KAFEİN YAZILIM HİZMETLERİ TİCARET A.Ş.

Management Reports • Aug 19, 2025

KAFEİN YAZILIM HIZMETLERI TICARET A.S.

ACTIVITY REPORT 30.06.2025

I.	GENERAL INFORMATION 2
a)	About Kafein 2
b)	Reporting Period 3
c)	Registry Information 3
d)	Area of Activity 4
e)	Capital and Partnership Structure 9
f)	Preferred Shares and Explanations for the Voting Rights of Such Shares 9
II.	INFORMATION ABOUT THE BOARD OF DIRECTORS AND SENIOR MANAGEMENT 10
a)	Board of Directors' Structure and Resumes 10
b)	Resumes 12
c)	Senior Management and Personnel 14
d)	Organization Chart 15
III.	INFORMATION ABOUT THE OPERATIONS 15
a)	Information about the Share Buy-Back 15
b)	Information about Private and Public Audits 15
c)	Donations and Grants 16
d)	Information about the Group Involving the Company 16
e)	Information about the Affiliates and Subsidiaries 16
f)	Amendments to the Articles of Association within the Period 17
g)	Information about the On-going Legal Procedures 18
IV.	FINANCIAL INFORMATION18
a)	Summary of Financial Results 18
b)	Information about Dividends 19
V.	RISKS AND ASSESMENT BY THE BOARD OF DIRECTORS21
VI.	DEVELOPMENTS WITHIN AND FOLLOWING THE PERIOD 24
VII.	MISCELLANEOUS 30

I. GENERAL INFORMATION

a) About Kafein

Kafein Yazılım Hizmetleri Ticaret A.Ş. was established in 2005 to develop software solutions. The company provides services to its customers, primarily with Managed Services, Cyber Security, Product/License Sales and Integrations, Customer-Specific Software Solutions, Outsourcing, as well as software products developed by itself. Kafein has always maintained its growth since establishment and improved competencies every year. Kafein continues operations in strict conformance with quality standards and methodologies. Among the institutions that benefit from the services by Kafein, there are the biggest telecommunication companies, insurance companies, banks, retail, and manufacturing companies of Turkey.

VISION

As Kafein Technology, we aim to be among the leading software companies that meet the needs and expectations in the sector that transform the creativity of employees into customer satisfaction, act on a risk-based basis, and have international competitiveness by adopting an effective and constantly renewing quality management system with professional, self-confident, businessconscious personnel and transparent organizational structure.

MISSION

With our high-tech software and R&D studies, we aim to offer products and solutions that reduce error rates and increase business efficiency in various sectors such as telecom, transportation, finance, retail and service.

VALUES AND PRINCIPLES

• ⋅ Working with a focus on customer satisfaction
• ⋅ Keeping customer satisfaction at the highest level by using time effectively and efficiently
• ⋅ In addition to meeting expectations, always doing the best by exceeding expectations
• ⋅ Working in a team mentality
• ⋅ To be responsible to society, respectful to moral and national values while producing
• ⋅ To perform all our activities by adhering to the principles of confidentiality and trust

⋅ Ensuring that employees receive training enables them to develop themselves and increase their self-confidence.

• ⋅ Always ready and open to change and continuous improvement.
• ⋅ Continually improving and improving our performance for excellence

b) Reporting Period

This report covers the information of the period between 01.01.2025 and 30.06.2025.

c) Registry Information

Trade Name	Kafein Yazılım Hizmetleri Ticaret Anonim Şirketi
Date of Establishment	26.08.2005 - Istanbul, TURKEY
Paid Capital	TRY 19,750,000
Authorized Capital	TRY 200,000,000 (Two Hundred Million Turkish Lira)
Trade Registration No.	ISTANBUL - 563336
Tax Office and Number	ESENLER - 487 051 8539
Address1	Head Office: Çifte Havuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Mrk. A2 Blok No:151/1B İç Kapı No: B01 Esenler İstanbul Istanbul Specialized Free Zone Branch: Yeşilköy SB Mah. İSBİ Plaza Sok. ISBI Plaza No 1 İç Kapı No 909 Bakırköy İstanbul Ankara Branch: Aşağı Öveçler, 1309. Sk. No:5 D:6 06460 Çankaya/Ankara
Telephone / Fax	0212 924 20 30 / 0212 483 70 27
Website	www.kafein.com.tr
Area of Activity	Software Development
NACE Code	62.01.01 (Computer Programming Activities)

¹ The company's branch titled "Kafein Yazılım Hizmetleri Ticaret Anonim Şirketi Düzce Şubesi" was closed on 03.02.2025 and the said closure was published in the Turkish Trade Registry Gazette dated 12.02.2025 and numbered 11270.

d) Area of Activity

Kafein Yazilim Hizmetleri Ticaret A.S. is engaged in software services. The fields of activity of the Company can be analyzed under the following items:

• 1. Managed Services
• 2. Turnkey Solutions
• 3. Outsourcing Services
• 4. License / Product Sales and Integration
• 5. Cyber Security and Cloud Solutions
• 6. Product Development and R&D

Kafein carries out all the operational processes according to the ISO 9001 quality management system and offers services in compliance with these processes. Detailed information on the company services can be found at www.kafein.com.tr/services

1. Managed Services

Managed service is the management of a part of the IT system of a company on behalf of a client and rendering it as a service. All or a part of software development, analysis, test, and operation services can be considered as managed services. Managed services also include personnel supply, employment, and management. The difference between personnel supply under managed services and standard employment is as follows:

Outsourcing	Managed Services
Personnel selection is made by the client.	Personnel selection is made by the supplier company.
Performance review is made by the client.	Performance review is made by the supplier company.
The number of personnel is defined by the client.	The number of personnel is defined mutually. The goal is to render services.
A mixed team is established for the same purpose and goal.	The team consists of a single company.
Funds of knowledge is transmitted in a limited way.	Funds of knowledge is created within the company.
Payment is made according to the days of work by personnel.	Payment is made according to the rendered service.

Kafein offers managed services and assigns a team for software development, analysis, test, and operation in accordance with a Service Level Agreement (SLA) to be concluded with the client. The

quality of these services is measured by the comparison of key performance indicators mutually defined by the parties.

This approach attributes the cost of work and personnel to Kafein. Therefore, it serves not only as an approach to reducing management costs but also as a competitive element that improves performance and efficiency.

Thanks to the knowledge and experience acquired with managed services, Kafein has become one of the key suppliers according to the clients. This ensures longer terms of business and agreements for Kafein.

2. Customer-Specific Software Solutions

Kafein offers turnkey solutions tailored for the needs of clients. These solutions are implemented by a project team specially established for the purpose. With turnkey solutions, software development and integration requests are completed and offered for use within a particular time as defined by clients. These activities are performed with a certain discipline and method by a special team. With these projects, Kafein offers software developed by the Company or business partners to the clients of telecommunication, service, insurance, and transportation industries, in particular.

In this sense, Kafein implements the project management methodologies that are accepted as the industrial standards. These methodologies are identified with the consideration of the complexity and size of projects, the profile and structure of clients, and the parameters to be regarded for the project team. Similarly, project managers use various management tools throughout the projects.

In general, a project management process consists of the following stages:

• Identification and analysis of client needs Scope Analysis
• System analysis and design
• Solution development, adaptation, or integration
• Tests
• Commissioning
• Formation and maintenance of operation and maintenance processes
• Project closing, lessons learned and process evaluation.
• Observation process

3. Outsourcing Services

Kafein employs and assigns personnel according to the knowledge and experience levels required by clients. The personnel assigned to render services are selected by clients from among the proposed candidates. In this service, the client is the party responsible for the management of a dedicated Kafein team and also undertakes the risk for the quality and completion of works.

