[6-K/A] Vale S.A. Amended Current Report (Foreign Issuer)

Rhea-AI Filing Summary

Vale S.A. filed a Form 6-K/A furnishing its updated Internal Audit Charter. The Charter defines Internal Audit as an independent, objective assurance and consulting function, positioned as the 3rd Line of Defense. The Chief Audit and Compliance Officer reports directly to the Board of Directors, with activities supervised by the Audit and Risks Committee (CARE), preserving scope and reporting independence.

The Charter establishes a Quality Assurance and Improvement Program with internal monitoring and external assessments at least once every five years, and requires annual confirmation of organizational independence. Scope includes risk, governance and internal control evaluations, SOX testing, advisory work without management responsibility, and support for investigations via the Whistleblower Channel. The Internal Audit Plan is risk-based and approved by the Board after CARE review, with periodic progress reports and tracking of management action plans.

United States

Securities and Exchange Commission

Washington, D.C. 20549

FORM 6-K/A

Report of Foreign Private Issuer

Pursuant to Rule 13a-16 or 15d-16

of the

Securities Exchange Act of 1934

For the month of

October 2025

Vale S.A.

Praia de Botafogo nº 186, 18º andar, Botafogo
22250-145 Rio de Janeiro, RJ, Brazil

(Address of principal executive office)

(Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F.)

