Organization, Management and Control Model

1. FOREWORD
2. LEGAL FRAMEWORK AND SCOPE OF THE DECREE
3. OFFENSES UNDER THE DECREE
4. THE SANCTIONS.
5. THE TENTATIVE.
6. THE VENUE FOR ESTABLISHING RESPONSIBILITY
7. THE COMPANY'S DISCLAIMER
8. THE SUITABILITY OF THE ORGANIZATIONAL MODEL ADOPTED
9. THE CONFINDUSTRY GUIDELINES
10. THE ORGANIZATION, MANAGEMENT AND CONTROL MODEL OF ETNA HITECH S.C.P.A.
11. THE COMPONENTS OF THE ETNA HITECH S.C.P.A. MODEL.

With the entry into force of Legislative Decree No. 231 of June 8, 2001, regulating the "administrative responsibility of legal persons, companies and associations, including those without legal personality," a form of administrative responsibility was introduced within Italian legislation for acts of crime committed by apical or subordinate corporate functions permanently included within the corporate organization.

The Italian legislature has, in this way, conformed to a series of EU and international measures, aimed, precisely, at establishing liability also for companies, as an exception to the long-standing and well-established principle "societas delinquere non potest."

The Legislative Decree under review, however, allows legal persons to benefit from an exclusion of liability if they adopt and effectively implement an "organizational, management and control model," which provides for "appropriate measures to ensure the performance of the activity, in compliance with the law and to discover and eliminate risk situations in a timely manner" (see Article 7 paragraph 3 of the Decree).

In essence, in order to avoid a charge as an accomplice to the offender, the collective entity must demonstrate its "organizational diligence," that is, it must prove that it has adopted and effectively implemented an adequate structure of legality, containing the so-called "risk of crime."

In adherence to the requirements of Legislative Decree 231/2001, the Board of Directors of Etna Hitech S.c.p.A. (hereinafter, also EHT) has, therefore, initiated a work plan, in order to elaborate an Organization, Management and Control Model, responsive to the concrete reality of the consortium and representative of the organizational, operational and control precautions in place, in order to prevent the commission of crimes, in the interest or to the advantage of the consortium company.

The work plan was concluded with the formal adoption by the Board of Directors of Etna Hitech S.c.p.A. on 03/30/2022 of the Organization, Management and Control Model.

In November 2022, the Organization, Management and Control Model was further updated from the previous version by reference to the new "Guidelines" of Confindustria, issued in June 2021, as well as by incorporation of a series of regulatory changes regarding, specifically:

• The introduction of the new Article 25 octies 1 Legislative Decree 231/2001, dealing with "offenses related to non-cash payment instruments" (Legislative Decree 184/2021 "Implementation of Directive (EU) 2019/713 of the European Parliament and of the Council of 17.4.2019 on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA", in force since 14.12.2021);
• The introduction of the new Articles 25- septiesdecies and 25- duodevicies of Legislative Decree 231/2001, respectively, dealing with "crimes against cultural heritage" and "laundering of cultural property and devastation and looting of cultural and scenic heritage" (Law No. 22, dated 9.3.2022 "Provisions on crimes against cultural heritage," in force since 23.3.2022);
• amendments to the crimes of receiving stolen goods, money laundering, use of money, goods and utilities of unlawful origin and self-money laundering, provided for in Article 25 octies of Legislative Decree 231/2001 (Legislative Decree 195/2021 "Implementation of Directive (EU) 2018/1673 on Combating Money Laundering through Criminal Law," effective 12/15/2021);
• The amendments to certain offenses, provided for by art. 24 bis d.lgs. 231/2001, in relation to "computer crimes and unlawful data processing," art. 25 quinquies d.lgs. 231/2001, in relation to "crimes against the individual personality," art. 25 sexies d.lgs. 231/2001, in relation to "crimes of market abuse" (Law 238/2021 "Provisions for the fulfillment of obligations arising from Italy's membership of the European Union-European Law 2019-2020", in force from 1.2.2022);
• the amendments to Article 24 bis Legislative Decree 231/2001, in relation to the crimes of "embezzlement to the detriment of the State", "undue receipt of disbursements to the detriment of the State" and "aggravated fraud to obtain public disbursements" (Law 27.1.2022 no. 25 "Conversion into law with amendments of d.l. 271.1.2022 No. 4 "Urgent measures on support for enterprises and economic operators, labor, health and territorial services, related to the emergency from Covid- 19, as well as for the containment of the effects of price increases in the electricity sector" 2020", in force since 29.3.2022).

In September 2024, the Organization, Management and Control Model was updated again, by: 1) incorporating the requirements of Legislative Decree No. 24/2023, regarding "whistleblowing" and inserting the new predicate offenses under Article 353 of the Criminal Code (disruption of freedom of tenders), Article 353- bis c.p. (disturbed freedom of the procedure for choosing a contractor), art. 512- bis c.p. (fraudulent transfer of valuables) and art. 255 d.lgs. 3.4.2006 no. 152 (abandonment of waste), introduced by Law 9.10.2023 no. 137, which came into force on 10.10.2023; 2) incorporation of the requirements of Law 28 June 2024, no. 90, which entered into force on July 17, 2024, having as its object the "provisions on the strengthening of national cybersecurity and computer crimes"; this law has, with reference to the relevant incriminating cases, pursuant to and for the purposes of Legislative Decree No. 231/2001 and Article 24- bis of Legislative Decree No. 231/2001, introduced the following amendments: - tightening of penalties in relation to the aggravating circumstances set forth in Art. 615- ter of the Criminal Code (abusive access to a computer or telematic system) and in the case where the abusive introduction occurs in a system of military interest or relating to public order or public safety or health or civil protection or otherwise of public interest (third paragraph art. 615- ter of the Criminal Code); - Tightening of penalties in relation to the aggravating circumstances referred to in Article 615- quater of the Criminal Code (possession, dissemination and unauthorized installation of equipment, codes and other means of access to computer or telematic systems); - Repeal of Article 615- quinquies of the Criminal Code. pen. (possession, dissemination and abusive installation of equipment, devices or computer programs aimed at damaging or interrupting a computer or telematic system); - introduction of amendments and tightening of penalties in relation to the aggravating circumstances set forth in Article 617-quater of the Penal Code. (unlawful interception, obstruction or interruption of computer or telematic communications), with simultaneous repeal of the aggravating circumstance set forth in the third paragraph of the crime under consideration, which provided for an aggravation of punishment and ex officio prosecution, in the event that the crime was committed by "one who abusively exercised the profession of private investigator"; - extension of the application of the aggravating circumstances set forth in Art. 617- quater fourth paragraph nos. 1 and 2 of the Criminal Code to the crime referred to in Article 617- quinquies of the Criminal Code;- introduction of the mitigating circumstances referred to in the new Article 623- quater of the Criminal Code, in relation to the crimes referred to in Articles 615- ter, 615- quater, 617- quater and 617- quinquies of the Criminal Code, in the case of a minor fact;- introduction of the new crime of "computer extortion," by insertion of the third paragraph of Article 629 of the Criminal Code;- introduction of amendments and tightening of penalties in relation to the aggravating circumstances referred to in Articles. 635- bis, 635- ter and 635 - quater of the Criminal Code;- introduction of the new crime of "unlawful possession, dissemination and installation of computer equipment, devices or programs aimed at damaging or interrupting a computer or telematic system," provided for in Article 635- quater.1 cod. pen.;- replacement of the normative dictate of art. 635- quinquies cod. pen.;- provision of the new paragraph 1- bis of art. 24- bis d.lgs. 231/2001, which provides for the introduction among the predicate offenses of "computer extortion" and "unlawful possession, dissemination and installation of equipment, devices or computer programs aimed at damaging or interrupting a computer or telematic system," with possible application of prohibitory sanctions in relation to the crime of "computer extortion"; 3) insertion, by virtue of Decree-Law No. 19 of 2.3.2024, converted into Law No. 56 of 29.4.2024, of the second paragraph of Art. 512-bis of the Criminal Code. (fraudulent transfer of values), which establishes that this crime hypothesis also applies to the person who, in order to evade the provisions on anti-mafia documentation, fictitiously assigns to others the ownership of enterprises, company shares or shares or corporate offices, if the entrepreneur or company participates in procedures for the award or execution of contracts or concessions; 4) repeal of art. 323 of the Criminal Code (abuse of office) and amendment of Art. 346- bis of the Criminal Code (trafficking in unlawful influence), by virtue of the entry into force of Law No. 114 of 9.8.2024; 5) entry into force of Art. 314- bis of the Criminal Code (undue destination of money or movable property) by virtue of Law No. 112 of 8.8.2024 converting Decree-Law No. 92 of 4.7.2024.

Like the previous version, the current version of the Organization, Management and Control Model-approved by the Board of Directors of Etna Hitech S.c.p.A. (or EHT S.c.p.A.) on Nov. 18, 2024-is intended to ensure that the management of the consortium company takes place in compliance with the principles of legality, fairness, transparency and traceability and in accordance with procedures, operating instructions and work practices that comply with the regulatory dictate.

Legislative Decree No. 231 of June 8, 2001 (also referred to in the text of this Model as the "Decree") introduces the liability of companies for offenses committed, in their interest or to their advantage, by individuals included, on a permanent basis, within the corporate organization to which they belong and, specifically:

1. by so-called apical persons (i.e., pursuant to Article 5, paragraph 1 of the Decree, "persons who hold functions of representation, administration, management of the entity or one of its organizational units with financial and functional autonomy, as well as persons who exercise, also de facto, the management and control of the entity");
2. By individuals subject to the direction and supervision of the aforementioned senior figures.

By virtue of the regulations under consideration, the liability of corporations is added, as an accomplice, to that of the natural person, perpetrator of a crime, included, within the corporate structure, in the capacity, precisely, of an apical person or person subject to the direction or supervision of others.

The recipients of the Decree are entities provided with legal personality, companies and associations, including those without legal personality. Conversely, the State, territorial Public Entities, other non-economic Public Entities, as well as Entities that perform functions of constitutional importance are, expressly, excluded from the application of the scope of validity of the regulations under consideration.

The Decree applies, both to crimes committed in Italy and those committed abroad, provided that the entity has its head office in the territory of the Italian state and against it, the state of the place where the crime was committed does not prosecute.

Companies are not, however, called to answer for every crime committed by apical or subordinate individuals, falling under their organization, but only for those strictly provided for by the Decree, namely:

• crimes against the Public Administration, i.e., bribery for the exercise of a function (art. 318 of the Criminal Code); bribery for an act contrary to official duties (art. 319 of the Criminal Code); bribery in judicial acts (art. 319-ter of the Criminal Code); incitement to bribery (art. 322 of the Criminal Code); extortion (art. 317 of the Criminal Code); trafficking in unlawful influence (art. 346-bis of the Criminal Code); embezzlement of public funds (art. 316-bis of the Criminal Code; only when the act offends the interests of the European Union); undue receipt of public funds (art. 316-ter c.p.; only when the act offends the interests of the European Union)1; undue inducement to give or promise benefits (art. 319-quater c.p.); trafficking in unlawful influence (art. 346-bis c.p. as amended by Law No. 114 of 9.8.2024); embezzlement, extortion, undue inducement to give or promise benefits, bribery and incitement to bribery of members of the International Criminal Court or organs of the European Communities and officials of the European Communities and Foreign States (art. 322 bis of the Criminal Code); embezzlement (art. 314, first paragraph of the Criminal Code; only when the act offends the interests of the European Union); embezzlement by profiting from the error of others (art. 316 of the Criminal Code; only when the act offends the interests of the European Union); abuse of office (art. 323 of the Criminal Code; only when the act offends the interests of the European Union; repealed by Law 9.8.2024 no. 114); disruption of freedom of competitive bidding (Article 353 of the Criminal Code) (crime introduced by Law No. 137 of 9.10.2023, entered into force on 10.10.2023); disruption of freedom of the procedure for choosing a contractor (Article 353- bis of the Criminal Code) (crime introduced by Law No. 137 of 9.10.2023, entered into force on 10.10.2023); undue destination of money or movable property (Article 314 bis of the Criminal Code) (crime introduced by Law No. 112 of 8.8.2024);
• crimes against property by fraud, namely, fraud against the State or other Public Entity or the European Communities (art. 640, paragraph 2, no. 1, Criminal Code), aggravated fraud to obtain public funds (art. 640-bis Criminal Code)1, computer fraud against the State or other Public Entity (art. 640-ter Criminal Code)2, and fraud in public supplies (art. 356 Criminal Code);
• so-called corporate crimes, namely, false corporate communications (Article 2621 Civil Code), false corporate communications of listed companies (Article 2622 Civil Code), impeded control (Article 2625, paragraph 2, Civil Code), fictitious capital formation (Article 2632 c.c.), undue return of contributions (art. 2626 c.c.), illegal distribution of profits and reserves (art. 2627 c.c.), unlawful transactions on shares or quotas of the company or the parent company (art. 2628 c.c.), transactions to the detriment of creditors (art. 2629 civil code), unlawful distribution of corporate assets by liquidators (art. 2633 civil code), unlawful influence on the shareholders' meeting (art. 2636 civil code), market rigging (art. 2637 civil code), failure to disclose conflict of interest (art. 2629-bis civil code), obstructing the exercise of the functions of public supervisory authorities (art. 2638, paragraphs 1 and 2, civil code), bribery among private parties (art. 2635 civil code), incitement to bribery among private parties (art. 2635 bis civil code). (Article 34 of Law No. 262 of December 28, 2005 (laying down provisions for the protection of savings and the regulation of financial markets and also known as the "Savings Law") included the case of false prospectus, in the list of offenses provided for by Legislative Decree 58/98 (TUF), in Article 173-bis, repealing, at the same time, Article 2623 civil code. The aforementioned repeal would seem to entail a removal of the offence of false prospectus, from the list of so-called predicate offences, pursuant to Legislative Decree 231/2001, with the consequent disappearance of the entity's administrative liability for this crime hypothesis. This would seem to be the thesis accepted by the majority doctrine; however, it is important to note the existence of an orientation, albeit a minority one, which believes that, despite the transposition of the case in the TUF, false prospectus continues to be relevant for the purposes of the occurrence of the administrative liability of the entity);
• tax crimes and, specifically, fraudulent declaration through the use of invoices or other documents for nonexistent transactions (Art. 2 Legislative Decree No. 74/2000); fraudulent declaration through other artifices (Art. 3 Legislative Decree No. 74/2000); issuance of invoices for nonexistent transactions (Art. 8 Legislative Decree No. 74/2000); concealment or destruction of accounting documents (Art. 10 Legislative Decree No. 74/2000); fraudulent evasion of tax payments (Art. 11 legislative decree no. 74/2000) (art. 25- quinquiesdecies legislative decree no. 231/2001, introduced by Law no. 157 of 19.12.2019); misrepresentation (art. 4 legislative decree no. 74/2000; the crime in question applies to companies, only if it is committed as part of cross-border fraudulent schemes and for the purpose of evading value added tax for a total amount of not less than ten million euros); failure to make a declaration (art. 5 Legislative Decree No. 74/2000; the offense under consideration applies to companies, only if it is committed as part of fraudulent cross-border schemes and for the purpose of evading value-added tax for a total amount of not less than ten million euros); undue compensation (Art. 10c Legislative Decree No. 74/2000; the crime in question applies to companies, only if it is committed as part of fraudulent cross-border schemes and for the purpose of evading value added tax for a total amount of not less than ten million euros) (art. 25- quinquiesdecies d.lgs. 231/2001, introduced by Law no. 157 of 19.12.2019 and amended by art. 5 d.lgs. 14.7.2020 no. 75);
• crimes against public faith, namely, forgery of money, public credit cards and stamps, and instruments and identifying marks;
• crimes with the purpose of terrorism and subversion of the democratic order, provided for in the Criminal Code, special laws and the New York Convention;
• Crimes of reduction or maintenance in slavery or servitude, trafficking in persons, purchase or alienation of slaves, induction, aiding and abetting and exploitation of child prostitution, distribution or advertising, including by telematic means, of pornographic material having as its object minors, exploitation of minors for the purpose of production of pornographic material, solicitation and sexual exploitation of minors, transfer and possession of or access to pornographic material1 produced through the sexual exploitation of minors, organization of travel for the purpose of exploitation of child prostitution; crimes of mutilation of female genital organs;
• Crimes and administrative offenses of insider trading and market manipulation;
• whether, committed in the form of "transnational crime" (a case coined by l. no. 146/2006), that is, by the commission of the "crime punishable by imprisonment of not less than a maximum of four years, if an organized criminal group is involved, as well as: (a) it is committed in more than one state; (b) or it is committed in one state, but a substantial part of its preparation, planning, direction or control takes place in another state; (c) or it is committed in one state, but an organized criminal group is involved in it, engaged in criminal activities in more than one state; (d) or it is committed in one state, but has substantial effects in another state": i) the crimes of simple criminal association (Art. 416 c.p.), ii) mafia-type associations, including foreign ones (art. 416 bis c.p.), iii) inducement not to make statements or to make false statements to the judicial authorities (art. 377 bis c.p.), iv) aiding and abetting (art. 378 c.p.), v) money laundering (art. 648 bis c.p.), vi) use of money, goods or utilities of illegal origin (art. 648 ter of the Criminal Code), vii) criminal association for the purpose of smuggling foreign processed tobacco products (art. 291 quater of Presidential Decree 43/1973), viii) association for the purpose of illegal trafficking in narcotic drugs or psychotropic substances (art. 74 of Presidential Decree 309/1990), ix) provisions against illegal immigration (art. 12 paragraph 3, 3 bis, 3 ter and 5 of Legislative Decree 286/98);
• Crimes of culpable homicide and grievous or very grievous bodily harm committed in violation of accident-prevention regulations and the protection of hygiene and health at work (cases introduced under Art. 9, Law No. 123 of August 3, 2007);
• Crimes of receiving, laundering and using money, goods or utilities of illicit origin, as well as self-money laundering (Art. 648 c.p., Art. 648 bis. c.p. and 648 ter c.p., Art. 648-ter.1 c.p.);
• computer crimes and, in particular, abusive access to a computer or telematic system (art. 615- ter of the Criminal Code), abusive possession and dissemination of access codes to computer or telematic systems (art. 615- quater of the Criminal Code), unlawful interception, impediment or interruption of computer or telematic communications (art. 617- quater c.p.), installation of equipment designed to intercept (art. 617- quinquies c.p.), dissemination of equipment, devices or computer programs aimed at damaging or interrupting a computer or telematic system (art. 615- quinquies c.p.- repealed by Law No. 90 of 28.6.2024), damaging computer information, data and programs (Article 635- bis of the Criminal Code), damaging computer information, data and programs used by the State or other public body or otherwise of public utility (Article 635- ter of the Criminal Code), damaging computer or telematic systems (Article 635- quater of the Criminal Code), damaging computer or telematic systems of public utility (Article 635- quinquies of the Criminal Code.), computer fraud of the person providing electronic signature certification services (art. 640- quinquies c.p.) (cases introduced by virtue of law 18.3.2008, no. 48)1; computer extortion (art. 629 third paragraph c.p. introduced by law 28.6.2024 no. 90); unlawful possession, dissemination and installation of computer equipment, devices or programs aimed at damaging or interrupting a computer or telematic system" (art. 635- quater.1 Criminal Code, introduced by Law No. 90 of 28.6.2024);
• offense referred to in Art. 1 Paragraph 11 Decree-Law No. 105 of 21.9.2019, converted into Law No. 133 of 18.11.2019 and titled "Urgent Provisions on the Perimeter of National Cybersecurity," in case of violation of the obligations therein;
• organized crime crimes and specifically: criminal conspiracy, mafia-type associations including foreign ones, political-mafia electoral exchange, kidnapping for the purpose of robbery or extortion, association for the purpose of illicit trafficking in psychotropic or narcotic substances, production, trafficking and illicit possession of narcotic or psychotropic substances;
• crimes against industry and commerce and, namely: crimes of disturbing freedom of industry or commerce, unlawful competition with threats or violence, fraud against national industries, fraud in the exercise of commerce, sale of foodstuffs that are not genuine as genuine, sale of industrial products with mendacious signs, manufacture and trade of goods made, by usurping industrial property titles, counterfeiting of geographical indications or designations of origin of agri-food products; fraudulent transfer of valuables;
• Copyright infringement offenses, namely: crimes of making available to the public, in a system of telematic networks, by means of connections of any kind, a protected intellectual work, or part thereof, of unauthorized duplication, sale, possession for commercial purposes, rental of computer programs or computerized databases, unauthorized duplication, dissemination or transmission in public, of cinematographic works, sequences of moving images, works or parts of literary, dramatic, scientific or educational musical or dramatic-musical, or multimedia, even if included in collective or composite works or databases, failure to perform or false attestation in the performance of SIAE obligations, as well as the production, sale, importation, promotion installation, modification, use for public and private use, for fraudulent purposes, of equipment or parts of equipment suitable for decoding audiovisual transmissions with conditional access made over the air, by satellite, by cable, in both analog and digital form;
• Inducement not to make statements or to make false statements to the Judicial Authority;
• environmental offenses and, namely: activities of unlawful discharge, emission or introduction of hazardous substances or ionizing radiation (Article 137, paragraphs 2, 3, 5, 11 and 13, Legislative Decree No. 152/2006); abandonment or uncontrolled storage of waste committed by a company owner and entity manager (Art. 255 Legislative Decree no. 152, 3.4.2006)1; unauthorized waste management activity (Article 256, paragraphs 1, lett. a) and b), 3, 5 and 6, Legislative Decree no. 152/2006); failure to comply with the requirements for authorizations, registrations and communications regarding waste management (Article 256, c. 4, D. Lgs. no. 152/2006); activities of pollution of the soil, subsoil, surface water or groundwater with the exceeding of risk threshold concentrations (Article 257, c. 1 and 2, D. Lgs. no. 152/2006); waste transport activities in the absence of the documentation prescribed by the sector regulations (Article 258, c. 4, D. Lgs. no. 152/2006); waste shipment activities, constituting illegal trafficking pursuant to Article 26, of Regulation (EEC) February 1, 1993, no. 259; shipment of waste listed in Annex II, in violation of Article 1, paragraph 3, lett. a) b), c) of the aforementioned regulation (Article 259, paragraph 1, Legislative Decree no. 152/2006); activities organized for the illegal trafficking of waste (Article 452- quaterdecies of the Criminal Code); violations inherent to the "SISTRI" system (Article 260 bis, Legislative Decree no. 152/2006); violations of the regime of atmospheric emissions in the operation of an establishment (article 279, paragraph 5, Legislative Decree no. 152/2006); activities of trade, transport or possession of certain protected animal and plant species (articles 1, paragraphs 1 and 2; 2, paragraphs 1 and 2; 6, paragraph 4, Law 150/1992); falsifications inherent to C.I.T.E.S. in relation to protected species (article 3 bis, paragraph 1, Law no. 150/1992); use of ozone and environmentally damaging substances (article 3, paragraph 6, lg. no. 549/1993); intentional or negligent pollution caused by vessels (articles 8, paragraphs 1 and 2, and 9, paragraphs 1 and 2, D. Legislative Decree No. 202/2007); killing or possession of specimens of protected wild animal or plant species (Article 727 bis, Criminal Code); damage to a habitat within a protected site (Article 733 bis, Criminal Code);
• Employment of third-country nationals whose stay is irregular;
• Illicit intermediation and exploitation of labor (Article 603 bis of the Criminal Code);
• Incitement and incitement to racism and xenophobia (European Law 20.11.2017 No. 167);
• smuggling offenses, pursuant to Presidential Decree No. 43, 23.1.1973, when the amount of border fees due is more than ten thousand euros (Article 25 sexiesdecies of Legislative Decree 231/2001);
• Crimes relating to non-cash payment instruments, referred to in Article 25 octies.1 Legislative Decree No. 231/2001, introduced by Legislative Decree No. 184 of 8.11.2021 "Implementation of Directive (EU) 2019/713 of the European Parliament and of the Council of 17.4.2019 on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA", in force since 14.12.2021, namely: undue use and counterfeiting of non-cash payment instruments (art. 493 ter of the Criminal Code.), possession and dissemination of equipment, devices, computer programs aimed at committing crimes concerning non-cash payment instruments (art. 493 quater of the Criminal Code), computer fraud integrated with conduct that produces a transfer of money, monetary value or virtual currency (640 ter of the Criminal Code), any other crime against public faith, against property or otherwise offending property provided for in the Criminal Code when it concerns payment instruments other than cash;
• Crimes against cultural heritage, referred to in Art. 25 septiesdecies of Legislative Decree 231/2001, and the crime of laundering of cultural property and devastation and looting of cultural and scenic heritage, referred to in Art. 25- duodevicies of Legislative Decree 231/2001, both introduced by Law 9.3.2022 No. 22 "Provisions on crimes against cultural heritage," in force since 23.3.2022.

The penalties provided for offenses committed by entities are (i) pecuniary penalties; (ii) disqualification penalties applicable, including as a precautionary measure, in cases of "particular gravity"; (iii) confiscation of the price or profit of the offense; and (iv) publication of the judgment.

4.1 Pecuniary Penalties

Monetary penalties are administrative in nature and apply, always, even if the legal person repairs the consequences arising from the crime.

The commensuration of the penalty is determined according to a twofold criterion:

1. Determination of quotas in a number of not less than 100 and not more than 1,000;
2. attribution, to each individual share, of a value ranging from a minimum of € 258.00 to a maximum of € 1,549.00 (based on the economic and patrimonial conditions of the entity).

Specifically, the financial penalties can range, between a minimum of €25,822.84 (reducible, pursuant to Article 12 of the Decree, up to half) and a maximum of €1,549,370.69.

The Judge determines the number of shares, taking into account:

1. Of the seriousness of the fact;
2. Of the degree of the entity's liability;
3. of the activity performed, to eliminate or mitigate the consequences of the act and to prevent the commission of further offenses.

4.2 Disqualifying Sanctions

These are penalties in addition to pecuniary penalties and have the function of preventing the reiteration of the crime. They are, specifically, the following:

1. Disqualification from practice;
2. Ban on contracting with the public administration;
3. suspension or revocation of authorizations, licenses or concessions functional to the commission of the offense;
4. exclusion from facilitations, financing, contributions and subsidies, and/or the revocation of any already granted;
5. Ban on advertising goods or services.

In the case of multiple offenses, the penalty provided for the most serious one applies.

The duration of the disqualification is, in general, temporary (from a minimum of 3 months to a maximum of 2 years), with the exclusion of a number of peremptory hypotheses, in relation to which the temporary nature of the disqualification is replaced by its finality. By way of example:

1. In case of recurrence of the criminal act;
2. In case of significant profit;
3. In case of recurrence at least three times in the past seven years.

We also point out the possible continuation of the activity of the entity, (in lieu of the imposition of the sanction), by a Commissioner, appointed by the Judge, pursuant to Article 15 of Legislative Decree 231/2001, upon the occurrence of the following conditions:

1. the entity performs a public service or a service of public necessity, the interruption of which may cause serious harm to the community;
2. the interruption of the institution's activity may cause, taking into account its size and the economic conditions of the area in which it is located, significant employment repercussions.

4.3 Confiscation

It is a penalty applicable, concurrently, with the issuance of the conviction and consists of the confiscation, by the Judicial Authority, of the price or profit, generated by the crime, excluding the part of it that can be returned to the injured party.

If confiscation of the proceeds or profit of the crime is not possible, sums of money, property or other utilities of equivalent value to the price or profit of the crime are confiscated.

4.4 Publication of the judgment of conviction

Publication of the conviction is ordered when a disqualification sanction is imposed against the entity.

The judgment shall be published, at the expense of the condemned legal entity, once only, by excerpt or in full, in one or more newspapers specified by the Judge, in the judgment, as well as by posting, in the municipality where the entity has its principal office.

In cases of the commission of the offenses provided for in Decree 231/2001, in the form of attempt, the financial penalties and disqualification sanctions are reduced by one third to one half; the imposition of sanctions is, however, excluded, in cases where the company voluntarily prevents the commission of the action or the realization of the event (see Article 26 of the Decree).

In such a case, the non-application of the penalty is justified because of the interruption of any relationship of organic immedesimation between the company and the individuals who assume to act, in its name and on its behalf.

The liability of the entity, by reason of the commission of an act of crime, in its interest or to its advantage, is established, as part of criminal proceedings.

The Decree provides, in fact, that: "jurisdiction to hear administrative offenses of the entity belongs to the criminal court competent for the crimes on which the offenses depend. For the proceedings to determine the administrative offence of the entity, the provisions on the composition of the court and related procedural provisions relating to the crimes on which the administrative offence depends shall be observed" (see Article 36).

As a rule, the proceedings for the investigation of the company's administrative offense are combined with the criminal proceedings instituted against the perpetrator of the crime on which the offense depends (see Article 38 of the Decree).

