Consolidated Non-Financial Statement pursuant to Italian Legislative Decree 254/2016

CNFS as at 31 December 2023

Consolidated Non-Financial Statement 2023 1 This English version of Tinexta 2023 Consolidated Non-Financial Statement is made available to provide non-Italian speakers a translation of the original document. Please note that in the event of any inconsistency or discrepancy between the English version and the Italian version, the original Italian version shall prevail.

Consolidated Non-Financial Statement 2023 2

TABLE OF CONTENTS	3
MESSAGE FROM THE CHAIRMAN AND CHIEF EXECUTIVE OFFICER	5
HOW WE SHAPE THE FUTURE	8
The Coordinates of Our Action	9
About Us	9
Our Business Model	9
A Challenging Journey	10
A Galaxy of Skills to Help Businesses and Institutions Grow	10
Constant Growth Guided by an Effective Strategy	13
The Values that Guide Our Daily Lives	14
Data Protection and Digital Infrastructures: a Cutting-Edge Approach	15
METHODOLOGICAL APPROACH	18
Coordinates of the CNFS	19
Materiality Analysis	21
SOLID AND CONSTANTLY EVOLVING GOVERNANCE	26
Actors	27
Strategy	28
Tools	29
Group Code of Ethics and Conduct	29
Group Organisational Model and Regulations	30
Organisation, Management and Control Models pursuant to Italian Legislative Decree 231/2001	31
Whistleblowing	32
Anti-Corruption Guidelines	32
Succession Plans	33
Certification	33
ESG Policies and 2023-2025 Sustainability Plan	35
ESG Risk Monitoring and Management	39
PEOPLE AT THE CENTRE OF OUR VISION OF THE FUTURE	42
Workforce Characterised by Stability and Continuity	43
Uniqueness Is Strength	44
Projected Towards Constant Skill Growth	45
Skills Capital	47
Healthy and Safe Work Every Day	49
Support for Local Initiatives	50
Consolidated Non-Financial Statement 2023	3

Supply Chain Responsibility	51
RESPECT FOR THE PLANET WE LIVE ON	54
A Constantly Growing Commitment	55
Offices with a Lighter Footprint	55
Mobility Management	57
Energy and Emissions	58
TAXONOMY	60
Regulatory Framework	61
Methodological Approach	62
Results	62
APPENDICES	66
A - Companies included in the organisation's sustainability reporting	67
B – Overall data and trends	73
C - Conversion and issue factors	78
D – Taxonomy details	80
E – Management of material topics	84
F – Reconciliation Table	86
G – GRI Content Index	88

Message from the Chairman and Chief Executive Officer

Dear Stakeholders,

We proudly present the annual Consolidated Non - Financial Statement (CNFS) of the Tinexta Group for the sixth consecutive year.

We witnessed the persisting complexity of the macroeconomic framework in 2023, especially due to the armed conflicts in Ukraine and in the Israeli - Palestinian region and the consequent repercussions on the global and inflationary economic system. Nonetheless, as has happened in other occasions in the past, our Group has demonstrated a strong ability to adapt, which has allowed us to continue to grow .

However, we are aware that the successes achieved so far are a starting point in looking to the future; thus, moving our gaze further in time and space, broadening our vision beyond the defined area in which we operate, it becomes evident how necessary and right it is to take care of the environment that we call home, of the people who live in it and the society of which we are part.

Sustainability is not, nor should it be considered, an accessory. It is an essential value for companies, inherent in their scope. For this reason, in addition to the objectives of innovation, integration and internationalisation in the three -year 2023 -2025 Strategic Plan, we have chosen to accelerate the process of strengthening ESG issues regarding the environment, social issues and governance within the Group's overall strategy.

Several significant actions resulted from this decision, including the development of an ESG Plan for the three -year period 2023 -2025 and the identification of KPIs that will help us to monitor the achievement of the objectives we have set ourselves with respect to the commitments undertaken in the ESG Policy.

Consolidated Non -Financial Statement 2023

With their unique qualities, people are the true success factor and strength of a business like ours. This is why we devote a great deal of energy to improving their satisfaction. We have done much and will do much more to protect diversity within our workforce. We also continue to support the professional growth of our people, and in 2023 we developed the Tinexta Leadership Model precisely with this intent. It defines the values, skills and distinctive behaviours to be successful in the context in which the Group operates and that each person embodies, at all levels of the organisation.

2023 was also the year in which we updated our Code of Ethics and Conduct and the risk mapping methodology in the Group's Enterprise Risk Management (ERM) process, in line with our historic oversight of ethical and governance matters.

To discover these and other innovations created by the Group in the ESG sphere, we leave you to consult this CNFS, a tool with which we describe the path that our companies in Italy and abroad undertake towards growing sustainability and an increasingly responsible way of doing business.

Enrico Salza Chair of the Board of Directors Tinexta S.p.A.

Pier Andrea Chevallard Chief Executive Officer Tinexta S.p.A.

How We Shape the Future

The Coordinates of Our Action
A Galaxy of Skills to Help Businesses and Institutions Grow
Constant Growth Guided by an Effective Strategy
The Values that Guide Our Daily Lives
Data Protection and Digital Infrastructures: a Cutting-Edge Approach

Consolidated Non-Financial Statement 2023 8

The Coordinates of Our Action

About Us

Digital Trust, Cyber Security, Business Innovation: these are the strategic sectors in which we are recognised as leaders and through which we aim to shape the future of businesses, institutions and professionals.

Our headquarters are in Italy, but we also have an important presence abroad. Furthermore, we are listed on Euronext STAR Milan with a solid institutional shareholder of reference, as well as listed in the European Tech Leader index as a high-growth tech company.

Our Business Model

An industrial services group like ours clearly counts customer satisfaction among its absolute priorities, combined with respect for shared principles, which we have formalised both in our Sustainability Policy and in the Code of Ethics and Conduct.

Our business model is based on aspects that are essential for us, including:

the centrality of the role and relationships with stakeholders;
the ethical management of our business activities, through the adoption of dedicated governance tools and their continuous updating;
the corporate relevance of data protection and cyber security;
our mission.

We are a hub for the development of innovative technologies for the digital transformation and an advanced consultancy centre for companies and institutions. Our vertical service offer enables the innovation of small and mediumsized enterprises, with the aim of becoming their partner of choice along their

digital journey. We also manage complex digital transformation projects for large companies, banks, public administrations. We enhance and promote professional and managerial skills to foster the growth of all our employees and we aim to acquire a European dimension where the integration of skills can generate solutions capable of satisfying international demand¹ .

A Challenging Journey

Our story began in 2009, when we were created at the behest of Enrico Salza and Pier Andrea Chevallard as an evolution of Tecno Holding S.p.A., a company controlled by the main Italian Chambers of Commerce and Unioncamere, which still owns the majority of the Group's capital. The Group immediately stood out for its strong dynamism: a path made of successes and challenges, which led us to establishing ourselves as a benchmark in our fields of competence, in Italy and abroad.

Group Established > Tecno Holding, institutional shareholder (Italian Chambers of Commerce) > Acquisition of InfoCert	9	Consolidation > Acquisition of Visura, Innolva, ReValuta, Co.Mark, Warrant Hub > Entry onto the STAR Euronext Milan market	Cybersecurity and C expansion in Europe > Acquisition of Corvallis, Yoroi and Swascan > Tinexta Cyber was established	> Sale of CIM	M&A growth > Acquisition of Evalue, Enhancers, Plannet, Lan&Wan > Intesa San Paolo enters Warrant Hub > Acquisition of 20% of Defence Tech
> Entry into the AIM segment of the Italian Stock Exchange		Globalisation > Acquisition of Camerfirma > Integration of companies from France, Spain, Germany, Belgium, Bulgaria	> Acquisition of Queryo Advance, ForValue, CertEurope > Partnership with Leonardo > Bregal Milestone joins Infocert		> Acquisition of Ascertia and Studio Fieschi e Soci > Orqanisational review of the Business Innovation BU through merger operations

A Galaxy of Skills to Help Businesses and Institutions Grow

Each company in our Group has unique specificities and know-how that have been developed over the years. However, we put a great deal of energy into ensuring that these skills dialogue with each other and we are aware that the meeting of differences, in all fields, generates value and highly innovative ideas.

¹ Taken from the mission of the Tinexta Group, available on the website Tinexta.com.

Presented in detail in Appendix A, the Group companies operate within three business units that coincide with the market areas in which we offer our services: Digital Trust, Cyber security and Business Innovation.

We like to consider ourselves technology entrepreneurs, a tool that allows us to anticipate the constant evolution that affects our world. From this perspective, innovation is undoubtedly a key factor in our work: developing advanced services that effectively meet the newest needs of customers is a distinctive element of our offer.

Our business unit dedicated to digital trust has revolutionised entire sectors with its digital services for business innovation. Warrant Hub and its companies offer companies complete support in their digital and industrial transformation process, demonstrating that they make innovation a driving force behind their operations on a daily basis. In the cyber security field, we enable companies to defend themselves from cyber attacks, protecting data and ensuring business continuity.

The digital transformation of the companies that place their trust in us is a challenging and crucial objective, both for innovation and business growth. We are able to meet the needs for achieving this goal first and foremost thanks to the cooperation between our companies, coordinated by the parent company Tinexta S.p.A., which assists the companies in their governance and main functions by enhancing their particular features and maximising cooperation.

The activities of the individual business units, their member companies and the contributions each of them makes to the creation of more sustainable models in relation to ESG matters are summarised below.

Tinexta Cyber Security

As a national leader in the field of cyber security, this business unit provides services and consultancy to increase security in the digitalisation of processes and for the protection of data and information.

Contribution to more sustainable models

This business unit deals with protection, and its products enable companies to defend themselves against cyber-attacks, protecting people's data and information and ensuring business continuity. Tinexta Cyber Security also helps to perform secure remote and electronic transactions, with the environmental and social benefits already mentioned for Tinexta Digital Trust.

Warrant Hub and its companies contribute to developing more sustainable models on several fronts, starting with seeding services. These enable companies to take their first steps along the road to sustainability through main analysis and measurement tools such as product carbon footprint, materiality analysis and product circularity index calculation. Studio Fieschi & soci offers its customers services for measuring, reporting and communicating performance in ESG areas. EuroQuality accompanies organisations in innovative projects on the environmental and social sustainability front, many of which fall within programmes financed by the European Union with a high ESG impact, such as Horizon Europe and Life. Lastly, Queryo is specialised in digital marketing activities, encouraging dematerialisation in business promotion strategies.

In addition to the subsidiaries, our Group composition also includes the associated companies Etuitus S.r.l., Authada GmbH, Camerfirma Colombia S.A.S., IDecys S.A.S., Opera S.r.l., Digital Hub S.r.l., Defence Tech Holding S.p.A. Società Benefit, Wisee S.r.l. Benefit Company (in liquidation) and OPENT S.p.A.

Constant Growth Guided by an Effective Strategy

Over the years we have managed to expand the range of products and services that we offer for the growth of businesses and institutions, affecting very dynamic market sectors. This result was also achieved thanks to a careful Merger & Acquisition (M&A) strategy.

As part of these extraordinary operations, as an industrial partner we enhance the skills and resources of each company without affecting its identity, but working synergistically for effective integration within the Group. To do this, we have developed a special model which supports the entry of new companies into the Group, making this transition as efficient as possible and defining common aspects with which all our companies must align.

In 2023 we also integrated precise ESG parameters into the evaluation of new acquisitions, which allow us to objectively analyse the degree of companies' compliance with sustainability principles, so as to appropriately intervene, where requested, during the post-deal integration phase. In particular, we analyse four dimensions in the evaluation:

1. Procedural system: adoption of policies and procedures aimed at monitoring and reporting corporate commitments towards ESG issues;
1. IT security: definition and formalisation of IT security and data protection policies;
1. Human resources: adoption of transparent selection policies based on objective and measurable criteria, aimed at guaranteeing equal opportunities for all male and female candidates, promoting gender diversity and inclusion;
1. Environment: adoption of policies and procedures for monitoring and reporting the environmental impacts of its activities and for improving environmental performance.

Despite a macroeconomic and geopolitical context marked by several complex elements in 2023, we made significant choices in terms of M&A, consistently with the lines announced in the 2023- 2025 Strategic Plan. The main transactions of 2023 are summarised below, grouped by company involved.

Warrant Hub

As a result of extraordinary merger operations² , Warrant Hub has strengthened the synergy between digitalisation, sustainability and subsidised finance, completing its service offering with integrated consultancy solutions and technologies to support the digital transition.

The company also acquired the remaining shares of Studio Fieschi & Soci, reaching 100% ownership.

As part of the international growth process, an agreement was signed in December 2023 for the purchase of 73.9% of the capital of ABF Group, a French company among the leaders in the consultancy market for obtaining financing to support innovation and growth. This transaction was completed in January 2024.

² During 2023, the companies previously controlled by Warrant Hub, namely Enhancers, Plannet, PrivacyLab, Trix and Warrant Innovation Lab, were merged by incorporation within Warrant Hub, as well as the company Co.Mark, previously controlled by the parent company Tinexta.

InfoCert

In 2023 InfoCert acquired 65% of Ascertia Limited, a company with offices in the United Kingdom, the United Arab Emirates and Pakistan, which is among the leaders in cryptographic and ature solutions, as well as a reference company in the Digital Trust market. Thanks to this transaction, among other things we have strengthened our international presence with entry into the English market and Asia, and integrated new technological skills into the Digital Trust business unit.

Tinexta

Following the agreements entered into in 2022, in March 2023 Tinexta established the whollyowned vehicle called Tinexta Defence S.r.l. to implement the purchase of 20% of the share capital of Defence Tech Holding S.p.A.

In July 2023, the parent company signed an agreement with Digital Magics, a certified business incubator listed on the Euronext Growth Milan market, for a joint venture focused on making investments aimed at companies and start-ups that develop digital technologies, also through artificial intelligence tools and solutions, in areas potentially consistent with our Group's business. Through this partnership, Tinexta intends to select investment opportunities in start-ups that, following a growth process according to an open innovation logic, can contribute to providing functional solutions to innovate the Group's offer, also in the ESG sphere.

The Values that Guide Our Daily Lives

It is thanks to an effective strategy and clear values that a Group like ours can undertake a solid and consistent development path. The pillars of our identity, which guide and steer our actions every day, are summarised below.

The ethical management of business activities is a key element of our business model. For this reason, we constantly strive to adopt and update Group governance tools such as the Code of Ethics and Conduct, the Organisation, Management and Control Model pursuant to Italian Legislative Decree 231/2001 and the ESG Policies.

Starting from what has already been expressed in these documents, in 2023 we issued specific Group Anti-Corruption Guidelines. This new governance tool aims to further increase awareness of the rules and behaviours to be observed, providing indications on the control measures to be implemented to prevent corruption risk within our organisation. The main elements on which our governance is based are described in depth in the third chapter of this report.

No anti-corruption incidents were recorded in 2023, nor cases of contractual claims or sanctions for contribution irregularities; a dispute regarding anti-competitive behaviour is currently underway for one of the companies included in the scope of this CNFS, the outcomes of which may be covered in the next reporting document.

No financial or in-kind political contributions were made by any of the Group companies during the reporting year.

Data Protection and Digital Infrastructures: a Cutting-Edge Approach

We are aware of the social relevance of data protection and cyber security, two issues of great importance also for our business. We manage them through specific organisational and control measures in line with the provisions of the European General Data Protection Regulation (GDPR), the Code Ethics and Conduct and the Organisation, Management and Control Models pursuant to Italian Legislative Decree 231/01 adopted by the individual companies.

More specifically, in compliance with the applicable regulations:

we undertake to comply with the provisions for the protection and safeguarding of personal data established by law and to adopt the subsequent necessary organisational measures;
the processing to which the data collected by the Group companies is subjected is directed exclusively to carrying out the purposes of their activity;
the privacy of employees is also protected through the adoption of policies that specify which information is required and how it must be processed and stored. These policies establish the prohibition, except in the cases provided for by law, to disclose/disseminate personal data without the data subject's consent.

Data Protection

We take the utmost care for the protection of personal data, making sure that we constantly safeguard the information of customers, suppliers and employees (the 'data subjects'). The key elements for achieving our objectives in this area include continuous risk assessments and the definition of adequate management and mitigation actions through the implementation of technical, organisational and legal tools.

All Group companies adopt common policies, procedures and instructions on personal data processing, which can be customised to reflect the specific nature of each business and the resulting processing.

The attention to data protection also extends to our suppliers, for whom specific analyses of the risks associated with the entrusted processing operations are carried out as an integral part of our privacy management system.

Consistently with our multi-year plan for continuous improvement on this topic, we continued to implement systems and technologies in 2023 that allow us to automatically delete data at the end of the processing period. This innovation also allows us to reduce impacts in the event of any security incidents.

Cyber Security & Business Continuity

Cyber security and business continuity are two further crucial aspects for both the Group and the customers who place their trust in us, and for their level of satisfaction. For this reason, the growth of the Group's reputation is also linked to the level of excellence that we are able to offer with respect to these requirements.

The coordination of IT security activities is entrusted to the parent company.

The Group Cyber Security Programme activities continued in 2023. Through them, all companies can access a package of services provided by our cyber security business unit, after an assessment of the degree of maturity in the security field and subsequent definition of an action plan to achieve the Group's targets.

Among the services provided internally by the companies of the Cyber Security Business Unit, the Group Security Operation Center Programme (GSOC) monitors the security levels of our activities and systems and identifies the most effective response strategies. This is applied in four phases:

1. identification of the assets to be protected;
1. asset monitoring;
1. definition of the procedure for responding to attacks;
1. definition of an internal process that identifies vulnerabilities potentially susceptible to attacks.

Our DNA drives us to continuously improve in every area of our activities: we therefore introduced two further innovations for the centralisation of cyber security services in 2023.

With Group network access management, a system so far adopted by InfoCert and Warrant Hub, we aim to strengthen perimeter security protocols through the use of Secure Access Service Edge (SASE) technology, in order to guarantee high security standards even in the event of remote connection to our company networks.

We have also introduced a latest-generation automated security system to strengthen the ability to identify anomalous events and promptly resolve them: the Group end-point detection response has been adopted by all our companies, and is capable of detecting and analysing suspicious device and server activity.

Among the many projects related to cyber security carried out in 2023, Tinexta Cyber signed a partnership with Google Cloud, thus launching a project that involves all the companies in the Cyber Security Business Unit for the development of new, sophisticated technologies.

The first product of this synergy is Chronicle SIEM (Security Information and Event Management), a cloud-native solution for carrying out threat detection activities with a speed and scale previously unseen on the market.

Consolidated Non-Financial Statement 2023 18

02 Methodological Approach

Coordinates of the CNFS
Materiality Analysis

Coordinates of the CNFS

The 2023 Consolidated Non-Financial Statement (hereinafter referred to as the 'Statement' or 'CNFS') has been prepared in accordance with Art. 3 and 4 of Italian Legislative Decree 254/2016, issued in implementation of Directive 2014/95/EU, which introduced and set sustainability reporting standards for certain categories of companies.

Therefore, this CNFS includes an account of the relevant impacts of the Tinexta Group's activities related to the aspects specified in the aforementioned Italian Legislative Decree, and in general to their impact in the social, environmental and governance sphere (aspects defined internationally by the acronym ESG).

Starting from 2025, with reference to the reporting year 2024, the methodological approach adopted for the preparation of sustainability reporting will be reviewed in light of the important innovations introduced by the Corporate Sustainability Reporting Directive (2022/2464/EU), for the implementation of which we have created a dedicated working group.

Reporting Period and Scope

This document refers to the financial year 2023 and its reporting scope includes the Italian companies consolidated as at 31 December 2023 and foreign companies, also consolidated as at 31 December 2023, which exceed the cut-off threshold corresponding to 1% of Group revenues.

The companies Ascertia Limited, Ascertia PVT Ltd, Ascertia Software Trading LLC and Studio Fieschi e Soci S.r.l. acquired in the second half of 2023, are excluded from the reporting scope, as defined above. This exclusion was made to allow these companies to focus on integration activities within the Group in recent months. In addition, Tinexta Defence S.r.l. and Antexis Strategies Srl, special purpose vehicles for the management of other investments, and Tinexta Futuro Digitale S.c.a.r.l., were not included, as they are owned by other Group companies already included in the reporting scope, which fully manage the related activities.

The 2023 CNFS reporting scope covers approximately 90%³ of the scope of the 2023 Consolidated Financial Statements by number of employees (net of non-employees) and therefore allows, as established in Art. 3 and 4 of Italian Legislative Decree 254/2016, the coverage 'necessary to ensure an understanding of the group's business, its performance, its results and the impact it has produced.'

The following chart outlines the structure of our Group, including controlling interests as at 31 December 2023, specifying which companies are included in the scope of this CNFS.

³ The reduced coverage compared to 2022 is linked to the exclusion from the scope of the document, for the reasons already presented, of Ascertia Limited, Ascertia PVT Ltd, Ascertia Software Trading LLC and Studio Fieschi, which have an impact on the total employees of Group equal to 7%.

	TINEXTA
DIGITAL TRUST	CYBER SECURITY	BUSINESS INNOVATION
INFOCERT SIXTEMA TINEXTS GROUP (ĉamerfirma AN INFOCERT COMPANY CERTEUROPE AN INFOCERT COMPANY ICTECHLAB ascenta Visura TINEXTA GROUP	TINEXTA CYBER YOROİ • >Swascan corvallis ISSUESS & Cynessages and	@ Warrant Hub © beWarrant 90 EUROPROJECT Warrant Service S.r.L alue Tinexta Group Cleuroquality Forvalue TINEXTA GROUP STUDIOFIESCHI & SOCI """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" Co.Mark TES SI Queryo ANTEXIS
TINEXTA DEFENCE S.R.L. DEFENCE TECH	TINEXTA FUTURO DIGITALE S.C.A.R.L.	LEGEND Group representation as of Companies excluded from 31/12/2023 the reporting scope

The CNFS includes general contextual information common to the different editions, but every year its parts related to ESG performance are updated, reporting all the significant changes to the impacts of our activities which have taken shape in the reporting period.

Regulatory References

The document was prepared in accordance with the most up-to-date (2021) version of the Sustainability Reporting Standards published by the Global Reporting Initiative (GRI), the main international reference for sustainability reporting, adopting the 'in accordance with' option.

The identification and selection of the contents of this Statement, as required by Italian Legislative Decree 254/2016, were carried out to ensure that stakeholders understand the Group's activities, results and contribution to sustainable development, also taking into account the GRI principles of accuracy, balance, clarity, comparability, completeness, timeliness, verifiability and sustainability.

This CNFS is also drafted in accordance with the following regulations:

Regulation (EU) 2020/852: known as the 'Taxonomy', this sets out the criteria for determining whether an economic activity can be considered environmentally sustainable;
Delegated Regulation (EU) 2021/2139: defines the technical screening criteria for determining the conditions under which an economic activity substantially contributes to the objectives defined in Reg. 2020/852;
Delegated Regulation (EU) 2021/2178: establishes the content and presentation of the information that companies must report with regard to environmentally-friendly economic activities, specifying the methodology chosen to meet this disclosure obligation.
Delegated Regulation (EU) 2023/2486: defines the technical screening criteria for determining the conditions under which an economic activity substantially contributes to the four environmental objectives not present in Reg. EU 2021/2139.

Reporting Process

The contents reported in this document have been defined, validated and approved according to the Group's procedure 'Preparation of the Consolidated Non-Financial Statement,' which will be updated in the first months of 2024. This procedure governs the drafting process of the CNFS and

the responsibilities of the various actors involved. The Organisation, Sustainability & Internal Communication organisational unit of the parent company coordinates all the activities of the reporting process, under the responsibility of the Group Chief Human Resources & Organisation Officer.

Local representatives at the companies falling within the reporting scope manage the activities of collecting and sending the requested information and data, which are validated by the CEOs and General Managers of these companies before consolidation.

The Manager responsible for preparing the accounting and corporate documents has the task of verifying the consistency of the CNFS with the annual financial reporting.

Before its approval, the CNFS is reviewed by the ESG Committee and subsequently by the Tinexta Internal Board Control and Risk and Sustainability Committee. The definitive contents are then approved by the parent company's Board of Directors, which assesses their materiality, completeness and reliability, and are subject to review by the appointed external auditor, according to the methodologies specified in standard ISAE 3000 in the form of Limited Assurance.

This Statement can be found in the Company - Governance - Shareholders' Meeting - 2024 section of our website Tinexta.com.

Materiality Analysis

A key element of sustainability reporting is the materiality analysis, i.e., an in-depth study of the context in which the Group operates, its value chain and the other market realities it is faced with. The aim of the process is to identify and assess the most relevant positive or negative impacts generated by the Group's activities.

The materiality analysis and basis of this Statement was carried out according to the 2021 edition of the GRI standards, which introduced a focus on impacts, compared to the past. Material topics are precisely those that represent the most significant impact an organisation has on the economy, the environment and people, including human rights.

The necessary activities to identify the material topics were structured according to the path detailed below.

	The following activities were carried out with the aim of guaranteeing reasonable completeness of the information and identifying the significant aspects to be reported:
IDENTIFICATION OF POTENTIAL TOPICS	> documentary analyses concerning internal aspects, such as strategic and operational objectives presented in the 2023 - 2005 Business Plan and in the ESG Policies, and external aspects through an ESG benchmark carried out on the main peers. > interviews with Top Management and the CEOs of the companies within the reporting scope. These activities did not reveal any need to add, eliminate or change the list of impacts related to the material
	topics identified last year.
	To assess the impacts, a survey was carried out, administered via online tools both to management, to reveal the company's point of view, and to a sample of relevant stakeholders:
2	> company: 26 representatives were involved, including managers of Tinexta SpA and CEOs / General Managers of the companies within the scope, with a redemption rate of 78%. They were asked to indicate the relevance of each material topic on a Likert scale, i.e., the importance and likelihood of each impact.
IMPACT RELEVANCE ASSESSMENT	> stakeholders: in order to evaluate the relevance of the Group's material topics, we engaged employees, suppliers, customers, including some representatives of the Public Administrations and investors. The employee redemption is 66%, while overall for the other categories of external stakeholders it is 38%.
	The results obtained from the surveys referred to in the previous point allowed us to update the list of material topics; its ranking reflects the level of significance of the different topics in the company.
3 PRIORITISING	The results of the stakeholder engagement activities provided guidance and orientation, in line with the approach of the GRI 2021 standards, and supported the company during the impact identification and relevance assessment phases.
IMPACTS	For the final validation of the impacts, the Chief Executive Officer of the parent company was involved, whose point of view helped to determine the priority of impacts with reference to the corporate strategy.

2023 Results

Although the material topics presented in this CNFS are the same as those reported for the previous financial year, the analysis conducted with reference to 2023 shows a different positioning of the topics in the list presented below, which reflects the importance the company assigns to them.

In continuity with last year, the specific topics of the service companies were of greatest interest to the Group, first and foremost the centrality of the people who contribute to their success. More specifically, the most valued topic is Personnel training and development, in line with the significant increase in training hours provided in 2023 compared to 2022 (approximately +69%).

This is followed by Talent acquisition and employee retention, another aspect to which we constantly devote a great deal of energy. Specifically, we recorded 98% permanent contracts in 2023 and continued to use remote work and other forms of flexibility as tools for the work-life balance of all our employees.

The company also attributed great value to the topic of Diversity, so much that in 2023 some Group companies decided to concretely address the topic internally and implement specific activities in this regard, such as obtaining UNI/PDR 125:2022 certification.

The topics relating to governance aspects have acquired greater importance compared to last year's analysis. Ethics in business, also understood as Responsible management of taxation, was valued at a higher level. This increase is confirmed in the publication of the updated Code of Ethics and Conduct, in which further guiding principles on the way Tinexta and the Group companies do business have been formalised.

The approach to conducting business responsibly also towards our customers, to whom we provide quality services and guaranteed data and system protection, is the basis of our positioning, our economic solidity in all the countries where we operate and, consequently, our ability to redistribute value to all stakeholders.

The topic Relations with institutions was more highly valued, demonstrating the desire to contribute to a systemic community in which all players work together to achieve the same goal: a more responsible, inclusive and sustainable community. In this sense and from the perspective of Initiatives in favour of local communities, there are many social support and development projects to which many of the Group's companies contribute annually; we also highlight the use, where possible, of Minimum Environmental Criteria in purchasing to strengthen the monitoring of sustainability aspects also in the supply chain.

The topic Governance and sustainable strategy was also more highly valued, confirming the Group's growing awareness of these issues and the importance of integrating sustainability into the business model.

Taking into account the Group's areas of activity, a slight reduction in the relevance of Workplace health and safety is noted, which can be interpreted as the decrease in media attention towards these aspects following the conclusion of the Covid19 epidemic.

Less importance is also given to the topic Responsible energy management, attributable to awareness of the monitoring of this topic, which is the subject, among other things, of specific actions in the ESG Plan for the two-year period 2024-2025. In 2023, energy consumption monitoring of the companies that fall within the reporting scope continued with the aim, over the next two years, of implementing a calculation system for quantifying the CO² emissions generated.

The list of our Group's material topics, together with the related Sustainability Development Goals (SDGs) of the United Nations 2030 Agenda is illustrated below; this correlation was made by taking as reference the indications contained in the document 'Linking the SDGs and the GRI Standards,' issued by the GRI in 2021.

The connection between the material topics and the aspects established by Italian Legislative Decree 254/2016 can be found in Appendix F.

SDGs	MATERIAL TOPIC
5 Hausin e	PERSONNEL TRAINING AND DEVELOPMENT
5 tagester ক্ত	TALENT ACQUISITION AND EMPLOYEE RETENTION
	BUSINESS ETHICS
5 FACISION er	DIVERSITY NON-DISCRIMINATION AND EQUAL OPPORTUNITIES
AND INFLASTRACTURE ర్యాల	DATA PROTECTION & CYBER SECURITY
	GOVERNANCE AND SUSTAINABLE STRATEGY
& ECONOMIC GROW 合自己	ECONOMIC PERFORMANCE AND IMPACT IN THE COUNTRIES WHERE THE GROUP OPERATES
ಿಗೆ	BUSINESS CONTINUITY AND SERVICE QUALITY AND CUSTOMER SATISFACTION
	RESPONSIBLE TAX MANAGEMENT
3 AND WELL-BEING Wo	OCCUPATIONAL HEALTH AND SAFETY
17 PARTNERSHIPS ങ്കു	RELATIONS WITH THE INSTITUTIONS
CX	SUSTAINABLE SUPPLY CHAIN
8	SUSTAINABLE PRODUCTS AND INNOVATION
13 CLANATE Car	RESPONSIBLE ENERGY MANAGEMENT
	COMPLIANCE
17 FOR THE GOALS 80 合用品	INITIATIVES IN FAVOUR OF LOCAL COMMUNITIES

Solid and Constantly Evolving Governance

Actors
Strategy
Tools
ESG Policies and 2023-2025 Sustainability Plan

Consolidated Non-Financial Statement 2023 26

ESG Risk Monitoring and Management

Actors

A multifaceted Group like ours that is constantly looking to the future knows that management needs are not limited to economic aspects, however fundamental they may be. It is no coincidence that for years the acronym ESG - Environmental, Social, Governance - has been increasingly at the centre of public debate: every actor in the socio-economic fabric is required to broaden their horizons and make management aspects that concern the good environmental and social governance of the company, the planet that hosts us and the people who populate it a priority.

For years we have set up bodies and tools that allow us to manage the complex galaxy of the Tinexta Group in the most responsible way possible, and in this chapter we tell you how we do so.

We adopt the principles contained in the Corporate Governance Code approved by the Committee for Corporate Governance of Listed Companies, promoted by Borsa Italiana. In particular, in defining our corporate governance system, we are inspired by the following principles:

transparency of management decisions both within the company and towards the market;
efficiency and effectiveness of the internal control system;
strict rules governing potential conflicts of interest;
sound principles of conduct for transactions with related parties.

The system is overseen by the Board of Directors (BoD), which not only steers the company to pursue the corporate purpose, but also maximises shareholder value over the medium to long term and ensures that the expectations of other stakeholders are met.

Appointed during the ordinary shareholders' meeting of 29 April 2021 and in office until the approval of the financial statements as at 31 December 2023, the Board of Directors includes 11 members: the Chair, the CEO and nine Directors.

The three internal board committees established in 2021 operate within the Board of Directors, following the renewal of the Board of Directors, in line with the provisions of the aforementioned Corporate Governance Code.

The Remuneration Committee is made up of three members and has advisory and investigative functions for determining the remuneration of Directors and for the remuneration policies of Key Management Personnel, detailed in the Report on the remuneration policy for 2024 and on compensation paid in 2023, published in the Governance section of our website.

The Related Party Transactions Committee consisting of three members formulates opinions on transactions involving related parties, and is established pursuant to the Consob Regulation on Related Party Transactions (RPT).

The Control and Risk and Sustainability Committee consisting of three members has the task of assisting the BoD in evaluations and decisions related to the internal control and risk management system. It has a proactive and advisory role: its half-yearly reports include assessments on the adequate and effective functioning of the internal control and corporate risk management system, including risks related to sustainability, which may be relevant in the medium to long term. Among other things, this Committee examines and approves the ESG Plans with the initiatives to be undertaken for their implementation and monitors their progress, also through regular discussions with the ESG Committee.

Established in 2021 as a managerial committee, the ESG Committee consists of three executives from the parent company. Its objective is to promote the integration of sustainability into corporate strategies, thus supporting the Control, Risk and Sustainability Committee and, ultimately, the Board

of Directors in its responsibility to address the issue of sustainability for the creation of value for all stakeholders.

In addition to the Board of Directors, the control and supervisory bodies described below operate within the overall corporate governance system.

The Board of Statutory Auditors, consisting of three full members and two alternates, monitors compliance with the law and the articles of association in terms of proper administration and, in particular, the adequacy and effectiveness of the company's organisational structure. The Directors report to this body on their activities and on the most important economic, financial and capital transactions carried out by the parent company or its subsidiaries; reports are made at least quarterly, either orally or in writing.

The 231 Supervisory Body is instead responsible for continuously monitoring the functioning of and compliance with the company's Organisation, Management and Control Model pursuant to Italian Legislative Decree 231/01, and proposing any amendments and/or additions to the Board of Directors. It consists of three members chosen from among people inside and outside the company with adequate professional requirements and specific skills. The Supervisory Body also verifies compliance with the Code of Ethics and Conduct at the company.

Further details on governance at Group level can be found in the section 'Report on Operations' of the Annual Financial Report for the year ended 31 December 2023, available on our website in the section Company - Governance - Shareholders' Meeting - 2024 and in the Report on Corporate Governance and Ownership Structure, available on our website under Company - Governance - Corporate documents.

Strategy

The management of a large group like ours requires, in addition to a solid structure, decisive and consistent strategic direction, with specific principles and objectives outlined for its development. In 2023 we strengthened our leadership in all the main markets in which we operate and followed our growth project by consolidating the objectives guiding our work: integration, internationalisation, external growth and a careful financial policy.

Added to these fundamental objectives of the 2023-2025 Strategic Plan, approved by the Board of Directors on 9 March 2023, is the development of an ESG culture that is increasingly integrated into the Group's overall strategy, which places people and their skills at the centre and generates sustainable value for the benefit of all stakeholders.

Last year was an important moment for the definition of our commitment towards a more sustainable approach: in fact, we formalised the Policies representing the pillars of our sustainability strategy, which we approach with attention and a sense of responsibility.

To concretely implement the ESG Policies, in 2023 we conducted an important gap analysis to measure our level of maturity in terms of sustainability, especially in the areas identified by the Policies, and to define specific improvement objectives for the three-year period 2023-2025. The achievement of these objectives was formalised within specific multi-year ESG Plans, which are explained and described in greater detail in the dedicated section of this document.

The 2023-2025 Strategic Plan drivers are briefly illustrated in the following image.

