BAH: 10-K Risk Factor Changes

As of March 31, 2025, we had total indebtedness of approximately $4.0 billion and $1.0 billion of availability under our revolving credit facility (the “Revolving Credit Facility”). We are able to, and may, incur additional indebtedness in the future, subject to the limitations contained in the agreements governing our indebtedness. Our substantial indebtedness could have important consequences to holders of our common stock, including: ▪making it more difficult for us to satisfy our obligations with respect to our Senior Credit Facility, our outstanding senior notes, and our other debt; ▪limiting our ability to obtain additional financing to fund future working capital, capital expenditures, acquisitions or other general corporate requirements; ▪requiring a substantial portion of our cash flows to be dedicated to debt service payments instead of other purposes, thereby reducing the amount of cash flows available for working capital, capital expenditures, acquisitions and other general corporate purposes; ▪increasing our vulnerability to general adverse economic and industry conditions; ▪exposing us to the risk of increased interest rates as certain of our borrowings, including under the Senior Credit 32 32 32 Table of Contents Table of Contents Facility, are at variable rates of interest; ▪limiting our flexibility in planning for and reacting to changes in the industry in which we compete; ▪placing us at a disadvantage compared to other, less leveraged competitors or competitors with comparable debt and more favorable terms and thereby affecting our ability to compete; and ▪increasing our cost of borrowing. Although the Senior Credit Facility and the indentures governing our $700 million in aggregate principal amount of 3.875% senior notes due 2028 and our $500 million in aggregate principal amount of 4.000% senior notes due 2029 contain restrictions on the incurrence of additional indebtedness, and the indentures governing our $650 million in aggregate principal amount of 5.950% senior notes due 2033 and our $650 million in aggregate principal amount of 5.950% senior notes due 2035 contain restrictions on the incurrence of additional liens, these restrictions are subject to a number of qualifications and exceptions, and the additional indebtedness incurred in compliance with these restrictions could be substantial. These restrictions also will not prevent us from incurring obligations that do not constitute indebtedness. In addition, the Revolving Credit Facility provides for commitments of $1.0 billion, which as of March 31, 2025, had availability of $999 million. Additionally, the used portion as it pertains to open standby letters of credit and bank guarantees totaled approximately $1 million. Furthermore, subject to specified conditions, without the consent of the then-existing lenders (but subject to the receipt of commitments), the indebtedness under the Senior Credit Facility may be increased by up to $500 million. If new debt is added to our current debt levels, the related risks that we and the guarantors now face would increase and we may not be able to meet all our debt obligations, including the repayment of our outstanding senior notes.

As of March 31, 2024, we had total indebtedness of approximately $3.4 billion and $998.7 million of availability under our revolving credit facility (the “Revolving Credit Facility”). We are able to, and may, incur additional indebtedness in the future, subject to the limitations contained in the agreements governing our indebtedness. Our substantial indebtedness could have important consequences to holders of our common stock, including: ▪making it more difficult for us to satisfy our obligations with respect to our Senior Credit Facility, consisting of a $1.6 billion term loan facility (“Term Loan A”), a $1.0 billion Revolving Credit Facility, with a sublimit for letters of credit of $200.0 million, our $700.0 million in aggregate principal amount of 3.875% Senior Notes due 2028 (the “Senior Notes due 2028”), our $500.0 million in aggregate principal amount of 4.000% Senior Notes due 2029 (the “Senior Notes due 2029”), our $650.0 million in aggregate principal amount of 5.950% Senior Notes due 2033 (the “Senior Notes due 2033”, and together with the Senior Notes due 2028 and the Senior Notes due 2029, the “Senior Notes”) and our other debt; ▪limiting our ability to obtain additional financing to fund future working capital, capital expenditures, acquisitions or other general corporate requirements; ▪requiring a substantial portion of our cash flows to be dedicated to debt service payments instead of other purposes, thereby reducing the amount of cash flows available for working capital, capital expenditures, acquisitions and other general corporate purposes; ▪increasing our vulnerability to general adverse economic and industry conditions; ▪exposing us to the risk of increased interest rates as certain of our borrowings, including under the Senior Credit Facility, are at variable rates of interest; ▪limiting our flexibility in planning for and reacting to changes in the industry in which we compete; ▪placing us at a disadvantage compared to other, less leveraged competitors or competitors with comparable debt and more favorable terms and thereby affecting our ability to compete; and ▪increasing our cost of borrowing. Although the Senior Credit Facility and the indentures governing the Senior Notes contain restrictions on the incurrence of additional indebtedness, these restrictions are subject to a number of qualifications and exceptions, and the additional indebtedness incurred in compliance with these restrictions could be substantial. These restrictions also will not prevent us from incurring obligations that do not constitute indebtedness. In addition, the Revolving Credit Facility provides for commitments of $1.0 billion, which as of March 31, 2024, had availability of $998.7 million. Additionally, the used portion as it pertains to open standby letters of credit and bank guarantees totaled $1.3 million. Furthermore, subject to specified conditions, without the consent of the then-existing lenders (but subject to the receipt of commitments), the indebtedness under the Senior Credit Facility may be increased by up to $500.0 million. If new debt is added to our current debt levels, the related risks that we and the guarantors now face would increase and we may not be able to meet all our debt obligations, including the repayment of the Senior Notes. 39 39 39 Table of Contents Table of Contents

We develop, integrate, maintain, or otherwise support systems and provide services that include managing and protecting information involved in intelligence, national security, and other sensitive government functions. Our systems also store, process, and transmit sensitive Company and government and commercial customer information, including personally identifiable, health and financial information. The cybersecurity threats we, our customers, and third parties face have grown more frequent and sophisticated, including but not limited to bad actors looking to augment traditional cyber tools and tradecraft with artificial intelligence capabilities that increase the speed, scale, and intricacy of threats, which may not be recognized until after they have been launched. A security breach, including from insider threats, could result in the exfiltration of our or our customers’ data and has the potential to do serious harm to our business, damage our reputation, prevent us from executing further work on sensitive systems for U.S. government or commercial customers, hinder future contract win rates, and/or cause us to incur significant expense to respond to and remediate the breach. Damage to our reputation or limitations on our eligibility for additional work or any liability resulting from a security breach in one of the systems we develop, install, maintain, or otherwise support could have a material adverse effect on our results of operations.

