Broadcom Inc.: 10-K Risk Factor Changes

•Changes in tax legislation or policies could materially impact our financial position and results of operations. •Our corporate income taxes could significantly increase if we are unable to maintain our tax concessions or if our assumptions and interpretations regarding tax laws and concessions prove to be incorrect. •Our income taxes and overall cash tax costs are affected by a number of factors that could materially, adversely affect financial results. •We have potential tax liabilities as a result of VMware’s former controlling ownership by Dell, which could have an adverse effect on our financial condition and operating results.

•Changes in tax legislation or policies could materially impact our financial position and results of operations. •Our corporate income taxes could significantly increase if we are unable to maintain our tax concessions or if our assumptions and interpretations regarding tax laws and concessions prove to be incorrect. •Our income taxes and overall cash tax costs are affected by a number of factors that could materially, adversely affect financial results.

Significant judgment is required in determining our worldwide income taxes. In the ordinary course of our business, there are many transactions where the ultimate tax determination is uncertain. Additionally, our calculations of income taxes payable currently and on a deferred basis are based on our interpretations of applicable tax laws in the jurisdictions in which we are required to file tax returns. Although we believe our tax estimates are reasonable, there is no assurance that the final determination of our income tax liability will not be materially different than what is reflected in our income tax provisions and accruals. Our income taxes are subject to volatility and could be adversely affected by numerous factors including: •reorganization or restructuring of our businesses, tangible and intangible assets, outstanding indebtedness and corporate structure, including business combinations; •jurisdictional mix of our income and assets; •changes in the allocation of income and expenses, including adjustments related to changes in our corporate structure, acquisitions or tax law; •changes in U.S and foreign tax laws and regulations, changes to the taxation of earnings of foreign subsidiaries, taxation of U.S. income generated from foreign sources, the deductibility of expenses attributable to income and foreign tax credit rules; •tax effects of increases in non-deductible employee compensation; and •changes in tax accounting rules or principles and in the valuation of deferred tax assets and liabilities. 31 31 31 Table of Contents Table of Contents We have adopted transfer pricing policies that call for the provision of services, the sale of products, the arrangement of financing and the grant of licenses from one affiliate to another at prices that we believe are negotiated on an arm’s length basis. Our taxable income is dependent upon acceptance by local authorities that our operational practices and intercompany transfer pricing are on an arm’s length basis. Due to inconsistencies in application of the arm’s length standard among taxing authorities, as well as lack of comprehensive treaty-based protection, transfer pricing challenges by tax authorities could, if successful, result in adjustments for prior or future years. The effects of any such changes could subject us to higher taxes and our earnings, results of operations and cash flow would be adversely affected. Further, we are subject to, and are under, tax audit in various jurisdictions, and such jurisdictions may assess additional income tax against us. Although we believe our tax positions are reasonable, the final determination of tax audits could be materially different from our income tax provisions and accruals. The ultimate result of an audit could have a material adverse effect on our results of operations and cash flows in the period or periods for which that determination is made. As a result of the VMware Merger, we are subject to tax audits in various jurisdictions for the Dell consolidated group, of which VMware was a member beginning in Dell’s fiscal year 2017 until November 2021. While VMware is no longer a member of the Dell consolidated group, it is still subject to audit for the periods in which it was member of the Dell consolidated group. While we believe VMware’s positions are reasonable, the final determination of tax audits could be materially different from our income tax provisions and accruals. Further, pursuant to a tax agreement VMware and Dell, in the event VMware becomes subject to audits as a member of Dell’s consolidated group, Dell has authority to control the audit and represent Dell and our interests, could limit our ability to affect the outcome of such audits.

Significant judgment is required in determining our worldwide income taxes. In the ordinary course of our business, there are many transactions where the ultimate tax determination is uncertain. Additionally, our calculations of income taxes payable currently and on a deferred basis are based on our interpretations of applicable tax laws in the jurisdictions in which 29 29 29 Table of Contents Table of Contents we are required to file tax returns. Although we believe our tax estimates are reasonable, there is no assurance that the final determination of our income tax liability will not be materially different than what is reflected in our income tax provisions and accruals. Our income taxes are subject to volatility and could be adversely affected by numerous factors including: •reorganization or restructuring of our businesses, tangible and intangible assets, outstanding indebtedness and corporate structure; •jurisdictional mix of our income and assets; •changes in the allocation of income and expenses, including adjustments related to changes in our corporate structure, acquisitions or tax law; •changes in U.S and foreign tax laws and regulations, changes to the taxation of earnings of foreign subsidiaries, taxation of U.S. income generated from foreign sources, the deductibility of expenses attributable to income and foreign tax credit rules; •tax effects of increases in non-deductible employee compensation; and •changes in tax accounting rules or principles and in the valuation of deferred tax assets and liabilities. We have adopted transfer pricing policies that call for the provision of services, the sale of products, the arrangement of financing and the grant of licenses from one affiliate to another at prices that we believe are negotiated on an arm’s length basis. Our taxable income is dependent upon acceptance by local authorities that our operational practices and intercompany transfer pricing are on an arm’s length basis. Due to inconsistencies in application of the arm’s length standard among taxing authorities, as well as lack of comprehensive treaty-based protection, transfer pricing challenges by tax authorities could, if successful, result in adjustments for prior or future years. The effects of any such changes could subject us to higher taxes and our earnings, results of operations and cash flow would be adversely affected. In addition, we are subject to, and are under, tax audit in various jurisdictions, and such jurisdictions may assess additional income tax against us. Although we believe our tax positions are reasonable, the final determination of tax audits could be materially different from our income tax provisions and accruals. The ultimate result of an audit could have a material adverse effect on our results of operations and cash flows in the period or periods for which that determination is made.

Our business depends on a wide variety of complex IT systems and services, including cloud-based and other critical corporate services relating to, among other things, product research and development, financial reporting, product orders and fulfillment, HR, benefit plan administration, IT network management, and electronic communication and collaboration services. These systems and services are both internally managed and outsourced, and in many cases we rely upon third-party data centers. Any failure of these internal or third-party systems and services to operate effectively could disrupt our operations and could have a material adverse effect on our business, financial condition and results of operations. Our operations are dependent upon our ability to protect our IT infrastructure against damage from business continuity events that could have a significant disruptive effect. Although these systems are designed to protect and secure our customers’, suppliers’ and employees’ confidential information, as well as our own proprietary information, we are, out of necessity, dependent on our vendors to adequately address cyber security threats to their own systems. In addition, software products we use and technologies produced by us have occasionally had in the past and may have in the future, vulnerabilities that, if left unmitigated, could reduce the overall level of security of the systems on which the software is installed. Cyber-attacks are increasing in number and sophistication, are well-financed, in some cases supported by state actors, and are designed to not only attack, but also to evade detection. Since the techniques used to obtain unauthorized access to systems, or to otherwise sabotage them, change frequently and are often not recognized until launched against a target, we 19 19 19 Table of Contents Table of Contents may be unable to anticipate these techniques or to implement adequate preventative measures. As a critical vendor in the digital supply chain for both governmental entities and critical infrastructure operators, we and our products may be targeted by those seeking to threaten the confidentiality, integrity and availability of systems supporting essential public services. Geopolitical instability may increase the likelihood that we will experience direct or collateral consequences from cyber conflicts between nation-states or other politically motivated actors targeting critical technology infrastructure. Accidental or willful security breaches or other unauthorized access to our information systems or the systems of our service providers and business partners, or the existence of computer viruses or malware (such as ransomware) in our or their data or software have in the past, and could in the future, expose us to a risk of information loss, business disruption, and misappropriation of proprietary and confidential information, including information relating to our products or customers and the personal information of our employees or third parties. Such an event could disrupt our business and result in, among other things, unfavorable publicity, damage to our reputation, loss of our trade secrets and other competitive information, litigation by affected parties and possible financial obligations for liabilities and damages related to the theft or misuse of such information, significant remediation costs, disruption of key business operations and significant diversion of our resources, as well as fines and other sanctions resulting from any related breaches of data privacy regulations (such as the General Data Protection Regulation), any of which could have a material adverse effect on our business, profitability and financial condition. While we may be entitled to damages if our vendors fail to perform under their agreements with us, any award may be insufficient to cover the actual costs incurred by us and, as a result of a vendor’s failure to perform, we may be unable to collect any damages. Despite our internal controls and investment in security measures, we have, from time to time, been subject to disruptive cyber-attacks and unauthorized network intrusions and malware on our own IT networks or those of our service providers or business partners. Although no such cyber security incidents have been material to Broadcom, we continue to devote resources to protect our systems and data from unauthorized access or misuse, and we may be required to expend greater resources in the future. Businesses we acquire may increase the scope and complexity of our IT networks, and this may increase our risk exposure to cyber-attacks when there are difficulties integrating diverse legacy systems that support operations for the acquired businesses. In addition, certain aspects of effective cybersecurity are dependent upon our employees, contractors and other trusted partners reliably safeguarding secrets (e.g., application credentials) and adhering to our security policies and access control mechanisms. We have in the past experienced, and expect in the future to experience, security incidents arising from a failure to properly handle such secrets or adhere to such policies and, although no such events have had a material adverse effect on our business, there can be no assurance that an insider threat will not result in an incident that is material to Broadcom. Our logging, alerting and cyber incident detection mechanisms may not cover every system potentially targeted by threat actors, may not have the capability to detect certain types of unauthorized activities, and may not capture and surface information sufficient to enable us to timely detect and take responsive action to insider or external threats. U.S. and foreign regulators, as well as customers and service providers, have also increased their focus on cyber security vulnerabilities and risks. Compliance with laws, regulations, and contractual provisions concerning privacy, cyber security, secure technology development, data governance, data protection, confidentiality and IP could result in significant expense, and any failure to comply could result in proceedings against us by regulatory authorities or other third parties and may also increase our overall compliance burden.