4. Licence / Product Sales and Integration

Kafein has been engaged in license sales in Turkey as the business partner of many international software and technology companies. Having initiated license sales in Turkey by collaborating with the leading companies of the relevant industries, the Company expands its operations to abroad. As of the period, our company has a total of more than +50 partners with which it cooperates at home and abroad. You can reach all our business partners at www.kafein.com.tr/home/workpartners

Robotic Process Automation: Robotic Process Automation is the repeatable handling of the systematic processes and operations carried out by the employees through the software robot and the automatic realization of the learning method. Various technical inquiries or calculations, records and transactions are repeated by simulating an employee's behaviour. Robotic Process Automation improves service quality by eliminating errors in operations and saves considerable time and cost for manual and repetitive tasks.

End to End Solution to Protection of Personal Data: It enables organizations to discover sensitive data, to configure them correctly, to process them effectively and to store them in compliance with the provisions of the Personal Data Protection Law (KVKK) and General Data Protection Regulation (GDPR) and in accordance with legal requirements.

5. Cyber Security and Cloud Solutions

Cyber Security can be defined as aggregated methods, Technologies and processes that help to protect the privacy, integrity and availability of digital assets, networks and data against cyberattacks or unauthorized access. The main purpose of cyber security is to protect all corporate assets from both external and internal threats and disruptions caused by natural disasters.

AllinCyber, the brand of Kafein Technology for cyber security solutions, is cyber security consulting firm that offers an end-to-end solution partnership in risk-operation and cost management of institutions, which integrates human, process and technology concepts against cyber-attacks by increasing the information security levels of institutions with its cyber security solutions. The longterm goals of the department are to provide cyber security services in the Turkic Republics, especially in Azerbaijan, to produce domestic and national cyber security products, to establish an academy and train talented young people in this field to position them in customer locations, and to be one of the competent Cyber Security Integrators in Turkey. The AllinCyber brand can be accessed by the following link: www.allincyber.com The services provided are as follows:

• Advanced Persistent Threat (APT) and Malware Analysis
• Managed Endpoint Monitoring and Forensic Analysis
• E-Mail Security and Management
• Security Verification
• Protection, Detection and Response in the Entire Chain of Attack

• Cyber Threat Intelligence Integration

Established as a result of Kafein Technology's strategic partnership with Google Cloud, AllinCloud makes cloud technologies accessible and offers innovative cloud technologies to support customers' growth, innovation and digital transformation processes. You can reach our Kafein AllinCloud brand at www.allincloud.com.tr website.

6. Product Development & R&D

Kafein Software centre is located in Yıldız Technical University Davutpaşa Campus Technology Development Zone. Accordingly, the company is subject to the Technology Development Zones Law No. 4691 and Law No. 5746 on the Support of Research and Development Activities, which provides support, discounts and incentives. YTU Technopark Office has an operating capacity of 2670 m².

A total of 6 R&D Projects that Kafein Technology has developed so far, were found worthy of support by TÜBİTAK (Scientific and Technological Research Council of Turkey) as a result of the evaluations made within the scope of the "Regulation on Technology and Innovation Support Programs of the Scientific and Technological Research Council of Turkey" and "TÜBİTAK Priority Areas Research Technology Development and Innovation Projects Support Program Implementation Principles". Among 2 of these projects which are being developed with domestic and international consortium partners, the "5G4PHealth Artificial Intelligence and 5G Supported Personalized Digital Health Passport" project has been awarded with the "Full Label" and "E-Health Services with Digital Biomarker Ecosystem: BioCurity Project" has been labelled under the Xecs call 1 by Eureka.

Kafein Group Products:

Kafein Software stands out with its innovative and original products developed in the field of information technologies, especially data security, test data management and API security. In order to make its customers' software infrastructure more secure, efficient and sustainable, the company both offers its own product portfolio and develops integrated solutions by adapting these products to the specific needs of its customers. These products offered by Kafein Software, provide added value to its customers in many areas such as compliance with regulations, operational efficiency, data integrity and digital security. In this way, the company not only provides software development services, but also is positioned as a strategic solution partner in the digital transformation processes of its customers with its sectoral knowledge and technology competence.

DataTouch (Data Lineage Software): DataTouch is a Data Security and Governance Product and a new generation data lineage software that helps determine the purposes of use, frequency of use and users of the detected data. The product is listed on the global product catalogue of the international software provider Opentext and American-based technology company Infocorvus LLC.

DataFocus (Data Governance): DataFocus is a new Data Governance product that is equipped with features such as data quality management, access controls, compliance management, central management panel and business glossary, making companies' data management more secure, organised and efficient. The MVP (Minimum Viable Product) version, representing the initial iteration of DataFocus, was released during this period.

Test Data Management (TDM): The TDM product developed by Kafein is used in corporate companies to generate test data. Digitization and increasing application need led to an increase in test data production needs. It is possible to produce test data independent of real data and fully compliant with regulations, with the Test Data Management (TDM) product, which imitates real data of institutions and creates data sets. The product is listed on the global product catalogue of the international software provider Opentext and American-based technology company Infocorvus LLC. Additionally, TDM is certified with the "Domestic Goods Certificate" by the Istanbul Chamber of Industry (ISO) with their 100% local content and high technology level classification.

APIFORT (API Security): APIFORT Security Solution addresses user and application access control more effectively with an approach focused on advanced threat detection and prevention. Our solution is designed to secure sensitive information over API traffic. API logs and monitoring mechanisms provide a detailed view to detect and respond to potential security threats. It offers a technical solution to complex security needs with the advantages of quickly adapting to security standards and optimizing security without the need for encryption.

On 16.05.2025, APIFORT, the API (Application Programming Interface) Security Solution developed by the company, was officially launched in cooperation with a leading telecommunications operator, one of Turkey's prominent players in communication technologies. During the launch event, detailed information was shared regarding the product's scope, technical capabilities, and areas of use. Additionally, the product was deployed in a live customer environment for the first time, marking the start of its operational use.

APIFORT, equipped with advanced features such as API Discovery, Intrusion Detection, Sensitive Data Classification, and Data Masking, is a cybersecurity solution that enables organizations to monitor their API infrastructures end-to-end, detect potential vulnerabilities in real time, manage risks proactively, and safeguard sensitive information transmitted via API traffic.

DataSkope & InfraSkope (Database Activity Monitoring and Prevention): DataSkope and InfraSkope products developed by our 70% Subsidiary Karmasis Bilişim Çözümleri Ticaret A.Ş are cyber security solutions. Dataskope is a Database Activity Monitoring (DAM) solution developed to ensure the data security of institutions. It monitors database activities in real-time, identifies threats to the database, and instantly reports suspicious activities. Dataskope plays a critical role in recording transactions in the database, detecting data breaches, and ensuring audit compliance. Infraskope SIEM+ (Security Information and Event Management Plus) is an advanced security information and event management solution designed for organizations to detect, analyze and respond to cyber security incidents. Infraskope SIEM+ collects and analyzes large amounts of log

and event data in real-time and detects cyber threats instantly. It helps organizations minimize cybersecurity risks through threat intelligence, compliance reporting, and advanced correlation capabilities.

DataSkope is listed on the global product catalogue of the international software provider Opentext and American-based technology company Infocorvus LLC. InfraSkope is listed on the global product catalogue of the Infocorvus LLC. DataSkope Brand was registered by the Turkish Patent and Trademark Office on 05/10/2018 for a period of 10 years from 11/05/2018. DataSkope also has the "Domestic Goods Certificate". InfraSkope, Brand was registered by the Turkish Patent and Trademark Office on 02/06/2006 for a period of 10 years from 02/06/2016. InfraSkope also has the "TR Test National SIEM Certificate" and the "Domestic Goods Certificate".

e) Capital and Partnership Structure

The issued capital of Kafein Yazilim Hizmetleri Ticaret A.S. consists of 19,750,000 shares with TRY 1,00 as the nominal value of each share.

Shareholder	Group A	Group B	Group C	Total Capital	Capital	Voting
				Amount (TRY)	Share (%)	Right (%)
Ali Cem Kalyoncu	183,333	183,333	4,598,362	4,965,028	25.14	40.58
Publicly Held / Other			14,784,972	14,784,972	74.86	59.42
TOTAL	183,333	183,333	19,383,334	19,750,000	100.00	100.00

By the 30.06.2025, the distribution of the issued capital of Kafein among the partners is as follows:

f) Preferred Shares and Explanations for the Voting Rights of Such Shares

As specified under article 7 of the Articles of Association, the shares of the Company are classified under three groups as Group (A), (B) and (C) shares. Group (A) and (B) shares are registered shares and represent the special rights and privileges defined in the Articles of Association. Group (C) shares are bearer shares and are not furnished with special rights and privileges.

Nomination: According to article 9 of the Articles of Association, 2 members are to be elected from among the Group A shareholders, or the persons assigned by them while 1 member is to be elected among the Group B shareholders or the person assigned by them in case the Board of Directors consists of 6 or 7 members. Similarly, 3 members are to be elected from among the Group A shareholders, or the persons assigned by them, while 1 member is to be elected from among the Group B shareholders or the person assigned by them in case the Board of Directors consists of 8 members.

One among the Group A shareholders or a person assigned by them takes office as the Chairman of the Board while one among the Group B shareholders or a person assigned by them serves as the Vice Chairman of the Board.

Voting Rights: As specified in article 15 of the Articles of Association, each and every Group A and B shareholder has 15 (fifteen) voting rights except for board member elections while each and every Group C shareholder has 1 (one) voting right in the ordinary and extraordinary general assembly meetings.

The shareholders may decide to assign an attorney to represent them in General Assembly meetings. The attorneys who are also the shareholders of the Company can vote for the shares of the represented shareholders as well as for their own shares. The Capital Markets Regulation shall apply for the voting and proxy voting procedures.

Minority Rights: Within the framework of Article 15 of the Company's Articles of Association, secret and written voting may be applied upon the request of the shareholders who represent shares equal to at least one-tenth (10%) of the capital. Article 411 of the Turkish Commercial Code grants the "Minority Right" to the shareholder(s) who own at least 5% (1/20) of the issued capital in public companies.

Share Transfer: The transfer of the Group A and B registered shares is subject to the approval of the Board of Directors, and the provisions of the article 493 of Turkish Code of Commerce shall apply thereto. On the other hand, Group C bearer shares can be transferred freely without any restriction. The articles of association are available at company website under the Investor Relations menu.

II.INFORMATION ABOUT THE BOARD OF DIRECTORS AND SENIOR MANAGEMENT

a) Board of Directors' Structure and Resumes

According to the company's Article of Association article 9, in order to enable efficient and constructive activities, fast and rational decisions, establishment of committees and efficient organization of activities, the Board of Directors of the Company is assigned by the general assembly to consist of 6 to 8 members. Members of the Board of Directors can be elected to take office for three years. A member with an expired term of office may be re-elected as long as he/she is not dismissed.

In case the number of members of the Board of Directors consists of 6 or 7 people; 2 members are selected among the A group shareholders or the candidates they will appoint; 1 member is selected among the B group shareholders or the candidates they will appoint. If the number of members of the Board of Directors consists of 8 people, 3 members are selected among the A group shareholders or the candidates they will nominate; 1 member is selected among the B group shareholders or the candidates they will appoint. The number and qualifications of the independent members who will take place in the Board of Directors are determined according to the regulations of the Capital Markets Board regarding Corporate Governance.

A person selected from among the Group A shareholders or the candidates they will nominate serves as the Chairman of the Board of Directors. A person selected from among the B Group shareholders or the candidates they will nominate shall serve as the Deputy Chairman of the Board of Directors.

The Board of Directors manages and represents the company. The independent members of the board of directors reserve the duties, rights and authorities assigned by the Capital Markets Law and the relevant regulation. The Board of Directors is liable to establish the committees and commissions prescribed by the regulation. Apart from this, the Board of Directors may also create committees and commissions for the management and supervision of the decisions and policies regarding the activities. The regulations of the Capital Markets Law apply for such committees.

The meeting of the Board of Directors is held when it becomes necessary due to the activities and procedures of the Company. The meeting and quorum articles and provisions of the Turkish Code of Commerce apply for the meetings. On the other hand, the regulations by the Capital Markets Law and Capital Markets Board are reserved.

All executive bodies of the Company perform their duties within the hierarchy in the Internal Directive, provided that they do not contradict the law and relevant legislation, the mandatory provisions in the Company's articles of association and the indispensable duties and powers of the General Assembly. The company's articles of association are taken as basis in determining the structure and term of the Board of Directors. In accordance with the working principles of the Board of Directors, the utmost care is taken to provide information and documents to the members at least 1 (one) day before the meeting.

The Board member allocates sufficient time for company affairs. If a member of the Board of Directors is a manager or a member of the board of directors in another company or provides consultancy services to another company, it is essential that this situation does not cause a conflict of interest and does not disrupt the member's duty in the company. In this context, the member's ability to take on other duties or tasks outside the company is limited to a maximum of 5 (five) companies outside the company. The duties of a member of the board of directors outside the company and the reasons therefor are presented to the information of the shareholders, together with the agenda item regarding the election, at the general assembly meeting where the election is discussed, making a distinction between inside and outside the group.

BOARD OF DIRECTORS
Full Name	Role	Date of Election	Due Date	Executive or Not	Current External Assignments
Ali Cem Kalyoncu	Board Chairman		16.12.2011 01.04.2027	Executive	Netsite Iletisim ve Elektronik Sistemleri San. ve Tic. A.S. Managing Partner and Vice Chairman Karmasis Bilisim Cozumleri Tic. A.S. Board Chairman

Neval Onen	Vice Chairwoman	10.04.2013	01.04.2027	Executive	Karmasis Bilisim Cozumleri Tic. A.S. Board Member
Hatice Sevim Oral	Board Member	10.04.2013	01.04.2027	Executive	-
Kenan Subekci	Board Member	02.01.2012	01.04.2027	Non Executive	Birlik Insaat Otomotiv ve Bilisim Hizm. Controlling Shareholder, Mayor of Düzce Gümüşova Municipality
Murat Kaan Güneri	Independent Board Member	01.03.2024	01.04.2027	Non Executive	AltoPartners C.V. Turkey Managing Partnership, MKG ve Ortakları İnsan Kaynakları Danışmanlığı Hizmetleri A.Ş. Chairman of the Board, Member of the Audit Board of İstanbul Golf İhtisas Spor Kulübü İktisadi İşletmesi
Murat Ethem Sümer	Independent Board Member	23.08.2022	01.04.2027	Non Executive	Escar Filo Kiralama Hizmetleri A.Ş. Board Member, Varmı Arttıran Digital Platform Teknolojileri A.Ş. Board Member, NDA Sigorta Aracılık Hizmetleri A.Ş. Board Member

b) Resumes

Ali Cem Kalyoncu (Board Chairman - Director General)

Ali Cem Kalyoncu was born in 1960 and is an alumnus of the Electronics Engineering department, Istanbul Technical University. Later, he got his master's degree from the Autocontrol and Computers department Istanbul Technical University Institute of Science. As part of his professional career, he took office in Nixdorf A.S. as a Service Engineer, Digital Equipment Turkiye A.S. as Service Manager, and Datapro A.S. as a Director General and Managing Partner. Ali Cem Kalyoncu holds office as the Board Chairman and Director General of Kafein Yazilim Hizmetleri Ticaret A.S.

