CONFIDENTIAL Collaboration Agreement

COLLABORATION AGREEMENT
June 20^th 2018

between

ORGANISATION INTERNATIONALE POUR LA SECURITE DES TRANSACTIONS ELECTRONIQUES OISTE, World Trade Center, Route de Pre-Bois 29, 1217 Meyrin, Switzerland

(OISTE)

and

WISeKey SA, World Trade Center, Route de Pre-Bois 29, 1217 Meyrin, Switzerland

(WISeKey)

(OISTE and WISeKey, the Parties)

1  | 16

CONFIDENTIAL Collaboration Agreement

TABLE OF CONTENTS

1.	Scope	4
2.	Independent Contractors	5
3.	Wisekey Services	5
4.	Wisekey Operator Duties	6
5.	New Developments	7
6.	Websites, Trademarks	7
7.	License to Commercialise and Financial Terms	8
8.	Compliance	8
9.	Records, Reporting and Inspection	10
10.	Indemnification	10
11.	Term and Termination	11
12.	Confidentiality	12
13.	Miscellaneous	13
14.	Governing Law and Arbitration	14

2  | 16

CONFIDENTIAL Collaboration Agreement

PREAMBLE

A. OISTE is a foundation created under the laws of Switzerland. Its objectives are:

− the promotion of international information security in electronic communications and the development and implementation of related technologies, including the establishment of a global public key infrastructure (PKI) as a basis of worldwide secure electronic communications;

− the establishment of a secure internet in disadvantaged areas, such as developing countries;

− the coordination of the establishment of a global information infrastructure among international organizations, government and private sector organizations involving information infrastructure development and applications;

− establishing and maintaining rules and regulations relating to the OISTE information security initiatives, including Public Key Infrastructure as well as the approval of providers such as WISeKey;

− establishing the operational rules for the inclusion of schemas under the OISTE umbrella; these typically focus upon aspects such as certification policies and practices, risk and liability, key security and audit requirements; and

− making operational decisions on managing a centralized Root Key from Switzerland and providing related services (certification, revocation, publishing, key replacement, etc.)

(the OISTE Objectives)

B. WISeKey provides high security products and services related to digital identification and communication security for persons, objects and applications. In particular, WISeKey:

− Develops software products used to build PKI solutions and efficiently issue and manage digital certificates,

− Designs and produces hardware products to identify and protect objects connected to the "Internet of Things" (loT),

− Has a team of highly skilled professionals, specialized in PKI, loT and electronic signatures; capable of delivering projects and services to end customers, and

− Owns and/or operates a number of secure facilities from which is able to provide Trust Services according to the highest security standards.

3  | 16

CONFIDENTIAL Collaboration Agreement

C. The Parties entered into an agreement in 2001 (the 2001 Agreement) to regulate the collaboration framework between both entities, and in particular the role of WISeKey as operator of the so-called "OISTE Trust Model" (the OISTE Trust Model). The Parties acknowledge that certain aspects of the 2001 Agreement require reformulation, while respecting its contents and spirit, to accommodate the new compliance and technology frameworks. The Parties thus wish to enter into this new cooperation agreement (the Agreement) which will fully replace the 2001 Agreement, without implying any kind of rupture or lack of continuity or breach of the terms thereof.

1. SCOPE

1.1 General Scope. WISeKey shall be the preferred service provider of OISTE for the fulfilment of the OISTE Objectives. In exchange of such services, WISeKey shall benefit from the right to commercially exploit the Root Cryptographic Key Pairs and the associated Root Certification Authorities held by OISTE, subject to the terms and conditions set forth in this Agreement. For the purposes of this Agreement:

a) Cryptographic Key Pair means a pair of mathematically related keys, known as "public key" and "private key". Public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, where the public key verifies that a holder of the paired private key sent the message, and encryption, where only the paired private key holder can decrypt the message encrypted with the public key.

b) Root Certification Authority means OISTE as the source Certification Authority being a self-signed Certification Authority that signs Issuing Subordinate CA Certificates.

c) Root Certification Authority Certificate means the self-signed Digital Certificate issued to the OISTE Root Certification Authority, signed with the private key of the Root Cryptographic Key Pair generated for that Root Certification Authority in particular.

d) Root Cryptographic Key Pair is a key pair generated specifically to be used by a Certification Authority.

e) Subordinate Issuing CA means a Certification Authority whose Certificate is signed by the Root CA, or another Intermediate Subordinate CA.

