Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	As part of the critical elements of our overall risk management approach, our cybersecurity program is focused on the following key areas: •Identifying and Managing Risks: ◦Ongoing risk assessments, including through the use of a third party, to identify internal and external threats and vulnerabilities on an on-going basis and to classify each into risk categories. Escalation is conducted based upon the assigned risk profile, including escalation by the third party to REE’s Chief Information Security Officer, or CISO. Additionally, we undertake risk classifications with respect to our suppliers/vendors by identifying the information that such entity will access, collect and/or process and identify the potential threats and risks that may exist as a result. Based upon such classifications, we consider the information security and privacy requirements for the contract with such entity. Access to REE data, and specifically personal data by external parties, may be based upon a contract and an appropriate preliminary risk assessment process. Certain contracts contain specifications with respect to security procedures and the ability to conduct testing and/or site visits. ◦The Company also uses third parties to conduct penetration tests from time-to-time with respect to its information technology and for operational technology (production) and products. ◦With respect to certain contracts involving personal data, we attempt to outline which data will be collected, how it will be processed, and who may access such data, among other items. We also may seek to include provisions relating to confidentiality and information security, and the implementation of appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated therein. Where practicable, we consider notification provisions to notify REE upon the occurrence of a cyber attack that affects REE in any way, and/or as otherwise required under applicable law. •Management: REE’s CISO is responsible for developing, maintaining and overseeing the REE security program, providing oversight,direction, and advice to the organization regarding information security, assist and coordinate with respect to security incidents (as applicable), assess REE’s security risks and communicate them to REE’s leadership team as a basis for risk-based decision-making, among other responsibilities. •Least Privilege: REE aims to provide the least access possible to individuals, while allowing them to perform their responsibilities. •Collaborative Approach: The Company has implemented a comprehensive, cross-functional approach to identify, prevent and mitigate cybersecurity threats and incidents. It also implements controls and procedures through its information security policy to provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made in a timely manner, where applicable. •Technical Safeguards: The Company deploys technical safeguards that are designed to protect the Company’s information systems from cybersecurity threats, including third-party developed software such as firewalls, intrusion prevention and detection systems, anti-malware functionality, the REE Gateway, and access controls, which are evaluated and improved annually through vulnerability assessments and cybersecurity threat intelligence, as overseen by the Company’s Cyber Security Steering Committee. From time-to-time we conduct network and other tests in combination with technical and management exercises that simulate cyber events. •Incident Response and Recovery Planning: The Company has established and maintains incident response and recovery plans that address the Company’s response to a cybersecurity incident, and such plans are tested and evaluated at least once annually In addition, REE utilizes athird party in order to monitor and respond to incidents. •Third-Party Risk Management: REE maintains a comprehensive risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. The Company expects its suppliers to comply with security best practices. •Manufacturing Security: As a manufacturer, REE addresses cybersecurity for its production lines through operational technology security strategies and product security. •Education and Awareness: The Company provides mandatory training for personnel regarding cybersecurity threats as a means to equip the Company’s personnel with effective tools to address cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and practices. REE reviews its Information Security Policy at least annually and seeks to update as required. As part of such policy, REE also improves and reviews current REE practices and the REE Information Security Management System (ISMS) to identify improvements based upon changes to the business (e.g., changes to customer demands, regulations, opportunities).
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	REE recognizes the critical importance of maintaining the trust and confidence of our customers, clients, business partners (such as suppliers, vendors or other external parties) and employees. REE’s cybersecurity policies, standards, processes and practices are fully integrated into our risk management program and are based on recognized frameworks established by the Israel National Cyber Directorate, ISO 27001, ISO 21434 and other applicable industry standards. For the sake of clarity, the references to such standards does not necessarily imply that we intend to meet any particular technical standards, specifications, or requirements, but instead that we use them as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. As of the date of this annual report, we are ISO 27001 certified. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when and if they occur. Specifically, we developed an information security policy in an effort to (1) protect our technology, hardware, intellectual property, and brand, and hardware against theft, loss, hacking, and manipulation, (2) maintain the confidentiality and integrity of our information, and (3) adhere to relevant statutory, regulatory, and contractual obligations. This policy applies to all our employees, contractors, suppliers and strategic partners and to all products, computer systems and information communication system applications, technologies, processes, endpoints and REE information, along with the interactions between systems and business processes that they support.