Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Entergy and the Registrant Subsidiaries maintain a security-risk-management system with defined roles, duties, governance, and accountability. Under this physical- and cyber-risk model, Entergy and the Registrant Subsidiaries streamline security into a centralized program. The Chief Security Officer (CSO) is responsible for establishing the security and reliability risk strategy, setting policies, monitoring controls and compliance, providing support activities, and reporting on the security program. The Chief Information Security Officer (CISO) is responsible for establishing the cybersecurity strategy and implementing physical and cyber security systems for the security program. The Chief Information Officer (CIO) is responsible for ensuring that Entergy’s information technology infrastructure is secure and reliable. The Chief Ethics & Compliance Officer works with the CSO to address requirements of external security-related regulations, and where applicable, incorporate them into business policies. Management is responsible for identifying and managing risk directly through execution of the security program and compliance with security policies. Entergy and the Registrant Subsidiaries’ risk management model addresses compliance with certain regulatory constructs, such as the NERC Reliability Standards, the NRC Code of Federal Regulations, the Payment Card Industry Data Security Standard, and the Health Insurance Portability and Accountability Act, among other regulations. Entergy and the Registrant Subsidiaries’ risk management model continuously evolves to improve and implement protections, controls, and monitoring to mitigate risks to their part of North America’s electric grid, to protect sensitive information, and to maintain secure business operations. Entergy and the Registrant Subsidiaries manage cybersecurity threats as an enterprise risk with close coordination and information sharing with its federal, state, and local partners. Entergy and the Registrant Subsidiaries also engage with local, state, and federal law enforcement agencies on initiatives to share threat information and participate in a wide range of industry collaborations and classified briefings on cybersecurity developments and evolving risks. Entergy and the Registrant Subsidiaries maintain access-management controls, including a layered multi-factor authentication process for network and system access, and a defense-in-depth security ecosystem that includes advanced threat detection from independent third parties and federal agencies, security logging and monitoring, and independent third-party penetration and vulnerability assessments. Relevant employees and contractors must complete cybersecurity trainings periodically to heighten security and threat awareness, promote best practices, and meet regulatory requirements. Additional multi-layered prevention and detection processes and technologies to mitigate and minimize the effects of cybersecurity risks include email security, continuous monitoring, vulnerability scanning, anti-virus and anti-malware software, backups and recovery strategy, network segregation, third-party security, and information protection. Entergy and the Registrant Subsidiaries have incorporated certain cyber-specific response protocols and procedures into their Entergy Incident Management System framework for responding to emergency incidents. This includes the Entergy Incident Response Team Plan, which outlines Entergy’s procedures, steps, and responsibilities for preparing for, detecting, containing, and recovering from an incident. The plan details the roles and responsibilities of Entergy’s officers who would be engaged in such a response to an emergency incident, including key questions to be addressed, critical decision points, and sources of key information to support decision-making. Senior management and the Emergency Incident Response Team periodically review and drill on the plan. As cybersecurity risks continue to evolve with multiple threat vectors, Entergy and the Registrant Subsidiaries maintain a comprehensive security strategy to keep current with the changing threats. To inform this effort, Entergy and the Registrant Subsidiaries utilize the National Institute of Standards and Technology Cybersecurity Framework, which consists of standards, guidelines, and best practices to manage cybersecurity risk across the enterprise. A risk-based approach is used to direct security initiatives to the most significant risks and provide the most value in terms of risk reduction and protection. Entergy and the Registrant Subsidiaries use a vendor risk management program to assess and monitor security risks that arise from certain third-party vendors. In addition, Entergy and the Registrant Subsidiaries utilize technology and threat-intelligence services to assess and continuously monitor the cybersecurity risk of key vendors, as identified through the vendor risk management program.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Entergy and the Registrant Subsidiaries maintain a security-risk-management system with defined roles, duties, governance, and accountability. Under this physical- and cyber-risk model, Entergy and the Registrant Subsidiaries streamline security into a centralized program. The Chief Security Officer (CSO) is responsible for establishing the security and reliability risk strategy, setting policies, monitoring controls and compliance, providing support activities, and reporting on the security program. The Chief Information Security Officer (CISO) is responsible for establishing the cybersecurity strategy and implementing physical and cyber security systems for the security program. The Chief Information Officer (CIO) is responsible for ensuring that Entergy’s information technology infrastructure is secure and reliable. The Chief Ethics & Compliance Officer works with the CSO to address requirements of external security-related regulations, and where applicable, incorporate them into business policies. Management is responsible for identifying and managing risk directly through execution of the security program and compliance with security policies.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	While Entergy and the Registrant Subsidiaries have experienced cybersecurity incidents, except as otherwise summarized above or discussed elsewhere in this report, the risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected them including their business strategy, results of operations, or financial condition. See “Item 1A. Risk Factors” in Part I, Item 1A for a detailed description of the risks related to cybersecurity.