1.2 Appointment as Operator. OISTE hereby appoints WISeKey, as the operator in charge of the material pursuit and fulfilment of the OISTE Objectives, and WISeKey accepts, it being specified that compliance with the terms and conditions of this Agreement shall be deemed sufficient to meet the OISTE Objectives unless stated otherwise. The appointment of WISeKey as operator as provided for herein shall be exclusive for the duration of this Agreement.

4  | 16

CONFIDENTIAL Collaboration Agreement

1.3 Non-exclusivity. This Agreement shall not restrict WISeKey from independently developing parallel PKIs that are unrelated to OISTE objectives (Non-OISTE PKIs). Non-OISTE PKIs shall not be subject to supervision or control by OISTE and shall remain free from any OISTE involvement. Non-OISTE PKIs shall not be associated with OISTE in any way, and WISeKey shall refrain from any usage of OISTE marks that would give the impression that Non-OISTE PKIs are supervised or controlled by OIST in any way. PKIs built on Root Cryptographic Key Pairs that are not created for OISTE and are not Webtrusted shall be considered as Non-OISTE PKIs.

2. INDEPENDENT CONTRACTORS

2.1 Principle. This Agreement shall not constitute a partnership within the meaning of articles 530 et seq. of the Swiss Code of Obligations. WISeKey shall at all times be and remain an independent contractor. Accordingly, WISeKey shall be solely responsible for, e.g.:

a) payment of any taxes to which the WISeKey may be subject as independent contractor in respect of the income profits realized by virtue of this Agreement;

b) payment of any social security contribution, pension fund contributions or any other insurance premiums, to which the WISeKey's employees and contractors may be subject; and

c) taking out of any reasonable insurance cover for accident of its employees and contractors and generally for its operations, including E&O insurance.

2.2 Indemnification. WISeKey shall be solely liable for, and shall defend, hold harmless, and indemnify OISTE, and its successors and assigns, from and against any claim or liability of any kind (including penalties, fees or charges) resulting from WISeKey's failure to pay the taxes, social security contributions or insurances indicated above.

3. WISEKEY SERVICES

3.1 Global PKI. WISeKey shall design a public key infrastructure for global deployment (the Global PKI), the root certification authorities of which shall be created and owned by OISTE (collectively referred as the "GLOBAL ROOT CERTIFICATION AUTHORITY", or OGRCA). WISeKey shall use commercially reasonable endeavours to deploy the Global PKI worldwide in accordance with the OISTE Objectives.

5  | 16

CONFIDENTIAL Collaboration Agreement

3.2 Root Cryptographic Key Pairs and Root Certification Authorities. Under mandate issued by OISTE, WISeKey shall create the Root Cryptographic Key Pair(s) and OGRCA certificates and immediately transfer their ownership to OISTE, at no cost.

3.3 Information Security and Storage. All information belonging to OISTE, including in particular all Root Cryptographic Key Pairs, OGRCA certificates and other information (collectively the OISTE Assets), shall be stored on a hardware security module (the HSM) and servers, owned and hosted by WISeKey in a secure data center and managed by WISeKey in accordance with the OISTE Objectives and in line with internationally recognized PKI and information security standards.

3.4 Standards. WISeKey shall undertake all tasks and provide all services in line with internationally recognized standards, including in particular internationally recognized PKI and information security standards such as Webtrust, ISO/IEC 27001 or ISAE 3402.

4. WISEKEY OPERATOR DUTIES

4.1 Global Root Certification Authorities. WISeKey shall act as the private operator of the OGRCA. Operation of the OGRCA shall be undertaken from WISeKey's secure facilities in Switzerland.

4.2 Trust Management. WISeKey shall establish, operate and maintain a trust management infrastructure (the Trust Management Infrastructure) addressed to the communities of users and stakeholders participating in the OISTE Trust Model (the Trust Communities) as part of the general trust management framework designed by WISeKey and established by OISTE (the Trust Management Framework). WISeKey's undertakings shall be carried out in compliance with widely accepted security standards. WISeKey shall use commercially WISeKey shall use commercially reasonable endeavours to ensure compliance with such standards also by the Trust Communities and with its own clients, it being specified that it shall assume no liability for a failure by any such third parties to comply.

