PEG: 10-K Risk Factor Changes

2026 vs 2025  ·  SEC EDGAR  ·  2026-07-05
✓ Deterministic extraction — no AI-generated data

Classification is based on semantic text similarity scoring and may include approximations. “No match” means no high-confidence textual match was found — not necessarily that a section was removed.

92
New Risks
2
Removed
11
Modified
15
Unchanged
🟢 New in Current Filing Severity10/10Det 10

Risk Management and Strategy

Our processes for assessing, identifying, and managing material risks from cybersecurity threats include: •Ongoing Assessment—Cybersecurity, led by the VP, Chief Information Security Officer (CISO), reporting to the SVP, Chief Information and Digital Officer (CIDO), is staffed…

Read full text

Our processes for assessing, identifying, and managing material risks from cybersecurity threats include: •Ongoing Assessment—Cybersecurity, led by the VP, Chief Information Security Officer (CISO), reporting to the SVP, Chief Information and Digital Officer (CIDO), is staffed with cyber professionals who assess material risks from cybersecurity threats. In addition, the Cybersecurity Council, comprised of senior management, is kept apprised of PSEG’s cybersecurity program, including any emerging risks, and provides guidance on the strategic direction of the program. Ongoing Assessment—Cybersecurity, led by the VP, Chief Information Security Officer (CISO), reporting to the SVP, Chief Information and Digital Officer (CIDO), is staffed with cyber professionals who assess material risks from cybersecurity threats. In addition, the Cybersecurity Council, comprised of senior management, is kept apprised of PSEG’s cybersecurity program, including any emerging risks, and provides guidance on the strategic direction of the program. •Engagement of Nth Parties—We engage Nth parties (third parties and other business relationships, including fourth parties, etc.), such as cybersecurity service providers, risk management firms, and external legal counsel, to assess Engagement of Nth Parties—We engage Nth parties (third parties and other business relationships, including fourth parties, etc.), such as cybersecurity service providers, risk management firms, and external legal counsel, to assess engage 33 33 Table of Contents Table of Contents Table of Contents material risks from cybersecurity threats, assess our internal incident response preparedness and cyber posture, support incident response, conduct tabletop exercises, and comply with applicable laws and regulations. We also carry cybersecurity insurance that provides certain protection against losses from a cybersecurity incident. Regulatory agencies, including, but not limited to, the NRC, Transportation Security Administration (TSA), and NERC, inspect applicable components of our cybersecurity program.•Nth-Party Service Provider Management—We maintain processes to oversee and identify risks from cybersecurity threats associated with our use of Nth-party service providers, including a risk-based vendor management program, which incorporates cybersecurity contractual provisions, vendor security assessments and, if appropriate, periodic audits.•Technical Safeguards—We manage controls to protect our network perimeter, internal IT, and Operational Technology (OT) environments, including internal and external firewalls, network intrusion detection and prevention tools, penetration testing, vulnerability assessments, threat intelligence, endpoint security, and access controls.•Training and Awareness—We provide mandatory annual cybersecurity training to all personnel with network access, and additional education to personnel with access to industrial control systems and/or customer information systems. We conduct phishing exercises with progressive consequences for failures. We also share periodic cybersecurity awareness messages and each year, in recognition of Cybersecurity Awareness Month, we host presentations from internal and external cyber experts on diverse cyber topics. These efforts better enable those with network access to identify potential cybersecurity risks and escalate them appropriately.•Incident Response Plans—We maintain and periodically update a cyber incident response plan that covers technical (i.e., detection, response, and recovery) and collaborative (i.e. external communication/disclosure and legal compliance) aspects of cyber incident and breach response; and conduct tabletop exercises to test plan effectiveness (both internally and through external exercises).•Mobile Security—We maintain controls to prevent loss of data through mobile devices. •Artificial Intelligence Security—We maintain AI governance, including policies and a council, incorporating AI into our Nth Party Risk Assessment process, and implementing technical controls that enable people to use AI to complete tasks more efficiently and our cyber team to better combat more sophisticated threats that make use of AI.•Physical Security—We maintain physical security measures to protect our OT systems, consistent with a defense in-depth and risk-tiered approach. Physical security measures may include access control systems, video surveillance, around-the-clock command center monitoring, and physical barriers (e.g. fencing, walls, and bollards). Additional features of PSEG’s physical security program include threat intelligence, insider threat mitigation, background checks, a threat level advisory system, a business interruption management model, and active coordination with federal, state, and local law enforcement officials. See Item 1. Business. Regulatory Issues—Federal Regulation for a discussion of Critical Infrastructure Protection standards that the NERC promulgated that mitigate risk associated with both cybersecurity and physical security of PSEG’s critical facilities. These processes are integral to our overall risk management system/processes and inform the identification and assessment of risks