|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
We attach great importance to information security and customer privacy protection and have a systematic process for overseeing and managing cybersecurity and related risks, which is integrated into our overall risk management systems and processes. Our cybersecurity program sets out the policies and processes to identify, assess, manage, mitigate and report cybersecurity risks in accordance with industry standards and applicable laws and regulations. The Company has obtained the ISO 27001 Information Security Management System Certificate and ISO 27701 Privacy Information Management System Certificate. Our cybersecurity program is led by a dedicated cybersecurity team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents.
We have established an emergency response center which serves as a central location for the reporting of cybersecurity matters, monitors broader cybersecurity environment, and gathers information on cybersecurity risks from both internal and external sources. We provide monetary rewards for valid identifications of cybersecurity risks. We also maintain a mechanism to monitor updates from applicable regulatory bodies to receive timely alerts on external cybersecurity incidents that may impact us, so that we may promptly assess and respond as needed. We also conduct regular, mandatory privacy protection trainings covering all our employees and maintain a reporting mechanism.
We periodically carry out
table-topdrills and simulations on cybersecurity incident response and security protection to assess and improve our ability to adapt to security-related threats. In particular, we conduct third-party vulnerability analysis including simulated hacker attacks in connection with our system upgrades. We also engage third-party service providers to conduct security assessments with respect to our ISO certificates and our vehicles network safety.
We also maintain processes to assess cybersecurity risks of our third-party providers, with a goal to strengthen our supply chain resilience to cybersecurity risks. We conduct third-party risk assessment to identify and mitigate risks from third parties such as vendors, suppliers, subcontractors and other third-party providers. We consider cybersecurity risks when determining the selection and oversight of applicable third-party providers.
We have formulated emergency and incident response plans, clarifying the process for handling information security incidents. In the event of a cybersecurity incident, our cybersecurity team would assess, report and react i
naccordance with our emergency and incident response plans, under the oversight of our Information Security and
Data Compliance Committee.
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Item 3. Key Information—D. Risk Factors—Actual or alleged failure to comply with laws, regulations, rules, policies and other obligations regarding privacy, data protection, cybersecurity and information security could subject us to significant reputational, financial, legal and operational consequences” and “—Any cyber-attacks, unauthorized access or control of our Smart EVs’ systems could result in loss of confidence in us and our Smart EVs and harm our business.”
Cybersecurity Governa
nce
Our Information Security and Data Compliance Committee (the “Committee”) is primarily responsible for the oversight, decision-making and resources allocation of our cybersecurity efforts. The Committee is chaired by the Honorary Vice Chairman of the Board, and consists of vice presidents of our various business lines. The Committee oversees an Information Security
Working
Group and a Data Compliance Working Group. Our Information Security Working Group is primarily responsible for designing and maintaining our cybersecurity program and is led by the Head of our Data Intelligence Center. The Committee and the Information Security Working Group include members with relevant knowledge, skills and experience in assessing and managing cybersecurity risks. The Information Security Working Group reports quarterly to the Committee on the specific implementation of our cybersecurity program and any updates on any cybersecurity risks or incidents. In addition to the Honorary Vice Chairman of the Board who chairs the Information Security and Data Compliance Committee, the Audit Committee under our board of directors oversees cybersecurity risks management as part of its overall risk oversight function and discusses cybersecurity risks management at the Audit Committee meetings held every quarter. The Committee reports to our Audit Committee under our board of directors with respect to significant cybersecurity threats.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We attach great importance to information security and customer privacy protection and have a systematic process for overseeing and managing cybersecurity and related risks, which is integrated into our overall risk management systems and processes. Our cybersecurity program sets out the policies and processes to identify, assess, manage, mitigate and report cybersecurity risks in accordance with industry standards and applicable laws and regulations. The Company has obtained the ISO 27001 Information Security Management System Certificate and ISO 27701 Privacy Information Management System Certificate. Our cybersecurity program is led by a dedicated cybersecurity team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
We also maintain processes to assess cybersecurity risks of our third-party providers, with a goal to strengthen our supply chain resilience to cybersecurity risks. We conduct third-party risk assessment to identify and mitigate risks from third parties such as vendors, suppliers, subcontractors and other third-party providers. We consider cybersecurity risks when determining the selection and oversight of applicable third-party providers.
