BXP: 10-K Risk Factor Changes

We face risks associated with security breaches, incidents, and compromises, whether through cyber attacks or cyber intrusions over the internet, malware, computer viruses, attachments to e-mails, persons inside our organization or persons with access to systems inside our organization, social engineering tactics, and other significant disruptions of our IT networks and related systems. The risk of a security breach, incident, compromise, or disruption, particularly through cyber attack or cyber intrusion, including by computer hackers, foreign governments and cyber terrorists, has generally increased as the number, intensity and sophistication of attempted attacks and intrusions from around the world have increased. Our IT networks and related systems are essential to the operation of our business and our ability to perform day-to-day operations (including managing our building systems and accounting for our business operations) and, in some cases, may be critical to the operations of certain of our clients. Although we make efforts to maintain the security and integrity of our IT networks and related systems, and we have implemented various measures designed to manage the risk of a security breach, incident, compromise or disruption, there can be no assurance that our security efforts and measures will be effective or that attempted security breaches, incident, compromise or disruptions would not be successful or damaging. Even the most well-protected information, networks, systems and facilities remain potentially vulnerable because the techniques used in such attempted security breaches evolve and generally are not recognized until launched against a target, and in some cases, are designed not be detected and, in fact, may not be detected. Accordingly, we may be unable to anticipate these techniques or to implement adequate security barriers or other preventative measures, and thus it is impossible for us to entirely mitigate this risk. Like other businesses, we have been, and expect to continue to be, subject to attempts at unauthorized access of our network, mishandling or misuse, computer viruses or malware, cyber attacks and intrusions and other events of varying degrees. To date, these events have not, individually or in the aggregate, materially affected our operations or business. However, a security breach, incident, compromise or other significant disruption involving our IT networks and related systems could: •disrupt the proper functioning of our networks and systems and therefore our operations and/or those of certain of our clients; •result in misstated financial reports, violations of loan covenants, missed reporting deadlines and/or missed permitting deadlines; •result in our inability to properly monitor our compliance with the rules and regulations regarding BXP’s qualification as a REIT; •result in the unauthorized access to, and destruction, loss, theft, misappropriation or release of, proprietary, confidential, sensitive or otherwise valuable information of ours or others, which others could use to compete against us or which could expose us to damage and claims or threats by third-parties for disruptive, destructive or otherwise harmful purposes and outcomes; •result in our inability to maintain the building systems relied upon by our clients for the efficient use of their leased space; •require significant management attention and resources to remedy any damages that result; •subject us to claims for breach of contract, damages, credits, penalties or termination of leases or other agreements or subject us to litigation and regulatory investigations and related fines and penalties; •be uninsured or exceed policy limits, increase operating costs, including insurance expenses, or make future cyber risk coverage unavailable on commercially reasonable terms; and •damage our reputation among our clients and investors generally. Any one or more of the foregoing could have a material adverse effect on our results of operations, financial condition and cash flows. Refer to Part I, Item 1C. Cybersecurity in this Form 10-K for more information. 35 35 35 Table of Contents Table of Contents