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	The CISO, along with the employees listed below, work collaboratively across the Company to implement a program designed to protect the Company’s information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with the Company’s incident response and recovery plans. Such program includes the Cyber Security Steering Committee, REE’s management, and, if necessary, the Disclosure Committee with respect to disclosure considerations. To facilitate the success of the Company’s information security policy, the CISO and his team regularly monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real-time, and report such threats and incidents to the Risk Management Committee when appropriate.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Such program includes the Cyber Security Steering Committee, REE’s management, and, if necessary, the Disclosure Committee with respect to disclosure considerations. To facilitate the success of the Company’s information security policy, the CISO and his team regularly monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real-time, and report such threats and incidents to the Risk Management Committee when appropriate.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	To facilitate the success of the Company’s information security policy, the CISO and his team regularly monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real-time, and report such threats and incidents to the Risk Management Committee when appropriate.
Cybersecurity Risk Role of Management [Text Block]	The CISO, along with the employees listed below, work collaboratively across the Company to implement a program designed to protect the Company’s information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with the Company’s incident response and recovery plans. Such program includes the Cyber Security Steering Committee, REE’s management, and, if necessary, the Disclosure Committee with respect to disclosure considerations. To facilitate the success of the Company’s information security policy, the CISO and his team regularly monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real-time, and report such threats and incidents to the Risk Management Committee when appropriate. The CISO endeavors to produces a risk management report every two years and provides updates to the Company annually with respect to ongoing cyber risk. REE’s Information Security Policy delegates responsibility to the following employees: •CISO: Responsible for developing, maintaining and overseeing the REE security program; providing oversight and direction and advising the Company regarding information and physical security; assisting and coordinating during security incidents; assessing REE’s security risks and communicating them with REE’s leadership team as a basis for risk-based decision-making; ensuring that security policies and procedures are understood and adhered to; and initiating the disciplinary process for major policy violations. •Global IT Manager: Responsible for developing, maintaining and overseeing the REE network; providing and revoking access; recertification of user access to all systems on a regular basis; managing employees workstations/laptops including configurations, installations and upgrades, and ongoing maintenance; managing company information assets according to best practices and regulatory requirements; overseeing implementation of new systems to the organization (SaaS, hardware, etc.); and granting and/or revoking access to systems according to employee onboarding and off-boarding processes. •General Counsel: Acts as REE’s Data Protection Officer; provides advice regarding data protection regulation requirements and employee contracts; manages REE Data Protection Agreements for customers and vendors; and handles non-disclosure agreements, employee contracts and asset contracts. •Government, Risk and Compliance Manager, or GRC: Responsible for managing REE’s Information Management Program; designing and implementing data protection methodologies and guidelines; verifying alignment with global data protection laws such as the GDPR; and testing the effectiveness of technical and administrative security controls. •DevOps Engineer: Responsible for building new development tools and infrastructure with regards to cybersecurity.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Management: REE’s CISO is responsible for developing, maintaining and overseeing the REE security program, providing oversight,direction, and advice to the organization regarding information security, assist and coordinate with respect to security incidents (as applicable), assess REE’s security risks and communicate them to REE’s leadership team as a basis for risk-based decision-making, among other responsibilities.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	REE’s CISO is experienced in the field of cybersecurity, including having served as the head of the Cybersecurity Guidance department of the Israel National Cyber Directorate from 2019 to 2021, among other cybersecurity roles over the past 20 years, including as a cybersecurity consultant to several high tech companies in Israel. Additionally, from 2018 to 2019, our CISO led and managed the cyber studies at INT College (NESS) in Israel.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Responsible for developing, maintaining and overseeing the REE security program; providing oversight and direction and advising the Company regarding information and physical security; assisting and coordinating during security incidents; assessing REE’s security risks and communicating them with REE’s leadership team as a basis for risk-based decision-making
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

