NASDAQ: IDAI

•Reducing the size of the non-production-focused executive and consulting teams to reduce overhead and releasing sales staff that did not meet their targets

•Adding senior business development advisors in Ghana, Nigeria, Kenya and Malta primarily compensated based on revenue received

•Developing joint ventures with proven industry partners with access to target markets

•Increasing focus on the cryptocurrency market (especially Stablecoins) and developing products designed to meet specific needs and opportunities in that sector

•Updating services offered via the Orchestration Layer platform in response to market feedback

•Expanding our IP portfolio to strengthen our existing position related to presentation attack detection and tokenization and include implementations such as:

i.Embedded ownership verification for cryptographic assets, a technology that we believe to have significant potential with the expansion in the ownership of crypto-assets including potential deregulation (or loosening or clarification of regulation) in the United States together with the global growth of stable coins including Central Government Digital Currencies.

ii.StableKey (or “Stable IT2”) which is a revolutionary technology that generates a “key” directly from the biometric of the user which key has a mathematical correlation to all of the user's passwords, PINS, and other “secrets” for every account and use case meaning that those secrets never need to be stored in their entirety.

•Strengthening our international 3rd party cybersecurity and data handling certifications including NCSC Cyber Essentials Plus, certified by The IASME Consortium Ltd, SOC2 certification, and D-Seal approval (the world’s first certification that includes not just data and AI model security but also the ethical and responsible use of data).

•Opening an office in Tokyo (with funding from the City of Tokyo and the Japanese government) to pursue opportunities in the APAC region.

•Participating in the K-Startup Grand Challenge 2025, South Korea’s premier acceleration program for innovative foreign startups. Backed by the Ministry of SMEs and Startups, the program supports high-potential global

technology companies in establishing a presence in South Korea and expanding across the broader Asia-Pacific region.

•Establishing go-to-market partnerships in Nigeria and Ghana

•Participation in the Trust Valley program in the Geneva region of Switzerland

•Participation in the Founders Arena wealth management program

Markets

Trust Stamp has evaluated the market potential for its services across several verticals. (Note - none of the reports, articles, and/or data sources referenced below were commissioned by the Company, and none of them are incorporated by reference).

Data Security and Fraud

•In 2024 alone, numerous large-scale cybersecurity incidents resulted in the exposure of billions of personal records worldwide, including the so-called “Mother of All Breaches” involving over 26 billion records aggregated from multiple prior breaches, a breach of National Public Data affecting approximately 2.9 billion records including Social Security numbers, and significant compromises at major organizations such as Dell (49 million customer records), Twilio (33 million phone numbers), and Roll20 (15 million accounts). The U.S. healthcare sector alone reported 14 breaches each affecting over one million individuals, impacting an estimated 238 million residents, while other notable incidents included data exfiltration from Kadokawa/Niconico in Japan, a 1.2-terabyte leak of Disney internal communications, and widespread mobile app exposures affecting over 1.7 billion users. These breaches underscore persistent systemic vulnerabilities across industries and geographies, with material legal, operational, and reputational risks.

•In 2024, global losses from payment card fraud alone reached approximately $33.8 billion, according to the Nilson Report, surpassing the previous year’s figures and driven by escalating card‑not‑present and e‑commerce fraud. In the broader digital payments sphere, including ACH, digital wallets, BNPL, and e‑commerce, the Merchant Risk Council estimates merchants lose about 3.2 % of annual e‑commerce revenue to fraud, while Juniper Research forecasts online payment fraud losses totaling $362 billion globally by 2028, encompassing all payment channels. Furthermore, McKinsey projects $400 billion in cumulative card fraud losses over the next ten years, with authorized push payment fraud growing at an 11 % CAGR through 2027. Taken together, these figures underscore a mounting global financial liability from payment fraud that is poised to climb steadily unless countered by effective prevention strategies.

In March 2026, we announced the completion of two strategic transactions intended to expand our capabilities in cybersecurity, risk, compliance, and related trust and security solutions. Effective February 26, 2026, we acquired 100% of the outstanding share capital of Lexverify Ltd, and effective March 9, 2026, we subscribed for a 50% ownership interest in Cyberfish CyberPsychology Solutions Ltd.

We believe these transactions strengthen our position in the data security and fraud market by adding complementary technologies and domain expertise. Lexverify brings experience in risk, compliance, and privacy-related solutions, including applications involving large language models, while Cyberfish contributes expertise in crisis simulation and business disruption scenario training. We believe the combination of these capabilities with our existing AI-powered trust, identity, and security solutions may create opportunities for product development, enhanced client offerings, and cross-selling across industries with significant security, compliance, and operational resilience needs.

Both Lexverify and Cyberfish participated in accelerator programs associated with the UK National Cyber Security Centre, and we believe these relationships reflect the relevance of their technologies to cybersecurity resilience. We also expect these transactions to enhance our leadership resources and support our broader strategic growth initiatives.

Financial and Societal Inclusion

•According to the “Global Findex Database 2021,” published by the World Bank, 1.4 billion people were unbanked as of 2021.

•131 million small and medium-sized enterprises in emerging markets lack access to finance, limiting their ability to grow and thrive (UNSGSA Financial Inclusion Webpage, Accessed March 2023).

•The global market for Microfinance is estimated at $250.4 billion in the year 2024, and is projected to reach $506 billion by 2030 according to the 2025 report titled “Microfinance - Global Market Trajectory & Analytics” published by Global Industry Analysts, Inc. To accelerate our work in this market, the Company joined the Mastercard Lighthouse MASSIV program in Spring 2025 designed to empower sustainability and social impact through strategic partnerships aiming to assist participants to scale on a global level.

Trust Stamp’s biometric authentication, liveness detection, and information tokenization enable individuals to verify and establish their identities using data derived from biometrics. While individuals in this market lack traditional means of identity verification, Trust Stamp provides a means to authenticate identity that preserves an individual’s privacy and control over that identity.

Alternatives to Detention (“ATD”)

•The ATD market includes Federal, State, and Municipal agencies for both criminal justice and immigration purposes. Trust Stamp addresses the ATD market with applications built on Trust Stamp’s privacy-preserving solutions allowing individuals to comply with ATD requirements using ethical and humane technology methodologies. Trust Stamp has developed innovative patented technologies for use in the ATD market encompassing biometrics, geolocation, and tokenization as well as a proprietary, tamper-resistant, battery-free “Tap-In-Band” that can complement or replace biometric check-in requirements and provide a lower-cost and more humane alternative to traditional “ankle bracelet” technology.

•In December 2024, we announced a go-to-market agreement with a leading provider of software solutions to the U.S. Federal Government. Based on the priorities of the current administration and express funding provision in the 2026 appropriations bill, the Company and its partner are actively communicating with the government on opportunities to implement the Company’s technology for identified and funded needs but no substantive progress is anticipated until there is an approved appropriations bill for the Department of Homeland Security.