We face risks associated with security breaches, whether through cyber attacks or cyber intrusions over the internet, malware, computer viruses, attachments to e-mails, persons inside our organization or persons with access to systems inside our organization, and other significant disruptions of our IT networks and related systems. The risk of a security breach or disruption, particularly through cyber attack or cyber intrusion, including by computer hackers, foreign governments and cyber terrorists, has generally increased as the number, intensity and sophistication of attempted attacks and intrusions from around the world have increased. Our IT networks and related systems are essential to the operation of our business and our ability to perform day-to-day operations (including managing our building systems) and, in some cases, may be critical to the operations of certain of our clients. 46 46 46 Table of Contents Table of Contents The Audit Committee of BXP’s Board of Directors oversees our risk management processes related to cybersecurity. It meets no less frequently than annually with our IT personnel and senior management to discuss recent trends in cyber risks and our strategy to defend our IT networks, business systems and information against cyber attacks and intrusions. Under the oversight of the Audit Committee, we established our overall cybersecurity program and its standards by reference to the National Institute of Standards and Technology (“NIST”) Cyber Security Framework. As part of our overall cybersecurity program: •we have implemented a continuous improvement methodology including, but not limited to, ongoing enhancements to processes and controls, quarterly control reviews, annual policy reviews, biannual penetration tests and annual investments in our security infrastructure; •we annually assess our cybersecurity program against the NIST framework and periodically engage an outside consulting firm to conduct the assessment; and •we conduct cybersecurity awareness training at least three times per year for our employees and primary on-site providers, and we conduct ongoing phishing simulations to raise awareness of spoofed or manipulated electronic communications and other critical security threats. Although we make efforts to maintain the security and integrity of our IT networks and related systems, and we have implemented various measures to manage the risk of a security breach or disruption, there can be no assurance that our security efforts and measures will be effective or that attempted security breaches or disruptions would not be successful or damaging. Even the most well-protected information, networks, systems and facilities remain potentially vulnerable because the techniques used in such attempted security breaches evolve and generally are not recognized until launched against a target, and in some cases, are designed not be detected and, in fact, may not be detected. Accordingly, we may be unable to anticipate these techniques or to implement adequate security barriers or other preventative measures, and thus it is impossible for us to entirely mitigate this risk. Like other businesses, we have been, and expect to continue to be, subject to attempts at unauthorized access, mishandling or misuse, computer viruses or malware, cyber attacks and intrusions and other events of varying degrees. To date, these events have not adversely affected our operations or business and have not been material, either individually or in the aggregate. However, a security breach or other significant disruption involving our IT networks and related systems could: •disrupt the proper functioning of our networks and systems and therefore our operations and/or those of certain of our clients; •result in misstated financial reports, violations of loan covenants, missed reporting deadlines and/or missed permitting deadlines; •result in our inability to properly monitor our compliance with the rules and regulations regarding BXP’s qualification as a REIT; •result in the unauthorized access to, and destruction, loss, theft, misappropriation or release of, proprietary, confidential, sensitive or otherwise valuable information of ours or others, which others could use to compete against us or which could expose us to damage claims by third-parties for disruptive, destructive or otherwise harmful purposes and outcomes; •result in our inability to maintain the building systems relied upon by our clients for the efficient use of their leased space; •require significant management attention and resources to remedy any damages that result; •subject us to claims for breach of contract, damages, credits, penalties or termination of leases or other agreements; and •damage our reputation among our clients and investors generally. Any one or more of the foregoing could have a material adverse effect on our results of operations, financial condition and cash flows. 47 47 47 Table of Contents Table of Contents

Public health crises such as pandemics or similar outbreaks could adversely impact our business. The full extent to which any future pandemic or similar outbreak may impact our operations and those of our clients will depend on future developments, which are highly uncertain and cannot be predicted. We have previously experienced adverse impacts on our business from the COVID-19 pandemic, and factors related to any future public health crises that could have a material adverse effect on our results of operations and financial condition include: •changes made by companies in response to a pandemic that could lead to a sustained shift away from collective in-person work environments or relocations away from the markets in which we operate, either of which could adversely affect the overall demand for workplaces in the regions in which we operate; •reduced economic activity and/or supply chain disruptions or delays in delivery of products, services or other materials necessary for our clients that impact our clients’ businesses, financial condition or liquidity may cause, one or more of our clients to be unable to meet their obligations to us, including their ability to make timely rental payments, in full or at all, or to otherwise seek modifications of such obligations, including rent concessions, deferrals or abatements, or to declare bankruptcy. Any one or more of the foregoing could: •reduce our cash flows, •adversely impact our ability to finance, refinance or sell a property, •adversely impact our ability to continue paying distributions to our securityholders at current levels, or at all, and •result in additional legal and other costs to enforce our rights, collect rent and/or re-lease the space occupied by the distressed client; •the degree to which our clients’ businesses are negatively impacted could require us to write-off a client’s accrued rent balance and this could have a material adverse effect on our results of operations and liquidity; •new laws, governmental policies, and similar actions, including legal restrictions on prosecutions, could adversely impact public safety and thereby adversely affect (1) the desirability of clients to lease space in our properties or markets, and (2) businesses’ office re-population plans; •the impact of a pandemic could result in an event or change in circumstances that results in an impairment in the value of our properties or our investments in unconsolidated joint ventures, and any such impairment could have a material adverse effect on our results of operations in the periods in which the charge is taken; •we may be unable to restructure or amend leases with certain of our clients on terms favorable to us or at all; 36 36 36 Table of Contents Table of Contents •the impact and validity of interpretations of lease provisions and applicable laws related to claims by clients regarding their obligations to pay rent as a result of a pandemic, and any adverse court rulings or decisions interpreting these provisions and laws, could have a material adverse effect on our results of operations and liquidity; •the impact of governmental and business travel limitations and restrictions could result in temporary or sustained periods of decreased demand for hotel stays at our hotel property; •the extent of labor shortages, disruptions in the supply chains, inflation impacting costs of materials, delays in permitting or inspections, and other factors could result in our failure to meet the development milestones set forth in any applicable lease agreement, which could provide the client the right to terminate its lease or entitle the client to monetary damages, delay the commencement or completion of construction and our anticipated lease-up plans for a development/redevelopment project or our overall development pipeline, including recognizing revenue for new leases, that may cause returns on investment to be less than projected, and/or increase the costs of construction of new or existing projects, any of which could adversely affect our investment returns, profitability and/or our future growth; and •the potential that business interruption, loss of rental income and/or other associated expenses related to our operations will not be covered in whole or in part by our insurance policies, which may increase unreimbursed liabilities.

