Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cybersecurity risks We maintain a robust cybersecurity infrastructure to safeguard our operations, networks and data through comprehensive security measures including our technology tools, internal management and external service providers. Our processes for assessing, identifying and managing material risks from cybersecurity threats are integrated into our risk management system. We use a variety of tools and processes to collect relevant data and identify, monitor, assess and manage material cybersecurity risks. The Company has a corporate risk management process formally defined in the Corporate Risk Management and Internal Controls Policy (NO – 02.19), which maps process risks, identifies top risks and reviews the risk matrix annually. The identified risks are classified and treated through action plans. The board of directors is responsible for evaluation and approval of the Top Risks Matrix, as well as the general guidelines for establishing of the Company's acceptable limits of exposure to risks. Cybersecurity risk is mapped as one of the Company's top risks and to mitigate it, CEMIG puts into practice processes, policies and tools, including, among others: • Information Security Policy: CEMIG has an Information Security Policy (ISP), which defines its security principles and ensures that employees, suppliers and other users follow the security rules; • Vulnerability and threat management process: This process monitors the environment to identify existing vulnerabilities and apply necessary fixes. The external environment is also monitored through the “Threat intelligence” service, which seeks to identify possible leaks of credentials or information on the deep web, abuse of the CEMIG brand and other frauds; • Network Security: CEMIG is protected by network security solutions, which include web content filter, intrusion prevent system, anti-spam software and next generation firewalls; • Training and Awareness Program: The Company has a workforce awareness process that consists of training through its own distance learning platform, UniverCEMIG, to raise information security awareness, promote behavioral change and realize the importance of information security for the Company's workforce. Through the Company's intranet, communication campaigns guide employees on safe use of the internet, prevention of fraud, phishing and scams, in addition to the responsible use of Company assets; • DLP (Data Loss Prevention) and electronic information classification tool that monitors and prevents the leakage of personal and confidential data and applies encryption protection to critical documents; • Use of multiple factor authentication (MFA) for all VPN connections and access to corporate and operational networks. Additionally, we implemented a virtualized access solution (VDI) for outsourced labor; • Phishing attack simulation: Phishing simulation campaigns are carried out with the aim of training employees in identifying threats received by email and reporting suspicious behavior to the cybersecurity area; • Endpoint Protection: CEMIG implements antivirus (AV) and Endpoint Detection & Response (EDR) solutions on desktops and servers. CEMIG also has next-generation firewalls and intrusion prevention system (IPS); • Central Logging Management: CEMIG utilizes a Security Information and Events Management (SIEM) solution that collect, manage and analyze events from many sources and also is connected to other security solutions, which allow security analysts to quickly respond when any suspicious activity is detected; • SOC – Security Operation Center: The SOC team performs continuous monitoring of the IT environment through various tools for detecting, identifying, containing and eradicating any threat; • Third Parties: CEMIG has a policy that establishes security Information requirements to all suppliers that have rights to access, creation, processing, maintenance, transfer and storage of data outside the Company’s IT environment.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Our processes for assessing, identifying and managing material risks from cybersecurity threats are integrated into our risk management system.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	During 2024 and as of the date of this annual report, we have not identified any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, the Company or our business strategy, results of operations or financial condition.
