--- ticker: AKAM company: AKAM filing_type: 10-K year_current: 2026 year_prior: 2025 risks_added: 0 risks_removed: 0 risks_modified: 11 risks_unchanged: 21 source: SEC EDGAR url: https://riskdiff.com/akam/2026-vs-2025/ markdown_url: https://riskdiff.com/akam/2026-vs-2025/index.md generated: 2026-06-01 --- # AKAM: 10-K Risk Factor Changes 2026 vs 2025 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-06-01 > All data extracted directly from official filings. No hallucinated content. ## Summary | Status | Count | |--------|-------| | New risks added | 0 | | Risks removed | 0 | | Risks modified | 11 | | Unchanged | 21 | --- ## Modified: Our business strategy depends on the ability to source adequate transmission capacity, co-location facilities and the equipment we need to operate our network; failure to have access to those resources could lead to loss of revenue and service disruptions. **Key changes:** - Reworded sentence: "To operate and grow our globally distributed network serving our portfolio of services, we are dependent in part upon transmission capacity provided by third-party telecommunications network providers and co-location facilities to house our servers and equipment to support our operations." - Reworded sentence: "Inability to access facilities where we would like to install servers, secure sufficient power capacity or perform maintenance on existing servers for any reason impedes our ability to expand or maintain capacity." - Added sentence: "In addition, these third-party providers can experience operational inefficiencies relating to power, climate controls, water, logistics, and other unforeseen events which could result in increased costs, service disruptions and diminished customer experiences." - Added sentence: "We cannot guarantee that these providers have adequate measures in place to avoid service events that could impact our ability to operate portions of our network." - Reworded sentence: "Increasing demand and manufacturing limitations for certain necessary equipment or components may significantly impact pricing and availability." **Prior (2025):** To operate and grow our globally distributed network serving our portfolio of services, we are dependent in part upon transmission capacity provided by third-party telecommunications network providers, the availability of co-location facilities to house our servers and equipment to support our operations. We may be unable to purchase the bandwidth and space we need from these providers due to limitations on their resources, increasing energy costs or other reasons outside of our control. In particular, our efforts to increase the size and scale of our network infrastructure have required and may continue to require procuring significant additional space in co-location facilities. Inability to access facilities where we would like to install servers, or perform maintenance on existing servers for any reason impedes our ability to expand or maintain capacity. As a result, there can be no assurance that we are adequately prepared for unexpected increases in capacity demands by our customers. Failure to put in place the capacity we require to operate our business effectively could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers. Akamai's platforms, products and services rely on hardware equipment, including hundreds of thousands of servers deployed around the world. Disruptions in our supply chain have occurred in the past and could prevent us from purchasing needed equipment at attractive prices or at all. For example, we are experiencing continued volatility in certain server component costs that support the continued build out of our compute platform. In addition, from time to time, it has been, and may continue to be, more difficult to purchase equipment that is manufactured in areas that face disruptions to operations due to unrest, trade sanctions or other political activity, public health issues, safety issues, natural disasters or general economic conditions. For example, tariffs imposed by the United States on other countries and any resulting counter-tariffs will likely lead to increasing costs and supply chain disruptions. Failure to have adequate equipment, including server and other networking equipment, could harm the quality of our services, which could lead to the loss of customers and revenue. **Current (2026):** To operate and grow our globally distributed network serving our portfolio of services, we are dependent in part upon transmission capacity provided by third-party telecommunications network providers and co-location facilities to house our servers and equipment to support our operations. We may be unable to purchase the bandwidth and space we need from these providers due to limitations on their resources, increasing energy costs or other reasons outside of our control, including market dynamics driven by hyperscalers, significant cost increases in servers and memory, and shortages of data center space and power. In particular, our efforts to increase the size and scale of our network infrastructure have required and may continue to require procuring significant additional space in co-location facilities. Inability to access facilities where we would like to install servers, secure sufficient power capacity or perform maintenance on existing servers for any reason impedes our ability to expand or maintain capacity. As a result, there can be no assurance that we are adequately prepared for unexpected increases in capacity demands by our customers. Failure to put in place the capacity we require to operate our business effectively could result in a reduction in, or disruption of, service to our customers and ultimately a loss of those customers. In addition, these third-party providers can experience operational inefficiencies relating to power, climate controls, water, logistics, and other unforeseen events which could result in increased costs, service disruptions and diminished customer experiences. We cannot guarantee that these providers have adequate measures in place to avoid service events that could impact our ability to operate portions of our network. Akamai's platforms, products and services rely on hardware equipment, including hundreds of thousands of servers deployed around the world. Increasing demand and manufacturing limitations for certain necessary equipment or components may significantly impact pricing and availability. In addition, disruptions in our supply chain have occurred in the past and could occur in the future that prevent us from purchasing needed equipment at attractive prices or at all. For example, we are experiencing continued volatility in certain server component costs, including as a result of recently imposed tariffs, that 16 16 16 Table of Contents Table of Contents support the continued build out of our AI, infrastructure and platform services. In addition, from time to time, it has been, and may continue to be, more difficult to purchase equipment that is manufactured in areas that face disruptions to operations due to war, unrest, trade sanctions or other political activity, public health issues, safety issues, natural disasters or general economic conditions. For example, tariffs imposed by the United States on other countries and any resulting counter-tariffs have in the past and will in the future likely lead to increasing costs and supply chain disruptions. Failure to have adequate equipment, including server and other networking equipment, could harm the quality of our services, which could lead to the loss of customers and revenue. --- ## Modified: If we fail to maintain an effective system of internal controls, we may not be able to accurately report our financial results or prevent fraud. As a result, our stockholders could lose confidence in our financial reporting, which could harm our business and the trading price of our common stock. **Key changes:** - Reworded sentence: "Section 404 of the Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting." **Prior (2025):** The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. As previously disclosed in our Form 10-K for the year ended December 31, 2022, we identified a material weakness in the Company's internal control over financial reporting as of December 31, 2022 related to income taxes. Although this material weakness has been remediated, there can be no assurance that we will not identify additional material weaknesses in internal controls in the future or that the measures we may take to remediate any such future control deficiencies will be effective. We need to continue to enhance and maintain our processes and systems and adapt them to changes as our business evolves and we rearrange management responsibilities and reorganize our business. This continuous process of maintaining and adapting our internal controls and complying with Section 404 is expensive and time-consuming and requires significant management attention. Furthermore, as our business changes, including by expanding our operations in different markets, increasing reliance on channel partners and completing acquisitions, our internal controls may become more complex and we may be required to expend significantly more resources to ensure our internal controls remain effective. Failure to implement required new or improved controls, or difficulties encountered in their implementation, could harm our operating results or cause us to fail to meet our reporting obligations. If we or our independent registered public accounting firm identify additional material weaknesses, the disclosure of that fact, even if quickly remediated, could reduce the market's confidence in our financial statements and harm our stock price. 23 23 23 Table of Contents Table of Contents We cannot be certain that our internal control measures will provide adequate control over our financial processes and reporting and ensure compliance with Section 404. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our operating results, may result in a restatement of our financial statements for prior periods, cause us to fail to meet our reporting obligations, and could adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in the periodic reports we will file with the Securities and Exchange Commission. **Current (2026):** Section 404 of the Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. We must continue to enhance and maintain our processes and systems and adapt them as our business evolves, including as we expand into new markets, increase reliance on channel partners, complete acquisitions and we rearrange management responsibilities. This continuous process of maintaining and adapting our internal controls and complying with Section 404 is expensive, time-consuming and requires significant management attention, and as our business changes our internal controls may become more complex and require additional resources to remain effective. In the past, we identified, and subsequently remediated, a material weakness in our internal control over financial reporting; however, we cannot be certain that our internal control measures will provide adequate control over our financial processes and reporting or ensure compliance with Section 404, and we may identify additional material weaknesses in internal controls in the future. Failure to develop or maintain effective controls, or difficulties encountered in their implementation or improvement, or the identification of additional material weaknesses - by us or by our independent registered public accounting firm - could harm our operating results, result in a restatement of prior-period financial statements, cause us to fail to meet our reporting obligations, and adversely affect the results of periodic management evaluations and annual independent registered public accounting firm attestation reports regarding the effectiveness of our internal control over financial reporting that we are required to include in the periodic reports we will file with the Securities and Exchange Commission. Furthermore, if we or our independent registered public accounting firm identify any material weaknesses, the disclosure of that fact, even if quickly remediated, could reduce the market's confidence in our financial statements and harm our stock price. --- ## Modified: Our restructuring and reorganization activities may be disruptive to our operations and harm our business. **Key changes:** - Reworded sentence: "During the first quarter of 2023, the third quarter of 2024 and the fourth quarter of 2025, management committed to actions to restructure certain parts of the company, including reducing headcount, to enable it to prioritize investments in the fastest growing areas of the business and redeploy resources to support the company's strategic investments." - Added sentence: "In addition, in 2025 management has introduced changes to the sales organization and sales compensation structure to work to optimize sales performance and to better align sales incentives to the fastest growing areas of the business." - Reworded sentence: "Taking these actions may also result in significant expense, including with respect to workforce reductions, decreased productivity due to 18 18 18 Table of Contents Table of Contents employee distraction and unanticipated employee turnover, which could adversely affect our operating results." **Prior (2025):** Over the past several years, we have implemented internal restructurings and reorganizations designed to reduce the size and cost of our operations, improve operational efficiencies and reprioritize investments, enhance our ability to pursue market opportunities and accelerate our technology development initiatives. During the first quarter of 2023 and the third quarter of 2024, management committed to actions to restructure certain parts of the Company, including reducing headcount, to enable it to prioritize investments in the fastest growing areas of the business and redeploy resources to support the Company's strategic investments. We may take similar steps in the future as we seek to realize operating synergies, optimize our operations to achieve our target operating model and profitability objectives, respond to market forces or better reflect changes in the strategic direction of our business. Disruptions in operations may occur as a result of taking these actions. Taking these actions may also result in significant expense, including with respect to workforce reductions, decreased productivity due to employee distraction and unanticipated employee turnover. Substantial expense or business disruptions resulting from restructuring and reorganization activities could adversely affect our operating results. **Current (2026):** Over the past several years, we have implemented internal restructurings and reorganizations designed to reduce the size and cost of our operations, improve operational efficiencies and reprioritize investments, enhance our ability to pursue market opportunities and accelerate our technology development initiatives. During the first quarter of 2023, the third quarter of 2024 and the fourth quarter of 2025, management committed to actions to restructure certain parts of the company, including reducing headcount, to enable it to prioritize investments in the fastest growing areas of the business and redeploy resources to support the company's strategic investments. We may take similar steps in the future as we seek to realize operating synergies, optimize our operations to achieve our target operating model and profitability objectives, respond to market forces or better reflect changes in the strategic direction of our business. In addition, in 2025 management has introduced changes to the sales organization and sales compensation structure to work to optimize sales performance and to better align sales incentives to the fastest growing areas of the business. Disruptions in operations may occur as a result of taking these actions. Taking these actions may also result in significant expense, including with respect to workforce reductions, decreased productivity due to 18 18 18 Table of Contents Table of Contents employee distraction and unanticipated employee turnover, which could adversely affect our operating results. --- ## Modified: Cybersecurity breaches and attacks on us, our contractors or our third-party vendors, as well as steps we need to take in an effort to prevent them, can lead to significant costs and disruptions that would harm our business, financial results and reputation. **Key changes:** - Added sentence: "We and the third-parties upon which we rely face a variety of evolving threats, which could cause cybersecurity incidents and/or data breaches, such as cyber-attacks, malicious internet-based activity, online and offline fraud and other similar activities." - Added sentence: "Such threats are prevalent and continue to rise, are increasingly difficult to detect and come from a variety of sources and may be enhanced or facilitated by AI." - Reworded sentence: "These attempts take a variety of forms, including DDoS attacks, infrastructure attacks, botnets, malicious file uploads, computer malware, application abuse, credential abuse, social engineering (including phishing attacks), ransomware, bugs, viruses, worms malicious software programs, business email compromises, misuse of employee credentials and wrongful conduct by insider employees or vendors, all of which may be enhanced or facilitated by AI." - Reworded sentence: "Furthermore, nation state and hacktivist attacks against us or our customers have in the past and may in the future intensify during periods of heightened geopolitical tensions or armed conflict, such as the ongoing war in Ukraine, the Israel-Hamas war and the escalation of military conflict between Israel and Iran, as well as broader military confrontations involving the United States." - Reworded sentence: "The rapidly changing technological and geopolitical landscape may also create new, unexpected, or unknown risks for which we may not immediately be prepared, requiring increased risk mitigation expenditures." **Prior (2025):** We regularly face attempts to gain unauthorized access or deliver malicious software to Akamai's platforms, products and services and our internal IT systems, with the goal of stealing proprietary information related to our business, products, employees and customers; disrupting our systems and services or those of our customers or others; or demanding ransom to return control of such systems and services. These attempts take a variety of forms, including Distributed Denial of Service ("DDoS") attacks, infrastructure attacks, botnets, malicious file uploads, application abuse, credential abuse, social engineering, ransomware, bugs, viruses, worms and malicious software programs. Additionally, the use of artificial intelligence by bad actors has heightened the sophistication and effectiveness of these types of attacks, and may be used to create attacks that current processes and technologies are unable to adequately address. There have in the past and could in the future be attempts to infiltrate our systems through our supply chain and contractors. Malicious actors are known to attempt to fraudulently induce employees and suppliers to disclose sensitive information through illegal electronic spamming, phishing or other tactics. Other parties may attempt to gain unauthorized physical access to our facilities in order to infiltrate our internal-use information systems. Furthermore, nation state and hacktivist attacks against us or our customers have in the past and may in the future intensify during periods of heightened geopolitical tensions or armed conflict, such as the ongoing war in Ukraine and the Israel-Hamas War. We may not be able to anticipate the techniques used in such attacks, as they change frequently and may not be recognized until launched. The rapidly changing geopolitical landscape may also create new, unexpected, or unknown risks for which we may not immediately be prepared, requiring increased risk mitigation expenditures. While we have, from time to time, experienced threats to and breaches of our and our third-party vendors' data and systems, to date, to our knowledge, cyber threats and other attacks have not resulted in any material adverse effect to our business or operations, but such threats are constantly evolving, increasing the difficulty of detecting and successfully defending against them. The complexities in managing the security profile of a distributed network with vast scale and geographic reach that evolves to incorporate new capabilities expose us to both known and unknown vulnerabilities. We have discovered vulnerabilities in software and hardware used in our technology, such as the AMD "Inception" vulnerability identified in mid-2023 that potentially impacted a large portion of the internet ecosystem, and may have other undiscovered vulnerabilities. Vulnerabilities, resident in software, hardware or configurations, have in the past and may in the future require significant operational efforts to mitigate and may persist for extended periods of time and the effects of any such vulnerability could be exacerbated. Similar security risks exist with respect to acquired companies, our business partners and the third-party vendors that we rely on for aspects of our information technology support services and administrative functions. As a result, we are subject to risks that the activities of our business partners and third-party vendors may adversely affect our business even if an attack or breach does not directly target our systems. 13 13 13 Table of Contents Table of Contents To protect our corporate and deployed networks, we aim to continuously engineer more secure solutions, enhance security and reliability features, improve the deployment of software updates to address security vulnerabilities, develop mitigation technologies that help to secure customers from attacks and maintain the digital security infrastructure that protects the integrity of our network and services. For example, our ongoing efforts to continually enhance the security and reliability of our globally distributed infrastructure, customer applications and corporate systems comprise various initiatives and mitigation efforts, including but not limited to upgrading access and configuration controls; improving security instrumentation, monitoring, detection and prevention tools; enhancing software inventory and tracking and patching systems; upgrading encryption processes and protections; enhancing authorization methods in applications; enhancing data loss prevention and endpoint security management capabilities; upgrading vulnerability identification, assessment and remediation processes and technologies; and enhancing the security of passwords and other credentials, as applicable and appropriate. Our efforts to engineer more secure solutions are frequently costly, with a negative impact on near-term profitability, and may be unsuccessful in preventing security incidents that may have an adverse effect on our business and reputation. For example, with the acquisition of Linode, we continue to adapt procedures for mitigating risks that have in the past or may in the future materialize, including any harms that may arise from abuse of our compute products. If we fail to mitigate these harms or if there is a significant cybersecurity event using our compute products or our compute products are perceived to be less reliable than our competitors, it could result in loss of customers and reputational damage. Any actual, alleged or perceived breach of network security in our systems or networks, or any other actual, alleged or perceived compromise or data security incident we, our customers or our third-party suppliers suffer, has in the past and could in the future result in damage to our reputation; negative publicity; loss of channel partners, customers and sales; loss of revenue; loss of competitive advantages; increased costs to remedy any problems and otherwise respond to any incident; regulatory investigations and enforcement actions and fines; costly litigation; and other liabilities. **Current (2026):** We and the third-parties upon which we rely face a variety of evolving threats, which could cause cybersecurity incidents and/or data breaches, such as cyber-attacks, malicious internet-based activity, online and offline fraud and other similar activities. Such threats are prevalent and continue to rise, are increasingly difficult to detect and come from a variety of sources and may be enhanced or facilitated by AI. We regularly face attempts to gain unauthorized access or deliver malicious software to Akamai's platforms, products and services and our internal IT systems, with the goal of stealing proprietary information related to our business, products, employees and customers; disrupting our systems and services or those of our customers or others; or demanding ransom to return control of such systems and services. These attempts take a variety of forms, including DDoS attacks, infrastructure attacks, botnets, malicious file uploads, computer malware, application abuse, credential abuse, social engineering (including phishing attacks), ransomware, bugs, viruses, worms malicious software programs, business email compromises, misuse of employee credentials and wrongful conduct by insider employees or vendors, all of which may be enhanced or facilitated by AI. Further, attempts to disrupt or gain unauthorized access to our and our third-party vendors' information systems from malicious third parties or insider threats may incorporate widely varying and frequently changing tactics, which may be enhanced or facilitated by AI. Malicious actors are known to attempt to fraudulently induce employees and suppliers to disclose sensitive information through illegal electronic spamming, phishing or other tactics. Other parties may attempt to gain unauthorized physical access to our facilities in order to infiltrate our internal-use information systems. Furthermore, nation state and hacktivist attacks against us or our customers have in the past and may in the future intensify during periods of heightened geopolitical tensions or armed conflict, such as the ongoing war in Ukraine, the Israel-Hamas war and the escalation of military conflict between Israel and Iran, as well as broader military confrontations involving the United States. We may not be able to anticipate the techniques used in such attacks, as they change frequently and may not be recognized until launched. The rapidly changing technological and geopolitical landscape may also create new, unexpected, or unknown risks for which we may not immediately be prepared, requiring increased risk mitigation expenditures. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that such terms are sufficient to protect us from liabilities, damages, or claims related to our privacy and data security obligations. Further, 14 14 14 Table of Contents Table of Contents although we maintain cyber liability insurance, this insurance may not provide adequate coverage against potential liabilities related to any experienced cybersecurity incident or breach. Like other companies in our industry, we, and our third-party providers, have experienced and will continue to experience threats and cybersecurity incidents relating to our information technology systems and infrastructure. For example, we have discovered vulnerabilities in software and hardware used in our technology, such as the AMD "Inception" vulnerability identified in mid-2023 that potentially impacted a large portion of the internet ecosystem, and may have other undiscovered vulnerabilities. Vulnerabilities, resident in software, hardware or configurations, have in the past and may in the future require significant operational efforts to mitigate and may persist for extended periods of time and the effects of any such vulnerability could be exacerbated. Similar security risks exist with respect to acquired companies, our business partners and the third-party vendors that we rely on for aspects of our information technology support services and administrative functions. As a result, we are subject to risks that the activities of our business partners and third-party vendors may adversely affect our business even if an attack or breach does not directly target our systems. To protect our corporate and deployed networks, we aim to continuously engineer more secure solutions, enhance security and reliability features, improve the deployment of software updates to address security vulnerabilities, develop mitigation technologies that help to secure customers from attacks and maintain the digital security infrastructure that protects the integrity of our network and services. For example, our efforts to continually enhance the security and reliability of our globally distributed infrastructure, customer applications and corporate systems comprise various initiatives and mitigation efforts, including upgrading access and configuration controls; improving security instrumentation, monitoring, detection and prevention tools; enhancing software inventory and tracking and patching systems; upgrading encryption processes and protections; enhancing authorization methods in applications; enhancing data loss prevention and endpoint security management capabilities; upgrading vulnerability identification, assessment and remediation processes and technologies; and enhancing the security of passwords and other credentials, as applicable and appropriate. Our efforts to engineer more secure solutions are frequently costly, with a negative impact on near-term profitability, and may be unsuccessful in preventing security incidents that may have an adverse effect on our business and reputation. For example, with the acquisition of Linode Limited Liability Company ("Linode"), we continue to adapt procedures for mitigating risks that have in the past or may in the future materialize, including any harms that may arise from abuse of our cloud computing products. If we fail to mitigate these harms or if there is a significant