(Check One) Form 20-F x Form 40-F ¨

   - 1 of 6 - Corporate Policy Subject: Internal Audit Charter. Cluster: Corporate. Identification: POL-0029-G / Version: 02. Uso: Público. Resolution: DDCA - 023/2023. Issued on: 2023/04/26. Responsible: Internal Audit. Revision by: 2028/04/26. 1. General Guidelines • Internal Audit is an independent and objective assessment (assurance) and consulting activity, established to add value and improve the operations of an organization. As the 3rd Line of Defense1, it assists the organization in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of the organization's governance, risk management and internal control. • This Charter establishes the principles and guidelines for the Internal Audit activity, as well as guides employees to support the activities performed by Internal Audit. 2. Applicability • This Policy applies to Vale S.A. and its controlled companies2, including all of their employees and administrators, always observing the Bylaws, the articles of incorporation and the applicable legislation. 3. References • POL-0001-G – Code of Conduct. • POL-0002-G – Authority Policy. • POL-0007-G – Information Security Policy. • POL-0009-G – Risk Management Policy. • POL-0016-G – Anticorruption Policy. • POL-0017-G – Related Parties Transactions Policy. • POL-0034-G – Personal Data Protection and Privacy Policy. • POL-0048-G – Conflict of Interest Management Policy 4. Governance and responsibilities for conducting Internal Audit activities • Organization, Professionalism, Authority, Independence and Objectivity The Chief Audit and Compliance Officer (Chief Audit Executive) reports functionally, administratively, and directly to the Board of Directors of Vale S.A. Internal Audit activities are supervised by the Audit and Risks Committee (CARE). The Chief Audit and Compliance Officer can delegate his duties established in this Charter to the Audit Director. However, the Chief Audit and Compliance Officer remains fully responsible for the delegated matter(s). It is the Chief Audit and Compliance Officer responsibility to confirm to the CARE, at least annually, the organizational independence of Internal Audit. In addition: – The Internal Audit area must remain free from interference in determining the scope of the Internal Audit, in the execution of its work and in the communication of results. The Chief Audit and Compliance Officer must report any interference, and potential consequences, to the CARE and discuss the implications. 1 The concept of Lines of Defense is outlined in the Risk Management Policy (POL-0009-G). 2 To learn about the classification of controlled companies, see POL-0043-G - Vale Group Business and Entity Management Policy. - 2 of 6 - Internal Audit Charter DDCA 023/2023 Rev.: 02 – 2023/04/26 POL-0029-G PUBLIC – To preserve the independence of assessments conducted by the Whistleblower Channel and Corporate Integrity areas, which report to the Chief Audit and Compliance Officer, these assessments will be carried out by external consultants, under the direct supervision of the CARE. The members of the Internal Audit area shall: – Abide by the mandatory guidance of the International Professional Practices Framework3 of The IIA4, including its definition, its Code of Ethics5, the Core Principles6 and the International Standards7 for the Professional Practice of Internal Audit. This guidance constitutes the mandatory elements required for the professional practice and assessment of the Internal Audit activities performance. – Have full, free and unrestricted access to any and all records, assets, employees8 and administrators9, as required to carry out their activities, with strict accountability for confidentiality and safeguarding of records and information made available. – Take part of Advisory Committees related to audit subjects and control environment, in Vale’s controlled entities, Foundations and sponsored private pension entities, as needed and according to applicable regulations. – Exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information related to the activity or process under analysis, with a balanced assessment of all relevant circumstances. – Remain independent and free from undue interference within the organization, including but not limited to matters related to definition of audit job, scope, procedures, frequency, period, as well as the Internal Audit Report content. – Disclose any impairment to the independence or objectivity, in fact or appearance, to the impacted parties and related governance bodies. – Declare, annually, that read, understood and agreed to abide by the mandatory guidance of the IIA. The Chief Audit and Compliance Officer shall maintain a Quality Assurance and Improvement Program (QAIP) to allow an assessment of the conformance by Internal Audit with the Standards and an assessment related to the adherence to The IIA Code of Ethics by the Internal Audit members. The Program shall also assess the efficiency and effectiveness of Internal Audit activities and identify opportunities for improvement. The Chief Audit and Compliance Officer shall communicate to the CARE, at least annually, about the QAIP, including the continuous monitoring and the results of the periodic internal assessments, as well as the external assessments performed at least once every five years, by a qualified and independent assessor, or assessment team, external to the organization. Internal Audit members shall not have direct operational responsibility or authority over any of the audited activities. Therefore, they shall not implement internal controls, develop procedures, install systems, prepare and approve records, engage as a member of Committees that approve or decide, in an executive manner, on operational activities, organizational structures or investments, as well as be involved in any activity that may impair their opinion, including 3 The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal Auditors. 