Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Alternus employs a strategic, multilayered approach to cybersecurity based on the National Institute of Standards and Technology (NIST) framework. The company maintains a dedicated internal cybersecurity team that oversees the development, implementation, and continual improvement of cybersecurity policies, tools, and procedures to identify, prevent, detect, respond to, and recover from evolving cyber threats.
The Information Technology team collaborates with key functions across the company, including risk management, legal, finance, and operations to assess organizational exposure to cybersecurity risks. These assessments are integrated into Alternus’ Information Security Policy, which is regularly reviewed and updated in coordination with company leadership. Cybersecurity risk is managed through multiple, overlapping controls and strategic initiatives, including: ● The implementation of a comprehensive cybersecurity policy addressing acceptable use, data governance, social media, encryption, remote access, authentication, vulnerability management, and incident response; ● Cybersecurity awareness training for all employees; ● A multidisciplinary cybersecurity incident response team with defined protocols and escalation paths; ● Tabletop exercises to test and refine response readiness; ● Continuous integration of intelligence from industry and government sources into internal monitoring and defense processes; ● Ongoing internal reviews of enterprise applications and infrastructure, including access control evaluations and configuration audits. The Chief Information Officer (CIO), with more than 20 years of experience in information and operational technology, holds primary responsibility for the cybersecurity program. Under the CIO’s leadership, the IT team continuously evaluates risk postures and safeguards Alternus’ critical cyber assets. Their efforts are designed to provide resilience against both common and sophisticated cyber threats. The organization has implemented strong internal evaluation mechanisms and governance structures to ensure the integrity and maturity of its cybersecurity position. Risk management of third-party service providers, especially those handling sensitive data or enterprise applications, is carried out through documented access reviews and contractual safeguards, including SOC 2 reporting where applicable.
Although Alternus has not experienced cybersecurity events that have materially impacted the business, like most organizations, it faces ongoing risks such as phishing, malware, and attempted unauthorized access. These are monitored and addressed in accordance with established policies. See “Item 1A. Risk Factors” for additional information regarding our organization’s cybersecurity risks, which should be read together with this “Item 1C. Cybersecurity”.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | Alternus employs a strategic, multilayered approach to cybersecurity based on the National Institute of Standards and Technology (NIST) framework. The company maintains a dedicated internal cybersecurity team that oversees the development, implementation, and continual improvement of cybersecurity policies, tools, and procedures to identify, prevent, detect, respond to, and recover from evolving cyber threats. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Although Alternus has not experienced cybersecurity events that have materially impacted the business, like most organizations, it faces ongoing risks such as phishing, malware, and attempted unauthorized access. These are monitored and addressed in accordance with established policies. See “Item 1A. Risk Factors” for additional information regarding our organization’s cybersecurity risks, which should be read together with this “Item 1C. Cybersecurity”. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Cybersecurity risk is managed through multiple, overlapping controls and strategic initiatives, including: ● The implementation of a comprehensive cybersecurity policy addressing acceptable use, data governance, social media, encryption, remote access, authentication, vulnerability management, and incident response; ● Cybersecurity awareness training for all employees; ● A multidisciplinary cybersecurity incident response team with defined protocols and escalation paths; ● Tabletop exercises to test and refine response readiness; ● Continuous integration of intelligence from industry and government sources into internal monitoring and defense processes; ● Ongoing internal reviews of enterprise applications and infrastructure, including access control evaluations and configuration audits. The Chief Information Officer (CIO), with more than 20 years of experience in information and operational technology, holds primary responsibility for the cybersecurity program. Under the CIO’s leadership, the IT team continuously evaluates risk postures and safeguards Alternus’ critical cyber assets. Their efforts are designed to provide resilience against both common and sophisticated cyber threats. The organization has implemented strong internal evaluation mechanisms and governance structures to ensure the integrity and maturity of its cybersecurity position. Risk management of third-party service providers, especially those handling sensitive data or enterprise applications, is carried out through documented access reviews and contractual safeguards, including SOC 2 reporting where applicable. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | Cybersecurity risk is managed through multiple, overlapping controls and strategic initiatives, including: ? The implementation of a comprehensive cybersecurity policy addressing acceptable use, data governance, social media, encryption, remote access, authentication, vulnerability management, and incident response; ? Cybersecurity awareness training for all employees; ? A multidisciplinary cybersecurity incident response team with defined protocols and escalation paths; ? Tabletop exercises to test and refine response readiness; ? Continuous integration of intelligence from industry and government sources into internal monitoring and defense processes; ? Ongoing internal reviews of enterprise applications and infrastructure, including access control evaluations and configuration audits. The Chief Information Officer (CIO), with more than 20 years of experience in information and operational technology, holds primary responsibility for the cybersecurity program. Under the CIO’s leadership, the IT team continuously evaluates risk postures and safeguards Alternus’ critical cyber assets. Their efforts are designed to provide resilience against both common and sophisticated cyber threats. The organization has implemented strong internal evaluation mechanisms and governance structures to ensure the integrity and maturity of its cybersecurity position. Risk management of third-party service providers, especially those handling sensitive data or enterprise applications, is carried out through documented access reviews and contractual safeguards, including SOC 2 reporting where applicable. |