The Decree specifically stipulates the cases in which separation of the two proceedings is allowed.

In the event of the commission of a crime by an apical function or corporate subordinate, the company may exclude its liability in criminal proceedings by providing evidence of the following circumstances:

1. that the crime was not committed, in his interest or to his advantage, but rather, in the exclusive interest or advantage of the individual, perpetrator of the crime;
2. In case the crime is committed by an apical person:
   • that the "management body" of the company, prior to the commission of the act, adopted and effectively implemented an Organization, Management and Control Model suitable for preventing crimes of the kind that occurred;
   • that the task of supervising the operation of and compliance with the adopted Organization and Management Model, and the task of taking care of its updating, has been entrusted to a Supervisory Board, endowed with autonomous powers of initiative and control;
   • that the perpetrator engaged in the illegal conduct by fraudulently circumventing the adopted Organization, Management and Control Model;
   • That there was no omission or insufficient supervision, on the part of the established Supervisory Board;
3. Where the crime is committed by a person under the direction or supervision of others:
   • that its "management body," prior to the commission of the offense, adopted and effectively implemented an Organization, Management and Control Model suitable for preventing crimes of the kind that occurred.
   • In this regard, in fact, the Decree establishes that "in any case, non-compliance with the obligations of management or supervision is excluded if the entity, prior to the commission of the crime, has adopted and effectively implemented an Organization, Management and Control Model suitable to prevent crimes of the kind that have occurred" (see Art. 7 paragraph 2 of Legislative Decree 231/2001).

The adoption and effective implementation of an Organization, Management and Control Model, at a stage prior to the commission of an offense, may result in an exclusion of liability for the company, provided that such a Model is deemed "suitable," i.e., provided that it has the following characteristics (see Art. 6, paragraph 2 Decree):

1. identifies the sphere of activity, within the scope of which crimes can be committed;
2. provides for specific protocols, aimed at planning the formation and implementation of the company's decisions, in order to prevent the risk of crime;
3. Identifies ways of managing financial resources, suitable for preventing the commission of crimes;
4. creates information obligations to the body, which is responsible for supervising the operation and compliance with the Model;
5. Establish an appropriate disciplinary system to punish non-compliance with the measures specified in the Model.

Article 7 paragraph 3 of the Decree also prescribes how the Organization Model must provide, "in relation to the nature and size of the organization, as well as the type of activity carried out, appropriate measures to ensure the performance of the activity in compliance with the law and to discover and eliminate risk situations in a timely manner."

In essence, the Organization, Management and Control Model in order to be "suitable" must crystallize and photograph the real structure of the company under analysis, taking into account the economic sector in which it operates, its size, its institutional and organizational arrangements, and the specific activity carried out.

In line with the requirements set forth in the Decree, Confindustria developed an initial version of "Guidelines for the Construction of Organizational Models," which was approved in the year 2004.

These Guidelines were, therefore, updated, in the year 2014 and, subsequently, in June 2021, taking into account the legislative (due to the introduction of new cases of crime) and jurisprudential changes, which have occurred, since the Decree came into force, until its subsequent revision.

The key points that the "Guidelines" identify, in the "construction of Models," can be outlined as follows:

1. Activities to identify areas or processes at risk;
2. Adoption of an internal control system, suitable for preventing the risk of commission of crimes, through the adoption of appropriate protocols.

The most relevant components of the internal control system, devised by Confindustria, are:

1. the code of ethics;
2. The company's internal organizational system;
3. manual and computer procedures;
4. authorizing and signing powers;
5. integrated control and management systems, including for the purpose of so-called "tax compliance," to ensure compliance with the requirements of tax regulations and to have an effective "tax risk detection, measurement, management and control system."
6. the existence of an organizational structure and articulation of company functions that ensures the appropriate technical skills and powers necessary to assess, manage and control the risk to workers' health and safety and that takes into account the nature and size of the enterprise and the characteristics of the activity carried out;
7. communication to staff, their education, involvement and training;
8. The planned monitoring of risk prevention and protection measures in occupational health and safety management;
9. the provision and effective implementation of information flows to the Supervisory Board and the advisability of an exchange of information flows also between Control Bodies (Supervisory Board, Board of Auditors, Internal Audit - if any), on the outcomes of inspections that have relevance pursuant to Legislative Decree 231/2001, in order to avoid duplication of activities and the risk of an "information short-circuit."
10. The provision of a reporting system in accordance with the provisions of Article 6 paragraph 2 bis of Legislative Decree No. 231/2001 (introduced by Law No. 179 of 30.11.2017, having as its object the "provisions for the protection of the authors of reports of crimes or irregularities of which they have become aware, in the context of a public or private job"), in relation to the reporting channels, the guarantee of confidentiality of the reporter, the prohibition of retaliatory acts and the integration of the disciplinary system (so-called "whistleblowing").

The components of the control system should be guided by the following principles:

1. verifiability, documentability, consistency and congruence of each operation;
2. Application of the principle of separation of functions (no one can independently manage an entire process);
3. documentation of controls;
4. "whistleblowing;
5. Disclosure of non-financial information;
6. Provision of an adequate system of sanctions, for violation of the rules of the code of ethics and the procedures set forth in the model;
7. identification of the requirements of the Supervisory Board, which can be summarized as autonomy and independence; professionalism; and continuity of action;
8. The provision of financial resource management arrangements;
9. The information obligations of the Supervisory Board.

Failure to comply with the specific points of the Guidelines does not invalidate the validity of the Organizational Model adopted, which, conversely, must take into account, indispensably, the concrete and specific corporate reality of reference.

10.1 Purpose and Components of the Model

With this Organization, Management and Control Model, Etna Hitech S.c.p.A. intends to provide itself with a structured and organic system of rules of conduct, procedures, operating instructions and control mechanisms, aimed at:

• To ensure that social activities are carried out in compliance with Legislative Decree 231/2001;
• to prevent the commission of crimes, in the interest or to the advantage of Etna Hitech S.c.p.A., by the apical or subordinate Functions included in its corporate organization.

Etna Hitech S.c.p.A.'s Model represents a dynamic type of instrument, in that it is destined: - to evolve over time, in the event of supervening changes, involving the corporate organization or d.lgs. 231/2001 and related regulations; - to integrate with the control garrisons and tools already present at the consortium, since the time before the Organizational Model came into force, so as to avoid unnecessary duplication or overlapping of precautions already in place.

Therefore, the management, organization and control system of Etna Hitech S.c.p.A. consists of the following components:

1. a corporate governance and organizational structure, consistent with the nature and size of the consortium organization and with the type of activity carried out and such as: - to ensure the performance of the activities of Etna Hitech S.c.p.A, in compliance with the requirements of the law; - to ensure a clear identification of the corporate functions operating therein and a clear and organic assignment of tasks; - to ensure compliance with the principle of segregation of roles, in the management of the main activities, so that no person can operate independently, on an entire process; - to allow a transparent representation of the process of formation and implementation of the company's decisions;- to identify and eliminate, in a timely manner, risk situations;
2. the Code of Ethics in force at Etna Hitech S.c.p.A., where the ethical principles and rules of conduct that all persons operating, in various capacities, in the name and on behalf of the consortium company, are required to abide by, in the conduct of the company's business, are illustrated;
3. The mapping of sensitive processes, within the various chapters of the Special Part of this Organization, Management and Control Model, with an indication of the corporate functions delegated to manage them;
4. the preventive measures constituting the system of containment of the "risk of crime," pursuant to the Decree, such as, the existing powers of attorney, the existing information technology garrisons, work practices, operating and control procedures or instructions, rules of conduct in force, controls or audits carried out at the consortium company, as well as any additional measures aimed at regulating and monitoring the identified sensitive processes, also with special reference to the way in which the company's financial resources are managed and controlled;
5. intercurrent reporting between the various corporate functions, in order to track the activities carried out, within the sensitive processes, which are mapped;
6. information flows between the corporate functions and the appointed Supervisory Board, aimed at updating this Board, regarding: i) the corporate organization and its evolution; ii) the existing procedures or instructions, to guard sensitive processes; iii) the controls carried out, in order to prevent the so-called "crime risk";
7. information and training, in relation to the Organization, Management and Control Model adopted by the consortium company;
8. The disciplinary system, aimed at punishing the violation or failure to apply the adopted Organization, Management and Control Model;
9. the appointment of a Supervisory Board, with a mixed collegial composition, endowed with broad decision-making and spending autonomy, to be entrusted with the task of supervising the operation of and compliance with the Organization, Management and Control Model adopted and to take care, also, of its updating.

By adopting this Organization, Management and Control Model, Etna Hitech S.c.p.A. aims to:

1. Improve its corporate governance system;
2. Prepare a structured and organic system of prevention and control, aimed at reducing the risk of commission of crimes related to the exercise of corporate activity;
3. enable the consortium company to supervise the activities or processes at risk, in order to reasonably prevent the commission of the crimes set forth in Legislative Decree 231/2001;
4. to determine in all those who work, in the name and on behalf of Etna Hitech S.c.p.A., within the processes considered sensitive or at risk, the awareness that they may incur, in the event of violation of the provisions set forth therein, in an offense liable to sanctions, both against the author of the violation (on the civil, disciplinary and, in some cases, criminal level), and against the company (administrative liability, pursuant to Legislative Decree 231/2001);
5. inform all those who work, in any capacity, in the name of, on behalf of or in any case in the interest of Etna Hitech S.c.p.A., that violation of the prescriptions contained in the Model will result in the application of appropriate sanctions or termination of the existing contractual relationship;
6. To reiterate that Etna Hitech S.c.p.A. does not tolerate unlawful conduct of any kind and regardless of any purpose, as such conduct is in any case contrary to the ethical principles by which Etna Hitech S.c.p.A. is inspired;
7. Actively censure the behaviors put in place, in violation of the Model, through the application of disciplinary and/or contractual sanctions;
8. Improve its occupational health and safety management system as well as environmental protection.

In preparing this Model of Organization, Management and Control, account was taken of the control measures already in place at Etna Hitech S.c.p.A., at a time prior to the adoption of the Model, suitable as such to apply, also, as measures for the prevention of crimes, pursuant to Legislative Decree 231/2001.

These safeguards are part of the broader system of organization and control of Etna Hitech S.c.p.A., to which this Model of Organization, therefore, refers and which all Recipients, in relation to the type of relationship in place with Etna Hitech S.c.p.A., are required to comply with.

10.2 Structure of the Model

The Organization, Management and Control Model of Etna Hitech S.c.p.A. consists of a General Part and a Special Part.

The General Part describes the structure of the Organizational Model and its components and applies to all sensitive processes identified in the Model.

The Special Part is divided, in various chapters, based on the various categories of crimes that are analyzed, as they are considered to be potentially related to the social activity carried out by Etna Hitech S.c.p.A.

This, of course, does not preclude that, in the event of supervening regulatory changes, intended to introduce new criminal offenses, pursuant to the Decree, the consortium company does not take steps, in a timely manner, to renew the risk mapping activity, in order to ascertain whether, within the corporate reality of Etna Hitech S.c.p.A., there is a potential risk with regard to the commission also of the newly introduced types of crimes.

In the event that it is deemed necessary to update the Organization, Management and Control Model in force, the Board of Directors of Etna Hitech S.c.p.A., taking into account, also, the suggestions provided by the Supervisory Board, will provide, to elaborate additional chapters of the Special Part, approving the revisions made, with appropriate board resolutions.

10.3 THE RECIPIENTS OF THE ORGANIZATION, MANAGEMENT AND CONTROL MODEL OF ETNA HITECH S.C.P.A.

The prescriptions of this Organization, Management and Control Model apply to the corporate bodies of Etna Hitech S.c.p.A. and their members, all human resources of the consortium company, companies and/or individuals who perform goods or services, in the interest of Etna Hitech S.c.p.A., by virtue of ritually signed contracts and within the limits of what is stipulated therein (e.g., suppliers, contractors, consultants, involved in the various sensitive processes).

Those to whom the Model is addressed are required to comply with all related requirements.

Etna Hitech S.c.p.A. condemns any behavior that deviates not only from the law but also from the provisions of the Model, even if the behavior is carried out, in the interest of the consortium company or with the intention of bringing it an advantage.

The Organization, Management and Control Model and its contents are communicated to the Recipients in a manner suitable to ensure their effective knowledge.

10.4 AMENDMENTS AND ADDITIONS TO THE ORGANIZATION, MANAGEMENT AND CONTROL MODEL OF ETNA HITECH S.C.P.A.

Article 6 paragraph 1 of the Decree stipulates that the Organization, Management and Control Model must be adopted and effectively implemented, by the "management body."

Consequently, subsequent amendments and additions of a substantial nature are also the sole responsibility of the Board of Directors of Etna Hitech S.c.p.A.

Amendments of a substantive nature include, but are not limited to: (1) the inclusion of additional Special Part chapters in this document; (2) the deletion of certain parts of this document; (3) the modification of the duties of the Supervisory Board; (4) the identification of a Supervisory Board other than the one currently provided for; and (5) the updating, modification and integration of control principles and rules of conduct.

It is, however, recognized to the Chairman of the Board of Directors of Etna Hitech S.c.p.A., the right to make any changes or additions to the text, any changes or additions of a purely formal nature, provided that the content remains unchanged in substance, as well as to make any additions, changes and updates to the annexes.

In such a case, the Chairman of the Board of Directors will report, promptly, to the additional members of the Board of Directors and the Supervisory Board on any changes introduced.

The Supervisory Board of Etna Hitech S.c.p.A. will have the power to propose to the Board of Directors, any additions and/or changes to this Organizational Model.

Depending on the type of proposed change, it will either be communicated, directly, to the Chairman of the Board of Directors or submitted by the latter to the entire Board of Directors of Etna Hitech S.c.p.A. for approval.

11.1 THE PRELIMINARY ACTIVITY OF CORPORATE REALITY ANALYSIS

The development of the Organization, Management and Control Model of Etna Hitech S.c.p.A. was preceded by a preliminary activity of analysis of the corporate reality, directed:

1. to identify potentially sensitive processes, as well as the corporate functions involved in the formal and substantive management of these processes (risk mapping or so-called "risk assessment");
2. to establish the possible presence of sensitive processes that are inadequately monitored or inadequately proceduralized, with the consequent need to provide for additional prevention and control measures or the formalization of already existing work practices, suitable for guaranteeing additional control over the identified risks.
3. Potentially sensitive processes were identified through:
   1. examination of the documentation provided by the consortium company, representative of the corporate structure, as well as descriptive of the risk management systems and control measures, already present in Etna Hitech S.c.p.A., since the time before the preparation and adoption of the Organization, Management and Control Model;
   2. A series of questionnaires and interviews with key corporate figures of Etna Hitech S.c.p.A.

