---
ticker: AMZN
company: Amazon.com Inc.
filing_type: 10-K
year_current: 2025
year_prior: 2024
risks_added: 0
risks_removed: 0
risks_modified: 1
risks_unchanged: 23
source: SEC EDGAR
url: https://riskdiff.com/amzn/2025-vs-2024/
markdown_url: https://riskdiff.com/amzn/2025-vs-2024/index.md
generated: 2026-05-10
---

# Amazon.com Inc.: 10-K Risk Factor Changes 2025 vs 2024

> Source: U.S. Securities and Exchange Commission (EDGAR)  
> Generated: 2026-05-10  
> All data extracted directly from official filings. No hallucinated content.

> **[AI-Generated Summary]** The paragraph below was produced by a language
> model and may contain errors. All other content on this page is deterministically
> extracted from the original SEC filing.

> Amazon's 2025 10-K Risk Factors section shows minimal structural change, with only one risk factor substantively modified while 23 risks remained unchanged. The modified risk - "We Could Be Harmed by Data Loss or Other Security Incidents" - reflects Amazon's updated approach to disclosing cybersecurity and data protection concerns. No new risks were added and no existing risks were removed between the 2024 and 2025 filings.

---

## Summary

| Status | Count |
|--------|-------|
| New risks added | 0 |
| Risks removed | 0 |
| Risks modified | 1 |
| Unchanged | 23 |

---

## Modified: We Could Be Harmed by Data Loss or Other Security Incidents

**Key changes:**

- Reworded sentence: "Because we collect, process, store, and transmit large amounts of data, including confidential, classified, sensitive, proprietary, and business and personal information, failure to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting our or our vendors' or customers' technology, products, and systems, could: expose us or our customers to a risk of loss, disclosure, or misuse of such information; adversely affect our operating results; result in litigation, liability, or regulatory action (including under laws related to privacy, data use, data protection, data security, network security, and consumer protection); deter customers or sellers from using our stores, products, and services; and otherwise harm our business and reputation."
- Reworded sentence: "Some of our systems have experienced past security incidents, and, although they did not have a material adverse effect on our operating results, there can be no assurance that future incidents will not have material adverse effects on our operations or financial results."

**Prior (2024):**

Because we collect, process, store, and transmit large amounts of data, including confidential, classified, sensitive, proprietary, and business and personal information, failure to prevent or mitigate data loss, theft, misuse, unauthorized access, or other security breaches or vulnerabilities affecting our or our vendors' or customers' technology, products, and systems, could: expose us or our customers to a risk of loss, disclosure, or misuse of such information; adversely affect our operating results; result in litigation, liability, or regulatory action (including under laws related to privacy, data use, data protection, data security, network security, and consumer protection); deter customers or sellers from using our stores, products, and services; and otherwise harm our business and reputation. We use third-party technology and systems for a variety of reasons, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, and other functions. Some of our systems have experienced past security breaches, and, although they did not have a material adverse effect on our operating results, there can be no assurance that future incidents will not have material adverse effects on our operations or financial results. Although we have developed systems and processes that are designed to protect customer data and prevent such incidents, including systems and processes designed to reduce the impact of a security breach at a third-party vendor or customer, such measures cannot provide absolute security and may fail to operate as intended or be circumvented.

**Current (2025):**

Because we collect, process, store, and transmit large amounts of data, including confidential, classified, sensitive, proprietary, and business and personal information, failure to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access, or other security incidents or vulnerabilities affecting our or our vendors' or customers' technology, products, and systems, could: expose us or our customers to a risk of loss, disclosure, or misuse of such information; adversely affect our operating results; result in litigation, liability, or regulatory action (including under laws related to privacy, data use, data protection, data security, network security, and consumer protection); deter customers or sellers from using our stores, products, and services; and otherwise harm our business and reputation. We use third-party technology and systems for a variety of reasons, including, without limitation, encryption and authentication technology, employee email, content delivery to customers, back-office support, and other functions. Some of our systems have experienced past security incidents, and, although they did not have a material adverse effect on our operating results, there can be no assurance that future incidents will not have material adverse effects on our operations or financial results. Although we have developed systems and processes that are designed to protect customer data and prevent, detect, or mitigate such incidents, including systems and processes designed to reduce the impact of a security incident at a third-party vendor or customer, such measures cannot provide absolute security and may fail to operate as intended or be circumvented.

---

*Data sourced from SEC EDGAR. Last updated 2026-05-10.*