditions provided for in the Bylaws, are respected.

The Bylaws provide that, where provided for and/or permitted by the regulations in force, the Company may provide in the call notice that attendance and the exercise of voting rights at the meeting shall take place exclusively through the granting of proxies pursuant to Article 135-undecies of the TUF (as well as proxies or sub-proxies pursuant to Article 135-novies of the TUF, as an exception to Article 135-undecies, paragraph 4, of the TUF) to the representative designated pursuant to Article 135-undecies.1 of the TUF.

In the event that the Company's Board of Directors makes use of the option referred to in the preceding paragraph, it may provide that participation in the shareholders' meeting by the entitled parties (directors, statutory auditors, representatives of the auditors, the Notary Public, the designated representative, and other persons who are allowed to attend the meeting pursuant to the law and the Company's Bylaws, other than those who are entitled to vote) may also or only take place by means of telecommunications that ensure their identification, without the need for the Chairperson, Secretary and/or Notary to be in the same place, provided that the conditions set forth in the Bylaws are met.

The Meeting shall act in ordinary and extraordinary session on matters reserved to it by law and the Bylaws, under the majorities established by law.

Each share confers the right to one vote at ordinary and extraordinary meetings of the Company.

The Shareholders' Meeting is chaired by the Chairperson of the Board of Directors or, in their absence or impediment, by the vice chairperson where appointed or, in their absence or impediment, by another person delegated by the Board of Directors or, in the alternative, by the person designated by a majority vote of those present, where applicable.

Function, powers and duties of the Chairperson are regulated by law.

Pursuant to Article 15 of the Bylaws, the Chairperson is assisted by a secretary who may also be a non-director and/or non-shareholder and, if necessary, one or more tellers, who may also be non-directors and/or non-shareholders, tasked for this purpose by the Board of Directors. The assistance of the secretary is not required if the minutes are prepared by a notary public.

Meetings are governed by law and the Bylaws.

During the Year, the Shareholders' Meeting met once, all the members of the Board of Directors attended such meeting.

The Board endeavored to ensure that shareholders were adequately informed, publishing on its website the documents to be submitted to the Shareholders' Meeting for review and approval within the legal deadlines, so that they could contribute to the meeting's decisions in an informed manner.

The Board did not deem it necessary during the Year to develop proposals to submit to the Shareholders' Meeting regarding the choice and characteristics of the corporate model (deeming the current one to be adequate), nor regarding issues related to administrative and equity rights of shares and percentages for the exercise of prerogatives placed to protect minority shareholders.

More generally, the Board of Directors reports to the Shareholders' Meeting on the activities carried out and planned, and endeavors to ensure that the shareholders are adequately informed about the necessary elements so that they are duly informed to take the decisions within the competence of the Shareholders' Meeting. In particular, in the context of the emergency related to the COVID-19 pandemic, by virtue of the provisions of Article 106, paragraph 4, of Italian Decree Law No. 18 of March 17, 2020 (the "Cura Italia" Decree), as extended several times over the past years, the ways through which the Board performs its duties in terms of reporting to the Meeting have evolved, so that the Meeting can carry out its informational and debate function. Said modes are basically divided into three distinct moments:

  • (i) the presentation by the Board of Directors of proposed resolutions to the Meeting;
  • (ii) making reports and relevant documentation available to the public;
  • (iii) the expression of the shareholder's vote on the proposed resolutions formulated by the Board of Directors, developed at a time prior to the shareholders' meeting, possibly also as a result of, among other things, direct meetings with the Chairperson and Management in application of the engagement policies, which provide for constantly open channels of communication between shareholders and the Company.

The Chairperson of each Board Committee reports to the Shareholders on how the works of the Committee are being carried out.

14. ADDITIONAL CORPORATE GOVERNANCE PROCEDURES (PURSUANT TO ART. 123-BIS, PARAGRAPH 2.A), SECOND PART, OF THE TUF)

At the Report Date, no additional corporate governance procedures, if any, have been adopted beyond those already stated in the Report.

15. CHANGES AFTER THE END OF THE YEAR

Except as explained in the Report, there have been no changes in the Issuer's corporate governance structure from the closing date of the Year to the Report Date.

16. CONSIDERATIONS ON THE LETTER FROM THE CHAIRPERSON OF THE CORPORATE GOVERNANCE COMMITTEE

On December 17, 2025, the Company received the letter from the Chairperson of the Corporate Governance Committee. The recommendations for 2024, contained in the letter, were brought to the attention of the Board of Directors at the January 16, 2025 meeting.

The recommendations made in the aforementioned letter were then reviewed and specifically considered by the management body at its meeting on March 12, 2026, when approving the Report. There, the following emerged.

Measurability of the remuneration policy components

With reference to the recommendation to review the Company's remuneration policies to (i) verify the existence of provisions regarding possible extraordinary payments and/or allowance for termination of office for Executive Directors and (ii) assess the adequacy of such provisions with respect to the principle of measurability recommended by the Code, it is hereby acknowledged that these checks were conducted for the purposes of drafting the remuneration policy, which will be submitted to the Shareholders' Meeting for a vote on April 28.

Development of dialogue with other relevant stakeholders

Not applicable to the company in view of its size.

The recommendations made in the Letter from the Chairperson of the Corporate Governance Committee have also been brought to the attention, to the extent of its competence, of the Board of Statutory Auditors, which has taken note of them.

* * *

Rome, March 12, 2026

CY4GATE S.p.A.

The Executive Chairperson of the Board of Directors

Enrico Peruzzi

TABLE 1: INFORMATION ON THE OWNERSHIP STRUCTURES AT 03/12/2026

SHARE CAPITAL STRUCTURE
No. of shares No. of voting rights Listed (specify markets)/ Not listed Rights and obligations
Ordinary shares (*) 23,571,428 23,571,428 Listed – EuronextSTAR Milan No increase in votingrights is envisaged
Preferred shares / / / /
Multiple-votingshares / / / /
Other categoriesof shares withvoting rights / / / /
Savings shares / / / /
Convertiblesavings shares / / / /
Other non-votingshare classes / / / /
Other / / / /

(*) For the sake of completeness, it should be noted that, at the Report Date, the Company holds 450,000 treasury shares.

OTHER FINANCIAL INSTRUMENTS(with the right to subscribe newly issued shares)
Listed(specify markets) /not listed Number ofoutstandingsecurities Category of shares toservice theconversion/exercise Number of shares toservice the conversion/exercise
Convertiblebonds / / / /
Warrants / / / /
SIGNIFICANT EQUITY INVESTMENTS IN SHARE CAPITAL
Declaring Party Direct Shareholder % of ordinary capital % of voting capital
Elettronica S.p.A. Elettronica S.p.A. 38.38% 38.38%
TEC Cyber S.p.A. TEC Cyber S.p.A. 16.16% 16.16%
First Capital S.p.A. First SICAF S.p.A. 5.30% 5.30%

Corporate Governance – page 54

Board of Directors
Position Members Year ofbirth Date of firstappointment(*) In officefrom In officeuntil List(submitters)(**) List(M/m)(***) Executive Nonexecutive IndependentCode IndependentTUF Otheroffices(****) Attendance(*****)
ExecutiveChairperson EnricoPeruzzi April 29,1967 June 6, 2025 June 6,2025 until the approvalof the financialstatements atDecember 31,2025 Shareholders M X 4/4
ChiefExecutiveOfficer EmanueleGaltieri October23, 1974 March 31,2021 April27,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders M X 8/8
Director RobertoFerraresi July 3,1975 February 7,2022 April27,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders m X Philogen 8/8
Director AlessandroChimenton December7, 1961 July 26,2023 July 26,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders M X 8/8
Director DomitillaBenigni April 4,1969 June 22,2020 April27,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders M X 8/8
Director Paolo Izzo June 15,1973 November 4,2022 April27,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders M X 8/8
Director AlessandraBucci July 30,1966 April 27,2023 April27,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders M X X X Unidata 8/8

TABLE 2: STRUCTURE OF THE BOARD OF DIRECTORS AT THE END OF THE YEAR

Director CinziaParolini January27, 1959 August 4,2021 April27,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders M X X X 8/8
Director MariaGiovannaCalloni December26, 1964 April 27,2023 April27,2023 until the approvalof the financialstatements atDecember 31,2025 Shareholders m X X X DeNoraEuroGroupLaminationsPhilogen 8/8
-------------------------------- DIRECTORS NO LONGER IN OFFICE DURING THE YEAR --------------------------------
Director AlbertoLuigiSangiovanniVincentelli June 23,1947 June 22,2020 April27,2023 / Shareholders M / X / / CadenceDesignSystem,BoardMember andco-Founder,FinanceCommittee,GovernanceandNominationCommittee,NASDAQ. 4/4
KPIT
Technologies,
Board
member,
Remunerati
on and
Nominating
Committee,
Indian Stock
Exchange

Specify the number of meetings held during the Year:

Specify the quorum required for submitting lists by minority shareholders for electing one or more members (under Article 147-ter of the TUF):

NOTES

The following symbols must be inserted in the "Office" column:

• This symbol means that the director is responsible for the internal audit and risk management system.

○ This symbol means Lead Independent Director (LID).

(*) Date of first appointment of each director means the date on which the director was appointed for the first time (ever) in the Issuer's BoD.

(**) This column specifies whether the list from which each director was drawn was submitted by shareholders (specifying "Shareholders") or by the BoD (specifying "BoD").

(***) This column specifies whether the list from which each director was drawn is "majority" (indicating "M") or "minority" (indicating "m").

(****) This column specifies the number of offices of director or statutory auditor that are held by a person involved in other listed companies or companies of significant dimensions. The offices are specified in detail in the Corporate Governance Report.