Our business depends on various internally managed IT systems and outsourced IT services, including cloud-based and other critical corporate infrastructure services relating to, among other things, financial reporting, product orders and shipping, human resources, benefit plan administration, IT network development, network monitoring and electronic communication services, as well as third-party data centers. Any failure of these internal or third-party systems and services to operate effectively could disrupt our operations and could have a material adverse effect on our business, financial condition and results of operations. Our operations are dependent upon our ability to protect our IT infrastructure against damage from business continuity events that could have a significant disruptive effect. Although these systems are designed to protect and secure our customers’, suppliers’ and employees’ confidential information, as well as our own proprietary information, we are, out of necessity, dependent on our vendors to adequately address cyber security threats to their own systems. In addition, software products we use (including technologies produced by us) have occasionally had in the past and may have in the future, vulnerabilities that, if left unmanaged, could reduce the overall level of security of the systems on which the software is installed. 23 23 23 Table of Contents Table of Contents Cyber-attacks are increasing in number and sophistication, are well-financed, in some cases supported by state actors, and are designed to not only attack, but also to evade detection. Since the techniques used to obtain unauthorized access to systems, or to otherwise sabotage them, change frequently and are often not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. Geopolitical instability, such as Russia’s invasion of Ukraine, may increase the likelihood that we will experience direct or collateral consequences from cyber conflicts between nation-states or other politically motivated actors targeting critical technology infrastructure. Accidental or willful security breaches or other unauthorized access to our information systems or the systems of our service providers, or the existence of computer viruses or malware (such as ransomware) in our or their data or software could expose us to a risk of information loss, business disruption, and misappropriation of proprietary and confidential information, including information relating to our products or customers and the personal information of our employees or third parties. Such an event could disrupt our business and result in, among other things, unfavorable publicity, damage to our reputation, loss of our trade secrets and other competitive information, litigation by affected parties and possible financial obligations for liabilities and damages related to the theft or misuse of such information, significant remediation costs, disruption of key business operations and significant diversion of our resources, as well as fines and other sanctions resulting from any related breaches of data privacy regulations (such as the General Data Protection Regulation), any of which could have a material adverse effect on our business, profitability and financial condition. While we may be entitled to damages if our vendors fail to perform under their agreements with us, any award may be insufficient to cover the actual costs incurred by us and, as a result of a vendor’s failure to perform, we may be unable to collect any damages. Despite our internal controls and investment in security measures, we have, from time to time, been subject to disruptive cyber-attacks or there have been attempts of unauthorized network intrusions and malware on our own IT networks. Although no such cyber security incidents have been material to Broadcom, we continue to devote resources to protect our systems and data from unauthorized access or misuse, and we may be required to expend greater resources in the future. U.S. and foreign regulators have also increased their focus on cyber security vulnerabilities and risks. Compliance with laws and regulations concerning privacy, cyber security, data governance, and data protection could result in significant expense, and any failure to comply could result in proceedings against us by regulatory authorities or other third parties. Further, customers and service providers increasingly demand rigorous contractual, certification and audit provisions regarding privacy, cyber security, data governance, data protection, confidentiality, and IP, which may also increase our overall compliance burden.

As of October 29, 2023, the aggregate indebtedness under our senior notes was $40,815 million. Subsequent to the end of fiscal year 2023, we borrowed $30,390 million in term loans to finance the VMware Merger (the “2023 Term Loans”), and we assumed $8,250 million of VMware’s outstanding senior unsecured notes. Our substantial indebtedness could have important consequences including: •increasing our vulnerability to adverse general economic and industry conditions; •exposing us to interest rate risk as our 2023 Term Loans bear floating interest rates, which we do not typically hedge against; •limiting our flexibility in planning for, or reacting to, changes in the economy and the semiconductor industry; •placing us at a competitive disadvantage compared to our competitors with less indebtedness; •making it more difficult to borrow additional funds in the future to fund growth, acquisitions, working capital, capital expenditures and other purposes; and •potentially requiring us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing the availability of our cash flow to fund our other business needs. We receive debt ratings from the major credit rating agencies in the U.S. Factors that may impact our credit ratings include debt levels, planned asset purchases or sales and near-term and long-term production growth opportunities. Liquidity, asset quality, cost structure, reserve mix and commodity pricing levels could also be considered by the rating agencies. While we are focused on maintaining investment grade ratings from these agencies, we may be unable to do so. Any downgrade in our credit rating or the ratings of our indebtedness, or adverse conditions in the debt capital markets, could: •adversely affect the trading price of, or market for, our debt securities; •increase interest expense under our term facilities; •increase the cost of, and adversely affect our ability to refinance, our existing debt; and •adversely affect our ability to raise additional debt. 32 32 32 Table of Contents Table of Contents

As of October 30, 2022, the aggregate indebtedness under our senior notes was $41,218 million. This amount does not reflect any debt we expect to incur or assume in connection with the VMware Merger. Our substantial indebtedness could have important consequences including: •increasing our vulnerability to adverse general economic and industry conditions; •exposing us to interest rate risk due to our variable rate term facilities, which we do not typically hedge against; •limiting our flexibility in planning for, or reacting to, changes in the economy and the semiconductor industry; •placing us at a competitive disadvantage compared to our competitors with less indebtedness; •making it more difficult to borrow additional funds in the future to fund growth, acquisitions, working capital, capital expenditures and other purposes; and •potentially requiring us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing the availability of our cash flow to fund our other business needs. We receive debt ratings from the major credit rating agencies in the U.S. Factors that may impact our credit ratings include debt levels, planned asset purchases or sales and near-term and long-term production growth opportunities. Liquidity, asset quality, cost structure, reserve mix and commodity pricing levels could also be considered by the rating agencies. While we are focused on maintaining investment grade ratings from these agencies, we may be unable to do so. Any downgrade in our credit rating or the ratings of our indebtedness, or adverse conditions in the debt capital markets, could: •adversely affect the trading price of, or market for, our debt securities; •increase interest expense under our term facilities; •increase the cost of, and adversely affect our ability to refinance, our existing debt; and •adversely affect our ability to raise additional debt. 30 30 30 Table of Contents Table of Contents