Stablecoins and other Cryptocurrencies

•As of mid-2025, the total stablecoin market capitalization sits around $170 billion, with sources varying between $160B and $200B depending on which coins are included. Tether (USDT) still dominates the pack, with other major players like USDC, BUSD, and DAI following behind. Analysts project the market cap of stablecoins to double to around $300–400 billion by 2030, driven by incremental adoption in payments and DeFi. Predicting this growth, the Company invested in developing and patenting technologies that it believes to be important assets to participate in the stablecoin and other cryptocurrency markets, including a patent related to embedding identity data in the metadata of cryptographic tokens and the trademark “StableKey”. The Company anticipates cryptocurrencies playing a growing role in its customer base in parallel to, and in some cases involving, its traditional financial services customers.

The Company announced a biometrically secured proprietary non-custodial software wallet in December 2025 which will be able to function as both a wallet directly managing access credentials for digital assets and as a “wallet of wallets”. The wallet will be offered directly to end-users and financial institutions. At the end of December 2025, our R&D team delivered an Minimum Viable Product ("MVP") of our Stablecoin-focused Wallet of Wallets (“WoWTM”) and we signed an LOI with a fellow Nasdaq company for a first deployment. During January 2026, our Director of Innovation relocated to Switzerland to participate in the Trust Valley program and identify opportunities in Switzerland for our StableKey technology and WoW. Final design of the WoW wallet awaits clarity regarding the in-flux legislation related to the ability of stablecoins to pay interest or similar returns. While our WoW product has not yet been taken to market, it offers advanced capabilities and utilizes proven proprietary technologies. Therefore, we believe that if we establish product-market fit, the economic potential could be substantial.

Healthcare Technology

We believe the healthcare sector represents a significant opportunity for the application of our identity authentication and privacy protection technologies. Healthcare providers, pharmacies, and related service organizations increasingly require secure, privacy-conscious methods to verify identity, protect sensitive personal information, and support digital workflows across patient onboarding, records access, and service delivery.

We have for several years recognized the potential of our technology in healthcare-related use cases, and during 2025 we advanced these efforts from exploration toward commercial implementation. We currently have a revenue generating commercial implementation with a Malta-based company that also operates in Dubai. In addition, we are in advanced negotiations to deploy our technology for an international pharmacy and primary care group in the European Union and MENA region and are in discussions with a well established EU hospital group regarding a tele-medicine partnership in Africa.

We believe our capabilities are well suited to healthcare environments, where organizations must balance security, regulatory compliance, user accessibility, and protection of highly sensitive data. Our technology may help healthcare-sector customers enhance trust in digital interactions while reducing the need to expose or retain unnecessary personal information. While our healthcare initiatives are still developing, we believe this sector may become an increasingly important component of our commercial growth strategy.

Other Markets

The Company is developing products and working with partners and industry organizations in other sectors that offer significant market opportunities for our existing and pipeline IP. We anticipate licensing our technology in numerous fields, typically through established partners who will integrate our technology into field-specific applications.

Africa

The African Continental Free Trade Area (AfCFTA) is a landmark agreement that binds 54 African nations and an estimated 1.47 billion people into the world’s largest free trade area. AfCFTA has significant economic potential for Africa, as it aims to create a single market for goods and services across 55 countries, representing over 1.3 billion people with a combined GDP of approximately $3.4 trillion. By reducing trade barriers, the agreement could contribute an additional $450 billion to Africa’s GDP by 2035, lifting 30 million people out of extreme poverty and increasing the incomes of 68 million people, according to the World Bank. Over the next decade, Africa’s share of the world population is projected to reach 21%, up from 13% in 2000. More than 50% of young people entering the workforce will be in sub-Saharan Africa. By 2050, the region’s working-age population will still be rising while it is falling virtually everywhere else, and Africa will be home to an estimated 2.5 billion people, or 25% of all humanity.

Globally, 850 million people did not have identity documents in 2023, with 542 million pe in Africa. Of that 542 million, 95 million are children who have never had their birth recorded, and 120 million are children without a birth certificate. The single initiative of implementing universal tokenized identity in African countries has the potential to significantly boost the implementing countries' economies. According to the United Nations Economic Commission for Africa (UNECA), countries adopting digital ID programs could unlock economic value equivalent to 3% and 13% of their GDP by 2030.

A transition to digital records for births, marriages, deaths, and electronic identity documents represents a transformative opportunity for developing nations and builds a foundation for economic growth. Establishing a robust digital infrastructure for vital records enhances administrative efficiency, fosters inclusive development, strengthens governance, and unlocks economic potential. Yet, developing African countries are often unable or unwilling to fund the initial capital expenditure required to make the transition.

Trust Stamp participated in financial inclusion projects in Africa for a number of years through Mastercard’s previous implementation of our technology and we established a regional R&D center in Rwanda in 2021 to focus on ensuring equity in the development and implementation of biometric technology in Africa. In 2023 we started direct outreach to African countries and we are in serious and extended dialogue with four countries as well as our work with Africa’s largest provider of mobile telecommunications services.

With the assistance of the Mastercard Lighthouse MASSIV program, we intend to build upon this work to maximize the opportunities to meet the critical need for secure identity programs for both governments and NGOs and have established go-to-market focused agreements with partners in Nigeria and Ghana.

Our multi-year investment in the African market has progressed from market cultivation to revenue generation. In January 2026, we received our first purchase order for the use of our Irreversibly Transformed Identity Token (“IT2”) from an African telecommunications company situated across a dozen African and Middle Eastern markets and serving hundreds of millions of subscribers. The initial purchase order is for the IT2 in a specific market but based upon our customer’s communications, we anticipate both the geographic scope and product range expanding in 2026. We are also in discussion with another major telecoms provider in Africa for similar services and are making progress towards an agreement. Based on these two engagements and market discovery, we will be actively pursuing similar telecoms opportunities in other African countries and elsewhere.

In parallel, our first African nation-state project continues to progress albeit at a slower pace than we would hope. We anticipate announcing specific revenue commitments in the third quarter of 2026.

During January 2026, at their request, we worked with the office of the Vice President of Nigeria and various federal and local government ministries to arrange for a Trust Stamp team to visit Nigeria for two weeks during February 2026 to identify areas of government operations where our technology can be implemented. We believe the visit was very successful in building potential partnerships at a Federal and Regional level in Nigeria, and significant PR regarding this potential was generated by the Nigerian government and published online. Individual project discussions are now ongoing between our Company and the various federal and local government ministries that we met with on this trip.