(*****) This column specifies the attendance of directors at BoD meetings (specify the number of meetings attended out of the total number of meetings the director could have attended; e.g. 6/8; 8/8 etc.).

(§) Not in possession of management powers.

Board of Directors ExecutiveCommittee RPT Committee Control, RiskandSustainabilityCommittee RemunerationCommittee AppointmentsCommittee StrategicCommittee Othercommittee
Office/Qualification Members (*) (**) (*) (**) (*) (**) (*) (**) (*) (**) (*) (**) (*) (**)
Chairman of the Enrico 1/1 M
BoD Peruzzi
Chief Executive Emanuele 1/1 M
Officer Galtieri
Non-executive
non Roberto 11/11 M 1/1 M
independent Ferraresi
director
Non-executive
non Alessandro
independent Chimenton
director
Non-executive
non Domitilla 1/1 C
independent Benigni
director
Non-executive
non M 7/7 M 1/1 M
independent Paolo Izzo
director

TABLE 3: BOARD COMMITTEE STRUCTURE AT THE END OF THE YEAR

Non-executive
non Alessandra 6/6 M 11/11 M C 7/7 C
independent Bucci
director
Non-executive
non Cinzia 6/6 M 11/11 C
independent Parolini
director
Non-executive
non Maria 6/6 C M 7/7 M
independent Giovanna
director Calloni
-------------------------------- DIRECTORS NO LONGER IN OFFICE DURING THE YEAR --------------------------------
Executive/non / / / / / / / / / / / / / /
executive
director –
independent
under TUF /
and/or
Code/non
independent
-------------------------------- ANY MEMBERS WHO ARE NOT DIRECTORS --------------------------------
Issuer's Last name
Manager/ Other First name

NOTES

(*) This column specifies the attendance of directors at committee meetings (specify the number of meetings attended out of the total number

of meetings the director could have attended; e.g. 6/8; 8/8 etc.).

(**) This column specifies the title of the director within the Committee: "C": chairperson; "M": member.

(§) Not in possession of management powers.

Board of Statutory Auditors
Position Members Year of birth Date of firstappointment(*) In officefrom In office until List(M/m)(**) Independent Code Attendance atthe Boardmeetings(***) No. other offices(****)
Chairman Stefano Fiorini July 15,1969 May 15,2020 April 27,2023 until the approval of thefinancial statements atDecember 31, 2025 m x 13/13 23
StandingAuditor Paolo Grecco May 10,1958 May 15,2020 April 27,2023 until the approval of thefinancial statements atDecember 31, 2025 M x 13/13 7
StandingAuditor Daniela Delfrate August 12,1965 August 4,2021 April 27,2023 until the approval of thefinancial statements atDecember 31, 2025 M x 13/13 11
AlternateAuditor Allegra Piccini April 12,1975 April 27,2023 April 27,2023 until the approval of thefinancial statements atDecember 31, 2025 M x N/A 0
AlternateAuditor Alberto Trabucchi October 20,1970 April 22,2024 April 22,2024 until the approval of thefinancial statements atDecember 31, 2025 M x N/A 1
-----------------STATUTORY AUDITORS NO LONGER IN OFFICE DURING THE YEAR -----------------
/ / / / / / / / / /

TABLE 4: STRUCTURE OF THE BOARD OF STATUTORY AUDITORS AT THE END OF THE YEAR

Specify the number of meetings held during the Year:

Specify the quorum required for submitting lists by minority shareholders for electing one or more members (under Article 148 of the TUF):

NOTES

(*) Date of first appointment of each statutory auditor means the date on which the statutory auditor was appointed for the first time (ever) in the board of statutory auditors of the Issuer.

(***) This column specifies whether the list from which each statutory auditor was drawn is "majority" (indicating "M") or "minority" (indicating "m").

(***) This column specifies the attendance of statutory auditors at Board of Statutory Auditors meetings (specify the number of meetings attended out of the total number of meetings the auditor could have attended; e.g. 6/8; 8/8 etc.).

(****) This column specifies the number of offices of director or statutory auditor that are held by a person referred to in Article 148-bis of the TUF and the relevant implementing provisions set forth in the CONSOB Issuers' Regulation. The complete list of offices is published by CONSOB on its website pursuant to Art. 144-quinquiesdecies of the CONSOB Issuers' Regulation.

More from CY4GATE S.p.A.

Regulatory Filings 2026
Jun 4
Regulatory Filings 2026
Jun 4
Report Publication Announcement 2026
May 20
Report Publication Announcement 2026
May 20
AGM Information 2026
May 20
Declaration of Voting Results & Voting Rights Announcements 2026
May 20
Investor Presentation 2026
May 19
Interim / Quarterly Report 2026
May 15
Interim / Quarterly Report 2026
May 15
Investor Presentation 2026
May 15
View all filings →