--- ticker: FDS company: FDS filing_type: 10-K year_current: 2025 year_prior: 2024 risks_added: 3 risks_removed: 4 risks_modified: 15 risks_unchanged: 11 source: SEC EDGAR url: https://riskdiff.com/fds/2025-vs-2024/ markdown_url: https://riskdiff.com/fds/2025-vs-2024/index.md generated: 2026-06-01 --- # FDS: 10-K Risk Factor Changes 2025 vs 2024 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-06-01 > All data extracted directly from official filings. No hallucinated content. ## Summary | Status | Count | |--------|-------| | New risks added | 3 | | Risks removed | 4 | | Risks modified | 15 | | Unchanged | 11 | --- ## New in Current Filing: Clients are seeking additional contractual protections that may create additional liabilities for us Clients are increasingly looking to pass on contractual obligations to us, which may include service level, information and cyber-security requirements and audit rights. Many of our clients in the financial services sector are also subject to regulations and requirements to adopt risk management processes commensurate with the level of risk and complexity of their third-party relationships (including as required under the European Union ("EU") Digital Operational Resilience Acts ("DORA")), and provide rigorous oversight of relationships that involve certain "critical activities," some of which may be deemed to be provided by us. Any failure on our part to comply with the specific provisions in client contracts, including having appropriate information security capabilities, could result in the imposition of various penalties, which may include termination of contracts, service credits, suspension of payments, contractual penalties, adverse monetary judgments, and, in the case of government contracts, suspension from future government contracting. Even if the outcome of any claims brought against us were ultimately favorable, such a claim would require the time and attention of our management, personnel, as well as financial and other resources and potentially pose a significant disruption to our normal business operations and reputational damage. --- ## New in Current Filing: Increased scrutiny with respect to sustainability matters New laws, regulations, policies, and international agreements relating to environmental, social and governance ("ESG") matters are being developed and formalized in Europe and elsewhere globally, which requires us to comply with specific, target-driven frameworks, disclosure and other requirements in multiple jurisdictions. Increased public, political or media scrutiny concerning ESG or climate matters may negatively affect our reputation. We may face criticism in respect of our climate and ESG products. We may also face increased scrutiny from political leaders, organizations or groups criticizing ESG or climate-focused products, or our compliance with global ESG regulations. Such scrutiny may impact demand for our products or limit our ability to attract and retain clients, resulting in adverse effects on our business, operating results or financial condition. 18 18 18 Table of Contents Table of Contents --- ## New in Current Filing: If we fail to maintain proper and effective internal control and remediate any future control deficiencies, our ability or perceived ability to produce accurate and timely financial statements or reporting could be impaired, which could harm our business. The Sarbanes-Oxley Act places certain requirements on public reporting companies with respect to internal controls for financial reporting and disclosure controls and procedures. As such, public reporting companies are required to furnish a report by management on, among other things, the effectiveness of internal control over financial reporting. This assessment will include disclosure of any material weaknesses identified by management in a company's internal control over financial reporting. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis. As previously disclosed in our Annual Report on Form 10-K for the fiscal year ended August 31, 2024, we identified a material weakness in our internal control over financial reporting related to the design and operation of our information technology ("IT") general controls that support our revenues, accounts receivable, and deferred revenues processes. We are still in the process of enhancing our internal controls related to the design and operation of our IT general controls that support our revenues, accounts receivable, and deferred revenues processes and expect to complete these remediation measures in fiscal 2026. However, remediation efforts have placed, and will continue to place, a significant burden on management and add increased pressure to our financial and IT resources and processes. No system of controls, no matter how well designed and operated, can provide absolute assurance that the objectives of the system of controls will be met, and no evaluation of controls can provide absolute assurance that all control deficiencies or material weaknesses have been or will be detected. There is no assurance that any remediation efforts will be fully effective. If we identify one or more additional material weaknesses, or, if we are otherwise unable to maintain effective internal control over financial reporting or disclosure controls and procedures, our financial reporting may be adversely affected and could result in violations of applicable securities laws, stock exchange listing requirements, negatively affect investor confidence in our financial statements, subject us to litigation or investigations and adversely impact our stock price and our ability to access capital markets. --- ## No Match in Current: Pandemics and other global public health epidemics may adversely impact our business, our future results of operations and our overall financial performance *This section from the 2024 filing does not have a high-confidence textual match in 2025. It may have been removed, merged, or substantially reworded.