6-K

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 6-K

Report of Foreign Private Issuer

Pursuant to Rule 13a-16 or 15d-16 of the

Securities Exchange Act of 1934

For the month of May, 2026

Commission File Number 1-34129

AXIA Energia S.A.

(Exact name of registrant as specified in its charter)

AXIA Energia S.A.

(Translation of Registrant's name into English)

Avenida Graça Aranha, 26Centro, CEP 20030-900Rio de Janeiro, RJ, Brazil

(Address of principal executive office)

Indicate by check mark whether the registrant files or will file annual reports under cover Form 20-F or Form 40-F.

Form 20-F ___X___ Form 40-F _______

Indicate by check mark whether the registrant by furnishing the information contained in this Form is also thereby furnishing the information to the Commission pursuant to Rule 12g3-2(b) under the Securities Exchange Act of 1934.

Yes _______ No___X____

CLASSIFICATION: PUBLIC POLICY 1/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date 04/30/2026 PREPARED BY:Vice-Presidency of Governance and Sustainability | Risk Management Directorate REVIEWED BY: Process and Normative Management | ComplianceDirectorate Corporate Governance Directorate | General Legal Directorate APPROVED BY: Executive Board (DE) – RES-181/2026, of 04/22/2026Board of Directors (CA) - DEL-051/2026, of 04/30/2026 VALIDITY: 5 years The contents of this document may not be reproduced without properauthorization. All rights belong to Axia Energia. CLASSIFICATION: PUBLIC POLICY 2/13 PO-GN.01-002 Risk Management and Internal ControlsEdition 9.0 Effective Date 04/30/2026 TABLE OF CONTENTS 1 Introduction ........................................................................................................................3 2 References .........................................................................................................................3 3 Conceptualization ................................................................................................................4 4 Principles ............................................................................................................................5 5 Guidelines ..........................................................................................................................8 6 Responsibilities ...................................................................................................................10 7 General Provisions ..............................................................................................................12 8 Amendment History ............................................................................................................ 129. Appendices / Annexes ......................................................................................................... 12 CLASSIFICATION:PUBLIC POLICY 3/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date 04/30/2026 1 INTRODUCTION 1.1 PURPOSEEstablish principles, guidelines and responsibilities to guide the processes of identification, evaluation, treatment, monitoring andcommunication of risks and internal controls inherent to Axia Energia's activities, incorporating the risk perspective into strategicplanning and decision-making, as well as the internal controls perspective into its processes, in accordance with applicable regulationsand best market practices. 1.2 SCOPE This policy applies to Axia Energia. 2 REFERENCES 2.1 Federal Law no. 12.846/2013 (Anti-CorruptionLaw) – Provides for the administrative and civil liability of legal entities for the practice of acts against the public administration,national or foreign, and makes other provisions. 2.2 Federal Decree No. 11.129/2022 – Regulates Law No. 12.846, of August 1, 2013,which provides for the administrative and civil liability of legal entities for the practice of acts against the public administration,national or foreign. 2.3 Foreign Corrupt Practices Act (FCPA), 1977. 2.4 Sarbanes-Oxley Act of 2002, with emphasis on sections 302 and404. 2.5 CVM Resolution No. 80/2022 (as amended a posteriori) – Provides for the registration of issuers of securities admittedto trading on regulated securities markets. 2.6 COSO 2013 (Committee of Sponsoring Organizations of the Treadway Commission) – InternalControl – Integrated Framework. 2.7 COSO ERM 2017 (Committee of Sponsoring Organizations of the Treadway Commission – EnterpriseRisk Management). 2.8 Axia Energia's Code of Conduct. 2.9 Code of Best Corporate Governance Practices of the Brazilian Institute of CorporateGovernance – IBGC, 2023. 2.10 Corporate Governance Notebooks – Corporate Risk Management – Evolution in Governance andStrategy – IBGC, 2017. 2.11 Standard ABNT NBR ISO 31000:2018 – Risk Management – Guidelines. 2.12 IIA 2020 Three LinesModel (Institute of Internal Auditors). 2.13 Compliance Policy. 2.14 Novo Mercado Regulation of B3 S.A. – Brasil, Bolsa, Balcão.CLASSIFICATION: PUBLIC POLICY 4/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date 04/30/2026 3 CONCEPTUALIZATION3.1 ACRONYMS 3.1.1 CA – Board of Directors 3.1.2 CAE – Audit and Risk Committee 3.1.3 CF – Fiscal Council 3.1.4 DE –Executive Board 3.2 CONCEPTS 3.2.1 Risk Appetite – Limit of exposure to risks that the Company is willing to accept to achieve itsstrategic objectives and create value for shareholders. 