and mitigations through our Enterprise Risk Management (ERM) program. The ERM team, led by the SVP, Audit, Enterprise, Risk and Compliance (AERC) considers cybersecurity risks alongside other PSEG risks, and facilitates discussion with PSEG subject matter experts to identify cybersecurity risks, evaluate their potential severity and likelihood, identify mitigations, including those identified above, and assess the impact of those mitigations on residual risk. In addition, PSEG maintains a Risk Management Committee (RMC), responsible for assessing exposure to and determining PSEG's overall risk management strategy, including with respect to cybersecurity. The RMC, supported by the ERM function, is chaired by the SVP, AERC and consists of members of senior management including the CIDO and six of the CEO’s other direct reports. In discharging its responsibilities related to cybersecurity threats, the RMC has received presentations from the CISO. To date, there has been no material impact or reasonably likely material impact on our business strategy, results of operations or financial condition from cybersecurity attacks or incidents.Governance–PSEG Board of Directors (Board) Oversight of Risks from Cybersecurity Threats: •PSEG Board—The PSEG Board has ultimate responsibility for the oversight of risk management at PSEG, overseeing PSEG’s risk management program and reviewing the most significant risks facing PSEG, including material risks from cybersecurity threats, assess our internal incident response preparedness and cyber posture, support incident response, conduct tabletop exercises, and comply with applicable laws and regulations. We also carry cybersecurity insurance that provides certain protection against losses from a cybersecurity incident. Regulatory agencies, including, but not limited to, the NRC, Transportation Security Administration (TSA), and NERC, inspect applicable components of our cybersecurity program.•Nth-Party Service Provider Management—We maintain processes to oversee and identify risks from cybersecurity threats associated with our use of Nth-party service providers, including a risk-based vendor management program, which incorporates cybersecurity contractual provisions, vendor security assessments and, if appropriate, periodic audits.•Technical Safeguards—We manage controls to protect our network perimeter, internal IT, and Operational Technology (OT) environments, including internal and external firewalls, network intrusion detection and prevention tools, penetration testing, vulnerability assessments, threat intelligence, endpoint security, and access controls.•Training and Awareness—We provide mandatory annual cybersecurity training to all personnel with network access, and additional education to personnel with access to industrial control systems and/or customer information systems. We conduct phishing exercises with progressive consequences for failures. We also share periodic cybersecurity awareness messages and each year, in recognition of Cybersecurity Awareness Month, we host presentations from internal and external cyber experts on diverse cyber topics. These efforts better enable those with network access to identify potential cybersecurity risks and escalate them appropriately.•Incident Response Plans—We maintain and periodically update a cyber incident response plan that covers technical (i.e., detection, response, and recovery) and collaborative (i.e. external communication/disclosure and legal compliance) aspects of cyber incident and breach response; and conduct tabletop exercises to test plan effectiveness (both internally and through external exercises).•Mobile Security—We maintain controls to prevent loss of data through mobile devices. •Artificial Intelligence Security—We maintain AI governance, including policies and a council, incorporating AI into our Nth Party Risk Assessment process, and implementing technical controls that enable people to use AI to complete tasks more efficiently and our cyber team to better combat more sophisticated threats that make use of AI.•Physical Security—We maintain physical security measures to protect our OT systems, consistent with a defense in-depth and risk-tiered approach. Physical security measures may include access control systems, video surveillance, around-the-clock command center monitoring, and physical barriers (e.g. fencing, walls, and bollards). Additional features of PSEG’s physical security program include threat intelligence, insider threat mitigation, background checks, a threat level advisory system, a business interruption management model, and active coordination with federal, state, and local law enforcement officials. See Item 1. Business. Regulatory Issues—Federal Regulation for a discussion of Critical Infrastructure Protection standards that the NERC promulgated that mitigate risk associated with both cybersecurity and physical security of PSEG’s critical facilities. These processes are integral to our overall risk management system/processes and inform the identification and assessment of risks and mitigations through our Enterprise Risk Management (ERM) program. The ERM team, led by the SVP, Audit, Enterprise, Risk and Compliance (AERC) considers cybersecurity risks alongside other PSEG risks, and facilitates discussion with PSEG subject matter experts to identify cybersecurity risks, evaluate their potential severity and likelihood, identify mitigations, including those identified above, and assess the impact of those mitigations on residual risk. In addition, PSEG maintains a Risk Management Committee (RMC), responsible for assessing exposure to and determining PSEG's overall risk management strategy, including with respect to cybersecurity. The RMC, supported by the ERM function, is chaired by the SVP, AERC and consists of members of senior management including the CIDO and six of the CEO’s other direct reports. In discharging its responsibilities