Cybersecurity Risk Board of Directors Oversight [Text Block]	The Board of Directors is responsible for oversight of the identification, management, and mitigation of enterprise-wide risk, including cybersecurity risk. The Audit Committee has the primary responsibility for overseeing risk management, including oversight of cybersecurity risk management practices and performance. The Audit Committee generally receives reports at each regular quarterly meeting provided by the CSO, the CISO, the CIO, and the General Auditor on the cybersecurity management program. The reports focus on the programs and protocols in place to mitigate cybersecurity risks, led by the CSO. Among other things, the reports may include: recent cyber risk and cybersecurity developments; industry engagement activities; legislative and regulatory developments; cyber-risk governance and oversight; selected cyber risk metrics and activities; cyber risk incident response plans and strategies; cybersecurity drills and exercises; assessments by third party experts and Internal Audit; and major projects and initiatives. While the Board of Directors and Audit Committee oversee cybersecurity risk management, Entergy’s management is responsible for managing cybersecurity risk. Entergy and the Registrant Subsidiaries’ security-risk-management system, as discussed above, is comprised of a three lines of defense model to enhance risk management efforts and define roles in the security program. The first line of defense, comprised of business units performing operational functions, including the CISO and CIO, is responsible for identification and management of security and reliability risks directly through design, implementation, and execution of control activities. The second line of defense, comprised of the CSO and Chief Security Office, performs and supports security and reliability risk management and governs and oversees the execution of security and reliability controls by the first line of defense. Ownership of specific security operations may migrate from a business unit in the first line of defense to the second line of defense, as determined to be appropriate by the Chief Security Office. The third line of defense, which includes Internal Audit, independent third parties, and certain regulatory constructs, such as the NERC Reliability Standards and the NRC Cyber Rule, provides assurance of selective actions taken by the first and second lines of defense to senior management and the Board of Directors. Entergy’s CSO is responsible for overseeing physical, cyber, and reliability risk, including governance, compliance, and threat intelligence. The CSO’s background includes serving as the Global Lead Business Information Security Officer for a multinational pharmaceutical and biotechnology company, Vice President of Cybersecurity Solutions for an international consulting firm, and an operations manager for a multinational technology company. The CSO is also a former intelligence officer in the U.S. Marine Corps, with experience in the Fleet Marine Force, Joint Staff J-2/Defense Intelligence Agency, and Headquarters Marine Corps Command, Control, Communications, and Computers (C4I). The CSO participated in numerous exercises and crisis operations during his time in the military. The CSO is a member of the Information Systems Audit and Control Association and a certified Information Privacy Manager from the International Association of Privacy Professionals. The CSO also completed the Harvard Kennedy School Executive Education Program in Cybersecurity and the FBI Domestic Security Executive Academy. Entergy’s CISO is responsible for enterprise strategic and operational cybersecurity, physical security systems, and regulatory compliance. The CISO oversees investments in tools, resources, and processes that allow for the continuous improvement and maturity of Entergy’s cybersecurity posture. The CISO has expertise spanning more than 25 years in the realm of information technology, information security, and cyber/physical security management. The CISO’s background includes serving as the Vice President and Chief Information Security Officer for an electric utility with responsibility for enterprise cybersecurity covering corporate, electric, nuclear, and gas operations. Additionally, the CISO served as the Chief Security Officer for the Electric Reliability Council of Texas with overall responsibility for its cybersecurity, physical security, and emergency management programs. Her previous experience includes multiple technical, managerial, and strategic roles within industries ranging from energy, telecommunication, software development, and cybersecurity consulting. The CISO is a Certified Information Systems Security Professional, Certified Information Security Manager, and Certified in Risk and Information Systems Control. Entergy’s CIO is responsible for ensuring that the organization’s information technology systems, infrastructure, and applications are designed, implemented, and maintained to provide secure and reliable performance in support of Entergy’s business objectives. The CIO establishes and enforces IT policies, procedures, and controls to mitigate information technology policies, procedures, and controls to mitigate information technology-related risks and provides guidance and support to the business units in the effective use of information technology resources and the management of information technology-related risks. By fulfilling these responsibilities across the three lines of defense model, the CIO plays a critical role in ensuring that Entergy’s information technology-related risks are effectively identified, managed, and mitigated, thereby supporting Entergy’s overall risk management and governance framework. The CIO’s background includes serving in senior leadership roles, including CIO for multiple global manufacturing companies, serving on the board of directors for a telecommunications company, and consulting leadership positions providing services for numerous large, global organizations. In the event of a suspected or actual cybersecurity incident, the Security Incident Response Team (SIRT), which includes the CISO, has primary responsibility for initial identification and evaluation of potential business impacts and escalation of the incident’s severity classification using pre-established criteria with a specified communication matrix and escalation thresholds. The Security Incident Commander, which role is served by rotating leaders in the CISO organization, provides tactical leadership and oversight management at the cross-functional level for the incident. The SIRT remains engaged throughout the incident response lifecycle, including detection and analysis, containment, eradication and recovery, and post-incident remediation, and coordinates with the impacted business functions, if warranted. Once a cyber incident is confirmed, the SIRT is responsible for maintaining situational awareness and continuous monitoring of the need for escalation or de-escalation of the incident’s severity classification. As certain escalation thresholds are exceeded, additional levels of management notification are required by the SIRT, including notification of and recurring communication with Entergy’s Incident Response Team, which includes the Chief Executive Officer, the Chief Operating Officer, the CSO, other executive management, and members of the affected business functions. Depending upon the facts, analysis, materiality, and anticipated or current impacts, the Chief Executive Officer and the General Counsel will determine the timing and cadence for communication of the cyber incident with the Board of Directors or Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Board of Directors is responsible for oversight of the identification, management, and mitigation of enterprise-wide risk, including cybersecurity risk. The Audit Committee has the primary responsibility for overseeing risk management, including oversight of cybersecurity risk management practices and performance. The Audit Committee generally receives reports at each regular quarterly meeting provided by the CSO, the CISO, the CIO, and the General Auditor on the cybersecurity management program. The reports focus on the programs and protocols in place to mitigate cybersecurity risks, led by the CSO. Among other things, the reports may include: recent cyber risk and cybersecurity developments; industry engagement activities; legislative and regulatory developments; cyber-risk governance and oversight; selected cyber risk metrics and activities; cyber risk incident response plans and strategies; cybersecurity drills and exercises; assessments by third party experts and Internal Audit; and major projects and initiatives.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	In the event of a suspected or actual cybersecurity incident, the Security Incident Response Team (SIRT), which includes the CISO, has primary responsibility for initial identification and evaluation of potential business impacts and escalation of the incident’s severity classification using pre-established criteria with a specified communication matrix and escalation thresholds. The Security Incident Commander, which role is served by rotating leaders in the CISO organization, provides tactical leadership and oversight management at the cross-functional level for the incident. The SIRT remains engaged throughout the incident response lifecycle, including detection and analysis, containment, eradication and recovery, and post-incident remediation, and coordinates with the impacted business functions, if warranted. Once a cyber incident is confirmed, the SIRT is responsible for maintaining situational awareness and continuous monitoring of the need for escalation or de-escalation of the incident’s severity classification. As certain escalation thresholds are exceeded, additional levels of management notification are required by the SIRT, including notification of and recurring communication with Entergy’s Incident Response Team, which includes the Chief Executive Officer, the Chief Operating Officer, the CSO, other executive management, and members of the affected business functions. Depending upon the facts, analysis, materiality, and anticipated or current impacts, the Chief Executive Officer and the General Counsel will determine the timing and cadence for communication of the cyber incident with the Board of Directors or Audit Committee.