As part of the critical elements of our overall risk management approach, our cybersecurity program is focused on the following key areas:

•Identifying and Managing Risks:

◦Ongoing risk assessments, including through the use of a third party, to identify internal and external threats and vulnerabilities on an on-going basis and to classify each into risk categories. Escalation is conducted based upon the assigned risk profile, including escalation by the third party to REE’s Chief Information Security Officer, or CISO. Additionally, we undertake risk classifications with respect to our suppliers/vendors by identifying the information that such entity will access, collect and/or process and identify the potential threats and risks that may exist as a result. Based upon such classifications, we consider the information security and privacy requirements for the contract with such entity. Access to REE data, and specifically personal data by external parties, may be based upon a contract and an appropriate preliminary risk assessment process. Certain contracts contain specifications with respect to security procedures and the ability to conduct testing and/or site visits.

◦The Company also uses third parties to conduct penetration tests from time-to-time with respect to its information technology and for operational technology (production) and products.

◦With respect to certain contracts involving personal data, we attempt to outline which data will be collected, how it will be processed, and who may access such data, among other items. We also may seek to include provisions relating to confidentiality and information security, and the implementation of appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated therein. Where practicable, we consider notification provisions to notify REE upon the occurrence of a cyber attack that affects REE in any way, and/or as otherwise required under applicable law.

•Management: REE’s CISO is responsible for developing, maintaining and overseeing the REE security program, providing oversight,direction, and advice to the organization regarding information security, assist and coordinate with respect to security incidents (as applicable), assess REE’s security risks and communicate them to REE’s leadership team as a basis for risk-based decision-making, among other responsibilities.

•Least Privilege: REE aims to provide the least access possible to individuals, while allowing them to perform their responsibilities.

•Collaborative Approach: The Company has implemented a comprehensive, cross-functional approach to identify, prevent and mitigate cybersecurity threats and incidents. It also implements controls and procedures through its information security policy to provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made in a timely manner, where applicable.

•Technical Safeguards: The Company deploys technical safeguards that are designed to protect the Company’s information systems from cybersecurity threats, including third-party developed software such as firewalls, intrusion prevention and detection systems, anti-malware functionality, the REE Gateway, and access controls, which are evaluated and improved annually through vulnerability assessments and cybersecurity threat

intelligence, as overseen by the Company’s Cyber Security Steering Committee. From time-to-time we conduct network and other tests in combination with technical and management exercises that simulate cyber events.

•Incident Response and Recovery Planning: The Company has established and maintains incident response and recovery plans that address the Company’s response to a cybersecurity incident, and such plans are tested and evaluated at least once annually In addition, REE utilizes athird party in order to monitor and respond to incidents.

•Third-Party Risk Management: REE maintains a comprehensive risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of the Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. The Company expects its suppliers to comply with security best practices.

•Manufacturing Security: As a manufacturer, REE addresses cybersecurity for its production lines through operational technology security strategies and product security.

•Education and Awareness: The Company provides mandatory training for personnel regarding cybersecurity threats as a means to equip the Company’s personnel with effective tools to address cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and practices.

REE reviews its Information Security Policy at least annually and seeks to update as required. As part of such policy, REE also improves and reviews current REE practices and the REE Information Security Management System (ISMS) to identify improvements based upon changes to the business (e.g., changes to customer demands, regulations, opportunities).

