Summary
- Tinexta InfoCert sits in a legally protected trust-services market where identity proofing, qualified signatures, certified delivery, timestamps, preservation and related certificates can become repeat purchases, but only if renewal economics outrun compliance, verification and security costs.
- Tinexta's Digital Trust segment is the group's margin engine, with EUR 221 million of 2025 revenue, about EUR 69 million of adjusted EBITDA and a roughly 31 percent margin, while first-quarter 2026 showed flat revenue but resilient profitability and a clear dependence on renewals, public-sector and large-enterprise demand, and Ascertia timing.
Customers pay for legal certainty
The economic incentive starts with the buyer, not the software. A bank, public agency, insurer, utility, telecom operator or regulated professional does not buy a qualified signature because clicking a button is difficult. It pays because the signature, identity check, timestamp, certified message or preserved document may later need to prove who acted, when they acted, whether the document was altered and whether the transaction met the rules in force at the time. The customer wants to replace physical presence, paper archives and manual review with digital evidence that a supervisor, court, counterparty or auditor can accept.
That is the foundation of Tinexta InfoCert's potential value. InfoCert's public materials describe a portfolio built around digital onboarding, identity verification, digital signatures, electronic seals, timestamping, certified communications, electronic invoicing, digital preservation, SSL and PSD2 certificates, corporate wallets and integration APIs. The common thread is not generic enterprise productivity. It is the conversion of a private digital action into an auditable act with legal or operational consequences.
If InfoCert can sell that capability as repeatable infrastructure to customers with continuing obligations, the business can earn software-like renewal economics while retaining the regulatory differentiation of a qualified trust service provider.
The risk is that legal certainty is expensive to manufacture. A qualified signature certificate is not just a subscription line. A remote onboarding flow requires document capture, identity matching, liveness and fraud controls, operator review in some cases, audit trails, secure key management, support, revocation, policy documentation and supervisory oversight. A certified communication or preserved document service has to remain reliable after the sales team has moved on.
When a customer wants the service to work across countries, the provider must fit local identity schemes, language requirements, data protection rules, evidence standards and implementation details. The gross demand may be regulated and recurring, but the cost of making each transaction defensible can rise faster than the price if InfoCert chases volume without discipline.
That is why the question for Tinexta is narrower than whether digital trust is a growing category. The relevant question is whether InfoCert can turn legally recognised trust services into durable recurring margin. The answer is cautiously positive, but conditional. Tinexta's own segment results show Digital Trust is already the group's best economic asset.
They also show where the debate should focus: renewal quality, enterprise concentration, cross-border execution, integration of acquired platforms, verification cost, accreditation burden, security liability, and exposure to public identity systems and bundled e-signature software that can compress willingness to pay.
The boundary is trust services, not connectivity
The company tracked here is TINEXTA INFOCERT S.p.A, the InfoCert business inside the Tinexta group. Public company materials and InfoCert's own pages point to a digital trust provider, not a telecom carrier. Tinexta describes Digital Trust as covering certified e-mail, electronic signatures, digital identity, digital onboarding, digital preservation and electronic invoicing. InfoCert's site presents the firm as a certification authority and digital trust provider for businesses, professionals and individuals. That business boundary matters because the evidence in the network layer is narrow.
The RIPE NCC member record lists InfoCert S.p.A in Italy, with an address in Padua and service area IT - Italy. RIPE NCC itself is a regional Internet registry and membership organisation that distributes Internet number resources and supports members in managing allocations and assignments. This is useful evidence of a resource-holder or Internet number governance footprint. It does not prove that InfoCert sells ISP access, IP transit, cloud hosting, registry services or managed network services.
The economics of InfoCert should therefore be assessed as regulated digital-service operations that rely on secure systems and Internet resources, not as connectivity economics.
That distinction protects the analysis from a common mistake. Trust-service providers need reliable infrastructure, secure hosting, operational resilience and, in some cases, their own network resources. They may use data centres, cloud services, identity systems, certificate infrastructure and communications tooling. Those needs can make cloud service dependency, locality and network governance relevant to cost and risk. They do not turn the company into a network operator.
In this case, the RIPE evidence supports a limited conclusion: InfoCert has a formal Internet number resource context in Italy, which is consistent with a serious digital service provider, but it is not direct evidence of telecom revenue.
The operating boundary also clarifies what customers are buying. A bank using digital onboarding is not buying bandwidth from InfoCert. It is buying a reliable way to know whether the person at the other end of a remote session is the right person, whether the document and consent record are defensible, and whether the resulting signature or contract can be used inside a regulated process. A public administration buying certified e-mail or identity services is not buying a commodity inbox. It is buying a channel with formal evidence value. An enterprise buying timestamps, seals or preservation is not just storing files.
It is buying proof that a record existed in a given state at a given time and can be retrieved with integrity later.
Digital Trust is Tinexta's margin engine
Tinexta's reported numbers make Digital Trust the centre of the investment case. For 2025, the group reported EUR 457.1 million of revenue from continuing operations and EUR 103.0 million of adjusted EBITDA. Digital Trust contributed EUR 221 million of revenue and about EUR 69 million of adjusted EBITDA, with a margin around 31 percent. That is materially higher than the group's overall adjusted EBITDA margin of 22.6 percent. In plain terms, this segment provides less than half the group's revenue but a substantially larger share of its high-quality earnings.
The first quarter of 2026 reinforced the point. Group revenue was EUR 106.1 million, essentially flat against the restated prior-year comparison, and adjusted EBITDA was EUR 15.2 million, down 14.2 percent. Digital Trust, however, held up better: revenue was EUR 54.6 million, up 0.4 percent, adjusted EBITDA was EUR 16.1 million, up 1.3 percent, and the adjusted EBITDA margin improved slightly to 29.4 percent. In a quarter where group profitability was pressured by other business units, Digital Trust still produced a margin close to 30 percent.
The mix behind that resilience matters more than the headline. Tinexta attributed Digital Trust growth in the quarter to LegalMail, especially public administration and large-cap customers, and to the Trusted Onboarding Platform, where enterprise subscription and renewal revenue from loyal clients supported growth. It also cited positive performance in business information, telematic transactions and online sales. The offset was Ascertia, where revenue contracted sharply because of fewer one-off components and client timing in the Middle East.
This tells investors two things at once. First, the core Italian trust-service franchise looks durable enough to defend margin even when the group as a whole is under pressure. Certified communications, renewals, public-sector use and large-enterprise contracts are exactly the kind of demand that can behave like infrastructure spending rather than discretionary software. Second, the segment is not pure recurring revenue. It still includes project timing, one-off components, acquired businesses with uneven order patterns and country-specific customer cycles.
The group guidance for 2026 also puts the burden on Digital Trust. Tinexta guided to group revenue growth of 3-4 percent and adjusted EBITDA growth of 6-7 percent, excluding acquisitions. For Digital Trust, the indicated 2026 target range was stronger, with revenue growth of 4-6 percent and adjusted EBITDA growth of 6-8 percent. Management is therefore asking Digital Trust to keep expanding margin while other units, especially Cybersecurity in the first quarter, work through softer demand. If that happens, Tinexta becomes more a digital trust compounding story than a diversified services group.
If it does not, the group's valuation has to absorb a less dependable mix.
The balance sheet raises the stakes. Tinexta ended 2025 with net debt of EUR 239.8 million, but first-quarter 2026 net debt rose to EUR 351.1 million, mainly reflecting the estimated exercise of the call option on Bregal Milestone's minority stake in Tinexta InfoCert. Exercising a call on 16.09 percent of Tinexta InfoCert makes economic sense only if management believes this is the asset worth owning more completely. It also concentrates pressure: the more Tinexta pays to consolidate ownership, the less room there is for InfoCert to underdeliver.
Recurrence is visible, but not fully disclosed
The case for recurring margin rests on repeat behaviour. Certificates expire and renew. Certified mailboxes, preservation services and corporate identity tools tend to be used continuously. Enterprise onboarding platforms can sit inside customer acquisition and account-opening processes. Public administration and large corporates usually do not switch trust providers lightly once a service is embedded, documented and audited. These features should support retention, pricing and cross-sell.
Tinexta gives partial evidence for that pattern. The first-quarter 2026 presentation specifically points to enterprise subscriptions and renewals from loyal clients inside the Trusted Onboarding Platform. It also points to LegalMail growth in public administration and large-cap accounts. InfoCert's own site includes a renew link in the service navigation, reflecting a product set where recurring or repeat purchases are natural. The public price feed shows unit prices and packages for qualified signature identification, qualified electronic seals, timestamps and signature software. The product set is therefore not just bespoke consulting.
Still, investors do not receive the disclosure needed to treat the segment like a clean subscription software business. Tinexta does not publish Digital Trust annual recurring revenue, net revenue retention, gross retention, churn, renewal price uplift, cohort profitability, customer concentration or revenue split between certificates, subscriptions, transaction fees, project work and resale. It does not disclose how much revenue comes from public bodies, large enterprise accounts, SMEs, consumers, banks or cross-border subsidiaries.
It does not isolate InfoCert from other Digital Trust companies in a way that lets readers see the unit economics of each product line.
That missing detail is not a minor accounting preference. It changes how much confidence one can place on the margin. A qualified certificate sold through an online channel at a known unit price may have attractive direct economics if support and identity verification are efficient. A complex enterprise onboarding deployment may carry higher integration effort before it produces repeat revenue. A public-sector certified communication contract may be sticky but exposed to tender pricing and policy change. A Middle East software contract can be profitable but lumpy.
Without renewal and product-level disclosure, the headline margin blends different economic engines.
The right test is not whether InfoCert sells repeatable products. It does. The right test is whether the company can raise the share of revenue that renews with little incremental work, while keeping identity-proofing, support and compliance cost per transaction under control.
Verification cost is the economic constraint
Remote identity verification is the point where the trust-services business stops looking like ordinary software. InfoCert's Trusted Onboarding Platform page describes multiple methods: expert-guided identification, live video calls, self-service identification, certified identity through existing eID and national identity schemes, and extended KYC use cases. SPID's public site describes identity activation methods such as in-person verification, webcam verification, audio-video with bank transfer, CIE, CNS and digital signature methods.
Its provider comparison page shows that InfoCert ID offers in-person and webcam options, with webcam and OTP-by-SMS marked as paid services in that public table.
Every method has a cost profile. Operator-assisted video creates labour expense and scheduling friction. In-person points create partner economics and quality-control risk. Self-service document capture and biometric checks create technology, fraud and false-positive costs. Existing digital identity can lower friction but depends on public schemes and interoperability. A customer may care most about conversion rate, but InfoCert has to care about the margin after failed attempts, manual exceptions, customer support, dispute handling and audit records.
The first-quarter results suggest InfoCert can currently manage this equation. Digital Trust personnel costs rose 7.0 percent, while production costs fell 4.5 percent and general and administrative costs fell 13.6 percent. Segment EBITDA margin still expanded. That is a positive sign: it implies the business can absorb wage pressure and still find operating efficiencies. But a single quarter does not settle the issue. Verification cost is sensitive to fraud patterns, document quality, regulation, customer mix and product design.
A bank account-opening flow with anti-money-laundering obligations is not the same as a professional renewing a certificate.
The economics also depend on who captures the value. If InfoCert's platform reduces abandonment for a bank or telecom operator, the buyer may be willing to pay more because the service improves revenue conversion and compliance at the same time. If the same buyer sees identity verification as a commodity feature available from several vendors, public identity schemes or document platforms, it will push price down. The more InfoCert can show that its service reduces fraud, supports compliant conversion and connects directly to legally recognised signatures, the more it can defend value-based pricing.
The more it sells isolated checks, the more the buyer will compare it against a unit-cost benchmark.
There is another practical issue: liability tends to sit where trust is claimed. A false acceptance can create fraud loss, regulatory scrutiny or reputational damage. A false rejection can block a legitimate customer and hurt conversion. A signing certificate issued under weak controls can undermine confidence in the service. InfoCert does not publish loss rates, dispute rates or incident-level quality metrics. That is normal for a private operating subsidiary, but it means outsiders should not assume verification volume is automatically high-margin.
The best evidence for the business is therefore the combination of margin and renewals. If TOP keeps growing through enterprise subscriptions, if LegalMail and certified communications remain steady, and if Digital Trust margin stays near 30 percent while remote identity use grows, InfoCert is proving that verification cost is manageable. If growth accelerates but margin falls, the company may be buying revenue through labour, support and exception handling.