Neval Onen (Vice Chairwoman of the Board - Deputy General Manager of Corporate Management)

In 1989, Neval Onen started her professional career as a part-time sales representative in Danisman Bilgisayar. Later, she also served as an Administrative Affairs Officer under the same company. In 1994, she was employed by 4K Bilgi Islem as a Sales Representative where, in 1997, she held office in the Oem Department as the Sales Manager. In 2000, she started to serve as the IT Sales Manager in Genpa. Subsequently, she started to work under the project sales department of Datapro A.S. in 2002. In 2003, she was assigned by Datapro as the Sales and Customer Services Manager responsible for the relations with IBM, Fujitsu Siemens, Kodak, Oki, Epso and HP companies. She holds office under Kafein Yazilim Hizmetleri Ticaret A.S. since 2008 and currently serves as the Vice Chairwoman of

Board and Deputy General Manager of Corporate Managementof the Company.

Hatice Sevim Oral (Board Member - Accounting Manager)

Hatice Sevim Oral was born on 22.12.1964, in Malatya. She graduated from Malatya Trade Vocational School in 1981, School of Economics and Administrative Sciences of Inonu University in 1982 and Business Administration Department (Open Education Faculty) of Anadolu University in 2019. She served as a Chief Accountant under Onur air - TK Air between 1992 and 1994; Financial Affairs Manager under Akdeniz Airlines between 1995 and 1996; Internal Auditor under Cenajans Grey Reklamcilik A.S. between 1997 and 1999; Specialist Accountant under the Banks Association of Turkey between 1999 and 2002; and Assistant Accounting Manager under Datapro A.S. Between 2005 and 2008. Since 2008, she has held office as the Accounting Manager of Kafein Yazilim Hizmetleri Ticaret A.S.

Kenan Subekci (Board Member)

Kenan Subekci was born in 1979. Subekci graduated from the Department of Electronics of Abant Izzet Baysal University and the Department of Labour Economics and Industrial Relations of Anadolu University. He took office as a Broad Service Officer at Datapro A.S., as a Team Leader and Project Officer at Probil A.S., as IT, Administrative Affairs and Procurement Manager and Board Member at Kafein Yazılım Hizm. Tic. A.Ş. He is the Mayor of Düzce Gümüşova Municipality since 01.04.2024.

Murat Ethem Sümer (Independent Board Member)

He was born in 1964 in Ankara. He graduated from Galatasaray High School in 1984 and from Marmara University, Business Administration Department in 1989. After graduating from university, he worked in the tourism sector and Cankurtaran Holding for a while. In 1992, He started to work as a Financial Analyst in the Digital Equipment Turkey A.S. and participated in the International Education Program, equivalent to an MBA, at the Digital Management Institute between 1995-1998 during his tenure. After working at the head office in England for one year, he worked as the Turkey Country Finance and Administrative Affairs Manager of the same company. He continued his career as CFO at Vestel Companies Group Information Technologies department, Universal Music Group Turkey and T-Systems Turkey, respectively. After working as Business Operation Lead in Microsoft Turkey C&O unit, he worked as CFO at Escar Filo Kiralama Hizmetleri A.S. between 2010-2025. He is fluent in English and French.

Murat Kaan Güneri (Independent Board Member)

Murat Kaan Guneri earned his BSc in Psychology, Bogazici University, Istanbul. He started his early career in Iktisat Bank and continued at Digital Equipment Corporation (DEC) where he held responsibility for the Human Resources and Organization Country Manager position as well as that for the Quality Management function. Since 1996, he has been the founding partner of three different consultancy companies in the field of human resources in Turkey and has worked actively. He is

currently the country managing partner of AltoPartners C.V. consultancy firm, the Chairman of the Board of MKG ve Ortakları İnsan Kaynakları Danışmanlığı Hizmetleri A.Ş., and Member of the Audit Committee at İstanbul Golf İhtisas Spor Kulübü İktisadi İşletmesi.

c) Senior Management and Personnel

The senior management of the Company consists of the Chairman of the Board, Board members and other managers acting as directors general. Benefits provided to senior managers include wages and bonuses.

Senior Management	Title
Ali Cem Kalyoncu	Chairman of the Board; General Manager
Neval Onen	Vice Chairwoman of the Board, HR and Administrative Affairs Director
Kenan Subekci	Member of the Board
Hatice Sevim Oral	Member of the Board, Accounting Manager
Murat Ethem Sümer	Independent Board Member
Murat Kaan Güneri	Independent Board Member
Ozlem Tibet	Sales Director
Tugrul Gokcen	Sales Director
Baki Akturk	Sales Director

For the period ending on 30.06.2025, the total amount of the attendance fee and similar other benefits granted to the board chairman, board members and senior management is TRY 21,098,192. (30.06.2024: TRY 8,381,133). In the current period, the company's average number of employees working during the year is 732. (December 31, 2024: 738)

d) Organization Chart

III. INFORMATION ABOUT THE OPERATIONS

a) Information about the Share Buy-Back

There are no buy-backed shares acquired during the period. All of the 166,600 shares acquired within the scope of the previous period share acquisition program implemented by the Company in 2022-2023 are accounted for under "restricted reserves allocated from profit".

b) Information about Private and Public Audits

The internal control system and internal audit activities of the Company is regularly checked and carried out by Finans Denetim Yeminli Mali Musavirlik A.S. The Audit and Certification Agreement was signed on 15.01.2025 between the company and Finans Denetim Yeminli Mali Musavirlik A.S. to remain in force between 01.01.2025 and 31.12.2025. The purpose of the contract is to carry out the audit and certification of annual income and corporate tax returns and the financial statements and notifications attached to them, as well as other works, in accordance with Law No. 3568 and other relevant laws and legislation.

By taking into account the opinion of the Audit Committee at the meeting dated 07.04.2025 and numbered 09, the Board of Directors has been resolved to appoint "PwC Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik Anonim Şirketi" for these duties. The company operates at the address "Kılıçali Paşa Mah. Meclis-i Mebusan Cad. N8 İç Kapı No 301 Beyoğlu/Istanbul," is

registered with the Istanbul Trade Registry Office under Trade Registry Number 201465, holds a corporate tax registration under the Boğaziçi Corporate Tax Office with Tax Identification Number 1460022405, and has the MERSIS Number 0-1460-0224-0500015 to ensure compliance with the provisions stipulated under the Turkish Commercial Code No. 6102 and the Capital Markets Law No. 6362, it has been decided to appoint an auditor to review the Company's financial reports for the 2025 fiscal year and to perform other ancillary activities as outlined by the relevant laws and regulations and to satisfy the requirement of conducting mandatory sustainability assurance audits for the financial years of 2024 and 2025—particularly in line with the decision published in the Official Gazette dated 05 September 2024, numbered 32653, and within the framework of Turkish Sustainability Reporting Standards set forth by the Public Oversight, Accounting and Auditing Standards Authority (KGK). This appointment will be presented for the General Assembly approval dated 12.05.2025. The relevant proposal was adopted at the 2024 Ordinary General Assembly dated 12.05.2025. The decision of the General Assembly dated 12.05.2025 regarding the election of "PwC Bağımsız Denetim ve Serbest Muhasebeci Mali Müşavirlik Anonim Şirketi" as an independent audit firm to audit the financial reports and to provide mandatory sustainability assurance audits for the fiscal year of 2025 is registered by the Istanbul Trade Registry Office on 15.05.2025 and published in the Turkish Trade Registry Gazette No. 11332.

c) Donations and Grants

With the decision of the Board of Directors dated 02.01.2025 and numbered 01, a donation of 15,000 TL was made to the Turkish Education Foundation (TEV) within the scope of the Company's Donation and Aid Policy. With the decision of the Board of Directors dated 19.02.2025 and numbered 04, a donation of 105,000 TL was made to the Turkish Foundation for Combating Erosion, Reforestation and Protection of Natural Habitats (TEMA) within the scope of the Company's Donation and Aid Policy. Thus, the total amount of donations made during the year reached 120,000 TL.