We develop, integrate, maintain, or otherwise support systems and provide services that include managing and protecting information involved in intelligence, national security, and other sensitive government functions. Our systems also store and process sensitive Company and commercial client information, including personally identifiable, health and financial information. The cybersecurity threats we and our clients face have grown more frequent and sophisticated, including but not limited to bad actors looking to augment traditional cyber tools and tradecraft with artificial intelligence capabilities that increase the speed, scale, and intricacy of threats. A security breach, including from insider threats, could result in the exfiltration of our or our clients’ data and has the potential to do serious harm to our business, damage our reputation, prevent us from executing further work on sensitive systems for U.S. government or commercial clients, and/or hinder future contract win rates. Damage to our reputation or limitations on our eligibility for additional work or any liability resulting from a security breach in one of the systems we develop, install, maintain, or otherwise support could have a material adverse effect on our results of operations.

The U.S. government is our primary customer, with revenue from contracts and task orders, either as a prime or a subcontractor, with U.S. government agencies accounting for 98% of our revenue for fiscal year 2025. Our belief is that the successful future growth of our business will continue to depend primarily on our ability to be awarded work under U.S. government contracts, as we expect this will continue to be the primary source of substantially all of our revenue. For this reason, any issue that compromises our relationship with the U.S. government generally or any U.S. government agency that we serve would cause our revenue to decline. Among the key factors in maintaining our relationship with U.S. government agencies is our performance on contracts and task orders, the strength of our professional reputation, compliance with applicable laws and regulations, and the strength of our relationships with customer personnel. Our relationship with U.S. government agencies could be harmed by the mishandling or the perception of mishandling of sensitive information, such as our failure to maintain the confidentiality of the existence of our business relationships with certain of our customers, including as a result of misconduct or other improper activities by our employees, subcontractors, or suppliers, or a failure to maintain adequate protection against security breaches, including those resulting from cyber attacks. See “—Our employees or subcontractors may engage in misconduct or other improper activities, which could harm our ability to conduct business with the U.S. government.” Our relationship with the U.S. government could also be damaged as a result of an agency’s dissatisfaction with work performed by us, a subcontractor, or other third parties who provide services or products for a specific project for any reason, including due to perceived or actual deficiencies in the performance or quality of our work, and we may incur additional costs to address any such situation and the profitability of that work might be impaired. In addition, to the extent our performance under a contract does not meet a U.S. government agency’s expectations, the customer might seek to terminate the contract prior to its scheduled expiration date, provide a negative assessment of our performance to government-maintained contractor past-performance data repositories, fail to award us additional business under existing contracts or otherwise, and direct future business to our competitors. 10 10 10 Table of Contents Table of Contents Further, negative publicity concerning government contractors in general, or us, regardless of accuracy, may harm our reputation among federal agencies and federal government contractors, and the credibility of our brand, and adversely affect our ability to attract or retain customers or talent. There has been increased publicity regarding government contractors in general, and including the Company, in connection with the U.S. government’s efforts to improve efficiency and reduce costs, which could harm our reputation and could have a material impact on our business, results of operations and financial condition. Due to the sensitive nature of our work and our confidentiality obligations to our customers, we may be unable or limited in our ability to respond to such negative publicity, which could also harm our reputation and business. To the extent our reputation or relationships with U.S. government agencies is impaired, our revenue and operating profits could materially decline.

The U.S. government is our primary client, with revenue from contracts and task orders, either as a prime or a subcontractor, with U.S. government agencies accounting for 98% of our revenue for fiscal year 2024. Our belief is that the successful future growth of our business will continue to depend primarily on our ability to be awarded work under U.S. government contracts, as we expect this will be the primary source of substantially all of our revenue in the foreseeable future. For this reason, any issue that compromises our relationship with the U.S. government generally or any U.S. government agency that we serve would cause our revenue to decline. Among the key factors in maintaining our relationship with U.S. government agencies is our performance on contracts and task orders, the strength of our professional reputation, compliance with applicable laws and regulations, and the strength of our relationships with client personnel. In addition, the mishandling or the perception of mishandling of sensitive information, such as our failure to maintain the confidentiality of the existence of our business relationships with certain of our clients, including as a result of misconduct or other improper activities by our employees, subcontractors, or suppliers, or a failure to maintain adequate protection against security breaches, including those resulting from cyber attacks, could harm our relationship with U.S. government agencies. See “—Our employees or subcontractors may engage in misconduct or other improper activities, which could harm our ability to conduct business with the U.S. government.” Our relationship with the U.S. government could also be damaged as a result of an agency’s dissatisfaction with work performed by us, a subcontractor, or other third parties who provide services or products for a specific project for any reason, including due to perceived or actual deficiencies in the performance or quality of our work, and we may incur additional costs to address any such situation and the profitability of that work might be impaired. Further, negative publicity concerning government contractors in general, or us, regardless of accuracy, may harm our reputation among federal agencies and federal government contractors. Due to the sensitive nature of our work and our confidentiality obligations to our customers, we may be unable or limited in our ability to respond to such negative publicity, which could also harm our reputation and business. To the extent our reputation or relationships with U.S. government agencies is impaired, our revenue and operating profits could materially decline. 16 16 16 Table of Contents Table of Contents

•failure to comply with numerous laws and regulations, including the FAR, False Claims Act, DFARS, and FAR Cost Accounting Standards and Cost Principles; •risks related to our international operations; •the adoption by the U.S. government of new laws, rules, and regulations, such as those relating to organizational conflicts of interest issues or limits; •the incurrence of additional tax liabilities, including as a result of changes in tax laws or management judgments involving complex tax matters; •continued efforts to change how the U.S. government reimburses compensation related costs and other expenses or otherwise limit such reimbursements and an increased risk of compensation being deemed unreasonable and unallowable or payments being withheld as a result of U.S. government audit, review, or investigation; •inherent uncertainties and potential adverse developments in legal or regulatory proceedings; •the impact of changes in accounting rules and regulations, or interpretations thereof, that may affect the way we recognize and report our financial results, including changes in accounting rules governing recognition of revenue; and •the impact of changing weather patterns, natural disasters, and pandemics, epidemics, and similar disease outbreaks on our and our customers' businesses and operations, as well as risks related to increased scrutiny and changing expectations and practices related to climate change and related governance matters generally.

