Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	In fulfilling its responsibility, the Cybersecurity Group manages formal documented internal processes such as risk management and vulnerability scanning, as well as other processes, such as assessing threat intelligence, that include outside partners. Intelligence sharing comes from industry sources such as the Electricity Information Sharing and Analysis Center, government sources, as well as commercially purchased information sources. The Cybersecurity Group also engages third parties for assessments and audits of its systems periodically and as needed. Such assessments and audits may include, among other things, pre-production evaluation of technologies, overall program assessments, and compliance program assessments including audits by our regulators. Depending on the products and services provided and the potential for data exchange and technology risk, we may require vendors and service providers to pass APS’s vendor risk management program, which sets forth security and data protection requirements, as a condition to doing or continuing to do business with us. For contracts with vendors that will handle or have access to certain sensitive data, APS requires contractual provisions setting forth cybersecurity controls, vulnerability management, secure development practices, and other security and data protection requirements. A subset of vendors that meet a predetermined risk profile due to strategic relationships, technology risk, or other factors is continually monitored by a third-party risk management service, and the Company annually reviews independent assessments of these vendors. The Cybersecurity Group also has documented processes for identifying, responding to, and internally escalating cybersecurity incidents to management and the Board of Directors. Once an incident meets certain criteria, the Company’s Cybersecurity Incident Command or, in the most severe cases that impact the entire Company, the Corporate Emergency Operations Center is activated and formal response procedures are followed to address the incident. The Cybersecurity Group has a formal incident response plan that details response and escalation procedures, including activation of a Cybersecurity Disclosure Committee, consisting of the Chief Financial Officer and the General Counsel, to assess an incident’s materiality with input as needed from the Director of Cybersecurity, Chief Accounting Officer, Chief Information Officer, and others, including outside advisors. Cybersecurity risk management has been integrated into the Company’s overall enterprise risk management program (the “Enterprise Risk Management Program”) through policies and processes that implement a risk management framework designed to identify, manage, and monitor business unit risks throughout the organization. The Enterprise Risk Management Program is overseen by an executive committee (the “Executive Risk Committee”), which meets at least quarterly and is comprised of members holding executive leadership positions in the Company, including the Chairman and Chief Executive Officer, President, and other Executive and Senior Vice Presidents, and is chaired and sponsored by the Chief Financial Officer. Every year, as a part of the Enterprise Risk Management Program, risks affecting the Company are identified. For 2024, cybersecurity was identified as a risk. The applicable subject matter experts brief the Company’s Board of Directors on the status of all top enterprise risks at least once per year. Finally, the Nuclear and Operating Committee of the Company’s Board of Directors provides ultimate oversight of cybersecurity risk and also receives briefings at least twice per year from the Cybersecurity Group, and notable audit findings relating to cybersecurity are aggregated and provided to the Board of Directors’ Audit Committee. To date, we do not believe there have been risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect Pinnacle West or APS. However, there is no assurance that will continue to be the case. If a significant cybersecurity event or incident were to occur, our ability to fulfill our critical business functions and our business strategy, results of operations, and financial condition could all be materially impacted. See the risk factor entitled, “We are subject to cybersecurity risks and risks of unauthorized access to our systems that could adversely affect our business and financial condition” in Item 1A—Risk Factors for more information.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Cybersecurity risk management has been integrated into the Company’s overall enterprise risk management program (the “Enterprise Risk Management Program”) through policies and processes that implement a risk management framework designed to identify, manage, and monitor business unit risks throughout the organization.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Cybersecurity risk management has been integrated into the Company’s overall enterprise risk management program (the “Enterprise Risk Management Program”) through policies and processes that implement a risk management framework designed to identify, manage, and monitor business unit risks throughout the organization. The Enterprise Risk Management Program is overseen by an executive committee (the “Executive Risk Committee”), which meets at least quarterly and is comprised of members holding executive leadership positions in the Company, including the Chairman and Chief Executive Officer, President, and other Executive and Senior Vice Presidents, and is chaired and sponsored by the Chief Financial Officer. Every year, as a part of the Enterprise Risk Management Program, risks affecting the Company are identified. For 2024, cybersecurity was identified as a risk. The applicable subject matter experts brief the Company’s Board of Directors on the status of all top enterprise risks at least once per year. Finally, the Nuclear and Operating Committee of the Company’s Board of Directors provides ultimate oversight of cybersecurity risk and also receives briefings at least twice per year from the Cybersecurity Group, and notable audit findings relating to cybersecurity are aggregated and provided to the Board of Directors’ Audit Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Enterprise Risk Management Program is overseen by an executive committee (the “Executive Risk Committee”), which meets at least quarterly and is comprised of members holding executive leadership positions in the Company, including the Chairman and Chief Executive Officer, President, and other Executive and Senior Vice Presidents, and is chaired and sponsored by the Chief Financial Officer. Every year, as a part of the Enterprise Risk Management Program, risks affecting the Company are identified. For 2024, cybersecurity was identified as a risk. The applicable subject matter experts brief the Company’s Board of Directors on the status of all top enterprise risks at least once per year. Finally, the Nuclear and Operating Committee of the Company’s Board of Directors provides ultimate oversight of cybersecurity risk and also receives briefings at least twice per year from the Cybersecurity Group, and notable audit findings relating to cybersecurity are aggregated and provided to the Board of Directors’ Audit Committee.