Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Our business processes and operations depend significantly on the implementation and maintenance of technology infrastructure and data systems, as well as telecommunication services, both for our corporate and operational segments. On the corporate side, we are heavily dependent on the enterprise resource planning system and other interconnected systems, as well as the network and cloud infrastructure. On the operational side, we rely strongly on systems responsible for monitoring and operating our industrial environment, as well as the infrastructure of the operation centers and equipment that are part of the data transmission and reception systems connected to the ONS operating environments or to other agents’ operation centers. We have adopted various measures to actively monitor our networks, systems, and technology assets to map cybersecurity-related risks, such as recurring penetration tests, an endpoint and network detection and response platform, security information and event management and threat intelligence. We have also implemented measures to mitigate and prevent events that may compromise the availability, integrity and confidentiality of information and systems, or that may cause damage, data loss, financial loss, service interruptions, undue dissemination of information, or harm to our reputation. Each year, we engage an accounting firm to carry out an assessment and issue a report detailing the level of risk related to our information security activities.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We have adopted various measures to actively monitor our networks, systems, and technology assets to map cybersecurity-related risks, such as recurring penetration tests, an endpoint and network detection and response platform, security information and event management and threat intelligence. We have also implemented measures to mitigate and prevent events that may compromise the availability, integrity and confidentiality of information and systems, or that may cause damage, data loss, financial loss, service interruptions, undue dissemination of information, or harm to our reputation. Each year, we engage an accounting firm to carry out an assessment and issue a report detailing the level of risk related to our information security activities.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	We have a cyber incident management process that defines criteria and recommends techniques and tools to detect and monitor cyber threats. Our cyber crisis management guidelines establish procedures to be followed in the event of cyber incidents or crises, specifying the responsibilities of each team involved. These guidelines are part of our general information security policy, approved by our Executive Directors. We have a Chief Information Security Officer (CISO) who is one of the Company's Executive Directors and manages the implementation of our information security plan based on standards of the National Institute of Standards and Technology, across all subsidiaries, along with several complementary regulations applicable to our group. The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee. In addition, we have developed a personal data privacy program, phishing prevention program, cyber incident response program, third-party risk monitoring, and a business continuity plan. We also maintain a security operations center to monitor vulnerabilities and handle incidents. Recently, we launched a project to improve cybersecurity in the operational technology environment, in line with the Operation Procedure Manual - Operational Routine (RO-CB.BR.01) of the ONS. Training and further qualifications on this subject are routinely carried out at the Corporate University of our companies. These initiatives aim to mitigate risks and strengthen information security management by establishing internal guidelines, acquiring tools and services, improving procedures, conducting awareness campaigns and training, reducing vulnerabilities, and enabling more effective and timely detection of incidents. We have secured cybersecurity insurance policies for projects and commitments with third-party vendors, who must comply with our security requirements. We assess third-party risk in all technology-related contracts, based on three criteria: access to our network, physical connections, or receipt of sensitive data. Suppliers undergo additional screening and are classified into risk levels (low, medium, high, or critical). For high or critical risk suppliers, we implement specific action plans and conduct intrusion testing.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	We have a cyber incident management process that defines criteria and recommends techniques and tools to detect and monitor cyber threats. Our cyber crisis management guidelines establish procedures to be followed in the event of cyber incidents or crises, specifying the responsibilities of each team involved. These guidelines are part of our general information security policy, approved by our Executive Directors. We have a Chief Information Security Officer (CISO) who is one of the Company's Executive Directors and manages the implementation of our information security plan based on standards of the National Institute of Standards and Technology, across all subsidiaries, along with several complementary regulations applicable to our group. The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	We have a Chief Information Security Officer (CISO) who is one of the Company's Executive Directors and manages the implementation of our information security plan based on standards of the National Institute of Standards and Technology, across all subsidiaries, along with several complementary regulations applicable to our group. The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee.
Cybersecurity Risk Role of Management [Text Block]	Our cyber crisis management guidelines establish procedures to be followed in the event of cyber incidents or crises, specifying the responsibilities of each team involved. These guidelines are part of our general information security policy, approved by our Executive Directors. We have a Chief Information Security Officer (CISO) who is one of the Company's Executive Directors and manages the implementation of our information security plan based on standards of the National Institute of Standards and Technology, across all subsidiaries, along with several complementary regulations applicable to our group. The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee. In addition, we have developed a personal data privacy program, phishing prevention program, cyber incident response program, third-party risk monitoring, and a business continuity plan. We also maintain a security operations center to monitor vulnerabilities and handle incidents. Recently, we launched a project to improve cybersecurity in the operational technology environment, in line with the Operation Procedure Manual - Operational Routine (RO-CB.BR.01) of the ONS. Training and further qualifications on this subject are routinely carried out at the Corporate University of our companies. These initiatives aim to mitigate risks and strengthen information security management by establishing internal guidelines, acquiring tools and services, improving procedures, conducting awareness campaigns and training, reducing vulnerabilities, and enabling more effective and timely detection of incidents. We have secured cybersecurity insurance policies for projects and commitments with third-party vendors, who must comply with our security requirements.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2025