We make transparency a key value of our strategic choices, management activities and relationships with all our stakeholders.

Together with transparency, compliance with applicable laws and regulations and attention to regulatory changes are inspiring principles of all our work, especially when dealing with administrative and fiscal management, the preparation of financial statements and any other accounting document, and payroll management.

Tools

To achieve our ambitious goals, over the years we have constantly developed the governance tools implemented. The main features and updates for each of them in 2023 are detailed below.

Group Code of Ethics and Conduct

In the first months of 2023, our Board of Directors approved the new Code of Ethics and Conduct of the Tinexta Group (hereinafter referred to as the Code of Ethics), publicly available on the company website.

The Code of Ethics applies to the entire Tinexta Group, in any country and at any level of the organisation. The members of the corporate bodies, employees, whoever operates in the name and on behalf of Group companies and, more generally, all the participants in Tinexta's entrepreneurial organisation must continuously adhere to the moral and professional principles and values contained therein.

The Code of Ethics also contributes to optimising the company's internal and external relations in terms of efficiency, guaranteeing standard behavioural guidelines and the continuation of a positive business reputation.

The diagram alongside graphically shows the ethical and behavioural principles of the new Code of Ethics.

We promote the dissemination of the Code of Ethics both internally, with publication in the Group's intranet, and externally by making it accessible to stakeholders in the section Company - Governance - Corporate Documents of our website. We have also

informed external collaborators, partners and suppliers of the existence of the Code of Ethics, who sign to confirm having read it and promise to comply with it during the respective contractual stipulations.

We provide information and training programmes for all employees and collaborators to guarantee and maintain the knowledge and effective application of the rules of conduct contained in the Code of Ethics over time. Following the approval of the Board of Directors, we developed a training course on the new Code of Ethics in e-learning mode and usable on our digital education platform by all Group employees and new hires.

We prosecute and sanction any behaviour contrary to the provisions and principles of the Code of Ethics as laid down in the document itself.

In line with the provisions of Art. 6 of Italian Legislative Decree 231/2001, the 231 Supervisory Body is responsible for checking compliance with the Code of Ethics. Compliance with laws and internal regulations is also monitored by our internal control system.

Group Organisational Model and Regulations

Our organisational model is aimed at implementing a common management direction to achieve the Group's strategic objectives. With this aim, the parent company Tinexta defines and implements centralised organisational and operating models which focus on:

• optimising the synergies generated by membership of the Group, by enhancing the characteristics of the various companies;

• ensuring homogeneity and consistency in internal processes by disseminating best practices and strengthening internal skills.

The Organisational Communications and the Group Regulations describe the model and provide the reference principles detailed in the group policies, guidelines and procedures relating to the individual operational processes.

An important revision to the Group Regulation was completed in 2023 and approved by the Tinexta Board of Directors in January 2024. It was focused on updating the responsibilities and coordination methods exercised by the parent company on the companies it controls.

The updated Regulation also incorporated other innovations in the Group organisational model created in 2023, summarised below.

To encourage full integration between the subsidiaries and facilitate interactions with the parent company, we redesigned the organisational model of the Administration, Finance and Control (AFC) area according to a business unit logic, aimed at enabling greater cooperation, integration and use of best practices. As part of this reorganisation, we also established a Shared Service Centre in the parent company dedicated to the administrative management of the suppliers of all companies, thus ensuring uniformity, effectiveness and efficiency of the activities. Finally, in line with AFC best practices, the Tinexta Board of Directors reassigned the role of Manager responsible for preparing the corporate accounting documents to the Group Chief Financial Officer.

Also within the Internal Audit Department, we revised the organisational structure to make the internal control activities even more effective, identifying a contact person for each business unit of the Group.

To strengthen strategic coordination towards growth and development objectives in a constantly changing context, we established the new Strategic Planning Department in Tinexta, which has the mission of:

guiding the Group's strategic planning process through the definition of Strategic Guidelines, which contain the objectives to be pursued in the long term through the Group's business development activities;
developing analyses and research on macroeconomic scenarios, the positioning and evolution of markets and sectors significant for our business;
conducting in-depth studies on strategic topics that are a priority for the Group.

Organisation, Management and Control Models pursuant to Italian Legislative Decree 231/2001

In line with the provisions of Italian Legislative Decree 231/01, Tinexta and all the companies included in the reporting scope have adopted an Organisation, Management and Control Model, adhering to the requirements specified in Article 6 of the aforementioned decree.

To ensure compliance with the regulations by all companies, including smaller ones, we have long since defined Guidelines on the subject of Italian Legislative Decree 231/01 which steer and set the criteria to be adopted for drafting and updating Organisation, Management and Control Models (hereinafter also 231 Models) and for the establishment and operation of the relevant Supervisory Bodies 231 (hereinafter SBs).

In 2023 we updated the 231 Guidelines and at the same time the 231 Model of Tinexta, both approved by the parent company's Board of Directors, to incorporate the latest regulatory

developments and the most recent changes to the organisational structure of the company and the Group. With this update, we have encouraged Group companies to revise their respective Models.

The 231 Model ensures fairness and transparency in the conduct of company business, while also protecting the reputation of the companies, the expectations of shareholders and the work of employees. Based on the indications set out in the Guidelines, all the 231 Models of Group companies are divided into two sections:

the general section, containing provisions on the objectives of the Model, the methods used for verification and updating, the functioning of the Supervisory Body and the communication and information processes set up by the company;
the special section, which identifies the areas of activity exposed to the risk of commission of offences under 231 and, for each of them, the sensitive activities and the relevant control protocols implemented to prevent the risks of offence.

Whistleblowing

To implement the new regulatory provisions on whistleblowing (Italian Legislative Decree 24 of 10 March 2023 implementing EU Directive 2019/1937), in addition to the 231 Guidelines and Model, we updated our procedures for managing whistleblowing in 2023.

In particular, we have integrated our internal regulations on whistleblowing by:

providing defined time-scales for taking charge of and closing the report;
expanding the SB's tasks, which takes on the role of report manager;
correctly processing the personal data of the people involved in the reports, pursuant to current privacy law;
protecting confidentiality and prohibiting retaliatory and discriminatory behaviour in support of both the whistleblower and the reported person.

Any violations of the Sustainability Policy and the Group ESG Policies can also be reported via the whistleblowing IT platform, the access link for which is made available in the relevant company documentation, but also on our website on the page Company - Governance - Policies and Procedures.

Anti-Corruption Guidelines

To further confirm our commitment to preventing any form of illicit conduct, in 2023 we newly issued Group Guidelines on the topic of Anti-Corruption. The aim is to summarise and integrate, in an organic framework, the rules for preventing and combating corruption already in force in the Group and defined in the Code of Ethics and Conduct, in the 231 Models and in the Anti-Corruption Policy.

In particular, the Anti-Corruption Guidelines establish the principles of behaviour to be followed in the most sensitive areas of activity, namely:

Relations with the Public Administration;
Relations with political and trade union organisations;
Relationships with third parties;
Extraordinary corporate transactions;
Management of financial resources and treasury;
Gifts and entertainment expenses;
Sponsorships and donations;
Personnel selection, hiring and management;
Dispute management;

• Accounting records.

We have disseminated these new guidelines to all Group companies with the aim of further increasing awareness of the rules and behaviours to be observed. Therefore, they are applied throughout the entire Group without distinction, in any country and level of the organisation, with any necessary adaptations as regards specific local regulations.

The adoption of the Anti-Corruption Guidelines by all Group companies is one of the objectives of the ESG Plan for the next two years, presented in the following section entitled 'ESG Policies and the 2023-2025 Sustainability Plan.'

We will constantly monitor the application of safeguards to prevent corruption. In this regard, the Anti-Corruption Managers of each company will prepare a periodic report on the monitoring activity and will present it to the top management of our organisation.

Succession Plans

In light of the important transformation of the Group and its organisation recorded in recent years, in 2021 the Tinexta Board of Directors approved a Succession Contingency Plan to adequately respond to any succession needs. This plan is in line with the recommendations of the Corporate Governance Code and the proposals formulated on the subject by the Control, Risk and Sustainability Committee and the Remuneration Committee.

The Succession Contingency Plan has the purpose of ensuring the continuity of the company's operations, identifying the actions to be taken if the Chief Executive Officer, the Chair or one of the executive members of the Board of Directors are prevented from performing their duties. The document presents a more detailed structure for the parent company, while specific operating procedures have been established for the subsidiaries.

As part of talent management activities, we also carried out a potential assessment campaign in all Group companies which, in synergy with the new Leadership Model, will allow us to identify and develop the best talents also from a succession planning perspective.

Certification

Certifications are functional tools for certifying the reliability of companies in specific areas of application, assessed based on the implementation of specific requirements established by the reference standards.

Our Group companies have acquired multiple certifications over the years, confirming our commitment to guaranteeing exceptionally high service levels and management systems compliant with recognised standards, including at an international level, on priority aspects for our business activities.

The certifications adopted across the Group include UNI EN ISO 9001:2015, which determines the principles and standards to be complied with to ensure service quality and customer satisfaction, and ISO/IEC 27001, which establishes criteria and requirements for the security and privacy of the information handled.

Some companies have also obtained certifications and attestations relevant to their operating sector. For example:

the eIDAS Certification which, in compliance with the eIDAS Regulation (EU Regulation 910/2014 of 01/07/2016) ensures the qualified certification of electronic signatures, electronic seals, website authentication and time validation services;
the SOC (System and Organisation Controls) 2 type II Certification, which is issued by a thirdparty body following regular checks on information systems regarding security, availability, processing integrity, but also confidentiality and privacy.

In 2023 we further expanded the set of our certifications with two important innovations registered by InfoCert, which awarded the certification on gender equality, pursuant to UNI PDR 125:2022, and on anti-corruption, pursuant to ISO 37001.

The details of the certifications currently held by the individual Group companies are reported in the following table.

	Tinexta	InfoCert	Sixtema	CertEurope	Camerfirma	Visura	Corvallis	Yoroi	Swascan	Warrant Hub
ISO 9001 Quality	O	O	O		0	0	0	0	O	O
ISO 14001 Environment		0			0
ISO 37001 Anti-corruption		0
ISO 2700rmation security		0			6		0	0	0	O
ISO 27017 Cyber security in cloud services								O	0
ISO 27018 Data protection for cloud services								0	0
ISO 20000 IT Service Management					0
ISO 22301 Business continuity management					0
PDR 125 Gender equality		0
Trusted introducer - CERT accreditation								O
SPID - Digital Identity Management		0
SOC 2 type II - Control Systems		0
eIDAS - Qualified Trust Service Provider		0		O
Legality rating							O

ESG Policies and 2023-2025 Sustainability Plan

As already mentioned in this document, following the approval of the Tinexta Board of Directors, in 2022 we issued our Sustainability Policy to which five other Group Policies refer. These five policies focus on the ESG issues identified as critical factors for the sustainable development of our strategy and are listed in the infographic below.

The Sustainability Policy contains the general principles and our guidelines for the path towards sustainable development and has been published in the Sustainability section of our website. The other five thematic policies were disclosed to all our companies, both in Italy and abroad, and made available to all our collaborators thanks to their publication on our Group intranet WE Tinexta.

With the aim of implementing the commitments undertaken and integrating the relevant ESG factors into our operations, in 2023 we delivered a project to evaluate the ESG performance of all the Group companies, so as to be able to define the first ESG Plan for the three-year period 2023-2025.⁴

Promoted and monitored by the ESG Committee, the project involved the three business units represented by an ESG Champion and representatives for each individual company, coordinated by the parent company's organisational unit Organisation, Sustainability & Internal Communication.

In the initial phase of the project, an assessment was conducted to identify the priority actions in terms of ESG initiatives to be implemented in 2023, the first year of the Group's three-year ESG Plan, all completed in the financial year being reported. The infographic shows an overview of the main goals of the 2023 ESG Plan achieved by the Group companies, many of which are also described in the other sections of this document.

⁴ The project involved the following companies within the Group's scope as at 28 February 2023, namely: InfoCert; Sixtema; Camerfirma; CertEurope; Visura; Tinexta Cyber; Yoroi; Swascan; Corvallis; Co.Mark; Co Mark TES; Queryo; Warrant Hub; Euro Quality, Europroject; Evalue; Forvalue. All the companies included in the scope of this Statement were included in the scope of the project.

The second phase of the project included carrying out a gap analysis aimed at detecting the degree of our companies' adherence to the commitments declared in the ESG Policies. This was achieved by measuring a set of indicators identified through a benchmark created on a panel of comparable and best-in-class companies.

This latter analysis made it possible to more effectively understand and identify the action areas in which we have decided to invest with the implementation of specific initiatives in 2024-2025, illustrated graphically below.

To allow monitoring the results actually achieved, we also identified twelve Key Performance Indicators (KPIs) with which we intend to measure the achievement of our sustainability objectives in the next two years. We then defined qualitative and quantitative targets for the KPIs for each year in order to guide the priorities of our companies.

The objectives and KPIs of the ESG Plan relating to 2024-2025, as well as the initiatives relating to 2023, the first financial year of the Plan, were presented to Tinexta's Control, Risk and Sustainability Committee for evaluation and for monitoring their completion, also for the purposes of reporting in this annual Consolidated Non-Financial Statement.

Our path towards a more sustainable business model also involves remuneration policies: for this reason, the ESG objectives and plans are included among the parameters underlying the short and long-term variable remuneration of the management of Tinexta and the main companies of the Group, as stated in the Report on the Remuneration Policy for 2023 and on Remuneration Paid in 2022, as well as in the previous CNFS.

Below is the detail of the 2024 - 2025 ESG Plan KPIs and the related targets.

COMMITMENT AREA	КРІ	TARGET 2024	TARGET 2025
Education and training	ESG training hours provided per capita	Guarantee an average of 4 hours per year of training per capita on ESG topics	Guarantee an average of 5.5 hours per year of training per capita on ESG topics
Sustainable supply chain	Proportion of suppliers compliant with the Code of Ethics and the Group Sustainability Policy	Require compliance with the Code of Ethics and the Group Sustainability Policy from 100% of the Suppliers in the Register as at 31.12 (for all Suppliers with turnover above the relevance threshold)	Obtain compliance with the Code of Ethics and the Group Sustainability Policy from 100% of the Suppliers in the Register as at 31.12.24 and 100% of the new entries in the Register (for all Suppliers with turnover above the relevance threshold)
Sustainable supply chain	Introduction of ESG criteria in the supplier evaluation and selection process	Define a Supplier evaluation and selection system with ESG criteria (for all Suppliers above the relevance threshold)	Implement the Supplier evaluation and selection system with ESG criteria (for all Suppliers above the relevance threshold)
Use of renewable sources	Proportion of energy consumption from non-renewable sources	Acquire 30% of electricity from renewable sources	Acquire 40% of electricity from renewable sources
Reduced emissions	Creation of a measurement model for Scope 1, Scope 2 and Scope 3 GHG emissions	Definition of a system for calculating Scope 1 and 2 Implementation of the Organisational Carbon emissions and screening Scope 3 emissions	Footprint calculation model (Scope 1, 2 and 3)
Reduced emissions	Proportion of hybrid-electric cars		Guarantee 30% of hybrid-electric cars out of the company total
Ensure dignified working conditions	contracts	Proportion of employees with permanent Maintain of employees with Maintain the proportion of employees with permanent contracts above 95%	permanent contracts above 95%
Health and safety	Injury rate	Keep the injury rate below 1.5	Keep the injury rate below 1
Gender Equality	Proportion of women in the company as at 31.12	Maintain 40% women in the workforce as at 31.12	Reach 41% women in the workforce as at 31.12
Gender Equality	Proportion of women in managerial roles Reach 35% of women in managerial roles		Reach 36% of women in managerial roles
Ethics and integrity	Appointment of the Anti-Corruption Manager and implementation of the Group Guidelines	100% of Group Companies appointing an Anti- Corruption Manager and implementing the Group - Guidelines
Ethics and integrity	ISO 37001 Anti-corruption certification		100% of direct subsidiaries acquiring ISO 37001 certification

ESG Risk Monitoring and Management

We applied a new risk mapping methodology following the Group Enterprise Risk Management (ERM) process in 2023, defined according to the international standard 'Co.SO - Enterprise Risk Management' aimed at identifying, assessing and managing all the risks that can impact business activity and influence the achievement of strategic and business objectives.

The new approach was structured by establishing that the Group's risk owners - with the coordination of Tinexta's Risk Management & Quality organisational unit and the contact persons responsible for the companies' ERM activities - identify and assess business risks in relation to the type of impact and its likelihood of occurrence, the relative degree of coverage through existing control safeguards, and the additional mitigation actions deemed necessary to decrease the level of residual risk.

Risk specialists also operate in our ERM process as an integral part of the internal control and risk management system. They are responsible for monitoring the risks that pertain to specific categories within dedicated risk management models, such as those relating to financial reporting pursuant to Italian Law 262/05, compliance with Italian Legislative Decree 231/01, the GDPR and IT security, identified beyond the ERM process.

The risk model adopted to identify the relevant risks for the Tinexta Group consists of six risk areas:

1. Strategic risks: those with an impact at Group level on the effective pursuit of strategies, image and the ability of processes to achieve the objectives defined by Top Management;
1. Operational risks: these concern business activities and have an impact on the level of effectiveness and efficiency of the Group's various business processes;
1. Compliance risks: resulting from the performance of business activities and concern the nonfulfilment of contractual clauses, laws, regulations and reference standards, with consequent potential administrative/penalty sanctions, and damage to the Group's image and operation;
1. Financial risks: resulting from the implementation of business activities and with an impact on the economic and financial parameters of accounting and reporting, liquidity and credit;
1. External risks: following the occurrence of external events of an accidental or natural nature with impacts on the Group's operations or resulting from the characteristics and evolutionary dynamics of the competitive context, from the relationship with customers or from unfavourable changes in the regulatory/legislative context at national and international level with repercussions on the activities and on the business model adopted;
1. Business continuity risks: resulting from the integrity and continuity of people, infrastructural and/or technological assets of the company being compromised due to an event not directly related to the company's activities or due to malfunctioning, damage, lack of maintenance, with impact on access infrastructure, the provision of services and business activities and the achievement of the organisation's objectives.