Cybersecurity Risk Role of Management [Text Block]	While the Board of Directors and Audit Committee oversee cybersecurity risk management, Entergy’s management is responsible for managing cybersecurity risk. Entergy and the Registrant Subsidiaries’ security-risk-management system, as discussed above, is comprised of a three lines of defense model to enhance risk management efforts and define roles in the security program. The first line of defense, comprised of business units performing operational functions, including the CISO and CIO, is responsible for identification and management of security and reliability risks directly through design, implementation, and execution of control activities. The second line of defense, comprised of the CSO and Chief Security Office, performs and supports security and reliability risk management and governs and oversees the execution of security and reliability controls by the first line of defense. Ownership of specific security operations may migrate from a business unit in the first line of defense to the second line of defense, as determined to be appropriate by the Chief Security Office. The third line of defense, which includes Internal Audit, independent third parties, and certain regulatory constructs, such as the NERC Reliability Standards and the NRC Cyber Rule, provides assurance of selective actions taken by the first and second lines of defense to senior management and the Board of Directors.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Entergy’s CSO is responsible for overseeing physical, cyber, and reliability risk, including governance, compliance, and threat intelligence. The CSO’s background includes serving as the Global Lead Business Information Security Officer for a multinational pharmaceutical and biotechnology company, Vice President of Cybersecurity Solutions for an international consulting firm, and an operations manager for a multinational technology company. The CSO is also a former intelligence officer in the U.S. Marine Corps, with experience in the Fleet Marine Force, Joint Staff J-2/Defense Intelligence Agency, and Headquarters Marine Corps Command, Control, Communications, and Computers (C4I). The CSO participated in numerous exercises and crisis operations during his time in the military. The CSO is a member of the Information Systems Audit and Control Association and a certified Information Privacy Manager from the International Association of Privacy Professionals. The CSO also completed the Harvard Kennedy School Executive Education Program in Cybersecurity and the FBI Domestic Security Executive Academy. Entergy’s CISO is responsible for enterprise strategic and operational cybersecurity, physical security systems, and regulatory compliance. The CISO oversees investments in tools, resources, and processes that allow for the continuous improvement and maturity of Entergy’s cybersecurity posture. The CISO has expertise spanning more than 25 years in the realm of information technology, information security, and cyber/physical security management. The CISO’s background includes serving as the Vice President and Chief Information Security Officer for an electric utility with responsibility for enterprise cybersecurity covering corporate, electric, nuclear, and gas operations. Additionally, the CISO served as the Chief Security Officer for the Electric Reliability Council of Texas with overall responsibility for its cybersecurity, physical security, and emergency management programs. Her previous experience includes multiple technical, managerial, and strategic roles within industries ranging from energy, telecommunication, software development, and cybersecurity consulting. The CISO is a Certified Information Systems Security Professional, Certified Information Security Manager, and Certified in Risk and Information Systems Control. Entergy’s CIO is responsible for ensuring that the organization’s information technology systems, infrastructure, and applications are designed, implemented, and maintained to provide secure and reliable performance in support of Entergy’s business objectives. The CIO establishes and enforces IT policies, procedures, and controls to mitigate information technology policies, procedures, and controls to mitigate information technology-related risks and provides guidance and support to the business units in the effective use of information technology resources and the management of information technology-related risks. By fulfilling these responsibilities across the three lines of defense model, the CIO plays a critical role in ensuring that Entergy’s information technology-related risks are effectively identified, managed, and mitigated, thereby supporting Entergy’s overall risk management and governance framework. The CIO’s background includes serving in senior leadership roles, including CIO for multiple global manufacturing companies, serving on the board of directors for a telecommunications company, and consulting leadership positions providing services for numerous large, global organizations.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Entergy’s CSO is responsible for overseeing physical, cyber, and reliability risk, including governance, compliance, and threat intelligence. The CSO’s background includes serving as the Global Lead Business Information Security Officer for a multinational pharmaceutical and biotechnology company, Vice President of Cybersecurity Solutions for an international consulting firm, and an operations manager for a multinational technology company. The CSO is also a former intelligence officer in the U.S. Marine Corps, with experience in the Fleet Marine Force, Joint Staff J-2/Defense Intelligence Agency, and Headquarters Marine Corps Command, Control, Communications, and Computers (C4I). The CSO participated in numerous exercises and crisis operations during his time in the military. The CSO is a member of the Information Systems Audit and Control Association and a certified Information Privacy Manager from the International Association of Privacy Professionals. The CSO also completed the Harvard Kennedy School Executive Education Program in Cybersecurity and the FBI Domestic Security Executive Academy. Entergy’s CISO is responsible for enterprise strategic and operational cybersecurity, physical security systems, and