As a result of this process of analysis, it was possible to identify, within the organization of Etna Hitech S.c.p.A, a series of sensitive corporate processes, insofar as they are potentially at risk of the commission of some of the types of crimes provided for by the Decree (crimes in relations with the Public Administration; corporate and tax crimes; computer crimes and illegal data processing; offenses of receiving stolen goods, money laundering, use of money or goods of illicit origin and self-money laundering; occupational health and safety offenses; environmental offenses; copyright infringement offenses; offenses of illicit brokering and exploitation of labor; smuggling offenses; offenses involving non-cash payment instruments).

These processes-as well as the description of the related existing organizational and control measures-are duly detailed, within the various chapters of the Special Part of this Organization, Management and Control Model, to which reference is made.

As for the additional types of crimes provided for by the Decree (crimes of counterfeiting money, public credit cards and revenue stamps; crimes against the individual; transnational crimes; crimes for the purpose of terrorism and subversion of the democratic order; crimes against industry and commerce crimes against the cultural heritage and crimes of money laundering and the devastation and looting of cultural and scenic heritage), it has been decided, to date, to omit their relative analysis, since, taking into account the type of company business and the organizational structure of the Company, the risk of their commission is only abstractly conceivable, as they are difficult to achieve.

Also with regard to the offenses of employment of third-country nationals whose stay is irregular, as well as incitement and incitement to racism and xenophobia, it is believed that these cases are not related to the reality of Etna Hitech S.c.p.A., since it is a consortium company that hires its own human resources, in full compliance with current legislation on the subject and equally protects the aforementioned resources against all forms of racial discrimination.

This, of course, does not exclude the need, also by virtue of supervening changes in the corporate organizational structure or in the type of company business, Etna Hitech S.c.p.A. does not take steps, promptly, to renew the activity of risk mapping and verification of the preventive suitability of the existing organizational and control garrisons, in order to ascertain whether there is, within the corporate reality, a potential risk with regard to the possible commission also of the additional types of crimes, catalogued by the Legislator, as a prerequisite for potential administrative liability of the Company.

In view of the above, it should therefore be noted how this document (including the General Section and the Special Section), may be subject to repeated updates, in order to adapt its contents, to any changes described above.

11.2 THE ACTIVITY CARRIED OUT BY ETNA HITECH S.C.P.A.

Etna Hitech S.c.p.A. is a joint-stock consortium company whose main activity is the design, development and production of software, as well as IT consulting and the performance of related activities (Ateco code 62.01).

Established in the year 2005, Etna Hitech became a stable consortium in the service sector in 2015, in order to aggregate SMEs and operate jointly with consortium member companies, in the Public Procurement sector (Art. 45 c.2 lett. C, Legislative Decree 50/2016 - the so-called Procurement Code).

Etna Hitech S.c.p.A., as an innovative SME, is engaged in R&D activities, including through participation in large industrial research and experimental development projects that also involve universities and research institutions.

The main thematic areas in which Etna Hitech S.c.p.A. operates are: smart city and community, territorial security, environment, cultural heritage and tourism, e-welfare, e-health, e-gov, energy management, infrastructure, proposing application solutions throughout the country. In particular, it deals with the following processing stages:

1. Design of digital solutions;
2. Coordination of simultaneous work of multiple factories;
3. Development, including through consortium factories, of the designed digital solutions;
4. Maintenance, routine and extraordinary, of developed digital solutions.

To carry out the activities described above, EHT has implemented a policy of aggregating SMEs operating in ICT, with expertise in R&D, in the field of digital innovation, with the aim of making them grow and ensuring the best economic and financial conditions, including by attracting public and private investment funds.

The added value can be identified in the ability to coordinate very large and complex projects, both in terms of the goals to be achieved and the number of partners involved.

Offering innovative solutions and product and process optimization, EHT acts as a large enterprise, aggregating small and medium-sized business, according to a business model that can be defined as a "diffuse factory."

Therefore, Etna Hitech S.c.p.A. covers a dual role: on the one hand, it presents itself as a company, operating independently, whose activities are carried out exclusively by its own personnel, and on the other hand, it operates as a consortium company, in which part of the activities are delegated to the executing partners.

The activities of Etna Hitech S.c.p.A. are carried out at its registered and operational headquarters, located at Viale Africa, 31, Catania. The company has, in addition, twenty-two additional operating offices; the following offices are staffed by Etna Hitech personnel: Catania, Via Celeste, 88/90; Rome, Largo di Torre Argentina, 11; Perugia, Via G. Dottori, 85; Bari, Via Principe Amedeo, 160; Lecce, Via Col A. Costadura, 2/C.
The additional operating offices are located: three in Catania, respectively, at Via Leucatia, 9, at Via Ruilio No. 18/20 and at Via Macallè 1/3/3A; two located in Milan, respectively, at Via Angelo Rizzoli, 4 and at Corso Magenta, 85; two located in Palermo, respectively, at Via Alcide De Gasperi, 81 and at Via Riolo Rosario No. 60; two located in Enna, respectively, at Via Ing. Panvini No. 2 and in C.da Gentilomo snc; the twelve additional locations are located: in Genoa, Piazza della Vittoria, 11A/8; in Pavia, Via dei Pollaioli, 26; in Syracuse, Contrada Targia, 58; in Aci Castello, Via Acicastello, 71; in Caraffa di Catanzaro, Via Padova, 2; in Modena, Via Emilia Ovest, 184; in Sassari, Strada 25 Z.I. Predda Niedda; in Turin, Strada del Lionetto, 6.

The type of customers of Etna Hitech S.c.p.A. is represented, both of the Public Administration and the private market, whether they are "end users" or "general contractors."

In particular, EHT provides services to the public administration, both directly, through participation in public IT projects, and as a subcontractor to private entities (leading companies awarded larger projects).

In the case of both direct contracting and subcontractor activities, EHT manages and coordinates the production activities of the consortium companies and deals directly with the final beneficiary (Public Administration or private entity).

In the case of direct award of the tender, EHT plays the role of Main Contractor of the project.

In this context, EHT identifies among the consortium members, those companies suitable for the execution of the service, considering their highly specific know-how and the type of operations they can draw on. EHT is in charge of coordinating the activities of the consortium members, both for the execution of orders and contracts and for R&D and training activities.

Consortium members invoice EHT for the equivalent value of the services provided. The order is fulfilled under the coordination of the consortium structure.

In the case of participation in project development as a subcontractor, the awarded third-party company assumes the role of Main Contractor of the project and entrusts EHT with the performance of activities arising from the contract, as a subcontractor or, simply, with operational support in the so-called "last mile," i.e., deployment of implementation and "grounding" activities of the projects tendered.

EHT first identifies the most suitable consortium members to carry out the task, given the highly specific know-how, and then, under its coordination, ensures that the order is fulfilled.

The consortium members bill for the service provided to EHT, which, in turn, retaliates against the project's Main Contractor.

EHT's main business lines are (i) procurement and contracting, (ii) research and development, (iii) training, and (iv) digital platform.

(i) Procurement and Contracting

The activity mainly consists of planning, producing and coordinating activities for the implementation of IT services, in multiple industry sectors (management systems, healthcare, energy management, smart city, smart agriculture, smart building, data government, etc.).

In the area of procurement, Etna Hitech S.c.p.A. participates in public and private tenders. These tenders are for software development, hardware supply, design, feasibility analysis, consulting services, organization for management of activities, etc.

The types of tenders in which EHT participates can be distinguished into:

1. Direct procurement: direct assignment of services following market analysis;
2. Specific contracts: restricted tenders for Temporary Groupings of Companies preliminarily awarded Framework Agreement tenders;
3. Public Tenders.

Relations with public agencies are established through participation in public tenders or through direct contracting.

Within the scope of the orders, Etna Hitech establishes a direct relationship with the client who generally requires, in addition to the bid for the services to be implemented, support at the project idea level.

Depending on the type of services required or the expertise needed, EHT evaluates and decides whether to participate, independently or to involve consortium companies or third-party companies, in the event that the required expertise is not available within the consortium.

Participation in tenders and contracts is done through the following steps:

• Scouting: opportunity research through various tools including the Tender Gazette, access to specific portals and meetings with possible clients. This activity is delegated to the Business Development Management (BDM) area.
• Opportunity Analysis: study and identification of the minimum submission amount and evaluation of consortium members with the necessary skills to develop the required activities. The business areas involved are: Business Development Management (BDM), Business Governance Management (BGM), Technical Business Development Management (TBDM).
• Participation: drafting of administrative-economic documentation, delegated to the Business Management (BM) area, and of technical documentation, reporting to the Technical Project Management (TPM) area.
• Contractualization: in the event of a tender award, the Business Management (BM) area, in consultation with the administrative office, handles the contractualization phase.
• Production: implementation of awarded services, under the supervision and responsibility of the Technical Project Management (TPM) area.

Depending on the type of services required or skills needed, EHT evaluates and decides on the type of participation:

1. direct participation of EHT; in that case, the principal is the Public Administration and the contractor is EHT;
2. participation as a consortium, involving and exposing the expertise of the consortium member firms, under a contract of entrustment - subcontracting - between EHT, as the contractor of the client PA, and the individual consortium member firm, acting as the entruster or subcontractor of EHT. Due to the nature of a stable consortium, the clear assignment of activities to its members does not constitute subcontracting, but direct assignment to the member, which simplifies administrative bureaucracy and management;
3. EHT's participation as a subcontractor of a third party (non-consortium) company that entered into the contract with the PA and engaged EHT to perform the task.

ii) Research & Development

EHT operates in the national and European arena for the implementation of large Industrial Research and Experimental Development projects. In particular, it is involved in the conception, design, coordination and execution of large research and development projects, whether funded by public agencies or managed through its own resources.

In addition, the company relies on the cooperation of universities and research institutions.

Participation in R&D projects takes place through the following stages:

Idea: analysis of needs and innovations that can bring real benefits to services, products and business processes. A high-level project proposal is, then, realized. This activity is the responsibility of the Technical Business Development Management (TBDM) area of R&D.

Partnership: market analysis with respect to competencies aimed at selecting parties, private and public, to be involved in the R&D project. This activity is the responsibility of the Business Development Management (BDM) area of R&D.

Participation: analysis of opportunities for project submission through public, national or European calls; if the research does not produce opportunities, project implementation is fully funded by the participating companies. This activity is the responsibility of the Business Development Management (BDM) area of R&D.

Contracting: in the case of participation in public calls, whether national or European, R&D's Business Management (BM) area and Technical Project Management (TPM) area are responsible for managing the administrative-economic part and the technical part.

Member Engagement: staff secondment agreements and/or consulting contracts are entered into with consortium companies, which are involved in the implementation of project activities. This phase is the responsibility of the Business Management (BM) area of R&D.

Production: defined the resources used in the project through the secondments of consortium staff and part of the internal staff, EHT is in charge of coordinating activities (R&D Technical Project Management (TPM)), reporting and SAL submission (R&D Business Management BM).

(iii) Training

EHT is a training institution accredited by the Region of Sicily and, as such, provides funded training activities. In particular, it is involved in the conception, design and delivery of training courses, aimed at both the public and private markets.

In the case of the private market, the users of training courses can be either, third parties or consortium companies.

Training activities are often aimed at expanding the skills possessed or obtaining new skills, to be employed internally within EHT or directed to consortium companies.

Training activities are divided into the following stages:

Identification of skills needs: study to identify skills needs, both within EHT and in consortium companies. The area involved is Technical Project Management (TPM).

Measure identification: identification of Public measures or private funds to be used, in order to finance classes for training. The area involved is Business Development Management (BDM).

Design: implementation of the training project. The department involved is Technical Business Development Management (TBDM).

Submission of the project proposal in relation to the modalities of the call to be used. This phase is the responsibility of the Business Management (BM) area.

Classroom creation: commercial activity of pupil engagement among employees of consortium companies or among third parties. This phase is the responsibility of the Business Development Management (BDM) area.

Training activities: selected lecturers carry out the project training activities, coordinated by EHT staff. This phase is the responsibility of the Technical Project Management (TPM) area.

EHT is also an Employment Agency, accredited by the Sicilian Region.

(iv) Digital platform

EHT specializes in the field of digital and technology services and the provision of integrated and secure solutions for public, private and corporate clients. The aim is to facilitate digital innovation through a wide range of services, both owned by EHT and its consortium members, which include:

TRUST Services:

• SPID Identity Provider: provides digital identity (EtnaID), secure and compliant with national standards, enabling users to easily and securely access online services, public and private, through SPID (Sistema Pubblico di Identità Digitale).
• Public and Private Services Aggregator: centralizes and facilitates access to a wide variety of digital services, providing a uniform and simplified user experience for public and private entities.
• Support for eIDAS Certification: provides specialized advice and support in order to achieve compliance and certification with the requirements of eIDAS (Electronic Identification Authentication and Trust Services), making services secure and valid at the European level.
• Marketplace Services for EHT Solutions: through the platform, connect EHT (European Hyper-Technology) partners and members to develop innovative solutions in line with key digital transformation issues, including:
  • Vertical SaaS Application: development and integration of vertical, highly specialized software applications to meet the specific needs of industry and service sectors
  • Digital Payment: secure, fast and easy-to-integrate digital payment solutions that simplify online transactions and enhance the customer experience
  • Management Services: IT management services, aimed at optimizing internal processes, reducing operational costs and improving efficiency
• Operation Server Services: technical infrastructure ensures optimal and secure management of IT operations through:
  • Proactive Monitoring: continuous monitoring of servers and business systems, with proactive interventions to prevent outages or technical problems.
  • Technical Support Center: a highly qualified technical support team available for real-time assistance and rapid problem resolution.
  • Security & Business Continuity Management: integrated solutions for cybersecurity management through protection against external threats and business process continuity.