These six areas are in turn divided into 30 risk categories for which the Board of Directors of each Group company assigns a level of risk appetite statement, on the basis of which regular assessments are carried out through the application of the Group guidelines and methodology.

Risk assessment results are regularly reported to the Control, Risk and Sustainability Committee and to the Board of Directors of Tinexta, and are communicated to the Internal Audit Department because they provide useful information for planning the checks and controls on the achievement of the corporate objectives.

With reference to the material topics identified with the 2023 Materiality Analysis, below is an overview of the ESG risks that are significant in terms of their possible impact on our business activities and how they are managed.

Material topic	Risks	Safeguards
Personnel training and development	Inadequate definition of training plans for Group personnel, with subsequent negative impacts on the quality of services provided by the Group	 Personnel Training and Development Procedure
Talent acquisition and employee retention	Adoption of remuneration, retention and incentive policies for staff that are not aligned within the Group, with negative consequences on the turnover of staff with key professional skills	 Personnel Selection Procedure  Procedure for managing remuneration policies and the incentive system
	Lack of specific skills to effectively respond to changes in the regulatory and business context	Report on the Remuneration Policy and Remuneration Paid Remuneration Committee
Business Ethics	Behaviour not in line with the Group's ethical principles and/or company procedures	 Group Code of Ethics and Conduct  231 Model  'Whistleblowing communication' system  Anti-Corruption Policy
Diversity, non-discrimination and equal opportunities	Employees' perception of a lack of/reduced dissemination of diversity and inclusion values within the company	 Diversity & Inclusion Policy
Data Protection and Cyber security	Breach of mandatory regulatory requirements regarding privacy (GDPR), with application of sanctions (criminal and/or administrative) Cyber attack on IT systems / data network with	 Information Security Policy  Data Protection Policy
	subsequent interruption of business support activities and/or possible compromise of the confidentiality of strategic company data	 Data Protection Officer
Governance and sustainable strategy	Inadequate management of communication with stakeholders	 ESG Committee  CNFS Preparation Procedure  Sustainability and Diversity &
	Perception by financial stakeholders of a lack of/reduced diffusion within the Group of sustainability principles (e.g., absence/partial definition of measurable objectives) and diversity and inclusion values	Inclusion, Human Rights, Anti Corruption, Tax and Environment Policies  Three-year ESG Plan
Economic performance and its impact in countries where the Group operates	Increased competitiveness on the market with the entry of new competitors	 Group Strategic Production Plan Procedure
	Loss of quality of the services provided, and/or inadequate attention to customer requests with consequent prospective impacts on market share and turnover objectives	 Group Management Control System Procedure
Business continuity, Service quality and Customer satisfaction	Cyber attack on IT systems / data network with subsequent interruption of business support activities and/or possible compromise of the confidentiality of strategic company data	 Management System ISO 9001  Management System ISO 27001

Material topic	Risks	Safeguards
	Inability to develop and innovate the offering of products and services in line with the expectations and needs of the reference market
	Loss of quality of the services provided, and/or inadequate attention to customer requests with consequent prospective impacts on market share and turnover objectives
Responsible tax management	Errors in the calculation of taxes due to the lack of effective operational coordination between the company departments involved or to a non-timely implementation of regulatory changes	 Procedure for managing tax obligations  Tax Policy
Occupational health and safety	Failure to comply with the obligations established by applicable health and safety regulations	 Occupational Health and Safety Procedure  RAD
Relations with institutions	Inadequate management of relations with the Public Administration due to the absence of a structured process, with potential reputational impacts for the Group	 Procedure for managing relations with public authorities
Sustainable supply chain	Inadequate monitoring process for supplier performance, including from an ESG perspective, resulting in the provision of services not in line with expectations	 Supplier qualification process which envisages acceptance of the Group's Code of Ethics  Procedure for Purchasing Goods and Services
Sustainable products and innovation	Inability to develop and innovate the offering of products and services in line with the expectations and needs of the reference market	 Product design and development operational policies / practices
Responsible energy management	 50001 certification in order to reduce greenhouse gas emissions energy costs  Energy diagnosis in compliance with Failure to comply with the obligations established by the requirements of Italian Legislative applicable energy regulations Decree 102/2014, as subsequently amended and supplemented, as an obliged entity - Large Enterprise, with an energy consumption exceeding 50 TOE
Compliance	Failure to comply with the obligations established by current legislation	 Procedure for Transactions with Related Parties  Group Compliance Procedure  Insider Information Procedure
Initiatives in favour of local communities	Sponsorship of initiatives and/or projects by subsidiaries which are not aligned with the Group's objectives and strategy, due to the absence of a coordination process, with ensuing reputational impacts for the Group and possible losses in operating efficiency	 Group Communication Procedure  Group Social Media Policy

People at the Centre of our Vision of the Future

Consolidated Non-Financial Statement 2023 42

Workforce Characterised by Stability and Continuity
Uniqueness Is Strength
Projected Towards Constant Skill Growth
Skills Capital
Healthy and Safe Work Every Day
Support for Local Initiatives
Supply Chain Responsibility

Workforce Characterised by Stability and Continuity

The growth that has characterised the Group would not have been possible without the wealth of skills and professionalism of our collaborators. This is why we devote time and energy not only to building relationships based on mutual loyalty and trust, but also to strengthening their motivation towards the project that unites us.

Reiterating our commitment, we always pay attention to training, well-being and balance between professional and private life. Because the tomorrow to which we would like to give shape is a tomorrow that sees people at the centre.

As at 31 December 2023, the personnel of the companies included in the CNFS scope included 2,337 employees, a slight increase compared to the resources in force last year thanks to the 351 people we welcomed into our team.

In addition to employees, we have 436 collaborators of various kinds in our companies: trainees and interns, temporary workers, agents and external collaborators with professional work contracts.

We have always favoured stable, long-lasting working relationships in all cases where we have the possibility: proof of this is the marked prevalence of permanent employees, with percentages of 98% of the total workforce both in Italy and abroad. This prevalence also concerns full-time contracts, with percentages reaching 91% in Italy and 97% abroad.

We are aware that differences are an essential building block in structuring a cohesive working ecosystem, which is why we strive to protect and enhance them. Some data give the measure of our attention in this sense: as regards gender diversity, as at 31 December 2023, 40% of employees were women. In Italy and abroad, the significant number of employees under the age of 30 (18%) confirms our willingness to offer jobs to the younger generation.

In managing labour relations, the policies and procedures adopted by all Group companies refer to the provisions of the National Collective Labour Agreements (NCLAs) to which the individual companies refer.

For details on the composition of our Group's workforce as well as all other information on personnel and trends over the past three years, please refer to Annex B of this document.

Uniqueness Is Strength

In our relationship with our employees, we are committed to avoiding all forms of discrimination based on factors such as age, gender, sexual orientation, health status, ethnicity, nationality, political opinions and religious beliefs. Indeed, we are aware that the full potential of human resources can only be expressed by respecting the diversity of each individual and striving for equal opportunities.

The importance we place in these principles is also confirmed by their formalisation in our Code of Ethics and Conduct and our decision to have a Human Rights Policy and a Diversity & Inclusion Policy.

Both were drafted using some of the most authoritative international initiatives and statements on these issues as reference:

UN Global Compact;
2030 Agenda for Sustainable Development;
Universal Declaration of Human Rights;
International Labour Organisation (ILO) Declaration on Fundamental Principles and Rights at Work;
the fundamental conventions of the ILO with subsequent updates.

We are convinced that ensuring respect for human rights, both in the conduct of our operations and along the value chain, is a fundamental factor in effective and sustainable business management.

Everything related to the topic of Diversity & Inclusion also plays a primary role in our policies: this expression stands for two values that contribute to creating an open and stimulating working environment, where perspectives and points of view are affirmed, foster innovative ideas and improve collaboration.

We encourage compliance with the principles and values listed in these documents by members of the corporate bodies and by all employees in the performance of their responsibilities and activities, as well as by all those who act in the name of and on behalf of the Group companies.

Some initiatives undertaken by the Group are particularly noteworthy in this regard. An example is InfoCert's activation of higher technical education and training courses and advanced IT training for people with autism spectrum disorders, in collaboration with the Specialisterne Foundation. This initiative also saw the inclusion, during the course, of four young people on the autistic spectrum in the ICT field as application testers.

To promote the enhancement and creation of an inclusive and accessible environment also for talents with dyslexia, InfoCert worked actively to certify itself as a Dyslexia Friendly company. Furthermore, in 2023 it provided information and awareness courses to all employees, together with specialised training aimed specifically at the company's HR Department, in agreement with the Italian Dyslexia Association. Collaboration with the Giotto Cooperative also continued, which deals with the sustainable development of civil economy and social innovation starting from work.

Another worthy initiative concerns Warrant Hub. On the occasion of the conference on 22 November 2023 entitled The New Enterprise 5.0 - Sustainability and Digital Transition, Warrant Hub chose the San Patrignano Community Theatre, an Italian centre of excellence for the

recovery of young people with addiction problems, and invited the theatre company Up & Down, which includes actors with disabilities and Down syndrome, to perform.

On the diversity front, we are also working hard to combat gender inequalities.

We have collectively addressed the issue of gender equality over the last year and, as a demonstration of our commitment, identified two KPIs among the 12 ESG indicators with specific targets to be achieved in the next two years: one regards the proportion of women in the company and the other the percentage of women occupying managerial roles.

Many companies in the Cyber Security and Digital Trust business units have taken steps to introduce young women to professions in the Science, Technology, Engineering and Mathematics (STEM) area. Among these, we highlight InfoCert, which for years has participated in communication and engagement initiatives with the ELIS community of the School-Business System and Corvallis, which collaborates with technical institutes in the area in which it operates.

Warrant Hub, ForValue and Queryo, which belong to the Business Innovation business unit, have voluntarily carried out a performance assessment exercise with respect to the principles of international standard GRI 405 Diversity and Equal Opportunity, with particular reference to:

405-1 Diversity of governance bodies and employees;
405-2 Ratio of basic salary and remuneration of women to men.

The results of this first exercise gave positive results and allowed us to identify some margins for improvement on these issues, which will give rise to appropriate improvement projects.

Furthermore, Visura and InfoCert have chosen to carry out a screening to have a more precise picture of their positioning with respect to international guidelines on gender equality. Building on its firm foundations, as already illustrated in the previous pages, InfoCert obtained certification for its gender equality management system pursuant to the UNI/PDR 125:2022 standard in November 2023.

No incidents of discrimination were recorded in any of our Group companies in the reporting year.

Projected Towards Constant Skill Growth

As the competitiveness and complexity of the markets increase, we believe it is essential to invest in the growth of the Group's internal skills.

From this perspective, training is a crucial tool for supporting the preparation and updating of people and the creation of future knowledge. While it is useful to work towards the dissemination of skills and expertise on one hand, there is an equally essential need to strengthen the awareness of being part of a Group on the other and build a common culture by also involving young talents in enhancement and engagement projects and processes, so that belonging to Tinexta is a choice supported by concrete growth prospects.

Established in 2022 for the creation of inter-departmental relationships and the contamination of skills between different professions, Tinexta Corporate Academy responds to the need to promote a Group training strategy. This body has promoted courses centred on sustainability issues, available in e-learning mode on our digital education platform for all employees. Among

the many training programmes designed for our resources, the Vitamin D series to encourage diversity deserves mention, as does the training on cyber security designed internally by the team of the BU of the same name and the programme for raising awareness of the Code of Ethics. In addition to Group training, some companies have local academies equipped with specific training courses relating to their business.

Our Formula for Success

We launched the Tinexta Leadership Model in 2023, which defines distinctive values, skills and behaviours to be successful in the context in which we operate. Each person can embody the model by demonstrating that they can practise and transfer these values, skills and behaviours to all levels of the organisation and by being a leader capable of acting as an example for others.

Thanks to a number of interviews and exploratory workshops conducted with over 40 representatives of the Group's management, we studied and prepared the new model, presenting it to the entire management team during our annual convention, held from 5 to 6 October 2023 in Capri.

We have appointed more than 80 change

agents to disseminate the model at all Group organisation levels, who since November 2023 have facilitated over 50 training sessions for all employees. The leadership model represented in the graphic above also received recognition as the best consultancy project during the Digit'Ed Fast Forward 2023 contest organised by the supplier who supported us during its design.

Training: Numbers and Good Examples

From a quantitative point of view, a total of 49,931 training hours were delivered in 2023.

In addition to the mandatory training activities provided, for example, to comply with Italian Legislative Decree 231/2001, the GDPR and occupational health and safety regulations, we provided training mainly on issues relating to our business, such as the management of cyber security risks, but also on issues relating to sustainability, including Anti-Corruption, Business Ethics, Diversity & Inclusion and regulatory changes regarding the reporting of non-financial information. Furthermore, we focused on the growth and vertical development of our employees, with courses in effective communication and foreign languages.

In some cases we chose to enhance personnel with advanced training courses on sustainability issues. One such example is Warrant Hub, which gave three employees the opportunity to pursue a PhD entitled Innovation for the Circular Economy at the University of Turin. Lasting three years, the course will end in the spring of 2024. Furthermore, in 2023 another eight employees of the company were able to complete their studies and obtain a Sustainability Management master's degree at Unitelma Sapienza.

Skills Capital

We have always been committed to searching for and developing the best talent capable of making a practical contribution to the sustainable and lasting growth of our Group, making it a benchmark in our industry. Our companies participate in many initiatives to identify these talents, especially in the academic sphere.

Corvallis renewed its support for the Friends of the University of Padua Association, which promotes and supports initiatives such as research and teaching programmes, scientific, cultural and organisational meetings, and projects for deserving students and young scholars. In the twoyear period 2022-2023, the company also took active part in the second edition of the competition for awarding the doctoral thesis prize named after Tullio Levi-Civita of the University of Padua.

In 2023 Yoroi set up and/or renewed agreements with the following universities: Alma Mater Studiorum University of Bologna; Sapienza University of Rome; University of Udine; University of Sannio; Bicocca University of Milan.

Thanks to the agreements listed above, it was possible to provide six curricular and/or extracurricular thesis/internship projects to three-year university students, master's students and/or specialisation master's students in the cyber security field. By sharing materials, knowledge and skills to accompany the training methodology, the scholars had the opportunity to develop and finalise possible products, parts and components of activities as well as thesis projects. In 2023, four interns, of which three were assigned thesis projects, received a job offer after the end of their studies.

Warrant Hub has worked alongside various Italian universities for several years, supporting them in the organisation of seminars and training and information courses. In 2023 the company also began collaborating with some foreign universities, such as Uppsala University in Sweden, with which it organised the SOMIRO School – Miniaturised and soft robots event, dedicated to sharing the results of the EU-funded project of the same name for more sustainable and cutting-edge agriculture. Lasting four days, the event alternated classroom and practical lessons with networking activities, involving graduate students, young researchers and robotics experts from all over Europe.

In 2023, following from the previous year, we continued and strengthened the Open Innovation programme, launching the partnership mentioned above with Digital Magics, through which we provide start-ups and innovative entrepreneurial projects with important resources and the distinctive skills of our Group.

Thanks to the work of the Talent Acquisition team, our Group guarantees the same opportunities to all candidates, regardless of gender, geographical origin, age, religious and sexual orientation and marital status, setting remuneration only on the basis of criteria relating to professional skills and the role held.

In every selection process, we carefully evaluate each aspect relating to skills and the potential for integration within our company, based on our Leadership Model.

Moreover, the internal job posting system favours professional exchange opportunities between Group companies: resources can thus apply for open positions in other Group companies, according to principles of transparency and merit.

We again confirm significant growth in the skills of the Group in 2023, counting 351 hires, 38% of which were women and 41% young people under 30. We recorded a turnover rate of 10% during the year, down compared to last year, as reported in detail in Appendix B.

Hires and terminations	UoM	Specification	2023
Total new hires	no.	-	351
	no.	Men	216
Net hires by gender	no.	Women	135
	no.	New hires under 30	144
Net hires by age group	no.	New hires between 30 and 50	172
	no.	New hires over 50	35
Total terminations	no.	-	238
	no.	Men	166
Net terminations by gender	no.	Women	72
	no.	Terminations under 30	65
Net terminations by age group	no.	Terminations between 30 and 50	138
	no.	Terminations over 50	35

Our employee retention is high, demonstrating the deep commitment we make towards workers on various fronts.

Some of the aspects that encourage people to stay and advance in our Group are:

stable and open-ended negotiations from the very first moment;
opportunity to work remotely, flexible hours and part-time work, where possible, for a better balance between private and professional life;
contractual and, in many cases, also supplementary welfare coverage to extend the benefits of our employees and their families;
promotion of opportunities that encourage dialogue and discussion, such as reverse mentoring projects to facilitate intergenerational exchange, team building, coffee talks, conventions and corporate events.

The remuneration policies we apply within our Group are extensively detailed and described in the Remuneration Policy Report for 2023, which is published on our corporate website under Governance.

Healthy and Safe Work Every Day

We manage health and safety aspects in compliance with relevant national regulations in all Group companies.

All Italian companies operate in line with the requirements of Italian Legislative Decree 81/08 and other occupational health and safety laws applicable to the company. Each company has a Prevention and Protection Service Manager (PPSM), a Workers' Safety Representative (WSR), a Company Physician (CP) responsible for health monitoring, and emergency team members for first aid and fire-fighting.

In 2023, we established a new figure, PPSM Coordinator, to standardise and steer choices relating to health and safety in workplaces shared by multiple Group companies, as in the case of the new Milan headquarters.

Our approach to health and safety is inspired by the principles of protection, safety and dignity of the human person and is aimed at ensuring the protection of workers' physical integrity and the hygiene of workplaces. Given the nature of the services provided, we classify the employees of our companies overall as either management, coordination personnel or clerical personnel: almost all of them work at video terminals on company premises or in their own homes remotely. We follow procedures to assess the risks to workers' health and safety that are specific to each company and are detailed and described in the risk assessment documents (RAD).