regulatory compliance. The CISO oversees investments in tools, resources, and processes that allow for the continuous improvement and maturity of Entergy’s cybersecurity posture. The CISO has expertise spanning more than 25 years in the realm of information technology, information security, and cyber/physical security management. The CISO’s background includes serving as the Vice President and Chief Information Security Officer for an electric utility with responsibility for enterprise cybersecurity covering corporate, electric, nuclear, and gas operations. Additionally, the CISO served as the Chief Security Officer for the Electric Reliability Council of Texas with overall responsibility for its cybersecurity, physical security, and emergency management programs. Her previous experience includes multiple technical, managerial, and strategic roles within industries ranging from energy, telecommunication, software development, and cybersecurity consulting. The CISO is a Certified Information Systems Security Professional, Certified Information Security Manager, and Certified in Risk and Information Systems Control. Entergy’s CIO is responsible for ensuring that the organization’s information technology systems, infrastructure, and applications are designed, implemented, and maintained to provide secure and reliable performance in support of Entergy’s business objectives. The CIO establishes and enforces IT policies, procedures, and controls to mitigate information technology policies, procedures, and controls to mitigate information technology-related risks and provides guidance and support to the business units in the effective use of information technology resources and the management of information technology-related risks. By fulfilling these responsibilities across the three lines of defense model, the CIO plays a critical role in ensuring that Entergy’s information technology-related risks are effectively identified, managed, and mitigated, thereby supporting Entergy’s overall risk management and governance framework. The CIO’s background includes serving in senior leadership roles, including CIO for multiple global manufacturing companies, serving on the board of directors for a telecommunications company, and consulting leadership positions providing services for numerous large, global organizations.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	In the event of a suspected or actual cybersecurity incident, the Security Incident Response Team (SIRT), which includes the CISO, has primary responsibility for initial identification and evaluation of potential business impacts and escalation of the incident’s severity classification using pre-established criteria with a specified communication matrix and escalation thresholds. The Security Incident Commander, which role is served by rotating leaders in the CISO organization, provides tactical leadership and oversight management at the cross-functional level for the incident. The SIRT remains engaged throughout the incident response lifecycle, including detection and analysis, containment, eradication and recovery, and post-incident remediation, and coordinates with the impacted business functions, if warranted. Once a cyber incident is confirmed, the SIRT is responsible for maintaining situational awareness and continuous monitoring of the need for escalation or de-escalation of the incident’s severity classification. As certain escalation thresholds are exceeded, additional levels of management notification are required by the SIRT, including notification of and recurring communication with Entergy’s Incident Response Team, which includes the Chief Executive Officer, the Chief Operating Officer, the CSO, other executive management, and members of the affected business functions. Depending upon the facts, analysis, materiality, and anticipated or current impacts, the Chief Executive Officer and the General Counsel will determine the timing and cadence for communication of the cyber incident with the Board of Directors or Audit Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Entergy and the Registrant Subsidiaries maintain a security-risk-management system with defined roles, duties, governance, and accountability. Under this physical- and cyber-risk model, Entergy and the Registrant Subsidiaries streamline security into a centralized program. The Chief Security Officer (CSO) is responsible for establishing the security and reliability risk strategy, setting policies, monitoring controls and compliance, providing support activities, and reporting on the security program. The Chief Information Security Officer (CISO) is responsible for establishing the cybersecurity strategy and implementing physical and cyber security systems for the security program. The Chief Information Officer (CIO) is responsible for ensuring that Entergy’s information technology infrastructure is secure and reliable. The Chief Ethics & Compliance Officer works with the CSO to address requirements of external security-related regulations, and where applicable, incorporate them into business policies. Management is responsible for identifying and managing risk directly through execution of the security program and compliance with security policies. Entergy and the Registrant Subsidiaries’ risk management model addresses compliance with certain regulatory constructs, such as the NERC Reliability Standards, the NRC Code of Federal Regulations, the Payment Card Industry Data Security Standard, and the Health Insurance Portability and Accountability Act, among other regulations. Entergy and the Registrant Subsidiaries’ risk management model continuously evolves to improve and implement protections, controls, and monitoring to mitigate risks to their part of North America’s electric grid, to protect sensitive information, and to maintain secure business operations. Entergy and the Registrant Subsidiaries manage cybersecurity threats as an enterprise risk with close coordination and information sharing with its federal, state, and local partners. Entergy and the Registrant Subsidiaries also engage with local, state, and federal law enforcement agencies on initiatives to share threat information and participate in a wide range of industry collaborations and classified briefings on cybersecurity developments and evolving risks.