4.3 Trust Communities. Membership of the Trust Management Framework shall be open to clients of WISeKey, subject to prior approval by OISTE, which approval may be withheld or withdrawn at the sole discretion of OISTE.

4.4 Policies. The Trust Management Infrastructure shall at all times be managed in conformity with the policies established by the policy approval authority (the PAA). A list of policies in force at the date of this Agreement is provided as Exhibit A. The PAA shall be tasked with edicting policies in conformity with the OISTE Objectives. Membership of the PAA shall be determined by OISTE at its discretion, subject only to WISeKey benefiting from at least one seat at all times throughout the duration of this Agreement. OISTE shall undertake a continuous review of policies in order to ensure their continual relevance and sufficiency, and in order to ensure that the OISTE Trust Model is at all times managed in compliance with the OISTE Objectives.

6  | 16

CONFIDENTIAL Collaboration Agreement

4.5 Resources. WISeKey shall provide all material assets (hardware, software, premises, consumables, etc.) and all human resources required to operate the Trust Model at its own cost and expense.

4.6 Outsourcing. WISeKey shall be entitled to outsource or subcontract the performance of its obligations set forth herein with the prior written consent of OISTE (which shall not unreasonably be withheld or delayed). In case of such outsourcing or subcontracting, WISeKey shall remain directly and primarily responsible for the proper performance of all such obligations, in conformity with the terms of this Agreement and independently of any fault of WISeKey.

5. NEW DEVELOPMENTS

5.1 Collaboration. The Parties shall collaborate for the design, development and operation of information security products and services for the purposes of pursuing the OISTE Objectives. In doing so, the Parties agree to focus their initial efforts on the use and deployment of PKI technology in both developed and developing countries to promote the security of electronic communications worldwide.

5.2 Ownership. OISTE shall own all intellectual property rights resulting from the design, implementation, operation and any other activity undertaken in relation to the OISTE Trust Model.

6. WEBSITES, TRADEMARKS

6.1 Websites. WISeKey shall maintain a website describing its certification practices and policies as well as identifying the entities participating in the Global PKI and enable downloading of the OGRCA certificate. WISeKey shall further identify on its website any other PKI roots certificate authorities that it operates in behalf of OISTE by approved third party entities and any associated cross-certification services. OISTE shall maintain a website where WISeKey shall be clearly identified as the operator of the OISTE Trust Model.

6.2 License to use Trademarks. Each Party (the Trademark Owner) hereby grants to the other Party (the Licensee) royalty-free, non-exclusive, non-sub-licensable, non-assignable, non-transferable, license to use its trademarks and service marks (the Marks) for the purposes of fulfilling the objectives of this Agreement and any activities referred to herein. This license right shall extend to the right to use such Marks in any media (including electronic). Under no circumstances shall the Licensee, remove or tamper with the trademarks or service marks (other than scale alterations). The use by the Licensee of such Marks shall in no event negatively impact the image, activities or business of the Trademark Owner. Taking into consideration the purposes of this Agreement, the license to use the Marks may be unilaterally restricted by the Trademark Owner if it reasonably deems usage of its Marks by the Licensee to be inappropriate. All rights in and to the Marks not expressly granted by the Trademark Owner to the Licensee are hereby reserved. The use of the Marks by the Licensee shall not create any ownership interest in the Licensee's favor, and all goodwill arising out of such use shall inure to the benefit of the Trademark Owner. The Licensee shall not use or apply to register any trademarks, service marks, trade names or domain names which are confusingly similar to the Marks or which include any of the Marks. The Licensee may use or display the Marks only (i) in such form, content and manner as may be specifically approved in advance in writing, including via email, by the Trademark Owner, which approval may be granted, withheld or conditioned in Trademark Owner's absolute discretion and (ii) subject to and in accordance with the terms of this Agreement.

7  | 16

CONFIDENTIAL Collaboration Agreement

7. LICENSE TO COMMERCIALISE AND FINANCIAL TERMS

7.1 Commercialisation. WISeKey is hereby granted a non-sublicensable worldwide license to commercially exploit the Root Cryptographic Key Pair(s) by providing certification services in conformity with the OISTE Objectives.

7.2 Fees. In consideration for the granting of the right to commercially exploit the Root Cryptographic Key Pair(s), OISTE shall be entitled to the fees indicated in Exhibit 1 (the Fees), which shall be discussed and, in case of agreement, amended, on a yearly basis.