* Our business could be materially and adversely affected by the risk, or the public perception of risk, related to a pandemic or widespread health crisis, such as the COVID-19 pandemic. A significant outbreak, epidemic or pandemic of contagious diseases in the human population could result in a widespread health crisis adversely affecting the broader economies, financial markets and overall demand for our products and services. In addition, any preventative or protective actions that governments implement or that we take in respect of a global health crisis, such as travel restrictions, quarantines or site closures, may interfere with the ability of our employees, vendors, and data suppliers to perform their respective responsibilities and 18 18 18 Table of Contents Table of Contents obligations relative to the conduct of our business, including our ability to gather content. Such results could have a material adverse effect on our operations, business, financial condition, results of operations, or cash flows. --- ## No Match in Current: Despite current indebtedness levels, we may still incur more debt. The incurrence of additional debt could further exacerbate the risks associated with our indebtedness *This section from the 2024 filing does not have a high-confidence textual match in 2025. It may have been removed, merged, or substantially reworded.* Subject to certain limitations, the 2022 Credit Agreement and the indenture governing the Senior Notes permit us and our subsidiaries to incur additional debt. If new debt is added to our or any such subsidiary's current debt levels, the risks described above in the previous risk factor could intensify. --- ## No Match in Current: The restrictive covenants in our debt may affect our ability to operate our business successfully *This section from the 2024 filing does not have a high-confidence textual match in 2025. It may have been removed, merged, or substantially reworded.* The 2022 Credit Agreement contains, and our future debt instruments may contain, various provisions that limit our ability to, among other things: incur liens; incur additional indebtedness, guarantees or other contingent obligations; enter into sale and leaseback transactions; engage in mergers and consolidations; make investments and acquisitions; change the nature of our business; and make sales, transfers and other dispositions of property and assets. The indenture governing the Senior Notes also contains various provisions that limit our ability to, among other things: incur liens; enter into sale and leaseback transactions; engage in mergers and consolidations; and make sales, transfers and other dispositions of property and assets. These covenants could adversely affect our ability to finance our future operations or capital needs and pursue available business opportunities. In addition, the 2022 Credit Agreement requires us to maintain specified financial ratios and satisfy certain financial condition tests. Events beyond our control, including changes in general economic and business conditions, may affect our ability to meet those financial ratios and financial condition tests. There can be no assurance that we will meet those tests or that the lenders will waive any failure to meet those tests. A breach of any of these covenants or any other restrictive covenants contained in the definitive documentation governing our indebtedness would result in a default or an event of default. If an event of default in respect of any of our indebtedness occurs, the holders of the affected indebtedness could declare all amounts outstanding, together with accrued interest, to be immediately due and payable, which, in turn, could cause the default and acceleration of the maturity of our other indebtedness. We expect we will be permitted to incur substantial amounts of secured debt under the covenants in the indenture governing the Senior Notes and the 2022 Credit Facilities. If, upon an acceleration, we were unable to pay amounts owed in respect of any such indebtedness secured by liens on our assets, then the lenders of such indebtedness could proceed against the collateral pledged to them. --- ## No Match in Current: Certain of our borrowings and other obligations are based upon variable rates of interest, which could result in higher expense in the event of increases in interest rates *This section from the 2024 filing does not have a high-confidence textual match in 2025. It may have been removed, merged, or substantially reworded.* The 2022 Credit Agreement provides that (i) loans denominated in U.S. dollars, at our option, will bear interest at either the one-month Term Secured Overnight Financing Rate ("SOFR") (with a 0.1% credit spread adjustment and subject to a "zero" floor), (ii) the Daily Simple SOFR (with a 0.1% credit spread adjustment and subject to a "zero" floor) or (iii) an alternate base rate. Under the 2022 Credit Agreement, loans denominated in Pounds Sterling will bear interest at the Daily Simple Sterling Overnight Index Average ("SONIA") (subject to a "zero" floor) and loans denominated in Euros will bear interest at the Euro Interbank Offered Rate ("EURIBOR") (subject to a "zero" floor), in each case, plus an applicable interest rate margin. The interest rate margin will fluctuate based upon our senior unsecured non-credit enhanced long-term debt rating and our total leverage ratio. An increase in the alternate base rate, Term SOFR, Daily Simple SOFR, SONIA or EURIBOR would increase our interest payment obligations under the 2022 Credit Facilities and could have a negative effect on our cash flow and financial condition. 21 21 21 Table of Contents Table of Contents To mitigate this exposure, on March 1, 2022, we entered into an interest rate swap agreement to hedge the variable interest rate obligation on a portion of our outstanding balance under the 2022 Credit Facilities. The 2022 Swap Agreement matured on February 28, 2024, and on March 1, 2024, we entered into the 2024 Swap Agreement to hedge a portion of our outstanding floating SOFR debt. However, as the interest rate swap agreement covers only a portion of our outstanding balance under the 2022 Credit Facilities, a substantial portion of our outstanding balance under the 2022 Credit Facilities continues to be exposed to interest rate volatility. An increase in the applicable rates would increase our interest payment obligations under the 2022 Credit Facilities and could have a negative effect on our cash flow and financial condition. --- ## Modified: Failure to develop and market new products and enhancements that maintain our technological and competitive position and failure to anticipate and respond to changes in the marketplace for our products and client demands **Key changes:** - Reworded sentence: "The market for our products is characterized by rapid technological change, including developing technologies such as AI, including agentic AI, methods and speed of delivery, changes in client demands, development of new investment instruments and evolving industry standards." - Reworded sentence: "We may not be successful in developing, introducing, marketing, licensing and implementing new products and enhancements on a timely and cost-effective basis or without impacting the stability and efficiency of existing products and client systems." - Reworded sentence: "We must make long-term investments and commit significant resources, for example, to developing and utilizing AI technology, before knowing whether these investments will eventually result in products and services that satisfy our clients' needs and generate revenues required to provide the desired results." - Reworded sentence: "17 17 17 Table of Contents Table of Contents Errors or defects can exist at any point in a product's life cycle, but are more frequently found after the introduction of new products or enhancements to existing products." - Removed sentence: "We have provisions in our client contracts to limit our exposure to potential liability claims brought by clients based on the use of our products or services or our delay or failure to provide products and services." **Prior (2024):** The market for our products is characterized by rapid technological change, including developing technologies such as AI, methods and speed of delivery, changes in client demands, development of new investment instruments and evolving industry standards. The direction of these trends can render our existing products less competitive, obsolete or unmarketable. As a result, our future success will continue to depend upon our ability to identify and develop new products and enhancements that address the future needs of our target markets and to respond to their changing standards and practices. We may not be successful in developing, introducing, marketing, licensing and implementing new products and enhancements on a timely and cost-effective basis or without impacting the stability and efficiency of existing products and customer systems. Further, any new products and enhancements may not adequately meet the requirements of the marketplace or achieve market acceptance. We must make long-term investments and commit significant resources, for example, to developing and utilizing AI technology, before knowing whether these investments will eventually result in products and services that satisfy our clients' needs and generate 16 16 16 Table of Contents Table of Contents revenues required to provide the desired results. Our failure or inability to anticipate and respond to changes in the marketplace, including competitor and supplier developments, may also adversely affect our business, operations and growth. Errors or defects can exist at any point in a product's life cycle, but are more frequently found after the introduction of new products or enhancements to existing products. Despite internal testing and testing by clients, our products may contain errors. We may also experience delays while developing and introducing new products for various reasons, such as difficulties in licensing data inputs. Defects, errors, or delays in our products that are significant, or are perceived to be significant, could result in rejection or delay in market acceptance, damage to our reputation, loss of revenues, lower rate of license renewals or upgrades, diversion of development resources, product liability claims or regulatory actions, or increases in service and support costs. We have provisions in our client contracts to limit our exposure to potential liability claims brought by clients based on the use of our products or services or our delay or failure to provide products and services. Contracts with customers also increasingly include service level requirements and audit rights to review our security. Many of our customers in the financial services sector are also subject to regulations and requirements to adopt risk management processes commensurate with the level of risk and complexity of their third-party relationships, and provide rigorous oversight of relationships that involve certain "critical activities," some of which may be deemed to be provided by us. Any failure on our part to comply with the specific provisions in customer contracts could result in the imposition of various penalties, which may include