Entergy and the Registrant Subsidiaries maintain access-management controls, including a layered multi-factor authentication process for network and system access, and a defense-in-depth security ecosystem that includes advanced threat detection from independent third parties and federal agencies, security logging and monitoring, and independent third-party penetration and vulnerability assessments. Relevant employees and contractors must complete cybersecurity trainings periodically to heighten security and threat awareness, promote best practices, and meet regulatory requirements. Additional multi-layered prevention and detection processes and technologies to mitigate and minimize the effects of cybersecurity risks include email security, continuous monitoring, vulnerability scanning, anti-virus and anti-malware software, backups and recovery strategy, network segregation, third-party security, and information protection.

Entergy and the Registrant Subsidiaries have incorporated certain cyber-specific response protocols and procedures into their Entergy Incident Management System framework for responding to emergency incidents. This includes the Entergy Incident Response Team Plan, which outlines Entergy’s procedures, steps, and responsibilities for preparing for, detecting, containing, and recovering from an incident. The plan details the roles and responsibilities of Entergy’s officers who would be engaged in such a response to an emergency incident,

including key questions to be addressed, critical decision points, and sources of key information to support decision-making. Senior management and the Emergency Incident Response Team periodically review and drill on the plan.

As cybersecurity risks continue to evolve with multiple threat vectors, Entergy and the Registrant Subsidiaries maintain a comprehensive security strategy to keep current with the changing threats. To inform this effort, Entergy and the Registrant Subsidiaries utilize the National Institute of Standards and Technology Cybersecurity Framework, which consists of standards, guidelines, and best practices to manage cybersecurity risk across the enterprise. A risk-based approach is used to direct security initiatives to the most significant risks and provide the most value in terms of risk reduction and protection. Entergy and the Registrant Subsidiaries use a vendor risk management program to assess and monitor security risks that arise from certain third-party vendors. In addition, Entergy and the Registrant Subsidiaries utilize technology and threat-intelligence services to assess and continuously monitor the cybersecurity risk of key vendors, as identified through the vendor risk management program.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

While Entergy and the Registrant Subsidiaries have experienced cybersecurity incidents, except as otherwise summarized above or discussed elsewhere in this report, the risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected them including their business strategy, results of operations, or financial condition. See “Item 1A. Risk Factors” in Part I, Item 1A for a detailed description of the risks related to cybersecurity.

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board of Directors is responsible for oversight of the identification, management, and mitigation of enterprise-wide risk, including cybersecurity risk. The Audit Committee has the primary responsibility for overseeing risk management, including oversight of cybersecurity risk management practices and performance. The Audit Committee generally receives reports at each regular quarterly meeting provided by the CSO, the CISO, the CIO, and the General Auditor on the cybersecurity management program. The reports focus on the programs and protocols in place to mitigate cybersecurity risks, led by the CSO. Among other things, the reports may include: recent cyber risk and cybersecurity developments; industry engagement activities; legislative and regulatory developments; cyber-risk governance and oversight; selected cyber risk metrics and activities; cyber risk incident response plans and strategies; cybersecurity drills and exercises; assessments by third party experts and Internal Audit; and major projects and initiatives.

While the Board of Directors and Audit Committee oversee cybersecurity risk management, Entergy’s management is responsible for managing cybersecurity risk. Entergy and the Registrant Subsidiaries’ security-risk-management system, as discussed above, is comprised of a three lines of defense model to enhance risk management efforts and define roles in the security program. The first line of defense, comprised of business units performing operational functions, including the CISO and CIO, is responsible for identification and management of security and reliability risks directly through design, implementation, and execution of control activities. The second line of defense, comprised of the CSO and Chief Security Office, performs and supports security and reliability risk management and governs and oversees the execution of security and reliability controls by the first line of defense. Ownership of specific security operations may migrate from a business unit in the first line of defense to the second line of defense, as determined to be appropriate by the Chief Security Office. The third line of defense, which includes Internal Audit, independent third parties, and certain regulatory constructs, such as the NERC Reliability Standards and the NRC Cyber Rule, provides assurance of selective actions taken by the first and second lines of defense to senior management and the Board of Directors.