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Every year, as a part of the Enterprise Risk Management Program, risks affecting the Company are identified. For 2024, cybersecurity was identified as a risk. The applicable subject matter experts brief the Company’s Board of Directors on the status of all top enterprise risks at least once per year. Finally, the Nuclear and Operating Committee of the Company’s Board of Directors provides ultimate oversight of cybersecurity risk and also receives briefings at least twice per year from the Cybersecurity Group, and notable audit findings relating to cybersecurity are aggregated and provided to the Board of Directors’ Audit Committee.
Cybersecurity Risk Role of Management [Text Block]	To that end, the Company implements a robust risk management, strategy, and governance regime aimed at ensuring effective controls are in place to identify, mitigate, remediate, and communicate cyber threats at appropriate levels within the organization. APS’s cybersecurity group (the “Cybersecurity Group”) is comprised of cybersecurity analysts, engineers, architects, and others, led by the Director of Cybersecurity, who reports to APS’s Vice President, Operations Support. The Director of Cybersecurity has more than twenty years of experience in information technology and cybersecurity roles, with more than ten of those years at the Company. The Director of Cybersecurity also holds cybersecurity certifications from multiple certifying bodies and is active in utility cybersecurity professional organizations. The Cybersecurity Group has day-to-day responsibility for safeguarding the Company’s critical assets and assessing, identifying, and managing material risks from cybersecurity threats. In fulfilling its responsibility, the Cybersecurity Group manages formal documented internal processes such as risk management and vulnerability scanning, as well as other processes, such as assessing threat intelligence, that include outside partners. Intelligence sharing comes from industry sources such as the Electricity Information Sharing and Analysis Center, government sources, as well as commercially purchased information sources. The Cybersecurity Group also engages third parties for assessments and audits of its systems periodically and as needed. Such assessments and audits may include, among other things, pre-production evaluation of technologies, overall program assessments, and compliance program assessments including audits by our regulators. Depending on the products and services provided and the potential for data exchange and technology risk, we may require vendors and service providers to pass APS’s vendor risk management program, which sets forth security and data protection requirements, as a condition to doing or continuing to do business with us. For contracts with vendors that will handle or have access to certain sensitive data, APS requires contractual provisions setting forth cybersecurity controls, vulnerability management, secure development practices, and other security and data protection requirements. A subset of vendors that meet a predetermined risk profile due to strategic relationships, technology risk, or other factors is continually monitored by a third-party risk management service, and the Company annually reviews independent assessments of these vendors. The Cybersecurity Group also has documented processes for identifying, responding to, and internally escalating cybersecurity incidents to management and the Board of Directors. Once an incident meets certain criteria, the Company’s Cybersecurity Incident Command or, in the most severe cases that impact the entire Company, the Corporate Emergency Operations Center is activated and formal response procedures are followed to address the incident. The Cybersecurity Group has a formal incident response plan that details response and escalation procedures, including activation of a Cybersecurity Disclosure Committee, consisting of the Chief Financial Officer and the General Counsel, to assess an incident’s materiality with input as needed from the Director of Cybersecurity, Chief Accounting Officer, Chief Information Officer, and others, including outside advisors.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	APS’s cybersecurity group (the “Cybersecurity Group”) is comprised of cybersecurity analysts, engineers, architects, and others, led by the Director of Cybersecurity, who reports to APS’s Vice President, Operations Support. The Director of Cybersecurity has more than twenty years of experience in information technology and cybersecurity roles, with more than ten of those years at the Company.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The Director of Cybersecurity has more than twenty years of experience in information technology and cybersecurity roles, with more than ten of those years at the Company. The Director of Cybersecurity also holds cybersecurity certifications from multiple certifying bodies and is active in utility cybersecurity professional organizations.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	The Cybersecurity Group also has documented processes for identifying, responding to, and internally escalating cybersecurity incidents to management and the Board of Directors. Once an incident meets certain criteria, the Company’s Cybersecurity Incident Command or, in the most severe cases that impact the entire Company, the Corporate Emergency Operations Center is activated and formal response procedures are followed to address the incident. The Cybersecurity Group has a formal incident response plan that details response and escalation procedures, including activation of a Cybersecurity Disclosure Committee, consisting of the Chief Financial Officer and the General Counsel, to assess an incident’s materiality with input as needed from the Director of Cybersecurity, Chief Accounting Officer, Chief Information Officer, and others, including outside advisors.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

In fulfilling its responsibility, the Cybersecurity Group manages formal documented internal processes such as risk management and vulnerability scanning, as well as other processes, such as assessing threat intelligence, that include outside partners. Intelligence sharing comes from industry sources such as the Electricity Information Sharing and Analysis Center, government sources, as well as commercially purchased information sources. The Cybersecurity Group also engages third parties for assessments and audits of its systems periodically and as needed. Such assessments and audits may include, among other things, pre-production evaluation of technologies, overall program assessments, and compliance program assessments including audits by our regulators.

Depending on the products and services provided and the potential for data exchange and technology risk, we may require vendors and service providers to pass APS’s vendor risk management program, which sets forth security and data protection requirements, as a condition to doing or continuing to do business with us. For contracts with vendors that will handle or have access to certain sensitive data, APS requires contractual provisions setting forth cybersecurity controls, vulnerability management, secure development practices, and other security and data protection requirements. A subset of vendors that meet a predetermined risk profile due to strategic relationships, technology risk, or other factors is continually monitored by a third-party risk management service, and the Company annually reviews independent assessments of these vendors.

The Cybersecurity Group also has documented processes for identifying, responding to, and internally escalating cybersecurity incidents to management and the Board of Directors. Once an incident meets certain criteria, the Company’s Cybersecurity Incident Command or, in the most severe cases that

impact the entire Company, the Corporate Emergency Operations Center is activated and formal response procedures are followed to address the incident. The Cybersecurity Group has a formal incident response plan that details response and escalation procedures, including activation of a Cybersecurity Disclosure Committee, consisting of the Chief Financial Officer and the General Counsel, to assess an incident’s materiality with input as needed from the Director of Cybersecurity, Chief Accounting Officer, Chief Information Officer, and others, including outside advisors.

