COTWO ADVISORS PHYSICAL EUROPEAN CARBON ALLOWANCE TRUST 10-K Cybersecurity GRC - 2026-02-28

Page last updated on March 2, 2026

COTWO ADVISORS PHYSICAL EUROPEAN CARBON ALLOWANCE TRUST reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-28 20:04:37 EST.

Filings

10-K filed on 2026-02-28

COTWO ADVISORS PHYSICAL EUROPEAN CARBON ALLOWANCE TRUST filed a 10-K at 2026-02-28 20:04:37 EST
Accession Number: 0001213900-26-021883

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. The Trust does not have any officers, directors or employees. The Sponsor is responsible for the oversight and overall management of the Trust. The Sponsor has adopted a written information security policy for its own risk management. The Sponsor has established an Information Security Committee ("ISC") that reviews the status of the Sponsor's cybersecurity processes and any potential risks or incidents. As of the date of this Report, the Sponsor has not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected, or that the Sponsor believes are reasonably likely to materially affect, the Trust, including its operations, results of operations, or financial condition. Cybersecurity Program Overview The Sponsor has a comprehensive cybersecurity program built around the National Institute of Standards and Technology's Cybersecurity Framework. The program incorporates a variety of strategies and measures aimed at identifying, protecting, detecting, responding to and recovering from cyber incidents. The program's key components include risk assessment and management, where the ISC, of which the Chief Executive Officer and Chief Financial Officer of the Sponsor are members, identifies potential threats and vulnerabilities and implements appropriate controls to mitigate those vulnerabilities. As part of the program, the ISC (i) develops and enforces security policies and procedures, providing guidelines for safe and secure operations, (ii) prioritizes employee training and awareness, as human error is often a significant factor in security breaches, (iii) conducts regular security audits and assessments to ensure that the program remains effective and up to date with evolving threats, and (iv) incorporates advanced technologies such as identify management, encryption, firewalls, anti-malware and intrusion detection systems to provide multiple layers of defense against cyber-attacks. The Trust also relies on its other service providers, including the Trustee and the Cash Custodian, to implement cybersecurity programs and engage external experts, including cybersecurity assessors, risk management and information technology professionals, attorneys, consultants and auditors to evaluate their cybersecurity measures and risk management processes. Management's Role in Cybersecurity Risk Management The Sponsor conducts annual due diligence on the Trust's service providers, including the Trustee and Cash Custodian, which includes a review of the relevant service provider's operational and cybersecurity controls. The Sponsor's officers review the results of this annual review and any incidents or perceived risks. Board Oversight of Cybersecurity Risks The Sponsor does not have a board of directors and is instead managed by its sole managing member, who performs the governance and oversight functions typically undertaken by a board of directors.

Company Information