Item 1C. Cybersecurity.

Cybersecurity Risk Management and Strategy

We recognize the importance of continuously monitoring and assessing material risks from cybersecurity threats, as defined in Item 106(a) of Regulation S-K. To address these risks, we maintain a comprehensive risk management framework designed to enable rapid response to identified threats and to mitigate the potential impact of cybersecurity incidents. Among the cybersecurity risks we face are unauthorized access to sensitive information, breaches of critical systems that could result in loss of constellation control, and denial-of-service attacks on critical systems, although these examples are not exhaustive.

Cybersecurity risk management is integrated into our broader enterprise risk management framework, which undergoes regular review by our Chief Technology Officer (“CTO”), senior management team, and Board of Directors. We hold an ISO 27001:2013 certification related to our information security management system (“ISMS”), which encompasses the assets, technologies, personnel, and processes supporting our corporate IT environment, as well as the satellite command and control systems, data uplink and downlink pipelines, and ground stations used in our radio frequency collection and data products.

Our cybersecurity incident response procedures are detailed in internal policies and include remediation plans tailored to the scope and severity of each incident. Remediation generally involves incident analysis, isolation and eradication of the threat, and post-incident review. Upon detection of a cybersecurity incident, our IT Security Team reports the event to our legal and compliance teams, which then provide guidance on any required notifications or reporting obligations.

We conduct regular risk assessments across regulatory compliance, technical operations, business operations, and product/contract deliverables. These risks are managed, documented, and tracked through our ISMS and related processes. Risks are internally evaluated and categorized according to their perceived likelihood and potential impact on the confidentiality, integrity, and availability of our systems, consistent with the ISO 27005 international standard for information security risk management. We also engage third-party penetration testers, assessors, vendors, and auditors to support external network vulnerability scanning, penetration testing, internal and external audits, threat intelligence, and employee training. In addition, we employ a range of self-hosted and SaaS-based tools to aid in vulnerability identification, mitigation, and remediation.

We rank and prioritize identified risks and vulnerabilities for mitigation based on the factors described above. Risk mitigation and minimization efforts include regular software patching and updates; restricting connections to sensitive and critical systems to only those that are necessary; prompt response to newly discovered exploitable vulnerabilities; implementation of enhanced auditing and monitoring controls; and periodic security assessments of critical systems.

We evaluate the cybersecurity posture of third-party service providers, vendors, and suppliers at least annually, as well as whenever such parties implement significant changes to products or operations. We maintain ongoing communications with these partners through email, chat services, ticketing systems, and regular meetings to identify and remediate any identified vulnerabilities promptly.

We also require all employees to complete mandatory cybersecurity training designed to help them identify, avoid, and mitigate cybersecurity threats. These trainings address a broad array of topics, including insider threats, phishing, spoofing, and related risks.

As of the date of this Annual Report on Form 10-K, we have not experienced any cybersecurity threat or incident that has materially affected, or is reasonably likely to materially affect, our business strategy, results of operations, or financial condition. However, there can be no assurance that we will not experience such an incident in the future. We seek to incorporate industry best practices into our cybersecurity program and continue to invest in additional controls to enhance the resiliency of our networks and prevent cybersecurity incidents. For a discussion of how cybersecurity threats could materially affect us, including potential impacts on our business strategy, results of operations, and financial condition, please refer to the section titled “Risk Factors” in this Annual Report on Form 10-K.

Our cybersecurity program is overseen by the Company’s CTO, working in close collaboration with the CEO and our legal and compliance teams. The CTO possesses a strong technical background and maintains current knowledge of cybersecurity risk management best practices and our Company’s risk management framework. Our legal and compliance teams, which support cybersecurity efforts, draw on extensive prior experience as well as ongoing participation in training sessions and industry events.