cybersecurity event using our cloud computing products or our cloud computing products are perceived to be less reliable than our competitors, it could result in loss of customers and reputational damage. Any actual, alleged or perceived breach of network security in our systems or networks, or any other actual, alleged or perceived outage, compromise or data security incident we, our customers or our third-party suppliers suffer, has in the past and could in the future result in legal reporting obligations; damage to our reputation; negative publicity; loss of channel partners, customers and sales; loss of revenue; loss of competitive advantages; increased costs to remedy any problems and otherwise respond to any incident; regulatory investigations and enforcement actions and fines; costly litigation; and other liabilities. --- ## Modified: Failure to control expenses could reduce our profitability, which would negatively impact our stock price. **Key changes:** - Reworded sentence: "We base our decisions about expense levels and investments on estimates of our future revenue and future anticipated rates of growth and may incur varying levels of expense based on strategic initiatives, including acquisitions and the build out of our network to support our cloud computing solutions." - Reworded sentence: "Further, we are subject to cost increases that we may not be able to successfully mitigate or pass on to our customers and we could lose customers who are unwilling to accept price increases, which could reduce our revenue." **Prior (2025):** Maintaining or improving our profitability depends both on our ability to increase our revenue and limit our expenses. We base our decisions about expense levels and investments on estimates of our future revenue and future anticipated rates of growth and may incur varying levels of expense based on strategic initiatives, including acquisitions and the build out of our network to support our compute solutions. In addition, many of our expenses are fixed costs for a certain amount of time which may impact our ability to reduce costs in a timely manner or without incurring additional costs. If we are unable to increase revenue and limit expenses, our results of operations will suffer. We have in the past and may in the future take certain steps to reduce expenses, however, there are no assurances that we will be able to effectively reduce our expenses and such actions may negatively affect our ability to invest in our business for innovation, systems improvements and other initiatives. **Current (2026):** Maintaining or improving our profitability depends both on our ability to increase our revenue and limit our expenses. We base our decisions about expense levels and investments on estimates of our future revenue and future anticipated rates of growth and may incur varying levels of expense based on strategic initiatives, including acquisitions and the build out of our network to support our cloud computing solutions. In addition, many of our expenses are fixed costs for a certain amount of time which may impact our ability to reduce costs in a timely manner or without incurring additional costs. Further, we are subject to cost increases that we may not be able to successfully mitigate or pass on to our customers and we could lose customers who are unwilling to accept price increases, which could reduce our revenue. In particular, the capital requirements of the cloud computing industry can at times be significant. If we are unable to increase revenue, limit expenses, or manage increasing costs our results of operations will suffer. We have in the past and may in the future take certain steps to reduce expenses or to raise our prices to offset cost increases, however, there are no assurances that we will be able to effectively reduce or offset our expenses and such actions may negatively affect our ability to invest in our business for innovation, systems improvements and other initiatives. --- ## Modified: We face risks associated with global operations that could harm our business. **Key changes:** - Reworded sentence: "These risks 15 15 15 Table of Contents Table of Contents include: foreign exchange rate risks; uncertainty regarding liability for content or services, including uncertainty as a result of local laws and lack of legal precedent; loss of revenues if the U.S." - Reworded sentence: "Although we have policies, controls and procedures designed to help ensure compliance with applicable laws, there can be no assurance that our employees, contractors, suppliers, customers, channel partners, intermediaries, agents or acquired businesses will not violate such laws or our policies, or that our controls will timely prevent, detect or remediate misconduct." **Prior (2025):** A significant portion of our hiring, new customers and revenue growth in recent years has been attributable to our business outside the U.S. Our operations in international countries subject us to risks that may increase our costs, impact our financial results, disrupt our operations or make our operations less efficient and require significant management attention. These risks include: foreign exchange rate risks; uncertainty regarding liability for content or services, including uncertainty as a result of local laws and lack of legal precedent; loss of revenues if the U.S. or international governments impose limitations on doing business with significant current or potential customers; difficulty in staffing, training, developing and managing international operations as a result of distance, language, cultural differences, differences in employee/employer relationships or regulations; theft of intellectual property in high-risk countries where we operate; difficulties in enforcing contracts, collecting accounts and longer payment cycles in certain countries; difficulties in transferring funds from, or converting currencies in, certain countries; managing the costs and processes necessary to comply with export control, sanctions, such as the sanctions imposed in connection with the Russian invasion of Ukraine, anti-bribery, data protection, cybersecurity and competition laws and regulations or other regulatory or contractual limitations on our ability to sell or develop our products and services in certain international markets; macroeconomic developments and changes in the labor markets in which we operate; geopolitical developments, including any that impact our or our customers' ability to operate in or deliver content to a country; other circumstances outside of our control such as trade disputes, including the imposition of tariffs by the United States on imports from certain countries and any resulting counter-tariffs or macroeconomic impacts, political unrest, warfare, military or armed conflict, such as the Russian invasion of Ukraine and the Israel-Hamas War, terrorist attacks, public health emergencies, energy crises and natural disasters that could disrupt our ability to provide services or limit customer purchases of them. 14 14 14 Table of Contents Table of Contents For example, approximately six percent of our global employees are located in Israel and have been and may continue to be impacted by the Israel-Hamas War. A number of our employees have been, and more may be, required to report for military duty which could impact our ability to operate and successfully complete ongoing initiatives particularly with respect to our security offerings and our efforts to move our internal applications from third-party clouds to our compute platform. Furthermore, a widening of the conflict in the Middle East or further escalation could lead to broader geopolitical destabilization and macro-economic impacts. In addition, we are subject to laws and regulations worldwide that differ among jurisdictions, affecting our operations in areas such as intellectual property ownership and infringement; tax; anti-bribery; internet and technology regulations; so-called "fair share" or internet content taxes; foreign exchange controls and cash repatriation; data privacy; cyber security; competition; consumer protection; corporate sustainability; and employment. Compliance with such requirements can be onerous and expensive and may otherwise impact our business operations negatively. Although we have policies, controls and procedures designed to help ensure compliance with applicable laws, there can be no assurance that our employees, contractors, suppliers, customers or agents will not violate such laws or our policies. Violations of these laws and regulations can result in fines; additional costs related to governmental investigations; criminal sanctions against us, our officers or our employees; prohibitions on the conduct of our business; and damage to our reputation. **Current (2026):** A significant portion of our hiring, new customers and revenue growth in recent years has been attributable to our business outside the U.S. Our operations in international countries subject us to risks that may increase our costs, impact our financial results, disrupt our operations or make our operations less efficient and require significant management attention. These risks 15 15 15 Table of Contents Table of Contents include: foreign exchange rate risks; uncertainty regarding liability for content or services, including uncertainty as a result of local laws and lack of legal precedent; loss of revenues if the U.S. or international governments impose limitations on doing business with significant current or potential customers; difficulty in staffing, training, developing and managing international operations as a result of distance, language, cultural differences, differences in employee/employer relationships or regulations; theft of intellectual property in high-risk countries where we operate; difficulties in enforcing contracts, collecting accounts and longer payment cycles in certain countries; difficulties in transferring funds from, or converting currencies in, certain countries; managing the costs and processes necessary to comply with export