The upper limit of 250,000 TRY for the amount of donations and aid for 2025 was approved at the 2024 ordinary general assembly dated 12.05.2025.

d) Information about the Group Involving the Company

The Company is not a part of an association of companies.

e) Information about the Affiliates and Subsidiaries

The company does not have a cross-shareholding relationship in which the direct participation rate in the capital exceeds 5%. Other affiliates' information is as follows:

⋅ Karmasis Bilisim Cozumleri Ticaret A.S (%70)

The main activity of Karmasis Bilişim Çözümleri Ticaret A.Ş., which was established in 2003, is to produce information processing software, to sell the usage rights as the owner of this software, to carry out training activities on information processing and software, and to provide consultancy services on these issues if necessary. On 12 November 2020, Kafein Technology purchased %51 of Karmasis for a price of 45.390.000 TRY and include it into the scope of consolidation with a full consolidation method starting by the financial statements of the period ending as of 31 October 2020. The subsidiary is consolidated according to the full consolidation method.

By the decision of the Company's Board of Directors dated 26.07.2024 and numbered 21, it has been decided to purchase 28,500 registered shares (1,000 TL per share value) of the company's %51 subsidiary Karmasis Bilişim Çözümleri Ticaret Anonim Şirketi which corresponds to 19% of its total 150,000,000 TL capital, for a total price of 144,400,000 TL and to be paid 31.07.2024. Thus, the total capital ratio reached 70%.

⋅ APIFORT Yazılım ve Güvenlik Sistemleri Anonim Şirketi (%51)

Within the framework of the company's medium and long-term investment plans and as a result of the Board of Directors meeting dated 10.06.2024 and numbered 17, it has been decided to become a founding partner by participating in "APIFORT Yazılım ve Güvenlik Çözümleri Anonim Şirketi" by having 204,000 shares with TRY 1 (One Turkish Lira) value per share corresponding a capital of TRY 204,000.00 (%51) among the total of TRY 400,000.00. The subsidiary is located at "Çifte Havuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Merkezi. A1 Blok No 151/1C İç Kapı No B34" as a taxpayer of Esenler Tax Office with tax identification number 0711015082 and operates in the field of cyber security. The aforementioned incorporation is registered by the Istanbul Trade Registry Office on 03.07.2024 and published in the Trade Registry Gazette numbered 11114.

f) Amendments to the Articles of Association within the Period

At the Board of Directors meeting of the Company held on 27.06.2025 under decision number 18 2 , it has been decided to increase the company's fully paid-up capital of TRY 19,750,000 by 900%, raising it to TRY 197,500,000 within the registered capital ceiling of TRY 200,000,000, by adding TRY 177,750,000; to cover the entire increased capital of TRY 177,750,000 using the internal resources available in the Company's "Stock Issue Premiums" account, as determined by the reports dated 19.03.2025 and numbered 2881/1197/2025-ÖA-16 and 2881/1198/2025-ÖA-17, prepared by Finans Denetim Danışmanlık ve Yeminli Mali Müşavirlik A.Ş.; to allocate the increased capital of TRY 177,750,000 into three distinct groups: TRY 1,649,997 corresponding to 1,649,997 units as registered Class A preferred shares, TRY 1,649,997 corresponding to 1,649,997 units as registered

² The first Board of Directors Decision taken regarding the application was the decision numbered 11 dated 07.04.2025, and in line with the CMB's feedback, the relevant amendment text was revised with the Board of Directors Decision numbered 18 dated 27.06.2025.

Group B preferred shares, and TRY 174,450,006 corresponding to 174,450,006 units as bearer Group C shares. The subject-increasing amount will be distributed to the Company's shareholders as bonus shares proportional to their stakes. In line with these decisions, an application was submitted to the Capital Markets Board on 07.04.2025 requesting the approval of the Issuance Certificate and seeking authorization to amend Article 7 of the Company's Articles of Association, titled "Capital of the Company," facilitating compliance with the Board's resolution.

The said application has been approved by the Capital Markets Board (CMB) at its meeting dated 31.07.2025 and numbered 43/1357. This approval was published in the Capital Markets Board Bulletin dated 31.07.2025 and numbered 2025/42, and the official confirmation letter, dated 01.08.2025 and numbered E-29833736-105.01.01.01-76049, was received by the Company on 04.08.202. Followingly, the said application was approved by the Republic of Türkiye Ministry of Trade through its letter dated 11.08.2025 and numbered E-50035491-431.02-00112311808 and was received by us on 13.08.2025. The commencement date for the exercise of the right to receive bonus shares has been determined as 14.08.2025.

g) Information about the On-going Legal Procedures

There is no significant lawsuit filed against the Company that could affect its financial condition and activities.

IV. FINANCIAL INFORMATION

a) Summary of Financial Results

Summary data regarding Kafein's financial results as of 30.06.2025 are as follows.

Summary of Balance Sheet (TRY)	30.06.2025	31.12.2024
Total Assets	1,483,002,407	1,711,098,159
Current Assets	788,939,413	1,070,139,315
-Cash and Cash Equivalents	50,199,339	261,073,348
-Financial Investment	166,488,116	100,380,392
-Trade Receivables	379,139,630	490,207,584
Non - Current Assets	694,062,994	640,958,844
-Financial Investment	21,351,824	22,335,113
-Tangible Fixed Assets	120,846,021	88,414,799
-Intangible Fixed Assets	469,534,398	449,960,090

Short- and Long-Term Liabilities	413,105,319	539,329,608
-Short-Term Liabilities	379,343,069	510,295,093
-Long-Term Liabilities	33,762,250	29,034,515
Equities	1,069,897,088	1,171,768,551
-Equity Attributable to Parent Company	1,052,116,953	1,155,078,495
-Equity Attributable to Non-Controlling Shares	17,780,135	16,690,056
Total Liabilities	1,483,002,407	1,711,098,159

Summary of Income Statement (TRY)	30.06.2025	30.06.2024
Sales Revenue	999,013,788	881,083,239
COGS	(828,274,912)	(674,420,475)
Gross Profit	170,738,876	206,662,764
Operational Expenses	(201,555,785)	(145,891,962)
-General Administrative Expenses	(137,979,622)	(96,393,514)
-Marketing Expenses	(37,187,789)	(39,067,844)
-Research and Development Expenses	(42,884,793)	(22,541,348)
-Other Operating Income	57,017,111	42,745,477
-Other Operating Expense	(40,520,692)	(30,634,733)
Main Operation Profit	(30,816,909)	60,770,802
Income/Expense from Investment Activities	9,110,249	166,521,151
Operating Profit (Loss) before Financial Income/Expense	(21,706,660)	227,291,953
Financial Income / (Expense)	29,901,647	53,500,027
Net Monetary Position Gains (Losses)	(64,641,321)	(126,381,904)
Net Profit for the Period (Parent Company)	(67,604,705)	100,371,310

b) Information about Dividends

At the meeting of the Board of Directors dated 07.04.2025 and numbered 08, It has been decided to submit to the approval of the General Assembly the issue of distributing a total of TL 6,000,000.00 gross cash dividend from the net distributable period profit of TL 219,226,254.00 and TL 179,468,279.31 respectively, as of 31.12.2024 in the financial statements and legal records of the company prepared in accordance with the capital market legislation. At the meeting of our Company's General Assembly dated 12.05.2025, the proposal of the board of directors regarding profit distribution was accepted, and it was decided to distribute a cash dividend of 6,000,000- TRY (gross) and start the cash dividend distribution on 20.05.2025

After the deduction of the amounts which must be paid and reserved by the Company (such as the general expenses and sundry depreciation items), the amounts to be paid against compulsory taxes and, if any, the losses of the previous year, the remaining net profit of the revenues established at the end of a financial period is distributed as follows:

General Legal Reserves:

a) 5% is allocated as legal reserves.