3.2.2 Control Owner Area - Organizational unit responsible for internal control,including its adequacy, execution and documentation of evidence. 3.2.3 Risk Owner Area (Risk Owner) – Organizational unit that holdsauthority and responsibility for risk management. 3.2.4 Axia Energia – Centrais Elétricas Brasileiras S/A and companies inwhich it has direct or indirect corporate control. 3.2.5 Internal Controls – Set of actions and procedures aimed at managing risksand increasing the likelihood that the objectives and goals established by the Company will be achieved. 3.2.6 Board of Directors - Collegiatebody of Axia Energia responsible for establishing the general orientation of the company's business, defining its strategic direction,ensuring the proper functioning of the governance, risk management and internal control systems and ensuring the orderly succession ofmanagement. 3.2.7 Deficiency – Absence or failure of control that does not allow adequate mitigation of the associated risk, alsoknown as internal control gap. 3.2.8 Executive Board – Collegiate body composed of the President and Vice-Presidents, which hasspecific powers and authority conferred by the Bylaws and the Board of Directors. 3.2.9 Risk Event – Event or situation, arisingfrom an internal or external source, that affects, or has the potential to negatively affect, the achievement of a Company objective.3.2.10 Integrated Management of Risks and Internal Controls – Architecture implemented in the Company for risk management and internalcontrols, based on common methodology and language and aligned with the other lines. Through a structured approach and a better understandingof the interrelationships between risks and internal controls, it aligns strategy, processes, people, technology and knowledge, with theobjective of preserving and creating value for the company and its shareholders. 3.2.11 Impact – Result of the materialization ofa risk that affects the Company's business, processes and operations, which may be expressed qualitatively and/or quantitatively. CLASSIFICATION:PUBLIC POLICY 5/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date 04/30/2026 3.2.12 Uncertainty –State, even if partial, of the deficiency of information related to an event, its understanding, knowledge, consequence or probability,which may constitute a threat to the company. 3.2.13 Risk Indicator – Measurement that, associated with the context assessment,is used to assess the risk behavior and provide alerts regarding the level of exposure or the potential for future loss. 3.2.14 ThreeLines Model – Set of principles and guidelines prepared and disseminated by IIA Global (The Institute of Internal Auditors), withthe objective of clarifying and organizing the responsibilities and roles of the organization's professionals in risk management and internalcontrols. 3.2.15 Risk Portfolio – Set of risk events identified by the Company, described and classified into pillars and categories.3.2.16 Probability – Chance of something happening, regardless of whether it is defined, measured or determined objectively or subjectively,qualitatively or quantitatively. 3.2.17 Professional – For the purposes of this normative document, "professional" is consideredto be the term equivalent to "worker", as defined in ISO 45001, covering any person who performs work or carries out work-related activitiesunder the responsibility of Axia Energia, within the scope of its safety, health and occupational protection guidelines. Note 1: Thisincludes people who perform work or work-related activities, paid or unpaid, regularly or temporarily, intermittently or seasonally, ona full-time or part-time basis. Note 2: The concept of professional covers members of Management, as well as people in managerial andnon-managerial level positions. Note 3: Work-related activities may be performed by Company employees, external supplier professionals,contractors, agency professionals, individuals or third parties, provided that Axia Energia has responsibility for occupational healthand safety conditions, subject to applicable legal and contractual limits. 3.2.18 Remediation of Deficiencies – Action plan documentedby the area responsible for the deficiency, in order to address inconsistencies identified during the tests carried out by internal andexternal audits. 3.2.19 Risk Response – Action taken to reduce, maintain or avoid the Company's exposure to risk, acting on theprobability and/or impact, including, but not limited to, internal controls. 3.2.20 Risk – Negative effect of uncertainties on theCompany's objectives. 4 PRINCIPLES 4.1 Risk Appetite Statement 4.1.1 Value creation is essential for the Company. Leadership in our market,through investments in generation, transmission and commercialization focused on clean energy, is part of our sustainable growth agenda.We do not tolerate decisions that may compromise the health and safety of our employees and third parties, or any other person, as wellas the operational safety of our assets, profitability, financial discipline, corporate sustainability and ethical and compliance standards.We seek CLASSIFICATION: PUBLIC POLICY 6/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date 04/30/2026 tobe innovators, considering the relevance of investing in other segments, diversifying our portfolio of businesses and services, in synergyand appropriate to the company's strategy. 