related to cybersecurity threats, the RMC has received presentations from the CISO. To date, there has been no material impact or reasonably likely material impact on our business strategy, results of operations or financial condition from cybersecurity attacks or incidents. material risks from cybersecurity threats, assess our internal incident response preparedness and cyber posture, support incident response, conduct tabletop exercises, and comply with applicable laws and regulations. We also carry cybersecurity insurance that provides certain protection against losses from a cybersecurity incident. Regulatory agencies, including, but not limited to, the NRC, Transportation Security Administration (TSA), and NERC, inspect applicable components of our cybersecurity program. material risks from cybersecurity threats, assess our internal incident response preparedness and cyber posture, support incident response, conduct tabletop exercises, and comply with applicable laws and regulations. We also carry cybersecurity insurance that provides certain protection against losses from a cybersecurity incident. Regulatory agencies, including, but not limited to, the NRC, Transportation Security Administration (TSA), and NERC, inspect applicable components of our cybersecurity program. •Nth-Party Service Provider Management—We maintain processes to oversee and identify risks from cybersecurity threats associated with our use of Nth-party service providers, including a risk-based vendor management program, which incorporates cybersecurity contractual provisions, vendor security assessments and, if appropriate, periodic audits. Nth-Party Service Provider Management—We maintain processes to oversee and identify risks from cybersecurity threats associated with our use of Nth-party service providers, including a risk-based vendor management program, which incorporates cybersecurity contractual provisions, vendor security assessments and, if appropriate, periodic audits. We maintain processes to oversee and identify risks from cybersecurity threats associated with our use of Nth-party service providers •Technical Safeguards—We manage controls to protect our network perimeter, internal IT, and Operational Technology (OT) environments, including internal and external firewalls, network intrusion detection and prevention tools, penetration testing, vulnerability assessments, threat intelligence, endpoint security, and access controls. Technical Safeguards—We manage controls to protect our network perimeter, internal IT, and Operational Technology (OT) environments, including internal and external firewalls, network intrusion detection and prevention tools, penetration testing, vulnerability assessments, threat intelligence, endpoint security, and access controls. •Training and Awareness—We provide mandatory annual cybersecurity training to all personnel with network access, and additional education to personnel with access to industrial control systems and/or customer information systems. We conduct phishing exercises with progressive consequences for failures. We also share periodic cybersecurity awareness messages and each year, in recognition of Cybersecurity Awareness Month, we host presentations from internal and external cyber experts on diverse cyber topics. These efforts better enable those with network access to identify potential cybersecurity risks and escalate them appropriately. Training and Awareness—We provide mandatory annual cybersecurity training to all personnel with network access, and additional education to personnel with access to industrial control systems and/or customer information systems. We conduct phishing exercises with progressive consequences for failures. We also share periodic cybersecurity awareness messages and each year, in recognition of Cybersecurity Awareness Month, we host presentations from internal and external cyber experts on diverse cyber topics. These efforts better enable those with network access to identify potential cybersecurity risks and escalate them appropriately. •Incident Response Plans—We maintain and periodically update a cyber incident response plan that covers technical (i.e., detection, response, and recovery) and collaborative (i.e. external communication/disclosure and legal compliance) aspects of cyber incident and breach response; and conduct tabletop exercises to test plan effectiveness (both internally and through external exercises). Incident Response Plans—We maintain and periodically update a cyber incident response plan that covers technical (i.e., detection, response, and recovery) and collaborative (i.e. external communication/disclosure and legal compliance) aspects of cyber incident and breach response; and conduct tabletop exercises to test plan effectiveness (both internally and through external exercises). •Mobile Security—We maintain controls to prevent loss of data through mobile devices. Mobile Security—We maintain controls to prevent loss of data through mobile devices. •Artificial Intelligence Security—We maintain AI governance, including policies and a council, incorporating AI into our Nth Party Risk Assessment process, and implementing technical controls that enable people to use AI to complete tasks more efficiently and our cyber team to better combat more sophisticated threats that make use of AI. Artificial Intelligence Security—We maintain AI governance, including policies and a council, incorporating AI into our Nth Party Risk Assessment process, and implementing technical controls that enable people to use AI to complete tasks more efficiently and our cyber team to better combat more sophisticated threats that make use of AI. •Physical Security—We maintain physical security measures to protect our OT systems, consistent with a defense in-depth and risk-tiered approach. Physical security measures may include access control systems, video surveillance, around-the-clock