First Dividend:

b) As per Turkish Code of Commerce and the Capital Markets Regulation and in accordance with the profit distribution policy of the Company, the first dividend is allocated on the amount to be calculated with the addition of the donation amount, if any, to the remaining balance. c) After the foregoing deductions, the General Assembly may agree to distribute the dividend to board members, partnership staff and other persons excluding shareholders.

Second Dividend:

d) After the deduction of the amounts specified under paragraphs (a), (b) and (c) herein, the General Assembly may decide to distribute, in part or as a whole, the remaining balance as the second dividend or, as per article 521 of Turkish Code of Commerce, to allocate as legal reserve.

General Legal Reserves:

e) After deducting 5% of the capital as dividend from the amount to be distributed to the shareholders and other participants of the profit, ten percent of the remaining balance is added to general legal reserves as per paragraph 2, article 519 of Turkish Code of Commerce.

Kafein Profit Distribution Policy

In accordance with the legislations, regulations and decisions issued under the Profit Distribution Policy, Turkish Code of Commerce, the Capital Markets Law and the Capital Markets Board and with the relevant provisions of Tax Procedure Law, Kafein Yazilim Hizmetleri Ticaret A.S. (Kafein) determines Corporate Governance applications in conformance with the strategies and financial plans of Kafein and in consideration of the Turkish economy and the sectorial conditions by paying regard to the sensitive balance between the expectations of the shareholders and the needs of Kafein.

The principles of profit distribution by Kafein are explained under article 17 of the Articles of Association titled "Dividend Distribution and Determination".

As a principle, Kafein determines the amount of the dividends to be distributed in accordance with the decisions of the General Assembly which are taken in compliance with the provisions of Turkish Code of Commerce and the relevant provisions of the Capital Markets Law and the Articles of Association and ensures that these are equal to or higher than the amounts prescribed by the Capital Markets Board.

Kafein conforms to the regulations by the Capital Markets Board according to the term of profit distribution. Dividend distribution begins on the date to be determined by the General Assembly, at the latest, until the end of the year in which the General Assembly meeting is held.

The regulations of the Capital Markets Board are complied with regarding the time of profit distribution. Dividend distribution begins on the date to be determined by the General Assembly, at the latest, until the end of the year in which the General Assembly meeting is held.

No privilege applies for the profit distribution by Kafein, and profit is distributed equally for all the shares.

Dividends can be distributed to the shareholders either as cash or as bonus share by adding the profit to the capital, or as cash and bonus shares at certain rates.

In case the Board of Directors proposes to the General Assembly that profit should not be distributed, the General Assembly informs the shareholders during meeting about the grounds of non-distribution and the mode of use of retained profit. Similarly, such information is also shared with the public by publishing it on activity reports and the website.

The Company's Articles of Association includes the issue of dividend advance distribution, and the Board of Directors can distribute one or more advance dividends within a financial year in compliance with Turkish Code of Commerce and the Capital Markets Regulation. The Board of Directors distribute dividend advance in times prescribed by Turkish Code of Commerce, the Capital Markets Law and the relevant regulations.

As long as the legal reserves and the dividends are not allocated as specified in Turkish Code of Commerce, the articles of association or the profit distribution policy, no further legal reserve can be assigned or carried out to a next year and no dividend can be given to board members, partnership personnel and other persons excluding shareholders. Furthermore, the foregoing persons cannot receive share from profit as long as the dividend allocated for the shareholders are paid in cash.

In terms of profit distribution, it is essential to follow a balanced policy between the interests of the shareholders and the interests of the partnership.

V. RISKS AND ASSESMENT BY THE BOARD OF DIRECTORS

Risk Management, Internal Control Mechanism and Evaluation of Strategic Goals

The Company's risk management procedure is carried out by the Early Risk Identification Committee established under the Board of Directors. The Committee includes two independent members from the Board of Directors, and the operational principle of the committee is available on the website of the Company. The Early Detection of Risk Committee convenes at least six times a year.

The main risks our company is exposed to are risks arising from the sector, risks arising from activities and other risks (credit, liquidity, exchange rate and interest rate) are followed under three main headings and the Board of Directors is periodically informed about these risks.

The Company's risk management program generally focuses on minimizing the potential negative effects of uncertainty in financial markets on the Company's financial performance.

The Company's Board of Directors pays attention to receiving the opinion and advice of relevant departments while identifying strategic targets. The advice on strategic targets is reported to the Board of Directors, and the targets are implemented within the shortest time possible. In this sense, the rate of success is evaluated during financial statement terms and at the end of relevant years by reviewing operations. Once in every year, the Board of Directors holds a meeting to evaluate the rate of success, operations, and former performance of the Company.

The risks with possible effects to the Company and the financial investments are as follows:

a) Industrial Risks

There are certain legal regulations and restrictions which Kafein should comply with. Kafein is a company engaged in the software industry. The Turkish government grants certain privileges to the industry. However, these privileges may be removed in time, and the privileges granted to Kafein may decrease or completely disappear.

The activities of Kafein may be subject to the effects of economic inconsistency. There may be political and/or economic inconsistencies in Turkey and the world. Kafein and the industry may be affected negatively and have retarded activities.

b) Operational Risks

Kafein ensures sales revenue mainly from only a single industry. Although Kafein has been carrying out sales transactions of electronic communication companies for more than 20 years, the Company is still subject to the risk of sectoral condensation. Certain issues which may arise in the electronic communication industry may affect Kafein negatively.

The bidding stage of tenders and the commencement periods of undertaken projects may exceed prescribed times. In general, Kafein makes sales revenue by winning tenders and making project offers to clients. In case of an extended bidding stage or longer project periods due to uncontrollable reasons may create a negative impact on the expected profitability of Kafein.

There may be delays in tender and project preparation and implementation processes: Material errors during the preparation or price and specification evaluation processes of the tenders wherein Kafein ensures participation may lead to a failure in timely performance and/or decrease in profitability from a project.

There may also be risks due to the location of the head office: The head and the R&D offices of Kafein are situated in the Technopark of Yildiz Technical University which takes place in Esenler, Istanbul. The activities of Kafein may be affected in case authorized bodies decide to move the Technopark or amend the relevant regulation.

The operations of the software and business support systems developed by Kafein may fail. The Company's personnel may need to put effort into long periods so as to remove these failures.

c) Other Risks

Apart from the foregoing, the Company may be subject to various financial risks due to the activities. These are credit risk, liquidity risk, exchange risk and interest rate risk.

Credit Risk: Credit risk becomes a question when the other party cannot perform its contractual liabilities. For the current period, the Company's other short-term receivables from non-affiliated parties are TRY 135,363,233 while short-term trade receivables from non-affiliated parties are TRY 379,139,630 according to its balance sheet.

Liquidity Risk: Liquidity risk refers to the risk of failure to perform funding liabilities and arises from various factors that lead to a decrease in fund sources such as undesired market conditions and/or decrease in credit score. For the current period, the Company's short- and long-term liabilities are TRY 379,343,069 and TRY 33,762,250 respectively, which corresponds to TRY 413,105,319 in total.

Interest Rate Risk: Interest rate risk may occur when the changes in the interest rates of the market cause fluctuation in the price of financial instruments. Sensitivity to interest rate risk is associated with the inconsistency of the maturities of assets and liabilities to a great extent. The Company manages this risk with a natural measure which is ensured by balancing sensitive assets and liabilities. For the current period, the Company has TRY 50,199,339 cash and cash equivalents which are subject to interest risk.

Exchange Risk: Exchange risk is the effect of the changes in exchange rates. For current period, Company is not under serious exchange risk since it has Net Foreign Currency Asset Position equals to TRY 375,168,121.