Entergy’s CSO is responsible for overseeing physical, cyber, and reliability risk, including governance, compliance, and threat intelligence. The CSO’s background includes serving as the Global Lead Business Information Security Officer for a multinational pharmaceutical and biotechnology company, Vice President of Cybersecurity Solutions for an international consulting firm, and an operations manager for a multinational technology company. The CSO is also a former intelligence officer in the U.S. Marine Corps, with experience in

the Fleet Marine Force, Joint Staff J-2/Defense Intelligence Agency, and Headquarters Marine Corps Command, Control, Communications, and Computers (C4I). The CSO participated in numerous exercises and crisis operations during his time in the military. The CSO is a member of the Information Systems Audit and Control Association and a certified Information Privacy Manager from the International Association of Privacy Professionals. The CSO also completed the Harvard Kennedy School Executive Education Program in Cybersecurity and the FBI Domestic Security Executive Academy.

Entergy’s CISO is responsible for enterprise strategic and operational cybersecurity, physical security systems, and regulatory compliance. The CISO oversees investments in tools, resources, and processes that allow for the continuous improvement and maturity of Entergy’s cybersecurity posture. The CISO has expertise spanning more than 25 years in the realm of information technology, information security, and cyber/physical security management. The CISO’s background includes serving as the Vice President and Chief Information Security Officer for an electric utility with responsibility for enterprise cybersecurity covering corporate, electric, nuclear, and gas operations. Additionally, the CISO served as the Chief Security Officer for the Electric Reliability Council of Texas with overall responsibility for its cybersecurity, physical security, and emergency management programs. Her previous experience includes multiple technical, managerial, and strategic roles within industries ranging from energy, telecommunication, software development, and cybersecurity consulting. The CISO is a Certified Information Systems Security Professional, Certified Information Security Manager, and Certified in Risk and Information Systems Control.

Entergy’s CIO is responsible for ensuring that the organization’s information technology systems, infrastructure, and applications are designed, implemented, and maintained to provide secure and reliable performance in support of Entergy’s business objectives. The CIO establishes and enforces IT policies, procedures, and controls to mitigate information technology policies, procedures, and controls to mitigate information technology-related risks and provides guidance and support to the business units in the effective use of information technology resources and the management of information technology-related risks. By fulfilling these responsibilities across the three lines of defense model, the CIO plays a critical role in ensuring that Entergy’s information technology-related risks are effectively identified, managed, and mitigated, thereby supporting Entergy’s overall risk management and governance framework. The CIO’s background includes serving in senior leadership roles, including CIO for multiple global manufacturing companies, serving on the board of directors for a telecommunications company, and consulting leadership positions providing services for numerous large, global organizations.

In the event of a suspected or actual cybersecurity incident, the Security Incident Response Team (SIRT), which includes the CISO, has primary responsibility for initial identification and evaluation of potential business impacts and escalation of the incident’s severity classification using pre-established criteria with a specified communication matrix and escalation thresholds. The Security Incident Commander, which role is served by rotating leaders in the CISO organization, provides tactical leadership and oversight management at the cross-functional level for the incident. The SIRT remains engaged throughout the incident response lifecycle, including detection and analysis, containment, eradication and recovery, and post-incident remediation, and coordinates with the impacted business functions, if warranted. Once a cyber incident is confirmed, the SIRT is responsible for maintaining situational awareness and continuous monitoring of the need for escalation or de-escalation of the incident’s severity classification. As certain escalation thresholds are exceeded, additional levels of management notification are required by the SIRT, including notification of and recurring communication with Entergy’s Incident Response Team, which includes the Chief Executive Officer, the Chief Operating Officer, the CSO, other executive management, and members of the affected business functions. Depending upon the facts, analysis, materiality, and anticipated or current impacts, the Chief Executive Officer and the General Counsel will determine the timing and cadence for communication of the cyber incident with the Board of Directors or Audit Committee.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true