XML 22 R7.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Risk Management, Strategy and Oversight
We assess and monitor cybersecurity risks to our infrastructure, new projects and third parties we engage with, especially service providers. We have established a cybersecurity management system, which is called “Cybersecurity GRC System,” through which we identify, evaluate and manage cybersecurity risks. Additionally, the National Intelligence Service and the Ministry of Trade, Industry and Energy perform regular audits to identify, evaluate and manage material risks from cybersecurity threats in accordance with the Basic Guidelines for National Information Security and the detailed guidelines for information security issued by the Ministry of Trade, Industry and Energy.
We have formed an Information Security Committee under the supervision of our information security department. The Information Security Committee’s responsibilities include, among others, conducting investigations into cybersecurity incidents and developing preventive strategies. Moreover, we and our generation subsidiaries have jointly established a Cybersecurity Committee, a cybersecurity oversight group comprised of senior management teams of the respective companies, including Chief Information Security Officers, to monitor cybersecurity policies and provide strategic direction for the prevention, detection, mitigation and remediation of cybersecurity risks.
 
We use contractual terms to impose cybersecurity requirements on third-party service providers for compliance with our cybersecurity policies, including the requirement to immediately inform us of any occurrence of cybersecurity threats during the provision of their service. We and our generation subsidiaries conduct training, policies, technical and procedural controls and mitigation plans to address risks from cybersecurity threats.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We assess and monitor cybersecurity risks to our infrastructure, new projects and third parties we engage with, especially service providers. We have established a cybersecurity management system, which is called “Cybersecurity GRC System,” through which we identify, evaluate and manage cybersecurity risks. Additionally, the National Intelligence Service and the Ministry of Trade, Industry and Energy perform regular audits to identify, evaluate and manage material risks from cybersecurity threats in accordance with the Basic Guidelines for National Information Security and the detailed guidelines for information security issued by the Ministry of Trade, Industry and Energy.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] We and our generation subsidiaries have not experienced any cybersecurity incidents in the last three years that have materially affected the business strategy, results of operations, or financial condition of us and our generation subsidiaries.
Cybersecurity Risk Board of Directors Oversight [Text Block]
Governance
Under the supervision of the Chief Business Management Officer, our Chief Information Security Officer (“CISO”), who is also a standing director and executive director of information security, is responsible for assessing and managing material risks from cybersecurity threats. The CISO has qualifications stipulated by relevant laws and extensive experience related to the management and protection of information security. All material cybersecurity-related matters are promptly notified to the CISO, who provides updates on security control to the Chief Business Management Officer on a weekly basis. Also, our Board of Directors is responsible for the oversight of risks from cybersecurity threats. The Board will receive reports of material cybersecurity incidents and threats as they occur. Additionally, pursuant to the Act on the Control and Supervision on Nuclear Power Suppliers for the Prevention of Corruption in the Nuclear Power Industry, our management is charged with submitting an operational plan for cybersecurity management every two years to our board of directors, which includes plans to prevent nuclear power-related misconduct. Such plan needs to be reviewed and approved by our board of directors.
 
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Under the supervision of the Chief Business Management Officer, our Chief Information Security Officer (“CISO”), who is also a standing director and executive director of information security, is responsible for assessing and managing material risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board will receive reports of material cybersecurity incidents and threats as they occur. Additionally, pursuant to the Act on the Control and Supervision on Nuclear Power Suppliers for the Prevention of Corruption in the Nuclear Power Industry, our management is charged with submitting an operational plan for cybersecurity management every two years to our board of directors, which includes plans to prevent nuclear power-related misconduct. Such plan needs to be reviewed and approved by our board of directors.
Cybersecurity Risk Role of Management [Text Block]
Under the supervision of the Chief Business Management Officer, our Chief Information Security Officer (“CISO”), who is also a standing director and executive director of information security, is responsible for assessing and managing material risks from cybersecurity threats. The CISO has qualifications stipulated by relevant laws and extensive experience related to the management and protection of information security. All material cybersecurity-related matters are promptly notified to the CISO, who provides updates on security control to the Chief Business Management Officer on a weekly basis. Also, our Board of Directors is responsible for the oversight of risks from cybersecurity threats. The Board will receive reports of material cybersecurity incidents and threats as they occur. Additionally, pursuant to the Act on the Control and Supervision on Nuclear Power Suppliers for the Prevention of Corruption in the Nuclear Power Industry, our management is charged with submitting an operational plan for cybersecurity management every two years to our board of directors, which includes plans to prevent nuclear power-related misconduct. Such plan needs to be reviewed and approved by our board of directors.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
We have formed an Information Security Committee under the supervision of our information security department. The Information Security Committee’s responsibilities include, among others, conducting investigations into cybersecurity incidents and developing preventive strategies. Moreover, we and our generation subsidiaries have jointly established a Cybersecurity Committee, a cybersecurity oversight group comprised of senior management teams of the respective companies, including Chief Information Security Officers, to monitor cybersecurity policies and provide strategic direction for the prevention, detection, mitigation and remediation of cybersecurity risks.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The CISO has qualifications stipulated by relevant laws and extensive experience related to the management and protection of information security.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
We have formed an Information Security Committee under the supervision of our information security department. The Information Security Committee’s responsibilities include, among others, conducting investigations into cybersecurity incidents and developing preventive strategies. Moreover, we and our generation subsidiaries have jointly established a Cybersecurity Committee, a cybersecurity oversight group comprised of senior management teams of the respective companies, including Chief Information Security Officers, to monitor cybersecurity policies and provide strategic direction for the prevention, detection, mitigation and remediation of cybersecurity risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true