control, sanctions, anti-bribery and anti-corruption, data protection, cybersecurity and competition laws and regulations or other regulatory or contractual limitations on our ability to sell or develop our products and services in certain international markets; changes in regulatory rules or policies or changes in government enforcement priorities and resources; macroeconomic developments and changes in the labor markets in which we operate; geopolitical developments, including increasing international tensions or any that impact our or our customers' ability to operate in or deliver content to a country; other circumstances outside of our control such as trade disputes, including the imposition of tariffs by the United States on imports from certain countries and any resulting counter-tariffs or macroeconomic impacts, political unrest, warfare, military or armed conflict, such as the Russian invasion of Ukraine, the Israel-Hamas war, and periodic escalations involving Israel and Iran or Hezbollah, as well as broader military confrontations involving the United States, terrorist attacks, public health emergencies, energy crises and natural disasters that could disrupt our ability to provide services or limit customer purchases of them. For example, approximately six percent of our global employees are located in Israel and have been and may continue to be impacted by hostilities in the region, including being required to report for military duty, which could impact our ability to operate and successfully complete ongoing initiatives. In addition, we are subject to laws and regulations worldwide that differ among jurisdictions and may change, affecting our operations in areas such as intellectual property ownership and infringement; tax; anti-bribery and anti-corruption; technology sovereignty, internet, technology and export regulations; so-called "fair share" or internet content taxes; foreign exchange controls and cash repatriation; data privacy; cyber security; competition; consumer protection; corporate sustainability; and employment and immigration. Compliance with such requirements can be onerous and expensive and may otherwise impact our business operations negatively. Although we have policies, controls and procedures designed to help ensure compliance with applicable laws, there can be no assurance that our employees, contractors, suppliers, customers, channel partners, intermediaries, agents or acquired businesses will not violate such laws or our policies, or that our controls will timely prevent, detect or remediate misconduct. Violations of these laws and regulations can result in fines or disgorgement of profits; additional costs related to internal or governmental investigations; remedial undertakings; contract damages, criminal sanctions against us, our officers or our employees; suspension or debarment; loss of licenses or certifications; prohibitions on the conduct of our business; and damage to our reputation. --- ## Modified: We may not be successful in our artificial intelligence initiatives, which could adversely affect our business, reputation, or financial results. **Key changes:** - Reworded sentence: "Artificial intelligence presents new risks, opportunities and challenges that may affect our business." - Reworded sentence: "Our AI focused initiatives, including AIC, may not be successful, and our competitors may incorporate AI into their products or market their AI solutions more successfully than us, which could impair our ability to compete effectively and adversely affect our financial results." **Prior (2025):** Artificial intelligence ("AI"), presents new risks and challenges that may affect our business. We have made, and expect to continue to make investments to integrate AI and machine learning technology into our products and solutions. Given the nature of AI technology, we face significant competition from other companies and an evolving regulatory landscape. Our AI efforts may not be successful and our competitors may incorporate AI into their products more successfully than us, which could impair our ability to compete effectively and adversely affect our financial results. The rapid evolution of AI combined with the uncertain and often inconsistent regulatory landscape may require significant additional resources and costs and could in some cases limit our ability to implement AI capabilities in our solutions or to use AI to support business operations. Further, data used to train AI-based systems may lead to harm to our reputation. Despite our implementation of programs designed to support responsible AI use and development, we may not successfully address all issues that may arise. For example, privacy concerns, user consent, supply chain security, transparency and the accuracy, completeness and suitability of data sets are all potential issues that could adversely affect our business, reputation, or financial results. **Current (2026):** Artificial intelligence presents new risks, opportunities and challenges that may affect our business. In addition to ongoing investments to integrate AI and machine learning technology into our existing products and solutions and to use AI to enhance our business operations, we recently launched AIC, a platform enabling AI inferencing at the edge of the internet, as a direct offering in the AI market. This introduces additional risks, as we now compete with established and emerging companies providing AI infrastructure and inference solutions. Given the nature of AI technology, we face significant competition from other companies and an evolving regulatory landscape. Our AI focused initiatives, including AIC, may not be successful, and our competitors may incorporate AI into their products or market their AI solutions more successfully than us, which could impair our ability to compete effectively and adversely affect our financial results. Further, the rapid evolution of AI combined with the uncertain, rapidly evolving and often inconsistent regulatory landscape may require significant additional resources and costs and could in some cases limit our ability to implement AI capabilities in our solutions or to use AI to support business operations. AI systems and third-party AI services that we use may also introduce operational resilience and stability risks that could disrupt our services or customers' workloads and adversely affect our business, reputation or financial results. Further, data used to train AI-based systems may lead to harm to our reputation or financial results. Use of AI that has been trained on open-source code repositories for code development, for instance, may increase intellectual property risks, as well as risks related to ingestion of malicious code. Despite our implementation of programs designed to support responsible and safe AI use and development, we may not successfully address all issues that may arise. For example, user misuse of AI capabilities, privacy concerns, user consent, supply chain security, AI-related export controls, transparency and the accuracy, completeness 20 20 20 Table of Contents Table of Contents and suitability of data sets are all potential issues that could adversely affect our business, reputation, or financial results. --- ## Modified: Global conditions have in the past and may in the future harm our industry, business and results of operations. **Key changes:** - Reworded sentence: "Because we operate globally, our business, revenues and profitability are impacted by global macroeconomic and geopolitical conditions." - Reworded sentence: "In addition, the current U.S." - Reworded sentence: "For example, these unfavorable economic conditions could slow our revenue growth or increase our operating costs, which could negatively impact our profitability." **Prior (2025):** We operate globally and as a result, our business, revenues and profitability are impacted by global macroeconomic conditions. The success of our activities is affected by general economic and market conditions, including, among others, inflation, foreign exchange rates, interest rates, tax rates, economic uncertainty, political instability, warfare, changes in laws, trade barriers, the actual or perceived failure or financial difficulties of financial institutions, reduced consumer confidence and spending and economic and trade sanctions. Global economic and geopolitical conditions can impact our customers, causing them to take cost-savings measures that can include optimization and "do-it-yourself", or DIY, initiatives, which can impact our revenues. For example, a large social media company has recently taken steps to lower costs and reduce reliance on U.S. providers by optimizing its platform, including a DIY component, which reduced traffic on our network and negatively impacted our revenue in 2024. The U.S. capital markets have experienced and may continue to experience extreme volatility and disruption in the recent past. Furthermore, inflation rates in the U.S. have been elevated compared to historical rates and have fluctuated. In addition, the Trump administration has indicated an intention to impose tariffs on certain countries that could adversely impact trade relations, result in higher costs and decreased purchasing power of our customers, put increased pressure on supply chains and create general market instability. Such economic volatility has in the past and could in the future adversely affect our business, financial condition, results of operations and cash flows and future market disruptions could negatively impact us. For example, these unfavorable economic conditions could increase our operating costs, which could 10 10 10 Table of Contents Table of Contents negatively impact our profitability. Geopolitical destabilization and warfare have impacted and could continue to impact global currency exchange rates, resources from our suppliers and our ability to operate or grow our business. Additionally, we have offices and employees located in regions that historically have and may again experience periods of political