4.2 Value Generation for Axia Energia 4.2.1 The Company recognizes that integrated risk managementand internal controls are directly related to the strategic guidelines of sustainable growth, profitability and value creation for thecompany by allowing the preventive identification of threats to business objectives, weaknesses in processes and risk-based decision-making.4.3 Adoption of Good Corporate Governance Practices 4.3.1 The Company adopts the best corporate governance practices, with regard to riskmanagement, internal controls and anti-fraud and anti-corruption policies and practices, in a systematic, structured and timely manner,in order to improve and maintain the transparency and quality of its information, disclosed internally and externally, seeking a betterreputation with the market and a differential in generating value for its shareholders and other stakeholders. 4.4 Use of Standards andMethodologies Recognized by the Market 4.4.1 With a model based on formalized methodologies and standards, recognized by the market anddisseminated in the Company, integrated risk management and internal controls are aligned with strategies, initiatives and organizationalstructures, in addition to meeting the requirements of sectoral, regulatory and supervisory bodies. 4.4.2 To support risk management andinternal control activities, the Company adopts, in an integrated manner, a unique systemic solution that has functionalities for continuousassessment and monitoring of the risks inherent to its business, in addition to allowing the self-assessment of design and effectivenesstests for internal controls, thus allowing the reliability of information and security to the business where the Company operates. 4.5Establishment of Roles and Responsibilities 4.5.1 The Company formally defines and communicates the roles and responsibilities of eachof the employees involved in the risk management and internal control processes. 4.6 Involvement of Governance Bodies 4.6.1 The performanceof the Board of Directors, the Audit and Risk Committee, the Fiscal Council and the Executive Board assumes a primordial role for thesuccess of the risk management and internal control processes, since they are the main ones involved in decision-making on strategic issuesof the Company. 4.7 Establishment and Maintenance of the Infrastructure Required for Integrated Risk Management and Internal Controls4.7.1 To manage risks and internal controls efficiently, the Company has an adequate and integrated infrastructure of processes, peopleand technology, establishing clear and objective communication mechanisms. 4.8 Integration of Risk Management and Internal Controls intoOrganizational Processes CLASSIFICATION: PUBLIC POLICY 7/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date04/30/2026 4.8.1 Integrated risk management and internal controls permeate the Company's organizational practices and processes, in orderto: a) ensure the identification of inherent and residual risk events in their business areas, whether individual or corporate; b) ensurethe effectiveness of its processes, through periodic mapping, self-assessment and internal control effectiveness tests. 4.9 Periodic Analysisof Risk Management and Internal Controls at Axia Energia 4.9.1 The risk management and internal control areas play a critical role forthe Company and must ensure the effectiveness of risk management and internal controls through frequent reviews, supporting the achievementof its objectives. 4.9.2 The Company evaluates its maturity in risk management, through a model adapted from the Corporate GovernanceGuides – Corporate Risk Management, of the Brazilian Institute of Corporate Governance (IBGC), and evaluates the control environmentthrough tests of effectiveness in its internal controls. 4.10 Adoption of the Three Lines Model 4.10.1 Axia Energia adopts its risk managementand internal controls model based on the Three Lines Model, illustrated in the organization chart in Appendix I, which ensures the cleardefinition of roles and responsibilities to support the achievement of objectives, protection and value creation. In this context: a)First line: It comprises the business areas, process and project managers, being responsible for the execution of operations and the deliveryof products and services, including the Presidency and Vice-Presidencies. It is responsible for the direct management of risks and theimplementation of effective internal controls, ensuring that activities take place in accordance with corporate, legal and ethical guidelines.By managing risks at source, the first line ensures operational continuity and the generation and protection of value necessary to achieveorganizational objectives; b) Second line: It is composed of specialist areas that establish guidelines, methodologies and standards forrisk management, internal controls and compliance – being represented by the Governance, Compliance, Information Security, Sustainabilityand Risks and Internal Controls Boards. Its role is to support the first line