We have formulated emergency and incident response plans, clarifying the process for handling information security incidents. In the event of a cybersecurity incident, our cybersecurity team would assess, report and react i
naccordance with our emergency and incident response plans, under the oversight of our Information Security and
Data Compliance Committee.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|the Audit Committee under our board of directors oversees cybersecurity risks management as part of its overall risk oversight function and discusses cybersecurity risks management at the Audit Committee meetings held every quarter. The Committee reports to our Audit Committee under our board of directors with respect to significant cybersecurity threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Information Security and Data Compliance Committee (the “Committee”) is primarily responsible for the oversight, decision-making and resources allocation of our cybersecurity efforts. The Committee is chaired by the Honorary Vice Chairman of the Board, and consists of vice presidents of our various business lines. The Committee oversees an Information Security
Working
Group and a Data Compliance Working Group. Our Information Security Working Group is primarily responsible for designing and maintaining our cybersecurity program and is led by the Head of our Data Intelligence Center. The Committee and the Information Security Working Group include members with relevant knowledge, skills and experience in assessing and managing cybersecurity risks. The Information Security Working Group reports quarterly to the Committee on the specific implementation of our cybersecurity program and any updates on any cybersecurity risks or incidents. In addition to the Honorary Vice Chairman of the Board who chairs the Information Security and Data Compliance Committeethe Audit Committee under our board of directors oversees cybersecurity risks management as part of its overall risk oversight function and discusses cybersecurity risks management at the Audit Committee meetings held every quarter. The Committee reports to our Audit Committee under our board of directors with respect to significant cybersecurity threats.
|Cybersecurity Risk Role of Management [Text Block]
|Our Information Security and Data Compliance Committee (the “Committee”) is primarily responsible for the oversight, decision-making and resources allocation of our cybersecurity efforts. The Committee is chaired by the Honorary Vice Chairman of the Board, and consists of vice presidents of our various business lines. The Committee oversees an Information Security
Working
Group and a Data Compliance Working Group. Our Information Security Working Group is primarily responsible for designing and maintaining our cybersecurity program and is led by the Head of our Data Intelligence Center. The Committee and the Information Security Working Group include members with relevant knowledge, skills and experience in assessing and managing cybersecurity risks. The Information Security Working Group reports quarterly to the Committee on the specific implementation of our cybersecurity program and any updates on any cybersecurity risks or incidents. In addition to the Honorary Vice Chairman of the Board who chairs the Information Security and Data Compliance Committeethe Audit Committee under our board of directors oversees cybersecurity risks management as part of its overall risk oversight function and discusses cybersecurity risks management at the Audit Committee meetings held every quarter. The Committee reports to our Audit Committee under our board of directors with respect to significant cybersecurity threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Information Security and Data Compliance Committee (the “Committee”) is primarily responsible for the oversight, decision-making and resources allocation of our cybersecurity efforts. The Committee is chaired by the Honorary Vice Chairman of the Board, and consists of vice presidents of our various business lines. The Committee oversees an Information Security
Working
Group and a Data Compliance Working Group. Our Information Security Working Group is primarily responsible for designing and maintaining our cybersecurity program and is led by the Head of our Data Intelligence Center. The Committee and the Information Security Working Group include members with relevant knowledge, skills and experience in assessing and managing cybersecurity risks. The Information Security Working Group reports quarterly to the Committee on the specific implementation of our cybersecurity program and any updates on any cybersecurity risks or incidents. In addition to the Honorary Vice Chairman of the Board who chairs the Information Security and Data Compliance Committeethe Audit Committee under our board of directors oversees cybersecurity risks management as part of its overall risk oversight function and discusses cybersecurity risks management at the Audit Committee meetings held every quarter. The Committee reports to our Audit Committee under our board of directors with respect to significant cybersecurity threats.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
We have formulated emergency and incident response plans, clarifying the process for handling information security incidents. In the event of a cybersecurity incident, our cybersecurity team would assess, report and react i
naccordance with our emergency and incident response plans, under the oversight of our Information Security and
Data Compliance Committee.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Information Security and Data Compliance Committee (the “Committee”) is primarily responsible for the oversight, decision-making and resources allocation of our cybersecurity efforts. The Committee is chaired by the Honorary Vice Chairman of the Board, and consists of vice presidents of our various business lines. The Committee oversees an Information Security
Working
Group and a Data Compliance Working Group. Our Information Security Working Group is primarily responsible for designing and maintaining our cybersecurity program and is led by the Head of our Data Intelligence Center. The Committee and the Information Security Working Group include members with relevant knowledge, skills and experience in assessing and managing cybersecurity risks. The Information Security Working Group reports quarterly to the Committee on the specific implementation of our cybersecurity program and any updates on any cybersecurity risks or incidents. In addition to the Honorary Vice Chairman of the Board who chairs the Information Security and Data Compliance Committee
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef