Code of ethics and conduct

1.Introduction to the Code of Ethics and Conduct The objective of the Code of Ethics and Conduct (hereinafter ”Code of Ethics” or also ”Code”) is not to regulate all possible situations that may occur. No document can reasonably consider all the cases that may arise in carrying out its work. Its goal is to serve as a framework for all CheckSig members, that is, to help them understand what is expected of each of them, including those who hold more senior roles, to make good business decisions and to maintain behavior characterized by correctness, awareness and integrity. To pursue this aim, the Code of Ethics and Conduct sets out: to. the set of rights, duties and responsibilities of CheckSig with respect to all the subjects with whom it enters into relations for the achievement of its corporate purpose;
b. the methods for verifying the consistency of the operating procedures with the company’s ethical principles and the sanctions envisaged in the event of violations by personnel who do not respect the same. The Code of Ethics does not replace the internal self-discipline code which remains in force. This Code also contributes to implementing the Corporate Social Responsibility policy in the awareness that the decisions and actions of all CheckSig members determine direct or indirect consequences on society and that consideration of social and environmental issues contributes to minimizing exposure to compliance and reputational risks, strengthening the sense of belonging in its interlocutors. 2. General aspects of the Code 2.1 Definition of ethical behavior Ethical behavior is defined as behavior intended to:

1. strictly comply with the laws in force in the national territory;
   2. operate with correctness and courtesy in relationships between colleagues, customers and stakeholders;
   3. respect the interests of each interlocutor (be they customers, employees, external collaborators, public institutions and authorities and the community in general);
   4. carry out one’s role with professionalism and moral integrity. 2.2 Fundamental corporate values CheckSig attributes fundamental importance to the principles of loyalty, correctness, transparency, and respect towards people, the social context, the institutions and the environment in which it operates. Furthermore, CheckSig specifically pursues the following values:
2. competence: the Company undertakes to choose and motivate human resources in order to ensure the maximum level of competence and updating in carrying out the activity;
   2. credibility: the Company constantly undertakes to pay particular attention to its reliability and trustworthiness, in particular to customers, suppliers, consultants, Supervisory Authorities and the community in general;
   3. impartiality: the Company confirms and ensures that there are no threats to impartiality in carrying out the activity;
   4. pursuit of excellence: the Company pursues continuous improvement in the way it operates by maintaining constant attention to detail in every phase of the work, using resources in the most efficient way, trying to enhance its employees and external collaborators in their specific professionalism. 2.3 Recipients of the Code Given the aim of ethically directing its activity, the rules of this Code apply, without exception, to all members of CheckSig’s Board of Directors, as well as to all its company staff (managers and employees), and also to the suppliers, collaborators and consultants to whom the same Company turns, whether they operate on the basis of outsourcing agreements or on the basis of ad hoc consultancy contracts and also to the customers of CheckSig itself (hereinafter “Recipients”). All the Recipients indicated above are therefore required to read it, know and accept the contents and conduct themselves in compliance with the principles contained in this Code of Ethics. If you are in doubt about the correct behavior to adopt in a given situation. This Code of Ethics was drawn up without any claim to exhaustiveness nor is it believed to express valid principles for every circumstance in which the Recipients may find themselves operating. However, since each of the Recipients has the responsibility to do the right thing, in every doubtful circumstance, each of them - before making a decision - should ask themselves the following questions:
3. Is it legal? 2. Is it in line with CheckSig’s Code of Ethics (as applicable)? 3. Is it in the interest of our customers and/or stakeholders? 4. Have I taken into consideration the risks involved and the consequences resulting from my decision? 5. Would I be comfortable if my decision was made public inside or outside the Company? If the answer to one of these questions is ”NO” or in case of doubt, it is necessary, before taking action, to discuss it with the Legal and Compliance function of the Company. Compliance with the rules of the Code must also be considered an essential part of the contractual obligations of the Company’s employees, also pursuant to and for the purposes of the art. 2104 of the Civil Code, while their violation constitutes, depending on the case, a disciplinary offense and/or a breach of contract and may lead to the termination of the contractual relationship and/or compensation for any damages incurred by CheckSig. The Company requires suppliers, collaborators and consultants to respect the principles on which this Code is based, also by virtue of specific contractual clauses. 