through technical support, monitoring and constructive questioning,without replacing its responsibility for risk management and control execution. By strengthening the resilience, integrity and reliabilityof information, the second line contributes directly to the generation of value for stakeholders, through the creation of an environmentof trust and transparency and to the protection of value through risk-based decision-making; c) Third line: Represented by the InternalAudit, reporting to the CAE and the Board of Directors, it provides independent assessment and advice on the effectiveness of governance,risks and internal controls. Acting with full autonomy in relation to management, it reports its conclusions directly to the governancebodies to promote continuous improvement and the achievement of objectives. This function is essential for protecting value, ensuringthat organizational processes are resilient, transparent and aligned with Axia Energia's best market practices and strategic objectives.4.11 Reporting Structure CLASSIFICATION: PUBLIC POLICY 8/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date04/30/2026 4.11.1 The company's risk management structure is based on the best governance practices, ensuring the autonomy and independenceof the areas responsible for the risk management and audit processes, as well as the transparency and free flow of information to thegovernance bodies, facilitating decision making. 4.11.2 The reporting lines between the areas involved in the process, with the identificationof the performance of the three lines, are illustrated in the organization chart inserted in Appendix I of this policy. 5 GUIDELINES 5.1Axia Energia, in order to achieve the objectives established in this policy, must perform the macro-steps of the risk management and internalcontrol processes described in the following sub-items. 5.2 Risk identification and mapping of internal controls 5.2.1 The identificationof risks must recognize and describe the main risks to which the Company is exposed, whether of a strategic or operational nature, includingpossible changes in its business environment. 5.2.2 For risks of a strategic nature, a corporate Risk Portfolio with events, their respectivedescriptions and the owners of the risks must be defined. 5.2.2.1 The identification of risks of a strategic nature must be carried outwith the participation of the Executive Board and those responsible for the business areas. 5.2.3 For risks of an operational nature,inherent to the Company's processes, internal controls that operate in accordance with the activities performed by the management areamust be mapped and designed, in order to ensure operational efficiency, accurate reports and compliance with current laws, regulationsand policies. 5.2.3.1 The documentation of internal controls is a guiding and essential tool for the execution of independent tests, whoseworking papers and planned activities are based on the controls described therein. 5.3 Assessment of risks and internal control environment5.3.1 In the case of risks of a strategic nature, after their identification, causes and consequences must be raised and qualitative and/orquantitative analyses must be carried out, aiming at the definition of the impact and probability attributes, used in the prioritizationof the risks to be treated. 5.3.1.1 In the assessment of strategic risks, the survey and analysis of existing responses and internal controlsshould also be considered, thus determining the residual risks. 5.3.2 In the case of risks of an operational nature, the internal controlenvironment must be periodically evaluated through Management's tests, contemplating in its scope the key controls, which must be determinedbased on their relevance to the results of the processes and to the achievement of the Company's objectives and goals. 5.3.2.1 Management'stests aim to evaluate the effectiveness of controls and identify any ineffective controls, as well as recommend improvements to improvethe internal control environment. CLASSIFICATION: PUBLIC POLICY 9/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 EffectiveDate 04/30/2026 5.3.2.2 The external auditor performs the independent tests in accordance with the auditing standards and presents theresult of the work through the internal control report, in connection with the financial statements. 5.4 Treatment of risks and remediationof internal control deficiencies 5.4.1 After the evaluation, the Executive Board's position with respect to a risk of a strategic naturemust be aligned with the risk appetite defined by the Board of Directors. The positioning options are: a) avoid: the company chooses notto start or continue in business, processes and activities that may generate risks or cause its exposure; b) coexist/accept: the companyunderstands that the exposure to risk is in accordance with its appetite; or understands that the effort to mitigate or transfer it wouldbe greater than the value of the impact caused by its materialization; or, due to the risk being of external origin, but inherent to itsactivities, there is no way to reduce its exposure. Coexisting with the risk presupposes monitoring the Company's exposure to risk; c)mitigate/transfer: the company seeks to minimize its exposure to risk, either by reducing the impact and/or probability with risk responsesand/or design of internal controls, or by transferring/sharing the impacts of the risk with other agents. 