Accreditation behaves like both moat and rent
Regulation is InfoCert's moat, but it is also a rent paid back to the system. eIDAS created a framework for electronic identification and trust services in the EU, including electronic signatures, seals, timestamps, registered delivery, website authentication certificates and qualified trust services. The Commission describes eIDAS as a way to facilitate secure cross-border transactions and mutual recognition of electronic identities. The 2024 amendment, Regulation (EU) 2024/1183, expands the framework around European digital identity and future wallet adoption.
For InfoCert, qualified status and supervisory trust are commercially valuable. Customers do not want to verify every technical and legal requirement themselves. They want a provider whose status, certification, audit routines and documentation let them rely on the output. InfoCert's Trust Center page says the company cooperates with standardisation and supervisory bodies, monitors European and local legislation through specialised compliance teams, and is continuously monitored and audited to maintain qualified trust service status.
That language is promotional, but the economic point is real: accreditation lowers the customer's perceived legal risk.
The cost side is just as real. Qualified status requires compliance staff, technical standards, secure processes, audits, incident management, documentation, training and investment in certifications. Legal changes create product changes. Cross-border expansion requires local interpretation. European wallet implementation may require interoperability with new credential exchange standards and relying-party rules. The more the market becomes a pan-European trust layer, the more InfoCert must spend to remain accepted across jurisdictions.
This is why regulation should not be treated as pure pricing power. It restricts who can compete in qualified services, but it also defines a common standard that can make providers comparable. If a buyer only needs a qualified certificate from any approved provider, price competition remains possible. If InfoCert also provides better integration, sector knowledge, onboarding conversion, preservation, certified communications and enterprise support, then accreditation becomes one element in a broader relationship. The moat is wider when the certificate is attached to a full operating process.
eIDAS 2.0 and the EUDI Wallet can strengthen or weaken InfoCert depending on execution. They may expand the addressable market by making digital credentials more common and by increasing private-sector reliance on regulated identity. They may also shift some identification value toward state-backed wallets and common standards. InfoCert's wallet page positions its corporate wallet as interoperable with the future European Digital Identity Wallet and based on OpenID Connect standards. That is the right posture, because resisting public identity infrastructure would be a poor strategy.
The better strategy is to become the enterprise implementation layer that helps customers use those credentials inside signing, onboarding and compliance processes.
The judgement turns on whether InfoCert can price that implementation layer. If customers see wallet interoperability as a reason to buy more from InfoCert, regulation expands the franchise. If they see the wallet as a substitute for paid identity checks, regulation compresses part of the economics. Both outcomes can happen in different product lines.
Cross-border expansion raises the integration bill
Tinexta has spent years building a European digital trust footprint around InfoCert and related businesses. The Digital Trust perimeter includes companies and assets such as InfoCert, Visura, Sixtema, Camerfirma, CertEurope, Ascertia and Linkverse-related capabilities. The strategic logic is clear: trust services are regulated by European frameworks but still implemented through national schemes, languages, supervisory details and market habits. A provider with a broader European footprint can serve multinational customers, cross-sell products and absorb legal change better than a single-country specialist.
The integration risk is also clear. Digital trust is not a simple roll-up where one can buy local revenue and immediately put it on a common platform. Certificates, identity schemes, preservation rules, public-sector relationships and commercial channels are country-specific. A Spanish certificate authority, a French trust provider, an Italian certified mail franchise and a UK-rooted signing software company can all sit under the same strategic heading while still carrying different products, code bases, customer contracts and compliance routines. Synergy requires real resource allocation, not just ownership.
Ascertia is the visible caution in the 2026 numbers. Tinexta reported that Ascertia revenue fell 33 percent in the first quarter because of lower one-off components and Middle Eastern client timing and volatility. Ascertia represents only a small share of consolidated revenue, but the signal matters. Cross-border software and trust-service assets can provide higher-growth exposure, yet they may also carry project timing, geopolitical risk and customer concentration. A consolidated segment margin can look stable while one acquired business is volatile and another carries the quarter.
The Bregal call option points the other way: Tinexta appears to be simplifying ownership of InfoCert because it sees the core asset as strategic. That can be positive if it makes governance cleaner and lets Tinexta allocate capital decisively. It can be negative if it increases leverage before the acquired and international pieces prove their consistency. First-quarter 2026 net debt was already higher after the estimated call-option impact. Ownership control is valuable only if it produces better operating decisions.