instability, warfare, changes in laws, trade barriers and economic and trade sanctions. Adverse conditions in these countries have in the past and may in the future affect our operations, including disruptions to our workforce, supply chains, networks, financial systems and other critical infrastructure, which could adversely affect our business, results of operations, financial condition and cash flows. For example, approximately six percent of our global employees are located in Israel and some of our employees have been mobilized as members of the Israeli military reserves. Should the Isreal-Hamas war continue, it could cause harm to our employees or otherwise impair their ability to work for extended periods of time. **Current (2026):** Because we operate globally, our business, revenues and profitability are impacted by global macroeconomic and geopolitical conditions. The success of our activities is affected by general economic, political and market conditions, including inflation, foreign exchange rates, interest rates, tax rates, economic uncertainty or contraction, political instability, warfare or acts of terrorism, public health crises, changes in laws, policy - and regulatory-related changes resulting from U.S. government actions and regulatory priorities, trade barriers including announced or expected tariffs, changes in export controls, the actual or perceived failure or financial difficulties of financial institutions, reduced consumer confidence and spending and economic and trade sanctions. Global economic and geopolitical conditions can impact our customers, potentially making non-U.S. companies reluctant to enter into contracts with U.S. providers or to permit cross-border data transfers. Such conditions can also cause customers to take cost-savings measures-such as optimization and DIY initiatives, reduction or delay of information technology spending, contract renegotiation and lengthening of procurement and sales cycles - which have in the past and may in the future negatively impact our revenues by reducing traffic on our network. The U.S. capital markets have recently experienced and may continue to experience extreme volatility and disruption, and inflation rates in the U.S. have been elevated compared to historical rates and have fluctuated. In addition, the current U.S. presidential administration has imposed or indicated an intention to impose tariffs or export controls (including on advanced computing and networking technologies and services) on certain countries that could further adversely impact trade relations, result in higher costs and decreased purchasing power of our customers, put increased pressure on supply chains and create general market instability. Such economic volatility has in the past and could in the future adversely affect our business, financial condition, results of operations and cash flows and future market disruptions could negatively impact us. For example, these unfavorable economic conditions could slow our revenue growth or increase our operating costs, which could negatively impact our profitability. Geopolitical destabilization, 11 11 11 Table of Contents Table of Contents the escalation of international tensions and warfare have impacted and could continue to impact global currency exchange rates, resources from our suppliers, availability or pricing of energy and other inputs, our ability to compete effectively and our ability to operate or grow our business. Cybersecurity threats can also intensify during periods of geopolitical destabilization, increasing the risk of attempted attacks on our systems, suppliers and customers. Additionally, we have offices and employees located in regions that historically have and may again experience periods of political instability, warfare or acts of terrorism, public health crises, changes in laws, trade barriers, and economic and trade sanctions. Adverse conditions in these countries or actions by them to adopt policies that are unfavorable to other countries in which we operate have in the past and may in the future affect our operations, including by causing disruptions to our workforce, supply chains, networks, financial systems and other critical infrastructure, which could adversely affect our business, results of operations, financial condition and cash flows. For example, approximately six percent of our global employees are located in Israel, and have in the past been impacted by the Israel-Hamas war or other hostilities in and around or involving Israel. Any escalations or conflicts impacting Israel, including periodic escalations, could cause harm to our employees or otherwise impair their ability to work for extended periods of time. --- ## Modified: Our failure to manage new risks as our business evolves and our work practices change could harm us. **Key changes:** - Removed sentence: "We believe our culture has been a key contributor to our success to date." - Reworded sentence: "Because most of our employees work remotely, we are subject to additional risks." - Removed sentence: "We rolled out our FlexBase program in May 2022, which allows the more than 95% of our workforce designated as flexible to choose to work from an Akamai office, their home office, an approved workspace, or a combination of all three." - Removed sentence: "This program could, among other things, negatively impact employee morale and productivity, inhibit our ability to effectively train new employees and impede our ability to support customers at the levels they expect." - Removed sentence: "In addition, certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations." **Prior (2025):** We believe our culture has been a key contributor to our success to date. As a result of the diversification of our business, personnel growth, the deployment of our FlexBase program, acquisitions and international expansion in recent years, most of our employees are now based outside of our Cambridge, Massachusetts headquarters. If we are unable to appropriately increase management depth, enhance succession planning and decentralize our decision-making at a pace commensurate with our actual or desired growth rates, we may not be able to achieve our financial or operational goals. It is also important to our continued success that we hire qualified personnel, properly train them and manage poorly-performing personnel, all while maintaining our corporate culture and spirit of innovation. If we are not successful in these efforts, our growth and operations could be adversely affected. We rolled out our FlexBase program in May 2022, which allows the more than 95% of our workforce designated as flexible to choose to work from an Akamai office, their home office, an approved workspace, or a combination of all three. This program could, among other things, negatively impact employee morale and productivity, inhibit our ability to effectively train new employees and impede our ability to support customers at the levels they expect. In addition, certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. Members of our workforce who access company data and systems remotely may not have access to technology that is as robust as that in our offices, which could cause the networks, information systems, applications and other tools available to those remote workers to be more limited or less reliable than in our offices. We may also be exposed to risks associated with the locations of remote workers, including compliance with local laws and regulations or exposure to compromised internet infrastructure. Further, if employees fail to inform us of changes in their work location, we may be exposed to additional risks without our knowledge. If we are unable to effectively maintain a hybrid workforce, manage the cybersecurity and other risks of remote work and maintain our corporate culture and workforce morale, our business could be harmed or otherwise negatively impacted. **Current (2026):** As a result of the diversification of our business, personnel growth, the deployment of our FlexBase program, acquisitions and international expansion in recent years, most of our employees are now based outside of our Cambridge, Massachusetts headquarters. Because most of our employees work remotely, we are subject to additional risks. For example, certain security systems in homes or other remote workplaces may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. If we are unable to effectively maintain a hybrid workforce, manage the cybersecurity and other risks of remote work and maintain our corporate culture and workforce morale, our business could be harmed or otherwise negatively impacted. Additionally, if we are unable to appropriately increase management depth, enhance succession planning and decentralize our decision-making at a pace commensurate with our actual or desired growth rates, we may not be able to achieve our financial or operational goals. It is also important to our continued success that we hire qualified personnel, integrate new employees from our recent acquisitions, properly train them and manage poorly-performing personnel, all while maintaining our corporate culture and spirit of innovation. If we are not successful in these efforts, our growth and operations could be adversely affected. --- ## Modified: Slowing, flat or limited revenue growth has in the past and may continue to negatively impact our profitability and stock price. **Key changes:** - Reworded sentence: "The overall revenue growth we have enjoyed in recent years may not continue and could decline, negatively impacting our profitability and stock price." - Reworded sentence: "Our ability to generate security revenue depends on our ability to increase our industry recognition as a provider of security solutions, navigate a highly competitive market, develop or acquire new solutions in a rapidly-changing environment where security threats are constantly evolving and ensure that our solutions operate effectively and are competitive with products offered by others, particularly as larger providers increasingly offer broader platforms of security services." **Prior (2025):** The overall revenue growth we have enjoyed in recent years may not continue in future periods and could decline, which could negatively impact our profitability and stock price. Our ability to generate revenue depends on the amount of services we deliver, continued growth in demand for our security, delivery and compute solutions and our ability to maintain the prices we charge for them. Revenue we generate from our delivery solutions is impacted by pricing pressure due to competition and fluctuations in content traffic as a result of, among other factors, changes in the popularity of our customers' content including video delivery and gaming, and economic pressures on our customers that can cause them to take steps to optimize their platforms, including through "do-it-yourself", or DIY, initiatives. For example, revenue from our delivery solutions increased significantly in 2020 due in large part to greater consumption of online media and games during the onset of the COVID-19 pandemic and the associated stay-at-home orders. However, as these orders were lifted and more return-to-work policies were adopted, our revenue from delivery solutions declined. In addition, a large social media company has recently taken steps to lower costs and reduce reliance on U.S. providers, including a DIY component, which we believe is in part a reaction to certain geopolitical pressures, and which has reduced traffic on our network and negatively impacted revenue in 2024. Other customers have and may continue to reduce their traffic with us, negatively impacting revenue. We have continued to experience revenue declines in our delivery solutions and expect this trend to continue in the near future. Our security solutions currently generate the largest portion of our revenue. Our ability to generate revenue in our security business depends on our ability to increase our industry recognition as a provider of security solutions, develop or acquire new solutions in a rapidly-changing environment where security threats are constantly evolving and ensure that our solutions operate effectively and are competitive with products offered by others. Further, security revenue for some products is impacted by traffic levels on our network and recently has, and may continue to be, negatively impacted by reduced traffic on our network, including the reduced traffic from a large social media company among other customers. In addition, an increasing proportion of our revenue has recently been generated by our compute solutions. Our ability to generate revenue in our compute business is dependent on our ability to successfully continue building our compute platform, attract a customer base that has traditionally partnered with more established companies in the compute industry, and develop effective, price competitive and attractive solutions. If we are unable to increase revenues, our profitability and stock price could suffer. See the risk factor titled, "Global conditions have in the past and may in the future harm our industry, business and results of operations" below. **Current (2026):** The overall revenue growth we have enjoyed in recent years may not continue and could decline, negatively impacting our profitability and stock price. Our ability to generate revenue depends on the amount of services we deliver, continued growth in demand for our security, delivery and cloud computing solutions and our ability to maintain or increase the prices we charge for them. If we are unable to increase revenues, our profitability and stock price could suffer. Revenue from our delivery solutions is impacted by pricing pressure due to competition and fluctuations in content traffic as a result of, among other factors, changes in the popularity of our customers' content including video delivery and gaming, and economic pressures on our customers that can cause them to take steps to optimize their platforms, including through "do-it-yourself" ("DIY") initiatives or redistributing traffic among multiple providers. Such steps by our customers have in the past and may in the future reduce traffic on our network, negatively impacting revenue. Although the rate of decline has diminished in recent periods, we have continued to experience revenue declines in our delivery solutions, and ongoing competition, pricing pressure, and potential further shifts toward DIY or alternative sourcing strategies may continue to impact our delivery revenue. Our security solutions currently generate the largest portion of our revenue. Our ability to generate security revenue depends on our ability to increase our industry recognition as a provider of security solutions, navigate a highly competitive market, develop or acquire new solutions in a rapidly-changing environment where security threats are constantly evolving and ensure that our solutions operate effectively and are competitive with products offered by others, particularly as larger providers increasingly offer broader platforms of security services. Further, competition and pricing pressure has, and may continue to impact, revenue of certain of our security solutions, including during contract renewals. Reduced traffic levels on our network has in the past, and may in the future, negatively impact revenue from our security solutions. In addition, an increasing proportion of our revenue has been generated by our cloud computing solutions. Our ability to generate revenue in our cloud computing solutions depends on our ability to successfully continue building our compute platform, developing AI capabilities, attract a customer base that has traditionally partnered with more established companies in the cloud computing industry, develop effective, price competitive and attractive solutions and increase prices without reducing customer adoption, usage or retention. --- ## Modified: Other regulatory developments could negatively impact our business. **Key changes:** - Reworded sentence: "and international laws and regulations that apply to the internet, including content liability, security requirements, law enforcement access to information, critical infrastructure, net neutrality, so-called "fair share" or internet content taxes, international data transfer restrictions, sanctions, export controls, restrictions on social media or other platforms, applications or content, as well as developing regulatory concerns related to digital or cloud sovereignty, could pose risks to our revenues, intellectual property and customer relationships and could increase expenses or create other disadvantages to our business." - Reworded sentence: "Communications Decency Act ("Section 230"), gives websites that host user-generated content broad protection from legal liability for content posted on their sites." - Reworded sentence: "In addition, laws and regulations related to content could cause internet service providers, or others, to block our products in order to enforce content-blocking efforts." - Added sentence: "21 21 21 Table of Contents Table of Contents Certain jurisdictions are adopting or tightening data localization and data residency requirements that restrict where customer or employee data may be stored, processed, accessed or encrypted." - Added sentence: "In the U.S., regulators are increasingly scrutinizing and restricting certain personal data transfers and transactions involving foreign countries." **Prior (2025):** U.S. and international laws and regulations that apply to the internet related to, among other things, content liability, security requirements, law enforcement access to information, critical infrastructure, net neutrality, so-called "fair share" or internet content taxes, international data transfer restrictions, sanctions, export controls and restrictions on social media or other platforms, applications or content could pose risks to our revenues, intellectual property and customer relationships as well as increase expenses or create other disadvantages to our business. Section 230 of the U.S. Communications Decency Act, often referred to as Section 230, gives websites that host user-generated content broad protection from legal liability for content posted on their sites. Proposals to repeal or amend Section 230 could expose us to greater legal liability in the conduct of our business. Our Acceptable Use Policy prohibits customers from using our network to deliver illegal or inappropriate content; if customers violate that policy, we may nonetheless face reputational damage, enforcement actions or lawsuits related to their content. Further, laws and regulations related to content could cause internet service providers, or others, to block our products in order to enforce content-blocking efforts. Efforts to block a single product or domain name may end up blocking a number of other products or domain names in an overbroad manner that could affect our business. Regulations have also been enacted or proposed in a number of countries that limit the delivery of certain types of content into those countries. Enactment and expansion of such laws and regulations would negatively impact our revenues. For example, restrictions were adopted in India in 2020 prohibiting access to identified Chinese-owned applications which caused a reduction in revenue to us. In addition, in April 2024, the U.S. government passed legislation that prohibited the provision of certain types of services to a Chinese application if the application was not sold to a neutral third party by January 19, 2025. The Chinese application was not sold to a neutral third party by the January 19th deadline, but President Trump subsequently signed an executive order instructing the U.S. Attorney General to not take any action to enforce the passed legislation for a period of 75 days from January 20, 2025. The Attorney General has since determined that our provision of services to this customer has not violated the law and that we can continue providing services as contemplated by the Executive Order without