Certain aspects of our software products are intended to manage and secure IT infrastructures and environments, and as a result, we expect these products to be ongoing targets of cyber-attacks. Open source code or other third-party software used in these products could also be targeted and may make our products vulnerable to additional security risks not posed by purely proprietary products. Our products are complex and, when deployed, may contain errors, defects or security vulnerabilities, some of which may not be discovered before the product has been released, installed and used by customers. The complexity and breadth of our technical and production environments, which involve globally dispersed development and engineering teams, increases the risk that errors, defects or vulnerabilities will be introduced and may delay our ability to detect, mitigate or remediate such incidents. In the past, elements of our proprietary source code have been exposed in an unauthorized manner. It is possible that such exposure of source code could reveal unknown security vulnerabilities in our products that could be exploited by malicious actors. Our products are also subject to known and unknown security vulnerabilities resulting from integration with third-party products or services. Although we continually seek to improve our countermeasures to prevent such incidents, we may be unable to anticipate every scenario and it is possible that certain cyber threats or vulnerabilities will be undetected or unmitigated in time to prevent an attack or an accidental incident on us and our customers. Additionally, efforts by malicious cyber actors or others could cause interruptions, delays or cessation of our product licensing, or modification of our software, which could cause us to lose existing or potential customers. A successful cyber-attack involving our products could cause customers and potential customers to believe our services are ineffective or unreliable and result in, among other things, the loss of customers, unfavorable publicity, damage to our reputation, difficulty in marketing our products, allegations by our customers that we have not performed our contractual obligations and give rise to significant costs, including costs related to developing solutions or indemnification obligations under our agreements. Any such event could adversely impact our revenue and results of operations. See also “An impairment of the confidentiality, integrity, or availability of our IT systems, or those of one or more of our corporate infrastructure vendors, could have a material adverse effect on our business”.

Certain aspects of our software products are intended to manage and secure IT infrastructures and environments, and as a result, we expect these products to be ongoing targets of cyber security attacks. Open source code or other third-party software used in these products could also be targeted. Although we continually seek to improve our countermeasures to prevent such incidents, we may be unable to anticipate every scenario and it is possible that certain cyber threats or vulnerabilities will be undetected or unmitigated in time to prevent an attack or an accidental incident on us and our customers. Additionally, efforts by malicious cyber actors or others could cause interruptions, delays or cessation of our product licensing, or modification of our software, which could cause us to lose existing or potential customers. A successful cyber security attack involving our products could cause customers and potential customers to believe our services are ineffective or unreliable and result in, among other things, the loss of customers, unfavorable publicity, damage to our reputation, difficulty in marketing our products, allegations by our customers that we have not performed our contractual obligations and give rise to significant costs, including costs related to developing solutions or indemnification obligations under our agreements. Any such event could adversely impact our revenue and results of operations. See also “An impairment of the confidentiality, integrity, or availability of our IT systems, or those of one or more of our corporate infrastructure vendors, could have a material adverse effect on our business”.

As part of our integration of the VMware business, we plan to focus on VMware’s core business of creating private and hybrid cloud environments among large enterprises globally and divesting non-core assets. If VMware customers do not accept this plan, the investments we have made or may make to implement this plan may be of no or limited value, we may lose customers, our financial results may be adversely affected and our stock price may suffer. Although we expect significant benefits to result from the VMware Merger, there can be no assurance that we will actually realize these benefits. Achieving these benefits will depend, in part, on our ability to integrate VMware's business successfully and efficiently. The challenges involved in this integration, which are complex and time consuming, include the following: •preserving customer and other important relationships of VMware and attracting new business and operational relationships; •integrating financial forecasting and controls, procedures and reporting cycles; •consolidating and integrating corporate, information technology, finance and administrative infrastructures; •coordinating sales and marketing efforts to effectively position our capabilities; •coordinating and integrating operations in countries in which we have not previously operated; 17 17 17 Table of Contents Table of Contents •reorienting the VMware sales and marketing force to align with the change in strategy and effectively position the business; and •integrating the VMware workforce, including managing employee transitions and attrition, maintaining employee morale and retaining key employees. If we do not successfully manage these issues and the other challenges inherent in integrating an acquired business, then we may not achieve the anticipated benefits of the VMware Merger within our anticipated timeframe or at all and our revenue, expenses, operating results, financial condition and stock price could be materially adversely affected. The successful integration of the VMware business will require significant management attention both before and after the completion of the VMware Merger, and may divert the attention of management from our business and operational issues.