The best cross-border path is likely selective. InfoCert should not try to turn every acquired brand into one undifferentiated product. It should preserve local trust status where that status matters, unify back-office security and compliance where possible, and create common enterprise modules where customers actually benefit from common identity, signing, preservation and evidence management. That is harder than a slide showing European coverage, but it is also where recurring margin can improve.
This is also where data sovereignty and locality enter the economics. A regulated customer cares where evidence, identity attributes, signature records and preserved documents are held, who can access them, which law applies and whether a provider can keep service continuity under local rules. InfoCert's local approach and global-success language is commercially sensible because local trust is part of the product. The cost is duplication: local compliance teams, local infrastructure choices, local audits and local customer support. Scale helps only if it does not erase the local assurances customers are buying.
Infrastructure dependency is a risk, not the product
InfoCert's products depend on secure infrastructure, but public sources do not disclose enough to map its supplier concentration. The company must run systems for identity proofing, certificate issuance, signing, timestamps, certified communications, preservation, customer portals and APIs. Those systems likely use a combination of owned infrastructure, data-centre services, cloud providers, third-party identity components, communications services, hardware security modules, software libraries and local partners. The article cannot identify the exact mix from public information, and it should not pretend otherwise.
The absence of detail is itself part of the economic judgement. Trust-service customers expect resilience, confidentiality, integrity and availability. If a provider's upstream hosting, cloud, telecom, identity-verification component or support partner fails, the customer's transaction may fail at the worst possible moment. If a provider cannot show sufficient data locality or controls, regulated customers may hesitate. If a critical supplier raises price or changes terms, InfoCert may not be able to pass all of the increase through to certificate and subscription buyers.
The RIPE membership record modestly reduces uncertainty by showing formal participation in Internet number resource governance, but only modestly. It says nothing about server architecture, cloud dependence, service-level performance, business continuity or security posture. InfoCert's Trust Center and certification materials are more relevant to the buyer's comfort, because they speak to compliance, monitoring and audits. Even there, public marketing does not replace customer due diligence.
Cybersecurity risk links directly to valuation. A trust provider sells confidence. A serious breach, certificate issuance failure, identity-verification scandal, downtime event or regulatory sanction would not be a normal operating hiccup. It would attack the reason customers pay. Tinexta's separate Cybersecurity business struggled in the first quarter of 2026, but that segment's results should not be confused with InfoCert's security posture. The relevant point is broader: Tinexta must keep funding security across the trust-service estate even when other units face pressure.
The economic opportunity is to turn secure infrastructure into invisible reliability. Customers should not have to think about certificates, APIs, key custody, evidence records or legal preservation every day. They should simply renew because the service keeps their regulated digital processes working. That is how infrastructure dependency becomes margin. It fails if infrastructure problems become the customer's reason to renegotiate or switch.
Competition comes from rivals, states and suites
InfoCert competes on three fronts. The first is specialist trust-service competition. Namirial, also rooted in Italy, presents itself as a qualified trust service provider offering digital signature certificates, trust services, identity credentials, seals and timestamps. Other European trust providers and local identity specialists can compete in their home markets or in pan-European enterprise accounts. In qualified services, accreditation narrows the field, but it does not leave InfoCert alone.
The second front is public identity infrastructure. SPID is a public digital identity system for access to Italian public administration and participating private services. The European Digital Identity Wallet framework is intended to broaden digital identity and credential use across the EU. These systems can expand demand for digital identity by making users and institutions more comfortable with regulated credentials. They can also reduce the paid verification work a private provider performs for some use cases. If a customer can accept a state-backed credential directly, it may pay less for a private identity check.
If it needs help embedding that credential into signing, onboarding, consent, archiving and compliance, it may pay InfoCert more.
The third front is bundled document and agreement software. DocuSign markets e-signature, agreement management, templates, integrations, web forms, multi-channel delivery and enterprise compliance. Adobe sells Acrobat and Acrobat Sign features inside a broad PDF and document environment, with visible small-business pricing and enterprise options. Microsoft, Google and other productivity platforms can also make basic signing, identity and document sharing feel like features of a broader suite. For low-risk transactions, customers may choose convenience over qualified legal depth.