2.4 The Code approval process This Code, adopted by resolution of the Board of Directors of CheckSig, far from being considered an unchangeable document, must be read as a continuously evolving tool as it is susceptible to subsequent modifications and additions based on changes within the Company as well as externally, i.e. relating to the economic and regulatory context in which it operates as well as the experiences acquired by CheckSig itself over time, in order to ensure constant consistency of the values ​​assumed as fundamental principles by the Company and the conduct to be adopted in accordance with the provisions of this Code. 2.5 Communication and dissemination of the Code The Code of Ethics and its updates are brought to the attention of all recipients (internal and external) through adequate communication and dissemination activities, so that the values ​​and principles contained therein are known and applied and to prevent individual initiative from generating behavior that is not consistent with the reputational profile that CheckSig pursues. The Code of Ethics is published on the CheckSig institutional website and is accessible within the company drive at the following address: Operational Guides. An electronic copy of the Code is delivered to each member of the Board of Directors, partner, employee or collaborator upon, respectively, the appointment, hiring or initiation of the relationship and a copy in paper format is kept in the archive located in the CheckSig premises. The Human Resources function will include, within the annual training plan, initiatives aimed at promoting knowledge of the values ​​and behavioral norms referred to in this Code.
4. Reference legislation

• Universal Declaration of Human Rights by the United Nations;
  • Civil Code, articles. 2087, 2104 and 2105;
  • Conventions of the International Labor Organization;
  • Workers’ Statute;
  • National Collective Labor Agreement of the metalworking industry sector applicable to the Company and to the general regulations regarding employment relationships;
  • Consolidated law on health and safety at work, Legislative Decree no. 81 of 9 April 2008 and subsequent amendments;
  • Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 (V Anti-Money Laundering Directive);
  • Legislative Decree no. 231/2007 and subsequent amendments;
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR);
  • Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 (MiCAR);
  • Personal data protection code, Legislative Decree no. 196 of 30 June 2003 and subsequent amendments;
  • Law 30/11/2017, n. 179 regarding the protection of the authors of reports of crimes or irregularities of which they have become aware in the context of a public or private employment relationship;
  • Directive (EU) 2019/1937 on the protection of people who report violations of Union law (so-called “Whistleblowing Directive”);
  • Legislative Decree 10 March 2023, n. 24 of implementation of the Whistleblowing Directive;
  • Other regulations, provisions and opinions of the Bank of Italy, the Guarantor for the protection of personal data and other relevant authorities.

4. General provisions of the Code Every behavior translates into a concrete action. Every action can compromise the company’s reputation and image or can contribute to its improvement. At the same time, improving the company’s reputation and image can correctly direct everyone’s behavior. In order for the behaviors and actions implemented by employees and administrators to be identified with the company’s ethical values, all operations and, more generally, the actions and behaviors adopted in the exercise of their functions or tasks, must be characterized both in the workplace and outside by the utmost integrity, honesty, correctness, loyalty, fairness, objectivity, personal protection, transparency, confidentiality and responsibility in the prudent use of corporate, environmental and social assets and resources. Likewise, in order to proactively contribute to the achievement of company objectives, it is necessary for everyone to carry out the assigned activities with commitment, punctuality and precision. It is specified that the mandatory rules and precepts contained in the legislation in force from time to time which impose behavioral obligations on indistinct categories of subjects do not require specific further regulation in this Code (e.g.: smoking ban, general respect for working hours, contractual rules on the rights and duties of staff, rules on health and safety at work, etc.). 4.1 Legality Compliance with current laws and regulations represents a fundamental principle for CheckSig. Each Recipient is therefore required to acquire with due diligence the necessary knowledge regarding the regulatory provisions (deriving, for example, from legal provisions, regulations, circulars, provisions of the Supervisory Authority, etc.) applicable to the performance of their functions or duties. Conduct in conflict with the aforementioned precept is not tolerated. In fact, it must be clear that there cannot be any justification that can induce one of the Recipients to violate or encourage others to violate regulatory provisions applicable to the Company, thus exposing CheckSig to possible fines, sanctions including criminal sanctions and to the loss of the possibility of continuing to carry out its business. 4.2 Integrity, honesty, correctness and loyalty Respect for the values ​​of integrity, honesty, correctness and loyalty is achieved through the adoption of the following behaviors:
5. compliance with the internal and external regulations in force by all staff, collaborators, customers, suppliers and any other third party with which the Company has a relationship;
   2. strict compliance with current anti-money laundering legislation (including the commitment to report and the refusal to carry out any suspicious operation in terms of correctness and transparency);
   3. consent to carry out operations only if supported by suitable documentation, so that it is possible at any time to carry out checks that certify the characteristics and reasons and identify who authorized, carried out, recorded and verified the operation itself; 4. the refusal to establish any type of relationship capable of facilitating any form of crime and/or economic benefit to subjects in relation to whom there is doubt that they are carrying out any type of illicit activity;
   5. the conduct of commercial relationships through loyal and correct behaviour;
   6. the repudiation and contrast of any behavior aimed at obtaining confidential information relating to one’s competitors on the market, the condemnation of every possible form of fraud, counterfeiting or usurpation of intellectual and industrial property rights, one’s own and those of others, of copyrights, patents, trademarks and identification marks;
   7. the repudiation and contrast of any behavior aimed at taking advantage of unfair behaviour, manipulation, concealment or abuse of privileged information, false declarations of material facts or any other unfair practice
   8. the promotion at all levels of practices aimed at preventing local and transnational corruption phenomena;
   9. compliance with the governance principles established by the competent authorities and/or found in market best practices. 4.2.1 Focus: Gifts, freebies and benefits It is not permitted to offer and receive any form of gift or benefit that could be interpreted as exceeding normal commercial and courtesy practices and of modest value, or that could be understood as a tool to acquire preferential treatment in carrying out work activities. For the sake of clarity, commercial courtesy of modest value means gifts of more than symbolic value or in any case in line with normal courtesy relations (i.e. Christmas presents; gadgets, etc.) whose value does not exceed the amount of €50. Gifts, gifts or other benefits that exceed the aforementioned amount may be accepted by directors, managers or employees only with the prior authorization of the Legal Area. Under no circumstances may the gifts consist of sums of money or virtual coins or crypto-assets, loans, bribes, or other benefits. The aforementioned value limits do not apply in commercial or promotional relations of the Company with customers (even potential ones) which involve the directors and/or managers and/or employees of the Company as long as they are strictly inherent to a specific business relationship and of a reasonable economic entity with respect to commonly accepted commercial and/or institutional courtesy practices. Employees must not accept or offer gifts, lunches or entertainment where - depending on the context - this could create the impression of wanting to illicitly influence commercial relations. In carrying out its business, CheckSig may find itself interacting with public entities (Bank of Italy, CONSOB, UIF, etc.). In consideration of the foregoing, the Recipients who, by reason of their office, or by assignment received from the Company itself, find themselves dealing on behalf of the latter with public officials or public service representatives, are required to behave in a transparent and respectful manner with the applicable legal and regulatory provisions. Any type of corrupt behavior towards public officials, those in charge of public service, officials or employees of the public administration, authorities and public institutions, in any form or manner, is not tolerated. The rules that regulate the operational activity of the Company must be strictly observed and respected. The above-mentioned rules cannot be circumvented by resorting to activities carried out by third parties and/or with procedures suitable for circumventing these prohibitions. When the Company decides to be represented in relations with a Public Administration by a consultant or a third party external to its organization, they must expressly and in writing undertake with the same Company to comply with the provisions of this Code. 4.3 Transparency and confidentiality CheckSig considers transparency in all its behavior as an indispensable value. At the same time, the Company values ​​confidentiality as a foundational element of the relationship of trust with its customers. For this reason, CheckSig:
6. disseminates truthful, complete, transparent and comprehensible information, within the limits permitted by the provisions of company procedures, in order to allow its customers or suppliers to make informed decisions regarding the relationships to be maintained with the same Company;
   2. updates, disseminates and enforces internal procedures and policies drawn up and issued in compliance with current legislation on the protection of personal data. Recipients who become aware of behavior and/or operations carried out in violation of the provisions of this article are required to promptly report the facts to the Legal and Compliance function. 4.3.1 Focus: Protection of information and intellectual property The protection of the confidentiality of corporate information of any nature (commercial, financial, technological, etc.) both of the Company, of customers and of third parties represents a value that CheckSig intends to protect, as a heritage of culture and continuous technological investment. In particular, this involves information that is defined as “proprietary and confidential”, that is, generally not in the public domain, whether verbal or written. All Recipients have a particular responsibility to protect the confidentiality of information relating to customers, but also relating to CheckSig’s internal security systems and procedures, as well as its suppliers and consultants. The aforementioned confidential information must never be disclosed to anyone outside the Company, except as required and/or permitted by regulatory provisions - internal or external - applicable to the same Company or by the need of the same to defend its rights in the context of legal proceedings. The confidentiality obligations of the Recipients also apply with reference to their use of social media, as the aforementioned are responsible for everything they publish on the internet regarding the Company. In this context, Recipients must ensure that they do not disseminate information about CheckSig via the internet that they would not disseminate by any other means. Therefore, the information acquired by the Recipients in carrying out the assigned activities and responsibilities must remain strictly confidential and adequately protected and cannot be used, communicated or disseminated, both internally and externally, unless in full compliance with company procedures and current legislation. In this regard, it is expressly prohibited to communicate, disclose or improperly use confidential information, data or news relating to customers or, more generally, to third parties with whom CheckSig has or is preparing to establish business relationships. CheckSig takes care to promptly catalog the information to be considered confidential, so as to make it recognizable to the Recipients. The Recipients must do everything possible to avoid even involuntary disclosure of confidential information, paying particular attention when saving or transmitting it. The aforementioned confidentiality obligations continue even after termination of the employment relationship. 4.3.2 Focus: Abuse of confidential information The Recipients must be fully aware that they are prohibited from carrying out buying and selling operations or other operations (e.g. cancellation of orders already placed on crypto-assets), even through third parties, using privileged information relating to said crypto-assets, or advising the completion of said operations to third parties, taking advantage of the possession of information relating to crypto-assets known due to the activity carried out in CheckSig. More generally, the Recipients are required to comply with the prohibitions set out in the articles. 89, 90 and 91 MiCAR. Furthermore, the Recipients must not compete with the Company nor must they exploit for personal purposes - directly or indirectly - the commercial opportunities that they identify during the employment relationship or the confidential information of which they have become aware. 4.3.3 Focus: Accuracy and transparency of accounting records Each employee is required to scrupulously observe all current administrative and accounting procedures. In order to prevent a distorted use of company funds or the recording of fictitious transactions, for each operation adequate supporting documentation of the activity carried out is kept, such as to allow the carrying out of checks that ascertain the characteristics, the reasons for the operation and that identify who authorized, carried out, recorded and verified the operation. It is also forbidden to:

• hide documents or, with other suitable devices, prevent or otherwise hinder the performance of control or auditing activities legally attributed to the shareholders, corporate bodies or the auditing firm;
  • distribute profits or advances on profits not actually achieved or allocated by law to reserves, or distribute reserves, even if not constituted with profits, which cannot by law be distributed;
  • form or increase capital fictitiously;
  • in violation of the legal provisions protecting creditors, carry out reductions in the share capital, divide the company’s assets among the shareholders before paying the company’s creditors or setting aside the sums necessary to satisfy them, causing damage to the creditors;
  • with simulated or fraudulent acts, determine the majority in the meeting, with the aim of obtaining an unfair profit for himself or others.