command center monitoring, and physical barriers (e.g. fencing, walls, and bollards). Additional features of PSEG’s physical security program include threat intelligence, insider threat mitigation, background checks, a threat level advisory system, a business interruption management model, and active coordination with federal, state, and local law enforcement officials. See Item 1. Business. Regulatory Issues—Federal Regulation for a discussion of Critical Infrastructure Protection standards that the NERC promulgated that mitigate risk associated with both cybersecurity and physical security of PSEG’s critical facilities. Physical Security—We maintain physical security measures to protect our OT systems, consistent with a defense in-depth and risk-tiered approach. Physical security measures may include access control systems, video surveillance, around-the-clock command center monitoring, and physical barriers (e.g. fencing, walls, and bollards). Additional features of PSEG’s physical security program include threat intelligence, insider threat mitigation, background checks, a threat level advisory system, a business interruption management model, and active coordination with federal, state, and local law enforcement officials. See Item 1. Business. Regulatory Issues—Federal Regulation for a discussion of Critical Infrastructure Protection standards that the NERC promulgated that mitigate risk associated with both cybersecurity and physical security of PSEG’s critical facilities. These processes are integral to our overall risk management system/processes and inform the identification and assessment of risks and mitigations through our Enterprise Risk Management (ERM) program. The ERM team, led by the SVP, Audit, Enterprise, Risk and Compliance (AERC) considers cybersecurity risks alongside other PSEG risks, and facilitates discussion with PSEG subject matter experts to identify cybersecurity risks, evaluate their potential severity and likelihood, identify mitigations, including those identified above, and assess the impact of those mitigations on residual risk. In addition, PSEG maintains a Risk Management Committee (RMC), responsible for assessing exposure to and determining PSEG's overall risk management strategy, including with respect to cybersecurity. The RMC, supported by the ERM function, is chaired by the SVP, AERC and consists of members of senior management including the CIDO and six of the CEO’s other direct reports. In discharging its responsibilities related to cybersecurity threats, the RMC has received presentations from the CISO. To date, there has been no material impact or reasonably likely material impact on our business strategy, results of operations or financial condition from cybersecurity attacks or incidents. These processes are integral integral to our overall risk management system/processes and inform the identification and assessment of risks and mitigations through our Enterprise Risk Management (ERM) program. The ERM team, led by the SVP, Audit, Enterprise, Risk and Compliance (AERC) considers cybersecurity risks alongside other PSEG risks, and facilitates discussion with PSEG subject matter experts to identify cybersecurity risks, evaluate their potential severity and likelihood, identify mitigations, including those identified above, and assess the impact of those mitigations on residual risk. material Governance–PSEG Board of Directors (Board) Oversight of Risks from Cybersecurity Threats: •PSEG Board—The PSEG Board has ultimate responsibility for the oversight of risk management at PSEG, overseeing PSEG’s risk management program and reviewing the most significant risks facing PSEG, including Governance –PSEG Board of Directors (Board) Oversight of Risks from Cybersecurity Threats: PSEG Board of Directors (Board) Oversight of Risks from Cybersecurity Threats: •PSEG Board—The PSEG Board has ultimate responsibility for the oversight of risk management at PSEG, overseeing PSEG’s risk management program and reviewing the most significant risks facing PSEG, including •PSEG Board—The PSEG Board has ultimate responsibility for the oversight of risk management at PSEG, overseeing PSEG’s risk management program and reviewing the most significant risks facing PSEG, including PSEG Board—The PSEG Board has ultimate responsibility for the oversight of risk management at PSEG, overseeing PSEG’s risk management program and reviewing the most significant risks facing PSEG, including 34 34 Table of Contents Table of Contents Table of Contents cybersecurity risks. The Governance, Nominating and Sustainability Committee of the PSEG Board reviews key enterprise risks, including cybersecurity risks, and recommends to the Board the mapping of each risk to an appropriate committee or the full Board, in accordance with the allocation of risk categories reflected in the charter of each committee. Through this process, cybersecurity risks are mapped primarily to the Board’s Industrial Operations Committee (IOC), and also the Audit Committee. In providing oversight of risks from cybersecurity threats, the Board is informed of cybersecurity incidents as appropriate, by way of updates from Senior Management, pursuant to PSEG’s Cybersecurity Incident Response Plan, as administered by the CISO.•IOC—At the PSEG Board level, the IOC holds the primary responsibility, as enumerated in its charter, for overseeing PSEG’s cybersecurity program and assessing overall compliance through active, independent and critical oversight. The IOC is informed of cybersecurity risks by the CIDO and/or the CISO, during the IOC’s four regularly scheduled meetings per year, which each include cybersecurity as a standing agenda item. Cybersecurity updates to the IOC include discussions on OT and IT cyber risks, cybersecurity updates from the CISO and/or CIDO, and reviews of a corporate cybersecurity scorecard and other performance indicators. The CIDO and CISO regularly attend IOC meetings. In addition, the IOC meets with the CISO in executive session with no other members of management present. To ensure the full Board is kept informed about the cybersecurity risks discussed at the IOC meetings, the cybersecurity materials provided to the IOC are available for full viewing by all members of the Board, members of the Board who are not IOC members have a courtesy invitation to each IOC meeting, and the Chair of the IOC provides a summary of IOC meetings to the full Board, typically the day after the meeting takes place.