•failure to comply with numerous laws and regulations, including the FAR, False Claims Act, DFARS, and FAR Cost Accounting Standards and Cost Principles; •risks related to our international operations; •the adoption by the U.S. government of new laws, rules, and regulations, such as those relating to organizational conflicts of interest issues or limits; •the incurrence of additional tax liabilities, including as a result of changes in tax laws or management judgments involving complex tax matters; •continued efforts to change how the U.S. government reimburses compensation related costs and other expenses or otherwise limit such reimbursements and an increased risk of compensation being deemed unreasonable and unallowable or payments being withheld as a result of U.S. government audit, review, or investigation; •inherent uncertainties and potential adverse developments in legal or regulatory proceedings; •the impact of changes in accounting rules and regulations, or interpretations thereof, that may affect the way we recognize and report our financial results, including changes in accounting rules governing recognition of revenue; and •the impact of ESG-related risks and climate change generally on our and our clients' businesses and operations.

Many U.S. government programs require contractor employees and facilities to have security clearances. Security clearances are issued at the discretion of the U.S. government and there can be no assurance that we will be able to obtain or maintain the security clearances necessary to perform our contracts. Depending on the level of required clearance, security clearances can be difficult and time-consuming to obtain. In the current environment we are seeing delays by the U.S. government in the processing of security clearances and there have been recent examples of large numbers of security clearances being revoked by executive orders by the new presidential administration. If we or our employees are unable to obtain or retain necessary security clearances in a timely manner, or a significant number of our employees lose security clearances, we may not be able to win new business, and our existing customers could terminate their contracts with us or decide not to renew them. To the extent we are not able to obtain and maintain facility security clearances or engage employees with the required security clearances for a particular contract, we may not be able to bid on or win new contracts, effectively rebid on expiring contracts, or retain existing contracts, which may adversely affect our operating results and inhibit the execution of our growth strategy.

Many U.S. government programs require contractor employees and facilities to have security clearances. Depending on the level of required clearance, security clearances can be difficult and time-consuming to obtain. If we or our employees are unable to obtain or retain necessary security clearances in a timely manner, we may not be able to win new business, and our existing clients could terminate their contracts with us or decide not to renew them. To the extent we are not able to obtain and maintain facility security clearances or engage employees with the required security clearances for a particular contract, we may not be able to bid on or win new contracts, effectively rebid on expiring contracts, or retain existing contracts, which may adversely affect our operating results and inhibit the execution of our growth strategy.

We utilize artificial intelligence, including generative artificial intelligence, machine learning, and similar tools and technologies that collect, aggregate, analyze, or generate data or other materials (collectively, “AI”) in connection with our business. The development, deployment and oversight of the use of AI by us, either directly, through our suppliers, or by engaging third-party AI developers, as well as the use of AI by competitors, is expected to require us to invest substantially in AI technology resources and related governance. There are significant risks involved in using AI and no assurance can be provided that our use of AI will enhance our products or services, produce the intended results, or keep pace with the use of AI by our competitors. For example, AI algorithms may produce incomplete, insufficient, biased or otherwise flawed results or rely upon biased or inaccurate data, and any of these deficiencies may not be easily detectable despite internal policies and diligence efforts in place to mitigate such deficiencies. The degraded or flawed performance could also result from adversarial attacks that include data poisoning, malware risks, and evasion techniques. If the AI that we use produces deficient, inaccurate, or controversial results, or if public opinion of AI is adversely affected due to actual or perceived risks regarding the usage of AI, we could incur operational inefficiencies, competitive harm, legal liability, brand or reputational harm, or other adverse impacts on our business and results of operations. Further, ownership and intellectual property rights of content generated by artificial intelligence is a developing area. This presents unique complexity and challenges that could affect our business and impact our delivery of AI-driven solutions. If we, or the third-party AI developers on which we rely, do not have sufficient rights to use the data or other material relied upon by such AI technologies, we also may incur liability through the alleged violation of applicable laws and regulations, third-party intellectual property, data privacy, or other rights, or contractual obligations. Although we conduct diligence on third-party AI developers, we will not be able to control the manner in which third-party AI technologies are developed or maintained. Legal and regulatory frameworks related to the use of AI are evolving, including due to the perceived or actual risks of bias, lack of transparency, and information security. The technologies underlying AI and its uses are subject to a variety of laws and regulations, including intellectual property, data privacy and security, consumer protection, competition, and equal opportunity laws, and may be subject to new laws and regulations or new interpretations of existing laws and regulations. AI is the subject of ongoing review by various U.S. and foreign governmental and regulatory agencies. For example, there have been significant changes in U.S. AI policy introduced by the new presidential administration, including the rescinding of the prior administration’s October 2023 executive order on Safe, Secure, and Trustworthy Artificial Intelligence. In addition, in March 2024, the EU enacted a new regulation applicable to certain AI technologies and the data used to train, test and deploy them. The enactment or expansion of laws and regulations related to the use of AI in our operations could result in increased compliance costs related to our use of AI, while the persistence of regulatory ambiguity results in uncertainty regarding potential compliance obligations and presents challenges to longer-term strategic decision-making. Additionally, we may not always be able to anticipate how courts and regulators will apply existing laws to AI, predict how new legal frameworks will develop to address AI, or otherwise respond to these frameworks as they are still rapidly evolving. We may also have to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks on AI are not consistent across jurisdictions. Furthermore, it is not possible to predict all the operational or technological risks that may arise relating to the use of AI, any of which may materially and adversely affect our business and results of operations. Further, we face significant competition from other companies that are developing their own AI features and technologies. Other companies may develop AI features and technologies that are similar or superior to our technologies or are more cost-effective to develop and deploy. Additionally, while AI is currently the focus of significant investment and strategic prioritization, there is a risk that if the expected value of AI does not materialize at scale, or if high-profile AI failures emerge, customers may reassess their AI plans, which could lead to reduced funding and a reduction in certain of our AI initiatives. These factors could materially and adversely affect our business, financial condition and results of operations.