7.3 Payment. The Fees shall be due and payable as provided for in Exhibit 1.

8. COMPLIANCE

8.1 Anti-Bribery. WISeKey shall perform its duties in strict compliance with all applicable laws, rules and regulations, including anti-bribery and anti-trust laws and regulations, and confirms that it is familiar with the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions adopted by the Organisation for Economic Co-operation and Development (OECD) and further confirms that it will make no payments which may contravene the requirements of said Convention. WISeKey specifically represents and warrants that:

a) it shall not use funds or assets for any unethical purpose and shall further not engage in the practice of purchasing privileges or special benefits by any improper payment or non-financial advantage;

b) it shall not make any payment, nor grant any advantage, directly or indirectly, to any official, civil servant or representative of any government body or agency or any political party for the purpose of influencing any act or decision of that government body or agency or political party;

8  | 16

CONFIDENTIAL Collaboration Agreement

c) it shall fully comply with the laws and regulations applicable to its activities in or any other country or territory in which it operates;

d) it shall pay and discharge all taxes, duties, charges or levies, whether national, regional or local which are due and payable as a result of its activities; and

e) in the event of any doubt, it shall first contact OISTE prior to undertaking any action which may be in conflict with the representations and warranties set forth in this Section 8.1.

8.2 Employees and Contractors. WISeKey shall ensure at all times that all its representatives and contractors also fully comply with this Section 8.

8.3 Sanctions. WISeKey hereby represents and warrants that it does not provide goods or services to individuals or entities that are the object of sanctions imposed by the United Nations, the United States, the European Union, Switzerland, or any other territory in which WISeKey is now active or may in the future exercise its activities. WISeKey hereby represents and warrants that it shall not directly or indirectly deliver any equipment or software to any country that is the object of embargoes or comprehensive sanctions maintained by the United Nations, the United States, the European Union, Switzerland, or any other territory. In particular, WISeKey shall respect, without limitation, all provisions concerning (i) arms embargoes; (ii) prohibitions on the supply of equipment that could be used for human rights abuses; (iii) prohibitions on the sale, supply, transfer, import, transport or export of dual-use goods and technology; (iv) prohibitions on the provision of brokering services and technical and financial assistance related to any goods and technology whose supply is prohibited; (v) prohibitions on the sale, supply, transfer or export of key equipment and technology restricted for certain industries (such as, by way of example, nuclear, oil or gas industries); and (vi) any other restriction, ban or prohibition.

8.4 Data Protection. WISeKey shall under no circumstance use the equipment dedicated to the hosting and operation of the OGRCA to store any personal data, including any data relating to the operation of the OISTE Trust Model (such as data concerning the Trust Communities or any other users of WISeKey services), and more generally shall under no circumstance undertake any action which may lead to OISTE being directly or indirectly considered as a data controller or processor for the purposes of any applicable data protection laws. WISeKey itself shall undertake at all times to treat all data entrusted to it, including but not limited to any data concerning any certificates issued on the basis of the OGRCA, in conformity with any applicable data protection legislation.

8.5 LEA Requests. The Parties acknowledge and agree that they may be required to respond to requests by law enforcement agencies (LEA Requests). The Parties shall keep each other immediately informed of any LEA Request concerning any OISTE Assets, and shall comply with any such LEA Request only if (i) such LEA Request is pursuant to a final court or administrative decision that is not subject to appeal and is enforceable against OISTE and/or WISeKey or (ii) if, in the reasonable opinion of OISTE, compliance is in the best interest of OISTE. All other LEA Requests, i.e. concerning non-OISTE Assets such as information relating to any Trust Communities or information otherwise related to WISeKey's activities, including the commercialization activities resulting from the issuance of certificates on the basis of the OGRCA, shall be treated by WISeKey in compliance with applicable laws.

9  | 16

CONFIDENTIAL Collaboration Agreement

9. RECORDS, REPORTING AND INSPECTION

9.1 General Review Right. OISTE shall have the right to review the certification practices developed and implemented by WISeKey at any time in order to ensure that the OISTE Trust Model is being managed in a way that compliant with its objectives. WISeKey shall provide all information that may reasonably be requested by OISTE for such review.