VI. DEVELOPMENTS WITHIN AND FOLLOWING THE PERIOD

• On 01.01.2025, the company signed a 2-year consultancy contract with Eczacıbaşı Bilişim San. and Tic. A.Ş.

• An outsourcing agreement has been signed between the company and AssisTT AssisTT Rehberlik ve Müşteri Hizmetleri A.Ş. to remain in effect between 01.01.2025-31.03.2025 and 01.02.2025-31.12.2025.

• On 02.01.2025, an additional protocol for software development services was signed between the company and Mapfre Sigorta A.Ş., outlining terms to be effective between 01.01.2025- 31.12.2025

• On 06.01.2025, a 3-year service agreement was signed between sahibinden.com and the company regarding the Google Chronicle SIEM/SOAR license and service. The relevant contract is the first sale and reference for this license in Turkey.

• On 07.01.2025, in order to expand the company's product market and potential collaborations, a contract was signed to receive research and marketing consultancy services from Gartner Türkiye Teknoloji Araştırma ve Danışmanlık Hizmetleri Ltd. Şti

• The "Eureka Bio-Curity Project International Consortium" meeting regarding Bio-Curity, the Digital Biomarker Ecosystem and E-Health Services project developed by our company with its domestic and foreign consortium partners, was successfully first held in Istanbul on January 10-12, 2024; the second took place in the Netherlands on 21-23 January 2025. The relevant meetings are audit meetings conducted by the Eureka Xecs program referees of the project.

• The official kick-off meeting of the "Artificial Intelligence and 5G Supported Personalized Digital Health Passport: 5G4P Health" project, which was developed by our company with domestic and foreign consortium partners and was entitled to receive the "Full Label" on 11.10.2023 by Eureka Celtic-Next (EU commission-supported project support initiative), was held in Brussels on 8-9 July 2024, and the next consortium meeting was successfully held on 20-21 January in Istanbul with the participation of all domestic and foreign companies.

• On January 22-24, 2025, the company participated in Bett Global 2025, the world's largest educational technology fair held in England, to introduce Foramind, Turkey's first and only mind mapping software developed by the company.

• With the decision of the Board of Directors dated 03.02.2025 and numbered 03, It has been decided to close the company's branch titled "Kafein Yazılım Hizmetleri Ticaret Anonim Şirketi

Düzce Şubesi", which is registered with the T.C. Düzce Trade Registry Office with the chamber registry number 13450 and located at the address "Orhangazi mah. Teknopark Cad. Teknopark Blok No 1 İç Kapı No Z03 Merkez Düzce". The said branch closing transaction was registered in the Trade Registry Gazette dated 12.02.2025 and numbered 11270.

• On February 9-12, 2025, the company participated in the LEAP 2025 Exhibition held in Riyadh-Saudi Arabia, and the participants were informed about our innovative technology services and solutions in areas such as data governance, database activity monitoring and test data management.

• On 19.02.2025, our company participated in the "OpenText Summit Turkey 2025" event held in Levent, Istanbul as a platinum sponsor. At the event, the latest trends shaping the future of business and solutions such as information technology automation solutions, cloud, cyber security, generative artificial intelligence and information management were discussed.

• On 19.02.2025, an additional protocol was signed between the company and Burgan Bank A.Ş. regarding RPA (Robotic Process Automation) service, which will remain in effect between 19.02.2025 and 31.03.2027.

• On 25.02.2025, a 3-year API (Application Programming Interface) Security System and maintenance and support contract for this system was signed with Turk Hava Yolları A.O.

• On 25.02.2025, the company participated in the IDC Turkey Security Roadshow event held in Levent Istanbul with our cyber security solutions brand All-in Cyber as a Gold Partner together with Google Cloud Security. At the conference, the latest technologies in information technologies were discussed and the participants were informed about our company's cyber security solutions.

• On 26.02.2025, the company participated in the "Future of CIO (Chief Information Officer) & Awards" event held in Istanbul with our digital transformation and cloud computing brand All-in Cloud as an Exhibition Partner.

• On 27.02.2025, the company received an purchase order (PO) form for the PAM (Privileged Access Management) project with a value of 212,770.29 USD by a third-party telecommunication customer.

• In February 2025, the company's cyber security solutions brand All-in Cyber received the "Most Successful Tenable Project" award of 2024 at the Tenable Partner Awards organized by Tenable Holdings, Inc., our company's American-based cyber security partner.

• Mobile Access MS (Managed Service) contract is signed between the company and third-party telecommunication company with total value of TRY 18,925,200 TL+VAT to remain in force between 01/03/2025-01/03/2026 and the contract has reached us on 28.02.2025.

• By the decision of the Board of Directors dated 28.02.2025 and numbered 05, it has been decided to appoint " Piramit Menkul Kıymetler A.Ş." as the Liquidity Provider of Kafein Yazılım Hizmetleri Ticaret A.Ş. and as the exclusive investment institution that will carry out the Liquidity Provider and Liquidity Provider transactions, to cover the amount of cash funds required for the Liquidity Provider service by the company, to commences liquidity transactions by Piramit Menkul Kıymetler A.Ş. in the Borsa Istanbul Equity Market following the permission of Borsa Istanbul A.Ş. The "Liquidity Providing Agreement" has been signed between the parties on 28.02.2025. Unless the contract is terminated, it is valid for 2 years, with an extension of one more year under the same conditions. The relevant appointment request was evaluated by Borsa Istanbul A.Ş. in accordance with the Equity Market Procedure dated 01/03/2016 and numbered 02.PRO.001 and approved on 05.03.2025.

• On 05.03.2025, the company participated in the "Sabancı Networking Fair" held at Sabancı University Tuzla Campus and shared information with students about Kafein Academy, our program for young talents, internship programs and Kafein Technology.

• On 10.03.2025, an order form (PO) was received for the "Database Activity Monitoring (DAM) and Data Masking" Project from the United Arab Emirates-based Starlink DMCC, with the end customer Saudi National Water Company (NWC).

• The project carried out under the agreement titled "Information Technology (IT) Asset Management" signed between our Company and our business partner domiciled in Azerbaijan, R.I.S.K Scientific Production Company (CJSC), effective from 27.12.2024 to 27.12.2025, with the end customer being Azercell Telekom MMC, has been completed and the project went live on 21.07.2025.

• On 19.03.2025, an outsourcing agreement was signed between the company and Burgan Bank A.Ş. in the field of software development, testing and analysis, to be in effect between 19.03.2025 and 19.03.2026.

• On 20.03.2025, a 36-month Business Partnership Agreement was signed between the company and ICT Bulut Bilişim A.Ş. (Bulutistan).

• The order forms (PO) for the contract on "Purchase of new licenses, renewal of existing licenses and procurement of services within the scope of Centrify software" signed between our company and a third-party telecommunication customer were received on 20.03.2025.

• On 03.04.2025, an agreement covering Security services was signed between the company and Burgan Bank A.Ş. in order to strengthen the information security infrastructure of the bank and to provide sustainable security services, to be in effect between 11.04.2025 and 10.04.2026.

• On 8-11 April 2025, the company was present at the Google Cloud Next '25 event in Las Vegas an exposition dedicated to cloud technologies where topics like GenAI, data analytics, application modernization, and cloud strategies were explored—alongside the cybersecurity solutions brand, AllinCyber.

• On 16.04.2025, the company's cybersecurity brand AllinCyber, took part in the "Picus Security Business Partners" event hosted by our partner, Picus Security.

• On 17.04.2025, the company's cybersecurity brand AllinCyber, took part in the "CrowdTour 2025" event organized by our business partner CrowdStrike in Istanbul, where the latest innovations were discussed by experts in the sector.