InfoCert's defence is the regulated edge. A simple e-signature is not the same as a qualified electronic signature, a certified identity process, a qualified timestamp, an electronic seal, a certified communication or a legally compliant preservation service. InfoCert can win where the buyer needs more than a signature field in a PDF. The company can also win where an enterprise wants one provider to connect identity proofing, signing, certificates, certified delivery and record retention. That bundle is more defensible than any single feature.
But the substitute threat is real because not every transaction needs maximum legal strength. Buyers segment their needs. A sales approval may use a standard e-signature. A consumer onboarding flow may use a cheaper identity vendor. A public-service login may use SPID or a future wallet. A multinational may prefer a global document suite for ordinary agreements and a qualified trust provider for regulated cases. InfoCert's pricing power depends on being selected for the transactions where legal reliability matters enough to pay for.
Unofficial market signals should be treated carefully. Public review pages for InfoCert can indicate customer frustration around support, activation or renewal, but they are not audited evidence of service quality and often overrepresent unhappy users. Their value is directional: in a business where trust and ease of activation matter, support friction can damage renewal economics even if the regulated product is sound. Management should care about those signals because small operational pain can become price pressure when alternatives are one search away.
Customer concentration is the hidden swing factor
Tinexta's first-quarter explanation points to public administration and large-cap customers as LegalMail drivers, and enterprise renewals as a TOP driver. That is good news for stability, because large regulated customers usually have recurring needs. It is also a concentration warning. A few public frameworks, bank groups, large corporates or international accounts can make quarterly growth look smooth until a tender, budget cycle, platform migration or regulatory choice changes demand.
The article cannot quantify customer concentration from public data. Tinexta does not disclose the top ten Digital Trust customers, the share of public administration revenue, the split between Italy and international markets, or the share of enterprise versus consumer/professional revenue. This opacity matters because buyer power differs sharply by segment. A professional renewing a certificate has little negotiation leverage. A public administration or bank group can run procurement, demand service levels, require local compliance features and push pricing down. A Middle Eastern software customer can shift a quarter by delaying a project.
There is also a policy-dependence issue. Certified e-mail and public identity are attractive because they are embedded in Italian administrative and business practice. That embeddedness creates demand, but it also means the rules are not fully controlled by the vendor. If policymakers alter certified communications, identity-provider economics, public wallet acceptance, remote onboarding requirements or preservation standards, InfoCert must adapt. Incumbents often adapt best, but adaptation still costs money.
The best sign would be broadening without dilution: more enterprise customers using multiple InfoCert services, more renewal revenue from TOP, more cross-border customers using acquired capabilities, and less reliance on one-off software components. The worst sign would be growth that depends on a few large projects while base renewals stagnate. Segment revenue growth of 4-6 percent in 2026 is a reasonable target, but the quality of that growth matters more than the percentage.
Enterprise concentration can be positive if InfoCert becomes deeply embedded. A bank that uses TOP for onboarding, qualified signatures for account documents, timestamps for evidence, preservation for records and certified communications for notices has switching costs. The provider is then part of the customer's regulated operating fabric. But concentration is negative if one enterprise contract requires custom development, bespoke pricing and heavy service effort. The same account can be either an annuity or a disguised services project.
Tinexta should therefore be judged on operating proof rather than rhetoric. Are enterprise renewals growing faster than new custom work? Are public-administration contracts maintaining price and margin? Are international accounts moving from one-off licences to repeatable products? Are customer support and verification exceptions falling per transaction? Public investors do not yet have enough data to answer those questions, which is why the conclusion must remain conditional.
Capital allocation now points toward InfoCert
Tinexta's decision to exercise the call option on Bregal Milestone's minority stake in Tinexta InfoCert is one of the clearest capital-allocation signals in the public record. The estimated first-quarter 2026 net debt increase was mainly tied to that exercise, and the board had resolved in February 2026 to proceed on the 16.09 percent stake. A company does not take on that financial effect for a non-core subsidiary unless it expects strategic or economic value from control.