9.2 Records. WISeKey shall ensure that records of all operations relating to the operation and maintenance by it of the OISTE Trust model, including in particular ap documents relating to the functioning of the Trust Management Infrastructure, the Trust Management Framework and the Trust Communities are kept and maintained up-to-date (with documents such as written instructions, activity reports, meeting reports, notes on telephone conferences), according to the certification practices statement.

9.3 Reporting. WISeKey shall provide OISTE with regular feedback in writing, at the request of OISTE, regarding its technical and commercial activities relating to the subject matter of this Agreement, including a general summary of results, any difficulties encountered, general developments and any progress made towards proper implementation of the OISTE Trust Model and the realisation of the OISTE Objectives.

9.4 Specific Information, Auditing. OISTE shall have a full right to request at any time and immediately obtain from WISeKey all information relating to any duties undertaken by WISeKey pursuant to this Agreement and any activities of WISeKey relating directly or indirectly to the OISTE Objectives. OISTE may delegate at any time representatives to audit the documentary records of WISeKey, insofar as relevant for matters covered under this Agreement. OISTE shall give at least 5 days' prior written notice to WISeKey and OISTE shall co-operate fully with such representatives. Such delegates shall be subject to appropriate confidentiality undertakings. Use of the related office facilities of WISeKey by such representatives shall not be remunerated separately.

10. INDEMNIFICATION

WISeKey shall indemnify and hold OISTE harmless, on first request, for and against any damage suffered by OISTE in relation to the performance of this Agreement, regardless of whether the damage arises before or after the term or termination of this Agreement, and regardless of the nature of cause of the damage, including legal or experts' fees, as well as any other damage incurred directly or indirectly in relation to judicial or administrative proceedings. In case of any such proceedings, WISeKey also agrees to (i) cooperate with OISTE and provide OISTE with all useful information in view of its defense against the authorities or third parties, and (ii) take no action which may potentially be to the detriment of OISTE, its auxiliaries or substitutes. The obligations arising under this Section will survive the contract for as long as necessary for the protection of the legitimate interests of OISTE.

10  | 16

CONFIDENTIAL Collaboration Agreement

11. TERM AND TERMINATION

11.1 Term. The Agreement shall commence on the date indicated on the title page (the Effective Date) and terminate on 31 December 2028 (the Term). The Agreement shall be automatically extended for successive 10 year Terms unless terminated by written notice by either Party at least 2 years prior to the end of the then-current Term.

11.2 Termination for Breach. OISTE may terminate this Agreement with immediate effect by notice in writing if WISeKey is:

a) in breach of its obligations hereunder and has not cured such breach within 10 days from OISTE's notice stating such breach; or

b) guilty of gross misconduct and/or any serious or persistent negligence in the discharge of any of the obligations set forth hereunder, or in material breach of any obligation such that the security or integrity of the Root Cryptographic Key Pair(s) is, in OISTE's reasonable opinion, compromised.

11.3 Termination for Bankruptcy. This Agreement shall terminate automatically and without any need for notice if either Party is ordered or adjudged insolvent or bankrupt or enters into an agreement with its creditors for the settlement of its debts or has a receiver appointed or in any way loses control of its affairs through governmental or court action or otherwise ceases to exist.

11.4 Consequences of Term or Termination. Upon arrival of the Term or termination of this Agreement, WISeKey shall immediately:

a) return to OISTE the HSM, including the Root Cryptographic Key Pair(s), OGRCA certificates and other information;

b) settle any outstanding Fees;

c) cease any commercial exploitation of the Root Cryptographic Key Pair(s); and remove any reference to OISTE from its website.

11  | 16

CONFIDENTIAL Collaboration Agreement

11.5 Survival. Sections 8.4, 8.5, 12, 13 and 14 shall survive the expiration or earlier termination of this Agreement.

12. CONFIDENTIALITY

12.1 Definition. Confidential information shall mean any information, communication or data, in any form including, but not limited to, oral, written, graphic or electromagnetic forms, relating to either Party's clients and providers, to either Party, to their business or affairs, including but not limited to methods, know-how, technology, technical specifications, cryptographic codes, security codes, security procedures and policies, the nature of the business model, as well as software and information ascertainable by inspection or analysis of samples, disclosed by one Party or anyone on such Party's behalf (the Disclosing Party) to the other Party (the Receiving Party), whether before or after the date of this Agreement, but shall exclude any part of such disclosed information or data which:

a) is or becomes common knowledge without a breach of this Agreement by the Receiving Party;

b) the Receiving Party can show that it was in its possession or known to it by being in its use or being recorded in its files or computers or other recording media prior to receipts from the disclosing party and was not previously acquired by th receiving party from the disclosing party under an obligation of confidence;

c) the Receiving Party can show that it has been developed by or for Receiving Party at any time independently of any information disclosed to it by the Disclosing Party;

d) the Disclosing Party gives prior written approval for its disclosure;

e) the Receiving Party obtains or has available from a source other than the Disclosing Party without breach by the Receiving Party or such source of any obligation of confidentiality or non-use towards the Disclosing Party;

f) is hereafter disclosed by the Disclosing Party to a third party without restriction on disclosure or use; or

g) without prejudice to Section 8.5, is disclosed pursuant to the order or requirement of a court, administrative agency, or other governmental body, provided, however, that the Receiving Party shall provide prompt notice thereof to the disclosing party to enable the disclosing party to seek a protective order or otherwise prevent or restrict such disclosure.

12.2 Disclosure. Each Party may disclose and provide to the other Party such Confidential Information as the Disclosing Party deems necessary for the realization of the purpose of this Agreement. Nothing in this Agreement shall be interpreted as establishing any duty to disclose Confidential Information.

12  | 16

CONFIDENTIAL Collaboration Agreement

12.3 Protection. The Receiving Party shall maintain the Confidential Information in confidence and shall exercise in relation thereto no lesser security measures and degree of care than those that it applies to its own Confidential Information and warrants that such measures and care provide adequate protection against unauthorized disclosure, copying or use. The Receiving Party shall ensure that disclosure of such Confidential Information is restricted to those employees, directors, auditors and professional advisers of the Receiving Party or any of its subsidiaries having the need to know the same for the purpose of this Agreement. All Confidential Information, copies thereof, including, but not limited to, that which is stored electronically, shall be returned to the Disclosing Party upon termination of this agreement. The Receiving Party shall delete the information stored on electronic media in a sufficiently secure manner once the corresponding information has been delivered to and received by the Disclosing Party.

12.4 Disclosure of Agreement. Each Party may disclose the existence of this Agreement, but the terms and conditions of this Agreement shall be treated as Confidential Information and shall not be disclosed to any third party except:

a) when it is disclosed to comply with a requirement or demand by a competent court of law or government or regulatory body;

b) when it is disclosed to a third party pursuant to written authorisation from the Disclosing Party;

c) to the legal counsel of both Parties;

d) in confidence to the advisors, auditors, banks, financing sources and accountants;

e) in connection with the enforcement of this agreement or rights under this agreement; or

f) in confidence, in connection with an actual or proposed merger, acquisition, or similar transaction.

Any disclosure allowed under this clause shall require the receiving party to treat the information as confidential under the same or similar terms and conditions as those delineated herein.

13. MISCELLANEOUS

13.1 Amendment. This Agreement may be modified only by a written instrument duly executed by each Party.

13  | 16

CONFIDENTIAL Collaboration Agreement

13.2 Entire Agreement. This Agreement contains all of the terms and conditions agreed upon by the Parties relating to its subject matter and supersedes all prior agreements, negotiations, correspondence, undertakings and communications of the Parties, whether oral or written, with respect to such subject matter, in particular the 2001 Agreement.

13.3 Notices. Notices hereunder shall be given in writing, by fax or by email. Notice shall be deemed received upon delivery to the respective Party to the last communicated or available address, unless indicated otherwise by the respective Party.

13.4 Severability. If any provision of this Agreement is held to be unenforceable for any reason, it shall be adjusted rather than voided, if possible, in order to achieve the intent of the Parties to the fullest extent possible. In any event, all other provisions of this Agreement shall remain valid and enforceable to the fullest extent possible.

13.5 Injunctive Relief. In addition to any other remedy provided herein, the Parties reserve the right to pursue any injunctive relief as well as any legal remedies available to compel the breaching Party to comply with the terms of this Agreement.

13.6 No Waiver. The failure of any of the Parties to enforce any of the provisions of this Agreement or any rights with respect thereto shall in no way be considered as a waiver of such provisions or rights or in any way affect the validity of this Agreement. The waiver of any breach of this Agreement by any Party shall not be construed as a waiver of any other prior or subsequent breach.