We utilize artificial intelligence, including generative artificial intelligence, machine learning, and similar tools and technologies that collect, aggregate, analyze, or generate data or other materials (collectively, “AI”) in connection with our business. The development, deployment and oversight of the use of AI by us, either directly or by engaging third-party AI developers, as well as the use of AI by competitors, is expected to require us to invest substantially in AI technology resources and related governance. There are significant risks involved in using AI and no assurance can be provided that our use of AI will enhance our products or services, produce the intended results, or keep pace with the use of AI by our competitors. For example, AI algorithms may produce incomplete, insufficient, biased or otherwise flawed results or rely upon biased or inaccurate data, and any of these deficiencies may not be easily detectable despite internal policies and diligence efforts in place to mitigate such deficiencies. The degraded or flawed performance could also result from adversarial attacks that include data poisoning, malware risks, and evasion techniques. If the AI that we use produces deficient, inaccurate, or controversial results, or if public opinion of AI is adversely affected due to actual or perceived risks regarding the usage of AI, we could incur operational inefficiencies, competitive harm, legal liability, brand or reputational harm, or other adverse impacts on our business and results of operations. If we, or the third-party AI developers on which we rely, do not have sufficient rights to use the data or other material relied upon by such AI technologies, we also may incur liability through the alleged violation of applicable laws and regulations, third-party intellectual property, data privacy, or other rights, or contractual obligations. Although we conduct diligence on third-party AI developers, we will not be able to control the manner in which third-party AI technologies are developed or maintained. Legal and regulatory frameworks related to the use of AI are evolving, including due to the perceived or actual risks of bias, unfair discrimination, transparency, and information security. The technologies underlying AI and its uses are subject to a variety of laws and regulations, including intellectual property, data privacy and security, consumer protection, competition, and equal opportunity laws, and may be subject to new laws and regulations or new interpretations of existing laws and regulations. AI is the subject of ongoing review by various U.S. and foreign governmental and regulatory agencies. For example, in October 2023, the Biden Administration signed an executive order on Safe, Secure, and Trustworthy Artificial Intelligence which charges various Federal agencies to establish standards for AI safety and security. In addition, in March 2024, the EU enacted a new regulation applicable to certain AI technologies and the data used to train, test and deploy them. The enactment or expansion of laws and regulations related to the use of AI in our operations could result in increased compliance costs related to our use of AI. Furthermore, it is not possible to predict all the legal, operational or technological risks that may arise relating to the use of AI, any of which may materially and adversely affect our business and results of operations. 24 24 24 Table of Contents Table of Contents

For a variety of reasons, including geopolitical factors, the global economy in which we operate has faced, and may continue to face, heightened inflationary pressure, impacting the cost of doing business (in both supply and labor markets). These inflationary pressures have been and could continue to be exacerbated by geopolitical turmoil and economic policy actions, including new or increased tariffs on certain imports from other countries, and the duration of such pressures is uncertain. We generate revenue through various fixed price and multi-year government contracts, our primary customer being the U.S. government, which has traditionally been viewed as less affected by inflationary pressures. However, our approach to include modest annual price escalations in our bids for multi-year work may be insufficient to counter inflationary cost pressures, which may result in significant cost overruns on each contract. In addition, new or increased tariffs could result in increased costs for hardware and other goods necessary to support business operations. This could result in reduced profits, or even losses, as inflation increases, particularly for fixed-priced contracts, and our longer-term multi-year contracts as contractual prices become less favorable to us over time. In the competitive environment in which we operate as a government contractor, the lack of pricing leverage and power to renegotiate long-term, multi-year contracts, coupled with reduced customer buying power as a result of inflation, could reduce our profits, disrupt our business, or otherwise materially adversely affect our results of operations.

For a variety of reasons, including geopolitical factors, the global economy in which we operate has faced, and may continue to face, heightened inflationary pressure, impacting the cost of doing business (in both supply and labor markets). These inflationary pressures have been and could continue to be exacerbated by geopolitical turmoil and economic policy actions, and the duration of such pressures is uncertain. We generate revenue through various fixed price and multi-year government contracts, our primary customer being the U.S. government, which has traditionally been viewed as less affected by inflationary pressures. However, our approach to include modest annual price escalations in our bids for multi-year work may be insufficient to counter inflationary cost pressures, which may result in significant cost overruns on each contract. This could result in reduced profits, or even losses, as inflation increases, particularly for fixed priced contracts, and our longer-term multi-year contracts as contractual prices become less favorable to us over time. In the competitive environment in which we operate as a government contractor, the lack of pricing leverage and power to renegotiate long-term, multi-year contracts, coupled with reduced customer buying power as a result of inflation, could reduce our profits, disrupt our business, or otherwise materially adversely affect our results of operations.

•the volatility of the market price of our Class A common stock; •the timing and amount of our dividends, if any; and •the impact of fulfilling our obligations incident to being a public company.

As a result of the Small Business Administration set-aside program, the U.S. government may decide to restrict certain procurements only to bidders that qualify as small or small disadvantaged businesses. As a result, we would not be eligible to perform as a prime contractor on those programs and would be restricted to a maximum of 49% of the work as a subcontractor on those programs. An increase in the amount of procurements under the Small Business Administration set-aside program may impact our ability to bid on new procurements as a prime contractor or restrict our ability to re-compete on incumbent work that is placed in the set-aside program. 31 31 31 Table of Contents Table of Contents

As a result of the Small Business Administration set-aside program, the U.S. government may decide to restrict certain procurements only to bidders that qualify as minority-owned, small, or small disadvantaged businesses. As a result, we would not be eligible to perform as a prime contractor on those programs and would be restricted to a maximum of 49% of the work as a subcontractor on those programs. An increase in the amount of procurements under the Small Business Administration set-aside program may impact our ability to bid on new procurements as a prime contractor or restrict our ability to re-compete on incumbent work that is placed in the set-aside program.