5.4.1.1 If the position is toavoid, mitigate or transfer, the Company must execute responses, including through internal controls, aimed at maintaining risk exposurein line with the appetite approved by the Board of Directors. 5.4.2 Deficiencies identified in the internal control environment, whetherthrough Management testing or Independent Audit assessment, must be addressed and remedied through deficiency-specific action plans. 5.4.2.1Whenever there is a formalized indication of deficiencies, action plans must be created by the areas that own the controls, with the supportof the internal controls area, to adapt ineffective controls and/or create necessary controls. 5.5 Monitoring of risks and the internalcontrol environment 5.5.1 In the monitoring process, you must: a) supervise the implementation and maintenance of risk responses and actionplans to remedy internal control deficiencies; b) verify the achievement of the objectives of the responses and the remediation plansestablished, through continuous management activities and/or independent evaluations; c) ensure that responses and remediation plans arefit for purpose, effective and efficient; d) detect changes in the external and internal context, identifying emerging risks; e) analyzechanges in risk events, processes, trends, successes and failures, and learn from them. 5.5.1.1 In the periodic assessments of strategicrisks, the risk owner areas must make efforts to additionally define proactive monitoring metrics and/or models, or even risk indicators,so that, where defined by the Board of Directors, the status of risk exposure can be monitored, in a more specific format and detail,compared to the limits and tolerances determined by the Board of Directors itself. CLASSIFICATION: PUBLIC POLICY 10/13 PO-GN.01-002 RiskManagement and Internal Controls Edition 9.0 Effective Date 04/30/2026 5.6 Communication of risks and internal controls 5.6.1 Communication,during all stages of the risk management and internal control processes, must reach all stakeholders, being carried out in a clear andobjective manner, respecting the good governance practices required by the market. 6 RESPONSIBILITIES 6.1 Board of Directors 6.1.1 Ratifythe approval of this policy. 6.1.2 Approve the reporting schedule, as well as its revisions, upon proposal of the Executive Board andopinion of the CAE. 6.1.3 Determine the risk appetite, upon proposal of the Executive Board and opinion of the CAE. 6.1.4 Supervise therisk management and internal control processes, through regular reports from the Executive Board, evaluated by the CAE, focusing on theadequacy of the process, risk responses and the results of internal control tests. 6.2 Audit and Risk Committee 6.2.1 Monitor the riskmanagement and internal control processes, bringing the most relevant findings to the attention of the Board of Directors. 6.2.2 Analyzeall material submitted to the Board of Directors about the Company's risk management and internal controls, issuing a prior opinion. 6.3Fiscal Council 6.3.1 Contribute to the relevant topics, recording in its minutes the additional information it deems necessary or usefulto the risk management and internal control processes. 6.4 Executive Board 6.4.1 Evaluate the adequacy of the risk management and internalcontrol processes through periodic reports, discussing and validating, in the collegiate body or by Vice-Presidency, the evaluations presentedby the risk owner areas, as well as defining the risk position, according to the appetite approved by the Board of Directors. 6.4.2 Periodicallymonitor the results of the control tests performed by the internal and external audits. 6.4.3 Ensure the implementation of risk managementand internal controls in the Company, allocating the necessary resources to the process and defining the appropriate infrastructure forthe activities. 6.4.4 Approve standards governing risk management processes and internal controls. 6.4.5 Approve the corporate Risk Portfolio.CLASSIFICATION: PUBLIC POLICY 11/13 PO-GN.01-002 Risk Management and Internal Controls Edition 9.0 Effective Date 04/30/2026 6.4.6 Definethe risk owner areas. 6.4.7 Evaluate deficiencies reported by internal and external audits, according to the degree of criticality. 6.4.8Approve the Risk Management and Internal Controls Policy, as well as propose the risk appetite and the schedule of risk reports and internalcontrols, including their reviews, forwarding them to the opinion of the CAE and, subsequently, to the approval of the Board of Directors.6.5 Risk Management and Internal Controls Areas 6.5.1 Act as a second line, coordinating and defining the standards to be followed withregard to the risk management and internal control processes, their support systems and the forms and frequency of reports. 6.5.2 Supportand ensure the identification, assessment, treatment and monitoring of risks and internal controls by the owner areas, as well as consolidateand report to the Executive Board and the Board of Directors the situation of the risks of the corporate Risk Portfolio and the resultsof the control tests. 