Our effective management of health and safety aspects is based on an adequate organisational structure with defined responsibilities, trained personnel, control of activities and availability of emergency plans/procedures. We inform all company employees and whoever may be present at company premises about our approach to health and safety by sharing the rules and standards of behaviour to be followed when carrying out work activities.

Workers in each company can report the presence of possible dangers by liaising with the figures within the company who are responsible for these issues, such as the WSR and the supervisors. In compliance with current national regulations and our internal reporting policies, under no circumstances may such reports be the subject of disputes or retaliation.

The companies provide the general and specific training required by national legislation and monitor the CP's activities, enabling him to perform the tasks required by Italian Legislative Decree 81/08 as effectively and efficiently as possible.

Like the Italian companies, the Group's foreign companies also manage health and safety aspects according to the relevant national regulations: Law L. 4121-1 à 3 and R. 4121-1 et 2 - Labour Code in France and Law 31/1955 in Spain. Although with due differences, both regulations include the obligation to draw up a document on the assessment of risks to which employees are exposed, monitor health and safety aspects, define responsible persons both inside and outside the company and identify a CP.

In addition to legislative compliance, Sixtema has developed a project to evaluate the workrelated well-being of its employees. The elements that contribute to personal well-being undoubtedly include regular physical activity: this is also why InfoCert has introduced an agreement with Gympass among its welfare initiatives, which offers its employees flexible access to gyms and sports facilities.

We would also like to point out that from 2023, the rate of accidents at work has become a KPI of our ESG plan, with two specific maintenance and improvement targets for the next two years. In general, the companies within the scope of this CNFS did not present any cases of occupational diseases or fatal or permanent injuries in the reporting year.

Support for Local Initiatives

Our commitment to the community is demonstrated both locally, in the areas where our offices are located, and nationally. In 2023 we contributed to the implementation of several projects in the social field. The most significant cases are reported below.

We participated in the Run4Rome solidarity relay: 16 employees, divided into four teams, trained to cover the four sections that make up the Rome marathon. With this event, the Group had the opportunity to achieve a valuable result by running together and supporting the AIRC foundation in cancer research.

Corvallis also actively participated in a solidarity marathon in Padua, its home city, contributing to the activities of the VIMM Foundation for Advanced Biomedical Research in Padua, an international centre of excellence for research in the field of cellular and molecular biology.

As in previous years, Tinexta Cyber supported the Venetian foundation Città della Speranza, a leading research centre in Europe on childhood diseases. Its aim is to promote study, teaching activities, scientific research and assistance in the field of all paediatric pathologies, with particular regard to onco-haematological patients. In addition to liberal donations, Tinexta Cyber carried out a pro-bono project for the foundation, offering a cutting-edge cyber defence service developed in synergy with Yoroi and Corvallis.

Yoroi has donated some company assets, mainly workstation tools and other IT material, to associations capable of redeveloping and reusing them for their own activities.

Visura contributed to a sustainable horse-riding project at an amateur sports association specialising in hippotherapy with people on the autism spectrum. In addition, it took part in corporate volunteering with the RomAltruista Foundation.

InfoCert also created corporate volunteering projects: the partnership with the Sodalitas Foundation was divided into environmental activities in which 40 employees took part, and social activities with the participation of another 31. InfoCert also made donations to:

Association of Italian Blood Volunteers (AVIS);
Banca degli Occhi del Veneto Onlus Foundation;
research to fight CDKL5 Syndrome, a rare form of epileptic encephalopathy caused by a genetic mutation;
battles against cancer through the Race for the Cure event and the Nastro Rosa Charity Dinner event in collaboration with AIRC.

Camerfirma supported volunteering actions together with local associations and Sixtema took part in activities promoted by Legambiente and Caritas Modena.

Warrant Hub supported the Noi per Loro ODV Parma association, financing the New Therapeutic Approaches for the Treatment of Hepatocarcinoma research grant at the University of Parma. It

also made donations to the following local associations and communities: Pro Loco Correggio, Correggio Red Cross, CuraRE Onlus and Intermed Onlus.

Many companies in our Group are members of national or international industry and trade associations and advocacy organisations. In 2023, a total of 44 memberships were registered.

Supply Chain Responsibility

We seek sustainability and safety throughout the supply chain in order to implement the principles established by our Sustainability Policy.

For some years now, we have had a procurement procedure that defines criteria, responsibilities and operational methods for managing the qualification, evaluation and management process of the supplier register, implemented via the Group's e-procurement portal.

Our supplier register management process has two fundamental phases, qualification and evaluation, which differ in terms of time - an ex ante verification in the first case and ex post in the second - and in the type of information examined.

Supplier evaluation is aimed at verifying:

compliance with the Code of Ethics and Conduct and aspects related to workers' health and safety;
regular payment of social security contributions;
right of inspection by the Group;
possession of specific certifications;
technical skills;
quality of products and services;
completeness of the requested documentation.

During the qualification phase, we also examine certain sustainability criteria, for example the presence of UNI EN ISO 14001 environmental certification or other certified management systems. Over the next two years, we intend to further the investigation into the ESG aspects of our suppliers with the initiatives defined in the ESG Plan for 2024 and 2025 and related to:

obtaining supplier compliance with our Sustainability Policy;
the inclusion of new and more specific criteria for evaluating the ESG performance of suppliers in the qualification and evaluation system.

Furthermore, to strengthen supply chain control, we have started to introduce environmental requirements inspired by the minimum environmental criteria for certain types of purchases. As already stated in this document, we have already applied these criteria to some of our supplies: examples include the furnishings and electrical systems of our new offices in Milan and the new printers supplied to various Group offices, equipped with software capable of monitoring paper consumption.

Our suppliers are mostly located in Europe. The most relevant ones offer professional goods and services closely related to our business, such as subsidised finance consulting, specific technical consultancy in digital trust or cyber security, instrumental goods and services such as servers and digital keys, as well as related to business operations (e.g., telephony, connectivity, IT support, etc.).

Consolidated Non-Financial Statement 2023 53

Respect for the Planet We Live on

Consolidated Non-Financial Statement 2023 54

A Constantly Growing Commitment
Offices with a Lighter Footprint
Mobility Management
Energy and Emissions

A Constantly Growing Commitment

Over the last two years, we have increasingly and more precisely focused on the impacts our Group has on the planet that hosts us and on the resources it makes available to us. This has made both our awareness of these issues and our commitment to responsibly manage them grow.

The often-mentioned ESG Plan will further strengthen this commitment over the next two years. We have defined further objectives to be achieved in terms of monitoring the direct and indirect environmental impacts from our activities and, consequently, defining reduction actions.

In addition to the policy on environmental issues, we also reiterate the importance of behaviour that protects the planet we live on in the new Code of Ethics and Conduct, emphasising the value of the correct use of resources.

Our commitment is not simply to comply with current environmental protection and conservation legislation, but is also reflected in several responsible choices made by Group companies.

Among those that fall within the reporting scope are, for example, the partnerships that Warrant Hub has developed for some time now for the dissemination of information on the green economy. One of the significant actions is the constant contribution to drafting the GreenItaly report, the 'photograph' that the Symbola Foundation and Unioncamere take annually of our country's green economy. Warrant Hub also collaborates with Ricerca sul Sistema Energetico (RSE) S.p.A. for the creation of scientific-informative investigations and publications on energy efficiency policies.

Lastly, we would like to underline that within the Group, InfoCert and Camerfirma have decided to equip themselves with an environmental management system certified in accordance with UNI EN ISO 14001:2015.

Offices with a Lighter Footprint

We know that the most important direct environmental aspects are related to our office activities; this is why the Real Estate team promotes the evolution of our offices throughout the country, also suggesting environmental improvements.

Our two new offices fit precisely within this perspective, designed to bring together the Group companies in Milan and Rome. The Milan office was inaugurated in the autumn of 2023 and today hosts over 300 people on a surface area of 5,200 square metres designed with energy efficiency in mind, while the Rome office is currently being finalised.

The strong environmental sustainability of these buildings is also demonstrated by their sustainability certifications: the Vetra Building which is home to our offices in Milan has obtained LEED certification (Leadership in Energy and Environmental Design), platinum level; together with the owners of the new offices in Rome currently under construction, we are working to obtain the Bream International Non-Domestic Refurbishment 2015 certification - Very Good level. Therefore, the new offices designed to encourage collaboration are located in energyefficient buildings which are designed and built, as much

as possible, with natural materials, reused and compliant with the Minimum Environmental Criteria defined by the Ministry of the Environment and Energy Security.

Thanks to their location in the heart of the two cities, they are also easily accessible by public transport, allowing our employees and visitors to choose more sustainable transport solutions. A similar decision was also made by Camerfirma, which moved its central offices to the centre of Madrid in 2023, thus allowing many of its employees to use public transport without excessive consequences on their commute.

In general, many of our offices have launched initiatives to reduce environmental impacts in several areas.

Dematerialisation

Digitalisation processes have allowed less use of printed paper. Tinexta Business Innovation has launched two projects in this regard: the dematerialisation of dossiers relating to tax credit practices for research, development, innovation and design, leading to the reduction in travel and related greenhouse gas emissions necessary for delivery by courier; the implementation of a new IT platform which has generated a general streamlining of business process management, again with a reduction in the use of printing materials. Furthermore, the use of atures has been maximised in the Group companies.

Reduction of plastic

We have reduced the use of plastic, especially for the distribution of beverages in the new headquarters in Milan, by encouraging the use of water bottles.

Remote work

Whenever possible, we work remotely, thereby reducing travel -related impacts.

Separate waste collection and equipment recovery

We carry out careful separate waste collection in our company offices and encourage the recovery of equipment. For example, at the end of its use, some companies donate their IT equipment to associations, schools or other bodies so that it can be reconditioned and reused.

In 2023 we sent for recovery 0.74 tonnes of WEEE (EWC category 16 02 14) and 0.04 tonnes of cartridges and toners (EWC category 08 03 18).

Energy

On the energy front, we use efficient lighting systems and low consumption electrical/electronic equipment. Not only that: we have increased procurement from renewable sources directly with self production from photovoltaic panels, for example at the Yoroi headquarters in Cesena. We also act indirectly on this aspect, preferring electricity managers who guarantee higher percentages in production from renewable sources, setting specific KPIs and targets to be achieved as part of the 2024 -2025 ESG Plan.

Mobility Management

One of the commitments expressed in our environment policy is achieving more sustainable mobility. Also on this topic, one of the KPIs of the 2024 -2025 ESG Plan includes a specific indicator that will allow us to increase the share of hybrid or electric company cars compared to endothermic ones over time.

Warrant Hub already took action in this sense in 2023, launching a project to gradually replace diesel cars in the company fleet with new hybrid cars. Some of our companies have also chosen not to have company cars and to encourage the use of public transport or bicycles through the total or partial reimbursement of season ticket or vehicle rental fees, such as CertEurope. The other companies that instead use cars undertake to guarantee, as far as possible, the use of Euro 6 cars, the latest fuel technology currently available.

In general, as a Group we embrace a policy of limiting travel and business trips, thereby reducing the use of means of transport that contribute to greenhouse gas emissions as much as possible. In order to do so, we tend to organise video conferences and, when in-person meetings cannot be avoided, we advocate travelling by train. This has a threefold benefit in ESG areas: reducing greenhouse gas emissions, increasing the level of employee health and safety protection and, lastly, optimising operating costs.

Energy and Emissions

Among the direct environmental aspects, energy consumption and its effects in terms of greenhouse gas emissions is the most significant in our Group.

For this reason, energy consumption is increasingly monitored:

in 2022 we launched an energy consumption monitoring activity and calculated the Scope 1 GHG missions of the companies that fall within the reporting scope;
in 2023 we launched the analysis of Scope 2 location-based GHG emissions and other emissions;
for 2024 we have set ourselves the goal of defining a system for calculating Scope 1 and 2 emissions (both location- and market-based) and screening for Scope 3 emissions,
in 2025 we have set ourselves the goal of processing our carbon footprint organised as Scope 1, 2 and 3.

The table below details our Group's consumption.

Energy sources		UoM	Amount consumed 2023
	Petrol	GJ	3,637
	Diesel	GJ	16,067
Energy consumption of fuel from non-renewable sources	Natural gas	GJ	3,875
	LPG	GJ	3.20
Electricity consumed, purchased from the grid	-	GJ	15,579
Total energy consumption within the organisation	-	GJ	39,161

Starting from the consumption of purchased fuel and electricity reported in the previous table, we applied emission factors to calculate the emissions of greenhouse gases and other significant emissions into the atmosphere. Also in this case, the tables refer to the overall data for all companies in the scope of the CNFS.

GHG emissions		UoM	Amount emitted 2023
	Petrol	Ton. CO2 eq.	257
Direct emissions (scope 1)	Diesel	Ton. CO2 eq.	1,195
	Natural gas	Ton. CO2 eq.	218
	LPG	Ton. CO2 eq.	0.20
	Total	Ton. CO2 eq.	1,670.2
Indirect emissions from imported energy (Scope 2 location-based)		Ton. CO2 eq	1,033.5
Total GHG emissions (Scope 1 and scope 2 location-based)		Ton. CO2 eq.	2,704

Other emissions into the air	UoM	Amount emitted 2023
NOx	Kg	3,616
SOx	Kg	8.4
PM2.5	Kg	205
CO	Kg	2,437

The emission factors, estimates and assumptions underlying the calculations can be found in Appendix C.

When reducing emissions is no longer possible, offsetting initiatives can prove useful. Bearing this in mind, several companies have developed environmental redevelopment and reforestation projects: for example, Camerfirma joined a reforestation project at the Cerro de los Ángeles Sanctuary (Madrid) with the planting of 90 pine trees, in which 25 employees participated. Swascan, Tinexta Cyber and Warrant Hub have carried out planting projects with Treedom, thus supporting rural communities and contributing to the absorption of CO² globally.

All Tinexta Digital Trust companies also decided to offset their climate-changing emissions for 2023. In particular, the business unit offset 986 tonnes of CO2, equal to 36% of the emissions recorded at Group level, through a certified offsetting project to preserve a vast area above Lake Kariba (in northern Zimbabwe) from deforestation.

Furthermore, InfoCert has joined the international Science Based Target initiative (SBTi) programme: it will present a project within the next two years to reduce its emissions based on scientific criteria and in line with the objectives of the Paris Agreement.

The business activities of some of our companies also contribute to decarbonisation. Among these, Euroquality promotes innovation for a sustainable future by supporting private companies, research centres, NGOs and public bodies in their path towards decarbonisation and the transition to a more environmentally-sustainable economy.

The company has launched many projects to develop technologies for CO² capture, sustainable mobility and a green energy transition. Among these, CLIMATEFIT deserves mention, a project approved in September 2023 and coordinated by the World Climate Foundation. CLIMATEFIT supports EU territories on their path towards climate resilience, helping the main players, primarily public administrations, understand how to approach sustainable investments by building a critical vision and specific skills.

Consolidated Non-Financial Statement 2023 60

06 Taxonomy

Regulatory Framework
Methodological Approach
Results

Regulatory Framework

The European Taxonomy introduced by EU Regulation 2020/852 as amended, is an EU tool aimed at directing capital toward activities that contribute substantially to achieving the goals of the European Green Deal:

11.climate change mitigation;
12.climate change adaptation;
13.sustainable use and protection of water and marine resources;
14.transition to a circular economy;
15.prevention and reduction of pollution;
16.protection and restoration of biodiversity and ecosystems.

To achieve these objectives, the Taxonomy steers investors towards more sustainable projects and activities, giving them access to reliable and transparent information.

According to its regulation, the economic activities that can be included in the Taxonomy (and thus defined as 'Taxonomy-eligible') are those that are able to make a substantial contribution to one or more environmental objectives.

A Taxonomy-eligible economic activity can instead be considered environmentally sustainable (and thus defined as 'Taxonomy-aligned') when it fulfils what are known as the 'technical screening criteria' of the delegated regulations. Following the issue of EU Regulation 2021/2139 and subsequent amendments at the end of 2022, the technical screening criteria for the first two climate objectives were defined, while those of the remaining four, together with the lists of eligible activities, were published in 2023 through EU Regulation 2023/2486.

According to Article 8 of EU Regulation 2020/852, companies required to publish a CNFS must include a special disclosure in the report on how and to what extent the company's activities are related to Taxonomy-eligible and aligned economic activities.

Regulation 2021/2178 defines KPIs (Key Performance Indicators) as all the financial information to be provided by companies defined as 'non-financial' for the aligned activities.

The communication concerns:

a) the proportion of turnover from products or services associated with economic activities considered environmentally sustainable;
b) the proportion of capital expenditure (CapEx) and the proportion of operating expenditure (OpEx) related to processes associated with economic activities considered environmentally sustainable.

For this reporting year, Article 5 of EU Regulation 2023/2486 establishes that, in relation to the remaining four environmental objectives of the recently published Taxonomy, only the eligibility quota is reported.

Methodological Approach

In line with the regulatory requests, eligibility and alignment assessments were collected from the individual companies within the reporting scope through specific analysis checklists where each company indicated the data required for the calculation of the KPIs. This information is shown in the following tables in a consolidated manner for the Group.

Unlike last year and in line with Regulation 2021/2178, this year the following expenses were included:

1. expenses aimed at expanding economic activities aligned with the Taxonomy or aligning eligible ones ('CapEx plan');
1. expenses related to the purchase of products from Taxonomy-aligned economic activities and individual measures that enable the target activities to achieve low carbon emissions or reductions in the production of greenhouse gases.

The latter include measures that could relate to the installation, maintenance and repair of:

energy efficiency devices (7.3);
charging stations for electric vehicles in buildings (7.4);
instruments and devices for measuring, regulating and controlling the energy performance of buildings (7.5);
technologies for renewable energy (7.6).

With a view to continuous improvement, the 2023 taxonomy reporting process was coordinated by the Administration, Finance, Control & Procurement Departments of the three Business Units, in cooperation with the managers of the ESG activities at the individual companies within the scope. This operational approach allowed us to achieve a better level of consistency in the eligibility and alignment assessments of the various companies, and also enabled us to share any future actions to improve the level of alignment of the eligible economic activities across the board.