United Kingdom

With our growing team in the UK, we have started to identify banking sector opportunities there and will be pursuing those opportunities going forward. We are also engaging with the fast accelerating UK age-verification market that is (largely unsuccessfully) seeking to comply with new government mandates. To this end, on March 9, 2026, the Company (through its wholly-owned subsidiary, Trust Stamp Malta Limited) agreed to subscribe for fifty percent (50%) of the authorized share capital of CyberFish CyberPsychology Solutions Ltd, a private company incorporated in England and Wales that is a graduate of the UK National Cybersecurity Center’s startup program (“CyberFish”). On the same date, the Company (through Trust Stamp Malta Limited) entered into a Consulting Agreement with CyberFish. Under the Consulting Agreement, CyberFish agreed to provide consulting services relating to market development in the United Kingdom, including market entry and expansion strategy, business development, partnership identification, and related services.

Principal Products and Services

We adhere to the best practices outlined in the National Institute of Standards and Technology (“NIST”) and International Organization for Standardization (“ISO”) frameworks, and our policies and procedures in managing personally identifiable information (“PII”) comply with General Data Protection Regulation (“GDPR”) requirements wherever such requirements are applicable.

The IT2 replaces biometric templates and scans with meaningless numbers, letters, and symbols to remove sensitive data from the reach of criminals using a proprietary process by which a deep neural network irreversibly converts biometric and other identifying data, from any source, into the secure tokenized identity. This IT2 is unique to the user, is different every time it is generated from a live subject, and cannot be reverse-engineered and rebuilt into the user’s face or other original identity data.

Each token can be stored and compared to all other tokens from the same modality, allowing the Company’s AI-powered analytics to predict if a single subject has generated two or more tokens, even if the subject has passed conventional KYC with, e.g., falsified identity documents. Using this technology, an IT2 can be employed for re-authentication purposes, including account recovery, password-less login, new account creation, and more, across the organization or even within a consortium of organizations, all in a low-cost and low-friction delivery that is fast and secure.

Our technology is being used for enhanced due diligence, KYC/AML compliance, synthetic identity fraud reduction and “second chance” approval for customer onboarding and account access, together with the delivery of humanitarian and development services. The solution allows organizations to approve more users, keep bad actors from accessing systems and services, and retain existing users with a superior user experience.

Our hashing and matching technology can maximize the effectiveness of all types of identity data while rendering it safer to use, store, and share. Whatever the source of identity data, it can be stored and compared as an IT2. See the chart below for examples.

The Lexverify acquisition immediately added capability for LLM-powered compliance monitoring of communications and documents, and the Cyberfish investment provides us with risk-scenario products that we regard as having significant and immediate potential for our existing customer base and others. Together, the two transactions provide us with the expertise to build unique scenarios to train LLM, together with other LLM based products that will be announced during 2026.

Products Under Development

We have continued rapid investment in the development of technologies to rebut the growing dangers of AI-powered attacks. We are currently in production-testing of new tools to combat both Injection and Generative Adversarial Network Attacks and we plan to submit our newest innovations for third-party certification in Q2 2026. We believe that this sustained investment in intellectual property differentiates us from many larger competitors that are farming legacy technology

Distribution

Through licensing we allow customers to utilize our technology in a wide variety of applications. Uses can include (e.g.):

•The provision of services and hashing to enterprises, NGOs, and government, to overlay on third-party biometric and identity data.

•Hash licensing, translation, and certification services for biometric vendors.

•Management of zero-knowledge-proof services, whether as a tributary between Identity Lakes or operating consortium lakes.

•Tokenized identity creation for large scale deployments, such as humanitarian and government identity programs.

Licensing Agreements

License agreements are typically a hosted offering, on-premise solution, or both pursuant to which the customer pays for the initial product development plus a license fee for the use of Trust Stamp’s technologies on a periodic and/or volume-based basis. In addition to consuming and paying for Trust Stamp’s services for their own use, some key customers also serve as channel partners by offering Trust Stamp products to their own customer base, whether as stand-alone products, or integrated into their own services as upgraded product offerings.

SaaS Agreements

Software-as-a-Service ("SaaS") agreements are typically serviced through the Company’s Orchestration Layer platform, which is being utilized in new global identity authentication system with Fidelity Information Services, LLC ("FIS"). The platform includes our proprietary tokenization technology and is designed to provide easy integration with and access to, Trust Stamp’s products, chargeable on a per-use basis. The Orchestration Layer facilitates no-code and low-code implementations, making adoption faster and even more cost-effective for a broader range of potential customers. It is expected to accelerate the Company’s evolution, from being exclusively a custom solutions provider, to also offering a modular and highly scalable SaaS model with low-code implementation.

Competition

We can potentially work with any identity data from any source, potentially breaking vendor and modality lock-in, but our primary market target is the biometric service industry, which is growing exponentially while being threatened by a consumer, media, and legislative backlash against storing biometric data. The IT2 can potentially be overlaid on any biometric or other identity data provider.

In general, we compete for customer budgets with any company in the identity authentication industry. Major competitors in this space include companies such as NEXT Biometrics, IDEMIA, Synaptics, Cognitec, Innovatrics, Suprema, FaceTec, Rank One Computing, Acuant, Jumio, Onfido, Ping, and Mitek. However, we believe that, due to the uniqueness of our technology solution, the Company does not currently have any direct competitors for the core IT2 solutions upon which the growth in our business plan is focused.

We believe that given sufficient time and resources, we can augment any biometric modalities including face, hand, iris, voice, gait, and behavior, together with any other identifying data which places us in a unique position versus providers of biometric services.

We are unaware of any other provider being able to offer or support a proliferation of tokenized authentication modalities in this fashion, and therefore we believe there are no other companies that directly compete with us in this space. If our go-to-market strategy is successful, biometric service providers can be channel distributors, and not necessarily competitors.

Growth Strategy

Our strategy is to:

•Expand the scope and range of services that we provide to and through our existing clients.

•Continue to add significant new clients for our current and future services.

•Offer our services via channel partners with substantial distribution networks.

•Offer our technology on a “low code” basis, providing access via an orchestration layer and/or open-APIs to enable implementation by a broader range of clients.

•The addition of alternate authentication tools including non-facial-biometric options and non-biometric-knowledge and device-based tools facilitating two and multi-factor authentication.

•Offer our IT2 technology for use by other biometric and data services providers to protect and extend the usability of their data.

•Provide ready-to-use / customizable platforms that leverage our IT2 technology in specialized markets.

Human Capital

Given the geographic diversity of its team, and to facilitate cost-effective administration, Trust Stamp secures the services of its permanent team members through a variety of administrative structures that include wholly owned subsidiaries, professional employer organizations, and consulting contracts. Over 2024 and 2025, our team size was rationalized to maximize the impact of investable dollars. As of December 31, 2025, the Company had 4 full-time and 1 part-time team members that work out of the United States, 24 full-time members that work out of Malta, 13 full-time team members in Poland and Central Europe, 2 full-time and 1 part-time team members in the United Kingdom, 14 full-time team members and 1 part-time team members working in the Philippines, 12 full-time team members working in Rwanda, 2 full-time team members in Denmark, and 1 full-time team member working in India. In addition, our permanent team is augmented by long-term contractors and as needed by contract development and other staff on a short-term basis.