violating the law and without incurring any legal liability. In the past year, this customer has taken steps to lower costs and reduce reliance on U.S. providers by optimizing its platform, including using a DIY component. This has negatively impacted revenue growth rates in 2024, and we expect revenue from this customer to decline over the next few years, regardless of whether this legislation is enforced or takes effect. It is difficult to predict whether the passed legislation will ultimately be enforced and whether any future judicial challenges brought against the Executive Order will be successful. Even though President Trump has extended the enforcement deadline for a ban on the Chinese application, there is no assurance that we will not be exposed to liability and we may be exposed to significant fines, litigation, indemnification claims, negative publicity, reputational harm, diversion of management attention, interruptions in our operations, financial loss and other similar harms by continuing to provide services to the Chinese application. In addition, enactment and expansion of laws related to the use of artificial intelligence and machine learning in our operations and increased regulation of cloud service providers also could increase the costs of doing business, subject us to potential liability or regulatory risk and introduce other disadvantages to our business, including brand or reputational harm. Interpretations of laws or regulations that would subject us to regulatory enforcement actions, supervision or, in the alternative, require us to exit a line of business or a country, could lead to the loss of significant revenues and have a negative impact on the 20 20 20 Table of Contents Table of Contents quality of our solutions. Engineering efforts to build new capabilities to facilitate compliance with law enforcement access requirements, content access restrictions or other regulations could require us to take on substantial expenses and divert engineering resources from other projects. These circumstances could harm our profitability. **Current (2026):** U.S. and international laws and regulations that apply to the internet, including content liability, security requirements, law enforcement access to information, critical infrastructure, net neutrality, so-called "fair share" or internet content taxes, international data transfer restrictions, sanctions, export controls, restrictions on social media or other platforms, applications or content, as well as developing regulatory concerns related to digital or cloud sovereignty, could pose risks to our revenues, intellectual property and customer relationships and could increase expenses or create other disadvantages to our business. Section 230 of the U.S. Communications Decency Act ("Section 230"), gives websites that host user-generated content broad protection from legal liability for content posted on their sites. Proposals to repeal or amend Section 230 could expose us to greater legal liability in the conduct of our business. Our Acceptable Use Policy prohibits customers from using our network to deliver illegal or inappropriate content; if customers violate that policy, we may nonetheless face reputational damage, enforcement actions or lawsuits related to their content. In addition, laws and regulations related to content could cause internet service providers, or others, to block our products in order to enforce content-blocking efforts. Efforts to block a single product or domain name may end up blocking a number of other products or domain names in an overbroad manner that could affect our business. 21 21 21 Table of Contents Table of Contents Certain jurisdictions are adopting or tightening data localization and data residency requirements that restrict where customer or employee data may be stored, processed, accessed or encrypted. In the U.S., regulators are increasingly scrutinizing and restricting certain personal data transfers and transactions involving foreign countries. For example, the Department of Justice's January 8, 2025, rule on "Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons," prohibits data brokerage transactions involving certain sensitive personal data categories to countries of concern, including China. The regulations also restrict certain investment agreements, employment agreements and vendor agreements involving such data and countries of concern, absent specified cybersecurity controls. Some jurisdictions, particularly the European Union (the "EU"), are also exploring broader "digital sovereignty" frameworks placing operational, ownership, and control requirements that must be met to provide services to certain markets or sectors. These measures have gathered steam over the past year based on the emergence of geopolitical tensions, including between the US and Europe. Together with limits on cross‑border data transfers and government access or audit obligations, they may prevent us from providing services in certain cases, or require us to provide in‑country or region‑specific hosting, rely on designated local partners, modify or limit features, or maintain segregated environments and duplicative infrastructure, routing, logging and support models. These developments could decrease our addressable market, increase our costs and complexity, lengthen sales cycles, limit the functionality or performance of our services in some markets and reduce economies of scale. These risks may accelerate or vary by region due to geopolitical factors, including changes in sanctions, export or import controls, tariffs and other trade restrictions, or regional conflicts. Regulations have also been enacted or proposed in a number of countries that limit the delivery of certain types of content into those countries. Enactment and expansion of such laws and regulations would negatively impact our revenues. For example, restrictions were adopted in India in 2020 prohibiting access to identified Chinese-owned applications which caused a reduction in revenue to us. In addition, in April 2024, the U.S. government enacted the Protecting Americans from Foreign Adversary Controlled Applications Act ("PAFACA"), which, among other things, prohibited the provision of certain types of services to a Chinese application if the application was not sold to a neutral third party by January 19, 2025. The President of the United States subsequently signed a series of Executive Orders delaying enforcement of the legislation, culminating with an Executive Order issued on September 25, 2025, which declared that a proposed sale of the Chinese-owned application's U.S. operations to a new joint-venture company complied with PAFACA's divestiture requirements and extended non-enforcement of PAFACA until January 23, 2026. These Executive Orders further directed the Department of Justice to issue guidance and letters stating there was no violation and no liability for conduct during the PAFACA non-enforcement periods, resulting in Akamai's receipt of an Attorney General determination that Akamai services had not violated the law and that we could continue providing services as contemplated by the Executive Orders without violating the law and without incurring any legal liability. On January 22, 2026, the divestiture was finalized, and a new U.S.-based joint venture assumed operation of the U.S. application. Although the divestiture has been completed, certain aspects of the transaction could be subject to future governmental review or litigation. Further, it is difficult to predict whether any future legislative, regulatory or judicial actions, including those that may be brought against the Executive Orders, will be successful. There is no assurance that we will not be exposed to liability, and we may face significant fines, litigation, indemnification claims, negative publicity, reputational harm, diversion of management attention, interruptions in our operations, financial loss and other similar harms by continuing to provide services to this customer. In addition, enactment and expansion of laws related to the use of AI and machine learning in our operations and increased regulation of cloud service providers also could increase the costs of doing business, subject us to potential liability or regulatory risk and introduce other disadvantages to our business, including brand or reputational harm. U.S. states have advanced and, in some cases, enacted numerous AI governance laws, creating a complicated legislative patchwork that may be litigated in state and federal courts, notwithstanding a December 2025 executive order endorsing a federal moratorium on enforcement of state AI laws. In Europe, the EU began implementing the Artificial Intelligence Act (the "AI Act") on August 1, 2024, with significant provisions scheduled to take effect in August 2026. The AI Act, which may be amended as part of the EU's Digital Omnibus, imposes significant obligations on providers and deployers of high-risk AI systems, and non-compliance can lead to substantial fines. If we develop or use AI systems governed by these laws or regulations, we may face burdensome and costly compliance obligations relating to data quality, transparency, human oversight, and ethical and administrative requirements, as well as significant enforcement actions or litigation in the event of any perceived non-compliance. Interpretations of laws or regulations that would subject us to regulatory enforcement actions, supervision or, alternatively, require us to exit a line of business or a country, could lead to the loss of significant revenues and have a negative impact on the quality of our solutions. Engineering efforts to build new capabilities to facilitate compliance with law enforcement access requirements, content access restrictions or other regulations could require us to take on substantial expenses and divert engineering resources from other projects. These circumstances could harm our profitability. 22 22 22 Table of Contents Table of Contents --- *Data sourced from SEC EDGAR. Last updated 2026-06-01.*