Our management recognizes the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, and manages those risks with a risk-management cybersecurity program. Among other things, these risks include operational risks, financial system risks, physical security risks, intellectual property theft, fraud, extortion, violation of data privacy and security laws, and harm to employees, drivers, site hosts, and property owners. Our capabilities and data, as well as those of our customers, suppliers, partners, and service providers, are critical to our operations and may contain confidential personal information, sensitive business-related information, or intellectual property. These capabilities are also susceptible to interruptions (including those caused by systems failures, cyber-attacks, and other natural or man-made incidents or disasters), which may be prolonged or go undetected. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.

Risk Management and Strategy

We aim to incorporate industry best practices throughout our cybersecurity program and have live data recovery and breach policies in place. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is evaluated annually as a part of our Sarbanes-Oxley information technology control testing procedures.

We have processes to assess, identify, manage, and address material cybersecurity threats and incidents. These include annual and ongoing security awareness training for employees, vulnerability scanning, code reviews, annual pen testing of the network and charging stations, and third-party risk assessments, among others. We actively engage with industry groups for benchmarking and best practices awareness. While we are unaware of having been subjected to or impacted by a significant cybersecurity threat to date, we monitor internally discovered or externally reported issues that may affect our products and services and have processes to assess those issues for potential cybersecurity impact or risk.

Cybersecurity is an integral part of our risk management processes and a significant area of focus for the Board of Directors and management team. The Audit Committee is responsible for the cybersecurity component of our IT operations, and the Audit Committee reviews the status of ongoing efforts and incidents at every Board of Directors meeting.