Outsourcing

We design and develop our own products. We use an outsourcing company, 10Clouds, for additional development staff as needed. 10Clouds is considered a related party. 10Clouds is considered a related party due to being the Company's third party contractor for software development and investor in the Company. In addition, we also utilize SourceFit, a company in the Philippines, for PEO services, representing approximately 3% of our operating expenses during the year ended December 31, 2025. Amazon Web Services provides cloud hosting and processing services, representing approximately 10% of our operating expenses during the year ended December 31, 2025.

Key Customers

The Company’s initial business consisted of developing proprietary privacy-first identity solutions and implementing them through custom applications built and maintained for a few key customers. In the fourth quarter of 2022, the Company added to its product offerings a modular SaaS model intended for low-code or no-code implementation (“the Orchestration Layer”). The Orchestration Layer has been successful in attracting interested customers with over one hundred (100) financial institutions onboarded as of the date of this report, but those institutions have been slow to go into full production which has impacted revenue expectations. An analysis of the slow adoption revealed that many of the institutions would need some level of customization, and in the fourth quarter of 2024 and the first quarter of 2025, the Company invested in the modification of the modules to meet the broader range of needs and preferences identified by the enrolled institutions. The Company is now seeing a growth in transaction volumes and is focused on maintaining and accelerating that growth.

Historically, the Company generated most of its income through two long-term partnerships, comprising a relationship with an S&P 500 bank and a relationship with Mastercard International (“Mastercard”) with the Mastercard partnership diminishing in significance over and post 2024 as Mastercard’s market focus changed.

Effective July 1, 2025, the Company's agreement with the S&P 500 bank was extended to May 31, 2031, subject to either party having the right to terminate for cause and a right for the customer to cancel for convenience on giving 6 months' notice.

Under the terms of the extension, the Company receives a guaranteed minimum income stream for services, together with hosting and other fees and reimbursement of expenses incurred, which are subject to agreed markups of 10% or 20%. Minimum billing for services in the 1st year of the renewal is set at $154,000 per month with annual CPI-related increases. Under the arrangement, total minimum monthly billings will exceed $215,000 per month, subject also to CPI-related increases. The difference between both figures is the inclusion of third-party vendor fees billed to the customer. Based on the strength of the relationship and current and anticipated service needs, the Company anticipates actual billings exceeding contractual minimums.

In March 2019, the Company entered into a technology services agreement with Mastercard International (the "TSA”). Under the TSA, IT2 technology was being implemented by Mastercard for Humanitarian & Development purposes as an element of its Community Pass and Inclusive Identity offerings in developing economies. Based on a changing market focus by Mastercard, effective December 31, 2024, the limited exclusivity for development-related purposes granted to Mastercard expired and the software schedule and associated services terminated on February 6, 2026. The expiry permitted the Company to commence working directly with governments in developing countries and also engage with international NGO that had previously worked with Mastercard.

In 2022, the Company expanded its key customer base to include an investment from and a relationship with FIS, a relationship-focused upon the implementation of our Orchestration Layer in FIS’ Global KYC product offering.

The Orchestration Layer is a low-code platform that is designed to be a one-stop shop for Trust Stamp services and provides easy integration to our products; chargeable on a per-use basis. The Orchestration Layer utilizes the Company’s next-generation identity package, offering rapid deployment across devices and platforms, with custom workflows that seamlessly orchestrate trust across the identity lifecycle for a consistent user experience in processes for onboarding and KYC/AML, multi-factor authentication, account recovery, fraud prevention, compliance, and more. The Orchestration Layer facilitates no-code and low-code implementations of the Company’s technology making adoption and updating faster and cost-effective for a broader range of potential customers.

As of December 31, 2025, 97 financial institutions, representing over $350 billion in aggregate assets, had been onboarded through FIS. As of the same date, 110 customers (including both FIS and non-FIS customers) had been onboarded to the Orchestration Layer, including those that have fully implemented the platform and those currently undergoing implementation.

The first (non-FIS) client onboarded to the Orchestration Layer in the third quarter of 2022 has generated $576 thousand of revenue for the Company to date, including $151 thousand during the year ended December 31, 2025.

Overall Orchestration Layer transaction volumes increased by approximately 20% over 2025 with a circa 200% increase in FIS-related transactions, but the rate of implementation and transaction volumes are far lower than we consider satisfactory and the channel structure in place does not provide us with adequate opportunities to work with the individual institutions and accelerate implementation. To address this we have budgeted for additional sales support staff and for participation in industry events where we can directly engage with the enrolled institutions. We will be carefully monitoring and reporting on progress throughout 2026.

On February 20, 2025, the Company executed a Master Technology Service Agreement ("MTSA") (effective January 1, 2025) with QID Technologies LLC (“QID”) to provide technical services as agreed from time to time and documented by statements of work. The MTSA provided for an initial minimum payment of $100,000 per calendar month, with the budgeted payment thereafter not to exceed $300,000 per month without mutual agreement. The MTSA will remain in effect for one year and will be renewed automatically for successive one-year periods, until it is terminated. Either Party may terminate for convenience by giving notice of non-renewal no less than 90 days’ before the expiry of each one-year term. The Company owns a 10% equity interest in QID but is not involved in its management. Reaching the maximum monthly revenue of $300,000 would require QID ramping up its customer-facing activities, a process that is not controlled by the Company. QID is currently a finalist in an RFP for a major project that would utilize our technology, but at this

time, the ramp-up process has taken longer than anticipated, and despite assurances by QID’s majority owner as to their ongoing commitment to the enterprise, there is no certainty as to the speed at which the services will be delivered and consequently the billing levels in a given month.

Regulation

Our business is not currently subject to any licensing requirements in any jurisdiction in which we operate, other than the requirement to hold a business license in the City of Atlanta (with which we are in compliance), and the requirement to hold a trading license in Rwanda (with which we are in compliance). Given the significant focus on the use of biometrics in many countries, we do anticipate additional regulation being introduced in one or more jurisdictions in which we operate, and such requirements could be burdensome and/or expensive or even impose requirements that we are unable to meet.

We are subject to substantial governmental regulation relating to our technology and will continue to be for the lifetime of our Company. By virtue of handling sensitive PII and biometric data, we are subject to numerous statutes related to data privacy, and additional legislation and given the current focus on the collection, storage, and use of biometrics, additional regulation should be anticipated in every jurisdiction in which we operate. Examples of regulations we could be subject to are:

•Health Insurance Portability and Accountability Act (HIPAA)

•Health Information Technology for Economic and Clinical Health Act (HITECH)

•The General Data Protection Regulation 2016/679 (GDPR)

•ePrivacy Directive

•The California Privacy Rights Act (CPRA)

•The California Consumer Privacy Act (CCPA)

•Biometric Information Privacy Act (BIPA)

•Act on the Protection of Personal Information (APPI)

•United Kingdom General Data Protection Regulation (UK GDPR)

•Artificial Intelligence Act (EU AI Act)

•Nigeria Data Protection Act 2023

HIPAA and HITECH

Under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act “HITECH”), the U.S. Department of Health and Human Services (“HHS”) issued regulations that establish uniform standards governing the conduct of certain electronic healthcare transactions and requirements for protecting the privacy and security of protected health information (“PHI”), used or disclosed by covered entities and business associates. Covered entities and business associates are subject to HIPAA and HITECH. Our subcontractors that create, receive, maintain, transmit, or otherwise process PHI on behalf of us are HIPAA “business associates” and must also comply with HIPAA as a business associate.

HIPAA and HITECH include privacy and security rules, breach notification requirements, and electronic transaction standards.

The privacy rules cover the use and disclosure of PHI by covered entities and business associates. The privacy rules generally prohibit the use or disclosure of PHI, except as permitted under certain limited circumstances. The privacy rules also set forth individual patient rights, such as the right to access or amend certain records containing his or her PHI, or to request restrictions on the use or disclosure of his or her PHI.

The security rules require covered entities and business associates to safeguard the confidentiality, integrity, and availability of electronically transmitted or stored PHI by implementing administrative, physical, and technical safeguards. Under HITECH’s Breach Notification Rule, a covered entity must notify individuals, the Secretary of the HHS, and in some circumstances, the media of breaches of unsecured PHI.

In addition, we may be subject to state health information privacy and data breach notification laws, which may govern the collection, use, disclosure, and protection of health-related and other personal information. State laws may be more stringent, broader in scope, or offer greater individual rights with respect to PHI than HIPAA, and state laws may differ from each other, which may complicate compliance efforts.

Entities that are found to be in violation of HIPAA as the result of a failure to secure PHI, a complaint about our privacy practices, or an audit by HHS, may be subject to significant civil and criminal fines and penalties and additional reporting and oversight obligations if such entities are required to enter into a resolution agreement and corrective action plan with HHS to settle allegations of HIPAA non-compliance.

GDPR

The European Union's General Data Protection Regulation ("GDPR") imposes onerous accountability obligations requiring data controllers and processors to maintain a record of their data processing and policies. It requires data controllers to implement more stringent operational requirements for processors and controllers of personal data, including, for example, transparent and expanded disclosure to data subjects (in a concise, intelligible, and easily accessible form) about how their personal information is being used, imposes limitations on retention of information, increases requirements pertaining to health data and pseudonymized (i.e., key-coded) data, introduces mandatory data breach notification requirements, and sets higher standards for data controllers to demonstrate that they have obtained valid consent for certain data processing activities. Fines for non-compliance with the GDPR will be significant—the greater of €20 million or 4% of global turnover. The GDPR provides that European Union member states may introduce further conditions, including limitations, to make their own further laws and regulations limiting the processing of genetic, biometric, or health data.

ePrivacy Directive

The ePrivacy directive sets out the rules relating to the processing of personal data across public communications networks. This directive requires businesses to ensure consent requests are made and that consent is received from the user before the use of cookies is made. Businesses must communicate the privacy rules with accurate and specific information regarding the data contained in the cookie. Information must be communicated before the consent requests are made, in plain language. Organizations must ensure that users are able to withdraw consent in the same simple manner as the initial consent request.

CPRA and CCPA

The California Privacy Rights Act ("CPRA") and the California Consumer Privacy Act ("CCPA") define and establish various rights that consumers residing in California have over the privacy of their data along with the responsibilities of businesses when collecting personal information. It requires businesses that control the collection of consumers’ personal information to inform them of the category, purpose, and duration the business intends to retain such information. It lists the consumers’ right to correct their data and have their data deleted. Customers may also exercise their right to limit the sale or sharing of their personal or sensitive personal information. Fines for non-compliance can range from $100 to $750 per consumer per incident. Additionally, in certain cases, the California Privacy Protection Agency may impose administrative fines ranging from $2,500 to $7,500 for each violation.

BIPA

The Biometric Information Privacy Act ("BIPA"), which was enacted in 2008, addresses the collection, use, and retention of biometric information by private entities. Under the law, a private entity must inform an individual, or their legally authorized individual, that the biometric information is being collected and stored, and the specific purpose and the length of time for the collection, storage, and use of the biometric information, before obtaining or possessing their biometric information for the purposes of capturing, storing or sharing it. In addition, prior to collecting any biometric information, the regulation required businesses to obtain a written release for the collection of the biometric information from the individual, or the individual’s legally authorized representative after notice has been given. BIPA provides statutory damages of up to $1,000 for each negligent violation, and up to $5,000 for each intentional or reckless violation.

APPI

The Act on the Protection of Personal Information (APPI) is Japan’s primary data protection law, first enacted in 2003 and significantly amended in 2016 and 2020 to align with global standards like the EU’s GDPR. It applies to businesses handling personal data, regardless of nationality or residency. The APPI defines personal data as any information that can identify an individual and classifies sensitive data to include details such as race, medical history, and criminal records. While consent is generally required for data collection, other legal bases exist, such as contractual necessity or compliance with legal obligations. Individuals are granted rights to access, correct, delete, and cease the use of their personal data. The Personal Information Protection Commission (PPC) enforces compliance, though penalties under the APPI are lower than those under GDPR, with a maximum fine of JPY 1 million.

UK GDPR

The United Kingdom General Data Protection Regulation (UK GDPR) applies to all organizations processing personal data of UK residents, regardless of where the organization is based. It defines personal data as any information that can identify an individual and includes special categories of sensitive data, such as health, race, and biometric data. Businesses must have a legal basis for processing data, such as consent, contractual necessity, or legal obligation. Individuals have rights over their data, including access, correction, deletion (right to be forgotten), and data portability. The Information Commissioner's Office (ICO) oversees compliance and can impose severe fines for breaches, reaching up to £17.5 million or 4% of global turnover. The UK also has additional rules for law enforcement and national security-related data processing.

EU AI Act

The EU AI Act establishes a unified regulatory framework for the deployment and use of AI across member states of the EU, including standardized rules for bringing AI systems to market. It adopts a risk-based approach, classifying AI systems by their potential impact and imposing corresponding obligations, including bans on harmful uses, strict requirements for high-risk systems, and transparency obligations for potentially misleading applications.

The EU AI Act is designed to be adaptable to future AI developments and places a strong emphasis on ethical considerations. It also distinguishes between single-purpose AI systems and general-purpose AI models, recognizing that the latter may pose broader systemic risks. As a result, general-purpose AI is subject to additional rules on market entry, governance, and oversight to ensure accountability and maintain public trust.