In carrying out its corporate activities, Etna Hitech S.c.p.A. has multiple certifications, namely, the certifications mentioned below:

1. ISO 9001:2015 Certification - Quality Management System, No. 68684-2009-AQ-ITASINCERT issued by DNV Business Assurance Certification Body, date of first issue: 07/01/2010. The certification is valid for the following application field: Design, development, production, installation, service and maintenance, specialized support and application management of software. Design and delivery of training interventions and guidance, job placement and accompaniment services and PA business support services. (IAF: 33, 35, 37, 38, 34)
2. ISO 27001:2013 Certification - Information Security Management System, nr. 207276/A/0001/UK/ITN issued by the Certifying Body URSS Italia S.r.l., first issue date: 13/02/2020. The certification is valid for the following scope: design, development and maintenance of software solutions and database management including on cloud platforms in SAAS (software as a service) and PAAS (platform as a service) mode using ISO/IEC 27018:2019 and ISO/IEC 27017:2015 guideline. Software design, development, maintenance and support. Identity provider service adhering to the SPID (Sistema Pubblico Identità Digitale) system.
3. ISO 14001:2015 Certification - Environmental Management System, nr. C655869 issued by DNV- Business Assurance Certification Body, first issue date 01/04/2021. The certification is valid in the following fields of application: design, implementation and maintenance of hw and sw enabling platforms to support organizational and production processes, for technological innovation, digital transformation and social innovation to public and private customers. Delivery of cloud computing services, and related specialized support. Research and development activities in aerospace, agrifood, blue growth, cultural heritage, design, creativity and made in italy, energy, green chemistry, health & welfare, smart factory, smart secure and inclusive communities, sustainable mobility, technologies for living environments, cyber security. Specialized training in ICT. Design and delivery of training interventions and services for orientation, insertion and accompaniment to work.
4. UNI/PdR 125:2022 Certification - Certification for Gender Equality, no. C643665 issued by DNV Certification Body - Business Assurance, first issue date: 12/10/2023. The certification is valid for the following application field: Design, development, production, installation, service and maintenance, specialized support and application management of software. Design and delivery of training interventions and orientation, job placement and accompaniment services and support services for PA activities. Measures to ensure gender equality in the work environment.
5. SA 8000:2014 Certification - Social Accountability Management System. Certificate No. C674799 issued by DNV Business Assurance certifying body, first issue date: 06/06/2024.
   The certification is valid for the following application field: Design, implementation and maintenance of hw and sh enabling platforms to support organizational and production processes, for technological innovation, digital transformation and social innovation to public and private customers. Delivery of cloud computing services and related specialized support. Research and development activities in aerospace, agrifood, blue growth, cultural heritage, design, creativity and made in Italy, energy, green chemistry, health and welfare, smart factory, smart secure and inclusive communities, sustainable mobility, technologies for living environments, cyber security. Specialized training in ICT, design and delivery of training interventions and orientation and job placement and accompaniment services.
6. Digital Identity Management Certification "SPID", nr. 70191 issued by the Certifying Body CSQA Certificazioni Srl, first issue date 29/10/2021.

The identification of the corporate activity of Etna Hitech S.c.p.A. makes it possible, therefore, to identify potential connections with some of the types of offences, provided for by Legislative Decree 231/2001 and mentioned above (offences in relations with the Public Administration; corporate and tax offences; computer offences and unlawful data processing; offences of receiving stolen goods, money laundering, use of money or goods of unlawful origin and self laundering; occupational health and safety offenses; environmental offenses; copyright infringement offenses; illicit intermediation and labor exploitation offenses; smuggling offenses; offenses involving non-cash payment instruments), since it:

1. presupposes the establishment of relationships with the public administration;
2. involves the fulfillment of significant administrative, financial and fiscal duties in the interest of the Company;
3. Involves the day-to-day use of computer systems and, in general, corporate information technology resources;
4. takes the form of the performance of services, subject to the obligations under current regulations, in the field of occupational health and safety protection, as well as environmental protection;
5. has the additional ordinary risk profiles, related to the performance of an activity of a commercial and entrepreneurial nature.
6. In accordance with the requirements of Legislative Decree 231/2001, it is, therefore, necessary to assess the consistency of the aforementioned risk profiles and adopt, in the context of the Organizational, Management and Control Model of Etna Hitech S.c.p.A., appropriate measures to prevent and contain the "risk of crime."

11.3 CORPORATE GOVERNANCE

Etna Hitech S.c.p.A. is a joint-stock consortium company, with a share capital of three million two hundred and seventy thousand euros, owned by a plurality of shareholders (see EHT S.c.p.A. ordinary visura).

Etna Hitech S.c.p.A. holds interests in other companies. In particular, it controls the companies Vulcanìc S.r.l. P.IVA 05260320873 (100%), The Platforms S.r.l. P.IVA 05998460876 (100%), Nuova Cesame S.p.A. (64.2%).

It also participates in the share capital of Etna Waterfront S.r.l. VAT 05696490878 (24.9%), Green Wave S.r.l. P.IVA 03937570368 (10 percent), Harmonic Innovation Group S.p.A. P.IVA 16274141007 (0.89 percent), DHITECH Distretto Tecnologico high-tech Società consortile a responsabilità limitata P.IVA 03923850758 (0.2 percent), Distretto Tecnologico Sicilia Micro e Nano Sistemi Scarl P.IVA 04620770877 (0.87 percent), REP S.r.l. Public Entities Research Center 12420520962, Consorzio Italia Cloud P.IVA 16295181008.

Etna Hitech S.c.p.A. is controlled by EHT Holding S.r.l. P.IVA 12881530963, which holds 73.81% of the share capital.

The governance of the consortium company appears to be characterized by a clear delineation of senior figures and their powers.

Etna Hitech S.c.p.A. is governed by a traditional system of administration and control, consisting of the usual corporate bodies: Board of Directors, Board of Statutory Auditors, and Shareholders' Meeting. Accounting control is delegated to the Board of Statutory Auditors.

The Board of Directors currently consists of the Chairman of the Board of Directors and eight additional members. It performs all acts of extraordinary administration, in the interest of the consortium company.

The Board of Directors is required to seek prior approval from the ordinary shareholders' meeting for the following transactions: (1) sale of the sole corporate business; (2) acquisition of equity interests in other companies with unrelated objects, the value of which exceeds ten percent of the shareholders' equity shown in the latest approved financial statements.

The Chairman of the Board of Directors of Etna Hitech S.c.p.A. is vested with the representation of the company, as well as all the broadest powers necessary, in order to carry out all acts of ordinary administration, in the interest of the consortium company.

In addition, the Chairman of the Board of Directors is empowered, with single signature, to exercise the powers mentioned below (see the relevant board resolution of conferment dated 05/16/2024):

Ordinary management of the company, determination of management and development strategies and policies, and general contractual management: manage (ordinary management) the company with reference to the areas of personnel, administration, finance, sales and marketing; determine the general management and development strategies and policies of the company and the manner of their implementation; determine the company's commercial, marketing and communication policies and the manner of their implementation; enter into agreements with operators in the sector, with other national or international companies or groups, of strategic importance exceeding normal operations; carry out medium- and long-term active and passive financial transactions; confer consulting assignments on an ongoing basis; define all active and passive agreements, commitments and all active and passive contracts relating to all business included in or otherwise related to the corporate purpose; maintain official contacts with the press and external institutions and coordinate related actions;

as well as, sign correspondence on any subject, invoices and similar documents; establish security deposits; establish deposits of securities for safekeeping or administration, even if drawn or favored by premiums, with the power to demand capital or premiums; withdraw valuables, parcels, letters including registered or insured letters, as well as ordinary and telegraphic money orders; withdraw from postal, railroad or sea or air transport offices or any other office, including poste restante or poste restante offices, parcels, letters, insured valuables, goods and any other object; To perform all controls and checks on the execution of the commitments and contracts, agreements and conventions that the company has entered into, as well as on the setting of the commitments, contracts and conventions that it is going to enter into; establish and liquidate companies, joint ventures, consortia, cooperatives, in any form both in Italy and abroad, determining the share capital and the relevant bylaws; participate in and sign Partnership Agreements, Temporary Regroupings of Enterprises (RTI), Temporary Associations of Purpose (ATS), Temporary Associations of Enterprises (ATI) and other related types of acts.

Managing relations with the Public Administration (including the Judicial Authority) and judicial representation: Carrying out any act and operation at railway, customs, post and telegraph offices, transport offices and in general at any public and private office, with the power to issue due receipts releasing declarations of discharge and allowing liens and releases; carrying out any operation at public debt, Cassa Depositi e Prestiti and Bank of Italy, issuing consents of any kind; carrying out any operation at public debt offices, Deposit and Loan Banks, Provincial Treasuries, Customs, and Tax Authorities.

Accounting, financial and tax management: sign any tax returns and tax documents; open current correspondence and deposit accounts, including escrow accounts; give disposition to make withdrawals from current accounts, including by means of bank checks to the order of third parties, from cash on hand and from credit concessions, within the limits of agreed credit facilities; endorse bills of exchange, checks, promissory notes and documents for collection; open current accounts and apply for credit in general, including in the form of loans of securities; use free or documentary credit facilities; make arrangements for the execution of payments, issue warrants and checks on the company's current accounts with any credit institution, with public bodies, legal persons and collective entities; endorse, collect and receipt promissory notes, loan bills and bills of exchange; endorse bank and cashier's checks; open and close current accounts receivable and payable with banks and credit institutions; issue warrants and checks against both actual cash and open bank credit facilities; collect, giving receipts, principal and interest, sums, values, amounts of money orders, vouchers, warrants, checks, any other faith or certificate of credit from private individuals, banks, government agencies or public administrations, post offices, telephone or railroad offices Withdraw bearer and registered securities from private individuals, credit institutions, moral entities and public administrations; perform any transactions at the offices of the public debt, Deposit and Loan Banks, Provincial Treasuries, Customs, and the Treasury.

Appointment of proxies: to appoint proxies and representatives of any rank and level to whom to confer all or part of the powers provided herein.

Consulting management: awarding consulting assignments on an ongoing basis.

The Chairman of the Board of Directors is, likewise, an employer of Etna Hitech S.c.p.A., pursuant to and for the purposes of Legislative Decree 81/2008.

The Board of Directors also granted the following delegated powers to two members of the Etna Hitech S.c.p.A. Board of Directors.

Specifically, a member of the Board of Directors is entitled, with single signature, to exercise the powers mentioned below:

Ordinary management of the company, determination of management and development strategies and policies, and contractual management in general: - managing transactions inherent in the company's relations with shareholders, consortia, entities and investee companies, within the limit of transactions up to 1,500.000.00 (one million five hundred thousand) and, in particular, within this area; - to establish and liquidate companies, joint ventures, consortia, cooperatives, in any form both in Italy and abroad, determining the share capital and related bylaws; - to participate in and sign Partnership Agreements, Temporary Regroupings of Companies (RTI), Temporary Associations of Purpose (ATS), Temporary Associations of Companies (ATI) and other types of related acts.; -define and sign all active and passive agreements, commitments and all active and passive contracts related to all business including or otherwise related to the purpose.

An additional member of the Board of Directors is empowered, with single signature, to exercise the powers mentioned below:

Ordinary management of the company, determination of management and development strategies and policies, and contractual management in general:- Exercise ordinary management of the company's activities pertaining to the Business Unit - Software, Services and Systems, within the expenditure limit of EUR 2,500.000.00 (two million five hundred thousand) and, in particular, within this area: - determining the general strategies and policies for the management and development of the Business Unit and the methods of implementation thereof; - determining the commercial, marketing policies and the methods of implementation thereof; - entering into agreements with operators in the sector, other companies or groups, national and international, of strategic importance in excess of normal operations; - defining and signing all active and passive agreements, commitments and all active and passive contracts relating to all business included in or in any case related to the purpose of the Business Unit.

Consulting management: awarding consulting assignments on an ongoing basis.

Members, in relation to the type of shares held, are divided into two categories: executing (or consortium) members and investing (or financial) members. Only executing members participate in operational activities (see see section services provided by Consortium Companies)

Each category of members constitutes the relevant Special Meeting, respectively, the Special Meeting of Executing Members and the Special Meeting of Investing Members; each Special Meeting appoints joint representatives, who constitute the relevant Committee, respectively, the Committee of Executing Members and the Committee of Investing Members, whose rights and duties are regulated within the current Bylaws.

11.3.1 Corporate Organization Charts, Area Managers and Subordinate Functions

The corporate organizational structure of Etna Hitech S.c.p.A. is represented in the organizational chart attached to this Model.

It results in the following terms.