termination of contracts, service credits, suspension of payments, contractual penalties, adverse monetary judgments, and, in the case of government contracts, suspension from future government contracting. Even if the outcome of any claims brought against us were ultimately favorable, such a claim would require the time and attention of our management, personnel, as well as financial and other resources and potentially pose a significant disruption to our normal business operations. **Current (2025):** The market for our products is characterized by rapid technological change, including developing technologies such as AI, including agentic AI, methods and speed of delivery, changes in client demands, development of new investment instruments and evolving industry standards. The direction of these trends can render our existing products less competitive, obsolete or unmarketable. As a result, our future success will continue to depend upon our ability to identify and develop new products and enhancements that address the future needs of our target markets and to respond to their changing standards and practices. We may not be successful in developing, introducing, marketing, licensing and implementing new products and enhancements on a timely and cost-effective basis or without impacting the stability and efficiency of existing products and client systems. Further, any new products and enhancements may not adequately meet the requirements of the marketplace or achieve market acceptance. We must make long-term investments and commit significant resources, for example, to developing and utilizing AI technology, before knowing whether these investments will eventually result in products and services that satisfy our clients' needs and generate revenues required to provide the desired results. Our failure or inability to anticipate and respond to changes in the marketplace, including competitor and supplier developments, may also adversely affect our business, operations and growth. 17 17 17 Table of Contents Table of Contents Errors or defects can exist at any point in a product's life cycle, but are more frequently found after the introduction of new products or enhancements to existing products. Despite internal testing and testing by clients, our products may contain errors. We may also experience delays while developing and introducing new products for various reasons, such as difficulties in licensing data inputs. Defects, errors, or delays in our products that are significant, or are perceived to be significant, could result in rejection or delay in market acceptance, damage to our reputation, loss of revenues, lower rate of license renewals or upgrades, diversion of development resources, product liability claims or regulatory actions, or increases in service and support costs. --- ## Modified: Additional cost due to tax assessments resulting from ongoing and future audits by tax authorities as well as changes in tax laws **Key changes:** - Reworded sentence: "For example, during August 2019 through February 2024, we received various assessment and audit notices from the Commonwealth of Massachusetts Department of Revenue with respect to sales taxes, interest and underpayment penalties relating to the tax periods from January 1, 2006 through December 31, 2023 ("Sales Tax Dispute")." - Reworded sentence: "In addition, as a global taxpayer, we face challenges due to increasing complexities in accounting for, and collecting, taxes in a variety of jurisdictions, which could impact our tax obligations and effective tax rate." **Prior (2024):** In the ordinary course of business, we are subject to changes in tax laws as well as tax examinations by various governmental tax authorities. The global and diverse nature of our business means that there could be additional examinations by governmental tax authorities and the resolution of ongoing and other probable audits which could impose a future risk to the results of our business. For example, as discussed in greater detail in Part II, Item 8. Note 13, Commitments and Contingencies in the Notes to the Consolidated Financial Statements of this Annual Report on Form 10-K , during fiscal 2024, we took a charge of approximately 19 19 19 Table of Contents Table of Contents $54 million related to a sales tax dispute with the Commonwealth of Massachusetts, bringing our total charge with respect to that matter to $64 million. While we do not anticipate taking additional material charges with respect to this matter, and we believe that the assumptions and estimates used to determine the charge are reasonable, future developments could result in further adjustments being made to this amount. Changes in tax laws or the terms of tax treaties in a jurisdiction where we are subject to tax could have an impact on our taxes payable. In addition, as a global taxpayer, we face challenges due to increasing complexities in accounting for taxes in a variety of jurisdictions, which could impact our tax obligations and effective tax rate. **Current (2025):** In the ordinary course of business, we are subject to changes in tax laws as well as tax examinations by various governmental tax authorities. The global and diverse nature of our business means that there could be additional examinations by governmental tax authorities and the resolution of ongoing and other probable audits which could impose a future risk to the results of our business. For example, during August 2019 through February 2024, we received various assessment and audit notices from the Commonwealth of Massachusetts Department of Revenue with respect to sales taxes, interest and underpayment penalties relating to the tax periods from January 1, 2006 through December 31, 2023 ("Sales Tax Dispute"). We entered into an agreement with the Commonwealth on November 26, 2024 which fully resolved all matters relating to the Sales Tax Dispute, bringing our total charge with respect to that matter to approximately $66.2 million. For a further discussion see Part II, Item 8. Note 12, Commitments and Contingencies in the Notes to the Consolidated Financial Statements of this Annual Report on Form 10-K. Changes in tax laws or the terms of tax treaties in a jurisdiction where we are subject to tax could have an impact on our taxes payable. In addition, as a global taxpayer, we face challenges due to increasing complexities in accounting for, and collecting, taxes in a variety of jurisdictions, which could impact our tax obligations and effective tax rate. --- ## Modified: Our use of AI technologies may not be successful and may present business, compliance, and reputational risks **Key changes:** - Reworded sentence: "We use, and are expanding our use of, machine learning and AI technologies in our products and processes." - Reworded sentence: "The introduction of AI technologies, particularly generative and agentic AI, into new or existing offerings may result in new or expanded risks and liabilities, due to enhanced governmental or regulatory scrutiny, litigation, compliance issues, ethical concerns, confidentiality, data privacy or security risks, as well as other factors that could adversely affect our business, reputation, and financial results." - Added sentence: "These risks include the possibility of enhanced governmental or regulatory scrutiny, litigation or other legal liability, compliance issues, ethical concerns, negative client perceptions, confidentiality or security risks, as well as other factors." - Added sentence: "Any of these issues could materially adversely affect our business, financial condition or results of operations." - Added sentence: "AI technologies used in our products and processes may use or incorporate data from third-party sources, including information they input into the AI tools, which may expose us to risks associated with data rights and protection." **Prior (2024):** We use, and are expanding our use of, machine learning and artificial intelligence ("AI") technologies in our products and processes. If we fail to keep pace with rapidly evolving AI technological developments, our competitive position and business results may be negatively impacted. Our use of AI technologies requires resources to develop, test and maintain such products, which is costly. Despite our investments in, and commitment of resources to, the development of AI products and technologies, we may not be successful in generating revenues from these efforts. In addition, third parties may be able to use AI to create technology that could reduce demand for our products and services. The introduction of AI technologies, particularly generative AI, into new or existing offerings may result in new or expanded risks and liabilities, due to enhanced governmental or regulatory scrutiny, litigation, compliance issues, ethical concerns, confidentiality, data privacy or security risks, as well as other factors that could adversely affect our business, reputation, and financial results. If the content, analyses, or recommendations that AI applications assist in producing are, or are alleged to be, deficient, inaccurate, unreliable, misleading, biased, discriminatory or otherwise flawed, any of which may not be easily detectable, our business and reputation may be adversely affected. Use of AI technologies, and the evolving legal, regulatory and compliance framework for AI, could impact our ability to protect our data and intellectual property, as well as vendor and client information, and could expose us to intellectual property or other claims by third parties. Use of AI technologies may also increase risks related to cyberattacks or other security incidents or result in a failure to protect confidential information. Because AI technology is highly complex and rapidly developing, it is not possible to predict all of the legal, operational or technological risks that may arise relating to our use of AI. **Current (2025):** We use, and are expanding our use of, machine learning and AI technologies in our products and processes. If we fail to keep pace with rapidly evolving AI technological developments, or fail to launch products that are competitive, our competitive position and business results may be negatively impacted. If our competitors or other third parties incorporate AI technologies, such as emerging generative and agentic AI, into their products and processes more quickly or more successfully than us, this could impair our ability to compete effectively. Our use of AI technologies, including generative and agentic AI, requires resources to develop, test and maintain such products, which is costly. Despite our investments in, and commitment of resources to, the development of AI products and technologies, we may not be successful in generating revenues from these efforts. In addition, third parties may be able to use AI to create technology that could reduce demand for our products and services. The introduction of AI technologies, particularly generative and agentic AI, into new or existing offerings may result in new or expanded risks and liabilities, due to enhanced governmental or regulatory scrutiny, litigation, compliance issues, ethical concerns, confidentiality, data privacy or security risks, as well as other factors that could adversely affect our business, reputation, and financial results. For example, AI technologies can lead to unintended consequences and errors, including generating content that appears correct but is factually inaccurate, misleading or otherwise flawed, or