13.7 No Assignments. No Party shall be permitted to assign this Agreement or any rights created hereunder without the prior written consent of the other Party.

13.8 No Third-Party Beneficiaries. This Agreement shall be binding and inure solely to the benefit of the Parties (and their respective lawful successors and assigns). Nothing in this Agreement is intended to or shall confer upon any third party any rights, benefits or remedies of any nature whatsoever under or by reason of this Agreement.

13.9 Force Majeure. Neither Party shall be deemed in default of this Agreement to the extent that performance of its obligations or attempts to cure any breach are delayed or prevented by reason of any act of God, fire, natural disaster, strikes or other circumstances outside the reasonable control of each party. Each Party shall give the other Party written notice promptly upon discovery thereof and shall use its best efforts to cure the breach or delay.

14. GOVERNING LAW AND ARBITRATION

14.1 Governing Law. This Agreement shall be governed by and construed in accordance with Swiss substantive law, without reference to its conflict of laws provisions.

14  | 16

CONFIDENTIAL Collaboration Agreement

14.2 Arbitration. Any dispute, controversy or claim arising out of, or in relation to, this Agreement, including the validity, invalidity, breach, or termination thereof, shall be resolved by arbitration in accordance with the Swiss Rules of International Arbitration of the Swiss Chambers' Arbitration Institution in force on the date on which the Notice of Arbitration is submitted in accordance with these Rules. The number of arbitrators shall be one or three. The seat of the arbitration shall be Geneva. The arbitral proceedings shall be conducted in English.

[signatures on the following page]

15  | 16

CONFIDENTIAL Collaboration Agreement

This Agreement may be executed in several counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Counterparts may be delivered via electronic mail (including pdf or any electronic signature, such as DocuSign) or other transmission method and any counterpart so delivered shall be deemed to have been duly and validly delivered and be valid and effective for all purposes.

Geneva, June 20th 2018

Organisation Internationale pour la Sècuritè des Transactions Electroniques OISTE
/s/ Philippe Doubre	/s/ Dourgam Kummer
Philippe Doubre Chairman of the Foundation Council	Dourgam Kummer Member of the Foundation Council

WISeKey SA
/s/ Carlos Moreira	/s/ Peter Ward
Carlos Moreira, CEO & Founder	Peter Ward CFO

16  | 16

CONFIDENTIAL Collaboration Agreement

Exhibit 1

OISTE shall be entitled to the following yearly Fees (excl taxes):

a. Management Fee: CHF 120,000 in 4 equal instalments of CHF 30'000, due and payable at the beginning of each quarter.

OISTE will issue an adequate invoice to the attention of WISeKey stating the reason of the payment and the amount.

b. License Fee Amount: CHF 96,000 in 4 equal instalments of CHF 24'000, due and payable at the beginning of each quarter.

OISTE will issue an adequate invoice to the attention of WISeKey stating the reason of the payment and the amount.

c. Royalty Fee Amount: corresponding to a certain percentage (the Percentage) of any certificate fees collected by WISeKey for the issuance of certificates to End Users (the Certificate Fees) on any given year since the signature of this Agreement (each, a Contract Year), where

a) End User shall mean the entities (legal, natural, mechanical or electronic) that have been issued certificates within the Global PKI but are not providers of certification services within such PKI;

b) The Percentage shall be 2.50%, to be reduced by 0.25% for each tranche of Certificate Fees of 1'000'000CHF in any given Contract Year, until it reaches 1.50%;

CHF 1'000'000 at 2.50% = CHF 25'000.00

CHF 2'000'000 at 2.25% = CHF 45'000.00

CHF 3'000'000 at 2.00% = CHF 60'000.00

CHF 4'000'000 at 1.75% = CHF 70'000.00

CHF 5'000'000 at 1.50% = CHF 75'000.00 and

The Royalty Fee shall be due and payable on a quarterly basis, within 30 days following the end of each calendar quarter, on the basis of the Certificate Fees effectively received during such quarter irrespectively of the issuance date of the corresponding certificates. An adjustment will occur at the end of each Contract Year (and at the expiration or termination of this Agreement) to meet the Minimum Royalty Fee or reduce the amount due as a result of the decrease of the Percentage during such Calendar Year.