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance Our board of directors oversees management’s approach to managing cybersecurity risks as part of its risk management oversight. Our board of directors holds periodic discussions with management regarding our guidelines and policies with respect to cybersecurity risks and receives regular reports from our Deputy Director of IT – DTI regarding such risks and the steps management has taken to monitor and control any exposure resulting from such risks. CEMIG has a Privacy, Data Protection and Cybersecurity Committee under the coordination of the Deputy Directorate of Compliance, Corporate Risks and Internal Controls, which is responsible for strategic choices related to privacy, data protection and cybersecurity and has as one of its responsibilities to support the Board of Directors in defining investments in technological resources, acquisition of knowledge, trends and indicators for preventive and effective management. The coordination of this committee is carried out by the Deputy Directorate of Compliance, Corporate Risks and Internal Controls and secretariat by the Privacy and Data Protection Management - DCI/PR, in matters of privacy and data protection, and by the Systems Architecture and Engineering Management of Software - DTI/AE, in matters of information security and cyber security and involves the IT, Compliance, Legal, Business and People Management Directorates, as defined in Circular DCI 03/2022. The Board of Directors is also advised by the Audit Committee, which is an independent support body of an advisory and permanent nature. This committee aims to evaluate the effectiveness of the internal control system, risk management and recommend correction and improvement of policies, practices and procedures. CEMIG has an IT security control system, based on Cobit 5 and the effectiveness of internal controls, governance and risk management is monitored through regular reports from internal and external audits, on the results of its activities, including responses of the Board of Directors to the recommendations made on controls and non-conformities, following up the notes and recommendations. The administration of information security, cybersecurity and the execution of internal IT controls are under the responsibility of Mr. Luis Claudio Correa Villani, Deputy Director of IT – DTI at CEMIG, who is responsible for assessing, identifying, and managing the risks from cybersecurity threats. Mr. Villani has more than 20 years of experience as CIO in several companies in the IT, services and automotive industry. He has specialized knowledge in ITIL, IT service management, IT strategy and Datacenter. During 2024 and as of the date of this annual report, we have not identified any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, the Company or our business strategy, results of operations or financial condition.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	CEMIG has a Privacy, Data Protection and Cybersecurity Committee under the coordination of the Deputy Directorate of Compliance, Corporate Risks and Internal Controls, which is responsible for strategic choices related to privacy, data protection and cybersecurity and has as one of its responsibilities to support the Board of Directors in defining investments in technological resources, acquisition of knowledge, trends and indicators for preventive and effective management.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	CEMIG has a Privacy, Data Protection and Cybersecurity Committee under the coordination of the Deputy Directorate of Compliance, Corporate Risks and Internal Controls, which is responsible for strategic choices related to privacy, data protection and cybersecurity and has as one of its responsibilities to support the Board of Directors in defining investments in technological resources, acquisition of knowledge, trends and indicators for preventive and effective management. The coordination of this committee is carried out by the Deputy Directorate of Compliance, Corporate Risks and Internal Controls and secretariat by the Privacy and Data Protection Management - DCI/PR, in matters of privacy and data protection, and by the Systems Architecture and Engineering Management of Software - DTI/AE, in matters of information security and cyber security and involves the IT, Compliance, Legal, Business and People Management Directorates, as defined in Circular DCI 03/2022.
Cybersecurity Risk Role of Management [Text Block]	Our board of directors oversees management’s approach to managing cybersecurity risks as part of its risk management oversight. Our board of directors holds periodic discussions with management regarding our guidelines and policies with respect to cybersecurity risks and receives regular reports from our Deputy Director of IT – DTI regarding such risks and the steps management has taken to monitor and control any exposure resulting from such risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	The administration of information security, cybersecurity and the execution of internal IT controls are under the responsibility of Mr. Luis Claudio Correa Villani, Deputy Director of IT – DTI at CEMIG, who is responsible for assessing, identifying, and managing the risks from cybersecurity threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Mr. Villani has more than 20 years of experience as CIO in several companies in the IT, services and automotive industry. He has specialized knowledge in ITIL, IT service management, IT strategy and Datacenter.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our board of directors holds periodic discussions with management regarding our guidelines and policies with respect to cybersecurity risks and receives regular reports from our Deputy Director of IT – DTI regarding such risks and the steps management has taken to monitor and control any exposure resulting from such risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Abstract]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity risks

We maintain a robust cybersecurity infrastructure to safeguard our operations, networks and data through comprehensive security measures including our technology tools, internal management and external service providers. Our processes for assessing, identifying and managing material risks from cybersecurity threats are integrated into our risk management system. We use a variety of tools and processes to collect relevant data and identify, monitor, assess and manage material cybersecurity risks.

The Company has a corporate risk management process formally defined in the Corporate Risk Management and Internal Controls Policy (NO – 02.19), which maps process risks, identifies top risks and reviews the risk matrix annually. The identified risks are classified and treated through action plans.

The board of directors is responsible for evaluation and approval of the Top Risks Matrix, as well as the general guidelines for establishing of the Company's acceptable limits of exposure to risks.

Cybersecurity risk is mapped as one of the Company's top risks and to mitigate it, CEMIG puts into practice processes, policies and tools, including, among others:

• Information Security Policy: CEMIG has an Information Security Policy (ISP), which defines its security principles and ensures that employees, suppliers and other users follow the security rules;

• Vulnerability and threat management process: This process monitors the environment to identify existing vulnerabilities and apply necessary fixes. The external environment is also monitored through the “Threat intelligence” service, which seeks to identify possible leaks of credentials or information on the deep web, abuse of the CEMIG brand and other frauds;

• Network Security: CEMIG is protected by network security solutions, which include web content filter, intrusion prevent system, anti-spam software and next generation firewalls;

• Training and Awareness Program: The Company has a workforce awareness process that consists of training through its own distance learning platform, UniverCEMIG, to raise information security awareness, promote behavioral change and realize the importance of information security for the Company's workforce. Through the Company's intranet, communication campaigns guide employees on safe use of the internet, prevention of fraud, phishing and scams, in addition to the responsible use of Company assets;

• DLP (Data Loss Prevention) and electronic information classification tool that monitors and prevents the leakage of personal and confidential data and applies encryption protection to critical documents;

• Use of multiple factor authentication (MFA) for all VPN connections and access to corporate and operational networks. Additionally, we implemented a virtualized access solution (VDI) for outsourced labor;

• Phishing attack simulation: Phishing simulation campaigns are carried out with the aim of training employees in identifying threats received by email and reporting suspicious behavior to the cybersecurity area;

• Endpoint Protection: CEMIG implements antivirus (AV) and Endpoint Detection & Response (EDR) solutions on desktops and servers. CEMIG also has next-generation firewalls and intrusion prevention system (IPS);

• Central Logging Management: CEMIG utilizes a Security Information and Events Management (SIEM) solution that collect, manage and analyze events from many sources and also is connected to other security solutions, which allow security analysts to quickly respond when any suspicious activity is detected;

• SOC – Security Operation Center: The SOC team performs continuous monitoring of the IT environment through various tools for detecting, identifying, containing and eradicating any threat;

• Third Parties: CEMIG has a policy that establishes security Information requirements to all suppliers that have rights to access, creation, processing, maintenance, transfer and storage of data outside the Company’s IT environment.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Our processes for assessing, identifying and managing material risks from cybersecurity threats are integrated into our risk management system.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

During 2024 and as of the date of this annual report, we have not identified any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, the Company or our business strategy, results of operations or financial condition.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our board of directors oversees management’s approach to managing cybersecurity risks as part of its risk management oversight. Our board of directors holds periodic discussions with management regarding our guidelines and policies with respect to cybersecurity risks and receives regular reports from our Deputy Director of IT – DTI regarding such risks and the steps management has taken to monitor and control any exposure resulting from such risks.

CEMIG has a Privacy, Data Protection and Cybersecurity Committee under the coordination of the Deputy Directorate of Compliance, Corporate Risks and Internal Controls, which is responsible for strategic choices related to privacy, data protection and cybersecurity and has as one of its responsibilities to support the Board of Directors in defining investments in technological resources, acquisition of knowledge, trends and indicators for preventive and effective management. The coordination of this committee is carried out by the Deputy Directorate of Compliance, Corporate Risks and Internal Controls and secretariat by the Privacy and Data Protection Management - DCI/PR, in matters of privacy and data protection, and by the Systems Architecture and Engineering Management of Software - DTI/AE, in matters of information security and cyber security and involves the IT, Compliance, Legal, Business and People Management Directorates, as defined in Circular DCI 03/2022.

The Board of Directors is also advised by the Audit Committee, which is an independent support body of an advisory and permanent nature. This committee aims to evaluate the effectiveness of the internal control system, risk management and recommend correction and improvement of policies, practices and procedures.

CEMIG has an IT security control system, based on Cobit 5 and the effectiveness of internal controls, governance and risk management is monitored through regular reports from internal and external audits, on the results of its activities, including responses of the Board of Directors to the recommendations made on controls and non-conformities, following up the notes and recommendations.

The administration of information security, cybersecurity and the execution of internal IT controls are under the responsibility of Mr. Luis Claudio Correa Villani, Deputy Director of IT – DTI at CEMIG, who is responsible for assessing, identifying, and managing the risks from cybersecurity threats. Mr. Villani has more than 20 years of experience as CIO in several companies in the IT, services and automotive industry. He has specialized knowledge in ITIL, IT service management, IT strategy and Datacenter.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Mr. Villani has more than 20 years of experience as CIO in several companies in the IT, services and automotive industry. He has specialized knowledge in ITIL, IT service management, IT strategy and Datacenter.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Our board of directors holds periodic discussions with management regarding our guidelines and policies with respect to cybersecurity risks and receives regular reports from our Deputy Director of IT – DTI regarding such risks and the steps management has taken to monitor and control any exposure resulting from such risks.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true