•Audit Committee—The Audit Committee is responsible for overseeing cybersecurity risks related to financial reporting and internal controls. The Audit Committee receives an annual cybersecurity update from the CISO, either with the full Board or the IOC in attendance. Audit Committee members have an invitation to all IOC meetings, have full access to IOC meeting materials, and receive the summary of IOC meetings from the IOC Chair as noted above. •Governance, Nominating and Sustainability Committee and Audit Committee—These committees are briefed at least annually on enterprise-level risks and emerging risks, including those related to cybersecurity, and receive regular updates on PSEG RMC activities, including those related to cybersecurity. •Board of Directors, IOC, and Audit Committee—In providing oversight of risks from cybersecurity threats, the Board, IOC, and Audit Committee are informed of cybersecurity risks through frequent reports on such topics as personnel and resources to monitor and address cybersecurity threats, technological advances in cybersecurity protection, rapidly evolving cybersecurity threats that may affect us and our industry, cybersecurity incident response and applicable cybersecurity laws, regulations and standards, as well as collaboration mechanisms with intelligence and enforcement agencies and industry groups to assure timely threat awareness and response coordination. In addition, risks associated with cybersecurity incidents, or potential incidents, are escalated by senior management promptly to the Board outside of regularly scheduled meetings, if appropriate. –Management’s Role in Assessing and Managing Material Cybersecurity Risks:The assessment and management of material risks from cyber threats is managed by the CIDO, CISO and Cybersecurity Council, as further described below. •CIDO—The CIDO has had the overall responsibility for PSEG’s cybersecurity since September 2022, including the assessment and management of material risks to PSEG from cybersecurity threats. The CIDO has served in that position since August 2020 and is a direct report to the CEO. The CIDO has over 25 years of energy experience inclusive of leading technology compliance with cybersecurity regulations for nuclear, transmission, gas and corporate assets. Our CIDO’s experience includes leading the secure technology design, development, and deployment strategy for grid modernization efforts, including digital customer engagement platforms, advanced metering, enterprise asset management and distribution automation functionality. As noted above, the CIDO regularly attends and provides updates with the CISO to the IOC. cybersecurity risks. The Governance, Nominating and Sustainability Committee of the PSEG Board reviews key enterprise risks, including cybersecurity risks, and recommends to the Board the mapping of each risk to an appropriate committee or the full Board, in accordance with the allocation of risk categories reflected in the charter of each committee. Through this process, cybersecurity risks are mapped primarily to the Board’s Industrial Operations Committee (IOC), and also the Audit Committee. In providing oversight of risks from cybersecurity threats, the Board is informed of cybersecurity incidents as appropriate, by way of updates from Senior Management, pursuant to PSEG’s Cybersecurity Incident Response Plan, as administered by the CISO.•IOC—At the PSEG Board level, the IOC holds the primary responsibility, as enumerated in its charter, for overseeing PSEG’s cybersecurity program and assessing overall compliance through active, independent and critical oversight. The IOC is informed of cybersecurity risks by the CIDO and/or the CISO, during the IOC’s four regularly scheduled meetings per year, which each include cybersecurity as a standing agenda item. Cybersecurity updates to the IOC include discussions on OT and IT cyber risks, cybersecurity updates from the CISO and/or CIDO, and reviews of a corporate cybersecurity scorecard and other performance indicators. The CIDO and CISO regularly attend IOC meetings. In addition, the IOC meets with the CISO in executive session with no other members of management present. To ensure the full Board is kept informed about the cybersecurity risks discussed at the IOC meetings, the cybersecurity materials provided to the IOC are available for full viewing by all members of the Board, members of the Board who are not IOC members have a courtesy invitation to each IOC meeting, and the Chair of the IOC provides a summary of IOC meetings to the full Board, typically the day after the meeting takes place.