Evolution Metals & Technologies Corp. 10-K Cybersecurity GRC - 2026-02-20

Page last updated on February 20, 2026

Evolution Metals & Technologies Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-20 16:50:54 EST.

Filings

10-K filed on 2026-02-20

Evolution Metals & Technologies Corp. filed a 10-K at 2026-02-20 16:50:54 EST
Accession Number: 0001213900-26-018858

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy Following the closing of the Business Combination, we rely on information technology systems, network infrastructure, operational technology, and digital platforms to operate our business, manage manufacturing processes, support recycling operations, interact with suppliers and customers, maintain financial records, and process transactions. Our information systems include internally developed systems and processes, as well as systems and services provided by third-party vendors and cloud service providers . Our information systems and operational technology may be vulnerable to cybersecurity threats and incidents, including unauthorized access, malicious code, ransomware, phishing, social engineering, insider threats, denial-of-service attacks, and other cyber-attacks that could compromise the confidentiality, integrity, or availability of our systems or data. Cybersecurity threats have become increasingly sophisticated, including as threat actors leverage artificial intelligence, automation, and advanced social engineering techniques, and may originate from criminal organizations, insiders, or state-sponsored actors. The Company is subject to cyber threats in the ordinary course of business. While we have not experienced any material cybersecurity incidents to date, we cannot assure that future incidents will not occur. We recognize that cybersecurity threats pose ongoing risks which, if realized, could have a material adverse impact on our business, financial condition and results of operations. A successful cybersecurity incident could result in business disruption, loss of intellectual property, regulatory exposure, reputational harm, or financial losses, any of which could materially and adversely affect our business, results of operations, or financial condition. For additional discussion of cybersecurity risks, see "Item 1A. Risk Factors." The Company is in the process of evaluating and developing its cybersecurity risk management framework. As part of this process, the Company is considering the implementation of formal cybersecurity policies, procedures, and controls designed to identify, assess, and mitigate cybersecurity risks. These measures may include access controls, network monitoring, data backup procedures, incident response planning, vendor risk management practices, and employee awareness training, among other safeguards. Management's Role in Cybersecurity Following the closing of the Business Combination, cybersecurity risk management is overseen by senior management under the supervision of the Company's Chief Executive Officer ("CEO"). The Company's Chief Financial Officer ("CFO") and Chief Operating Officer ("COO"), together with the internal IT personnel (collectively, the "IT Security Team"), are expected to support the development and implementation of cybersecurity policies, controls, and incident response procedures. 47 In connection with the Company's growth and integration of new operating subsidiaries, including international operations, the Company expects to continue enhancing its cybersecurity governance structure, internal controls, and monitoring capabilities. Governance Following the closing of the Business Combination, the Audit Committee of the Board of Directors is expected to oversee cybersecurity-related risks as part of its broader oversight of the Company's risk management processes. The Audit Committee may receive periodic updates from management regarding cybersecurity risks, controls, incident response planning, and significant developments in the Company's information security posture. Management intends to report to the Audit Committee on cybersecurity matters as part of its broader enterprise risk management reporting, including any significant cybersecurity threats, incidents, or remediation efforts. The Audit Committee is also expected to oversee management's efforts to assess cybersecurity risks associated with third-party vendors, cloud service providers, and operational technology systems used in manufacturing and recycling facilities. The Board and Audit Committee are expected to consider cybersecurity risk as an integral component of the Company's overall risk management framework and strategic planning process.

Company Information