6.5.3 Disseminate the culture of risks and internal controls in the Company. 6.5.4. Propose the Risk Managementand Internal Controls Policy, standards on risk management and internal control processes and the corporate Risk Portfolio for approvalby the Executive Board. 6.6 Risk Owner Areas 6.6.1 Act as the first line, managing the risks inherent to its activities, through identification,evaluation, treatment and monitoring. 6.6.2 Provide the risk management areas with all the necessary information, with robustness andreliability. 6.7 Internal Control Owner Areas 6.7.1 Act as the first line, ensuring the proper execution of internal controls and thedocumentation of the necessary evidence. 6.7.2 Inform the internal controls area, in a timely manner, of the need to update the controlsunder its responsibility. 6.7.3 Implement the action plans defined to remedy the deficiencies pointed out by internal and external audits.6.8 Internal Audit 6.8.1 Evaluate the effectiveness of the risk management and internal control processes, interacting with the responsibleareas regarding the verifications carried out. 6.8.2 Evaluate the adequacy of risk responses, recommending, when necessary, improvementsto the risk owner areas. 6.8.3 Perform management tests, verifying that internal controls are appropriate and capable of mitigating theassociated risks and that they are operating in accordance with the design. CLASSIFICATION: PUBLIC POLICY 12/13 PO-GN.01-002 Risk Managementand Internal Controls Edition 9.0 Effective Date 04/30/2026 6.8.4 Prepare and submit periodic reports of their evaluations to the Boardof Directors and the CAE. 7 GENERAL PROVISIONS 7.1 This policy is in line with the Company's other policies. 7.2 The legal and regulatoryprovisions related to the subject and the specific legal determinations and agreements currently in force must be observed. 7.3 This policycan be broken down into other specific normative documents, always aligned with the principles and guidelines established herein. 7.4The normative documents and provisions contrary to this policy are revoked, in particular the Risk Management and Internal Controls Policy,approved by RES-482/2025 OF 12/02/2025 and DEL-209/2025 of 12/11/2025. 8 AMENDMENT HISTORY Edition Name Doc. and date of approval 1.0Risk Management Policy of Eletrobras Companies RES-1279, of 12/08/2010 and DEL-059/2011, of 04/29/2011 2.0 Risk Management Policy of EletrobrasCompanies RES-509/2014, of 07/28/2014, and DEL-132/2014, of 10/30/2014 3.0 Risk Management Policy of Eletrobras Companies RES-521/2016,of 08/23/2016, and DEL-170/2016, of 09/23/2016 4.0 Risk Management Policy of Eletrobras Companies RES-639/2019, of 09/16/2019 and DEL-204/2019,of 09/26/2019 5.0 Risk Management Policy of Eletrobras Companies RES-381/2021, of 06/07/2021, and DEL-135/2021, of 06/18/2021 6.0 RiskManagement Policy of Eletrobras Companies RES-539/2022, of 11/14/2022, and DEL-167/2022, of 12/01/2022 7.0 Risk Management and InternalControls RES-308/2024, of 06/11/2024 and DEL-114/2024, of 06/20/2024 8.0 Risk Management and Internal Controls RES-482/2025, of 12/02/2025and DEL-209/2025, of 12/11/2025 Main changes Inclusion of item 6.0 Reporting Structure and Appendix I. 9 APPENDICES Appendix I –Risk Management Organizational Structure. CLASSIFICATION: PUBLIC POLICY 13/13 PO-GN.01-002 Risk Management and Internal Controls Edition9.0 Effective Date 04/30/2026 Appendix I – Risk Management Organizational Structure

SIGNATURE

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

Date: May 8, 2026

FORWARD-LOOKING STATEMENTS

This document may contain estimates and projections that are not statements of past events but reflect our management’s beliefs and expectations and may constitute forward-looking statements under Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities and Exchange Act of 1934, as amended. The words “believes”, “may”, “can”, “estimates”, “continues”, “anticipates”, “intends”, “expects”, and similar expressions are intended to identify estimates that necessarily involve known and unknown risks and uncertainties. Known risks and uncertainties include, but are not limited to: general economic, regulatory, political, and business conditions in Brazil and abroad; fluctuations in interest rates, inflation, and the value of the Brazilian Real; changes in consumer electricity usage patterns and volumes; competitive conditions; our level of indebtedness; the possibility of receiving payments related to our receivables; changes in rainfall and water levels in reservoirs used to operate our hydroelectric plants; our financing and capital investment plans; existing and future government regulations; and other risks described in our annual report and other documents filed with the CVM and SEC. Estimates and projections refer only to the date they were expressed, and we do not assume any obligation to update any of these estimates or projections due to new information or future events. Future results of the Company’s operations and initiatives may differ from current expectations, and investors should not rely solely on the information contained herein. This material contains calculations that may not reflect precise results due to rounding.