•Audit Committee—The Audit Committee is responsible for overseeing cybersecurity risks related to financial reporting and internal controls. The Audit Committee receives an annual cybersecurity update from the CISO, either with the full Board or the IOC in attendance. Audit Committee members have an invitation to all IOC meetings, have full access to IOC meeting materials, and receive the summary of IOC meetings from the IOC Chair as noted above. •Governance, Nominating and Sustainability Committee and Audit Committee—These committees are briefed at least annually on enterprise-level risks and emerging risks, including those related to cybersecurity, and receive regular updates on PSEG RMC activities, including those related to cybersecurity. •Board of Directors, IOC, and Audit Committee—In providing oversight of risks from cybersecurity threats, the Board, IOC, and Audit Committee are informed of cybersecurity risks through frequent reports on such topics as personnel and resources to monitor and address cybersecurity threats, technological advances in cybersecurity protection, rapidly evolving cybersecurity threats that may affect us and our industry, cybersecurity incident response and applicable cybersecurity laws, regulations and standards, as well as collaboration mechanisms with intelligence and enforcement agencies and industry groups to assure timely threat awareness and response coordination. In addition, risks associated with cybersecurity incidents, or potential incidents, are escalated by senior management promptly to the Board outside of regularly scheduled meetings, if appropriate. cybersecurity risks. The Governance, Nominating and Sustainability Committee of the PSEG Board reviews key enterprise risks, including cybersecurity risks, and recommends to the Board the mapping of each risk to an appropriate committee or the full Board, in accordance with the allocation of risk categories reflected in the charter of each committee. Through this process, cybersecurity risks are mapped primarily to the Board’s Industrial Operations Committee (IOC), and also the Audit Committee. In providing oversight of risks from cybersecurity threats, the Board is informed of cybersecurity incidents as appropriate, by way of updates from Senior Management, pursuant to PSEG’s Cybersecurity Incident Response Plan, as administered by the CISO. cybersecurity risks. The Governance, Nominating and Sustainability Committee of the PSEG Board reviews key enterprise risks, including cybersecurity risks, and recommends to the Board the mapping of each risk to an appropriate committee or the full Board, in accordance with the allocation of risk categories reflected in the charter of each committee. Through this process, cybersecurity risks are mapped primarily to the Board’s Industrial Operations Committee (IOC), and also the Audit Committee. In providing oversight of risks from cybersecurity threats, the Board is informed of cybersecurity incidents as appropriate, by way of updates from Senior Management, pursuant to PSEG’s Cybersecurity Incident Response Plan, as administered by the CISO. cybersecurity ri sks. •IOC—At the PSEG Board level, the IOC holds the primary responsibility, as enumerated in its charter, for overseeing PSEG’s cybersecurity program and assessing overall compliance through active, independent and critical oversight. The IOC is informed of cybersecurity risks by the CIDO and/or the CISO, during the IOC’s four regularly scheduled meetings per year, which each include cybersecurity as a standing agenda item. Cybersecurity updates to the IOC include discussions on OT and IT cyber risks, cybersecurity updates from the CISO and/or CIDO, and reviews of a corporate cybersecurity scorecard and other performance indicators. The CIDO and CISO regularly attend IOC meetings. In addition, the IOC meets with the CISO in executive session with no other members of management present. To ensure the full Board is kept informed about the cybersecurity risks discussed at the IOC meetings, the cybersecurity materials provided to the IOC are available for full viewing by all members of the Board, members of the Board who are not IOC members have a courtesy invitation to each IOC meeting, and the Chair of the IOC provides a summary of IOC meetings to the full Board, typically the day after the meeting takes place. IOC—At the PSEG Board level, the IOC holds the primary responsibility, as enumerated in its charter, for overseeing PSEG’s cybersecurity program and assessing overall compliance through active, independent and critical oversight. The IOC is informed of cybersecurity risks by the CIDO and/or the CISO, during the IOC’s four regularly scheduled meetings per year, which each include cybersecurity as a standing agenda item. Cybersecurity updates to the IOC include discussions on OT and IT cyber risks, cybersecurity updates from the CISO and/or CIDO, and reviews of a corporate cybersecurity scorecard and other performance indicators. The CIDO and CISO regularly attend IOC meetings. In addition, the IOC meets with the CISO in executive session with no other members of management present. To ensure the full Board is kept informed about the cybersecurity risks discussed at the IOC meetings, the cybersecurity materials provided to the IOC are available for full viewing by all members of the Board, members of the Board who are not IOC members have a courtesy invitation to each IOC meeting, and the Chair of the IOC provides a summary of IOC meetings to the full Board, typically the day after the meeting takes place. IOC —At the PSEG Board level, the IOC holds the primary responsibility, as enumerated in its charter, for overseeing PSEG’s cybersecurity program and assessing overall compliance through active, independent and critical oversight. •Audit Committee—The Audit Committee is responsible for overseeing cybersecurity risks related to financial reporting and internal controls. The Audit Committee receives an annual cybersecurity update from the CISO, either with the full Board or the IOC in attendance. Audit Committee members have an invitation to all IOC meetings, have full access to IOC meeting materials, and receive the summary of IOC meetings from the IOC Chair as noted above. Audit Committee—The Audit Committee is responsible for overseeing cybersecurity risks related to financial reporting and internal controls. The Audit Committee receives an annual cybersecurity update from the CISO, either with the full Board or the IOC in attendance. Audit Committee members have an invitation to all IOC meetings, have full access to IOC meeting materials, and receive the summary of IOC meetings from the IOC Chair as noted above.