Although we expect significant benefits to result from the VMware Merger, there can be no assurance that we will actually realize any of them, or realize them within the anticipated timeframe. Achieving these benefits will depend, in part, on our ability to integrate VMware's business successfully and efficiently. The challenges involved in this integration, which will be complex and time consuming, include the following: •preserving customer and other important relationships of VMware and attracting new business and operational relationships; •integrating financial forecasting and controls, procedures and reporting cycles; •consolidating and integrating corporate, information technology, finance and administrative infrastructures; •coordinating sales and marketing efforts to effectively position our capabilities; •coordinating and integrating operations in countries in which we have not previously operated; and •integrating employees and related HR systems and benefits, maintaining employee morale and retaining key employees. If we do not successfully manage these issues and the other challenges inherent in integrating an acquired business, then we may not achieve the anticipated benefits of the VMware Merger on our anticipated timeframe or at all and our revenue, expenses, operating results, financial condition and stock price could be materially adversely affected. The successful integration of the VMware business will require significant management attention both before and after the completion of the VMware Merger, and may divert the attention of management from our business and operational issues.

We make significant decisions, including determining the levels of business that we will seek and accept, production schedules, levels of reliance on contract manufacturing and outsourcing, internal fabrication utilization and other resource requirements, based on customer requirements or estimates thereof, which may not be accurate. We largely build to order and have extended customer lead times substantially, which has limited and may continue to limit our ability to fulfill orders and satisfy all of the demand for our products. Customers may require rapid increases in production on short notice. If we are unable to meet such increases in demand, this could damage our customer relationships, reduce revenue growth and margins, subject us to additional liabilities, harm our reputation, and prevent us from taking advantage of opportunities. Conversely, if actual sales of our products is lower than expected, we may also experience higher inventory carrying and operating costs and product obsolescence. Because certain of our sales, research and development, and internal manufacturing overhead expenses are relatively fixed, a reduction in customer demand may also decrease our gross margin and operating income.

We make significant decisions, including determining the levels of business that we will seek and accept, production schedules, levels of reliance on contract manufacturing and outsourcing, internal fabrication utilization and other resource requirements, based on our estimates of customer requirements, which may not be accurate. 21 21 21 Table of Contents Table of Contents During the COVID-19 pandemic, we have moved largely to a build to order model and have extended customer lead times substantially in light of supply chain challenges. More typically, however, to ensure the availability of our semiconductor products we start manufacturing based on customer forecasts, which are not binding. As a result, we incur inventory and manufacturing costs in advance of anticipated sales that may be substantially lower than expected. If actual demand for our products is lower than forecast, we may also experience higher inventory carrying and operating costs and product obsolescence. Because certain of our sales, research and development, and internal manufacturing overhead expenses are relatively fixed, a reduction in customer demand may also decrease our gross margin and operating income. Conversely, customers often require rapid increases in production on short notice. If we are unable to meet such increases in demand, this could damage our customer relationships, reduce revenue growth and margins, subject us to additional liabilities, harm our reputation, and prevent us from taking advantage of opportunities.

There is an increasing focus from lawmakers, regulators, investors, customers, employees and other stakeholders concerning ESG matters, including environment, climate, diversity and inclusion, human rights and governance transparency. A number of our customers have adopted, or may adopt, procurement policies that include ESG provisions or requirements that their suppliers should comply with, or they may seek to include such provisions or requirements in their procurement terms and conditions. An increasing number of investors are also requiring companies to disclose ESG-related policies, practices and metrics. In addition, various jurisdictions are developing climate-related laws or regulations that could cause us to incur additional direct costs for compliance, as well as indirect costs resulting from our customers, suppliers, or additional compliance costs that are passed on to us. These legal and regulatory requirements, as well as investor expectations on ESG practices and disclosures, are subject to change, can be unpredictable, and may be difficult and expensive for us to comply 29 29 29 Table of Contents Table of Contents with, given the complexity of our supply chain and our outsourced manufacturing. Further, there is an increasing number of state-level anti-ESG initiatives in the United States that may conflict with other regulatory requirements or our various stakeholders’ expectations. If we fail to comply with or meet the evolving legal and regulatory requirements or expectations of our various stakeholders, we may be subject to enforcement actions, required to pay fines, customers may stop purchasing products from us or investors may sell their shares, which could harm our reputation, revenue and results of operations. Our actual or perceived failure to achieve our ESG-related initiatives could negatively impact our reputation or harm our business. In addition, as part of their ESG programs, an increasing number of OEMs are seeking to source products that do not contain minerals sourced from areas where proceeds from the sale of such minerals are likely to be used to fund armed conflicts, such as in the Democratic Republic of Congo. This could adversely affect the sourcing, availability and pricing of minerals used in the manufacture of semiconductor devices, including our products. As a result, we may face difficulties in satisfying these customers’ demands, which may harm our sales and operating results.