Public health crises such as pandemics or similar outbreaks could adversely impact our business. For example, there remains uncertainty regarding the degree to which the COVID-19 pandemic may continue to adversely impact our business, financial condition, results of operation, cash flows and liquidity, and that of our clients. These uncertainties include the emergence of new virus strains, availability of effective treatment, possible future governmental responses and the severity and duration of the indirect economic and social impacts of the COVID 19-pandemic, such as economic downturn, supply chain disruptions, labor market disruptions, inflation, increasing interest rates, dislocation and volatility in capital markets, job losses and potential longer-term changes in consumer and client behavior. These uncertainties make it impossible for us to predict with certainty the overall impact that COVID-19 will have on us and our clients prospectively. Factors related to COVID-19 that have had, or could have, a material adverse effect on our results of operations and financial condition, include: •changes made by companies in response to the COVID-19 pandemic that could lead to a sustained shift away from collective in-person work environments or relocations away from the markets in which we operate, either of which could adversely affect the overall demand for workplaces in the regions in which we operate; 28 28 28 Table of Contents Table of Contents •reduced economic activity and/or supply chain disruptions or delays in delivery of products, services or other materials necessary for our clients that impact our clients’ businesses, financial condition or liquidity has caused, and may continue to cause, one or more of our clients to be unable to meet their obligations to us, including their ability to make timely rental payments, in full or at all, or to otherwise seek modifications of such obligations, including rent concessions, deferrals or abatements, or to declare bankruptcy. Any one or more of the foregoing could: •reduce our cash flows, •adversely impact our ability to finance, refinance or sell a property, •adversely impact our ability to continue paying distributions to our equityholders at current levels, or at all, and •result in additional legal and other costs to enforce our rights, collect rent and/or re-lease the space occupied by the distressed client; •the degree to which our clients’ businesses have been, and continue to be, negatively impacted has required, and may in the future require, us to write-off a client’s accrued rent balance and this could have a material adverse effect on our results of operations and liquidity; •new laws, governmental policies, and similar actions, including legal restrictions on prosecutions, could adversely impact public safety and thereby adversely affect (1) the desirability of clients to lease space in our properties or markets, and (2) businesses’ office re-population plans; •the impact of COVID-19 could result in an event or change in circumstances that results in an impairment in the value of our properties or our investments in unconsolidated joint ventures, and any such impairment could have a material adverse effect on our results of operations in the periods in which the charge is taken; •we may be unable to restructure or amend leases with certain of our clients on terms favorable to us or at all; •the impact and validity of interpretations of lease provisions and applicable laws related to claims by clients regarding their obligations to pay rent as a result of COVID-19, and any adverse court rulings or decisions interpreting these provisions and laws, could have a material adverse effect on our results of operations and liquidity; •the impact of governmental and business travel limitations and restrictions have had, and may in the future have, a material adverse effect on the operator of our hotel property, which negatively impacts our revenues, and may result in sustained decreased demand for hotel stays; •the extent of labor shortages, disruptions in the supply chains, inflation impacting costs of materials, delays in permitting or inspections, and other factors could result in our failure to meet the development milestones set forth in any applicable lease agreement, which could provide the client the right to terminate its lease or entitle the client to monetary damages, delay the commencement or completion of construction and our anticipated lease-up plans for a development/redevelopment project or our overall development pipeline, including recognizing revenue for new leases, that may cause returns on investment to be less than projected, and/or increase the costs of construction of new or existing projects, any of which could adversely affect our investment returns, profitability and/or our future growth; and •the potential that business interruption, loss of rental income and/or other associated expenses related to our operations will not be covered in whole or in part by our insurance policies, which may increase unreimbursed liabilities.