Cybersecurity risk management has been integrated into the Company’s overall enterprise risk management program (the “Enterprise Risk Management Program”) through policies and processes that implement a risk management framework designed to identify, manage, and monitor business unit risks throughout the organization. The Enterprise Risk Management Program is overseen by an executive committee (the “Executive Risk Committee”), which meets at least quarterly and is comprised of members holding executive leadership positions in the Company, including the Chairman and Chief Executive Officer, President, and other Executive and Senior Vice Presidents, and is chaired and sponsored by the Chief Financial Officer. Every year, as a part of the Enterprise Risk Management Program, risks affecting the Company are identified. For 2024, cybersecurity was identified as a risk. The applicable subject matter experts brief the Company’s Board of Directors on the status of all top enterprise risks at least once per year. Finally, the Nuclear and Operating Committee of the Company’s Board of Directors provides ultimate oversight of cybersecurity risk and also receives briefings at least twice per year from the Cybersecurity Group, and notable audit findings relating to cybersecurity are aggregated and provided to the Board of Directors’ Audit Committee.

To date, we do not believe there have been risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect Pinnacle West or APS. However, there is no assurance that will continue to be the case. If a significant cybersecurity event or incident were to occur, our ability to fulfill our critical business functions and our business strategy, results of operations, and financial condition could all be materially impacted. See the risk factor entitled, “We are subject to cybersecurity risks and risks of unauthorized access to our systems that could adversely affect our business and financial condition” in Item 1A—Risk Factors for more information.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Enterprise Risk Management Program is overseen by an executive committee (the “Executive Risk Committee”), which meets at least quarterly and is comprised of members holding executive leadership positions in the Company, including the Chairman and Chief Executive Officer, President, and other Executive and Senior Vice Presidents, and is chaired and sponsored by the Chief Financial Officer. Every year, as a part of the Enterprise Risk Management Program, risks affecting the Company are identified. For 2024, cybersecurity was identified as a risk. The applicable subject matter experts brief the Company’s Board of Directors on the status of all top enterprise risks at least once per year. Finally, the Nuclear and Operating Committee of the Company’s Board of Directors provides ultimate oversight of cybersecurity risk and also receives briefings at least twice per year from the Cybersecurity Group, and notable audit findings relating to cybersecurity are aggregated and provided to the Board of Directors’ Audit Committee.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Every year, as a part of the Enterprise Risk Management Program, risks affecting the Company are identified. For 2024, cybersecurity was identified as a risk. The applicable subject matter experts brief the Company’s Board of Directors on the status of all top enterprise risks at least once per year. Finally, the Nuclear and Operating Committee of the Company’s Board of Directors provides ultimate oversight of cybersecurity risk and also receives briefings at least twice per year from the Cybersecurity Group, and notable audit findings relating to cybersecurity are aggregated and provided to the Board of Directors’ Audit Committee.

Cybersecurity Risk Role of Management [Text Block]

To that end, the Company implements a robust risk management, strategy, and governance regime aimed at ensuring effective controls are in place to identify, mitigate, remediate, and communicate cyber threats at appropriate levels within the organization.

APS’s cybersecurity group (the “Cybersecurity Group”) is comprised of cybersecurity analysts, engineers, architects, and others, led by the Director of Cybersecurity, who reports to APS’s Vice President, Operations Support. The Director of Cybersecurity has more than twenty years of experience in information technology and cybersecurity roles, with more than ten of those years at the Company. The Director of Cybersecurity also holds cybersecurity certifications from multiple certifying bodies and is active in utility cybersecurity professional organizations. The Cybersecurity Group has day-to-day responsibility for safeguarding the Company’s critical assets and assessing, identifying, and managing material risks from cybersecurity threats.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The Director of Cybersecurity has more than twenty years of experience in information technology and cybersecurity roles, with more than ten of those years at the Company. The Director of Cybersecurity also holds cybersecurity certifications from multiple certifying bodies and is active in utility cybersecurity professional organizations.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true