4.4 Fairness, objectivity and protection of the person CheckSig is committed to respecting fundamental human rights, avoids any form of discrimination against its employees/collaborators, maintains a professional work environment free from harassment and other behaviors that contribute to creating an intimidating, offensive or humiliating environment. In particular:

• it is underlined to apply the principle of fair competition whereby each employee is hired with a regular employment contract and no form of irregular, child or “black work” is tolerated;
  • it is considered appropriate to create information and training on the prevention of accidents at work for its employees, through the planning of such activities (formerly art.9 Legislative Decree 626/94, resumed with Legislative Decree 81/08);
  • responsible behavior is encouraged on the part of all employees, adopting suitable working methodologies ensuring adequate measures to ensure full compliance with legislation on safety and prevention;
  • we aim to offer all company staff development opportunities based on skills and abilities, avoiding any form of discrimination linked to age, sex, race, state of health, nationality, political opinions and religious beliefs;
  • we intend to use updated technologies, suitable and increasingly focused on helping the employee, in order to eliminate unnecessary workload and/or situations of fatigue;
  • objective criteria are adopted in the selection, management and development of human resources. In particular, the evaluation of the personnel to be hired, consultants and evaluators by the Company is carried out, with the involvement of partners, investors and/or consultants, based on the correspondence of the candidates’ profiles with respect to company needs, in compliance with equal opportunities for all interested parties. Furthermore, CheckSig is committed to spreading and consolidating a culture of safety, developing risk awareness for all its operators as it considers its employees the vital force and dynamic lifeblood of how to “do business”. In addition to the safety-promoting standards defined within CheckSig, you must comply with local safety policies and procedures, which may vary depending on work requirements and local regulations applicable from time to time (e.g. in pandemic contexts). 4.5 Responsibilities Respect for the value of responsibility entails that CheckSig activities are carried out:

1. drawing inspiration from the principles of sound and prudent management, with the aim of being a solid, reliable, transparent company, open to innovation, interpreter of the ever-changing needs of customers, attentive to the needs and expectations of shareholders, interested in the best development and use of human resources and the most efficient company organisation;
   2. pursuing company interests in compliance with laws and regulations and recognizing competition as a positive stimulus to constantly improve the quality of products and services offered to customers, basing its commercial behavior on the principles of loyalty and correctness;
   3. protecting the company’s reputation and assets;
   4. seeking compatibility between economic initiative and environmental needs, not only in compliance with current legislation, but also taking into account the best experiences on the subject;
   5. supporting the social and economic growth of the territories where CheckSig is rooted, also with initiatives of a cultural, sporting nature and support for disadvantaged categories;
   6. promoting forms of sustainable economic development, with a view to protecting the interests and expectations of future generations. 4.6 Principles of conduct in relations with third parties Relationships with suppliers. Relationships and communications with the Company’s suppliers are based on the utmost correctness and compliance with current regulations as well as the principles of this Code of Ethics. Maximum importance is given to certifications relevant to operational safety and prevention principles. In the selection processes, suppliers are evaluated based on objective criteria, such as price and quality of service, offering each supplier equal opportunities, establishing the principle of cost/value analysis, in order to always verify the suitability of evaluation and acceptance. Suppliers are encouraged to carry out their activities following standards of conduct consistent with those indicated in this Code. Relationships with customers and the media. The Company undertakes to guarantee consumers an immediate, qualified and competent response to their needs, providing correct and truthful information on the validity of the certifications issued. The Company’s external communication is based on respect for correct, precise information and based on transparency procedures, strictly eliminating false or biased news and comments. The Company, already during the negotiation phase, sends all the necessary documentation to the Customer. Economic relationships with parties, trade unions and associations. The Company, with its own Code of Ethics applied in a vision of careful operational morality, does not finance political parties, their representatives or candidates either in Italy or abroad; does not sponsor conferences or parties that have a political propaganda purpose. CheckSig intends to remain absolutely free from any direct or indirect pressure on political leaders. The Company, however, in the context of proper moral attention, can cooperate with and/or make contributions to environmental, consumer protection and similar associations only when the following conditions simultaneously exist:
2. there are no profit-making, human exploitation or even hidden speculative purposes, and on the assumption that the associations operate on the basis of precise and regular statutes and/or articles of association and/or regulations, which must be attached to any requests for contributions and whose principles are compatible with those of this Code of Ethics;
   2. it is a purpose attributable to respect for the social community;
   3. the uses and purposes of the economic resources obtained by the Company are clearly documented; express and clear affirmation of the organizations mentioned for the pursuit of social and community goals and/or initiatives of national value. Relationships with Institutions. Relationships with the Public Administration, State Institutions and Supervisory and Control Authorities must be maintained in absolute compliance with the applicable legal and regulatory requirements. To this end, CheckSig is strictly committed to:
3. establish transparent and stable channels of communication with institutional interlocutors at community, national, provincial and municipal levels;
   2. represent the company’s interests and positions in a transparent, rigorous and coherent manner, avoiding any collusive attitude, always placing the principles of this Code of Ethics first for its own business and for safeguarding the work of its employees.