As of February 20, 2024, our Consolidated Debt was approximately $15.4 billion (excluding unconsolidated joint venture debt). 40 40 40 Table of Contents Table of Contents The following table presents Consolidated Market Capitalization as well as the corresponding ratios of Consolidated Debt to Consolidated Market Capitalization (dollars and shares / units in thousands): February 20, 2024Shares / Units OutstandingCommon Stock EquivalentEquivalent Value (1)Common Stock157,011 157,011 $10,367,436 Common Operating Partnership Units19,196 19,196 1,267,512 (2)Total Equity (A)176,207 $11,634,948 Consolidated Debt (B)$15,366,713 Consolidated Market Capitalization (A + B)$27,001,661 Consolidated Debt/Consolidated Market Capitalization [B / (A + B)]56.91 % Common Operating Partnership Units _______________ (1)Values are based on the closing price per share of BXP’s Common Stock on February 20, 2024 of $66.03. (2)Includes LTIP Units (including 2012 OPP Units and earned MYLTIP Units that were granted between 2013 - 2021), but excludes MYLTIP Units granted between 2022 and 2024 because the performance period for those awards has not yet ended. Our degree of leverage could affect our ability to obtain additional financing for working capital, capital expenditures, acquisitions, development or other general corporate purposes. Our senior unsecured debt is currently rated investment grade by two major rating agencies. However, there can be no assurance that we will be able to maintain these ratings. In December 2023 and January 2024, our senior debt credit ratings were downgraded, although both remain investment grade. In the event our senior debt is further downgraded from its current ratings, we would likely incur higher borrowing costs and/or difficulty in obtaining additional financing. Our degree of leverage could also make us more vulnerable to a downturn in business or the economy generally. There is a risk that changes in our debt to market capitalization ratio, which is in part a function of BXP’s stock price, or BPLP’s ratio of indebtedness to other measures of asset value used by financial analysts may have an adverse effect on the market price of our equity or debt securities.

As of February 21, 2023, our Consolidated Debt was approximately $14.7 billion (excluding unconsolidated joint venture debt). The following table presents Consolidated Market Capitalization as well as the corresponding ratios of Consolidated Debt to Consolidated Market Capitalization (dollars and shares / units in thousands): February 21, 2023Shares / Units OutstandingCommon Stock EquivalentEquivalent Value (1)Common Stock156,823 156,823 $10,732,966 Common Operating Partnership Units18,663 18,663 1,277,296 (2)Total Equity (A)175,486 $12,010,262 Consolidated Debt (B)$14,707,348 Consolidated Market Capitalization (A + B)$26,717,610 Consolidated Debt/Consolidated Market Capitalization [B / (A + B)]55.05 % Common Operating Partnership Units _______________ (1)Values are based on the closing price per share of BXP’s Common Stock on February 21, 2023 of $68.44. (2)Includes LTIP Units (including 2012 OPP Units and earned MYLTIP Units that were granted between 2013 - 2020), but excludes MYLTIP Units granted between 2021 and 2023 because the performance period for those awards has not yet ended. Our degree of leverage could affect our ability to obtain additional financing for working capital, capital expenditures, acquisitions, development or other general corporate purposes. Our senior unsecured debt is currently rated investment grade by two major rating agencies. However, there can be no assurance that we will be able to maintain this rating, and in the event our senior debt is downgraded from its current rating, we would likely incur higher borrowing costs and/or difficulty in obtaining additional financing. Our degree of leverage could also make us more vulnerable to a downturn in business or the economy generally. There is a risk that changes in our debt to market capitalization ratio, which is in part a function of BXP’s stock price, or BPLP’s ratio of indebtedness to other measures of asset value used by financial analysts may have an adverse effect on the market price of our equity or debt securities. 41 41 41 Table of Contents Table of Contents

The bankruptcy or insolvency of a major client may adversely affect the income produced by our properties. Our clients could file for bankruptcy protection or become insolvent in the future. We cannot evict a client solely because of its bankruptcy. On the other hand, a bankrupt client may reject and terminate its lease with us. In such case, our claim against the bankrupt client for unpaid and future rent would be subject to a statutory cap that might be substantially less than the remaining rent actually owed under the lease, and, even so, our claim for unpaid rent would likely not be paid in full. This shortfall could adversely affect our cash flow and results of operations. On November 6, 2023, WeWork Inc. and certain of its direct and indirect subsidiaries (collectively, “WeWork”) filed voluntary petitions to commence proceedings under Chapter 11 of title 11 of the United States Code in the United States Bankruptcy Court for the District of New Jersey. As of December 31, 2023, WeWork was one of our 20 largest clients (based on our share of square footage). There can be no assurance that WeWork will not reject one or more of the four leases.

The bankruptcy or insolvency of a major client may adversely affect the income produced by our properties. Our clients could file for bankruptcy protection or become insolvent in the future. We cannot evict a client solely because of its bankruptcy. On the other hand, a bankrupt client may reject and terminate its lease with us. In such case, our claim against the bankrupt client for unpaid and future rent would be subject to a statutory cap that might be substantially less than the remaining rent actually owed under the lease, and, even so, our claim for unpaid rent would likely not be paid in full. This shortfall could adversely affect our cash flow and results of operations. 30 30 30 Table of Contents Table of Contents