Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk management

We recognize the importance of assessing, identifying, and managing risks associated with cybersecurity threats. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees, violation of privacy or security laws and other litigation and legal risk; and reputational risks. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. While we have not, as of the date of this Annual Report, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future.

We aim to incorporate industry best practices throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards. We work with a third-party provider to monitor threats and potential cybersecurity breaches.

We have processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things: ongoing security awareness training for employees; mechanisms to detect and monitor unusual network activity; and containment and incident response tools. We monitor issues that are internally discovered or reported by our third-party monitoring service that may affect our information services and have processes to assess those issues for potential cybersecurity impact or risk. We impose security requirements upon our suppliers and CROs, including maintaining an effective security management program; abiding by information handling and asset management requirements; and notifying us in the event of any known or suspected cyber incident.

Cybersecurity Risk Management Processes Integrated [Text Block]

We recognize the importance of assessing, identifying, and managing risks associated with cybersecurity threats. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees, violation of privacy or security laws and other litigation and legal risk; and reputational risks. We are committed to maintaining robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our Board has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to Company priorities, resource allocations, and oversight structures. The Board is assisted by the audit committee, which reviews our cybersecurity program with management and reports to the Board.

The audit committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The audit committee is composed of board members with diverse expertise including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.

Our Chief Executive Officer, Chief Financial Officer and corporate controller have operational experience in assessing and managing cybersecurity risk. Our Chief Executive Officer plays a pivotal role in informing the audit committee on cybersecurity risks. They provide comprehensive briefings to the audit committee on a regular basis, with a minimum frequency of once per year. These briefings encompass a broad range of topics, including:

●

Current cybersecurity landscape and emerging threats;

●

Status of ongoing cybersecurity initiatives and strategies;

●

Incident reports and learnings from any cybersecurity events; and

●

Compliance with regulatory requirements and industry standards.

In addition to our scheduled meetings, the audit committee and Chief Executive Officer maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Together, they receive updates on any significant developments in the cybersecurity domain, ensuring the board’s oversight is proactive and responsive. The audit committee actively participates in strategic decisions related to cybersecurity, offering guidance and approval for major initiatives. This involvement ensures that cybersecurity considerations are integrated into the broader strategic objectives of MetaVia.

Our Chief Financial Officer is informed by our third-party monitoring service of any cybersecurity incidents, who will then escalate the incident to our Chief Executive Officer, if necessary. Furthermore, significant cybersecurity matters, and strategic

risk management decisions are escalated to the Board, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Board has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to Company priorities, resource allocations, and oversight structures. The Board is assisted by the audit committee, which reviews our cybersecurity program with management and reports to the Board.

The audit committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The audit committee is composed of board members with diverse expertise including risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our Chief Executive Officer, Chief Financial Officer and corporate controller have operational experience in assessing and managing cybersecurity risk.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true