The logic is understandable. Digital Trust has higher margins than the group, better first-quarter resilience than Cybersecurity, and strategic exposure to European digital identity and trust services. Owning more of InfoCert means Tinexta captures more of the earnings stream if the segment compounds. It may also simplify governance around investment, product integration and acquisitions. If InfoCert is the asset with the strongest recurring-margin potential, increasing ownership is rational.
The cost is leverage and execution pressure. First-quarter 2026 net debt of EUR 351.1 million and a net financial position to adjusted EBITDA ratio of 3.49x leave less margin for disappointment. Tinexta's 2026 guidance assumes EBITDA growth and improved leverage, but that depends on operating delivery and cash generation. Digital Trust cannot merely remain a stable contributor; it has to help pull the group toward the plan. If Cybersecurity remains weak or Business Innovation requires more investment, InfoCert's cash conversion becomes even more important.
The acquisition history also deserves discipline. Buying or consolidating trust-service assets can be attractive because regulatory approval, customer trust and local presence are hard to build from scratch. It can also create intangible-heavy balance sheets and impairment risk if growth expectations are too optimistic. Tinexta's 2025 reported EBIT was hurt by goodwill impairment at group level. That does not invalidate the InfoCert case, but it is a reminder that strategy without measured return on capital is not value creation.
The strongest capital-allocation path would prioritise three things: defend the Italian high-margin base, integrate European trust assets where common infrastructure truly reduces cost or expands enterprise sales, and avoid overpaying for growth that depends on volatile one-off projects. The weakest path would use InfoCert's margin to subsidise broad expansion without proving renewal economics.
The judgment
Tinexta InfoCert is economically attractive because it sells trust where trust has legal consequences. The company is not merely helping customers move documents faster. It is helping them create, sign, send, preserve and prove digital acts in settings where the cost of failure can exceed the price of the service. That gives InfoCert a better starting point than ordinary workflow software and a more defensible position than a commodity IT services vendor.
The public financial evidence supports a cautiously positive judgment. Digital Trust is Tinexta's margin engine, with 2025 adjusted EBITDA margin around 31 percent and first-quarter 2026 margin near 29 percent despite a flat revenue quarter. The segment contains visible recurring elements: LegalMail demand, public administration and large-cap usage, enterprise TOP subscriptions and renewals, certificates, timestamps, seals, preservation and related digital trust products. Tinexta's move to consolidate more of InfoCert ownership further confirms that management sees the asset as central.
The caveat is that not all trust revenue is equal. Certificate renewals and certified communications can resemble annuities. Remote identity and onboarding can become valuable subscription infrastructure, but only after verification cost, fraud controls and support are contained. International software and acquired trust businesses can expand the market, but Ascertia's first-quarter contraction shows the volatility of one-off components and regional timing. Public identity systems and the EUDI Wallet may enlarge the market while reducing private verification pricing in some use cases.
DocuSign, Adobe and other suites can absorb low-risk signing demand. Specialist rivals such as Namirial keep qualified-service pricing honest.
The position, then, is not that InfoCert has guaranteed compounding. It is that Tinexta owns a scarce regulated trust asset whose economics are already better than the rest of the group, and whose value should rise if management converts more usage into repeatable enterprise and certificate renewal revenue. The business deserves credit for the margin already visible. It does not deserve full software-style valuation without better evidence on churn, renewal uplift, customer concentration, product-level gross margin, verification unit cost, security incidents, public-sector exposure and acquired-business integration.
New facts that would change the judgment are specific. A disclosed increase in net retention, renewal revenue share and multi-product enterprise adoption would strengthen the case. Stable or rising Digital Trust margin while TOP grows would show verification cost is under control. Clear evidence that wallet interoperability brings new enterprise sales rather than replacing paid checks would support the regulatory upside.
Conversely, margin compression during revenue growth, a major trust or security failure, public procurement price pressure, rising customer concentration, repeated Ascertia volatility, or disclosure that growth depends heavily on bespoke low-margin projects would weaken the case.
For now, InfoCert should be judged as a high-quality regulated digital trust franchise with execution risk, not as a finished recurring-revenue machine. Its task is to make legal certainty feel routine to customers while keeping the expensive work of trust invisible, scalable and properly priced. If it does that, Tinexta's call-option bet will look like ownership consolidation around the group's best asset. If it cannot, Digital Trust will remain a strong business whose headline margin overstates its durability.