Results

The tables below show the data relating to eligible and aligned revenue, CapEx and OpEx, consolidated at Group level and broken down by activities and objectives.

	Eligible revenue	Eligible proportion	Aligned revenue	Aligned proportion
Eligible business activities
8.1 Data processing, hosting and related activities	€155,090,145	40%	€125,637,042	32%
8.2 Programming, IT consultancy and related activities	€101,061,449	26%	- €	0%
9.3. Professional services related to the energy performance of buildings	€507,620	< 1 %	- €	0%
Total - Tinexta Group	€256,659,214	66%	€125,637,042	32%

	Eligible CapEx	Eligible proportion	Aligned CapEx	Aligned proportion
Eligible business activities
8.1 Data processing, hosting and related activities	€25,605,003	48%	€23,720,101	44%
8.2 Programming, IT consultancy and related activities	€6,007,630	11%	- €	0%
9.3. Professional services related to the energy performance of buildings	- €	0%	- €	0%
Interventions to reduce greenhouse gases
7.3 Installation, maintenance and repair of energy efficiency devices	€550,000	1%	€550,000	1%
Total - Tinexta Group	€32,162,633	60%	€24,270,101	45%

	Eligible OpEx	Eligible proportion	Aligned OpEx	Aligned proportion
Eligible business activities
8.1 Data processing, hosting and related activities	€10,046,253	49%	€6,559,952	32%
8.2 Programming, IT consultancy and related activities	€4,304,215	21%	- €	0%
9.3. Professional services related to the energy performance of buildings	€1,756	< 1 %	- €	0%
Interventions to reduce greenhouse gases
7.3 Installation, maintenance and repair of energy efficiency devices	- €	0%	- €	0%
Total - Tinexta Group	€14,352,224	69%	€6,559,952	32%

From the analysis conducted on the activities of the companies included in the reporting scope, three business activities eligible for the climate objectives and an intervention for the reduction of greenhouse gases (relating to energy efficiency devices) emerge.

Compared to the previous year, Research, development and innovation activities close to the market were no longer reported as eligible, as they related to a project intervention that was completed at the end of 2022.

None of our companies had activities eligible for the other four environmental objectives of the Taxonomy.

Our Group's eligibility proportion for 2023 was equal to 66% of turnover and was substantially linked to the activities of Group 8 - Information and Communication, i.e., those of data processing and hosting (46%) and IT programming and consultancy (26%). The activity of Group 9 - Professional, scientific and technical activities only marginally contributed to the proportion (<1%).

The change in the eligibility percentage compared to 2022 (+ 5%) is attributable to a different distribution of revenues of the individual companies.

Regarding the alignment of revenues, CapEx and OpEx, the quality of data collection and robustness of evaluation improved in 2023. Therefore, even with an always prudential approach,

our Group was able to declare greater aligned proportions, with the support of technical evidence also for those hosting activities entrusted to external suppliers. In any case, as for 2022, in the presence of weak documentary evidence, a lack of alignment was assessed as a precautionary measure.

The revenue alignment proportion was equal to 32% of overall turnover (27% in 2022). This proportion is entirely related to the substantial contribution made by the Group's climate change mitigation activities (objective 1).

The eligible CapEx proportion was equal to 60% (in line with the eligible proportion of turnover), while the aligned proportion rose to 45%, with a significant increase compared to 2022 (+36%); this change confirms that the Group's investments in environmentally friendly activities are growing.

As regards the eligible and aligned OpEx proportions, a trend was recorded that quite faithfully reflects that of the turnover proportions, similarly to last year: in fact, the first is approximately 69%, while the second is equal to 32%.

In light of the results presented, our Group intends to continue investing time and energy on two fronts that we consider strategic:

1. improving the evaluation of the required Taxonomy criteria to pursue an increasingly consistent, coherent and uniform approach;
1. increasing the level of alignment by preparing climate risk assessments for the locations where our staff operate and obtaining strong evidence of alignment to the Taxonomy from our hosting service providers.

For a more in-depth analysis of the Group's data, please refer to the tables in Annex II of EU Regulation 2021/2178 (as amended in 2023), reported in Appendix D.

Appendices

A - Companies included in the organisation's sustainability reporting

Consolidated Non-Financial Statement 2023 66

B Overall data and trends
C Conversion and emission factors
D Taxonomy details
E Management of material topics
F Reconciliation Table
G GRI Content Index

A - Companies included in the organisation's sustainability reporting

Tinexta Digital Trust

Tinexta Digital Trust offers solutions that guarantee the security and reliability of digital transactions, accompanying companies, professionals, citizens and public administrations in the adoption of innovative and sustainable processes.

Operating in more than 60 countries, InfoCert S.p.A. is the leading Certification Authority at European level.

With offices in Rome, Milan and Padua, it provides digitalisation, e-Delivery (certified email), ature and

digital preservation of documents; it is also an AgID-accredited digital identity manager in the SPID system. At European level, it is a leader in offering Digital Trust services that comply with EU requirements and standards.

Sixtema S.p.A. provides IT and management services to companies, entities, associations and institutions, with a particular focus on the world of the National Confederations of Craftsmen (CNA - Confederazioni Nazionali dell'Artigianato) and SMEs. It has more than 100 employees, located at

operational sites in Modena, Florence, Ancona and Milan.

As a service provider, Sixtema provides over 5,000 users with an integrated technology infrastructure service, including software, connectivity and application software management services.

AC Camerfirma S.A. is a leading certification company in the Spanish RegTech market.

The local Chambers of Commerce founded it in 2011 and still control 49% of the capital: with their widespread presence in

the Spanish business environment and strong institutional roots, they continue to offer fundamental support.

The company joined InfoCert in 2018 and since then has supported its customers' digital transformation by offering technology solutions to optimise regulatory management activities and streamline processes and operational controls.

Camerfirma is internationally oriented and mainly works with the South American market: a sign of this expansion is its presence in Peru and Colombia.

CertEurope S.A.S. is InfoCert's Qualified Trust Service Provider in France.

Created in 2000 by members of the French Chamber of Commerce, in 2012 it joined the Oodrive Group, one of Europe's leading players in cloud-based & sovereign

productivity solutions.

By joining InfoCert in 2021, CertEurope was transformed from a certification company into a software solutions company. Today, it is the first French Certification Authority recognised by the European digital identity regulation. As a QTSP, it guarantees the confidentiality and tracking of digital exchanges.

In addition, CertEurope performs Digital Trust activities, with digital identity and electronic signature management, Public Key Infrastructure (PKI) and Digital Transaction Management (DTM). It collaborates with certification organisations such as LSTI/COFRAC and ANSSI, contributing to future versions of standards such as RGS V3 and eIDAS V2, ETSI EN 319 411-1 and 2 standards.

Visura S.p.A. operates in the fields of software development for professional associations and professionals in the Digital Trust and commercial databases and information.

Visura's services and solutions are grouped into three business lines: Lextel, aimed at the world of lawyers; Visura, dedicated to companies and technical categories of professionals throughout the country; ISI, oriented towards the production and distribution of management software solutions for professional associations.

The database resale service meets the expectations of different user categories, including land registry, cadastral and Motor Vehicle Registry searches.

Digital Trust solutions cover the distribution of certified email, atures, electronic invoicing and standard storage.

Software solutions cover management modules for accounting, register management and training.

Tinexta Cyber Security

Cyber Security is the leading cyber security business unit that helps public and private customers protect their most precious asset: information. It designs and applies proprietary cyber solutions and advanced defence, monitoring and response services to online threats to secure digital transformation processes and protect data and information.

Tinexta Cyber S.p.A. is the sub-holding company of the Tinexta Cyber Security business unit.

Established in 2021, along with its subsidiaries it assists public and private customers in digital transformation processes, adopting the best available technologies and advanced protocols for security and digital identity.

Tinexta Cyber operates in the cyber security market: its services are carried out in Italy with the compliance required by the European Union on data residency, data protection and the GDPR.

It offers assessment and advisory services on cyber security, dealing with the design, development and integration of solutions, which it also monitors and manages on behalf of customers. Finally, it takes action to anticipate, block and resolve risk situations and guarantee operational continuity.

Yoroi S.r.l. is a company active in the cyber security field that builds and operates adaptive and dynamic integrated cyber defence systems.

The solutions, products and services that Yoroi offers its customers are divided into: Defence systems such as the Cyber Security Defense Centre (CSDC), an internally developed platform that adopts artificial intelligence, neural networks and machine learning algorithms to support expert analysts; Offensive security - cyber risk assessment; Governance risk & compliance; Other cyber security products and solutions.

Swascan Srl is a cyber security company, owner of the cloud security testing and threat intelligence platform of the same name, as well as being a centre of excellence for cyber security research.

The combination of the software-as-a-service ready-to-use platform and the company's vertical and highly specialised skills make it a point of reference for IT security and legislative compliance requirements.

Swascan's services include: services provided by the Security Operations Centre (SOC) and aimed at governance, monitoring and management of the security of company information systems; penetration testing and vulnerability assessment activities; analysis activities conducted to assess the compliance of a specific company with information security sector frameworks.

Corvallis S.r.l. (Corvallis) has a long track record in the market as a provider of high-value IT solutions, essential for projects of financial and other sector companies.

With a broad customer base and processes aligned to international best practices, it focuses on highly specialised IT solutions and consultancy, such as systems integrator, proprietary products and cybersecurity.

The main sectors in which it is active are finance, industry and Public Administration.

Tinexta Business Innovation

Tinexta Business Innovation helps companies to develop, increase competitiveness and improve performance. With targeted consulting, the company supports access to finance and facilities, internationalisation, digital presence and expansion of business opportunities for small and medium-sized enterprises.

Warrant Hub S.p.A. (Warrant Hub) has its headquarters in Correggio (RE) and operational offices in Turin and Milan. It offers subsidised finance and consulting solutions for innovation, digital transformation and sustainability to companies in all sectors, mainly the manufacturing sector.

Following the merger by incorporation of Co.Mark S.p.A. in 2023, it acts as a growth enabler for client companies and offers market research and analysis, digital marketing and temporary management services through a national network of Temporary Export Specialists (TES) who work with customers.

To meet the challenges of global markets and provide an integrated, high-quality consultancy service, Warrant Hub operates in European markets with its companies Europroject (Bulgaria), Euroquality (France), Evalue Innovación (Spain) and its subsidiaries Warrant Service S.r.l., and ForValue S.p.A. in Italy.

Queryo Advance S.r.l. (Queryo) is a digital agency that was established in 2014 and offers mainly design and management services for marketing campaigns.

The services offered by Queryo cover several areas of digital marketing, including digital ADV, Search Engine Marketing (SEM), Search Engine Advertising (SEA), Search Engine Optimisation (SEO), social media marketing, remarketing and advanced web analytics.

Euroquality S.A.S.(Euroquality) is a French company specialising in assisting companies to access grant resources and providing funding for research and innovation projects financed through European funds.

For more than 20 years, Euroquality has helped public and private organisations dealing with research, development and innovation, to identify funding opportunities in line with their projects and needs.

Evalue Innovación SL (Evalue) is a Spanish advisory firm that facilitates the public financing of innovation through grants, subsidies and other types of tax incentives.

It boasts a widespread presence in Spain and offers support services for obtaining tax incentives for research and development and technological innovation projects, as well as national and European subsidised finance services.

Forvalue S.p.A. (Forvalue) is the result of a strategic partnership between Intesa Sanpaolo and the Tinexta Group to encourage the development of Italian SMEs.

Forvalue's service offering is divided into two areas:

Digitalisation, with the creation of websites, e-commerce and activities in the areas of corporate social media, digital marketing and advertising, cybersecurity, B2B and B2C marketplaces;

Business development, with activities in the following areas: subsidised finance, corporate finance, internationalisation, innovation, process and human capital optimisation, and corporate image.

B – Overall data and trends

For the purposes of interpreting the three-year trends below, it should be noted that the information for the reporting year 2023 refers to the scope covered by this CNFS, while the 2022 and 2021 data are those published in previous CNFS and are therefore representative of the relevant reporting scopes.

WORKFORCE INFORMATION

Workers	31/12/2023	31/12/2022	31/12/2021
Total number of employees	2,337	2,213	2,176
Total Men	1,408	1,339	1,250
Total Women	929	874	926
Total Italy	2,119	2,003	2,176
Total Abroad	218	210	0
Number of employees by type of contract	31/12/2023	31/12/2022	31/12/2021
Permanent
Men	1,386	1,310	1,226
Women	904	846	903
Italy	2,076	1,948	2,129
Abroad	214	208	0
Temporary
Men	22	29	24
Women	25	28	23
Italy	43	55	47
Abroad	4	2	0
Full time
Men	1,387	1,309	1,227
Women	757	705	738
Full time Italy	1,933	1,815	1,965
Full time Abroad	211	199	0
Part time
Men	21	31	23
Women	172	168	188
Part time Italy	186	188	211
Part time Abroad	7	11	0
Percentage of employees by classification	31/12/2023	31/12/2022	31/12/2021
Executives
Men	3%	4%	3%
Women	1%	1%	0%
Under 30 years old	0%	0%	0%
Between 30 and 50 years old	2%	2%	1%
Over 50 years old	2%	2%	2%

Percentage of employees by classification	31/12/2023		31/12/2022		31/12/2021
Middle Managers
Men	9%	9% 10%
Women	4%		4%	3%
Under 30 years old	0%		0%	0%
Between 30 and 50 years old	7%		7%		6%
Over 50 years old	6%		6%		7%
Office workers
Men	48%		48%	45%
Women	35%		35%		39%
Under 30 years old	18%		18%		13%
Between 30 and 50 years old	51%		53%		57%
Over 50 years old	14%		12%		14%
Percentage of employees belonging to
protected categories and vulnerable minorities Art. 1	2%		2%		2%
Art. 18	2%		1%		1%
Other	0%		0%		0%

Percentage composition of the BoD		2023		2022		2021
	Men	Women	Men	Women	Men	Women
Under 30 years old	0%	0%	0%	0%	0%	0%
Between 30 and 50 years old	9%	18%	9%	18%	9%	18%
Over 50 years old	45%	27%	45%	27%	45%	27%
Employment		2023		2022		2021
Number of new hires
	Men	216		232		250
Women		135		158		131
Under 30 years old		144		167		139
Between 30 and 50 years old		172		194		209
Over 50 years old		35		29		33
	Italy	306		330		381
Abroad		45		60		0
Hiring rate		15%		18%		18%
Number of terminations
	Men	166		160		106
Women		72		112		81
Under 30 years old		65 70 40
Between 30 and 50 years old		138 162		125
Over 50 years old		35	40 22
	Italy	192		234		187
Abroad		46		38		0
Turnover rate		10%		12%		9%

Average hours of annual training per employee		2023	2022	2021 21 25 14 10 19 21 2021 0 0 4 4,449 0 0 0.9
	Average hours per employee	21	13
	Men	23	13
	Women	18	14
	Executives	15	11
	Middle Managers	24	16
	Office workers	21	13
Work-related injuries (no.)		2023	2022
Employees
	Fatal injuries	0	0
	Permanent injuries	0	0
	Temporary injuries	1 4	5
	Hours worked	3,3892	3,554
	Fatal accident rate3	0	0
	Permanent injury rate3	0	0
	Temporary injury rate3	1.2	1.4
Non-employees
	Fatal injuries	0	0	0
	Permanent injuries	0	0	0
	Temporary injuries	0	0	0

¹Of the recorded injuries, two occurred during commutes, one while travelling and one during activities.

²Hours worked are calculated as the sum of annual working days * daily working hours estimated by each company.

³The rates are calculated as: (No. of injuries/hours worked * 1,000,000).

Proportion of senior management recruited from the local community4 (%)		2023	2022	2021
	Executives	100%	100%	100%

⁴Calculated with reference to each company within the scope, with senior managers intended as executives and the individual states as local community.

INFORMATION ON SUPPLIERS

Procurement turnover from local suppliers5		2023	2022	2021
	Procurement turnover from local suppliers	92%	96%	97%
5Local suppliers refer to Italian suppliers.

COMPLIANCE

Compliance with laws and regulations	2023	2022	2021
No. of sanctions received for non-compliance with laws and regulations in the reporting year	1	1	-
Monetary value of sanctions received and paid in the reporting year	240,000	51,000	-
Monetary value of sanctions received in the reporting year and which will be paid in the following year	0	0	-

Responsible management of the service	2023	2022	2021
Cases of non-compliance with the law that resulted in a sanction/fine	4	0	1
Cases of non-compliance that resulted in only a warning	4	7	6
Cases of non-compliance with non-mandatory standards (e.g., self regulation codes)	0	0	11

Proven complaints regarding breaches of customer privacy	2023	2022	2021
Received by third parties and confirmed by the organisation	0	5	0
Received from regulatory bodies	0	1	2
Total number of leaks, thefts or losses of customer data	0	5	0

TAXATION

Country-by-country reporting 20226
Jurisdiction		Italy	Spain	Peru	Belgium	Bulgaria	Tunisia	France
Main activities of the organisations		Please see section 1.2
No. of employees as at 31/12/21	No.	2,020	173	-	-	14		85
Revenues from sales to third parties	€/000	312,597	17,392	391	-	311	-	17,636
Revenues from intra-group transactions with other jurisdictions	€/000	642	284	-	-	154	-	25
Profit/loss before tax	€/000	32,645	5,701	58	39	78	-9	6,606
Tangible assets other than cash and cash equivalents	€/000	45,467	775	4	-	5	162	2,010
Company income taxes paid on a cash basis	€/000	-23,743	-970	-16	-4	-5	0	-502
Corporate income tax accrued on profits/losses	€/000	-16,729	-1,526	-15	-10	-8	0	-1,064

⁶The organisation must report information for the period covered by the most recent audited consolidated financial statements or financial information filed in public registers.

