Amazon.com Inc.: 10-K Risk Factor Changes

2025 vs 2024  ·  SEC EDGAR  ·  2026-05-10
Other years: 2026 vs 2025 · 2024 vs 2023
⚠ AI-Generated

The summary below was generated by an AI language model and may contain errors or omissions. All other content on this page is deterministically extracted from the original SEC EDGAR filing.

Amazon's 2025 10-K Risk Factors section shows minimal structural change, with only one risk factor substantively modified while 23 risks remained unchanged. The modified risk - "We Could Be Harmed by Data Loss or Other Security Incidents" - reflects Amazon's updated approach to disclosing cybersecurity and data protection concerns. No new risks were added and no existing risks were removed between the 2024 and 2025 filings.

✓ Deterministic extraction — no AI-generated data

Classification is based on semantic text similarity scoring and may include approximations. “No match” means no high-confidence textual match was found — not necessarily that a section was removed.

0
New Risks
0
Removed
1
Modified
23
Unchanged
🟡 Modified

We Could Be Harmed by Data Loss or Other Security Incidents

high match confidence

Sentence-level differences:

  • Reworded sentence: "Because we collect, process, store, and transmit large amounts of data, including confidential, classified, sensitive, proprietary, and business and personal information, failure to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting our or our vendors’ or customers’ technology, products, and systems, could: expose us or our customers to a risk of loss, disclosure, or misuse of such information; adversely affect our operating results; result in litigation, liability, or regulatory action (including under laws related to privacy, data use, data protection, data security, network security, and consumer protection); deter customers or sellers from using our stores, products, and services; and otherwise harm our business and reputation."
  • Reworded sentence: "Some of our systems have experienced past security incidents, and, although they did not have a material adverse effect on our operating results, there can be no assurance that future incidents will not have material adverse effects on our operations or financial results."

Current (2025):

Because we collect, process, store, and transmit large amounts of data, including confidential, classified, sensitive, proprietary, and business and personal information, failure to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security…

Read full text

Because we collect, process, store, and transmit large amounts of data, including confidential, classified, sensitive, proprietary, and business and personal information, failure to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting our or our vendors’ or customers’ technology, products, and systems, could: expose us or our customers to a risk of loss, disclosure, or misuse of such information; adversely affect our operating results; result in litigation, liability, or regulatory action (including under laws related to privacy, data use, data protection, data security, network security, and consumer protection); deter customers or sellers from using our stores, products, and services; and otherwise harm our business and reputation. We use third-party technology and systems for a variety of reasons, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, and other functions. Some of our systems have experienced past security incidents, and, although they did not have a material adverse effect on our operating results, there can be no assurance that future incidents will not have material adverse effects on our operations or financial results. Although we have developed systems and processes that are designed to protect customer data and prevent, detect, or mitigate such incidents, including systems and processes designed to reduce the impact of a security incident at a third-party vendor or customer, such measures cannot provide absolute security and may fail to operate as intended or be circumvented.

View prior text (2024)

Because we collect, process, store, and transmit large amounts of data, including confidential, classified, sensitive, proprietary, and business and personal information, failure to prevent or mitigate data loss, theft, misuse, unauthorized access, or other security breaches or vulnerabilities affecting our or our vendors’ or customers’ technology, products, and systems, could: expose us or our customers to a risk of loss, disclosure, or misuse of such information; adversely affect our operating results; result in litigation, liability, or regulatory action (including under laws related to privacy, data use, data protection, data security, network security, and consumer protection); deter customers or sellers from using our stores, products, and services; and otherwise harm our business and reputation. We use third-party technology and systems for a variety of reasons, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, and other functions. Some of our systems have experienced past security breaches, and, although they did not have a material adverse effect on our operating results, there can be no assurance that future incidents will not have material adverse effects on our operations or financial results. Although we have developed systems and processes that are designed to protect customer data and prevent such incidents, including systems and processes designed to reduce the impact of a security breach at a third-party vendor or customer, such measures cannot provide absolute security and may fail to operate as intended or be circumvented.