Sono Group N.V. 10-K Cybersecurity GRC - 2025-04-17

Page last updated on April 17, 2025

Sono Group N.V. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-17 09:00:39 EDT.

Filings

10-K filed on 2025-04-17

Sono Group N.V. filed a 10-K at 2025-04-17 09:00:39 EDT
Accession Number: 0001171843-25-002284

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We recognize the importance of assessing, identifying and managing material risks associated with cybersecurity threats, as such term is defined in Item 106 of Regulation S-K. Following the pivot of our business model, we intend to take appropriate and reasonable steps to implement cybersecurity risk management processes and integrate such processes into our overall business. In response to the evolving cyber threat landscape, we have developed a cybersecurity risk management initiative. This program aims to protect our critical systems and sensitive information and is designed to maintain the confidentiality, integrity and accessibility of our systems and data. As part of our cybersecurity risk management initiative, we employ security tools and methods to proactively identify cybersecurity threats and to prevent, detect, investigate, contain, escalate and remediate risks, identified vulnerabilities and security breaches. By utilizing shared methodologies and reporting channels, we promote consistency and alignment across different risk areas. Key components of our cybersecurity risk management program include: ● An IT policy that outlines our IT security practices and procedures, which focus on information security, access to data, breach of policy and bolstering the security of our data assets. ● A designated responsibility for executing internal and external mandates and implementing relevant technical and organizational measures to uphold information security standards and compliance. Additionally, on the product and vehicle level, we constantly evaluate during the development process whether our products and the integration of our products on to customers’ vehicles are relevant to cybersecurity threats, standards and/or regulations (e.g., automotive standards/regulations ISO/SAE 21434 and UNECE R 155 ). Governance The audit committee of our supervisory board is charged with monitoring the Companies’ application of information and communication technology, including risks relating to cybersecurity. The audit committee receives updates from management on our cybersecurity and data protection programs, including an annual update consisting of potential risks and an overview of the administration and control system of the Companies, including the state of the Companies’ cybersecurity and data protection programs, key issues, priorities and challenges. 62 In addition to any reports from the audit committee to the full supervisory board regarding cybersecurity, management informs and updates the full supervisory board about any significant cybersecurity incidents and any pressing risk or compliance matters. Our management team is responsible for assessing and managing material risks from cybersecurity threats and has the primary responsibility for our overall cybersecurity risk management program. Our management team supervises efforts to prevent, detect, mitigate and remediate cybersecurity threats and incidents through various means, which may include briefings from relevant employees, threat intelligence and other information obtained from governmental, public or private sources and alerts and reports produced by security tools deployed in the IT environment. As of the date of this Annual Report, the Company is not aware of any active cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. For additional information concerning risks related to cybersecurity, see “Item 1A. Risk Factors-Risks Related to our Business and Operations-Interruptions or failures of information technology and communications systems could disrupt our business and affect our ability to effectively provide our services”.

Company Information