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

REE recognizes the critical importance of maintaining the trust and confidence of our customers, clients, business partners (such as suppliers, vendors or other external parties) and employees. REE’s cybersecurity policies, standards, processes and practices are fully integrated into our risk management program and are based on recognized frameworks established by the Israel National Cyber Directorate, ISO 27001, ISO 21434 and other applicable industry standards. For the sake of clarity, the references to such standards does not necessarily imply that we intend to meet any particular technical standards, specifications, or requirements, but instead that we use them as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. As of the date of this annual report, we are ISO 27001 certified. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when and if they occur. Specifically, we developed an information security policy in an effort to (1) protect our technology, hardware, intellectual property, and brand, and hardware against theft, loss, hacking, and manipulation, (2) maintain the confidentiality and integrity of our information, and (3) adhere to relevant statutory, regulatory, and contractual obligations. This policy applies to all our employees, contractors, suppliers and strategic partners and to all products, computer systems and information communication system applications, technologies, processes, endpoints and REE information, along with the interactions between systems and business processes that they support.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

The CISO, along with the employees listed below, work collaboratively across the Company to implement a program designed to protect the Company’s information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with the Company’s incident response and recovery plans. Such program includes the Cyber Security Steering Committee, REE’s management, and, if necessary, the Disclosure Committee with respect to disclosure considerations. To facilitate the success of the Company’s information security policy, the CISO and his team regularly monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real-time, and report such threats and incidents to the Risk Management Committee when appropriate.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Such program includes the Cyber Security Steering Committee, REE’s management, and, if necessary, the Disclosure Committee with respect to disclosure considerations. To facilitate the success of the Company’s information security policy, the CISO and his team regularly monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real-time, and report such threats and incidents to the Risk Management Committee when appropriate.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

To facilitate the success of the Company’s information security policy, the CISO and his team regularly monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real-time, and report such threats and incidents to the Risk Management Committee when appropriate.

Cybersecurity Risk Role of Management [Text Block]

•CISO: Responsible for developing, maintaining and overseeing the REE security program; providing oversight and direction and advising the Company regarding information and physical security; assisting and coordinating during security incidents; assessing REE’s security risks and communicating them with REE’s leadership team as a basis for risk-based decision-making; ensuring that security policies and procedures are understood and adhered to; and initiating the disciplinary process for major policy violations.

•Global IT Manager: Responsible for developing, maintaining and overseeing the REE network; providing and revoking access; recertification of user access to all systems on a regular basis; managing employees workstations/laptops including configurations, installations and upgrades, and ongoing maintenance; managing company information assets according to best practices and regulatory requirements; overseeing implementation of new systems to the organization (SaaS, hardware, etc.); and granting and/or revoking access to systems according to employee onboarding and off-boarding processes.

•General Counsel: Acts as REE’s Data Protection Officer; provides advice regarding data protection regulation requirements and employee contracts; manages REE Data Protection Agreements for customers and vendors; and handles non-disclosure agreements, employee contracts and asset contracts.

•Government, Risk and Compliance Manager, or GRC: Responsible for managing REE’s Information Management Program; designing and implementing data protection methodologies and guidelines; verifying alignment with global data protection laws such as the GDPR; and testing the effectiveness of technical and administrative security controls.

•DevOps Engineer: Responsible for building new development tools and infrastructure with regards to cybersecurity.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Management: REE’s CISO is responsible for developing, maintaining and overseeing the REE security program, providing oversight,direction, and advice to the organization regarding information security, assist and coordinate with respect to security incidents (as applicable), assess REE’s security risks and communicate them to REE’s leadership team as a basis for risk-based decision-making, among other responsibilities.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

REE’s CISO is experienced in the field of cybersecurity, including having served as the head of the Cybersecurity Guidance department of the Israel National Cyber Directorate from 2019 to 2021, among other cybersecurity roles over the past 20 years, including as a cybersecurity consultant to several high tech companies in Israel. Additionally, from 2018 to 2019, our CISO led and managed the cyber studies at INT College (NESS) in Israel.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Responsible for developing, maintaining and overseeing the REE security program; providing oversight and direction and advising the Company regarding information and physical security; assisting and coordinating during security incidents; assessing REE’s security risks and communicating them with REE’s leadership team as a basis for risk-based decision-making

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true