FUNCTION	TYPE	COD.	MANSIONS
CHAIRMAN ASSEMBLY	SOCIAL BODY.	PCDA	Presides over the Members' Meeting Convenes the Members' Meeting to approve the budget by March Convenes the Members' Meeting to approve the Business Plan update by December
CHAIRMAN BOARD OF DIRECTORS	SOCIAL BODY.	PCDA	Presides over the Board of Directors Convenes the BoD for ordinary administration periodically according to an agenda established semi-annually Convenes the extraordinary BoD in case of need Convokes the BoD for approval of the periodic Reports of Financial Performance of Operations Convokes the BoD for the approval of the draft annual financial statements Convenes the BoD for the approval of the three-year Business Plan (BP) Convenes the BoD for the approval of the annual Business Implementation Plan (PAABP)
MANAGING DIRECTOR	SOCIAL BODY.	CEO	Exercises the executive powers of chief executive officer. Prepares the annual update of the three-year Business Plan (BP), submitting it to the BoD for approval Presents the annual Business Plan Implementation Plan (PAABP), submitting it to the BoD for approval Submits the draft Annual Financial Statements for approval by the BoD Submits the Management Report for approval by the BoD Presents periodic statements of economic and financial performance to be submitted to the BoD for approval Presents agendas and draft resolutions of BoD and AGM meetings
CHAIRMAN BOARD OF AUDITORS	SOCIAL BODY.	PCOL	Chair of the Board of Statutory Auditors
CHAIRMAN SUPERVISORY BODY	SOCIAL BODY.	PODV	Chair of the Supervisory Board
CHAIRMAN INVESTOR COMMITTEE	SOCIAL BODY.	PCIN	Chairs the Investors Committee
PRESIDENT	ORGAN	PCES	Chair of the Executing Committee
EXECUTING COMMITTEE	SOCIAL
DIRECTOR GENERAL	DIRECTION	DG	Develops the Annual Business Implementation Plan (PAABP), submitting it to the CDA for approval Executes the PAABP approved by the BoD Submits the draft Annual Financial Statements for approval by the BoD Prepares the Management Report for submission to the BoD for approval Submits periodic statements of financial performance for approval by the BoD Prepares agendas and draft resolutions for BoD and AGM meetings Coordinated Areas: - Director Board - Director General Staff: Business Strategy, Public Relationships, Business Consultants - Communication
DIRECTOR GENERAL STAFF - BUSINESS STRATEGY EXECUTIVE	STAFF	DGS-BS	Supports the DG in defining future trajectories of technological-scientific and application development Prepares and manages the plan for the exploitation of R&D results Proposes actions to rationalize application assets developed and to be developed Proposes technological and strategic product audit actions Proposes technological partnerships Manages the EHT product catalog Manages the catalog of EHT competencies Supports different business areas in scouting new opportunities and preparing technical and scientific papers
CEO STAFF - PUBLIC RELATIONS EXECUTIVE	STAFF	CEO-PR	Supports the CEO in activities related to institutional and international relations: - Proposes and manages the agenda of institutional meetings - Proposes and manages the company's internationalization strategy
CEO STAFF - BUSINESS CONSULTANT	STAFF	CEO-BC	Supports the CEO in specific activities related to scientific and industry relations in order to generate business opportunities
ORGANIZATION DIRECTOR	DIRECTION	DOR	Responsible for the corporate organizational model (Organizational Chart, Positions, Macroprocess, Detail Processes): - Performance measurement - Periodic review aimed at continuous improvement - Control of the adequacy of the staffing plan and strengthening of skills - Compensation policy - Corporate wellness: reception, climate, space and welfare, internal communication - Quality Management System, Certifications, GDPR Coordinated areas: - General Affairs - People Management
ADMINISTRATION & FINANCE DIRECTOR	DIRECTION	DAF	Prepares the BP business plan Prepares specific business plans requested by advisors, financial institutions, etc. for specific investments Prepares the annual budget by cost centers for approval by the DG Manages corporate cash and relations with financial institutions in order to pursue BP's financial objectives Prepares periodic statements of financial performance for submission to the BoD Prepares the draft Financial Statements and supports the DG in preparing the draft Management Report for submission to the BoD Issues legal opinions using the Legal Compliance area Legislative monitoring Supports the DG in preparing agendas and draft resolutions for BoD and AGM meetings Supports the activities of the Board of Statutory Auditors Supports the activities of the Supervisory Board Coordinated areas: - Administration - Legal Compliance Supported Bodies: - Board of Statutory Auditors - Supervisory Board
NETWORK DEVELOPMENT DIRECTOR	DIRECTION	DND	Develops and consolidates the consortium network by scouting new factories, animating the network, and building relationships with innovation ecosystems of different kinds (associations, clusters, districts, competence centers, EDIH, etc.) Managing relationships with investor partners Scouting for new investor partners Proposes and manages M&A opportunities Supported Bodies: - Executors Committee - Investors Committee
BUSINESS DEVELOPMENT DIRECTOR	DIRECTION	DBD	Organizes and manages the sales force, including involving the sales network of consortium members Oversees the management of business opportunities, periodically preparing a sales funnel analysis report Prepares the annual sales budget, summarizing the budgets prepared by the various business units Prepares periodic sales revenue forecast based on opportunities in portfolio and identifies deviations from budget Prepares lead and opportunity generation actions Develops and consolidates relationships with industrial/commercial partners Develops and consolidates relationships with public and private clients Establishes participation in framework agreements/conventions Establishes participation in tenders/tenders Areas addressed: - Business Development (of each Business Unit)
BUSINESS GOVERNANCE DIRECTOR	DIRECTION	DBG	Defines how inputs are selected from the network of consortium members and external partners Defines how to carry out administrative activities specific to type of initiative Oversees the organization of factors of production in both bidding and production, intervening if necessary in order to preserve the order margin Oversees administrative activities specific to current initiatives Measures the performance of the production organization, proposing corrective/improvement actions Measures performance of specific administrative activities, proposing corrective/improvement actions Sets up and manages business management information systems Areas addressed: - Business Governance (of each Business Unit)
TECHNICAL DIRECTOR	DIRECTION	DT	Defines how technical activities are executed, identifying performance metrics Oversees technical/commercial activities inherent in: - design and development of new initiatives - participation in tenders - production of bids - organization of factors of production - production Directs and supports on technology choices Intervenes in production when necessary in order to preserve expected quality and order margin Measures performance of technical activities, proposing corrective/improvement actions Sets up and manages production business information systems Proposes internal/external research & development, innovation, scientific and technological training projects, which may also involve different Business Units at the same time Areas addressed: - Technical Business Development (of each Business Unit) - Technical Project Management (of each Business Unit)
BUSINESS UNIT DIRECTOR	DIRECTION	DBU-	Business Unit Director. The Business Unit Directors of the BU Skill & Training and the BU R&D Innovation, have special power of attorney granted by the Board of Directors for the day-to-day management of corporate activities pertaining to the same BU. Collaborates with other Departments on any action involving the Business Unit. Executes the PAABP in the section inherent to the BU. Prepares the BU's commercial budget for submission to the Business Development Department Oversees the activities of the business macro process inherent in the management of each business initiative Coordinated Areas: - Business Development - Business Governance - Technical Business Development - Technical Project Management
COMMUNICATION MANAGER	CROSS-SECTIONAL AREA	COM	Corporate communications manager: Prepares annually and manages the overall communication plan Proposes and organizes participation in events and trade shows Publishes the catalog of products and expertise Organizes events and communication campaigns related to products and projects, at the request of BUs Coordinates internal/external content production resources (agencies, producers, copyrighters, etc.) Coordinates internal/external media relations resources (press office, social media, etc.) Reviews and approves content produced by different areas intended for external use, consistent with the current brand identity and communication strategy Manages crisis communications
GENERAL AFFAIRS MANAGER	CROSS-SECTIONAL AREA	GAM	General Purchasing Manager: - Prepares and manages the supplier list. - Conducts market research - Authorizes purchases, negotiating the final price and payment terms with suppliers - Prepares contracts to professionals and firms for general activities - Manages travel and travel expenses, authorizing them in accordance with company regulations Manages corporate facilities, preparing the annual report on corporate assets and the plan for routine and extraordinary maintenance and investments: - real estate - facilities - furniture - equipment - vehicles - etc.
PEOPLE MANAGEMENT MANAGER	CROSS-SECTIONAL AREA	PMM	Responsible for personnel management: - Prepares corporate personnel regulations, code of ethics, job description, and compensation policy, for submission to the DOR - Prepares annual staff goal and incentive schemes, for submission to the DOR - Oversees staff's compliance with regulations and in general with the CCNL, proposing when necessary the appropriate disciplinary measures - Plans and manages, if necessary supporting managers, staff interviews for goal allocation, in-process evaluations, and annual evaluation - Prepares the corporate wellness plan, to be submitted to the DOR - Manages activities under the approved wellness plan
ADMINISTRATION MANAGER	CROSS-SECTIONAL AREA	ADM	Responsible for general administration activities: - general accounting management - management of cost accounting - management of payments - management of collections - bank management Responsible for personnel-related administrative activities: - attendance recording - accounting for leave, vacation, etc. - reimbursement accounting - payroll processing - payroll payment - reimbursement payment Administrative secretariat: - management of incoming/outgoing correspondence, including through digital systems (PEC, document, etc.) - management of digital signatures - support to corporate bodies: convocations, agendas, secretarial minutes, printing on minute books, bookkeeping - preparation of public and notarial acts - management of relations with administrative bodies: Internal Revenue Service, INPS, INAIL, Labor Inspectorate, etc. - support to DAF for the preparation of content related to legal affairs
LEGAL COMPLIANCE MANAGER	CROSS-SECTIONAL AREA	LCM	Responsible for legal affairs: - issues legal opinions upon request - appoints attorneys in litigation - prepares pleadings required at different stages of litigation - requests legal opinions from public and administrative bodies - supports the DAF in its relations with the Supervisory Board - supports the DBG in relations with the DPO and the Privacy Guarantor on GDPR matters - supports the CEO in the preparation of board resolutions - supports the Chairman in the preparation of Board of Directors and Assembly resolutions - support in the preparation of drafts of acts and contracts of any nature, approving their final versions - support in the stipulation of public and notarial acts - coordinates legal audits requested by external entities
BUSINESS DEVELOPMENT MANAGER	OPERATIONAL AREA.	BDM-	Responsible for the activities planned for the BDM in the macro process of initiative management: Coordinates BD managers assigned to different initiatives Supports the DBD in activities pertaining to management Reports to the DBU- on the progress of activities pertaining to the business initiatives in charge
BUSINESS GOVERNANCE MANAGER	OPERATIONAL AREA.	BGM-	Responsible for planned BGM activities in the macro process of initiative management: Coordinates BG managers assigned to different initiatives Supports the DBG in activities pertaining to management Reports to the DBU- on the progress of activities pertaining to the business initiatives in charge
TECHNICAL BUSINESS DEVELOPMENT MANAGER	OPERATIONAL AREA.	TBM-	Responsible for planned TBD activities in the macro process of initiative management: Coordinates TBD managers assigned to different initiatives Supports the DT in activities pertaining to management Reports to the DBU- on the progress of activities pertaining to the business initiatives in charge
TECHNICAL PROJECT MANAGER	OPERATIONAL AREA.	TPM-	Responsible for planned TPM activities in the macro process of initiative management: Coordinates the TP managers assigned to the different initiatives Supports the DT in activities pertaining to management Reports to the DBU- on the progress of activities pertaining to the business initiatives in charge

11.3.2 The use by Etna Hitech S.c.p.A. of services provided by Consortium Companies or Third Party Companies

In the exercise of its activities, Etna Hitech S.c.p.A. makes use of services performed by consortium companies by virtue of the stipulation and conclusion of written entrustment contracts, as outlined above (see see description of corporate activities).

Similarly, Etna Hitech S.c.p.A. also avails itself (see corporate activity description), also, of services performed, by third party companies and professionals, always by virtue of the stipulation and conclusion of written contracts (see service contracts): (i) for the activities related to the digital platform, it avails itself of the activity carried out in its interest by the company The Platforms S.r.l, a wholly-owned subsidiary of EHT; (ii) for consulting activities in the area of R&D projects and orders in the various fields of activity; (iii) for administrative and tax consulting activities; (iv) for legal consulting activities; and (v) for specialized consulting and support activities in the area of privacy, GDPR and Data Protection Officer.

In such cases, Etna Hitech S.c.p.A. will legitimately demand from each company Entrusted with the services (whether it is a consortium company or a third party company or professional) - by means of express provision, within the relevant contract - compliance with the Organization, Management and Control Model in force at the consortium company, as well as the fulfillment of information flows, with respect to the appointed Supervisory Body, by the figure of the "Contact person pursuant to the Organization, Management and Control Model ex d.lgs. 231/2001 of Etna Hitech S.c.p.A.", referred to in paragraph 11.7.5 below, whose name will be identified by the company providing the service and whose appointment will be made, by the Managing Director of Etna Hitech S.c.p.A.

With regard to each Company Entrusted with the services, Etna Hitech S.c.p.A., in its capacity as principal, will legitimately: (1) carry out the controls it deems most appropriate, in order to ensure proper performance of the services awarded under contract, in compliance with the regulations on safety at work; (2) organize training courses, appropriate and of a specialized nature, in order to make each Company Entrusted, aware of the procedures in force at the Company Etna Hitech S.c.p.A. principal.

11.4 THE CODE OF ETHICS

The components of the Organizational, Management and Control Model of Etna Hitech S.c.p.A. also include the Code of Ethics adopted by the consortium company in order to guide the conduct of all those who work, in its name and on its behalf, to respect ethics and legality.

This document is an integral part of the Organization, Management and Control Model and sets out the principles of corporate ethics and rules of conduct that the company recognizes as its own and on which it calls for compliance by all Recipients.

The Code of Ethics must be communicated to the various Recipients, in different ways depending on the type of relationship existing with Etna Hitech S.c.p.A. and, in any case, in such a way as to ensure its effective knowledge.

11.5 THE SUPERVISORY BODY

11.5.1 Identification of the characteristics of the Supervisory Board and its functions

Article 6 paragraph 1 letter b) of the Decree stipulates that, in order to benefit from an exclusion of liability, the company must demonstrate not only that it has adopted and effectively implemented an Organization, Management and Control Model suitable "to prevent crimes of the kind that have occurred," but also that it has, in addition, entrusted the task of supervising the functioning and observance of the Model to a "body of the entity, endowed with autonomous powers of initiative and control."

In adherence to the provisions of the Decree, the Board of Directors of Etna Hitech S.c.p.A. appointed a Supervisory Board, with a collegial, mixed composition.

In choosing the members, Etna Hitech S.c.p.A. has taken into account that the said Body must have the following characteristics:

- autonomy and independence: these are guaranteed by the collegial composition of the Body, which must not be directly involved in decision-making processes delegated to the Board of Directors, so that it can operate as a super partes body, endowed with operational and budget autonomy. Autonomy should be understood in more than just a formal sense. In order to better ensure the autonomy and independence of the Body, provision is made for the admission to its membership of both external individuals and individuals from within the company.

Decisions regarding the determination of the actual number of members of the Supervisory Board, the identification and appointment of the members themselves and the emolument due to the external members, as well as the budget allocated to the Board itself, are referred to the Board of Directors, having heard the indications provided by the Supervisory Board. The Supervisory Board has free access to all offices of the consortium company, without the need for prior consent, in order to obtain any information and documents deemed necessary for the performance of its functions and reports, directly, to the Board of Directors. Its actions cannot be syndicated by any corporate function;

- professionalism: it is ensured by the specific professional skills, with which the members of the Supervisory Board are overall equipped, who must be subjects with adequate professionalism, in legal matters, as well as in the control and management of business risks; it is, in any case, guaranteed to the Supervisory Board, the possibility of using, in the performance of its functions, also the help of external consultants, in legal matters, business organization, auditing, accounting, finance and safety at work;

- continuity of action: it is ensured by a twofold circumstance: 1) the Supervisory Board must carry out its work at the company; 2) it is also entitled to avail itself of the support of the corporate functions of Etna Hitech S.c.p.A. that, from time to time, should prove necessary for the performance of its functions.

The members of the Supervisory Board must, in addition, possess adequate requirements of honorability and must not have any conflict of interest.

Adequate information on the possession of the above requirements and curriculum vitae is provided to the Board of Directors of Etna Hitech S.c.p.A. when appointing the members of the Supervisory Board.

Decisions regarding the determination of the actual number of members of the Supervisory Board, the identification and appointment of the members themselves and the emoluments due to the members, as well as the budget to be allocated to the Supervisory Board, are referred to the Board of Directors of Etna Hitech S.c.p.A., having heard the indications provided by the Supervisory Board.

The appointed Supervisory Board is called upon to perform the following functions:

1. supervision of the operation of and compliance with the Organization, Management and Control Model, adopted by the consortium company;
2. verification regarding the concrete suitability and adequacy of the Organization, Management and Control Model adopted, i.e., its actual ability to prevent the predicate offenses under the Decree;
3. monitoring the effective implementation of the Organization, Management and Control Model and the need to update it, in order to ensure its continued compliance with the company's organization and/or activities;
4. consultancy aimed at updating and/or supplementing or modifying the adopted Organization, Management and Control Model and Code of Ethics, due to regulatory changes or changes in the company's organizational structure;
5. Collection, examination and storage of all reports and information received.