Our business depends upon continued U.S. government expenditures on defense, intelligence, and civil programs for which we provide support. These expenditures have not remained constant over time, have been and in the future may be reduced in certain periods, and have been and in the future may be affected by the U.S. government’s efforts to improve efficiency and reduce costs affecting U.S. government programs generally. Our business, prospects, financial condition, or operating results could be materially harmed by, among other causes, the following: •budgetary constraints, including mandated automatic spending cuts, affecting U.S. government spending generally, or specific agencies in particular, and changes in available funding; •a shift in the permissible federal debt limit; •a shift in expenditures away from agencies or programs that we support; •reduced U.S. government outsourcing of functions that we are currently contracted to provide, including as a result of increased insourcing by various U.S. government agencies due to changes in the definition of “inherently governmental” work, including proposals to limit contractor access to sensitive or classified information and work assignments; •changes or delays in U.S. government programs that we support or related requirements, including shifts in the scope of work that we support and delays in procurements; •changes in U.S. government customer cybersecurity investments and resourcing that impact the security posture of systems hosted by the Company on behalf of the U.S. government and under a U.S. government authority to operate; •U.S. government shutdowns due to, among other reasons, a failure to fund the government and other potential delays in the appropriations process; •U.S. government agencies awarding contracts on a technically acceptable/lowest cost basis in order to reduce expenditures; •increased U.S. government processing times for security clearances and other governmental consents; •delays in the payment of our invoices by government payment offices; •loss of government points of contact at the various U.S. government agencies we support as a result of the government’s efforts to reduce spending; •an inability by the U.S. government to fund its operations as a result of a failure to increase the U.S. government’s debt ceiling, the exhaustion of “extraordinary measures” to borrow additional funds without breaching the government’s debt ceiling, a credit downgrade of U.S. government obligations or for any other reason; and •changes in the political climate and general economic conditions, including political changes from successive presidential administrations, a slowdown of the economy or unstable economic conditions and other conditions, such as emergency spending, that reduce funds available for other government priorities. In addition, any disruption in the functioning of U.S. government agencies, including as a result of U.S. government closures and shutdowns, terrorism, war, international conflicts (including the ongoing conflict between Russia and Ukraine, ongoing conflicts in the Middle East, and increased tensions in Asia), trade tensions related to recent shifts in international trade policies, natural disasters, public health crises, destruction of U.S. government facilities, and other potential calamities could have a negative impact on our operations and cause us to lose revenue or incur additional costs due to, among other things, our inability to deploy our staff to customer locations or facilities as a result of such disruptions. 11 11 11 Table of Contents Table of Contents Considerable uncertainty exists regarding how future budget and program decisions will unfold, including as a result of the changing spending priorities of the U.S. government. The U.S. government is currently in the process of reviewing federal spending across federal civilian, defense, and intelligence departments and agencies, to ensure it aligns with the new administration’s priorities of maximizing governmental efficiency and productivity. As a leading provider of advanced technology products and services to U.S. government customers, we have been, and will continue to be, subject to these reviews, and we have had, and may in the future have, certain of our contracts impacted, reduced or canceled as a result of these reviews. We have also experienced price adjustments and renegotiations prior to option exercise of certain of our contracts as a result of these reviews and may in the future continue to experience such adjustments. Further, we are, and may in the future be, subject to customer mandates to formulate additional methods by which to achieve efficiencies in providing our services, and we remain in ongoing discussions with various government departments and agencies in relation to cost reductions and other potential contract modifications. There can be no assurance that these reviews will not ultimately have a material adverse impact on our business and financial performance — such as through more stringent and frequent reviews of our contracts, potential changes in government procurement policies which could affect our ability to secure new contracts or renew existing ones, the cancellation or reduction of contracts critical to our business, or the implementation of stricter compliance requirements that could increase our operational costs. The U.S. government budget deficits, the national debt, and prevailing economic conditions, and actions taken to address them, could negatively affect U.S. government expenditures on defense, intelligence, and civil programs for which we provide support. A reduction in the amount of, or delays or cancellations of funding for, services that we are contracted to provide as a result of initiatives with certain U.S. government departments, legislation, or otherwise could have a material adverse effect on our business and results of operations. Further, there is ongoing uncertainty regarding how the U.S. Congress will address the legal limit on U.S. debt commonly known as the debt ceiling, and for which the U.S. Treasury has announced that it has been using extraordinary measures to prevent the U.S. government's default on its payment obligations, and to extend the time that the U.S. Congress has to raise its statutory debt limit or otherwise resolve the funding situation. If the debt ceiling is not raised, the U.S. government may not be able to fulfill its funding obligations and there could be significant disruption to all discretionary programs, which would have material adverse impacts on us and our industry. If government funding relating to our contracts with the U.S. government or Department of Defense becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contract or subcontract under such programs may be terminated or adjusted by the U.S. government or the prime contractor, if applicable. Our operating results could also be adversely affected by spending caps or changes in the budgetary priorities of the U.S. government or Department of Defense, as well as delays in program starts or the award of contracts or task orders under contracts. These or other factors could cause our defense, intelligence, or civil customers to decrease the number of new contracts awarded generally and fail to award us new contracts, reduce their purchases under our existing contracts, exercise their right to terminate our contracts, or not exercise options to renew our contracts, any of which could cause a material decline in our revenue.

Our business depends upon continued U.S. government expenditures on defense, intelligence, and civil programs for which we provide support. These expenditures have not remained constant over time, have been reduced in certain periods, and have been affected by the U.S. government’s efforts to improve efficiency and reduce costs affecting U.S. government programs generally. Our business, prospects, financial condition, or operating results could be materially harmed by, among other causes, the following: •budgetary constraints, including mandated automatic spending cuts, affecting U.S. government spending generally, or specific agencies in particular, and changes in available funding; •a shift in the permissible federal debt limit; •a shift in expenditures away from agencies or programs that we support; •reduced U.S. government outsourcing of functions that we are currently contracted to provide, including as a result of increased insourcing by various U.S. government agencies due to changes in the definition of “inherently governmental” work, including proposals to limit contractor access to sensitive or classified information and work assignments; •changes or delays in U.S. government programs that we support or related requirements; •U.S. government shutdowns due to, among other reasons, a failure to fund the government and other potential delays in the appropriations process; •U.S. government agencies awarding contracts on a technically acceptable/lowest cost basis in order to reduce expenditures; •delays in the payment of our invoices by government payment offices; •an inability by the U.S. government to fund its operations as a result of a failure to increase the U.S. government’s debt ceiling, the exhaustion of “extraordinary measures” to borrow additional funds without breaching the government’s debt ceiling, a credit downgrade of U.S. government obligations or for any other reason; and •changes in the political climate and general economic conditions, including political changes from successive presidential administrations, a slowdown of the economy or unstable economic conditions and other conditions, such as emergency spending, that reduce funds available for other government priorities. In addition, any disruption in the functioning of U.S. government agencies, including as a result of U.S. government closures and shutdowns, terrorism, war, international conflicts (including the ongoing conflict between Russia and Ukraine and the ongoing conflict between Israel and Hamas), natural disasters, public health crises, destruction of U.S. government facilities, and other potential calamities could have a negative impact on our operations and cause us to lose revenue or incur additional costs due to, among other things, our inability to deploy our staff to client locations or facilities as a result of such disruptions. The U.S. government budget deficits, the national debt, and prevailing economic conditions, and actions taken to address them, could negatively affect U.S. government expenditures on defense, intelligence, and civil programs for which we provide support. The Department of Defense is one of our significant clients and cost cutting, including through consolidation and elimination of duplicative organizations and insourcing, has become a major initiative for the Department of Defense. A reduction in the amount of, or delays or cancellations of funding for, services that we are contracted to provide as a result of any of these related initiatives, legislation, or otherwise could have a material adverse effect on our business and results of operations. In addition, government agencies have reduced management support services spending in recent years. If federal awards for management support services continue to decline, our revenue and operating profits may materially decline and could have a material and adverse effect on our business and results of operations. Considerable uncertainty exists regarding how future budget and program decisions will unfold, including the spending priorities of the U.S. government. In January 2025, the U.S. Congress may have to contend with the legal limit on U.S. debt commonly known as the debt ceiling. If the debt ceiling is not raised, the U.S. government may not be able to fulfill its funding obligations and there could be significant disruption to all discretionary programs, which would have corresponding impacts on us and our industry. If government funding relating to our contracts with the U.S. government or Department of Defense becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contract or subcontract under such programs may be terminated or adjusted by the U.S. government or the prime contractor, if applicable. Our operating results could also be adversely affected by spending caps or changes in the budgetary priorities of the U.S. government or Department of Defense, as well as delays in program starts or the award of contracts or task orders under contracts. 17 17 17 Table of Contents Table of Contents These or other factors could cause our defense, intelligence, or civil clients to decrease the number of new contracts awarded generally and fail to award us new contracts, reduce their purchases under our existing contracts, exercise their right to terminate our contracts, or not exercise options to renew our contracts, any of which could cause a material decline in our revenue.