that results in unintended biases and discriminatory outcomes, which could harm our reputation and expose us to liability. If the content, analyses, or recommendations that AI applications assist in producing are, or are alleged to be, deficient, inaccurate, unreliable, misleading, biased, discriminatory or otherwise flawed, any of which may not be easily detectable, our business and reputation may be adversely affected. Use of AI technologies, and the evolving legal, regulatory and compliance framework for AI, could impact our ability to protect our data and intellectual property, as well as vendor and client information, and could expose us to intellectual property or other claims by third parties. Use of AI technologies may also increase risks related to cyberattacks or other security incidents or result in a failure to protect confidential information. Because AI technology is highly complex and rapidly developing, it is not possible to predict all of the legal, operational or technological risks that may arise relating to our use of AI. These risks include the possibility of enhanced governmental or regulatory scrutiny, litigation or other legal liability, compliance issues, ethical concerns, negative client perceptions, confidentiality or security risks, as well as other factors. Any of these issues could materially adversely affect our business, financial condition or results of operations. AI technologies used in our products and processes may use or incorporate data from third-party sources, including information they input into the AI tools, which may expose us to risks associated with data rights and protection. --- ## Modified: Failure to enter into, renew or comply with contracts supplying new and existing content sets or products on competitive terms **Key changes:** - Removed sentence: "We combine the data from these sources into our own dedicated databases." - Removed sentence: "Clients have access to the data and content found within our databases." - Reworded sentence: "Some of our content provider agreements are with competitors or smaller entities who may be acquired by our competitors, who may attempt to make renewals difficult or expensive." **Prior (2024):** We collect and aggregate third-party content from data suppliers, news sources, exchanges, brokers and contributors into our own dedicated managed databases, which clients access to perform their analyses. We combine the data from these sources into our own dedicated databases. Clients have access to the data and content found within our databases. These databases are important to our operations as they provide clients with key information. We have entered into third-party content agreements of varying lengths, which in some cases can be terminated on one year's notice at predefined dates, and in other cases on shorter notice. Some of our content provider agreements are with competitors, who may attempt to make renewals difficult or expensive. We seek to maintain favorable contractual relationships with our data suppliers, including those that are also competitors. However, we cannot control the actions and policies of our data suppliers and we may have data suppliers who provide us with notice of termination, or exclude or restrict us from use of their content, or only license such content at prohibitive cost. Additionally, despite our efforts to comply with our third-party data supplier agreements, there can be no assurances that third parties may not challenge our use of their content, which could result in increased licensing costs, loss of rights, and costly legal actions. Certain data sets that we rely on have a limited number of suppliers, although we make every effort to assure that, where reasonable, alternative sources are available. We are not dependent on any one third-party data supplier to meet the needs of our clients, with only two data suppliers each representing more than 10% of our total data costs for fiscal 2024. Our failure to be able to maintain our supplier relationships, or the failure of our suppliers to deliver accurate data or in a timely manner, or the occurrence of a dispute with a vendor over use of their content, could increase our costs and reduce the type of content and products and services available to our clients, which could harm our reputation in the marketplace and adversely affect our business. **Current (2025):** We collect and aggregate third-party content from data suppliers, news sources, exchanges, brokers and contributors into our own dedicated managed databases, which clients access to perform their analyses. These databases are important to our operations as they provide clients with key information. We have entered into third-party content agreements of varying lengths, which in some cases can be terminated on one year's notice at predefined dates, and in other cases on shorter notice. Some of our content provider agreements are with competitors or smaller entities who may be acquired by our competitors, who may attempt to make renewals difficult or expensive. We seek to maintain favorable contractual relationships with our content suppliers, including those that are also competitors. However, we cannot control the actions and policies of our content suppliers and we may have content suppliers who provide us with notice of termination, or exclude or restrict us from use of their content, or only license such content at prohibitive cost. Additionally, despite our efforts to comply with our third-party content supplier agreements, there can be no assurances that third parties may not challenge our use of their content, especially during periods of economic uncertainty, which could result in increased licensing costs, loss of rights, and costly legal actions. Certain