From a more specifically operational point of view, the Supervisory Board is called upon to exercise a plurality of tasks or attributions, all of which are specifically detailed, within the Regulation of the Supervisory Board which is an integral part of this Organization, Management and Control Model and to which reference is made.

This regulation governs, specifically, the functioning of the Body, identifying, in particular: (1) the criteria for appointment, composition, causes of revocation or replacement, and duration in office; (2) powers and attributions; (3) confidentiality obligations; and (4) mandatory information flows from the Supervisory Body to the Board of Directors of Etna Hitech S.c.p.A.

11.5.2 Reporting, by the Supervisory Board, to the Board of Directors of Etna Hitech S.c.p.A.

As part of the fulfillment of the conferred powers, two lines of reporting are assigned to the Supervisory Board of Etna Hitech S.c.p.A.:

1. the first, on an ongoing basis, directly, to the Chairman of the Board of Directors and CEO of Etna Hitech S.c.p.A;
2. the second, on a periodic basis, to the Board of Directors of Etna Hitech S.c.p.A. and the Board of Statutory Auditors of Etna Hitech S.c.p.A.

The Supervisory Board may be summoned at any time by the aforementioned bodies or may, in turn, make such a request, to report on the functioning of the Organizational Model or specific situations.

The Supervisory Board will transmit to the Board of Directors of Etna Hitech S.c.p.A., on an annual basis:

1. a written report, summarizing the activity carried out, during the year and any proposals for updating the risk mapping activity, as well as the company procedures in place and any additional related safeguards or requirements;
2. A plan of activities to be carried out in the following year.

The Supervisory Board will also report, in a timely manner, to the Board of Directors of Etna Hitech S.c.p.A:

1. violations of the Organization, Management and Control Model found on its own initiative or upon report, with proposal of the relevant disciplinary measure to be imposed;
2. the pendency of any criminal proceedings, against himself or against Corporate Functions of Etna Hitech S.c.p.A., registered for one of the offenses referred to in the Decree and implying a possible consequent registration of the administrative offense, against Etna Hitech S.c.p.A.

The aforementioned reporting lines, from the Supervisory Board to the Board of Directors of Etna Hitech S.c.p.A., will have the purpose of facilitating the performance of the following checks:

• A check on the adequacy of the Organization Model, understood as its correspondence to the concrete business reality and to the evolution of regulations and jurisprudence on the subject;
• A check on the concrete preventive suitability of the Organizational Model, understood as its ability to prevent the commission of the crimes underlying the company's administrative liability, pursuant to the Decree.

11.6 INFORMATION FLOWS TO THE SUPERVISORY BODY

11.6.1 Purpose

Article 6 paragraph 2 letter d) of the Decree prescribes that the Organization, Management and Control Model adopted by the company, must "provide for information obligations towards the body in charge of supervising the functioning and observance of the Models."

Art. 6 paragraph 2 bis of the Decree, introduced by Law No. 179 of 30.11.2017, concerning "provisions for the protection of the authors of reports of crimes or irregularities of which they have become aware, in the context of a public or private job," prescribes, moreover, how, within the Organization, Management and Control Model, there must be: 1) one or more channels that allow the apical subjects or subordinates, as referred to in Art. 5 d.lgs. 231/2001, to "submit, in order to protect the integrity of the entity, circumstantiated reports of unlawful conduct, relevant, pursuant to the decree and based on precise and concordant factual elements, or violations of the organization and management model of the entity, of which they have become aware by reason of the functions performed; these channels guarantee the confidentiality of the identity of the reporter"; 2) at least one alternative reporting channel "suitable to guarantee, by computer modalities, the confidentiality of the identity of the reporter."

On March 15, 2023, Legislative Decree No. 24/2023 implementing European Directive No. 1937/2019 on "the protection of persons who report violations of Union law and violations of national laws" (so-called "whistleblowing" decree) was published in the Official Gazette No. 63.

The provisions of the aforementioned decree entered into force on March 30, 2023, effective July 15, 2023, except for "private sector entities that have employed, in the last year, an average of employees, with permanent or fixed-term employment contracts, up to two hundred and forty-nine" (see Article 24 paragraph 2 of Legislative Decree No. 24/2023).

In relation to this category of subjects, in fact, "the obligation to establish the internal reporting channel" takes effect "as of December 17, 2023."

The first novelty introduced by Legislative Decree 24/2023 consists in the expansion of the entities to which the new regulations are addressed, which are no longer only public entities and companies that have adopted the Organization, Management and Control Model, pursuant to Legislative Decree 231/2001, but rather "private sector entities" that, alternatively:

• have employed, in the past year, an average of at least fifty subordinate workers with fixed-term or open-ended employment contracts;
• fall within the area of so-called "sensitive" sectors (services, financial products and markets, prevention of money laundering and terrorist financing, security and transportation, environmental protection), even if they have not reached an average of fifty employees in the last year (thus, regardless of the number of employees on the payroll of the private sector company);
• fall within the scope of Legislative Decree No. 231/2001 and adopt the Organization, Management and Control Model, even if they have not reached an average of fifty employees in the last year (thus, regardless of the number of employees in the private sector company).

The list of so-called "whistleblowers" is also significantly broader than the discipline provided for in Art. 6 paragraph 2 - bis lett. a) and b) of Legislative Decree 231/2001, which identifies the whistleblower exclusively in the apical or subordinate corporate subject.

Legislative Decree 24/2023 establishes, in fact, that the persons entitled to "report, disclose or denounce to the judicial or accounting authority, violations of national or European Union regulatory provisions that harm the public interest or the integrity of the public administration or private entity, of which they have become aware in a public or private work context" turn out to be the following categories:

- civil servants; employees in the private sector; self-employed workers who work for entities in the public or private sector; collaborators, freelancers, consultants who work for entities in the public or private sector; volunteers and trainees, paid and unpaid; shareholders and persons with administrative, management, control, supervisory or representative functions, even if such functions are exercised on a de facto basis, at entities in the public or private sector.

In addition, protective measures also apply:

• to facilitators (i.e., those who assist the reporting person in the reporting process operating within the same work context and whose assistance must be kept confidential; cf. art. 2 paragraph 2 lett. h) Legislative Decree 24/2023);
• to persons in the same work environment as the reporting person and who are related to him or her by a stable emotional or kinship relationship within the fourth degree;
• to co-workers of the reporting person or the person who has made a complaint to the judicial or accounting authority or made a public disclosure, who work in the same work environment as the reporting person and who have a usual or current relationship with that person;
• to entities owned by the reporting person or the person who filed a complaint with the judicial or accounting authorities or made a public disclosure or for which the same persons work, as well as entities that operate in the same work environment as the aforementioned persons (see Article 3 paragraph 4 of Legislative Decree 24/2023).

As for when it is permissible to make the report, Legislative Decree 24/2023 legitimizes its execution:

- when the relationship is ongoing; - when the legal relationship has not yet begun, if the information on violations was acquired during the selection process or other pre-contractual stages; - during the probationary period; - after the dissolution of the legal relationship, if the information on violations was acquired before the dissolution of the legal relationship (retirees).

As for the subject of the report, the new decree expands the types of violations that can be reported by the "whistleblower."

Indeed, not only unlawful conduct suitable for integrating the predicate offenses under Legislative Decree. 231/2001 and violations of the Model of Organization, Management and Control, but also additional "violations ("behaviors, acts or omissions") of national or European Union regulatory provisions that harm the public interest or the integrity of the public administration or private entity, of which persons have become aware in a public or private work context" (see Art. 1 paragraph 1 Legislative Decree No. 24/2023) and consisting of:

• Administrative, accounting, civil or criminal offenses;
• unlawful conduct relevant under Legislative Decree 231/2001 or violations of the organization and management models provided therein;
• offenses falling within the scope of the acts of the European Union related to the following areas: public procurement; services, products and financial markets and prevention of money laundering and terrorist financing; product safety and compliance; transportation safety; environmental protection; radiation protection and nuclear safety; food and feed safety and animal health and welfare; public health; consumer protection; protection of proven life and protection of personal data; and network and information system security;
• Acts or omissions that harm the financial interests of the Union;
• acts or omissions concerning the internal market (by way of example: competition or state aid violations);
• Acts or conduct that frustrate the object or purpose of the provisions set forth in Union Acts.

The report may, in addition, relate to:

• information on conduct aimed at concealing the above violations;
• unlawful activities not yet carried out, which the "whistleblower" believes may reasonably occur in the presence of concrete, precise and concordant elements;
• the well-founded suspicions, the notion of which will have to be subject to interpretation at the table of the "guidelines" that ANAC will be required to adopt, having consulted the Garante per la protezione dei dati personali, within three months from the date of entry into force of the decree (see Art. 10 Legislative Decree No. 24/2023.
• On the other hand, the provisions of the decree do not apply "to challenges, claims or demands related to an interest of a personal nature of the reporting person that pertain exclusively to his or her individual labor or public employment relationships, or inherent in his or her labor or public employment relationships with hierarchically subordinate figures."

Regarding the form of reports, Legislative Decree 4/2023 provides:

• the oral form, through telephone lines, voice messaging systems or, at the request of the reporting person, through a face-to-face meeting;
• The written form, including by computer.

Therefore, the information obligations to the Supervisory Board meet the following purposes:

• to verify the concrete suitability and adequacy of the Organization Model adopted, i.e., its real (and not merely formal) ability to prevent, in principle, unwanted and sanctioned behavior, pursuant to the Decree;
• to verify the effective implementation of the Organization Model, pursuant to Article 7 paragraph 4 letter a) of the Decree, i.e., its continued compliance with the institutional and organizational corporate structures and/or business activity, so as to modify the contents of the established management and control system or to introduce additional procedures or controls or suppress control instruments that have become impracticable or redundant, in the event of supervening strategic and/or organizational changes;
• report to the Supervisory Board, the possible existence of corporate processes found and/or perceived to lack adequate safeguards in whole or in part, as well as any malfunctioning of operating instructions and/or existing procedures;
• Propose any additions and/or changes to be made to the current Organization Model;
• To facilitate the performance of the function of updating the Organization Model, which is delegated to the Supervisory Board;
• Facilitate the performance of supervisory activities on compliance with the Organizational Model, by all Recipients, in order to verify its effectiveness, understood as the verification of the consistency between the concrete behaviors and the Organizational Model adopted and to ascertain, also, any violations, in view of the application of disciplinary sanctions introduced for this purpose;
• Facilitate the performance of supervisory activities, to protect the integrity of the company, including through the circumstantiated reporting of illegal conduct, relevant, pursuant to Legislative Decree 231/2001, based on precise and concordant factual elements.

The purposes highlighted above may be pursued by Etna Hitech S.c.p.A., through a reporting activity, towards the Supervisory Board, to be carried out by means of distinct channels, in written form (e-mail, communications and/or written reports), according to the methods indicated below.

Reports under this Organization, Management and Control Model should be sent to the Supervisory Board, through the dedicated e-mail box odv@eht.eu, in order to ensure the confidentiality of the identity of the reporter, without prejudice to legal obligations.

Without prejudice to the functionality of the aforementioned reporting channel to the Supervisory Board, the consortium company has, in addition, adopted a platform accessible, by all corporate human resources and any third party, directly through the link https://www.eht.eu/whistleblowing/, published on the home page of the corporate website, in order to report any violation or suspected violation of the Code of Ethics, as well as any further violation, pursuant to and for the purposes of Legislative Decree 24/2023 (so-called "whistleblowing" decree), of national or European Union regulatory provisions that are detrimental to the public interest or integrity of EHT, of which they have become aware in a public or private work context.

The recipient of the reports is the Supervisory Board of EHT, which carries out the relevant investigation and subsequent assessment, in accordance with the methods and timelines set forth in Legislative Decree 24/2023.

The reporting channels activated by EHT, in compliance with Legislative Decree 24/2023, guarantee the confidentiality of the reporting party, the individuals involved, those who are otherwise mentioned in the report, as well as the content of the report and related documentation.

In accordance with the provisions of Article 17 of Legislative Decree No. 24/2023, reporting parties may not be subject to any retaliation.

Pursuant to Article 19 of Legislative Decree No. 24/2023, any retaliation that the whistleblower believes he or she has suffered may be reported to ANAC.

In case of retaliation committed in the work environment of a public sector person, ANAC shall immediately inform the Department of Civil Service at the Presidency of the Council of Ministers and any guarantee or disciplinary bodies for measures within their competence.

In the case of retaliation committed in the employment context of a private sector person, the ANAC shall inform the National Labor Inspectorate for measures within its jurisdiction.

In order to acquire investigative elements indispensable for the ascertainment of retaliation, the ANAC may avail itself of the collaboration of the Civil Service Inspectorate and the National Labor Inspectorate, to the extent of their respective competencies, without prejudice to the exclusive competence of the ANAC with regard to the evaluation of the elements acquired and the possible application of the administrative sanctions referred to in Article 21. Acts taken, in violation of Article 17, are null and void.

Persons who have been dismissed, as a result of reporting, public disclosure, or reporting to the Judicial or Accounting Authority, have the right to be reinstated in their jobs.

The Judicial Authority shall take all measures, including provisional measures, necessary to ensure the protection of the subjective legal situation being asserted, including compensation for damages, reinstatement in the workplace, an order to cease the conduct engaged in, in violation of Article 17, and the declaration of nullity of the acts taken in violation of the same article.

11.6.2 Mandatory information flows from the Recipients of the Etna Hitech S.c.p.A. Organization, Management and Control Model to the Supervisory Board

Recipients of the Organization, Management and Control Model of Etna Hitech S.c.p.A. are obliged to communicate, promptly and in writing, to the established Supervisory Board through the dedicated e-mail box odv@eht.eu:

any violations of the Organization Model, detected or of which they have become aware, by reason of the functions performed or (2) any illegal conduct, relevant, pursuant to the Decree and based on precise and concordant elements of fact, of which they have become aware, by reason of the functions performed (3) or any serious anomalies inherent in the functioning of the Organization Model, or again, (4) the possible commission of atypical conduct that, while not constituting violations, deviates significantly from the ordinary business practice (5) the pendency of any criminal proceedings against him/her, due to the accusation of one of the offenses under the Decree, implying a possible consequent registration of the administrative offense, against Etna Hitech S.c.p.A. or any measures and/or news coming from Judicial Police organs, or any other Authority, from which it can be inferred that investigations are being carried out, against other company functions, for the crimes referred to in the Decree, always implying a possible consequent registration of the administrative offence, against Etna Hitech S.c.p.A.

11.6.3 Optional information flows from the Recipients of the Organization, Management and Control Model of Etna Hitech S.c.p.A. to the Supervisory Board

Without prejudice to the reporting obligations enumerated above, the Recipients of the Etna Hitech S.c.p.A. Organization, Management and Control Model will have the right to send the Etna Hitech S.c.p.A. Supervisory Board a written report, in order to point out: (1) any critical issues that have emerged in the exercise of their activities; (2) any requests for clarification regarding the conduct to be adopted, in the individual case, in order to comply with the prescriptions set forth in the Organization Model in force; (3) any information regarding application difficulties encountered; (4) any further written communication that is deemed to be of importance, for the purposes of the correct application of the Etna Hitech S.c.p.A. Organization, Management and Control Model.

The Supervisory Board of Etna Hitech S.c.p.A. will carefully and impartially evaluate all information and reports received, establishing their truthfulness and groundedness and ensuring anonymity with regard to the name of the author of the report, under penalty of the application of disciplinary sanctions under the disciplinary system in force; to this end, it will take the appropriate measures to ensure the confidentiality of the identity of the reporter and, consequently, to avoid any form of retaliation or discrimination.

11.6.4 Information flows from the Board of Directors of Etna Hitech S.c.p.A. to the Supervisory Board

The Board of Directors of Etna Hitech S.c.p.A. will in turn be obliged to notify the Supervisory Board:

1. Any changes in corporate governance and/or the corporate organizational chart;
2. any changes in the ownership of shareholdings, resulting from supervening transformation, merger and demerger operations.

11.6.4 The establishment of the figure of "responsible person" at Etna Hitech S.c.p.A. and of "contact person", at Consortium Companies and at Third Party Companies, linked to Etna Hitech S.c.p.A. by entrustment contracts or service contracts

Without prejudice to the information flows, described above, to be carried out by the Recipients of the Organizational, Management and Control Model of Etna Hitech S.c.p.A., towards the appointed Supervisory Board, is, also, established, the figure of the "person in charge" or "referent" under the Organizational, Management and Control Model pursuant to Legislative Decree 231/2001 of Etna Hitech S.c.p.A.

This figure is required to make the following mandatory information flows to the Supervisory Board of Etna Hitech S.c.p.A:

1. a timely and urgent information flow referred to in Section 11.7.2, in the same way as any additional Recipient of the Organization Model;
2. a further periodic information flow, having, specifically, the function of informing the Supervisory Board: i) about the internal organization of the company area or external structure, respectively, submitted to the appointed manager or contact person and their evolution over time; ii) about the training carried out, in respect of the company subjects or third parties, in charge of managing the processes, in the interest of Etna Hitech S.c.p.A.; iii) regarding the procedures and/or operating instructions in place, used, for the purpose of managing sensitive processes, attributable to Etna Hitech S.c.p.A.; iv) regarding the first-level controls carried out, at Etna Hitech S.c.p.A, by the appointed managers or contact persons; v) regarding any inspections or controls, carried out, by certifying bodies, the Judicial Authority or other Public Bodies, against Etna Hitech S.c.p.A., in relation to sensitive processes, pursuant to Legislative Decree 231/2001; vi) regarding further relevant information, diversified, within the individual information reports, in consideration of the tasks carried out by the individual function considered.

For the sake of completeness, it should be emphasized how Etna Hitech S.c.p.A. deems it appropriate to impose the obligation to carry out the above-mentioned mandatory flows also on Consortium Companies and Third Party Companies, which are called upon to perform, by virtue of entrustment contracts or service contracts, performances and/or services, in the interest of Etna Hitech S.c.p.A.

In such a case, Etna Hitech S.c.p.A. will consider the advisability, in relation to the individual concrete case, of appointing, as a Contact Person, the person designated by the Consortium Company or Third Party Company, to perform the performance or service, in the name and on behalf of Etna Hitech S.c.p.A.; in the case of appointment, this person will transmit to the Supervisory Board of Etna Hitech S.c.p.A., the periodic information report described above.

The appointed Manager will, in addition, have the power to appoint, in turn, by written deed, a Sub-Manager, who-supervised by the Manager himself-will assume responsibility for the individual risk operations entrusted to him.

11.7 DISSEMINATION OF THE MODEL

For the purposes of the effectiveness of the Organizational Model adopted by Etna Hitech S.c.p.A., it is of primary importance that all human resources of Etna Hitech S.c.p.A. are aware of the prevention and control measures contained therein.

The adoption of the Model is, therefore, formally communicated by the Board of Directors of Etna Hitech S.c.p.A. to all Recipients in a manner suitable to ensure effective knowledge of it.

As for the personnel of Etna Hitech S.c.p.A., they are required to sign a declaration of acknowledgement of having read the Organization, Management and Control Model adopted by the consortium company and a commitment to comply with its requirements.

With regard, on the other hand, to suppliers, contractors and consultants, involved in the identified sensitive processes, any contract involving the establishment of a business relationship or any form of collaboration with them must explicitly contain a clause referring to the Organization, Management and Control Model in force at Etna Hitech S.c.p.A. and, specifically, to the obligation to comply with Legislative Decree 231/2001 and the provisions of the Model adopted by the consortium company.

The Organizational, Management and Control Model adopted by Etna Hitech S.c.p.A. will be made available to all Recipients in the manner the consortium company deems appropriate.

11.8 STAFF TRAINING

The training of human resources, for the purpose of implementing the Organization, Management and Control Model of Etna Hitech S.c.p.A., is managed by the People Management Manager (PMM), in close collaboration with the Supervisory Board.

Periodically, also in relation to any, supervening regulatory and/or organizational changes, the aforementioned People Management Manager (PMM) proposes a training plan to the Supervisory Board, which is entrusted with the task of verifying the adequacy of its contents, as far as relevant aspects are concerned, in accordance with the Decree, proposing, if necessary, appropriate additions.

This training plan must provide for differently detailed interventions marked by different degrees of depth, depending on the apical or subordinate role held by the recipient of the training and the type of sensitive processes managed within the consortium company.

For example, the training may focus on: (i) general training on the contents of Legislative Decree 231/2001 and the Organizational, Management and Control Model of Etna Hitech S.c.p.A.; (ii) specific training on issues related to sensitive processes managed by the individual Company Area and the various "Area Managers" in charge (for example, specific training on computer crimes or tax crimes or even crimes against the Public Administration, etc.).

In addition, it may take place, with different modes: (a) in-person training; (b) online training.

Training courses will have mandatory attendance.

It will be the responsibility of the People Management Manager (PMM) of Etna Hitech S.c.p.A. to inform the Supervisory Board about the results, in terms of adherence, satisfaction and outcome of these courses.

11.9 THE DISCIPLINARY SYSTEM

11.9.1 General Principles

The establishment of a penalty system is an essential requirement of the Organization, Management and Control Model, in accordance with Article 6 of the Decree.

The effective implementation of the Organizational Model adopted by Etna Hitech S.c.p.A. must, therefore, contemplate the provision of a disciplinary system, aimed at sanctioning non-compliance with the prevention and control measures contained therein (see art. 7 paragraph 4 letter b) Decree).

Disciplinary measures represent, in fact, a means of deterrence and punishment of conduct by the various corporate functions, included in the corporate organization of Etna Hitech S.c.p.A. which, by violating the rules dictated by the consortium company, expose it to the risk of the onset of administrative liability, pursuant to the Decree.

The application of disciplinary measures follows, therefore, the simple violation of the prescriptions contained in the Model of Organization, Management and Control adopted by Etna Hitech S.c.p.A. and results, completely independent, from the conduct and outcome of any criminal proceedings, against the offender, registered by the Judicial Authority.

11.9.2 Disciplinary measures against employees

Without prejudice to the obligations set forth in Law No. 300 of May 30, 1970 (Workers' Statute), Etna Hitech S.c.p.A. employees are required to comply with the Organization, Management and Control Model in force at the consortium company, under penalty of incurring a disciplinary offense and the consequent application of the relevant disciplinary measure.

Violation of the Organizational Model of Etna Hitech S.c.p.A., insofar as it is detrimental to the fiduciary relationship established between the perpetrator of the violation and the consortium company, entails the exercise of disciplinary action which, in consideration of the working position held by the perpetrator of the offence, may take on different connotations.

The disciplinary measures applicable by the company, with respect to its employees, after ritual notification in accordance with Article 7 of the Workers' Statute, are those referred to in the CCNL of 18.7.2008, renewed on 26.2.2011, in force for employees of Tertiary (Confcommercio) companies (see Chapter XXI entitled "Duties of personnel and disciplinary rules").

Article 225 of the National Collective Bargaining Agreement under review specifically provides for the applicability of the following disciplinary measures: "verbal reprimand"; "written reprimand"; "fine in an amount not exceeding the amount of four hours of normal pay referred to in Article 193"; "suspension from pay and service for up to ten days"; and "disciplinary dismissal with or without notice."

Pursuant to this Organization, Management and Control Model, any conduct by the employee that results in:

1. the violation of the rules of conduct, procedures, operating instructions, information flows and any additional prevention and control measures, as set forth in the Organizational, Management and Control Model of Etna Hitech S.c.p.A. or by other documents, related to it or the adoption, in the performance of activities related to the identified sensitive processes, of a conduct that does not comply with the requirements enshrined in the Model or even the omission of communication, to the Supervisory Board, of the reports prescribed by the Model, or the making of unfounded reports, with malice or gross negligence; in this case, the worker will incur the measure of verbal or written reprimand;
2. the violation, on more than one occasion, of the rules of conduct, procedures, operating instructions, information flows and any additional preventive and control measures, set forth in the Organizational, Management and Control Model of Etna Hitech S.c.p.A. or by other documents, related to it or the adoption, on more than one occasion, in the performance of activities related to the identified sensitive processes, of a conduct that does not comply with the requirements enshrined in the Model; in this case, the worker will incur the measure of a fine;
3. the violation of the rules of conduct, procedures, operating instructions, information flows and any additional prevention and control measures, as set forth in the Organizational, Management and Control Model of Etna Hitech S.c.p.A. or by other documents, related to it or the adoption, in the performance of activities related to the identified sensitive processes, of a conduct that does not comply with the prescriptions enshrined in the Model, such as to determine, for Etna Hitech S.c.p.A, the occurrence of damage or an objective situation of danger, for the integrity of the company's assets; in this case, the worker will incur the measure of suspension from service and pay for a maximum of ten days;
4. the adoption, in the performance of activities related to the identified sensitive processes, of a conduct that is clearly in violation of the rules of conduct, procedures, operating instructions, information flows and any additional prevention and control measures, provided by the Organization, Management and Control Model of Etna Hitech S.c.p.A. or other documents, related to it, directed, unequivocally, to the commission of one of the offenses provided for in the Decree, having to recognize, in such behavior, the determination of considerable damage or a situation of considerable prejudice to the company; in this case, the worker will incur the measure of dismissal with notice;
5. the adoption, in the performance of activities related to the identified sensitive processes, of a behavior blatantly in violation of the rules of conduct, procedures, operating instructions, information flows and any additional preventive and control measures, provided by the Model of Organization, Management and Control of Etna Hitech S.c.p.A. or other documents, related to it, such as to determine the concrete application against the company, of sanctions provided by the Decree; in this case, the worker will incur the measure of dismissal without notice.

The applicable disciplinary measure, among those exhaustively provided for, will be the one to be considered congruous with respect to the concrete case and commensurate with the seriousness of the violation, taking, also, into account any recidivism.

In particular, the following will be taken into account:

1. of the intentionality of the behavior or the degree of negligence, recklessness or inexperience with regard also to the foreseeability of the event;
2. of the worker's overall behavior, with particular regard to whether or not the worker has a disciplinary record, to the extent permitted by law;
3. Of the worker's duties;
4. Of the functional position of the persons involved, in the facts constituting the failure;
5. Of the other special circumstances, which accompany the disciplinary violation.

With regard to the investigation of the aforementioned disciplinary offenses, as well as the disciplinary procedure and the imposition of the relevant measures, the powers already granted to the competent corporate bodies of Etna Hitech S.c.p.A. remain unchanged, within the limits of their respective attributions.

The disciplinary system is constantly monitored by the People Management Manager (PMM).

11.9.3 Measures against members of the board of directors

In the event of violation of the Organization, Management and Control Model of Etna Hitech S.c.p.A., by one or more members of the Board of Directors, the Supervisory Board will inform the entire Board of Directors and the Board of Statutory Auditors, who will take the appropriate initiatives, provided for by current regulations.

11.9.4 Measures against suppliers or consultants

Any conduct engaged in by suppliers or Consultants of Etna Hitech S.c.p.A, contrary to the prescriptions set forth in this Organization, Management and Control Model and such as to entail the risk of commission of an offence, may determine, in accordance with the provisions of the specific clauses, included in the letters of appointment or in the various contractual agreements, the termination of the relevant assignment or contractual relationship or the adoption of any further contractual sanction specifically provided for, without prejudice to any claim for compensation, if concrete damage to Etna Hitech S.c.p.A. results from such conduct, as in the case of application, by the Judge, of the measures provided for in the Decree.

Measures against the members of the Supervisory Board

In case of violation of the Organization, Management and Control Model of Etna Hitech S.c.p.A., by one or more members of the Supervisory Board, the other members of the Board or any one of the auditors or directors will inform, immediately, the Board of Directors and the Board of Auditors of Etna Hitech S.c.p.A.

These bodies, after contesting the violation and granting the appropriate means of defense, will take the appropriate measures, including, but not limited to, the revocation of the appointment given to the member involved in the violation or to the entire Body and the consequent appointment of a new member or a new Supervisory Board.

11.10 INITIATIVES OF THE SUPERVISORY BODY

If the Supervisory Board of Etna Hitech S.c.p.A. finds a violation of the Organization, Management and Control Model, it may propose to the Board of Directors - having also heard the opinion of the People Management Manager (PMM) - the adoption of the sanction it deems most appropriate, subject to compliance with the limits established by law.

In carrying out its investigative activities, the Supervisory Board shall exercise all powers necessary to ascertain the facts, ensuring the confidentiality of the recipients of the relevant sanctions.

In carrying out this activity, it makes use of the collaboration of the People Management Manager (PMM) and may, also, request, if necessary, the contribution of external consultants, whose names must be promptly communicated to Etna Hitech S.c.p.A., for the purpose of formalizing, in writing, the relative assignment.