Any failure by us, our vendors or other business partners to comply with international, U.S. federal, state or local laws and regulations regarding data privacy, including the protection of personal or confidential information of our customers or employees which we may handle and process, or cybersecurity could result in significant monetary damages, regulatory enforcement actions, fines, penalties, private litigation or claims, and/or criminal prosecution in one or more jurisdictions, including as a result of the perception of our practices, products, and services in relation to violations of individual privacy, data protection rights, or cybersecurity requirements. We may also incur substantial expenses in implementing and maintaining compliance with such laws and regulations, or anticipated laws and regulations, including those that require certain types of data to be retained on servers within these jurisdictions. These laws and regulations, and anticipated laws and regulations, are increasing in complexity and number, change frequently, sometimes conflict or create different requirements across jurisdictions, and are subject to interpretation by different regulators and courts, creating the possibility of different compliance measures or enforcement risks across jurisdictions, which may cause additional expenses for compliance with such laws and regulations. Our failure to comply with applicable laws and regulations may result in privacy claims or enforcement actions against us, including liabilities, fines and damage to our reputation, any of which may have a material adverse effect on our results of operations. For example, the European Union’s General Data Protection Regulation (the “GDPR”), and the United Kingdom’s GDPR impose compliance obligations on companies that process personal data of people in the European Union and United Kingdom, respectively. In the U.S., numerous federal, state, and local data privacy laws and regulations govern the collection, use, and processing of personal information, provide rights to residents of those respective states, in some cases including personal information collected from residents in the context of recruitment and employment, as well as business-to-business arrangements. Compliance with these laws, or emerging international, U.S. federal, state or local privacy laws, requires investments into compliance programs, investments to deploy, operate and maintain technology that enables compliance, potential modifications to business processes, ongoing data protection activities and documentation requirements, and creates the potential for fines, individual claims and other liabilities for noncompliance as well as litigation risks, particularly in the event of a data breach, and could have a material adverse effect on our business, including how we use personal information or our results of operations. Certain international, U.S. federal, state laws and regulations also impose obligations to maintain and implement an information security program that includes administrative, technical, physical, or organizational safeguards, as well as obligations to give notice to affected individuals and to certain regulators in the event of a data breach. We may be required to spend significant resources to comply with these information security and data breach legal requirements. A significant data breach (including various forms of external attack, such as ransomware, as well as data incidents resulting from internal actions or omissions) could have negative consequences for our business and future prospects, including possible penalties, fines, damages, reduced customer demand, legal claims against and by customers, personnel, business partners or other persons claiming to be affected, harm to our systems and operations and harm to our reputation and brand. In addition, as a contractor supporting defense and national security customers, we are subject to certain additional regulatory compliance requirements relating to data privacy and cybersecurity. Under the DFARS and other federal regulations, our networks and IT systems are required to comply with the security and privacy controls in certain National Institute of Standards and Technology Special Publications (“NIST SP”). To the extent that we do not comply with the applicable security and control requirements, unauthorized access or disclosure of sensitive information could result in a contract termination, which could have a material adverse effect on our business and financial results and lead to reputational harm. We are also subject to the Department of Defense Cybersecurity Maturity Model Certification (“CMMC”), requirements, which will require all contractors to receive specific certifications relating to specified cybersecurity standards in order to be eligible for contract awards. In addition, CMMC certification requirements may be required in modifications to existing contracts. To the extent we are unable to achieve certification in advance of applicable contract awards that specify the requirement, we will be unable to bid on such contract awards or on follow-on awards for existing work with the Department of Defense, depending on the level of standard as required for each solicitation, or be ineligible to receive option awards under existing contracts that specify the certification requirement, which could adversely impact our revenue and profitability. In addition, our subcontractors, and in some cases our vendors, may also be required to adhere to the CMMC program requirements and potentially to achieve certification. Should our supply chain fail to meet compliance requirements or achieve certification, this may adversely affect our ability to receive award or execute on relevant government programs. In addition, any obligations that may be imposed on us under the CMMC may be different from or in addition to those otherwise required by applicable laws and regulations, which may cause additional expense for compliance. 17 17 17 Table of Contents Table of Contents

