Annual and transition report of foreign private issuers [Sections 13 or 15(d)]

Cybersecurity Risk Management and Strategy Disclosure

v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
Cybersecurity Risk Management and Strategy
 
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and Confidential Information.
 
Risk Management Processes
 
We design and assess our program based on the NIST Cybersecurity Framework (CSF), and our cybersecurity risk management program incorporates information security management systems certified under ISO/IEC 27001:2022 and TISAX (Trusted Information Security Assessment Exchange) requirements. These frameworks provide a structured approach to identifying, assessing, and managing cybersecurity risks relevant to our business. These internationally recognized frameworks provide independent third-party validation and assessment of our security controls and governance practices. However, the fact that we follow these frameworks does not imply that we meet any particular technical standards, specifications, or requirements.
 
 
ISO/IEC 27001:2022 certification is designed to demonstrate that our information security management systems align with rigorous international standards. The certification process includes independent third-party audits, management reviews, and requirements intended to support the continuous improvement of our security posture.
 
 
Our TISAX assessment includes evaluations of our security governance, controls, processes, and supply chain security practices to support the information security, data privacy and prototype requirements of the German and other European automotive and aerospace industries.
 
Our cybersecurity risk management program is integrated into our overall risk management program, and shares common methodologies, reporting channels and governance processes that apply across the risk management program to other legal, compliance, strategic, operational, and financial risk areas.
 
Key elements of our cybersecurity risk management program include but are not limited to the following:
 
 
suppliers and third-party risk assessments and scans designed to identify material risks from cybersecurity threats from third parties to our critical systems and information, including assessment of third-party compliance with relevant security standards such as TISAX where deemed applicable to their criticality to our operations;
 
 
an in-house security team principally responsible for managing (i) our cybersecurity risk assessment processes, (ii) our security controls, (iii) our ISO/IEC 27001:2022 certification and TISAX assessment requirements, and (iv) our response to cybersecurity incidents and threats;
 
 
engagement of external service providers, where appropriate, to assess, test or otherwise assist to minimize and mitigate the risk with aspects of our security processes and technical infrastructure;
 
 
cybersecurity awareness training of our employees, including training related to risks from external contractors or entities, incident response personnel, and senior management to intervene when needed;
 
 
a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents from external entities; and
 
 
a third-party risk management process for key service providers based on our assessment of their criticality to our operations and respective risk profile, which may include requirements for third-party compliance with TISAX or other recognized security standards.
 
 
Material Cybersecurity Risks
 
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Risk Factors – We are subject to cybersecurity risks to operational systems, security systems, infrastructure, firmware and software in our LiDAR and customer data and other information processed by us or third-party vendors or suppliers, and any material failure, weakness, interruption, cyber event, or incident, or breach of security could prevent us from effectively operating our business.”
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and Confidential Information.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Risk Factors – We are subject to cybersecurity risks to operational systems, security systems, infrastructure, firmware and software in our LiDAR and customer data and other information processed by us or third-party vendors or suppliers, and any material failure, weakness, interruption, cyber event, or incident, or breach of security could prevent us from effectively operating our business.”
Cybersecurity Risk Board of Directors Oversight [Text Block]
Cybersecurity Governance
 
Board Oversight
 
Our board of directors considers cybersecurity risk as part of its risk oversight function and oversees cybersecurity risks, including oversight of management’s implementation of our cybersecurity risk management program and our alignment with ISO/IEC 27001:2022 certification and TISAX requirements.
 
The board of directors receives quarterly reports from management on our cybersecurity risks. In addition, management updates the board of directors, where it deems appropriate, and the audit committee, where it deems appropriate, regarding cybersecurity incidents it considers to be significant or potentially significant. The board of directors also receives periodic updates on our progress toward maintaining and renewing our ISO/IEC 27001:2022 certification and completing our TISAX security assessments.
 
Members of our board of directors receive presentations on cybersecurity topics from our Chief Operating Officer, on a quarterly basis, as part of its continuing education on topics that impact public companies.
 
Management Responsibility
 
Our management team, including our Chief Information Security Officer (CISO) and Chief Information Officer (CIO), are responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program, including specific responsibility for maintaining our ISO/IEC 27001:2022 certification and TISAX assessment requirements, and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team’s experience includes governance, risk and compliance (GRC) leadership and information security engineering. Our CISO brings over 20 years of cybersecurity experience across diverse organizations in Israel and abroad, from start-ups to large enterprises. His previous roles include CISO at Imubit Inc., CISO at SQLINK Group, and Data-center Manager at the National Health Insurance Authority (NHIA) in Ghana, among others. He holds multiple internationally recognized professional certifications across various domains of information security and cybersecurity, including ISACA, Microsoft, Check Point, AWS, and others. Additionally, our CIO has 21 years of experience in strategic planning, implementation, and management of information systems. Her expertise encompasses establishing and managing information systems domains, integrating ERP, Salesforce, Jira, ALM, and BI systems, and leading IT, cybersecurity, and information systems teams. She earned a BSc in Industrial Engineering & Management, specializing in Information Systems (Cum Laude), from the Technion – Israel Institute of Technology.
 
Our management team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
Our board of directors considers cybersecurity risk as part of its risk oversight function and oversees cybersecurity risks, including oversight of management’s implementation of our cybersecurity risk management program and our alignment with ISO/IEC 27001:2022 certification and TISAX requirements.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The board of directors receives quarterly reports from management on our cybersecurity risks. In addition, management updates the board of directors, where it deems appropriate, and the audit committee, where it deems appropriate, regarding cybersecurity incidents it considers to be significant or potentially significant. The board of directors also receives periodic updates on our progress toward maintaining and renewing our ISO/IEC 27001:2022 certification and completing our TISAX security assessments.
 
Members of our board of directors receive presentations on cybersecurity topics from our Chief Operating Officer, on a quarterly basis, as part of its continuing education on topics that impact public companies.
Cybersecurity Risk Role of Management [Text Block]
Our management team, including our Chief Information Security Officer (CISO) and Chief Information Officer (CIO), are responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program, including specific responsibility for maintaining our ISO/IEC 27001:2022 certification and TISAX assessment requirements, and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team’s experience includes governance, risk and compliance (GRC) leadership and information security engineering. Our CISO brings over 20 years of cybersecurity experience across diverse organizations in Israel and abroad, from start-ups to large enterprises. His previous roles include CISO at Imubit Inc., CISO at SQLINK Group, and Data-center Manager at the National Health Insurance Authority (NHIA) in Ghana, among others. He holds multiple internationally recognized professional certifications across various domains of information security and cybersecurity, including ISACA, Microsoft, Check Point, AWS, and others. Additionally, our CIO has 21 years of experience in strategic planning, implementation, and management of information systems. Her expertise encompasses establishing and managing information systems domains, integrating ERP, Salesforce, Jira, ALM, and BI systems, and leading IT, cybersecurity, and information systems teams. She earned a BSc in Industrial Engineering & Management, specializing in Information Systems (Cum Laude), from the Technion – Israel Institute of Technology.
 
Our management team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our management team, including our Chief Information Security Officer (CISO) and Chief Information Officer (CIO), are responsible for assessing and managing our material risks from cybersecurity threats.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our management team, including our Chief Information Security Officer (CISO) and Chief Information Officer (CIO), are responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program, including specific responsibility for maintaining our ISO/IEC 27001:2022 certification and TISAX assessment requirements, and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team’s experience includes governance, risk and compliance (GRC) leadership and information security engineering. Our CISO brings over 20 years of cybersecurity experience across diverse organizations in Israel and abroad, from start-ups to large enterprises. His previous roles include CISO at Imubit Inc., CISO at SQLINK Group, and Data-center Manager at the National Health Insurance Authority (NHIA) in Ghana, among others. He holds multiple internationally recognized professional certifications across various domains of information security and cybersecurity, including ISACA, Microsoft, Check Point, AWS, and others. Additionally, our CIO has 21 years of experience in strategic planning, implementation, and management of information systems. Her expertise encompasses establishing and managing information systems domains, integrating ERP, Salesforce, Jira, ALM, and BI systems, and leading IT, cybersecurity, and information systems teams. She earned a BSc in Industrial Engineering & Management, specializing in Information Systems (Cum Laude), from the Technion – Israel Institute of Technology.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
Our management team takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true