🟢 New in Current Filing Demand, Supply and Energy Costs 🔒
🟢 New in Current Filing Future Outlook 🔒
🟢 New in Current Filing Significant resource adequacy challenges present affordability and reliability concerns that could cause policymakers to implement responsive measures that could have a material, adverse impact on our business, strategy, growth rates, cash flows, results of operation, and financial condition and increase regulatory uncertainty for utility investment initiatives and programs. 🔒
🟢 New in Current Filing Audit Committee 🔒
🟢 New in Current Filing Board of Directors, IOC, and Audit Committee 🔒
🟢 New in Current Filing Environmental Regulation 🔒
🟢 New in Current Filing Federal and State Executive Orders and State Legislative and Other Activity 🔒
🟢 New in Current Filing Derivative Instruments 🔒
🟢 New in Current Filing Long-Lived Assets 🔒
🟢 New in Current Filing Asset Retirement Obligations (ARO) 🔒
🟢 New in Current Filing PSEG and PSE&G 🔒
🟢 New in Current Filing Gas Property and Facilities 🔒
🟢 New in Current Filing Average Price Paid per Share 🔒
🟢 New in Current Filing EXECUTIVE OVERVIEW OF 2025 AND FUTURE OUTLOOK 🔒
🟢 New in Current Filing Climate Strategy and Sustainability Efforts 🔒
🟢 New in Current Filing Interest Rate Matters 🔒
🟢 New in Current Filing Tax Legislation 🔒
🟢 New in Current Filing Default Provisions 🔒
🟢 New in Current Filing Credit Ratings 🔒
🟢 New in Current Filing Qualified Pension 🔒
🟢 New in Current Filing Qualified Pension 🔒
🟢 New in Current Filing Nuclear Decommissioning AROs 🔒
🟢 New in Current Filing Accounting for Regulated Businesses 🔒
🟢 New in Current Filing Uncertain Tax Positions - Nuclear Production Tax Credits (PTCs) 🔒
🟢 New in Current Filing 99.5% Confidence Level, Loss could exceed VaR one day in 200 days 🔒
🟢 New in Current Filing Interest Rates 🔒
🟢 New in Current Filing Debt and Equity Securities 🔒
🔴 No Match in Current Filing Inability to successfully develop, obtain regulatory approval for, or construct T&D, and our nuclear generation projects could adversely impact our businesses. 🔒
🟢 New in Current Filing Total Nuclear 🔒
🟢 New in Current Filing Number of SecuritiesRemaining Availablefor Future Issuanceunder EquityCompensation Plans(excluding securitiesreflected in column (a))(c) 🔒
🟢 New in Current Filing Competitively Bid, FERC Regulated Transmission 🔒
🟢 New in Current Filing New Jersey Clean Energy Stakeholder Proceedings 🔒
🟢 New in Current Filing 2024 vs. 2023 🔒
🟢 New in Current Filing 2024 vs. 2023 🔒
🟢 New in Current Filing Year Ended December 31, 2025 as compared to 2024 🔒
🟢 New in Current Filing Operating Expenses 🔒
🟢 New in Current Filing Year Ended December 31, 2024 as compared to 2023 🔒
🟢 New in Current Filing 2024 vs. 2023 🔒
🟢 New in Current Filing Year Ended December 31, 2025 as compared to 2024 🔒
🟢 New in Current Filing Operating Expenses 🔒
🟢 New in Current Filing Year Ended December 31, 2024 as compared to 2023 🔒
🟢 New in Current Filing Financing Methodology 🔒
🟢 New in Current Filing Operating Cash Flows 🔒
🟢 New in Current Filing Short-Term Liquidity 🔒
🟢 New in Current Filing AvailableLiquidity 🔒
🟢 New in Current Filing Debt Covenants 🔒
🟢 New in Current Filing Ratings Triggers 🔒
🟢 New in Current Filing Dividend Payments on Common Stock 🔒
🟢 New in Current Filing Moody’s (A) 🔒
🟢 New in Current Filing Other Comprehensive Income 🔒
🟢 New in Current Filing CAPITAL REQUIREMENTS 🔒
🟢 New in Current Filing Total PSE&G 🔒
🟢 New in Current Filing Competitively Bid, FERC Regulated Transmission 🔒
🟢 New in Current Filing Other Material Cash Requirements 🔒
🟢 New in Current Filing CRITICAL ACCOUNTING ESTIMATES 🔒
🟢 New in Current Filing Accounting for Pensions and Other Postretirement Benefits (OPEB) 🔒
🟢 New in Current Filing Commodity Contracts 🔒
🟢 New in Current Filing Value-at-Risk (VaR) Models 🔒
🟢 New in Current Filing REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM 🔒
🟢 New in Current Filing Opinion on the Financial Statements 🔒
🟢 New in Current Filing Basis for Opinion 🔒
🟢 New in Current Filing Critical Audit Matter 🔒
🟢 New in Current Filing Accounting for the Effects of Regulation – Refer to Notes 1 and 5 to the financial statements 🔒
🟢 New in Current Filing REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM 🔒
🟢 New in Current Filing Opinion on the Financial Statements 🔒
🟢 New in Current Filing Basis for Opinion 🔒
🟢 New in Current Filing Critical Audit Matter 🔒
