Legislative Decree No.  231 of 8 June 2001 (hereinafter, also "Decree" or "Legislative Decree 231/01"), issued in execution of the Delegation Law referred to in Law No. 300/2000, introduced the regime of "Administrative Liability of legal persons, companies and associations, including those without legal personality" into our legal system.

This decree introduced a new form of company liability, qualified as administrative, but substantially of a criminal nature, for crimes committed by:
a) persons who hold positions of representation, administration or management of the entity or one of its organisational units with financial or functional autonomy, as well as persons who exercise, even de facto, the management or control of the entity (so-called "Senior Management", art. 5 paragraph 1, lett. a);
b) persons subject to the management or supervision of one of the individuals indicated above (so-called "Subordinates", art. 5 paragraph 1, lett. b)

Articles 6 and 7 of the Decree provide that, if one of the crimes referred to in the Decree is committed by a Senior Manager or by a Subordinate in the interest or to the advantage of the legal entity, this may be exempt from liability if it has:
• adopted and effectively implemented internally an "Organisation, management and control model" capable of preventing such crimes;
• appointed an internal body with autonomous powers of initiative and control with the task of supervising the operation of and compliance with the Model mentioned in the previous point.

According to the provisions of art. 6, paragraph 2, of the Decree, this Model must meet the following requirements in particular:
1. identify the activities in which crimes may be committed;
2. provide for specific protocols aimed at planning the formation and implementation of the entity's decisions in relation to the crimes to be prevented;
3. identify ways of managing financial resources suitable for preventing the commission of offences;
4. provide for disclosure obligations towards the body appointed to supervise the operation of and compliance with the Model;
5. introduce a disciplinary system suitable for sanctioning non-compliance with the measures indicated in the Model.

Although Legislative Decree No. 231/01 emphasises the "exempting" function of the Organisation, Management and Control Model for the entity, the Model primarily has a "preventive" function in relation to the crimes referred to in the Decree and, more generally, it is aimed at ensuring that the entity's activity fully complies with a parameter of "legality".

Mediberg, whose Organizational and Management Model has been in force since 2014, after an articulated process of risk assessment and analysis has recently:

• 1. updated its Organizational, Management, and Control Model pursuant to Legislative Decree 231/01, which is now composed of the following documents:


• a) a general part: “General Part Model – General Model”;
• b) a special part: “Special Part Model – Special Model”;
• c) the Code of Ethics;
• d) four Annexes:
• “Disciplinary System”;
• Annex 1 – List of offenses and implementation methods;
• Annex 2 – List of offenses of Legislative Decree 231/01 (updated to October 2023);
• Whistleblowing Procedure and its related annexes adopted by the Company pursuant to Legislative Decree 24/2023.


• 2. proceeded with the new appointment of the Supervisory Body.