4. Code violations and sanctions Compliance with the rules of this Code of Ethics must be considered an essential part of the contractual obligations of employees and of all recipients of the Code itself in general, including external collaborators, consultants and any other person having business relations with the Company. To protect its image and safeguard its resources, the Company will not entertain relationships of any kind with subjects who do not intend to operate in strict compliance with current legislation and/or who refuse to behave according to the values ​​and principles set out in this Code. 5.1 Reports of violations In order to guarantee the effective application of the Code, the Company requires all those who become aware of any cases of non-compliance with this document to report it to the line manager identified according to the company organization chart or to the competent representatives of Human Resources or the Legal and Compliance function, or, in cases where the report is not effective or appropriate, they must contact top management directly. When appropriate, reports can be submitted confidentially or through communication channels reserved for employees (on this point, please refer to the Whistleblowing Policy). All reports are adequately detailed. The Legal and Compliance function ascertains the validity of the report, promptly checks the information transmitted with due attention, and decides on the possible application of disciplinary sanctions or the activation of contractual termination mechanisms. CheckSig does not tolerate any form of retaliation against those who report in good faith or who cooperate in a compliance investigation. Making a report in good faith means that the employee or collaborator believes that there is a possible violation of the law or the Code and, even if the report turns out to be unfounded, provides all the information in his or her possession. It should be noted that any form of retaliation against those who have made reports in good faith of possible violations of the Code itself and the behavior of those who accuse other employees of violation, with the knowledge that such violation does not exist, also constitute a violation of the Code. 5.2 Disciplinary system Violation of the principles established in the Code of Ethics and in company procedures compromises the relationship of trust between the Company and anyone who commits the violation (directors, employees, customers, suppliers, consultants, etc.). Violations, once ascertained, will be prosecuted promptly and immediately, through the adoption, compatibly with the provisions of the current regulatory framework, of adequate and proportionate disciplinary measures, regardless of the possible criminal relevance of such behavior and the establishment of criminal proceedings in cases where they constitute a crime. The Company wants to establish precise disciplinary measures to ensure that abnormal situations do not arise at work that could create discrepancies in the homogeneous management of behavior and procedures. More precisely, the Company introduces at the level of disciplinary measures:

• sanctioning measures:
  a. verbal reprimand;
  b. written reprimand;
  c. suspension from service and remuneration for a period not exceeding 10 days;
  d. dismissal for significant failure to fulfill the employee’s contractual obligations (justified reason);
  And. dismissal for a fault so serious that it does not allow the continuation, even temporary, of the relationship (just cause);
• precautionary measures: to. removal from the service for precautionary reasons with maintenance of economic treatment for workers subjected to criminal proceedings also for crimes resulting in liability pursuant to Legislative Decree 231/2001; b. temporary removal of the worker from the service for the time strictly necessary, when required by the nature of the shortcoming or the need for investigations, pending the resolution of the definitive disciplinary measure. Violations committed by managers, depending on their severity, may entail not only expulsion sanctions, but also, based on the jurisprudential interpretations on the matter, conservative sanctions borrowed from those applicable to other employees. In relation to directors, the disciplinary measures applicable to them are:
• the warning;
  • the revocation of delegations with consequent reduction in emoluments;
  • revocation pursuant to art. 2383 c.c. With regards to violations committed within the scope of its duties by the Legal and Compliance function, the Board of Directors takes appropriate measures. The commission of disciplinary infractions by third parties may determine, according to the seriousness of the facts and in compliance with what is regulated in the specific contractual relationship:
• the warning to promptly comply with the provisions and principles established in the Code of Ethics;
  • the application of a penalty, conventionally set at a percentage not exceeding 10% of the agreed fee;
  • the termination of the relevant contract, without prejudice to the right to request compensation for damages incurred as a consequence of said conduct, including damages caused by the application by the judge of the precautionary or sanctioning measures provided for by Legislative Decree 231/2001, if the violation causes financial damage to the Company or exposes it to an objective situation of danger of the damage itself.