--- ticker: AVGO company: Broadcom Inc. filing_type: 10-K year_current: 2023 year_prior: 2022 risks_added: 5 risks_removed: 2 risks_modified: 9 risks_unchanged: 41 source: SEC EDGAR url: https://riskdiff.com/avgo/2023-vs-2022/ markdown_url: https://riskdiff.com/avgo/2023-vs-2022/index.md generated: 2026-05-10 --- # Broadcom Inc.: 10-K Risk Factor Changes 2023 vs 2022 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-05-10 > All data extracted directly from official filings. No hallucinated content. > **[AI-Generated Summary]** The paragraph below was produced by a language > model and may contain errors. All other content on this page is deterministically > extracted from the original SEC filing. > Broadcom's risk disclosures shifted to reflect the completed VMware acquisition, removing pandemic-related disruptions and the pending acquisition risk while adding five new risks centered on data center virtualization demand, software product adoption, government customer compliance, product lifecycle management, and Dell-related tax liabilities. The majority of risk factors (41 of 57) remained substantively unchanged, though nine risks were materially modified, including those addressing taxation, cybersecurity, and debt management. This net addition of three risks demonstrates Broadcom's expanded operational complexity following the VMware integration and associated regulatory obligations. --- ## Summary | Status | Count | |--------|-------| | New risks added | 5 | | Risks removed | 2 | | Risks modified | 9 | | Unchanged | 41 | --- ## New in Current Filing: If demand for our data center virtualization products is less than anticipated, our business could be adversely affected. We expect to generate a significant portion of our software revenue from our data center virtualization products. However, if businesses build new or shift existing compute workloads off-premises to public cloud providers, this could limit the market for on-premises deployments of our data center virtualization products. Although we have developed, and will continue to develop, products to extend our product offerings to the public cloud, if demand for our server virtualization products is significantly less than anticipated, our business, financial condition, results of operations and cash flows may be adversely affected. --- ## New in Current Filing: The growth of our software business depends on customer acceptance of our newer products and services. Many of our software products and services are based on data center virtualization, application modernization and related hybrid-cloud technologies used to manage distributed computing architectures, which form the foundation for hybrid-cloud computing. We expect to increase product development and marketing and sales efforts toward products and services that enable businesses to modernize applications and efficiently implement their hybrid-cloud services. These cloud and SaaS initiatives present new and difficult technological, operational and compliance challenges. We expect significant investments will be required to develop or acquire solutions to address those challenges. Current and future customers may not perceive benefits and cost savings associated with adopting our hybrid-cloud and application platform solutions or we may fail to realize returns on our investments in new initiatives, which could harm our results of operations. --- ## New in Current Filing: Our sales to government customers subject us to uncertainties and governmental regulations, which could have a material adverse effect on our business. Our contracts signed with the U.S. federal, state and local government and non-U.S. government agencies are generally subject to annual fiscal funding approval and may be renegotiated or terminated at the discretion of the government. 25 25 25 Table of Contents Table of Contents Termination, renegotiation or the lack of funding approval for a contract could adversely affect our sales, revenue and reputation. Additionally, our government contracts and our arrangements with channel partners who may sell directly to government customers are generally subject to certain requirements, some of which are generally not present in commercial contracts and/or may be complex, as well as to audits and investigations. Failure to meet contractual requirements could result in various civil and criminal actions and penalties, and administrative sanctions, including termination of contracts, refund of a portion of fees received, forfeiture of profits, suspension of payments, fines and suspensions or debarment from doing business with the government, which could materially adversely affect our business, financial condition, operating results and cash flow. --- ## New in Current Filing: Failure to effectively manage our products and services lifecycles could harm our business. As part of the natural lifecycle of our products and services, customers are informed when products or services will be reaching their end of life or end of availability and will no longer be supported or receive updates and security patches. If these products or services remain subject to a service contract, the customer may transition to alternative products or services. Failure to effectively manage our products and services lifecycles could lead to customer dissatisfaction and contractual liabilities, which could adversely affect our business and operating results. --- ## New in Current Filing: We have potential tax liabilities as a result of VMware's former controlling ownership by Dell, which could have an adverse effect on our financial condition and operating results. If the VMware spin-off from Dell in November 2021 is determined to not be tax-free for any reason, we could be liable for all or a portion of the tax liability, which could have a material adverse effect on our financial condition and operating results. Further, if the VMware Merger results in the spin-off failing to qualify as a tax-free transaction under Section 355 of the Internal Revenue Code, Dell, its affiliates and, potentially, its stockholders would incur significant tax liabilities and we may be required to indemnify Dell and its affiliates for any such tax liabilities, which could be material. --- ## No Match in Current: The COVID-19 pandemic has disrupted normal business activity, which has impacted how we operate our business. *This section from the 2022 filing does not have a high-confidence textual match in 2023. It may have been removed, merged, or substantially reworded.* The COVID-19 pandemic and the efforts to control it disrupted, and reduced the efficiency of, normal business activities in much of the world. We experienced some disruption to parts of our global semiconductor supply chain, including procuring necessary components and inputs, such as wafers and substrates, in a timely fashion, with suppliers increasing lead times or placing products on allocation. As a result of these supply chain disruptions, we increased customer order lead times and placed some products on allocation. We are also largely building semiconductor products to order and this has limited and may continue to limit our ability to fulfill orders and satisfy all of the demand for our products. The pandemic resulted in authorities around the world implementing numerous unprecedented measures, such as travel restrictions quarantines, shelter-in-place order, and factory and office shutdowns, that impacted our workforce and 17 17 17 Table of Contents Table of Contents operations, and those of our customers, CMs, suppliers and logistics providers. In addition, disruptions to commercial transportation infrastructure impacted delivery times for materials and components to our facilities, transfers of our products to our key suppliers and, in some cases, our ability to timely ship our products to customers. This resulted in significant logistical challenges and product delays, which could recur in the event of any future closures of, or periods of reduced operations at, our warehouse or the facilities of our suppliers and providers. In response to the pandemic, we have taken extensive measures to protect the health and safety of our employees and contractors at our facilities. However, existing or new precautionary measures or modifications in our business practices and policies, may negatively impact our business or operations, especially if the spread of COVID-19 (including any variants) worsens significantly. In addition, any actions we take may not be sufficient to mitigate the risk of infection and could result in a significant number of COVID-19-related claims. If a significant number of our employees, or employees and third parties performing key functions, including our Chief Executive Officer and members of our Board of Directors, become ill, our business may be further adversely impacted. In addition, changes to state workers' compensation laws, such as those in California, may increase our potential liability for such claims. See also our risk factor "If we are unable to attract and retain qualified personnel, especially our engineering and technical personnel, we may not be able to execute our business strategy effectively." The degree to which the pandemic ultimately impacts our business and results of operations will depend on future developments beyond our control, including the extent of actions to contain the virus (including any variants), availability and efficacy of the vaccines or other treatments, public acceptance of the vaccines (including boosters), and to what extent normal economic and operating conditions resume. --- ## No Match in Current: The failure to complete our acquisition of VMware, Inc. may adversely affect our business and our stock price. *This section from the 2022 filing does not have a high-confidence textual match in 2023. It may have been removed, merged, or substantially reworded.* Consummation of the VMware Merger is subject to the satisfaction or waiver of customary closing conditions, including (i) the expiration or termination of the waiting period under the Hart-Scott-Rodino Antitrust Improvement Act of 1976 and clearance under the antitrust laws of the European Union and certain other jurisdictions, (ii) the receipt by VMware of a tax opinion regarding the U.S. federal income tax treatment of certain aspects of the VMware Merger, (iii) the absence of certain orders or laws preventing consummation of the VMware Merger, (iv) authorization for listing additional shares of Broadcom common stock on Nasdaq, and (v) the absence of a material adverse effect with respect to either us or VMware. There can be no assurance that these or other closing conditions will be satisfied in a timely manner or at all. Any delay in completing the acquisition could cause us not to realize some or all of the anticipated benefits when expected, if at all. If the VMware Merger is not completed, our stock price could decline to the extent it reflects an assumption that we will complete the acquisition. Furthermore, if the VMware Merger is not completed, we may suffer other consequences that could adversely affect our business, results of operations and stock price, including incurring significant acquisition costs that we would be unable to recover, negative publicity and a negative impression of us in the investment community. Additionally, under certain specified circumstances, including the termination by either us or VMware because certain required regulatory clearances are not obtained, upon termination we would be required to pay VMware a termination fee of $1.5 billion. --- ## Modified: Risks Relating to Taxes **Key changes:** - Added sentence: "•We have potential tax liabilities as a result of VMware's former controlling ownership by Dell, which could have an adverse effect on our financial condition and operating results." **Prior (2022):** •Changes in tax legislation or policies could materially impact our financial position and results of operations. •Our corporate income taxes could significantly increase if we are unable to maintain our tax concessions or if our assumptions and interpretations regarding tax laws and concessions prove to be incorrect. •Our income taxes and overall cash tax costs are affected by a number of factors that could materially, adversely affect financial results. **Current (2023):** •Changes in tax legislation or policies could materially impact our financial position and results of operations. •Our corporate income taxes could significantly increase if we are unable to maintain our tax concessions or if our assumptions and interpretations regarding tax laws and concessions prove to be incorrect. •Our income taxes and overall cash tax costs are affected by a number of factors that could materially, adversely affect financial results. •We have potential tax liabilities as a result of VMware's former controlling ownership by Dell, which could have an adverse effect on our financial condition and operating results. --- ## Modified: Our income taxes and overall cash tax costs are affected by a number of factors that could materially, adversely affect financial results. **Key changes:** - Reworded sentence: "Additionally, our calculations of income taxes payable currently and on a deferred basis are based on our interpretations of applicable tax laws in the jurisdictions in which we are required to file tax returns." - Reworded sentence: "Our income taxes are subject to volatility and could be adversely affected by numerous factors including: •reorganization or restructuring of our businesses, tangible and intangible assets, outstanding indebtedness and corporate structure, including business combinations; •jurisdictional mix of our income and assets; •changes in the allocation of income and expenses, including adjustments related to changes in our corporate structure, acquisitions or tax law; •changes in U.S and foreign tax laws and regulations, changes to the taxation of earnings of foreign subsidiaries, taxation of U.S." - Reworded sentence: "31 31 31 Table of Contents Table of Contents We have adopted transfer pricing policies that call for the provision of services, the sale of products, the arrangement of financing and the grant of licenses from one affiliate to another at prices that we believe are negotiated on an arm's length basis." - Reworded sentence: "Further, we are subject to, and are under, tax audit in various jurisdictions, and such jurisdictions may assess additional income tax against us." - Added sentence: "As a result of the VMware Merger, we are subject to tax audits in various jurisdictions for the Dell consolidated group, of which VMware was a member beginning in Dell's fiscal year 2017 until November 2021." **Prior (2022):** Significant judgment is required in determining our worldwide income taxes. In the ordinary course of our business, there are many transactions where the ultimate tax determination is uncertain. Additionally, our calculations of income taxes payable currently and on a deferred basis are based on our interpretations of applicable tax laws in the jurisdictions in which 29 29 29 Table of Contents Table of Contents we are required to file tax returns. Although we believe our tax estimates are reasonable, there is no assurance that the final determination of our income tax liability will not be materially different than what is reflected in our income tax provisions and accruals. Our income taxes are subject to volatility and could be adversely affected by numerous factors including: •reorganization or restructuring of our businesses, tangible and intangible assets, outstanding indebtedness and corporate structure; •jurisdictional mix of our income and assets; •changes in the allocation of income and expenses, including adjustments related to changes in our corporate structure, acquisitions or tax law; •changes in U.S and foreign tax laws and regulations, changes to the taxation of earnings of foreign subsidiaries, taxation of U.S. income generated from foreign sources, the deductibility of expenses attributable to income and foreign tax credit rules; •tax effects of increases in non-deductible employee compensation; and •changes in tax accounting rules or principles and in the valuation of deferred tax assets and liabilities. We have adopted transfer pricing policies that call for the provision of services, the sale of products, the arrangement of financing and the grant of licenses from one affiliate to another at prices that we believe are negotiated on an arm's length basis. Our taxable income is dependent upon acceptance by local authorities that our operational practices and intercompany transfer pricing are on an arm's length basis. Due to inconsistencies in application of the arm's length standard among taxing authorities, as well as lack of comprehensive treaty-based protection, transfer pricing challenges by tax authorities could, if successful, result in adjustments for prior or future years. The effects of any such changes could subject us to higher taxes and our earnings, results of operations and cash flow would be adversely affected. In addition, we are subject to, and are under, tax audit in various jurisdictions, and such jurisdictions may assess additional income tax against us. Although we believe our tax positions are reasonable, the final determination of tax audits could be materially different from our income tax provisions and accruals. The ultimate result of an audit could have a material adverse effect on our results of operations and cash flows in the period or periods for which that determination is made. **Current (2023):** Significant judgment is required in determining our worldwide income taxes. In the ordinary course of our business, there are many transactions where the ultimate tax determination is uncertain. Additionally, our calculations of income taxes payable currently and on a deferred basis are based on our interpretations of applicable tax laws in the jurisdictions in which we are required to file tax returns. Although we believe our tax estimates are reasonable, there is no assurance that the final determination of our income tax liability will not be materially different than what is reflected in our income tax provisions and accruals. Our income taxes are subject to volatility and could be adversely affected by numerous factors including: •reorganization or restructuring of our businesses, tangible and intangible assets, outstanding indebtedness and corporate structure, including business combinations; •jurisdictional mix of our income and assets; •changes in the allocation of income and expenses, including adjustments related to changes in our corporate structure, acquisitions or tax law; •changes in U.S and foreign tax laws and regulations, changes to the taxation of earnings of foreign subsidiaries, taxation of U.S. income generated from foreign sources, the deductibility of expenses attributable to income and foreign tax credit rules; •tax effects of increases in non-deductible employee compensation; and •changes in tax accounting rules or principles and in the valuation of deferred tax assets and liabilities. 31 31 31 Table of Contents Table of Contents We have adopted transfer pricing policies that call for the provision of services, the sale of products, the arrangement of financing and the grant of licenses from one affiliate to another at prices that we believe are negotiated on an arm's length basis. Our taxable income is dependent upon acceptance by local authorities that our operational practices and intercompany transfer pricing are on an arm's length basis. Due to inconsistencies in application of the arm's length standard among taxing authorities, as well as lack of comprehensive treaty-based protection, transfer pricing challenges by tax authorities could, if successful, result in adjustments for prior or future years. The effects of any such changes could subject us to higher taxes and our earnings, results of operations and cash flow would be adversely affected. Further, we are subject to, and are under, tax audit in various jurisdictions, and such jurisdictions may assess additional income tax against us. Although we believe our tax positions are reasonable, the final determination of tax audits could be materially different from our income tax provisions and accruals. The ultimate result of an audit could have a material adverse effect on our results of operations and cash flows in the period or periods for which that determination is made. As a result of the VMware Merger, we are subject to tax audits in various jurisdictions for the Dell consolidated group, of which VMware was a member beginning in Dell's fiscal year 2017 until November 2021. While VMware is no longer a member of the Dell consolidated group, it is still subject to audit for the periods in which it was member of the Dell consolidated group. While we believe VMware's positions are reasonable, the final determination of tax audits could be materially different from our income tax provisions and accruals. Further, pursuant to a tax agreement VMware and Dell, in the event VMware becomes subject to audits as a member of Dell's consolidated group, Dell has authority to control the audit and represent Dell and our interests, could limit our ability to affect the outcome of such audits. --- ## Modified: An impairment of the confidentiality, integrity, or availability of our IT systems, or those of one or more of our corporate infrastructure vendors could have a material adverse effect on our business. **Key changes:** - Reworded sentence: "Our business depends on a wide variety of complex IT systems and services, including cloud-based and other critical corporate services relating to, among other things, product research and development, financial reporting, product orders and fulfillment, HR, benefit plan administration, IT network management, and electronic communication and collaboration services." - Reworded sentence: "In addition, software products we use and technologies produced by us have occasionally had in the past and may have in the future, vulnerabilities that, if left unmitigated, could reduce the overall level of security of the systems on which the software is installed." - Reworded sentence: "Despite our internal controls and investment in security measures, we have, from time to time, been subject to disruptive cyber-attacks and unauthorized network intrusions and malware on our own IT networks or those of our service providers or business partners." - Reworded sentence: "Businesses we acquire may increase the scope and complexity of our IT networks, and this may increase our risk exposure to cyber-attacks when there are difficulties integrating diverse legacy systems that support operations for the acquired businesses." **Prior (2022):** Our business depends on various internally managed IT systems and outsourced IT services, including cloud-based and other critical corporate infrastructure services relating to, among other things, financial reporting, product orders and shipping, human resources, benefit plan administration, IT network development, network monitoring and electronic communication services, as well as third-party data centers. Any failure of these internal or third-party systems and services to operate effectively could disrupt our operations and could have a material adverse effect on our business, financial condition and results of operations. Our operations are dependent upon our ability to protect our IT infrastructure against damage from business continuity events that could have a significant disruptive effect. Although these systems are designed to protect and secure our customers', suppliers' and employees' confidential information, as well as our own proprietary information, we are, out of necessity, dependent on our vendors to adequately address cyber security threats to their own systems. In addition, software products we use (including technologies produced by us) have occasionally had in the past and may have in the future, vulnerabilities that, if left unmanaged, could reduce the overall level of security of the systems on which the software is installed. 23 23 23 Table of Contents Table of Contents Cyber-attacks are increasing in number and sophistication, are well-financed, in some cases supported by state actors, and are designed to not only attack, but also to evade detection. Since the techniques used to obtain unauthorized access to systems, or to otherwise sabotage them, change frequently and are often not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. Geopolitical instability, such as Russia's invasion of Ukraine, may increase the likelihood that we will experience direct or collateral consequences from cyber conflicts between nation-states or other politically motivated actors targeting critical technology infrastructure. Accidental or willful security breaches or other unauthorized access to our information systems or the systems of our service providers, or the existence of computer viruses or malware (such as ransomware) in our or their data or software could expose us to a risk of information loss, business disruption, and misappropriation of proprietary and confidential information, including information relating to our products or customers and the personal information of our employees or third parties. Such an event could disrupt our business and result in, among other things, unfavorable publicity, damage to our reputation, loss of our trade secrets and other competitive information, litigation by affected parties and possible financial obligations for liabilities and damages related to the theft or misuse of such information, significant remediation costs, disruption of key business operations and significant diversion of our resources, as well as fines and other sanctions resulting from any related breaches of data privacy regulations (such as the General Data Protection Regulation), any of which could have a material adverse effect on our business, profitability and financial condition. While we may be entitled to damages if our vendors fail to perform under their agreements with us, any award may be insufficient to cover the actual costs incurred by us and, as a result of a vendor's failure to perform, we may be unable to collect any damages. Despite our internal controls and investment in security measures, we have, from time to time, been subject to disruptive cyber-attacks or there have been attempts of unauthorized network intrusions and malware on our own IT networks. Although no such cyber security incidents have been material to Broadcom, we continue to devote resources to protect our systems and data from unauthorized access or misuse, and we may be required to expend greater resources in the future. U.S. and foreign regulators have also increased their focus on cyber security vulnerabilities and risks. Compliance with laws and regulations concerning privacy, cyber security, data governance, and data protection could result in significant expense, and any failure to comply could result in proceedings against us by regulatory authorities or other third parties. Further, customers and service providers increasingly demand rigorous contractual, certification and audit provisions regarding privacy, cyber security, data governance, data protection, confidentiality, and IP, which may also increase our overall compliance burden. **Current (2023):** Our business depends on a wide variety of complex IT systems and services, including cloud-based and other critical corporate services relating to, among other things, product research and development, financial reporting, product orders and fulfillment, HR, benefit plan administration, IT network management, and electronic communication and collaboration services. These systems and services are both internally managed and outsourced, and in many cases we rely upon third-party data centers. Any failure of these internal or third-party systems and services to operate effectively could disrupt our operations and could have a material adverse effect on our business, financial condition and results of operations. Our operations are dependent upon our ability to protect our IT infrastructure against damage from business continuity events that could have a significant disruptive effect. Although these systems are designed to protect and secure our customers', suppliers' and employees' confidential information, as well as our own proprietary information, we are, out of necessity, dependent on our vendors to adequately address cyber security threats to their own systems. In addition, software products we use and technologies produced by us have occasionally had in the past and may have in the future, vulnerabilities that, if left unmitigated, could reduce the overall level of security of the systems on which the software is installed. Cyber-attacks are increasing in number and sophistication, are well-financed, in some cases supported by state actors, and are designed to not only attack, but also to evade detection. Since the techniques used to obtain unauthorized access to systems, or to otherwise sabotage them, change frequently and are often not recognized until launched against a target, we 19 19 19 Table of Contents Table of Contents may be unable to anticipate these techniques or to implement adequate preventative measures. As a critical vendor in the digital supply chain for both governmental entities and critical infrastructure operators, we and our products may be targeted by those seeking to threaten the confidentiality, integrity and availability of systems supporting essential public services. Geopolitical instability may increase the likelihood that we will experience direct or collateral consequences from cyber conflicts between nation-states or other politically motivated actors targeting critical technology infrastructure. Accidental or willful security breaches or other unauthorized access to our information systems or the systems of our service providers and business partners, or the existence of computer viruses or malware (such as ransomware) in our or their data or software have in the past, and could in the future, expose us to a risk of information loss, business disruption, and misappropriation of proprietary and confidential information, including information relating to our products or customers and the personal information of our employees or third parties. Such an event could disrupt our business and result in, among other things, unfavorable publicity, damage to our reputation, loss of our trade secrets and other competitive information, litigation by affected parties and possible financial obligations for liabilities and damages related to the theft or misuse of such information, significant remediation costs, disruption of key business operations and significant diversion of our resources, as well as fines and other sanctions resulting from any related breaches of data privacy regulations (such as the General Data Protection Regulation), any of which could have a material adverse effect on our business, profitability and financial condition. While we may be entitled to damages if our vendors fail to perform under their agreements with us, any award may be insufficient to cover the actual costs incurred by us and, as a result of a vendor's failure to perform, we may be unable to collect any damages. Despite our internal controls and investment in security measures, we have, from time to time, been subject to disruptive cyber-attacks and unauthorized network intrusions and malware on our own IT networks or those of our service providers or business partners. Although no such cyber security incidents have been material to Broadcom, we continue to devote resources to protect our systems and data from unauthorized access or misuse, and we may be required to expend greater resources in the future. Businesses we acquire may increase the scope and complexity of our IT networks, and this may increase our risk exposure to cyber-attacks when there are difficulties integrating diverse legacy systems that support operations for the acquired businesses. In addition, certain aspects of effective cybersecurity are dependent upon our employees, contractors and other trusted partners reliably safeguarding secrets (e.g., application credentials) and adhering to our security policies and access control mechanisms. We have in the past experienced, and expect in the future to experience, security incidents arising from a failure to properly handle such secrets or adhere to such policies and, although no such events have had a material adverse effect on our business, there can be no assurance that an insider threat will not result in an incident that is material to Broadcom. Our logging, alerting and cyber incident detection mechanisms may not cover every system potentially targeted by threat actors, may not have the capability to detect certain types of unauthorized activities, and may not capture and surface information sufficient to enable us to timely detect and take responsive action to insider or external threats. U.S. and foreign regulators, as well as customers and service providers, have also increased their focus on cyber security vulnerabilities and risks. Compliance with laws, regulations, and contractual provisions concerning privacy, cyber security, secure technology development, data governance, data protection, confidentiality and IP could result in significant expense, and any failure to comply could result in proceedings against us by regulatory authorities or other third parties and may also increase our overall compliance burden. --- ## Modified: Our substantial indebtedness could adversely affect our financial health and our ability to execute our business strategy. **Key changes:** - Reworded sentence: "As of October 29, 2023, the aggregate indebtedness under our senior notes was $40,815 million." - Reworded sentence: "32 32 32 Table of Contents Table of Contents" **Prior (2022):** As of October 30, 2022, the aggregate indebtedness under our senior notes was $41,218 million. This amount does not reflect any debt we expect to incur or assume in connection with the VMware Merger. Our substantial indebtedness could have important consequences including: •increasing our vulnerability to adverse general economic and industry conditions; •exposing us to interest rate risk due to our variable rate term facilities, which we do not typically hedge against; •limiting our flexibility in planning for, or reacting to, changes in the economy and the semiconductor industry; •placing us at a competitive disadvantage compared to our competitors with less indebtedness; •making it more difficult to borrow additional funds in the future to fund growth, acquisitions, working capital, capital expenditures and other purposes; and •potentially requiring us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing the availability of our cash flow to fund our other business needs. We receive debt ratings from the major credit rating agencies in the U.S. Factors that may impact our credit ratings include debt levels, planned asset purchases or sales and near-term and long-term production growth opportunities. Liquidity, asset quality, cost structure, reserve mix and commodity pricing levels could also be considered by the rating agencies. While we are focused on maintaining investment grade ratings from these agencies, we may be unable to do so. Any downgrade in our credit rating or the ratings of our indebtedness, or adverse conditions in the debt capital markets, could: •adversely affect the trading price of, or market for, our debt securities; •increase interest expense under our term facilities; •increase the cost of, and adversely affect our ability to refinance, our existing debt; and •adversely affect our ability to raise additional debt. 30 30 30 Table of Contents Table of Contents **Current (2023):** As of October 29, 2023, the aggregate indebtedness under our senior notes was $40,815 million. Subsequent to the end of fiscal year 2023, we borrowed $30,390 million in term loans to finance the VMware Merger (the "2023 Term Loans"), and we assumed $8,250 million of VMware's outstanding senior unsecured notes. Our substantial indebtedness could have important consequences including: •increasing our vulnerability to adverse general economic and industry conditions; •exposing us to interest rate risk as our 2023 Term Loans bear floating interest rates, which we do not typically hedge against; •limiting our flexibility in planning for, or reacting to, changes in the economy and the semiconductor industry; •placing us at a competitive disadvantage compared to our competitors with less indebtedness; •making it more difficult to borrow additional funds in the future to fund growth, acquisitions, working capital, capital expenditures and other purposes; and •potentially requiring us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing the availability of our cash flow to fund our other business needs. We receive debt ratings from the major credit rating agencies in the U.S. Factors that may impact our credit ratings include debt levels, planned asset purchases or sales and near-term and long-term production growth opportunities. Liquidity, asset quality, cost structure, reserve mix and commodity pricing levels could also be considered by the rating agencies. While we are focused on maintaining investment grade ratings from these agencies, we may be unable to do so. Any downgrade in our credit rating or the ratings of our indebtedness, or adverse conditions in the debt capital markets, could: •adversely affect the trading price of, or market for, our debt securities; •increase interest expense under our term facilities; •increase the cost of, and adversely affect our ability to refinance, our existing debt; and •adversely affect our ability to raise additional debt. 32 32 32 Table of Contents Table of Contents --- ## Modified: Failure of our software products to manage and secure IT infrastructures and environments could have a material adverse effect on our business. **Key changes:** - Reworded sentence: "Certain aspects of our software products are intended to manage and secure IT infrastructures and environments, and as a result, we expect these products to be ongoing targets of cyber-attacks." - Reworded sentence: "A successful cyber-attack involving our products could cause customers and potential customers to believe our services are ineffective or unreliable and result in, among other things, the loss of customers, unfavorable publicity, damage to our reputation, difficulty in marketing our products, allegations by our customers that we have not performed our contractual obligations and give rise to significant costs, including costs related to developing solutions or indemnification obligations under our agreements." **Prior (2022):** Certain aspects of our software products are intended to manage and secure IT infrastructures and environments, and as a result, we expect these products to be ongoing targets of cyber security attacks. Open source code or other third-party software used in these products could also be targeted. Although we continually seek to improve our countermeasures to prevent such incidents, we may be unable to anticipate every scenario and it is possible that certain cyber threats or vulnerabilities will be undetected or unmitigated in time to prevent an attack or an accidental incident on us and our customers. Additionally, efforts by malicious cyber actors or others could cause interruptions, delays or cessation of our product licensing, or modification of our software, which could cause us to lose existing or potential customers. A successful cyber security attack involving our products could cause customers and potential customers to believe our services are ineffective or unreliable and result in, among other things, the loss of customers, unfavorable publicity, damage to our reputation, difficulty in marketing our products, allegations by our customers that we have not performed our contractual obligations and give rise to significant costs, including costs related to developing solutions or indemnification obligations under our agreements. Any such event could adversely impact our revenue and results of operations. See also "An impairment of the confidentiality, integrity, or availability of our IT systems, or those of one or more of our corporate infrastructure vendors, could have a material adverse effect on our business". **Current (2023):** Certain aspects of our software products are intended to manage and secure IT infrastructures and environments, and as a result, we expect these products to be ongoing targets of cyber-attacks. Open source code or other third-party software used in these products could also be targeted and may make our products vulnerable to additional security risks not posed by purely proprietary products. Our products are complex and, when deployed, may contain errors, defects or security vulnerabilities, some of which may not be discovered before the product has been released, installed and used by customers. The complexity and breadth of our technical and production environments, which involve globally dispersed development and engineering teams, increases the risk that errors, defects or vulnerabilities will be introduced and may delay our ability to detect, mitigate or remediate such incidents. In the past, elements of our proprietary source code have been exposed in an unauthorized manner. It is possible that such exposure of source code could reveal unknown security vulnerabilities in our products that could be exploited by malicious actors. Our products are also subject to known and unknown security vulnerabilities resulting from integration with third-party products or services. Although we continually seek to improve our countermeasures to prevent such incidents, we may be unable to anticipate every scenario and it is possible that certain cyber threats or vulnerabilities will be undetected or unmitigated in time to prevent an attack or an accidental incident on us and our customers. Additionally, efforts by malicious cyber actors or others could cause interruptions, delays or cessation of our product licensing, or modification of our software, which could cause us to lose existing or potential customers. A successful cyber-attack involving our products could cause customers and potential customers to believe our services are ineffective or unreliable and result in, among other things, the loss of customers, unfavorable publicity, damage to our reputation, difficulty in marketing our products, allegations by our customers that we have not performed our contractual obligations and give rise to significant costs, including costs related to developing solutions or indemnification obligations under our agreements. Any such event could adversely impact our revenue and results of operations. See also "An impairment of the confidentiality, integrity, or availability of our IT systems, or those of one or more of our corporate infrastructure vendors, could have a material adverse effect on our business". --- ## Modified: Failure to realize the benefits expected from the VMware Merger could adversely affect our business and the value of our common stock. **Key changes:** - Reworded sentence: "As part of our integration of the VMware business, we plan to focus on VMware's core business of creating private and hybrid cloud environments among large enterprises globally and divesting non-core assets." - Reworded sentence: "The challenges involved in this integration, which are complex and time consuming, include the following: •preserving customer and other important relationships of VMware and attracting new business and operational relationships; •integrating financial forecasting and controls, procedures and reporting cycles; •consolidating and integrating corporate, information technology, finance and administrative infrastructures; •coordinating sales and marketing efforts to effectively position our capabilities; •coordinating and integrating operations in countries in which we have not previously operated; 17 17 17 Table of Contents Table of Contents •reorienting the VMware sales and marketing force to align with the change in strategy and effectively position the business; and •integrating the VMware workforce, including managing employee transitions and attrition, maintaining employee morale and retaining key employees." **Prior (2022):** Although we expect significant benefits to result from the VMware Merger, there can be no assurance that we will actually realize any of them, or realize them within the anticipated timeframe. Achieving these benefits will depend, in part, on our ability to integrate VMware's business successfully and efficiently. The challenges involved in this integration, which will be complex and time consuming, include the following: •preserving customer and other important relationships of VMware and attracting new business and operational relationships; •integrating financial forecasting and controls, procedures and reporting cycles; •consolidating and integrating corporate, information technology, finance and administrative infrastructures; •coordinating sales and marketing efforts to effectively position our capabilities; •coordinating and integrating operations in countries in which we have not previously operated; and •integrating employees and related HR systems and benefits, maintaining employee morale and retaining key employees. If we do not successfully manage these issues and the other challenges inherent in integrating an acquired business, then we may not achieve the anticipated benefits of the VMware Merger on our anticipated timeframe or at all and our revenue, expenses, operating results, financial condition and stock price could be materially adversely affected. The successful integration of the VMware business will require significant management attention both before and after the completion of the VMware Merger, and may divert the attention of management from our business and operational issues. **Current (2023):** As part of our integration of the VMware business, we plan to focus on VMware's core business of creating private and hybrid cloud environments among large enterprises globally and divesting non-core assets. If VMware customers do not accept this plan, the investments we have made or may make to implement this plan may be of no or limited value, we may lose customers, our financial results may be adversely affected and our stock price may suffer. Although we expect significant benefits to result from the VMware Merger, there can be no assurance that we will actually realize these benefits. Achieving these benefits will depend, in part, on our ability to integrate VMware's business successfully and efficiently. The challenges involved in this integration, which are complex and time consuming, include the following: •preserving customer and other important relationships of VMware and attracting new business and operational relationships; •integrating financial forecasting and controls, procedures and reporting cycles; •consolidating and integrating corporate, information technology, finance and administrative infrastructures; •coordinating sales and marketing efforts to effectively position our capabilities; •coordinating and integrating operations in countries in which we have not previously operated; 17 17 17 Table of Contents Table of Contents •reorienting the VMware sales and marketing force to align with the change in strategy and effectively position the business; and •integrating the VMware workforce, including managing employee transitions and attrition, maintaining employee morale and retaining key employees. If we do not successfully manage these issues and the other challenges inherent in integrating an acquired business, then we may not achieve the anticipated benefits of the VMware Merger within our anticipated timeframe or at all and our revenue, expenses, operating results, financial condition and stock price could be materially adversely affected. The successful integration of the VMware business will require significant management attention both before and after the completion of the VMware Merger, and may divert the attention of management from our business and operational issues. --- ## Modified: Failure to adjust our manufacturing and supply chain to accurately meet customer demand could adversely affect our results of operations. **Key changes:** - Reworded sentence: "We make significant decisions, including determining the levels of business that we will seek and accept, production schedules, levels of reliance on contract manufacturing and outsourcing, internal fabrication utilization and other resource requirements, based on customer requirements or estimates thereof, which may not be accurate." - Removed sentence: "Conversely, customers often require rapid increases in production on short notice." - Removed sentence: "If we are unable to meet such increases in demand, this could damage our customer relationships, reduce revenue growth and margins, subject us to additional liabilities, harm our reputation, and prevent us from taking advantage of opportunities." **Prior (2022):** We make significant decisions, including determining the levels of business that we will seek and accept, production schedules, levels of reliance on contract manufacturing and outsourcing, internal fabrication utilization and other resource requirements, based on our estimates of customer requirements, which may not be accurate. 21 21 21 Table of Contents Table of Contents During the COVID-19 pandemic, we have moved largely to a build to order model and have extended customer lead times substantially in light of supply chain challenges. More typically, however, to ensure the availability of our semiconductor products we start manufacturing based on customer forecasts, which are not binding. As a result, we incur inventory and manufacturing costs in advance of anticipated sales that may be substantially lower than expected. If actual demand for our products is lower than forecast, we may also experience higher inventory carrying and operating costs and product obsolescence. Because certain of our sales, research and development, and internal manufacturing overhead expenses are relatively fixed, a reduction in customer demand may also decrease our gross margin and operating income. Conversely, customers often require rapid increases in production on short notice. If we are unable to meet such increases in demand, this could damage our customer relationships, reduce revenue growth and margins, subject us to additional liabilities, harm our reputation, and prevent us from taking advantage of opportunities. **Current (2023):** We make significant decisions, including determining the levels of business that we will seek and accept, production schedules, levels of reliance on contract manufacturing and outsourcing, internal fabrication utilization and other resource requirements, based on customer requirements or estimates thereof, which may not be accurate. We largely build to order and have extended customer lead times substantially, which has limited and may continue to limit our ability to fulfill orders and satisfy all of the demand for our products. Customers may require rapid increases in production on short notice. If we are unable to meet such increases in demand, this could damage our customer relationships, reduce revenue growth and margins, subject us to additional liabilities, harm our reputation, and prevent us from taking advantage of opportunities. Conversely, if actual sales of our products is lower than expected, we may also experience higher inventory carrying and operating costs and product obsolescence. Because certain of our sales, research and development, and internal manufacturing overhead expenses are relatively fixed, a reduction in customer demand may also decrease our gross margin and operating income. --- ## Modified: Environmental, social and governance ("ESG") matters may adversely affect our relationships with customers and investors. **Key changes:** - Reworded sentence: "There is an increasing focus from lawmakers, regulators, investors, customers, employees and other stakeholders concerning ESG matters, including environment, climate, diversity and inclusion, human rights and governance transparency." **Prior (2022):** There is an increasing focus on corporate social and environmental responsibility in the semiconductor industry, particularly with OEMs that manufacture consumer electronics. A number of our customers have adopted, or may adopt, procurement policies that include social and environmental responsibility provisions or requirements that their suppliers should comply with, or they may seek to include such provisions or requirements in their procurement terms and conditions. An increasing number of investors are also requiring companies to disclose corporate social and environmental policies, practices and metrics. In addition, various jurisdictions are developing climate change-based laws or regulations that could cause us to incur additional direct costs for compliance, as well as indirect costs resulting from our customers, suppliers, or both incurring additional compliance costs that are passed on to us. These legal and regulatory requirements, as well as investor expectations, on corporate environmental and social responsibility practices and disclosure, are subject to change, can be unpredictable, and may be difficult and expensive for us to comply with, given the complexity of our supply chain and our significant outsourced manufacturing. If we are unable to comply, or are unable to cause our suppliers or CMs to comply, with such policies or provisions or meet the requirements of our customers and investors, a customer may stop purchasing products from us or an investor may sell their shares, and may take legal action against us, which could harm our reputation, revenue and results of operations. In addition, as part of their corporate social and environmental responsibility programs, an increasing number of OEMs are seeking to source products that do not contain minerals sourced from areas where proceeds from the sale of such minerals are likely to be used to fund armed conflicts, such as in the Democratic Republic of Congo. This could adversely affect the sourcing, availability and pricing of minerals used in the manufacture of semiconductor devices, including our products. As a result, we may face difficulties in satisfying these customers' demands, which may harm our sales and operating results. **Current (2023):** There is an increasing focus from lawmakers, regulators, investors, customers, employees and other stakeholders concerning ESG matters, including environment, climate, diversity and inclusion, human rights and governance transparency. A number of our customers have adopted, or may adopt, procurement policies that include ESG provisions or requirements that their suppliers should comply with, or they may seek to include such provisions or requirements in their procurement terms and conditions. An increasing number of investors are also requiring companies to disclose ESG-related policies, practices and metrics. In addition, various jurisdictions are developing climate-related laws or regulations that could cause us to incur additional direct costs for compliance, as well as indirect costs resulting from our customers, suppliers, or additional compliance costs that are passed on to us. These legal and regulatory requirements, as well as investor expectations on ESG practices and disclosures, are subject to change, can be unpredictable, and may be difficult and expensive for us to comply 29 29 29 Table of Contents Table of Contents with, given the complexity of our supply chain and our outsourced manufacturing. Further, there is an increasing number of state-level anti-ESG initiatives in the United States that may conflict with other regulatory requirements or our various stakeholders' expectations. If we fail to comply with or meet the evolving legal and regulatory requirements or expectations of our various stakeholders, we may be subject to enforcement actions, required to pay fines, customers may stop purchasing products from us or investors may sell their shares, which could harm our reputation, revenue and results of operations. Our actual or perceived failure to achieve our ESG-related initiatives could negatively impact our reputation or harm our business. In addition, as part of their ESG programs, an increasing number of OEMs are seeking to source products that do not contain minerals sourced from areas where proceeds from the sale of such minerals are likely to be used to fund armed conflicts, such as in the Democratic Republic of Congo. This could adversely affect the sourcing, availability and pricing of minerals used in the manufacture of semiconductor devices, including our products. As a result, we may face difficulties in satisfying these customers' demands, which may harm our sales and operating results. --- ## Modified: Our use of open source software in certain products and services could materially adversely affect our business, financial condition, operating results and cash flow. **Key changes:** - Reworded sentence: "Many of our products and services incorporate open source software, the use of which may subject us to certain conditions, including the obligation to offer such products for no cost or to make the proprietary source code of those products publicly available." **Prior (2022):** Some of our products contain software from open source code sources, the use of which may subject us to certain conditions, including the obligation to offer such products for no cost or to make the proprietary source code of those products publicly available. Further, although some open source vendors provide warranty and support agreements, it is common for such software to be available "as-is" with no warranty, indemnity or support. Although we monitor our use of such open source code to avoid subjecting our products to unintended conditions, such use, under certain circumstances, could materially adversely affect our business, financial condition and operating results and cash flow, including if we are required to take remedial action that may divert resources away from our development efforts. **Current (2023):** Many of our products and services incorporate open source software, the use of which may subject us to certain conditions, including the obligation to offer such products for no cost or to make the proprietary source code of those products publicly available. Open source licenses are generally "as-is" and do not provide warranties, support or assurance of title or controls on origin of the software, which exposes us to potential liability if the software fails to work or infringes the intellectual property of a third-party. Although we monitor our use of open source software to avoid subjecting our products to unintended conditions and exposing us to unacceptable financial risk, such use, under certain circumstances, could materially adversely affect our business, financial condition and operating results and cash flow, including if we are required to take remedial action that may divert resources away from our development efforts. In addition, we may receive inquiries or claims from authors, distributors or recipients of open source software included in our products regarding our compliance with the conditions of such open source licenses and we may be required to take steps to avoid or remedy an alleged infringement or noncompliance, including modifying our product code, stopping the distribution of some of our products, paying damages or releasing the source code of our propriety software. Further, although we believe that we have complied with our obligations under the licenses for such open source software, there is little legal precedent governing the interpretation of some terms in some of these licenses, which increases the risk that a court could interpret the licenses differently than we do. --- *Data sourced from SEC EDGAR. Last updated 2026-05-10.*