ECONOMIC VALUE GENERATED AND DISTRIBUTED

Economic value generated and distributed in thousands of €	2023	2022	2021
Economic value generated by the Group	402,529	357,738	302,446
Revenues from sales and services	389,650	348,285	294,999
Other income	5,541	8,817	6,391
Financial income	7,153	620	1,015
Income/charges from the sale of tangible and intangible assets	185	17	41
Economic value distributed by the Group	-331,342	-333,852	-272,746
Operating costs	-140,143	-131,242	-108,779
Employee remuneration	-127,581	-108,422	-95,736
Remuneration of lenders	-8,943	-6,714	-4,093
Remuneration of investors 7	0	-33,253	-21,206
Remuneration of public administration	-54,025	-53,698	-42,464
External donations	-650	-523	-468

⁷The exact value of investor remuneration for the financial year 2023 will be determined when the Shareholders' Meeting approves the 2023 Consolidated Financial Statements. For 2022, the figure from the previous CNFS has been entered.

Economic value generated and distributed in thousands of €	2023	2022	2021
Economic value withheld by the Group	-71,187	-23,886	-29,700
Bad debts provision	-2,508	-1,128	-644
Impairment	0	-35	-260
Exchange rate differences	188	-154	-36
Adjustments to financial assets	-180	-246	-172
Amortisation and depreciation	-38,421	-32,688	-23,910
Provisions	-717	-769	-1,379
Deferred tax liabilities	4,699	10,482	4,260
Reserves	-34,248	652	-7,558

TOTAL ENERGY CONSUMPTION WITHIN THE ORGANISATION ⁸

Energy sources	UoM		2023	2022
	Petrol	GJ	3,637	1,309
Energy consumption of fuel from non	Diesel	GJ	16,067	7,123
renewable sources	Natural gas	GJ	3,875	491
	LPG	GJ	3.20	-
Electricity consumed, purchased from the grid*	-	GJ	15,579	14,828
Total energy consumption within the organisation	-	GJ	39,161	23,751

* The aggregate figure includes estimates for some Group companies.

DIRECT GREENHOUSE GAS EMISSIONS⁸

GHG emissions scope 1	UoM	2023	2022
Petrol	Ton. CO2 eq.	257	96
Diesel	Ton. CO2 eq.	1,195	561
Natural gas	Ton. CO2 eq.	218	31
LPG	Ton. CO2 eq.	0.20	-
Total	Ton. CO2 eq.	1,670.2	687

⁸ The data in question are reported for 2023 and 2022, the first year of measurement; data relating to 2021 were unavailable.

C - Conversion and issue factors

			LHV (Lower Calorific			Issue factors
Fuel			Value)	Density		NOx [g/GJ]	SOx [g/GJ]	CO [g/GJ]	PM2.5 [g/GJ]	CO2 [kg/GJ]
Natural gas	m3	35.3	MJ/m3	-	-	16.7	0.611	22.2	0.111	56.3
Petrol	L	31.9	MJ/l	0.74	kg/l	48.7	0.221	545	6.63	70.7
Diesel	L	35.8	MJ/l	0.835	kg/l	210	0.325	23.0	11.2	74.5
LPG	L	25.7	MJ/l	0.56	kg/l	25.4	-	243	6.17	64.0

Data source

Natural gas

Lower Calorific Value (PCI): ISPRA, Table of national standard parameters, 2023
Emission factors:
- o CO2: DEFRA, UK Government GHG Conversion Factors for Company Reporting, 2024
- o Other emissions: Ecoinvent 3.8 (Heat, central or small-scale, natural gas {Europe without Switzerland}| heat production, natural gas, at boiler fan burner low-NOx non-modulating <100kW | Cut-off, U)

Petrol

Density: ENEA, Report on energy use, 2019
Lower Calorific Value (PCI): ISPRA, Table of national standard parameters, 2023
Emission factors:
- o CO2: DEFRA, UK Government GHG Conversion Factors for Company Reporting, 2024
- o Other emissions: Database of average emission factors of road transport in Italy: fetransp.isprambiente.it (data as at 2021)

Diesel

Density: ISPRA, Annual report on the quality of automotive fuels produced, imported and marketed in 2019
Lower Calorific Value (PCI): ISPRA, Table of national standard parameters, 2023
Emission factors:
- o CO2: DEFRA, UK Government GHG Conversion Factors for Company Reporting, 2024
- o Other emissions: Database of average emission factors of road transport in Italy: fetransp.isprambiente.it (data as at 2021)

LPG

Density: ENEA, Report on energy use, 2019
Lower Calorific Value (PCI): ISPRA, Table of national standard parameters, 2023
Emission factors:
- o CO2: DEFRA, UK Government GHG Conversion Factors for Company Reporting, 2024
- o Other emissions: Database of average emission factors of road transport in Italy: fetransp.isprambiente.it (data as at 2021)

Electricity

Scope 2 emission factors:
- o Italy: 0.067 tCO2e/GJ
- o France: 0.013 tCO2e/GJ
- o Spain: 0.048 tCO2e/GJ
Source: Bourgault G., Minas N., Müller J., Documentation of Scope 2 and 3 separation of electricity GHG emissions in ecoinvent v3.9.1, December 2022. Dataset: Market for electricity, low voltage

The following assumptions were also used for the conversion of the data collected via checklists:

• Consumption of petrol cars: 2.21 MJ/km; consumption of diesel cars: 2.26 MJ/km; consumption of LPG cars: 2.37 MJ/km (source: Database of average emission factors of road transport in Italy: fetransp.isprambiente.it, data updated as at 2021).

D – Taxonomy details

Financial year 2023		Year		Criteria for substantial contribution					DNSH (Do No Significant Harm) criteria
Economic activities	Code	Turnover	Proportion of turnover, year 2023	mitigation mate change Cli	mate change adaptation Cli	Water	Pollution	my Circular econo	Biodiversity	mitigation mate change Cli	mate change adaptation Cli	Water	Pollution	my Circular econo	Biodiversity	m safeguard guarantees mu Mini	(A.2.) turnover, year 2022 my aligned (A.1.) or eligible Proportion of Taxono	Category enabling activity	Category transition activity
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1 Environmentally sustainable activities (Taxonomy-aligned)
Data processing, hosting and related activities	CCM 8.1	125,637,042	32%	81%	0%	0%	0%	0%	0%		Yes	Yes	Yes	Yes	Yes	Yes	8%		T
Turnover of environmentally sustainable (Taxonomy-aligned) (A.1)	activities	125,637,042	32%	32%	0%	0%	0%	0%	0%	Yes	Yes	Yes	Yes	Yes	Yes	Yes	26%
Of which enabling		0	0%	0%	0%	0%	0%	0%	0%								0%	A
Of which transitional		125,637,042	32%	32%							Yes	Yes	Yes	Yes	Yes	Yes	8%		T
A.2 Taxonomy-eligible activities but not environmentally sustainable (Taxonomy non-aligned activities)
Data processing, hosting and related activities	CCM 8.1	29,453,103	8%														31%
Programming, IT consultancy and related activities	CCA 8.2	101,061,449	26%														4%
Professional services related to the energy performance of buildings	CCM 9.3	507,620	<1%														<1%
Turnover of Taxonomy-eligible activities but environmentally sustainable (Taxonomy activities) (A.2)	not non-aligned	131,022,172	34%														35%
Total (A.1+A.2)		256,659,214	66%														61%
B. TAXONOMY NON-ELIGIBLE ACTIVITIES

Turnover of Taxonomy non-eligible activities		131,790,537	34%
Total (A+B)		388,449,751	100%
Financial year Year 2023					Criteria for substantial contribution				DNSH (Do No Significant Harm) criteria
Economic activities	Code	Turnover	Proportion of turnover, year 2023	mitigation mate change Cli	mate change adaptation Cli	Water	Pollution	my Circular econo	Biodiversity	mitigation mate change Cli	mate change adaptation Cli	Water	Pollution	my Circular econo	Biodiversity	m safeguard guarantees mu Mini	aligned (A.1.) or eligible (A.2.) my CapEx, year 2022 Proportion of Taxono	Category enabling activity	Category transition activity
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1 Environmentally sustainable activities (Taxonomy-aligned)
Installation, maintenance and repair of energy efficiency devices	CCM 7.3	550,000	1%	100%	0%	0%	0%	0%	0%								0%
Data processing, hosting and related activities	CCM 8.1	23,720,101	44%	93%	0%	0%	0%	0%	0%		Yes	Yes	Yes	Yes	Yes	Yes	2%		T
Capital expenditures of environmentally sustainable activities (Taxonomy-aligned) (A.1)		24,270,101	45%	45%	0%	0%	0%	0%	0%	Yes	Yes	Ye s	Yes	Yes	Yes	Yes	9%
Of which enabling		0	0%	0%	0%	0%	0%	0%	0%								0%	A
Of which transitional		23,720,101	44%	44%							Yes	Ye s	Yes	Yes	Yes	Yes	2%		T
A.2 Taxonomy-eligible activities but not environmentally sustainable (Taxonomy non-aligned activities)
Installation, maintenance and repair of energy efficiency devices	CCM 7.3	0	0%														0%
Data processing, hosting and related activities	CCM 8.1	1,884,902	4%														15%
Programming, IT consultancy and related activities	CCA 8.2	6,007,630	11%														2%
CapEx of Taxonomy-eligible activities but environmentally sustainable (Taxonomy activities) (A.2)	not non-aligned	7,892,532	15%														17%
Total (A.1+A.2)		32,162,633	60%														26%

B. TAXONOMY NON-ELIGIBLE ACTIVITIES
CapEx on Taxonomy non-eligible activities		21,465,994	40%
Total (A+B)		53,628,627	100%
Financial year 2023	Year			Criteria for substantial contribution							DNSH (Do No Significant Harm)	criteria
Economic activities	Code	Absolute operating expenses	Proportion of OpEx, year 2023	mitigation mate change Cli	mate change adaptation Cli	Water	Pollution	my Circular econo	Biodiversity	mitigation mate change Cli	mate change adaptation Cli	Water	Pollution	my Circular econo	Biodiversity	m safeguard guarantees mu Mini	my-aligned (A.1.) or eligible (A.2.) OpEx Proportion of Taxono 2022	Category enabling activity	Category transition activity
A. TAXONOMY-ELIGIBLE ACTIVITIES
A.1 Environmentally sustainable activities (Taxonomy-aligned)
Data processing, hosting and related activities	CCM 8.1	6,559,952	32%	65%	0%	0%	0%	0%	0%		Yes	Yes	Yes	Yes	Yes	Yes	11%		T
OpEx of environmentally sustainable activities (Taxonomy aligned) (A.1)		6,559,952	32%	32%	0%	0%	0%	0%	0%	Yes	Yes	Ye s	Yes	Yes	Yes	Yes	32%
Of which enabling		0	0%	0%	0%	0%	0%	0%	0%								0%	A
Of which transitional		6,559,952	32%	32%							Yes	Ye s	Yes	Yes	Yes	Yes	11%		T
A.2 Taxonomy-eligible activities but not environmentally sustainable (Taxonomy non-aligned activities)
Data processing, hosting and related activities	CCM 8.1	3,486,301	17%														28%
Programming, IT consultancy and related activities	CCA 8.2	4,304,215	21%														1%
Professional services related to the energy performance of buildings	CCM 9.3	1,756	0%														0%
OpEx of Taxonomy-eligible activities but not environmentally 7,792,272 sustainable (Taxonomy non-aligned activities) (A.2)																	29%

Total (A.1+A.2)	14,352,224	69%
B. TAXONOMY NON-ELIGIBLE ACTIVITIES
OpEx of Taxonomy non-eligible activities	6,317,950	31%
Total (A+B)	20,670,174	100%

E – Management of material topics

The following table reports, for each material topic, the impacts identified as significant and the sections of the document where it is possible to identify the policies and commitments made, the actions taken and their monitoring, and the discussions with stakeholders for their management.

MATERIAL TOPICS	RELATED IMPACTS	REFERENCE
		(SECTIONS)
-	-	The commitment to embrace an increasingly sustainable approach is shared by the entire management, which also takes responsibility for implementation in the development of strategies, implementation of policies and fulfilment of commitments.
Governance and sustainable strategy	 Greater alignment with national and international sustainable development objectives  Increased internal Group awareness and usability of sustainability-related information  Improvement of the Group's reputation	Details in the chapter 'Solid and constantly evolving governance' See the section Strategy See the section Tools
Economic performance and its impact in the countries where the Group operates	 Distribution of value to internal stakeholders (e.g. employees) and external stakeholders (e.g. local communities or suppliers)  Development of local enabling technologies  Increase of the offer through acquisitions, thus improving the Group's positioning	Details in the chapter 'This is how we shape the future' and the chapter 'People at the centre of our vision of the future'
Business Ethics	 Improvement of the Group's reputation  Contribution to the development of a more ethical society related to implementation	Details in the chapter 'This is how we shape the future' See section The Values that Guide Our Daily Lives
Responsible tax management	 Implementing a collaborative approach with the public administration  Improvement of the Group's reputation  Contribution to the development of a more ethical society	Details in the chapter 'Solid and constantly evolving governance' See the section Tools
Compliance	 Penalties for non-compliance with applicable socio-economic and environmental regulations  Deterioration of the Group's reputation related to non-compliance with applicable socio economic and environmental regulations	Details in the chapter 'This is how we shape the future' See the section The Values that Guide Our Daily Lives Details in the chapter 'Solid and constantly evolving governance' See the section Tools
Diversity, non discrimination and equal opportunities	 Personal and professional growth of Group employees  Improvement of the Group's reputation  Contribution to the development of a more ethical society	Details in the Chapter 'People at the centre of our vision of the future' See the section Uniqueness Is Strength
Personnel development training	 Personal and professional growth of Group employees	Details in the Chapter 'People at the centre of our vision of the future' See the section Projected Towards Constant Skill Growth
Talent acquisition and employee retention	 Increasing Group competitiveness  Contribution to the economic stability of Group employees  Economic growth of the area through the recruitment of local employees	Details in the Chapter 'People at the centre of our vision of the future' See the section Skills Capital
Occupational health and safety	 Protecting the health and physical integrity of employees in the workplace	Details in the Chapter 'People at the centre of our vision of the future' See the section Healthy and Safe Work Every Day
Data protection and cyber security	 Increased customer protection and increased loyalty  Ability to provide customer data security solutions resulting in increased customer satisfaction  Compliance with relevant national and international legislation (EU Regulation 2016/679) with possible negative impact on security in terms of sanctions, image and reputation	Details in the Chapter 'How we shape the future' See the section Data protection and digital infrastructures: a cutting-edge approach

MATERIAL TOPICS	RELATED IMPACTS	REFERENCE (SECTIONS)
Business continuity, service quality and customer satisfaction	 Customer satisfaction and consolidation of trust in the Group  Increasing the effectiveness of customer accessibility to services	Details in the Chapter 'How we shape the future' See the section Data protection and digital infrastructures: a cutting-edge approach
Relations with institutions	 Strengthening synergies and relations with institutions for the creation of shared and sustainable development strategies	Details in the Chapter 'People at the centre of our vision of the future' See the section Support for local initiatives
Initiatives in favour of local communities	 Contribution to the economic and social development of the local area	Details in the Chapter 'People at the centre of our vision of the future' See the section Support for local initiatives
Sustainable supply chain	 Contribution to the development of an environmentally sustainable supply chain  Contribution to the dissemination of a culture of sustainability within one's own sustainable supply chain  Promotion and protection of human rights throughout the value chain and in relations with suppliers for the development of a sustainable supply chain	Details in the Chapter 'People at the centre of our vision of the future' See the section Supply Chain Responsibility
Sustainable products and innovation	 Increasing the Group's competitiveness and capacity for future innovation  Contribution to the transition to a low-carbon economy through the development of sustainable and innovative services	Details in the chapter 'This is how we shape the future' See the section A Galaxy of Skills to Help Businesses and Institutions Grow
Responsible energy management	 Improvement of the Group's reputation  Contribution to the transition to a low-carbon economy  Increased sense of belonging and employee satisfaction	Details in Chapter 'Respect for the Planet We Live On' See the section Energy and Emissions

F – Reconciliation Table

A reconciliation table is provided below to make it easier to identify in the CNFS the aspects set forth in Italian Legislative Decree 254/2016 and their intersection with the topics that emerged from the materiality analysis and the issues envisaged by the GRI with the specific indicators reported.