There is an increasing focus on corporate social and environmental responsibility in the semiconductor industry, particularly with OEMs that manufacture consumer electronics. A number of our customers have adopted, or may adopt, procurement policies that include social and environmental responsibility provisions or requirements that their suppliers should comply with, or they may seek to include such provisions or requirements in their procurement terms and conditions. An increasing number of investors are also requiring companies to disclose corporate social and environmental policies, practices and metrics. In addition, various jurisdictions are developing climate change-based laws or regulations that could cause us to incur additional direct costs for compliance, as well as indirect costs resulting from our customers, suppliers, or both incurring additional compliance costs that are passed on to us. These legal and regulatory requirements, as well as investor expectations, on corporate environmental and social responsibility practices and disclosure, are subject to change, can be unpredictable, and may be difficult and expensive for us to comply with, given the complexity of our supply chain and our significant outsourced manufacturing. If we are unable to comply, or are unable to cause our suppliers or CMs to comply, with such policies or provisions or meet the requirements of our customers and investors, a customer may stop purchasing products from us or an investor may sell their shares, and may take legal action against us, which could harm our reputation, revenue and results of operations. In addition, as part of their corporate social and environmental responsibility programs, an increasing number of OEMs are seeking to source products that do not contain minerals sourced from areas where proceeds from the sale of such minerals are likely to be used to fund armed conflicts, such as in the Democratic Republic of Congo. This could adversely affect the sourcing, availability and pricing of minerals used in the manufacture of semiconductor devices, including our products. As a result, we may face difficulties in satisfying these customers’ demands, which may harm our sales and operating results.

Many of our products and services incorporate open source software, the use of which may subject us to certain conditions, including the obligation to offer such products for no cost or to make the proprietary source code of those products publicly available. Open source licenses are generally “as-is” and do not provide warranties, support or assurance of title or controls on origin of the software, which exposes us to potential liability if the software fails to work or infringes the intellectual property of a third-party. Although we monitor our use of open source software to avoid subjecting our products to unintended conditions and exposing us to unacceptable financial risk, such use, under certain circumstances, could materially adversely affect our business, financial condition and operating results and cash flow, including if we are required to take remedial action that may divert resources away from our development efforts. In addition, we may receive inquiries or claims from authors, distributors or recipients of open source software included in our products regarding our compliance with the conditions of such open source licenses and we may be required to take steps to avoid or remedy an alleged infringement or noncompliance, including modifying our product code, stopping the distribution of some of our products, paying damages or releasing the source code of our propriety software. Further, although we believe that we have complied with our obligations under the licenses for such open source software, there is little legal precedent governing the interpretation of some terms in some of these licenses, which increases the risk that a court could interpret the licenses differently than we do.

Some of our products contain software from open source code sources, the use of which may subject us to certain conditions, including the obligation to offer such products for no cost or to make the proprietary source code of those products publicly available. Further, although some open source vendors provide warranty and support agreements, it is common for such software to be available “as-is” with no warranty, indemnity or support. Although we monitor our use of such open source code to avoid subjecting our products to unintended conditions, such use, under certain circumstances, could materially adversely affect our business, financial condition and operating results and cash flow, including if we are required to take remedial action that may divert resources away from our development efforts.