Any failure by us, our vendors or other business partners to comply with international, U.S. federal, state or local laws and regulations regarding data privacy or cybersecurity could result in regulatory actions or lawsuits against us, legal liability, injunctions, fines, damages or other costs. We may also incur substantial expenses in implementing and maintaining compliance with such laws and regulations, including those that require certain types of data to be retained on servers within these jurisdictions. In addition, enactment or expansion of laws related to the use of artificial intelligence in our operations could increase the cost of doing business, subject us to potential liability, regulatory risk or reputational harm. Our failure to comply with applicable laws and regulations may result in privacy claims or enforcement actions against us, including liabilities, fines and damage to our reputation, any of which may have a material adverse effect on our results of operations. 22 22 22 Table of Contents Table of Contents For example, the European Union’s General Data Protection Regulation (the “GDPR”), and the United Kingdom’s GDPR impose compliance obligations on companies that process personal data of people in the European Union and United Kingdom, respectively. Compliance with these laws requires investment into ongoing data protection activities and documentation requirements, and creates the potential for fines and liabilities for noncompliance. In addition, California, Colorado, Connecticut, Iowa, Virginia, Utah, and other states have enacted comprehensive privacy laws that restrict the collection, use, and processing of personal information, provide rights to residents of those respective states, and create corresponding compliance obligations and litigation risks. For example, the California Consumer Privacy Act (the “CCPA”, as amended by the California Privacy Rights Act, the “CPRA”), the Virginia Consumer Data Protection Act (the “VCDPA”), and the Colorado Privacy Act (the “CPA”), provide for consumer rights for residents of those respective states and create corresponding compliance obligations and litigation risks. The impact from the VCDPA and the CPA to Booz Allen is currently low because most of our personal information is client- or employee-related and therefore not defined as consumer-related. However, the CCPA now covers personal information collected from California residents in the context of recruitment and employment, as well as business-to-business arrangements, and therefore imposes additional compliance obligations on Booz Allen with respect to such personal information. These comprehensive state privacy laws, or other emerging U.S. state or global privacy laws, may require additional investment in compliance programs and potential modifications to business processes, and could result in fines, individual claims, and liabilities for certain compliance failures, particularly in the event of a data breach. As other states follow this trend, laws of this nature could be deemed applicable to some aspects of our business. This will impose new compliance obligations and require additional investment into data protection activities. Any obligations that may be imposed on us under CCPA, CPRA, VCDPA, CPA or similar laws may increase our compliance costs and potential liability, particularly in the event of a data breach, and could have a material adverse effect on our business, including how we use personal information or our results of operations. The U.S. Congress is considering federal privacy, cybersecurity and AI legislation that would create requirements similar to or possibly exceeding these comprehensive U.S. state privacy laws on a 50-state basis. Any federal legislation may or may not preempt the comprehensive U.S. state privacy laws, creating the possibility of different compliance measures or enforcement risks nationally or on a per-state basis. Any obligations that may be imposed on us under any of the comprehensive U.S. state privacy laws or similar laws may be different from or in addition to those required by the EU GDPR, UK GDPR, and any other applicable international laws, which may cause additional expense for compliance across jurisdictions. The EU GDPR, UK GDPR, other international laws, and the laws of U.S. states also impose obligations to maintain and implement an information security program that includes administrative, technical, physical, or organizational safeguards, as well as obligations to give notice to affected individuals and to certain regulators in the event of a data breach. We may be required to spend significant resources to comply with these information security and data breach legal requirements. A significant data breach (including various forms of external attack, such as ransomware, as well as data incidents resulting from internal actions or omissions) could have negative consequences for our business and future prospects, including possible penalties, fines, damages, reduced customer demand, legal claims against and by clients, personnel, business partners or other persons claiming to be affected, harm to our systems and operations and harm to our reputation and brand. 23 23 23 Table of Contents Table of Contents In addition, as a contractor supporting defense and national security clients, we are subject to certain additional regulatory compliance requirements relating to data privacy and cybersecurity. Under DFARS and other federal regulations, our networks and IT systems are required to comply with the security and privacy controls in certain National Institute of Standards and Technology Special Publications (“NIST SP”). To the extent that we do not comply with the applicable security and control requirements, unauthorized access or disclosure of sensitive information could result in a contract termination, which could have a material adverse effect on our business and financial results and lead to reputational harm. We are also subject to the Department of Defense Cybersecurity Maturity Model Certification (“CMMC”), requirements, which will require all contractors to receive specific third-party certifications relating to specified cybersecurity standards in order to be eligible for contract awards. Under “CMMC 1.0”, released in January 2020, there were 5 maturity levels, comprised of 171 requirements and 14 required processes. In March 2021, the Department of Defense initiated an interim review of CMMC’s implementation, which led to a refinement of the overall program and implementation strategy. In November 2021, the Department of Defense announced “CMMC 2.0”, which included updated program structure and requirements. These refinements included a reduction in levels from 5 to 3, which includes the removal of CMMC-unique practices and reliance on the practices set forth in NIST SP 800-171(r2). The Department of Defense announced that CMMC 2.0 will become a contract requirement, likely to appear in contracts within one year of the rule going into effect, and is expected to appear in all defense contracts within two years of the rule going into effect. On December 26, 2023, the Department of Defense published a proposed rule for the CMMC 2.0 program requirements, and may face delays with uncertainties regarding final details and timing of the final requirements. To the extent we are unable to achieve certification in advance of applicable contract awards that specify the requirement, we will be unable to bid on such contract awards or on follow-on awards for existing work with the Department of Defense, depending on the level of standard as required for each solicitation, which could adversely impact our revenue and profitability. In addition, our subcontractors, and in some cases our vendors, may also be required to adhere to the CMMC program requirements and potentially to achieve certification. Should our supply chain fail to meet compliance requirements or achieve certification, this may adversely affect our ability to receive award or execute on relevant government programs. In addition, any obligations that may be imposed on us under the CMMC may be different from or in addition to those otherwise required by applicable laws and regulations, which may cause additional expense for compliance.

We help our customers prevent, detect, monitor and mitigate threats to their people, information, and facilities. These threats may originate from nation states, terrorists or criminal actors, activist hackers, financially or politically motivated actors, or others who seek to harm our customers. Successful attacks on our customers may cause reputational harm to us and our customers and business partners, as well as liability to our customers or third parties. If we are associated with our customers and business partners in this regard, our staff, systems, information, and facilities may be targeted by a similar group of threat actors and may be at risk for financial loss or physical or reputational harm. We also design and develop technologies that are highly technical and complex and may contain errors, defects, or security vulnerabilities that cannot be discovered before they are released, installed, and used by our customers. The introduction of new and emerging technologies, such as AI, further increases this risk. Errors, defects or vulnerabilities in the technology we develop could disrupt our customers’ or their customers’ proper functioning of the technology, cause disruptions in our customers' business operations, or allow unauthorized access to proprietary information, which could cause reputational harm to us and our customers, and could have a material adverse effect on our business and results of operations.

We help our clients detect, monitor and mitigate threats to their people, information, and facilities. These threats may originate from nation states, terrorists or criminal actors, activist hackers or others who seek to harm our clients. Successful attacks on our clients may cause reputational harm to us and our clients, as well as liability to our clients or third parties. In addition, if we are associated with our clients in this regard, our staff, systems, information, and facilities may be targeted by a similar group of threat actors and may be at risk for financial loss, or physical or reputational harm.

There is increased scrutiny from governmental organizations, customers, employees, investors, and other stakeholders on climate change, employee empowerment, and governance issues such as workplace culture, community investment, environmental management, climate impact, and information security. The quickly evolving technological, social, legal, and political context of these issues may create conflicts, disaffection, and dissatisfaction among laws and various stakeholder expectations. We comply with various federal, state, local, and foreign legislation and regulations related to these issues and applicable to our business and operations. Stakeholders may have expectations that conflict or do not align with our understanding of these laws, our strategies, or the expectations of the U.S. government. We have expended and may further expend resources to monitor, report on and adopt policies and practices that we believe will improve alignment with our evolving strategy and goals regarding these issues and related standards and expectations of legal regimes and stakeholders such as customers, investors, stockholders, raters, employees, and business partners. If our related practices, including our goals for environmental sustainability, and information security, do not meet evolving rules and regulations or stakeholder expectations and standards (or if we are viewed negatively based on positions we do or do not take or work we do or do not perform or cannot publicly disclose for certain customers and industries), then our reputation, ability to attract or retain leading experts, employees and other professionals, and ability to attract new business and customers could be negatively impacted, as could our attractiveness as an investment, service provider, employer, or business partner. Similarly, our failure or perceived failure with respect to these issues in our efforts to execute our related strategies and achieve our current or future goals, targets and objectives, or to satisfy various reporting standards within the timelines expected by stakeholders could also result in similar negative impacts. Organizations that provide information to investors on corporate governance and related matters have developed ratings processes for evaluating companies on their approach to many of these issues, and unfavorable ratings of our associated efforts may lead to negative investor sentiment, diversion of investment to other companies, and difficulty in hiring skilled employees.

There is increased scrutiny from governmental organizations, clients, employees, investors, and other stakeholders on environmental, social and governance (“ESG”) issues such as diversity, equity and inclusion, workplace culture, community investment, environmental management, climate impact and information security. We have expended and may further expend resources to monitor, report on and adopt policies and practices that we believe will improve alignment with our evolving ESG strategy and goals, as well as ESG-related standards and expectations of legal regimes and stakeholders such as clients, investors, stockholders, raters, employees, and business partners. If our ESG practices, including our goals for diversity, equity and inclusion, environmental sustainability and information security, do not meet evolving rules and regulations or stakeholder expectations and standards (or if we are viewed negatively based on positions we do or do not take or work we do or do not perform or cannot publicly disclose for certain clients and industries), then our reputation, our ability to attract or retain leading experts, employees and other professionals and our ability to attract new business and clients could be negatively impacted, as could our attractiveness as an investment, service provider, employer, or business partner. Similarly, our failure or perceived failure in our efforts to execute our ESG strategy and achieve our current or future ESG-related goals, targets and objectives, or to satisfy various reporting standards within the timelines expected by stakeholders, or at all, could also result in similar negative impacts. Organizations that provide information to investors on corporate governance and related matters have developed ratings processes for evaluating companies on their approach to ESG matters, and unfavorable ratings of our ESG efforts may lead to negative investor sentiment, diversion of investment to other companies, and difficulty in hiring skilled employees. In addition, complying or failing to comply with existing or future federal, state, local, and foreign ESG legislation and regulations applicable to our business and operations, including related to greenhouse gas emissions, climate change, or other matters could cause us to incur additional compliance and operational costs or actions and suffer reputational harm, which could adversely affect our business. 38 38 38 Table of Contents Table of Contents

We have significant operations located in regions that have been, and may in the future be, subject to a variety of physical risks related to changing weather patterns (including rising temperatures and sea levels, extreme heat, and other severe weather events), natural disasters (including hurricanes, typhoons, tsunamis, floods, earthquakes, fires or wildfires, water shortages and prolonged drought), or pandemics, epidemics and similar disease outbreaks. Such events could disrupt our operations or those of our customers and suppliers, including the inability of employees to work, destruction of facilities, loss of life, and adverse effects on supply chains (including materials shortages), power, infrastructure, and the integrity of information technology systems, all of which could materially increase our costs and expenses, delay or decrease revenue from our customers, and disrupt our ability to maintain business continuity. We could incur significant costs to improve the resiliency of our infrastructure and otherwise prepare for, respond to, and mitigate the effects of changing weather patterns, as well as increased compliance and operational costs and transition risks due to changes in future federal, state, local and foreign legislation and regulations applicable to our business or decisions we make to conduct or change our activities in response to considerations relating to changing weather patterns. Additionally, if insurance or other risk transfer mechanisms are unavailable or insufficient to recover all costs or if we experience a significant disruption to our business due to changing weather patterns, natural disasters, or disease outbreaks, our results of operations or financial condition could be adversely affected.

Due to the global nature of our business, we are exposed to a variety of physical risks related to climate change, including rising temperatures and sea levels, extreme heat, and other extreme weather events. Our worldwide operations and the operations of our customers could be subject to natural disasters (including those from climate change) such as hurricanes, typhoons, tsunamis, floods, earthquakes, fires, water shortages and prolonged drought. Such events could disrupt our operations or those of our customers and suppliers, including the inability of employees to work, destruction of facilities, loss of life, and adverse effects on supply chains, power, infrastructure, and the integrity of information technology systems, all of which could materially increase our costs and expenses, delay or decrease revenue from our customers, and disrupt our ability to maintain business continuity. We could incur significant costs to improve the climate-related resiliency of our infrastructure and otherwise prepare for, respond to, and mitigate the effects of climate change. Additionally, if insurance or other risk transfer mechanisms are unavailable or insufficient to recover all costs or if we experience a significant disruption to our business due to a natural disaster, our results of operations could be adversely affected. We may also face operational costs and transition risks due to decisions we make to conduct or change our activities in response to considerations relating to climate change, such as our goal to eventually reach net-zero greenhouse gas emissions. In addition, complying or failing to comply with existing or future federal, state, local, and foreign legislation and regulations applicable to our business and operations related to greenhouse gas emissions and climate change could cause us to incur additional compliance and operational costs.