Nigeria Data Protection Act of 2023

The Nigeria Data Protection Act of 2023 has been enacted to safeguard the fundamental rights and freedoms, and the interests of data subjects, as guaranteed under the Constitution of the Federal Republic of Nigeria. Among other things, the objectives of this act include: the protection of personal information; establishment the Nigeria Data Protection Commission for the regulation of the processing of personal information; promotion of data processing practices that safeguard the security of personal data and privacy of data subjects; protection of data subjects' rights, and provision of means of recourse and remedies, in the event of the breach of the data subjects' rights; and strengthening the legal foundations of the national digital economy and guarantee the participation of Nigeria in the regional and global economies.

Intellectual Property

Patents

A summary of the Company’s issued patents and pending patent applications on March 31, 2026 is provided in the table below.

Patent No.Filing/

Issue DateTitlePriority InformationStatus

306057-40108324863768.8

EP03/05/2026

N/A

MULTI-FACTOR AUTHENTICATION USING TAMPER-RESISTANT BAND AND BIOMETRIC DATANational Stage of PCT/US2024/045801PENDING

Patent No.Filing/

Issue DateTitlePriority InformationStatus

306057-40108263/977,538

N/A02/06/2026

N/AIRREVERSIBLE BIOMETRIC TOKENIZATION FOR PRIVACY-PRESERVING IDENTIFICATION SYSTEMS AND METHODS-PENDING

Non-Provisional Conversion Deadline: 02/06/2027

306057-40103818/828,671

N/A09/09/2024

N/AMULTI-FACTOR AUTHENTICATION USING TAMPER-RESISTANT BAND AND BIOMETRIC DATAContinuation of PCT/US2024/045801;

63/581,409PENDING

Issue Fee Payment Due:

06/18/2026

306057-40102817/849,196

N/A

06/24/2022

N/A

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA16/855,606PENDING

Response to Non-Final Office Action due:

04/08/2026

(extendible through 07/08/2026)

306057-40103218/164,090

N/A

02/03/2023

N/A

METAPRESENCE SYSTEMS AND PROCESSES FOR USING SAME63/327,821PENDING

Response to Non-Final Office Action filed:

01/15/2026

306057-40106018/831,645

N/A

06/23/2025

N/A

SYSTEMS AND METHODS FOR DETECTING INJECTION ATTACKS IN REMOTE IDENTITY PROOFING63/662,575PENDING

Response to Notice to File Corrected Application Papers filed:

10/28/2025

306057-40107719/434,528

N/A

12/29/2025

N/A

SYSTEMS AND PROCESSES FOR MULTIFACTOR AUTHENTICATION AND IDENTIFICATIONDivisional of 18/145,470PENDING

Awaiting Examination

306057-40106119/268,664

N/A

07/14/2025

N/A

SYSTEMS, METHODS, AND PROTOCOLS FOR ZERO KNOWLEDGE PROOF USER AUTHENTICATION63/670,476PENDING

Awaiting Examination

306057-40105619/195,751

N/A

05/01/2025

N/A

INTEROPERABLE BIOMETRIC REPRESENTATIONContinuation of 17/725,978PENDING

Awaiting Examination

306057-40104118/987,822

N/A

12/19/2024

N/A

SYSTEMS AND PROCESSES FOR DIGITAL IDENTITY AUTHENTICATION VIA LOSSLESS FUZZY EXTRACTORS63/611,799;

63/562,521

PENDING

Awaiting Examination

306057-40103918/808,852

N/A

08/19/2024

N/A

SEMI-SUPERVISED OR UNSUPERVISED SYSTEMS AND METHODS FOR BIOMETRIC PERSON RECOGNITION63/520,388PENDING

Awaiting Examination

Patent No.Filing/

Issue DateTitlePriority InformationStatus

306057-40100516/406,978

11,496,315

05/08/2019

11/08/2022

SYSTEMS AND METHODS FOR ENHANCED HASH TRANSFORMS62/668,610ISSUED

1st Maintenance Fee due:

05/08/2026

306057-40102917/966,355

11,681,787

10/14/2022

06/20/2023

OWNERSHIP VALIDATION FOR CRYPTOGRAPHIC ASSET CONTRACTS USING IRREVERSIBLY TRANSFORMED IDENTITY TOKENS63/256,347ISSUED

1st Maintenance Fee due:

12/21/2026

306057-40101517/109,693

11,711,216

12/02/2020

07/25/2023

SYSTEMS AND METHODS FOR PRIVACY-SECURED BIOMETRIC IDENTIFICATION AND VERIFICATION62/942,311ISSUED

1st Maintenance Fee due:

01/25/2027

306057-40102017/401,508

11,729,158

08/13/2021

08/15/2023

SYSTEMS AND METHODS FOR IDENTITY VERIFICATION VIA THIRD PARTY ACCOUNTS62/486,210ISSUED

1st Maintenance Fee due:

02/15/2027

306057-40102717/702,366

11,741,263

03/23/2022

08/29/2023

SYSTEMS AND PROCESSES FOR LOSSY BIOMETRIC REPRESENTATIONS16/841,269ISSUED

1st Maintenance Fee due:

02/28/2027

306057-40102617/702,361

11,861,043

03/23/2022

01/02/2024

SYSTEMS AND PROCESSES FOR LOSSY BIOMETRIC REPRESENTATIONS16/841,269ISSUED

1st Maintenance Fee due:

07/02/2027

306057-40102517/702,355

11,886,618

03/23/2022

01/30/2024

SYSTEMS AND PROCESSES FOR LOSSY BIOMETRIC REPRESENTATIONS16/841,269ISSUED

1st Maintenance Fee due:

07/30/2027

306057-40103017/956,190

11,936,790

09/29/2022

03/19/2024

SYSTEMS AND METHODS FOR ENHANCED HASH TRANSFORMSContinuation of 16/406,978ISSUED

1st Maintenance Fee due:

09/19/2027

306057-40101717/324,544

11,967,173

05/19/2021

04/23/2024

FACE COVER-COMPATIBLE BIOMETRICS AND PROCESSES FOR GENERATING AND USING SAME63/027,072ISSUED

1st Maintenance Fee due:

10/23/2027

306057-40100215/782,940

10,635,894

10/13/2017

04/28/2020

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA62/407,717;

62/407,852;

62/407,693

ISSUED

2nd Maintenance Fee due:

10/28/2027

306057-40101917/401,504

11,972,637

08/13/2021

04/30/2024

SYSTEMS AND METHODS FOR LIVENESS-VERIFIED, BIOMETRIC-BASED ENCRYPTION62/667,133ISSUED

1st Maintenance Fee due:

10/30/2027

Patent No.Filing/

Issue DateTitlePriority InformationStatus

306057-40102217/719,975

12,079,371

04/13/2022

09/03/2024

PERSONALLY IDENTIFIABLE INFORMATION ENCODER63/174,405ISSUED

1st Maintenance Fee due:

03/03/2028

306057-40100315/342,994

10,924,473

11/03/2016

02/16/2021

TRUST STAMP62/253,538ISSUED

2nd Maintenance Fee due:

08/16/2028

306057-40102317/725,978

12,315,294

04/21/2022

05/27/2025

INTEROPERABLE BIOMETRIC REPRESENTATION63/177,494ISSUED

1st Maintenance Fee due:

11/27/2028

306057-40103118/063,372

12,353,530

12/08/2022

07/08/2025

SHAPE OVERLAY FOR PROOF OF LIVENESS63/287,276ISSUED

1st Maintenance Fee due:

01/08/2029

306057-40100415/955,270

11,095,631

04/17/2018

08/17/2021

SYSTEMS AND METHODS FOR IDENTITY VERIFICATION VIA THIRD PARTY ACCOUNTS62/486,210ISSUED

2nd Maintenance Fee due:

02/17/2029

306057-40100716/403,106

11,093,771

05/03/2019

08/17/2021

SYSTEMS AND METHODS FOR LIVENESS-VERIFIED, BIOMETRIC-BASED ENCRYPTION62/667,133ISSUED

2nd Maintenance Fee due:

02/17/2029

306057-40102118/145,470

12,513,160

12/22/2022

12/30/2025

SYSTEMS AND PROCESSES FOR MULTIFACTOR AUTHENTICATION AND IDENTIFICATIONContinuation-in-Part of 17/230,684ISSUED

1st Maintenance Fee due:

07/02/2029

306057-40101016/855,580

11,244,152

04/22/2020

02/08/2022

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA15/782,940ISSUED

2nd Maintenance Fee due:

08/08/2029

306057-40100916/855,576

11,263,439

04/22/2020

03/01/2022

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA15/782,940ISSUED

2nd Maintenance Fee due:

09/01/2029

306057-40101116/855,588

11,263,440

04/22/2020

03/01/2022

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA15/782,940ISSUED

2nd Maintenance Fee due:

09/01/2029

306057-40101216/855,594

11,263,441

04/22/2020

03/01/2022

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA15/782,940ISSUED

2nd Maintenance Fee due:

09/01/2029

Patent No.Filing/

Issue DateTitlePriority InformationStatus

306057-40101316/855,598

11,263,442

04/22/2020

03/01/2022

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA15/782,940ISSUED

2nd Maintenance Fee due:

09/01/2029

306057-40100616/403,093

11,288,530

05/03/2019

03/29/2022

SYSTEMS AND METHODS FOR LIVENESS-VERIFIED IDENTITY AUTHENTICATION62/667,130ISSUED

2nd Maintenance Fee due:

09/29/2029

306057-40100816/841,269

11,301,586

04/06/2020

04/12/2022

SYSTEMS AND PROCESSES FOR LOSSY BIOMETRIC REPRESENTATIONS62/829,825ISSUED

2nd Maintenance Fee due:

10/12/2029

306057-40101416/855,606

11,373,449

04/22/2020

06/28/2022

SYSTEMS AND METHODS FOR PASSIVE-SUBJECT LIVENESS VERIFICATION IN DIGITAL MEDIA15/782,940ISSUED

2nd Maintenance Fee due:

12/28/2029

Trademarks

The following is a summary of Trust Stamp’s issued and pending Trademarks as of March 31, 2026.

Serial / Registration NumberFiling DateTrademarkCountryStatus

99/630,2982/3/2026WOWUSPENDING

99/098,9393/23/2025STABLE KEYUSPENDING

Response to Office Action Due: 06/12/2026

99/052,989

N/A

2/24/2025STABLE BIOMETRICSUSPENDING

Statement of use due: 08/24/2026

97/613,025

N/A

09/29/2022

N/A

ALTERNATIVES TO DETENTION
US
PENDING

Statement of Use due:

04/17/2026

97/892,087

N/A

04/17/2023

N/A

TRUSTED CHAT

US
PENDING

Statement of Use due:

04/17/2026

97/894,011

N/A

04/18/2023

N/A

US
PENDING

Statement of Use due:

04/17/2026

88/256,534

6,103,86001/10/2019

09/26/2019

IDENTITY LAKEUSREGISTERED

Section 8&15 Renewal due:

07/14/2026

88/708,795

6,252,64511/27/2019

01/19/2021MYHASHUS
REGISTERED

Section 8&15 Renewal Due:

01/19/2027

88/709,274

6,252,64911/27/2019

01/19/2021TRUSTED PRESENCEUS
REGISTERED

Section 8&15 Renewal Due:

01/19/2027

90/041,950

6,494,61007/08/2020

09/21/2021TRUSTED PAYMENTSUS
REGISTERED

Section 8 & 15 Renewal Due:

09/21/2027

87/411,586

5,329,048

04/14/2017

11/07/2017

TRUST STAMPUSREGISTERED

Section 8&15 Renewal due:

11/07/2027

88/674,108

6,775,329 10/30/2019

06/28/2022TRUSTCARDUS
REGISTERED

Section 8 & 15 Renewal Due:

06/28/2028

97/101,273

6,965,728

10/31/2021

01/24/2023

METAPRESENCEUSREGISTERED

Section 8&15 Renewal due:

01/24/2029

97/276,205

7,503,036

02/21/2022

09/10/2024

PRIVTECH CERTIFIEDUSREGISTERED

Section 8&15 Renewal due:

09/10/2030

98/379,747

7,608,235

01/29/2024

12/17/2024

THE PRIVACY-FIRST IDENTITY COMPANYUSREGISTERED

Section 8&15 Renewal due:

12/17/2030

87/852,642

5,932,877

03/27/2018

12/10/2019

TRUSTED MAILUSREGISTERED

Instructions to Abandon received 12/06/2025

The Company added 3 patents during the year ended December 31, 2025 increasing our total patents issued to 26 as of December 31, 2025. Patents issued during the year ended December 31, 2025 include:

•On May 27, 2025, the Company received Notice of Issuance for a patent that is a continuation of “Interoperable Biometric Representation.” This patent covers systems and methods for securely authenticating users by combining multiple authentication factors, including biometric and cryptographic techniques, to verify identity and enable secure access to digital services. The invention is designed to enhance the protection of sensitive authentication data while improving the reliability of identity verification.

•On July 8, 2025, the Company received Notice of Issuance for a patent that is a continuation of “Shape Overlay For Proof of Liveness.” This patent relates to systems and methods for generating and managing secure digital identity credentials using biometric and cryptographic techniques to authenticate individuals across digital platforms. The technology is designed to enable reliable identity verification while protecting sensitive personal data from unauthorized access or misuse.