| Cybersecurity Risk Role of Management [Text Block] | The Information Technology team collaborates with key functions across the company, including risk management, legal, finance, and operations to assess organizational exposure to cybersecurity risks. These assessments are integrated into Alternus’ Information Security Policy, which is regularly reviewed and updated in coordination with company leadership. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Cybersecurity risk is managed through multiple, overlapping controls and strategic initiatives, including: ? The implementation of a comprehensive cybersecurity policy addressing acceptable use, data governance, social media, encryption, remote access, authentication, vulnerability management, and incident response; ? Cybersecurity awareness training for all employees; ? A multidisciplinary cybersecurity incident response team with defined protocols and escalation paths; ? Tabletop exercises to test and refine response readiness; ? Continuous integration of intelligence from industry and government sources into internal monitoring and defense processes; ? Ongoing internal reviews of enterprise applications and infrastructure, including access control evaluations and configuration audits. The Chief Information Officer (CIO), with more than 20 years of experience in information and operational technology, holds primary responsibility for the cybersecurity program. Under the CIO’s leadership, the IT team continuously evaluates risk postures and safeguards Alternus’ critical cyber assets. Their efforts are designed to provide resilience against both common and sophisticated cyber threats. The organization has implemented strong internal evaluation mechanisms and governance structures to ensure the integrity and maturity of its cybersecurity position. Risk management of third-party service providers, especially those handling sensitive data or enterprise applications, is carried out through documented access reviews and contractual safeguards, including SOC 2 reporting where applicable. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Cybersecurity risk is managed through multiple, overlapping controls and strategic initiatives, including: ? The implementation of a comprehensive cybersecurity policy addressing acceptable use, data governance, social media, encryption, remote access, authentication, vulnerability management, and incident response; ? Cybersecurity awareness training for all employees; ? A multidisciplinary cybersecurity incident response team with defined protocols and escalation paths; ? Tabletop exercises to test and refine response readiness; ? Continuous integration of intelligence from industry and government sources into internal monitoring and defense processes; ? Ongoing internal reviews of enterprise applications and infrastructure, including access control evaluations and configuration audits. The Chief Information Officer (CIO), with more than 20 years of experience in information and operational technology, holds primary responsibility for the cybersecurity program. Under the CIO’s leadership, the IT team continuously evaluates risk postures and safeguards Alternus’ critical cyber assets. Their efforts are designed to provide resilience against both common and sophisticated cyber threats. The organization has implemented strong internal evaluation mechanisms and governance structures to ensure the integrity and maturity of its cybersecurity position. Risk management of third-party service providers, especially those handling sensitive data or enterprise applications, is carried out through documented access reviews and contractual safeguards, including SOC 2 reporting where applicable. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Cybersecurity risk is managed through multiple, overlapping controls and strategic initiatives, including: ? The implementation of a comprehensive cybersecurity policy addressing acceptable use, data governance, social media, encryption, remote access, authentication, vulnerability management, and incident response; ? Cybersecurity awareness training for all employees; ? A multidisciplinary cybersecurity incident response team with defined protocols and escalation paths; ? Tabletop exercises to test and refine response readiness; ? Continuous integration of intelligence from industry and government sources into internal monitoring and defense processes; ? Ongoing internal reviews of enterprise applications and infrastructure, including access control evaluations and configuration audits. The Chief Information Officer (CIO), with more than 20 years of experience in information and operational technology, holds primary responsibility for the cybersecurity program. Under the CIO’s leadership, the IT team continuously evaluates risk postures and safeguards Alternus’ critical cyber assets. Their efforts are designed to provide resilience against both common and sophisticated cyber threats. The organization has implemented strong internal evaluation mechanisms and governance structures to ensure the integrity and maturity of its cybersecurity position. Risk management of third-party service providers, especially those handling sensitive data or enterprise applications, is carried out through documented access reviews and contractual safeguards, including SOC 2 reporting where applicable. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |