Adobe Inc.: 10-K Risk Factor Changes

We believe our reputation and brands have been, and we expect them to continue to be, important to our business and financial results. Maintaining and enhancing our brands may require us to make substantial investments and these investments may not be successful. We have experienced, and may in the future experience, reputational harm from, among other things, the introduction of new products, features, services, or terms that do not meet customer expectations; our position on or approach to new and evolving technologies, including AI; backlash from customers, the creative community, government entities or other stakeholders that disagree with our product offering decisions or public policy, ethical or political positions; significant litigation or regulatory actions that negatively reflect on our business practices; data security breaches or compliance failures; and public scrutiny or negative publicity, including being the target of media and social media campaigns, criticizing our actual or perceived actions or inactions, policies, terms, agreements, handling of user privacy, data practices or content. Further, our brands may be negatively affected by uses of our products, services or solutions, particularly our AI offerings, in ways that are out of our control, such as to create or disseminate content that is deemed to be misleading, deceptive or intended to manipulate public opinion, or for illicit, objectionable or illegal ends, or by our failure to respond appropriately and in a timely manner to such uses. Such uses may result in controversy or claims related to defamation, rights of publicity, illegal content, intellectual property infringement, harmful content, misinformation and disinformation, harmful bias, misappropriation, data privacy, derivative uses of third-party AI and personal injury torts. If we fail to appropriately respond to objectionable content created using our products, services or solutions or shared on our platforms, our users may lose confidence in our brands. Entry into markets with weaker protection of brands or changes in the legal systems in countries in which we operate may also impact our ability to protect our brands. If we fail to maintain, enhance or protect our brands, or if we incur excessive expenses in our efforts to do so, our users’ trust in us and purchasing decisions and our business and financial results may be adversely affected. 24 24 24 24 24 24 Table of Contents Table of Contents Table of Contents

We believe our reputation and brands have been, and we expect them to continue to be, important to our business and financial results. Maintaining and enhancing our brands may require us to make substantial investments and these investments may not be successful. There are numerous ways that our reputation or brands could be damaged, including, among other things, introduction of new products, features or services that do not meet customer expectations, our position on or approach to new and evolving technologies, backlash from customers, government entities or other stakeholders that disagree with our product offering decisions or public policy positions, significant litigation or regulatory actions that negatively reflect on our business practices, our action or inaction or actual or perceived failure to meet our commitments on environmental, social and governance, ethical or political issues, public scrutiny regarding our handling of user privacy, data practices or content, data security breaches or compliance failures, or our approach to AI. Further, our brands may be negatively affected by uses of our products, services or solutions, particularly our AI offerings, in ways that are out of our control, such as to create or disseminate content that is deemed to be misleading, deceptive or intended to manipulate public opinion, or for illicit, objectionable or illegal ends, or by our failure to respond appropriately and in a timely manner to such uses. Such uses may result in controversy or claims related to defamation, rights of publicity, illegal content, intellectual property infringement, harmful content, misinformation and disinformation, harmful bias, misappropriation, data privacy, derivative uses of third-party AI and personal injury torts. If we fail to appropriately respond to objectionable content created using our products, services or solutions or shared on our platforms, our users may lose confidence in our brands. Entry into markets with weaker protection of brands or changes in the legal systems in countries in which we operate may also impact our ability to protect our brands. If we fail to maintain, enhance or protect our brands, or if we incur excessive expenses in our efforts to do so, our business and financial results may be adversely affected. 24 24 24 Table of Contents Table of Contents

We are subject to global data protection, privacy and security laws, regulations and codes of conduct that relate to our various business units and data processing activities, which may include sensitive, confidential, and personal information. These laws, regulations and codes are inconsistent across jurisdictions and are subject to evolving and differing (sometimes conflicting) interpretations. Government officials and regulators, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data, including the transferring of personal information across international borders. This scrutiny can result in new and shifting interpretations of existing laws, thereby further impacting our business. For example, European data transfers outside the European Economic Area are highly regulated and litigated. The mechanisms that we and many other companies rely upon for European data transfers (for example, Standard Contractual Clauses and the EU - US Data Privacy Framework) are the subject of legal challenge, regulatory interpretation and judicial decisions by the Court of Justice of the European Union. Several other countries, including but not limited to the United States, China, Australia, New Zealand, Brazil, Kingdom of Saudi Arabia, Hong Kong and Japan, have also established specific legal requirements for cross-border transfers of personal information and certain countries have also established specific legal requirements for data localization (such as where personal data must remain stored in the country). If other countries implement more restrictive regulations for cross-border data transfers or do not permit data to leave the country of origin, such developments could adversely impact our business and our enterprise customers’ business, our financial condition and our results of operations in those jurisdictions. Additionally, the General Data Protection Regulation in the European Economic Area and the United Kingdom continues to be interpreted by European and UK courts in novel ways leading to shifting requirements, country-specific differences in application and uncertain enforcement priorities. Laws in Asia, such as the Personal Information Protection Law in China and developing laws in India, as well as state laws in the United States on privacy, data and related technologies, such as the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act and the Virginia Consumer Data Protection Act, as well as industry self-regulatory codes and regulatory requirements, create additional privacy and security compliance obligations and expand the scope of potential liability, either jointly or severally with our customers and suppliers. Further, the U.S. Securities and Exchange Commission’s Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure requires us to make certain disclosures related 30 30 30 30 30 30 Table of Contents Table of Contents Table of Contents to material cybersecurity incidents and the reasonably likely impact of such an incident on Form 8-K. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward and any such mandatory disclosures could be costly and lead to negative publicity, loss of customer confidence in the effectiveness of our security measures, diversion of management’s attention and governmental investigations. While we have invested in readiness to comply with applicable requirements, the dynamic and evolving nature of these laws, regulations and codes, as well as their interpretation by regulators and courts, may affect our ability (and our enterprise customers’ ability) to reach current and prospective customers, to respond to both enterprise and individual customer requests under the laws (such as individual rights of access, correction and deletion of their personal information), to implement our business models effectively and to adequately address disclosure requirements. These laws, regulations and codes may also impact our innovation and business drivers in developing new and emerging technologies (for example, AI and machine learning) and may impact demand for our offerings and force us to bear the burden of more onerous obligations in our contracts. Perception of our practices, products, services or solutions, even if unfounded, as a violation of individual privacy, data protection rights or cybersecurity requirements, subjects us to public criticism, lawsuits, investigations, claims and other proceedings by regulators, industry groups or other third parties, all of which could disrupt or adversely impact our business and reputation and expose us to increased liability, fines and other punitive measures including prohibition on sales of our products, services or solutions, restrictive judicial orders and disgorgement of data. Additionally, we collect and store information on behalf of our business customers and if our customers fail to comply with contractual obligations or applicable laws, it could result in litigation or reputational harm to us.

We are subject to global data protection, privacy and security laws, regulations and codes of conduct that relate to our various business units and data processing activities, which may include sensitive, confidential, and personal information. These laws, regulations and codes are inconsistent across jurisdictions and are subject to evolving and differing (sometimes conflicting) interpretations. Government officials and regulators, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data. This scrutiny can result in new and shifting interpretations of existing laws, thereby further impacting our business. For example, the General Data Protection Regulation (“GDPR”) in the European Economic Area, and the United Kingdom continues to be interpreted by European and UK courts in novel ways leading to shifting requirements, country specific differences in application and uncertain enforcement priorities. More recently enacted laws, such as the Personal Information Protection Law in China, and new and emerging state laws in the United States on privacy, data and related technologies, such as the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act and the Virginia Consumer Data Protection Act, as well as industry self-regulatory codes and regulatory requirements, create new privacy and security compliance obligations and expand the scope of potential liability, either jointly or severally with our customers and suppliers. As a security example, pursuant to the U.S. Securities and Exchange Commission’s Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure we are required to make certain disclosures related to material cybersecurity incidents and the reasonably likely impact of such an incident on Form 8-K and will be required to make certain other cybersecurity disclosures on Form 10-K. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward and any such mandatory disclosures could be costly and lead to negative publicity, loss of customer confidence in the effectiveness of our security measures, diversion of management’s attention and governmental investigations. While we have invested in readiness to comply with applicable requirements, the dynamic and evolving nature of these laws, regulations and codes, as well as their interpretation by regulators and courts, may affect our ability (and our enterprise customers’ ability) to reach current and prospective customers, to respond to both enterprise and individual customer requests under the laws (such as individual rights of access, correction and deletion of their personal information), to implement our business models effectively and to adequately address disclosure requirements. These laws, regulations and codes may also impact our innovation and business drivers in developing new and emerging technologies (for example, AI and machine learning) and may impact demand for our offerings and force us to bear the burden of more onerous obligations in our contracts. Perception of our practices, products, services or solutions, even if unfounded, as a violation of individual privacy, data protection rights or cybersecurity requirements, subjects us to public criticism, lawsuits, investigations, claims and other proceedings by regulators, industry groups or other third parties, all of which could disrupt or adversely impact our business and reputation and expose us to increased liability, fines and other punitive measures including prohibition on sales of our products, services or solutions, restrictive judicial orders and disgorgement of data. Additionally, we collect and store information on behalf of our business customers and if our customers fail to comply with contractual obligations or applicable laws, it could result in litigation or reputational harm to us. Transferring personal information across international borders is complex and subject to legal and regulatory requirements as well as active litigation and enforcement in a number of jurisdictions around the world, each of which could have an adverse impact on our ability to process and transfer personal data as part of our business operations. For example, European data transfers outside the European Economic Area are highly regulated and litigated. The mechanisms that we and many other companies rely upon for European data transfers (for example, Standard Contractual Clauses and the EU - US Data Privacy Framework) are the subject of legal challenge, regulatory interpretation and judicial decisions by the Court of Justice of the European Union. The suitability of Standard Contractual Clauses for data transfer in some scenarios has recently been the subject of legal challenge, and while the United States and the European Union reached agreement on the EU - US Data Privacy Framework, there are legal challenges to that data transfer mechanism as well. We continue to closely monitor for developments related to valid transfer mechanisms available for transferring personal data outside the European Economic Area (including the EU - US Data Privacy Framework) and other countries that have similar trans-border data flow requirements and adjust our practices accordingly. The open judicial questions and regulatory interpretations related to the validity of transfers using Standard Contractual Clauses have resulted in some changes in the obligations required to provide our services in the European Union and could expose us to potential sanctions and fines for non-compliance. Several other countries, including China, Australia, New Zealand, Brazil, Hong Kong and Japan, have also established specific legal requirements for cross-border transfers of personal information and certain countries have also established specific legal requirements for data 29 29 29 Table of Contents Table of Contents localization (such as where personal data must remain stored in the country). If other countries implement more restrictive regulations for cross-border data transfers or do not permit data to leave the country of origin, such developments could adversely impact our business and our enterprise customers’ business, our financial condition and our results of operations in those jurisdictions.

Our business relies on our network infrastructure and enterprise Apps, internal technology systems and websites. A disruption, infiltration or failure of our systems, data centers or operations, or those of our third-party service providers due to a major earthquake, other natural disasters, including climate-related events (such as drought, water security, heat waves, cold waves, wildfires and poor air quality), power shutoff or loss, telecommunications failure, epidemic, pandemic, war, terrorist attack or other catastrophic event, could cause interruptions to our systems and business operations, damage to critical infrastructure, loss of intellectual property, data security breaches and data loss. Our corporate headquarters, significant research and development activity, certain of our data centers and other critical business operations are in the San Francisco Bay Area and the Salt Lake Valley Area, both of which are near major earthquake faults. Climate-related catastrophic events that may harm our business are also increasing in frequency and severity. A catastrophic event, particularly one that may disrupt our data centers or our critical activities, could prevent us from conducting normal business operations and providing our products, services and solutions, which could adversely affect our business. A catastrophic event could negatively impact a country or region in which we sell and, in turn, decrease demand for our products, services and solutions, which could negatively impact our business. Laws, regulations and policies relating to environmental, social, and governance are expanding globally. We may be subject to additional climate-related regulations and reporting requirements in the future, as well as changing market dynamics and stakeholder expectations regarding climate change and our environmental impacts. Compliance with such regulations, investments in our environmental, social and governance commitments, may involve significant costs and negatively impact our business, financial condition and results of operations. Additionally, we may experience reputational harm from our actual or perceived failure to meet our environmental, social and governance commitments. 33 33 33 33 33 33 Table of Contents Table of Contents Table of Contents The occurrence of an epidemic or a pandemic, such as the COVID-19 pandemic, has had, and may in the future, have an adverse effect on our operating results. The extent to which epidemics and pandemics impact our financial condition or results of operations will depend on many factors outside of our control and whether there is a material impact on the businesses or productivity of our customers, employees, suppliers and other partners. A global pandemic may also intensify the other risks described in this Part I, Item 1A of this report.

