Reach - Non-Regulatory Announcement

14 April 2026

PCI-PAL PLC

("PCI Pal", "the Group", or the "Company")

Achievement of HIPAA, HITRUST, and SOC 2 Type II certification

PCI-PAL PLC (AIM: PCIP), the global cloud provider of secure payment solutions for business communications, is pleased to announce that it has successfully achieved HIPAA, HITRUST and SOC 2 Type II compliance, enhancing its ability to support enterprise customers operating in highly regulated environments, particularly in the United States.

HIPAA (Health Insurance Portability and Accountability Act) is the key US healthcare data protection regulation, imposing strict security and privacy requirements on organisations handling sensitive patient information across the healthcare industry.

HITRUST is a leading certifiable security framework in the US healthcare sector, providing a comprehensive and auditable approach to managing data protection, privacy and regulatory compliance, and is often used to demonstrate alignment with HIPAA requirements.

SOC 2 Type II is a widely recognised and adopted independent audit standard in the US, validating that strong security and data protection controls are operating effectively over time, and is commonly expected by enterprise customers in the US.

Combined these achievements are exceptional in the Company's industry and reflect PCI Pal's continued commitment to maintaining the highest levels of data security, privacy, and regulatory compliance for not only its customers, but also in supporting its partners many of whom operate extensively across the US enterprise space.

Commenting, James Barham, Chief Executive Officer of PCI Pal, said:

"Achieving HIPAA and HITRUST audited compliance, alongside our successful SOC 2 Type II attestation, is an important milestone for PCI Pal.  It underscores our continued investment in robust and regulated security frameworks, which is supporting enhanced competitive differentiation and positioning for the Company, as well as building additional customer trust.  Together, they provide our customers with independently validated assurance in our ability to meet rigorous compliance requirements while delivering secure, reliable, enterprise-grade cloud solutions.

"For our partners, these achievements further strengthen an already comprehensive compliance and security foundation across the PCI Pal cloud platform. They also reinforce the basis for mutual growth across both human and AI engagement environments, as we continue to deliver incremental value and deepen strategic relationships.

"With expansion across enterprise customers in the US a key strategic goal, these standards further enhance our ability to engage with large, regulated organisations and position PCI Pal to capitalise on its significant market opportunity at pace."

For further information, please contact:

About PCI Pal:

PCI Pal is a leading provider of secure, cloud-based payment and data protection solutions that enable organisations to take frictionless, compliant payments seamlessly integrated to any business communications environment including voice, chat, messaging, social media, and email.  PCI Pal's platform supports all forms of customer engagement, whether human-to-human or AI-driven conversations.

PCI Pal has an extensive partner eco-system with its products resold by many of the world's leading Communications, CCaaS, and UCaaS vendors.  Its platform integrates with a broad range of digital payment methods and connects to the majority of leading payment service providers globally.

For more information visit www.pcipal.com or follow the team on LinkedIn: https://www.linkedin.com/company/pci-pal/