Quality and Information Security Policy

Geen.AI S.r.l. develops and provides an AI-based pre-clinical triage SaaS platform that guides patients and users towards the most appropriate health and social-care service within healthcare facilities, public administration and companies.

Management commitments

The Management of Geen.AI is committed to:

• Ensuring customer satisfaction through reliable, secure services that comply with the agreed requirements;
• Protecting the confidentiality, integrity and availability of the information managed, with particular attention to sensitive health data;
• Complying with all applicable mandatory regulations, including GDPR, the AI Act and information-security legislation;
• Adopting a risk-based approach to identify and mitigate threats to service quality and information security;
• Promoting the continuous improvement of processes, skills and technologies;
• Developing software according to security-by-design and privacy-by-design principles;
• Ensuring ongoing staff training in quality, information security and data protection;
• Selecting and monitoring suppliers based on quality and security criteria;
• Communicating transparently with all interested parties.

Strategic objectives

• Maintain platform uptime ≥ 99.5%
• Zero security incidents impacting customer data
• Achieve ISO 9001:2015 and ISO 27001:2022 certification by 2026
• Reach a customer satisfaction index ≥ 8/10
• Complete annual security training for 100% of staff

This policy is communicated to all staff and made available to interested parties through the company website and the Complaion platform.

Milan, 19 April 2026
Giulia Marchese — CEO and Management Representative — Geen.AI S.r.l.