🟢 New in Current Filing Accounting for the Effects of Regulation – Refer to Notes 1 and 5 to the financial statements 🔒
🟢 New in Current Filing December 31, 🔒
🟢 New in Current Filing LIABILITIES AND CAPITALIZATION 🔒
🟡 Modified We are subject to numerous federal, state and local environmental laws and regulations that may significantly limit or affect our businesses, result in significant litigation, adversely impact our business plans and/or expose us to significant environmental fines, costs and other liabilities. 🔒
🟡 Modified The markets, and/or PTC may not provide sufficient financial support for our New Jersey nuclear plants which could result in the retirement of all of these nuclear plants. 🔒
🟡 Modified Financial market performance directly affects the asset values of our defined benefit plan trust funds and Nuclear Decommissioning Trust (NDT) Fund. Market performance and other factors could decrease the value of trust assets and could result in the need for significant additional funding. 🔒
🟡 Modified Any inability to recover the carrying amount of our long-lived assets could result in future impairment charges which could have a material adverse impact on our financial condition and results of operations. 🔒
🟢 New in Current Filing Generation activities at the Peach Bottom plants present risks similar to those to which nuclear generation plants that we operate are subject. 🔒
🟢 New in Current Filing Electric Property and Facilities 🔒
🟢 New in Current Filing Generation Facilities 🔒
🟢 New in Current Filing OwnedCapacity(MW) 🔒
🟢 New in Current Filing Financial Results 🔒
🟢 New in Current Filing Years Ended December 31, 🔒
🟢 New in Current Filing PSEG Net Income Per Share (Diluted) 🔒
🟢 New in Current Filing Regulatory, Legislative and Other Developments 🔒
🟢 New in Current Filing Transmission Rate Proceedings and Return on Equity (ROE) 🔒
🟢 New in Current Filing Years Ended December 31, 🔒
🟢 New in Current Filing PSEG Net Income Per Share (Diluted) 🔒
🟢 New in Current Filing Years Ended December 31, 🔒
🟢 New in Current Filing LIQUIDITY AND CAPITAL RESOURCES 🔒
🟢 New in Current Filing Long-Term Debt Financing 🔒
🟢 New in Current Filing PSEG Power & Other 🔒
🟢 New in Current Filing Long-Term Recourse Debt Maturities 🔒
🟢 New in Current Filing Interest on Recourse Debt 🔒
🟢 New in Current Filing Operating Leases 🔒
🟢 New in Current Filing Energy-Related Purchase Commitments 🔒
🟢 New in Current Filing 95% Confidence Level, Loss could exceed VaR one day in 20 days 🔒
🟢 New in Current Filing Years Ended December 31, 🔒
🟢 New in Current Filing Years Ended December 31, 🔒
🔴 No Match in Current Filing An increasing demand for power and load growth, potentially compounded by a shift away from natural gas toward increased electrification could cause reliability issues and higher costs for customers, which could lead to potential pressure on fair and timely recovery of our investments and proposed programs. 🔒
🟡 Modified Cybersecurity attacks, data breaches, or intrusions or other disruptions to our IT, operational or other systems could adversely impact our businesses. 🔒
🟡 Modified There may be periods when PSEG Power generation may not operate and/or may not be able to meet its commitments under forward sale obligations and PJM rules at a reasonable cost or at all. 🔒
🟡 Modified We may be unable to obtain an adequate nuclear fuel supply in the future. 🔒
🟡 Modified We are subject to physical, financial and transition risks related to climate change, including potentially increased legislative and regulatory burdens and changing customer preferences, and we may be subject to lawsuits, all of which could impact our businesses and results of operations. 🔒
🟡 Modified PSE&G’s revenues, earnings and results of operations are dependent upon state laws and regulations that affect distribution and related activities. 🔒
🟡 Modified We may be adversely affected by changes in energy regulatory policies, including energy and capacity market design rules and developments affecting transmission. 🔒
🟡 Modified The introduction or expansion of technologies related to energy generation, distribution and consumption and changes in customer usage patterns could adversely impact us. 🔒
104 more changes in this filing

Full diff access, historical comparisons, and cross-company signal tracking.

Get full access — from $29/month Already a Pro subscriber? View full diff →