• On 19.04.2025, the company won the Silver Award in the category of "Security and Cyber Defence" in the 2025 Export Accelerators Outstanding Achievement Competition organized by the HİB (Service Exporters' Association), which was participated with the Application Programming Interface Security Solution "APIFORT" product developed by the Company.

• On 25.04.2025, a contract on "Open Banking Product Sales and Service Provision" was signed between the company and Savana Technology.

• On 30.04.2025, within the scope of the cooperation carried out with our business partner Amdocs Software Systems Limited, an outsourcing service was provided to our customer, Allianz Sigorta A.Ş. for their test teams.

• On 6-8 May 2025, the company participated in the GISEC Global 2025 fair held in Dubai with our cyber security brand AllinCyber and provided information about our cyber security products to our visitors.

• On 07.05.2025, the company received an purchase order (PO) from a third-party telecom customer regarding the security product license of our business partner Mandiant.

• On 07.05.2025, the Company came together with the students at the Career Festivals event organized by Istanbul University and shared information about the Kafein Academy Program, internship and recruitment processes of the company.

• On 07.05.2025, a one-year distributorship agreement was signed between the company and RAS Infotech FZE, which operates in the field of cyber security in the Middle East. Within the scope of the agreement, Kafein's data security and software services will be sold by RAS Infotech (Distributor) in the region.

• On 09.05.2025, RPA (Robotic Process Automation) Consultancy Service contract has been signed between the company and Şölen Çikolata Gıda Sanayi Tic. A.Ş. to remain in force between 01.01.2025 and 31.12.2025.

• The company participated in the London Tech Week 2025 event held in London on 9-11 June 2025 and shared information with the participants on Big Data, Cyber Security and Data Governance solutions.

• On 14.05.2025, the Company participated in the "Desoft Summit 2025" with our cyber security brand All-in Cyber, organized by our business partner Desoft in Istanbul. At the summit, information on artificial intelligence management and security platforms in institutions was shared.

• On 16.05.2025, APIFORT, the API (Application Programming Interface) Security Solution developed by the company, was officially launched in cooperation with a leading telecommunications operator, one of Turkey's prominent players in communication technologies. During the launch event, detailed information was shared regarding the product's scope, technical capabilities, and areas of use. Additionally, the product was deployed in a live customer environment for the first time, marking the start of its operational use. APIFORT, equipped with advanced features such as API Discovery, Intrusion Detection, Sensitive Data Classification, and Data Masking, is a cybersecurity solution that enables organizations to monitor their API infrastructures end-to-end, detect potential vulnerabilities in real time, manage risks proactively, and safeguard sensitive information transmitted via API traffic.

• On 23.05.2025, the "Maintenance and Support Service for Endpoint Security (Antivirus) Software" Purchase Agreement was signed between our company and T.C. Ziraat Bankası A.Ş. to remain in effect between 23.02.2025 and 22.02.2028.

• On May 28, 2025, the Company signed a framework agreement regarding the 'Compliance with Data Privacy Regulations and Discovery of Sensitive Data' with Netpoleon Solutions Pte Ltd. where the final customer is a third-party bank based in Singapore, which will remain in effect indefinitely unless terminated. This agreement is notable as it is the first contract the Company has signed in the Southeast Asia region.

• On 02.06.2025, an agreement was signed between the company and DSM Grup Danışmanlık İletişim ve Satış Tic. A.Ş. on "Google Threat Intelligence License and Service" to remain in force between June 1, 2025 and June 1, 2026.

• On 12.06.2025, a Partnership Framework Agreement was signed between the Company and Redington Turkey Teknoloji Anonim Şirketi for an indefinite period; for the purpose of carrying out activities related to the promotion, marketing, and sale of Amazon Web Services (AWS) products and services to end users, as well as the provision of installation and other related technical

services. AWS is a global technology provider offering cloud infrastructure, software services, data solutions, artificial intelligence, and related services.

• On 17.06.2025, the Company participated in the UiPath Agentic Automation Summit held in Istanbul, where the effects of artificial intelligence and automation in the business world were discussed. At the summit, we came together with our customers and shared our artificial intelligence-supported enterprise automation projects and solutions.

• On 26-27 June 2025, the company participated in the Second Cyber Security Workshop held in Gaziantep hosted by Enerjisa and supported by EPDK (Energy Market Regulatory Authority) and ELDER (Association of Electricity Distribution System Operators), with the company's cyber security brand All-in Cyber.

• On 27.06.2025, the Company was awarded first place in the "Commercialized Product Stars" category under the YTU Stars segment at the "Interstellar Technology Awards" ceremony organized by Yıldız Technical University (YTU) Technopark. The award was granted following an evaluation of 750 companies operating in the region, based on criteria such as technological production, R&D investments, and value-added outputs.

• On 30/06/2025, a project contract was signed between the company and Doğuş Bilgi İşlem ve Teknoloji Hizmetleri A.Ş. regarding the "Cloudflare License" to remain in effect between May 21, 2025, and November 20, 2026.

• On 04.07.2025, the "Google Security Managed Defense License Agreement" dated 05/08/2024 signed with the LC Waikiki Mağazaları Hiz. Tic. A.Ş. is extended to be valid until 05/08/2026.

• On 15.07 2025, the company obtained the "1-year License Renewal of our business partner's - Opentext- products regarding the compliance with the Personal Data Protection Law (GDPR)" from a third-party Telecom customer and the corresponding purchase order (PO) was delivered to us on 24.07.2025.

• On 15.07.2025, an interim evaluation meeting was held in Madrid to evaluate the progress of the 5G4P Health Artificial Intelligence and 5G -supported Digital Health Passport project developed by the company with domestic and international consortium partners. In the consortium of 16 stakeholder projects, Kafein is responsible for Security Architecture Development and Cybersecurity, including the Internet of Medical Things (IoMT), Security of Edge Computing Environments, and Zero Trust Architecture.

• On 24.07.2025, the company's cyber security brand AllinCyber received the "Google-Chronicle SOC (Security Operations Center) and Maintenance Service" project from Bitpace.

• On 25.07.2025, the "Mobile Network 5G Launch Project Coordination and Installation Service Procurement" project of a third-party telecommunication customer was received by the company.

• On 29.07.2025, a 3-year "Software License, Maintenance and Support" contract was signed between the company and the Sigorta Bilgi ve Gözetim Merkezi (SBM).

• On August 6, 2025, our company was granted the status of "Agentic Automation Fast Track Partner" by UiPath, our Platinum Partner and collaborator in the field of automation. The "Agentic Automation" approach refers to a new generation of automation systems designed to make AIpowered software more autonomous, decision-capable, and interactive.

• According to the "Top 500 IT Companies 2024 Survey" conducted by BT Haber newspaper on 07.08.2025, the company achieved second place in the "Data Security Software" and "Cybersecurity Service" categories, and third place in the "Consulting" category among Turkey-based manufacturer companies.

• On 12.08.2025, an order form (PO) was received for the installation and deployment under the "Database Activity Monitoring (DAM)" Project from the United Arab Emirates-based Starlink DMCC, with the end customer "Saudi Energy Regulatory Authority".

VII. MISCELLANEOUS

The company remains part of the BIST Dividend Indices for the period from 01/08/2025 – 31/10/2025, following the periodic evaluation conducted by Borsa Istanbul's General Directorate on 21.07.2025. This assessment adhered to the BIST Market Capitalization Weighted Share Indices Rule Set. The company was initially included in the BIST Dividend Index on 18.01.2022.

The company, initially started to be traded in the BIST Corporate Governance Index as of 13.09.2023, is renewed its contract with "Saha Kurumsal Yönetim ve Kredi Derecelendirme Hizmetleri A.Ş " in order to renew its rating score for a period of one year starting from 31.05.2024. The latest Corporate Governance Rating is 94.49% dated 04.09.2024. (11.09.2023: %94,07)