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Our business processes and operations depend significantly on the implementation and maintenance of technology infrastructure and data systems, as well as telecommunication services, both for our corporate and operational segments. On the corporate side, we are heavily dependent on the enterprise resource planning system and other interconnected systems, as well as the network and cloud infrastructure. On the operational side, we rely strongly on systems responsible for monitoring and operating our industrial environment, as well as the infrastructure of the operation centers and

equipment that are part of the data transmission and reception systems connected to the ONS operating environments or to other agents’ operation centers.

We have adopted various measures to actively monitor our networks, systems, and technology assets to map cybersecurity-related risks, such as recurring penetration tests, an endpoint and network detection and response platform, security information and event management and threat intelligence. We have also implemented measures to mitigate and prevent events that may compromise the availability, integrity and confidentiality of information and systems, or that may cause damage, data loss, financial loss, service interruptions, undue dissemination of information, or harm to our reputation. Each year, we engage an accounting firm to carry out an assessment and issue a report detailing the level of risk related to our information security activities.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

We have a cyber incident management process that defines criteria and recommends techniques and tools to detect and monitor cyber threats. Our cyber crisis management guidelines establish procedures to be followed in the event of cyber incidents or crises, specifying the responsibilities of each team involved. These guidelines are part of our general information security policy, approved by our Executive Directors. We have a Chief Information Security Officer (CISO) who is one of the Company's Executive Directors and manages the implementation of our information security plan based on standards of the National Institute of Standards and Technology, across all subsidiaries, along with several complementary regulations applicable to our group. The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee.

In addition, we have developed a personal data privacy program, phishing prevention program, cyber incident response program, third-party risk monitoring, and a business continuity plan. We also maintain a security operations center to monitor vulnerabilities and handle incidents. Recently, we launched a project to improve cybersecurity in the operational technology environment, in line with the Operation Procedure Manual - Operational Routine (RO-CB.BR.01) of the ONS. Training and further qualifications on this subject are routinely carried out at the Corporate University of our companies.

These initiatives aim to mitigate risks and strengthen information security management by establishing internal guidelines, acquiring tools and services, improving procedures, conducting awareness campaigns and training, reducing vulnerabilities, and enabling more effective and timely detection of incidents. We have secured cybersecurity insurance policies for projects and commitments with third-party vendors, who must comply with our security requirements.

We assess third-party risk in all technology-related contracts, based on three criteria: access to our network, physical connections, or receipt of sensitive data. Suppliers undergo additional screening and are classified into risk levels (low, medium, high, or critical). For high or critical risk suppliers, we implement specific action plans and conduct intrusion testing.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

We have a Chief Information Security Officer (CISO) who is one of the Company's Executive Directors and manages the implementation of our information security plan based on standards of the National Institute of Standards and Technology, across all subsidiaries, along with several complementary regulations applicable to our group. The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee.

Cybersecurity Risk Role of Management [Text Block]

Our cyber crisis management guidelines establish procedures to be followed in the event of cyber incidents or crises, specifying the responsibilities of each team involved. These guidelines are part of our general information security policy, approved by our Executive Directors. We have a Chief Information Security Officer (CISO) who is one of the Company's Executive Directors and manages the implementation of our information security plan based on standards of the National Institute of Standards and Technology, across all subsidiaries, along with several complementary regulations applicable to our group. The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The CISO is responsible for all information security areas and reports directly to the other Executive Directors, the Board of Directors and the Audit and Risks Committee.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true