Our business relies on our network infrastructure and enterprise apps, internal technology systems and websites. A disruption, infiltration or failure of our systems, data centers or operations, or those of our third-party service providers due to a major earthquake, other natural disasters, including climate-related events (such as drought, water security, heat waves, cold waves, wildfires and poor air quality), power shutoff or loss, telecommunications failure, epidemic, pandemic, war, terrorist attack or other catastrophic event, could cause interruptions to our systems and business operations, damage to critical infrastructure, loss of intellectual property, data security breaches and data loss. Our corporate headquarters, significant research and development activity, certain of our data centers and other critical business operations are in the San Francisco Bay Area and the Salt Lake Valley Area, both of which are near major earthquake faults. A catastrophic event, particularly one that may 32 32 32 Table of Contents Table of Contents disrupt our data centers or our critical activities, could prevent us from conducting normal business operations and providing our products, services and solutions, which could adversely affect our business. A catastrophic event could negatively impact a country or region in which we sell and, in turn, decrease demand for our products, services and solutions, which could negatively impact our business. Climate-related catastrophic events that may harm our business are also increasing in frequency and severity. We may be subject to additional climate-related regulations and reporting requirements and changing market dynamics and stakeholder expectations regarding climate change and our environmental impacts, all of which may impact our business, financial condition and results of operations. The occurrence of an epidemic or a pandemic, such as the COVID-19 pandemic, has had and may continue to have an adverse effect on our operating results. The extent to which epidemics and pandemics impact our financial condition or results of operations will depend on many factors outside of our control and whether there is a material impact on the businesses or productivity of our customers, employees, suppliers and other partners. A global pandemic may also intensify the other risks described in this Part I, Item 1A of this report.

We operate in rapidly evolving industries and expect the pace of innovation to continue to accelerate. We must continually introduce new, and enhance existing, products, services and solutions to retain customers and attract new customers. Developing new products, services and solutions is complex, requires significant investment and operational costs and may not be profitable, and our investments in new technologies are speculative and may not yield the expected business or financial benefits. The commercial success of new or enhanced products, services and solutions depends on a number of factors, including timely and successful development; effective distribution and marketing; market acceptance; compatibility with existing and emerging standards, platforms, software delivery methods and technologies; accurately predicting and anticipating customer needs and expectations and the direction of technological change; identifying and innovating in the right technologies; and differentiation from other products, services and solutions. If we fail to anticipate or identify technological, creative or marketing trends or fail to devote appropriate resources to adapt to such trends, our business could be harmed. For example, generative artificial intelligence technologies enable users of all skill levels to create and provide new ways of marketing, creating content and interacting with documents, which could significantly disrupt industries in which we operate and our existing products, services and solutions and our business may be harmed if we fail to invest or adapt. While we have released new generative artificial intelligence products, such as Adobe Firefly, and are focused on enhancing the artificial intelligence (“AI”) capabilities of our products and incorporating AI across existing products, services and solutions, there can be no assurance that our new or enhanced products and AI innovations will be successful, adopted or monetizable or that we will innovate effectively to keep pace with the rapid evolution of AI across our offerings. If we do not successfully innovate, adapt to rapid technological or industry changes and meet customer needs, our business and our financial results may be harmed.

We operate in rapidly evolving markets and expect the pace of innovation to continue to accelerate. We must continually introduce new, and enhance existing, products, services and solutions to retain customers and attract new customers. Developing new products is complex and may not be profitable, and our investments in new technologies are speculative and may not yield the expected business or financial benefits. The commercial success of new or enhanced products, services and solutions depends on a number of factors, including timely and successful development; effective distribution and marketing; market acceptance; compatibility with existing and emerging standards, platforms, software delivery methods and technologies; accurately predicting and anticipating customer needs and expectations and the direction of technological change; identifying and innovating in the right technologies; and differentiation from other products, services and solutions. If we fail to anticipate or identify technological trends or fail to devote appropriate resources to adapt to such trends, our business could be harmed. For example, generative artificial intelligence technologies provide new ways of marketing, creating content and interacting with documents that could disrupt industries in which we operate, and our business may be harmed if we fail to invest or adapt. While we have released new generative artificial intelligence products, such as Adobe Firefly, and are focused on enhancing the artificial intelligence (“AI”) capabilities of such products and incorporating AI into existing products, services and solutions, there can be no assurance that our products will be successful or that we will innovate effectively to keep pace with the rapid evolution of AI across our Creative Cloud, Document Cloud and Experience Cloud. If we do not successfully innovate, adapt to rapid technological changes and meet customer needs, our business and our financial results may be harmed.

Investments and acquisitions involve numerous risks and uncertainties, the occurrence of which may have an adverse effect on our business. These risks and uncertainties include: •inability to achieve the financial and strategic goals of the investment or acquisition; •difficulty in effectively integrating the operations, technologies, products, services, solutions, culture or personnel of the acquired business; •disruption of our ongoing business and distraction of our management and other personnel; •challenges to completing or failure to complete an announced investment or acquisition related to the failure to obtain regulatory approval, or the need to satisfy certain conditions precedent to closing such transaction (such as divestitures, ownership or operational restrictions or other structural or behavioral remedies) that could limit the anticipated benefits of the transaction; •entry into markets in which we have minimal prior experience and where competitors in such markets have stronger market positions; •inability to retain personnel, key customers, distributors, vendors and other business partners of the acquired business; •delay in customer and distributor purchasing decisions due to uncertainty about the direction of our product and service offerings; •incurring higher than anticipated costs to effectively integrate an acquired business, to bring an acquired company into compliance with applicable laws and regulations, additional compensation issued or assumed in connection with an acquisition, to divest products, services or solutions acquired in unsuccessful investments or acquisitions, to amortize costs for acquired intangible assets or because of our inability to take advantage of anticipated tax benefits; •increased collection times, elevated delinquency or bad debt write-offs related to receivables of an acquired business we assume; •difficulty in maintaining controls, procedures and policies during the transition and integration and inability to conclude that our internal controls over financial reporting are effective; •potential identified or unknown security vulnerabilities in acquired products that expose us to additional security risks or delay our ability to integrate the product into our offerings; •exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, an acquisition; •incurrence of additional debt to finance an acquisition, which will increase our interest expense and leverage, and/or issuance of equity securities to finance acquisitions, which will dilute current shareholders’ percentage ownership and earnings per share; and •failure to identify significant problems, liabilities or other challenges during due diligence. Our ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by adverse economic and political events, including trade tensions, and increased global scrutiny and evolving regulatory expectations relating to acquisitions and strategic investments. We may not be able to complete acquisitions or other strategic transactions to realize the anticipated benefits of such acquisitions or transactions on favorable terms, or at all, including as a result of challenges in obtaining regulatory approvals, and may incur additional costs. For example, we have experienced difficulties in obtaining regulatory approvals, resulting in the termination of a previously announced acquisition and the incurrence of additional costs. Any of these factors may adversely affect our financial condition or results of operations. 25 25 25 25 25 25 Table of Contents Table of Contents Table of Contents

Investments and acquisitions involve numerous risks and uncertainties, the occurrence of which may have an adverse effect on our business. These risks and uncertainties include: •inability to achieve the financial and strategic goals of the investment or acquisition; •difficulty in effectively integrating the operations, technologies, products, services, solutions, culture or personnel of the acquired business; •disruption of our ongoing business and distraction of our management and other personnel; •challenges to completing or failure to complete an announced investment or acquisition related to the failure to obtain regulatory approval, or the need to satisfy certain conditions precedent to closing such transaction (such as divestitures, ownership or operational restrictions or other structural or behavioral remedies) that could limit the anticipated benefits of the transaction; •entry into markets in which we have minimal prior experience and where competitors in such markets have stronger market positions; •inability to retain personnel, key customers, distributors, vendors and other business partners of the acquired business; •delay in customer and distributor purchasing decisions due to uncertainty about the direction of our product and service offerings; •incurring higher than anticipated costs to effectively integrate an acquired business, to bring an acquired company into compliance with applicable laws and regulations, additional compensation issued or assumed in connection with an acquisition, to divest products, services or solutions acquired in unsuccessful investments or acquisitions, to amortize costs for acquired intangible assets or because of our inability to take advantage of anticipated tax benefits; •increased collection times, elevated delinquency or bad debt write-offs related to receivables of an acquired business we assume; •difficulty in maintaining controls, procedures and policies during the transition and integration and inability to conclude that our internal controls over financial reporting are effective; •potential identified or unknown security vulnerabilities in acquired products that expose us to additional security risks or delay our ability to integrate the product into our offerings; •exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, an acquisition; •incurrence of additional debt to finance an acquisition, which will increase our interest expense and leverage, and/or issuance of equity securities to finance acquisitions, which will dilute current shareholders’ percentage ownership and earnings per share; and •failure to identify significant problems, liabilities or other challenges during due diligence. 23 23 23 Table of Contents Table of Contents Our ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by adverse economic and political events, including trade tensions, and increased global scrutiny of acquisitions and strategic investments. A number of countries, including the United States and countries in Europe and the Asia-Pacific region, are considering or have adopted more stringent restrictions or guidelines for such transactions. Governments may continue to adopt or tighten restrictions of this nature, and such restrictions or government actions could negatively impact our business and financial results. Further, if we are not able to complete an announced acquisition or investment, or we do not achieve the financial and strategic goals of an acquisition or investment, we may not realize the anticipated benefits of such acquisition or investment or we may incur additional costs, which may negatively impact our business and financial results.

Social, ethical and operational issues relating to the use of AI, including generative AI, in our offerings may result in reputational harm, liability and additional costs. We are increasingly incorporating AI technologies, developed by us and by third parties, into many of our offerings. If our AI development, deployment, content labeling or governance is ineffective or inadequate, it may result in incidents that impair the public acceptance of AI solutions or cause harm to individuals, customers or society, or result in our offerings not working as intended or producing unexpected outcomes. Jurisdictions around the world are developing and passing new regulations that apply specifically to the use of AI. For example, the EU AI Act was adopted in 2024 and will be implemented in phases through 2030, and other jurisdictions are considering similarly focused legislation. These regulations and the evolving AI regulatory environment may, among other impacts, result in inconsistencies among AI regulations and frameworks across jurisdictions, increase our compliance, governance and research and development costs, increase our exposure to claims related to our AI models and increase liability related to the use of AI by our customers or users that are beyond our control. While we have taken a responsible approach to the development and use of AI, such as in our Adobe Firefly offerings, there can be no guarantee that future AI regulations will not adversely impact us or conflict with our approach to AI, including affecting our ability to make our AI offerings available without costly changes, delaying or halting development of AI offerings, requiring us to change our AI development practices, monetization strategies and/or indemnity protections and subjecting us to additional compliance requirements, regulatory action, competitive harm, reputational harm and/or legal liability. To the extent we rely on third-party AI models in our products, services and solutions, we will face risks inherent in how those models have been developed and deployed, including situations in which the third party may lack a proper license or consent for the training data used for their model. In addition, new competition regulations on AI development and deployment could impose new requirements on our markets that could impact our business and financial results. Uncertainty around new and evolving AI uses may require significant, additional investment to develop models and proprietary datasets, responsible-use frameworks and new approaches and processes to attribute or compensate content creators. We have experienced, and may in the future experience, challenges accessing AI models, datasets or hardware. Developing, testing and deploying AI systems may also increase the cost of our offerings, including due to the nature of the computing costs 23 23 23 23 23 23 Table of Contents Table of Contents Table of Contents involved in such systems. These costs could adversely impact our margins as we continue to make significant investments in AI development, add AI capabilities to our offerings and scale our AI offerings without assurance that our customers and users will adopt them. Further, as with any new offerings based on new technologies, consumer reception and monetization pathways are uncertain, our strategies may not be successful and our business and financial results could be adversely impacted. New AI offerings and technologies could modify workforce needs, result in negative publicity about AI and decrease demand for our existing products, services and solutions, all of which could adversely impact our business.

Social and ethical issues relating to the use of AI, including generative AI, in our offerings may result in reputational harm, liability and additional costs. We are increasingly incorporating AI technologies into many of our offerings. If our AI development, deployment, content labeling or governance is ineffective or inadequate, it may result in incidents that impair the public acceptance of AI solutions or cause harm to individuals, customers or society, or result in our offerings not working as intended or producing unexpected outcomes. Around the world, AI regulation is in the nascent stages of development. The evolving AI regulatory environment may increase our research and development costs, increase our liability related to the use of AI by our customers or users that are beyond our control and result in inconsistencies in evolving legal frameworks across jurisdictions. While we have taken a responsible approach to the development and use of AI in our offerings, there can be no guarantee that future AI regulations will not adversely impact us or conflict with our approach to AI, including affecting our ability to make our AI offerings available without costly changes, requiring us to change our AI development practices, monetization strategies and/or indemnity protections and subjecting us to additional compliance requirements, regulatory action, competitive harm or legal 22 22 22 Table of Contents Table of Contents liability. In addition, new competition regulation on AI development and deployment could impose new requirements on our markets that could impact our business and financial results. Uncertainty around new and evolving AI use, including generative AI, may require additional investment to develop responsible use frameworks, develop or license proprietary datasets and machine learning models and develop new approaches and processes to attribute or compensate content creators, which could be costly. Developing, testing and deploying AI systems may also increase the cost of our offerings, including due to the nature of the computing costs involved in such systems. These costs could adversely impact our margins as we continue to add AI capabilities to our offerings and scale our AI offerings without assurance that our customers and users will adopt them. Further, as with any new offerings based on new technologies, consumer reception and monetization pathways are uncertain, our strategies may not be successful and our business and financial results could be adversely impacted. New AI offerings and technologies could disrupt workforce needs, result in negative publicity about AI and have the potential to affect demand for our existing products, services and solutions, all of which could adversely impact our business.

We are, and may in the future become, subject to various legal proceedings (including class action lawsuits), claims, negotiations and regulatory inquiries and additional claims, enforcement actions and inquiries may arise in the future, such as those relating to antitrust, data privacy and security, consumer protection, product liability and the validity or alleged infringement of third-party intellectual property rights, including patent rights, among others. Such activity has increased over time with evolving regulatory landscapes and as our products, services and solutions have become more available to, and used by, more enterprises and consumers. For example, there is an increase in enforcement activity in connection with federal and state consumer protection laws, including some suits which seek civil penalties. Any proceedings, actions, claims or inquiries initiated by or against us, whether successful or not, may be highly time consuming; result in costly litigation, damage awards, consent decrees, injunctive relief or increased costs of business; require us to change our business practices or products; result in negative publicity; require significant amounts of management time; result in the diversion of significant operational resources; or otherwise harm our business and financial results. Disputes and litigation can be complex and are typically costly and can be disruptive to our business operations by diverting the attention of management and key personnel. For example, third-party intellectual property disputes, including those initiated by patent assertion entities, could subject us to significant liabilities, require us to enter into royalty and licensing arrangements on unfavorable terms, prevent us from offering certain products, services or solutions, subject us to injunctions restricting our sales, cause severe disruptions to our operations or the markets in which we compete, or require us to satisfy 29 29 29 29 29 29 Table of Contents Table of Contents Table of Contents indemnification commitments with our customers, including contractual provisions under various license arrangements and service agreements. In addition, we have incurred, and may in the future incur, significant costs in acquiring the necessary third-party intellectual property rights for use in our products, in some cases to fulfill contractual obligations with our customers. Any of these occurrences could significantly harm our business. We have not prevailed, and may not in the future prevail, in every lawsuit or dispute. For further information about specific litigation and proceedings, see the section titled “Legal Proceedings” contained in Part II, Item 8, Note 16 of our Notes to Consolidated Financial Statements of this report.

We are subject to various legal proceedings (including class action lawsuits), claims and regulatory inquiries that are not yet resolved and additional claims, enforcement actions and inquiries may arise in the future. Any proceedings, actions, claims or inquiries initiated by or against us, whether successful or not, may be time consuming; result in costly litigation, damage awards, consent decrees, injunctive relief or increased costs of business; require us to change our business practices or products; result in negative publicity; require significant amounts of management time; result in the diversion of significant operational resources, or otherwise harm our business and financial results. Additionally, we are currently, and may in the future be subject to claims, negotiations and complex, protracted litigation relating to disputes regarding the validity or alleged infringement of third-party intellectual property rights, including patent rights. Intellectual property disputes and litigation are typically costly and can be disruptive to our business operations by diverting the attention of management and key personnel. Third-party intellectual property disputes, including those initiated by patent assertion entities, could subject us to significant liabilities, require us to enter into royalty and licensing arrangements on unfavorable terms, prevent us from offering certain products, services or solutions, subject us to injunctions restricting our sales, cause severe disruptions to our operations or the markets in which we compete, or require us to satisfy indemnification commitments with our customers, including contractual provisions under various license arrangements and service agreements. In addition, we have incurred, and may in the future incur, significant costs in acquiring the necessary third-party intellectual property rights for use in our products, in some cases to fulfill contractual obligations with our customers. Any of these occurrences could significantly harm our business. We have not prevailed, and may not in the future prevail, in every lawsuit or dispute. For further information about specific litigation and proceedings, see the section titled “Legal Proceedings” contained in Part II, Item 8, Note 16 of our Notes to Consolidated Financial Statements of this report.