•On December 30, 2025, the Company received Notice of Issuance for a patent entitled “Systems and Processes For Multifactor Authentication and Identification.” This patent relates to systems and methods for generating and managing privacy-preserving biometric identity tokens that enable individuals to be authenticated without exposing or storing the underlying biometric data. The technology is designed to support secure identity verification across digital systems while reducing the risk of misuse or compromise of sensitive personal information.

Subsidiaries and Affiliates

Given the geographic diversity of our team and to facilitate cost-effective administration, Trust Stamp conducts various aspects of its operations through subsidiaries. All subsidiaries share resources across the entire Trust Stamp organization. The officers and directors of Trust Stamp have influence over the operations of all subsidiaries and employees across jurisdictions. Only one of our subsidiaries, Biometric Innovations Limited, has its own management team.

T Stamp Inc. Corporate Structure Chart as of March 30, 2026

Operational Subsidiaries

Biometric Innovations Limited. (formerly “Trust Stamp Fintech Limited”). Biometric Innovations Limited is our Company’s United Kingdom ("UK") operating subsidiary. It was established to act as the contracting entity for development contractors in the UK, and it has its own board and management team. The purpose of this entity was to establish beachhead operations in the country to service a contract entered by the Company with the National Association of Realtors and Property Mark. This entity serves as a sales and marketing function for the product “NAEA” which was developed for the contract between the listed parties. On June 11, 2020, the Company entered into a stock exchange transaction with Biometric Innovations Limited, becoming a 100% owner of the entity. The stock exchange transaction was not pursuant to any formal written agreement.

Trust Stamp Malta Limited. Trust Stamp Malta Limited is a wholly owned subsidiary of T Stamp Inc. It operates an R&D campus in the Republic of Malta, for which it has entered into a lease with a local commercial landlord in Malta, Vassallo Group Realty Ltd. The goal of Trust Stamp Malta Limited is to advance our biometric authentication technology. As part of the creation of this entity, we entered into an agreement with the government of Republic of Malta for a repayable advance of up to €800,000 to cover 75% of the first 24 months of payroll costs for any employee who begins 36 months from the execution of the agreement on July 8, 2020.

Trust Stamp Rwanda Limited. Trust Stamp Malta Limited established Trust Stamp Rwanda Limited and in April 2021 opened an office in Kigali, Rwanda. It operates as an R&D campus together with a back-office facility for the purpose of the Company's expansion into Africa.

Trust Stamp Denmark ApS. Trust Stamp established Trust Stamp Denmark ApS on June 6, 2021 as a wholly owned subsidiary in Copenhagen, Denmark. Trust Stamp Denmark ApS focuses on developing and marketing GDPR compliant products in the European Union from a strategic Danish base that can passport authorized products throughout the European Union. In furtherance of that goal, Trust Stamp Denmark ApS has obtained D-Seal Certification.

Quantum Foundation. Trust Stamp Malta Limited established Quantum Foundation on October 13, 2022 as a wholly-owned subsidiary in the Republic of Malta. The purpose of the entity is to support the development of early-stage leading edge technology companies in the Republic of Malta.

Lexverify Ltd. Trust Stamp completed the acquisition of 100% of the issued and outstanding share capital of Lexverify Ltd., a private limited company incorporated in England and Wales, on February 27, 2026. Lexverify participated in the UK

National Cyber Security Center accelerator that is designed to identify and support technologies with significant potential to strengthen national and international cybersecurity resilience. Trust Stamp believes this acquisition provides new expertise in the training and use of large language models as well as providing an additional access point to the UK market for the Company.

Cyberfish CyberPsychology Solutions Ltd. Trust Stamp Malta limited acquired 50% of CyberFish CyberPsychology Solutions Ltd, a private company incorporated in England and Wales, on March 9, 2026. Along with Trust Stamp and Lexverify, Cyberfish participated in the UK National Cyber Security Center accelerator. Trust Stamp director, Berta Pappenheim, will continue to serve as CEO of Cyberfish.

Non-Operational Subsidiaries

Stable Key, LLC. Trust Stamp established Stable Key, LLC as a North Carolina entity as of May 15, 2025, as a wholly owned subsidiary in Durham, North Carolina. Stable Key focuses on blockchain technology and cryptocurrency wallets as well as decentralized identity technology that are compliant with GENIUS Act and US and North Carolina banking regulations. In furtherance of that goal, Trust Stamp applied to the North Carolina Innovation Council to sandbox decentralized KYC, but was provided authorization to build this type of technology without a sandbox requirement. As of the date of this report, this entity has no operations.

Trust Stamp Nigeria Limited. Trust Stamp Malta Limited established Trust Stamp Nigeria Limited on January 31, 2024 as a wholly-owned subsidiary in Lagos, Nigeria. The establishment of the entity is aimed at exploring business opportunities and conducting operations in Nigeria. As of the date of this report, this entity has no operations.

Tstamp Incentive Holdings. On April 9, 2019, management created a new entity, Tstamp Incentive Holdings (“TSIH”) to which the Company issued 21,368 shares of Class A Common Stock that the Board of Directors of TSIH could use for employee stock awards in the future. The purpose of the entity was to provide an analogous structure to a traditional stock incentive plan. As of December 31, 2025 and the date of this report, no shares of Class A Common Stock are held by TSIH as all shares have been issued pursuant to employee Restricted Stock Units. The Company has completed the process of administratively dissolving TSIH with the dissolution effective as of February 13, 2025.

Trusted Mail Inc. The Company established Trusted Mail Inc. for development of an encrypted e-mail product (Trusted Mail ®) using the Company’s facial recognition technology. Trusted Mail technology is held by Trusted Mail, Inc., which is a majority-owned subsidiary of Trust Stamp Inc.. The remainder of Trust Mail Inc. is owned by FSH Capital, LLC and Second Century Ventures, which are related parties of the Company. As of the date of this report, this entity has no operations, and is essentially dormant.

Cheltenham AI LTD. The Company established Chelthenham AI LTD on July 29, 2019 as a UK private limited company to provide AI services in the UK. As of the date of this report, this entity has no operations and is essentially dormant.

Finnovation LLC. The Company established Finnovation LLC to provide an innovative FinTech, Blockchain and Digital Identity innovation incubator. As of the date of this report, this entity has no operations and is essentially dormant.

TSI GovTech Corporation. Trust Stamp established TSI GovTech Corporation to contract for data management and server operations in Canada. As of the date of this report, this entity has no operations and is essentially dormant.

Global Server Management Inc. The Company established Global Server Management Inc. to contract for data management and server operations in Canada. As of the date of this report, this entity has no operations and is essentially dormant.

Available Information

Our website is www.truststamp.ai. As soon as reasonably practicable after such material is electronically filed or furnished to the Securities and Exchange Commission ("SEC"), our annual reports, quarterly reports, and current reports on form 8-K and all amendments to those reports are available on this website, free of charge.

Alternatively, you may access these reports at the SEC’s website at www.sec.gov.