ASPECTS ITALIAN LEGISLATIVE DECREE 254/2016	MATERIAL TOPICS	GRI ISSUES	DISCLOSURE (GRI)	REFERENCE (SECTIONS)
Business model for managing and organising the companies' activities	Governance and sustainable strategy	General Information 2021	2 - 2021 General Disclosures	How We Shape the Future
Personnel	Diversity, non discrimination and equal opportunities	GRI 405 – 2016 Diversity and equal opportunity	405-1 Diversity of governance bodies and employees
	Personnel training and development	GRI 404 – 2016 Training and education	404-1 Average hours of training per year per employee
	Occupational health and safety	GRI 403 – 2018 Occupational health and safety	403-1 Occupational health and safety management system 403-2 Hazard identification, risk assessment and incident investigation 403-3 Occupational health services 403-4 Worker participation, consultation, and communication on occupational health and safety 403-5 Worker training on occupational health and safety 403-6 Promotion of worker health 403-7 Prevention and mitigation of occupational health and safety impacts directly linked by business relationships 403-9 Work-related injuries 403-10 Work-related ill health	 People at the Centre of our Vision of the Future  Appendix A
	Talent acquisition and employee retention	GRI 401 – 2016 Employment	401-1 New employee hires and employee turnover
Social	Economic performance and its impact in the countries where the Group operates	GRI 201– 2016 Economic performance GRI 202 – 2016 Presence on the market	201-1 Direct economic value generated and distributed 202-2 Proportion of senior management hired from the local community	 How We Shape the Future  Appendix A
	Sustainable products and innovation	GRI 203 – 2016 Indirect Economic Impacts	203-2 Significant indirect economic impacts
	Responsible tax management	GRI 207 – 2019 Tax	207-1 Approach to tax 207-4 Country-by-country reporting	 Solid and Constantly Evolving Governance  Appendix A
	Data Protection and Cybersecurity	GRI 418 – 2016 Customer privacy	418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data	 How We Shape
	Business continuity, service quality and Customer satisfaction	GRI 417– 2016 Marketing and labelling	417-2 Incidents of non-compliance concerning product and service information and labelling	the Future  Appendix A
	Initiatives in favour of the local community	GRI 413– 2016 Local communities	413-2 Operations involving local community engagement, impact assessments and development programmes	People at the Centre of our Vision of the Future

ASPECTS ITALIAN LEGISLATIVE DECREE 254/2016	MATERIAL TOPICS	GRI ISSUES	DISCLOSURE (GRI)	REFERENCE (SECTIONS)
Respect for human rights	Diversity, non discrimination and equal opportunities	GRI 406 – 2016 Non-discrimination	406-1 Incidents of discrimination and corrective actions taken	People at the Centre of our Vision of the Future
		GRI 412 – 2016 Human rights assessment	412-1 Operations that have been subject to human rights reviews or impact assessments
	Sustainable supply chain	GRI 414 – 2016 Supplier social assessment	414-1 New suppliers that were screened using social criteria
Combating active and passive corruption	Business Ethics	GRI 205 – 2016 Anti corruption	205-3 Confirmed incidents of corruption and actions taken	How We Shape the Future
	Compliance	GRI 2 - 2021 General Disclosures	2-27 Compliance with laws and regulations
	Relations with institutions	GRI 415 – 2016 Public policy	415-1 Political contributions
Supply chains	Sustainable supply chain	GRI 414 – 2016 Supplier social assessment	414-1 New suppliers that were screened using social criteria	People at the Centre of our Vision of the Future
		GRI 308 – 2016 Supplier environmental assessment	308-1 New suppliers that were screened using environmental criteria
Environment	Responsible energy management	GRI 302 – 2016 Energy	302-1 Energy consumption within the organisation	Respect for the Planet We Live On
		GRI 305 – 2016 Emissions	305-1 Direct (Scope 1) GHG emissions

G – GRI Content Index

GRI STANDARDS	DISCLOSURE	REFERENCE (PAGES)	OMISSION
	General Information
	2-1 Organisational details	9
	2-2 Entities included in the organisation's sustainability reporting	19
	2-3 Reporting period, frequency and contact point	19, 91
	2-4 Restatements of information	76
	2-5 External assurance	91
	2-6 Activities, value chain and other business relationships	10-12; 67-72
	2-7 Employees	43; 73-74
	2-8 Workers who are not employees	43
	2-9 Governance structure and composition	27-28
	2-10 Nomination and selection of the highest governance body	27-28
	2-11 Chair of the highest governance body	27-28
	2-12 Role of the highest governance body in overseeing the management of impacts	27-28; 84-85
	2-13 Delegation of responsibility for managing impacts	27-28; 84-85
	2-14 Role of the highest governance body in sustainability reporting	21
GRI 2- 2021 General Disclosures	2-15 Conflicts of interest	27
	2-16 Communication of critical concerns	32
	2-17 Collective knowledge of the highest governance body	27-28
	2-18 Evaluation of the performance of the highest governance body	27-28
	2-19 Remuneration policies	Report on the Remuneration Policy for
	2-20 Process to determine remuneration	2023 and remuneration
	2-21 Total compensation ratio	paid in 2022, published on www.tinexta.com in the Governance Section
	2-22 Statement on sustainable development strategy		5
	2-23 Policy commitments	35-38
	2-24 Embedding policy commitments	35-38
	2-25 Process to remediate negative impacts	39
	2-26 Mechanisms for seeking advice and raising concerns	32
	2-27 Compliance with laws and regulations	75
	2-28 Membership associations	51
	2-29 Approach to stakeholder engagement	22-23
	2-30 Collective bargaining agreements	43

GRI STANDARDS	DISCLOSURE	REFERENCE (PAGES)
	Diversity, non-discrimination and equal opportunities
GRI 3- 2021 Material Topics	3-3 Management of material topics	84-85
GRI 405- 2016 Diversity and equal opportunity	405-1 Diversity of governance bodies and employees	73-74
GRI 406- 2016 Non-discrimination	406-1 Incidents of discrimination and corrective actions taken	45
GRI 412- 2016 Human rights assessment	412-1 Operations that have been subject to human rights reviews or impact assessments	44-45
	Personnel training and development
GRI 3- 2021 Material Topics	3-3 Management of material topics	84-85
GRI 404- 2016 Training and education	404-1 Average hours of training per year per employee	46; 75
	Occupational health and safety
GRI 3- 2021 Material Topics	3-3 Management of material topics	84-85
	403-1 Occupational health and safety management system	49-50
	403-2 Hazard identification, risk assessment and incident investigation	49-50
	403-3 Occupational health services	49-50
GRI 403 - 2018 Occupational Health	403-4 Worker participation, consultation and communication on occupational health and safety	49-50
and Safety	403-5 Worker training on occupational health and safety	49-50
	403-6 Promotion of worker health	49-50
	403-7 Prevention and mitigation of occupational health and safety impacts directly linked by business relationships	49-50
	403-9 Work-related injuries	75
	Business Ethics
GRI 3- 2021 Material Topics	3-3 Management of material topics	84-85
GRI 205- 2016 Anti corruption	205-3 Confirmed incidents of corruption and actions taken	15
GRI 206 - 2016 Anti competitive behaviour	206-1 Legal actions for anti-competitive behaviour, antitrust and monopoly practices	15
GRI 415 - 2016 Public policy	415-1 Political contributions	15
Talent acquisition and employee retention
GRI 3- 2021 Material Topics	3-3 Management of material topics	84-85
401 - 2016 Employment	401-1 New employee hires and employee turnover	43; 48; 74-75
Data protection and cyber security
GRI 3- 2021 Material Topics	3-3 Management of material topics	84-85
GRI 418 - 2016 Customer privacy	418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data	76
Responsible tax management
GRI 3- 2021 Material Topics	3-3 Management of material topics	84-85
GRI 207- 2019	207-1 Approach to taxation	35-37

Tax 2019 207-4 Country-by-country reporting 76 Responsible energy management GRI 3- 2021 3-3 Management of material topics 84-85 Material Topics GRI 302- 2016 302-1 Energy consumption within the organisation 58; 77 Energy GRI 305- 2016 305-1 Direct (Scope 1) GHG emissions 59; 77 Emissions GRI 305 – 2016 305-2 Energy indirect (Scope 2) GHG emissions 59 Emissions GRI 305 – 2016 305-7 Nitrogen oxides (NOx), sulphur oxides (SOx), and other significant air 59 Emissions emissions Governance and sustainable strategy GRI 3- 2021 3-3 Management of material topics 84-85 Material Topics 2-9 Governance structure and composition 27-28 GRI 2 – 2021 2-10 Nomination and selection of the highest governance body 27-28 General Disclosures 2-11 Chair of the highest governance body 27-28 Economic performance and its impact in countries where the Group operates GRI 3- 2021 3-3 Management of material topics 84-85 Material Topics GRI 201 – 2016 Economic 201-1 Economic value directly generated and distributed 76 performance GRI 2 – 2021 202-2 Proportion of senior management hired from the local community 75 General Disclosures Sustainable products and innovation GRI 3- 2021 3-3 Management of material topics 84-85 Material Topics GRI 203 - 2016 Indirect economic 203-2 Significant indirect economic impacts 67-72 impacts GRI 417- 2016 417-2 Incidents of non-compliance concerning product and service information Marketing and 76 and labelling labelling Sustainable supply chain GRI 3- 2021 3-3 Management of material topics 84-85 Material Topics GRI 308- 2016 Supplier 308-1 New suppliers that were screened using environmental criteria 51-52 environmental assessment GRI 414- 2016 Supplier social 414-1 New suppliers that were screened using social criteria 51-52 assessment Compliance GRI 3- 2021 3-3 Management of material topics 84-85 Material Topics GRI 2- 2021 2-27 Compliance with laws and regulations 75 Material Topics Initiatives in favour of local communities Relations with institutions GRI 3- 2021 3-3 Management of material topics 84-85 Material Topics GRI 413- 2016 Local 413-1 Operations with local community engagement, impact assessments and 50-51 communities development programmes	GRI STANDARDS	DISCLOSURE	REFERENCE (PAGES)	OMISSION

KPMG S.p.A. Revisione e organizzazione contabile Via Curtatone, 3 00185 ROMA RM Telefono +39 06 80961.1 Email [email protected] PEC [email protected]

(This independent auditors' report has been translated into English solely for the convenience of international readers. Accordingly, only the original Italian version is authoritative.)

Independent auditors' report on the consolidated non-financial statement pursuant to article 3.10 of Legislative decree no. 254 of 30 December 2016 and article 5 of the Consob Regulation adopted with Resolution no. 20267 of 18 January 2018

To the board of directors of Tinexta S.p.A.

Pursuant to article 3.10 of Legislative decree no. 254 of 30 December 2016 (the "decree") and article 5.1.g) of the Consob (the Italian Commission for listed companies and the stock exchange) Regulation adopted with Resolution no. 20267 of 18 January 2018, we have been engaged to perform a limited assurance engagement on the 2022 consolidated non-financial statement of the Tinexta Group (the "group") prepared in accordance with article 4 of the decree and approved by the board of directors on 7 March 2024 (the "NFS").

Our procedures did not cover the information set out in the "EU taxonomy" section of the NFS required by article 8 of Regulation (EU) 852 of 18 June 2020.

Responsibilities of the directors and board of statutory auditors ("Collegio Sindacale") of Tinexta S.p.A. (the "parent") for the

The directors are responsible for the preparation of an NFS in accordance with articles 3 and 4 of the decree and the "Global Reporting Initiative Sustainability Reporting Standards" issued by GRI - Global Reporting Initiative (the "GRI Standards"), identified by them as reporting standard.

The directors are also responsible, within the terms established by the Italian law, for such internal control as they determine is necessary to enable the preparation of an NFS that is free from material misstatement, whether due to fraud or error.

Moreover, the directors are responsible for the identification of the content of the NFS, considering the aspects indicated in article 3.1 of the decree and the group's business and characteristics, to the extent necessary to enable an understanding of the group's business, performance, results and the impacts it generates.

The directors' responsibility also includes the design of an internal model for the management and organisation of the group's activities, as well as, with reference to the aspects identified and disclosed in the NFS, the group's policies and the identification and management of the risks generated or borne.

The Collegio Sindacale is responsible for overseeing, within the terms established by the Italian law, compliance with the decree's provisions.

Ancona Bari Bergamo Bologna Bolzano Brescia Catania Como Firenze Genova Lecce Milano Napoli Novara Padova Palermo Parma Perugia Pescara Roma Torino Treviso Trieste Varese Verona

Società per azioni Capitale sociale Euro 10.415.500,00 i.v. Registro Imprese Milano Monza Brianza Lodi e Codice Fiscale N. 00709600159 R.E.A. Milano N. 512867 Partita IVA 00709600159 VAT number IT00709600159 Sede legale: Via Vittor Pisani, 25 20124 Milano MI ITALIA

Tinexta Group Independent auditors' report 31 December 2023

Auditors' independence and quality control

We are independent in compliance with the independence and all other ethical requirements of the International Code of Ethics for Professional Accountants (including International Independence Standards, the IESBA Code) issued by the International Ethics Standards Board for Accountants, which is founded on fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour.

For the present fiscal year, our company has applied the International Standard on Quality Control 1 (ISQC Italia 1) and, accordingly, has maintained a system of quality control including documented policies and procedures regarding compliance with ethical requirements, professional standards and applicable legal and regulatory requirements.

Auditors' responsibility

Our responsibility is to express a conclusion, based on the procedures performed, about the compliance of the NFS with the requirements of the decree and the GRI Standards. We carried out our work in accordance with the criteria established by "International Standard on Assurance Engagements 3000 (revised) - Assurance Engagements other than Audits or Reviews of Historical Financial Information" ("ISAE 3000 revised"), issued by the International Auditing and Assurance Standards Board applicable to limited assurance engagements. This standard requires that we plan and perform the engagement to obtain limited assurance about whether the NFS is free from material misstatement. A limited assurance engagement is less in scope than a reasonable assurance engagement carried out in accordance with ISAE 3000 revised, and consequently does not enable us to obtain assurance that we would become aware of all significant matters and events that might be identified in a reasonable assurance engagement.

The procedures we performed on the NFS are based on our professional judgement and include inquiries, primarily of the parent's personnel responsible for the preparation of the information presented in the NFS, documental analyses, recalculations and other evidence gathering procedures, as appropriate.

Specifically, we performed the following procedures:

1. Analysing the material aspects based on the group's business and characteristics disclosed in the NFS, in order to assess the reasonableness of the identification process adopted on the basis of the provisions of article 3 of the decree and taking into account the reporting standards applied.
1. Analysing and assessing the identification criteria for the reporting scope, in order to check their compliance with the decree.
1. Comparing the financial disclosures presented in the NFS with those included in the group's consolidated financial statements.
1. Gaining an understanding of the following:
2. the group's business management and organisational model, with reference to the management of the aspects set out in article 3 of the decree;
3. the entity's policies in connection with the aspects set out in article 3 of the decree, the achieved results and the related key performance indicators;
4. the main risks generated or borne in connection with the aspects set out in article 3 of the decree.

Moreover, we checked the above against the disclosures presented in the NFS and carried out the procedures described in point 5.a).

Tinexta Group Independent auditors' report 31 December 2023

Understanding the processes underlying the generation, recording and management of the significant qualitative and quantitative information disclosed in the NFS.

Specifically, we held interviews and discussions with the parent's management personnel. We also performed limited procedures on documentation to gather information on the processes and procedures used to gather, combine, process and transmit non-financial data and information to the office that prepares the NFS.

Furthermore, with respect to significant information, considering the group's business and characteristics:

at group level,
- a) we held interviews and obtained supporting documentation to check the qualitative information presented in the NFS and, specifically, the business model, the policies applied and main risks for consistency with available evidence,
- b) we carried out analytical and limited procedures to check, on a sample basis, the correct aggregation of data in the quantitative information;
we held videoconferences with the management of Tinexta S.p.A., Warrant Hub S.p.A. and Infocert S.p.A., which we have selected on the basis of their business, contribution to the key performance indicators at consolidated level and location, to obtain documentary evidence supporting the correct application of the procedures and methods used to calculate the indicators.

Conclusion

Based on the procedures performed, nothing has come to our attention that causes us to believe that the 2023 consolidated non-financial statement of the Tinexta Group has not been prepared, in all material respects, in accordance with the requirements of articles 3 and 4 of the decree and the GRI Standards.

Our conclusion does not extend to the information set out in the "EU taxonomy" section of the NFS required by article 8 of Regulation (EU) 852 of 18 June 2020.

Rome, 28 March 2024

KPMG S.p.A.

(signed on the original)

Arrigo Parisi Director of Audit

TINEXTA S.p.A.

Tinexta is an industrial Group that offers innovative solutions for the digital transformation and growth of companies, professionals and institutions. Listed on the Euronext STAR Milan (MIC: MTAA), it is included in the European Tech Leader index as a high-growth tech company. Based in Italy with representatives in 9 countries ranging from Europe to Latin America and over 2,000 employees, Tinexta is active in the strategic Digital Trust, Cyber Security and Business Innovation sectors. At 31 December 2023, the Group reported consolidated revenues of €395.8 million, Adjusted EBITDA of €103.0 million and Net profit of €69.9 million.

tinexta.com

Stock ticker: TNXT, ISIN Code IT0005037210

Contact Point

[email protected]

Consolidated Non-Financial Statement 2023 92

Consolidated Non-Financial Statement 2023 93

AI assistant

Tinexta — Environmental & Social Information 2024

4493_sr_2024-03-29_91459880-788a-492f-9e89-ab8dd648e709.pdf

Consolidated Non-Financial Statement pursuant to Italian Legislative Decree 254/2016

Table of contents

Message from the Chairman and Chief Executive Officer

How We Shape the Future

The Coordinates of Our Action

About Us

Our Business Model

A Challenging Journey

A Galaxy of Skills to Help Businesses and Institutions Grow

Tinexta Cyber Security

Contribution to more sustainable models

Constant Growth Guided by an Effective Strategy

Warrant Hub

InfoCert

Tinexta

The Values that Guide Our Daily Lives

Data Protection and Digital Infrastructures: a Cutting-Edge Approach

Data Protection

Cyber Security & Business Continuity

02

Methodological Approach

Coordinates of the CNFS

Reporting Period and Scope

Regulatory References

Reporting Process

Materiality Analysis

2023 Results

Solid and Constantly Evolving Governance

Actors

Strategy

The 2023-2025 Strategic Plan drivers are briefly illustrated in the following image.

Tools

Group Code of Ethics and Conduct

Group Organisational Model and Regulations

Organisation, Management and Control Models pursuant to Italian Legislative Decree 231/2001

Whistleblowing

Anti-Corruption Guidelines

Succession Plans

Certification

ESG Policies and 2023-2025 Sustainability Plan

ESG Risk Monitoring and Management

People at the Centre of our Vision of the Future

Workforce Characterised by Stability and Continuity

Uniqueness Is Strength

Projected Towards Constant Skill Growth

Our Formula for Success

We have appointed more than 80 change

Training: Numbers and Good Examples

Skills Capital

Healthy and Safe Work Every Day

Support for Local Initiatives

Supply Chain Responsibility

Respect for the Planet We Live on

A Constantly Growing Commitment

Offices with a Lighter Footprint

Dematerialisation

Reduction of plastic

Remote work

Separate waste collection and equipment recovery

Energy

Mobility Management

Energy and Emissions

The table below details our Group's consumption.

06

Taxonomy

Regulatory Framework

Methodological Approach

Results

Appendices

A - Companies included in the organisation's sustainability reporting

Tinexta Digital Trust

Tinexta Cyber Security

Tinexta Business Innovation

B – Overall data and trends

WORKFORCE INFORMATION

INFORMATION ON SUPPLIERS

COMPLIANCE

Tinexta Environmental & Social Information 2024

TOTAL ENERGY CONSUMPTION WITHIN THE ORGANISATION ⁸

DIRECT GREENHOUSE GAS EMISSIONS⁸