4 The Institute of Internal Auditors (The IIA): Established in 1941 and based in the United States, it is an international professional association with a mission to promote dynamic leadership to the internal audit profession on a global level. Additional information is available on the website www.theiia.org 5 Document prepared by The IIA which aims to promote an ethical culture in the profession of internal audit. It contains the principles that are relevant to the profession and practice of internal auditing, as well as the rules of conduct that describe behavior norms expected of internal auditors. 6 The Core Principles, taken as a whole, articulate internal audit Effectiveness: Demonstrates integrity; Demonstrates competence and due professional care; Is objective and free from undue influence (independent); Aligns with the strategies, objectives, and risks of the organization; Is appropriately positioned and adequately resourced; Demonstrates quality and continuous improvement; Communicates effectively; Provides risk-based assurance; Is insightful, proactive, and future-focused; Promotes organizational improvement. 7 Set of professional standards, which aims to: (i) Guide adherence with the mandatory elements of the International Professional Practices Framework; (ii) Provide a framework for performing and promoting a broad range of value-added internal auditing services; (iii) Establish the basis for the evaluation of internal audit performance; and (iv) Foster improved organizational processes and operations. 8 Any employee, own or third party, temporary or not, apprentice, intern and/or trainee at Vale or its controlled entities. 9 Any member of the Board of Directors, the Fiscal Council, the Advisory Committees and the Executive Committee of Vale or its controlled entities, or someone occupying another statutory role or similar position in accordance with the applicable laws in the jurisdictions in which Vale or its controlled entities operate. - 3 of 6 - Internal Audit Charter DDCA 023/2023 Rev.: 02 – 2023/04/26 POL-0029-G PUBLIC assessing specific operations or activities in which they were responsible in the previous year. Additionally, they shall not be influenced by their own or others' interests when forming opinions. All employees and administrators of Vale and its controlled companies, direct and indirect, shall support Internal Audit in the performance of their duties. • The scope of activities of the Internal Audit Members. The Internal Audit shall assess the adequacy and effectiveness of the organization's governance, risk management, and internal controls, as well as the quality of activities assigned to achieve the organization’s strategic goals and objectives, as long as there is no impairment to independence or conflicts with the Internal Audit methodology, including: – Monitoring and assessment of the effectiveness of the company's key risks management process, as defined by the Board of Directors. – Assessment of the reliability and integrity of information and accounting records, as well as the means used to identify, measure, classify, and report such information. – Evaluation of the systems and controls established to ensure conformance with policies and other internal normative documents, laws and regulations that can have a significant impact on the organization. – Evaluation of the means for safeguarding assets and, as appropriate, verifying the existence of such assets. – Evaluation of the effectiveness and efficiency in which resources are employed. – Evaluation of operations and projects, to ascertain whether results are consistent with established objectives and goals, and whether they are carried out as planned. – Monitoring and assessment of governance, compliance, and internal controls processes, including the effectiveness of the activities of the 1st and 2nd Lines of Defense. Considering the independence matter indicated in the item “Organization, Professionalism, Authority, Independence and Objectivity” of this Charter, activities performed by Corporate Integrity and the Whistleblower Channel areas in executing the Ethics & Compliance Program of Vale shall be assessed by an external and independent audit, to be hired directly by the CARE and with frequency determined at its discretion. – Support the review of normative documents, aiming to improve the internal control environment. – Coordinating certification testing carried out under the Sarbanes-Oxley Act. – Perform consulting and advisory services, provided they are intended to add value and improve the governance, risk management, and control processes, and the internal auditor does not assume management responsibility inherent to the duties of the Process Owners and the 1st and 2nd Lines of Defense. – Evaluation of specific operations as requested by the Board of Directors, CARE, Fiscal Council or Management10, if appropriate. If the Chief Audit and Compliance Officer requests an exceptional assessment of the areas under his responsibility, this shall be approved by the CARE. – Support in investigating allegations received from the Whistleblower Channel and according to the methodology established among the respective areas. The Chief Audit and Compliance Officer must communicate to the CARE, at least annually, aspects of: – The purpose, authority, and responsibility of the Internal Audit area. – The conformance of the Internal Audit area with the The IIA Code of Ethics and Standards, as well as the action plans to address issues of nonconformance. In addition, whenever necessary, the Chief Audit and Compliance Officer must communicate to the CARE and, if necessary, to the Fiscal Council, aspects of: 10 Members of the Executive Committee and other managerial roles or equivalent in Vale and its wholly owned subsidiaries, as well as its direct and indirect controlled entities. - 4 of 6 - Internal Audit Charter DDCA 023/2023 Rev.: 02 – 2023/04/26 POL-0029-G PUBLIC – Control deficiencies and exposure to significant risks, including fraud risks, governance matters and other subjects that require attention or that have been requested by the CARE. – Any responses to risks by Management that, in the Chief Audit and Compliance Officer's opinion, may materially infringe the Risk Management guidelines adopted by Vale. • The Internal Audit Plan and its execution. The Chief Audit and Compliance Officer must prepare the Internal Audit Plan based on a prioritization of the audit universe using a risk-based methodology, including historical results of past audits, inputs from representatives of governance bodies and Management, amongst others. In addition, the Chief Audit and Compliance Officer shall: – Submit the Internal Audit Plan for review and approval by the Board of Directors, with due prior appraisal by the CARE, at least annually, encompassing the schedule of the audit exams and the goals of the area. – Evaluate the necessary headcount and budget resources for the execution of the Internal Audit Plan and submit it for review and approval by the Board of Directors, with due prior appraisal by the CARE. – Periodically report to the CARE on the progress and any significant deviations from the Internal Audit Plan, the results of engagements and other activities, as well as any impact due to limited resources. – Review and adjust the Internal Audit Plan, when necessary, in response to changes in the organization's businesses, risks, operations, programs, systems and controls. – Ensure that each engagement of the Internal Audit Plan is performed, including the establishment of objectives and scope, the allocation of financial and human resources, as well as tools, which must be appropriate and properly supervised, the documentation of work programs and test results, and the communication of engagements’ results to the appropriate parties with applicable conclusions and recommendations. – Ensure that emerging trends and matters that may impact the organization are considered and communicated to the CARE, as appropriate. – Establish and ensure adherence to the procedures developed to guide the Internal Audit area. – Ensure adherence to the organization's policies and procedures, prevailing the provisions of this Charter with regards to the content covered in such normative document. – Ensure that the Internal Audit has appropriate and sufficient knowledge, skills, and competences to achieve its objectives and fulfill the designated activities, whether sourced with internal or external resources. The Chief Audit and Compliance Officer may coordinate activities, as well as consider collaboration of other internal and external providers of assurance and consulting services, as necessary. It is also possible to invite employees to engage in specific audits, provided that the guidelines defined for the Guest Auditor Program11 are observed. • The Internal Audit Report and the Monitoring of Action Plans. The Internal Audit Report shall include comments and corrective measures adopted by Management or actions to be taken to address the audit observations and the respective recommendations. Management's response shall be registered in the Internal Audit Report, including an explanation for any corrective action that is not considered for implementation. The members of the Internal Audit area shall: – Prepare, at the end of each audit engagement, the Internal Audit Report and submit it for review, according to the internal workflow. 11 Program implemented by the Internal Audit in which employees act as invited auditors to perform audit engagements, aiming to increase the quality of the work, in addition to providing training to the participants and improving the understanding of the Audit function in the organization. - 5 of 6 - Internal Audit Charter DDCA 023/2023 Rev.: 02 – 2023/04/26 POL-0029-G PUBLIC – Monitor the action plans established to address the audit observations, in accordance with the specific procedure of Internal Audit. Action plans shall remain open in the system used by Internal Audit until they are satisfactorily concluded. The Chief Audit and Compliance Officer is responsible for: – Review and approve the disclosure of the Internal Audit Report before its final issuance, as well as decide to whom and how it is going to be distributed, considering the concerning areas, meaning those parties with responsibility to ensure the audit results receive proper consideration, and the required information confidentiality. – Report periodically to the CARE and the Fiscal Council on the status of action plans, replanning, outstanding items, and special situations. All employees and administrators, when applicable, shall: – Present the action plans and validate the content of the Internal Audit Report according to the responsibilities and established deadlines. – Implement the actions within the agreed deadlines, according to the responsibilities defined and formalized in the Internal Audit Report, justifying any corrective measure that is not considered for implementation and presenting mitigation control to address the risks, if applicable. 5. Disclosure and Dissemination This Charter will be archived and disclosed by the Controllership and Accounting Department, in Vale's official repositories in attendance to the internal and external public. The Audit and Compliance Department shall develop actions to disseminate this Charter. The General Secretary of Corporate Governance is responsible to ensure the filing of appropriate records related to the approval of this respective Charter. 6. Deadlines for Policy Revisions This Charter must be revised periodically, at least 1 (once) every 5 (five) years or as demanded. 7. Consequence Management Noncompliance with this Charter is subject to the terms of the Company’s Misconduct Management Policy, “POL-0041-G”. 8. Final Provisions Questions about the interpretation, scope or procedures related to this Charter should be addressed by Internal Audit which will direct questions to other areas or to the CARE, if necessary. 7. Approvals Areas: Description: Audit and Compliance Department. Preparation. Controllership and Accounting Department. [Review / Recommendation]. General Secretary of Corporate Governance. [Review / Recommendation]. - 6 of 6 - Internal Audit Charter DDCA 023/2023 Rev.: 02 – 2023/04/26 POL-0029-G PUBLIC Executive Vice-Presidency of Legal Affairs. [Review / Recommendation]. Audit and Risks Committee. [Review / Recommendation]. Board of Directors (DDCA – 023/2023). [Approval].

Signatures

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

	Vale S.A. (Registrant)
	By:	/s/ Thiago Lofiego
Date: October 29, 2025		Director of Investor Relations