content sets that we rely on have a limited number of suppliers, although we make every effort to assure that, where reasonable, alternative sources are available. We are not dependent on any one third-party content supplier to meet the needs of our clients, with two data suppliers each representing more than 10% of our total content costs for fiscal 2025. Additionally, we use AI technologies from third party suppliers, which may include open-source software. If we are unable to maintain rights to use these AI technologies on commercially reasonable terms, we may be forced to acquire or develop alternate AI technologies. Our failure to be able to maintain our supplier relationships, or the failure of our suppliers to deliver accurate content or in a timely manner, or the occurrence of a dispute with a vendor over use of their content, could increase our costs and reduce the type of content and products and services available to our clients, which could harm our reputation in the marketplace and adversely affect our business. --- ## Modified: A prolonged or recurring outage and other business continuity disruptions could result in a reduced or total loss of service; the loss of clients and adverse impact on our reputation **Key changes:** - Reworded sentence: "Our clients rely on us for the delivery of time-sensitive, accurate, complete and up-to-date data and applications." - Reworded sentence: "If we experience significant growth of our client base, increases in the number of products or services we offer, or increases in the speed at which we are required to provide products and services, it may strain our systems." - Reworded sentence: "Our computer operations, as well as our other business centers, and those of our suppliers and clients, may be vulnerable to interruption by fire, natural disaster, public health crisis (e.g., pandemics), extreme weather or climate conditions, power loss, telecommunication failures, terrorist attacks, acts of war or civil unrest, internet failures, computer viruses, security breaches, employee or systems errors, and other events beyond our reasonable control." - Reworded sentence: "We also currently use multiple providers of cloud services; however, one supplier provides the majority of our cloud computing support." - Reworded sentence: "We maintain back-up facilities and certain other redundancies for each of our data centers to minimize the risk that any event will disrupt those operations, but if we were to suffer such an event it may mean we are unable to provide our service for a prolonged period of time, and our IT disaster recovery processes may not be adequate." **Prior (2024):** Our clients rely on us for the delivery of time-sensitive, up-to-date data and applications. Our business is dependent on our ability to process substantial volumes of data and transactions rapidly and efficiently on our computer-based networks, database storage facilities, and other network infrastructure, which are located across multiple facilities globally. If we experience significant growth of our customer base, increases in the number of products or services, or increase in the speed at which we are required to provide products and services, it may strain our systems. Additionally, our systems and networks may become strained due to aging or end-of-life technology that we have not yet updated or replaced. Our computer operations, as well as our other business centers, and those of our suppliers and clients, may be vulnerable to interruption by fire, natural disaster, extreme weather or climate conditions, power loss, telecommunications failures, terrorist attacks, acts of war or civil unrest, internet failures, computer viruses or security breaches, employee or systems errors, and other events beyond our reasonable control. In addition, in the remote work environments, the daily activities and productivity of our workforce is now more closely tied to key vendors, such as video conferencing services, consistently delivering their services without material disruption. Our ability to deliver information using the internet and to operate in a remote working environment may be impaired because of infrastructure failures, service outages at third-party internet providers, malicious attacks, or other factors. We also currently use multiple providers of cloud services; however, one supplier provided the majority of our cloud computing support for fiscal 2024. While we believe this provider to be reliable, we have limited control over its performance, and a disruption or loss of service from this provider could impair our system's operation and our ability to operate for a period of time. We maintain back-up facilities and certain other redundancies for each of our data centers to minimize the risk that any such event will disrupt those operations. We are currently in the midst of a multi-year project to enhance our information technology disaster recovery processes with modernized tooling and automation to maximize resiliency and minimize recovery time in the event of a service disruption. However, a loss of our services involving our significant facilities may materially disrupt our business and may induce our clients to seek alternative data suppliers. Any such losses or damages we incur could have a material adverse effect on our business. Although we seek to minimize these risks through security measures, controls, back-up data centers, emergency planning and disaster recovery processes, there can be no assurance that such efforts will be successful or effective. Additionally, we may also face significant increases in our use of power and data storage and may experience a shortage of capacity and increased costs associated with such usage. **Current (2025):** Our clients rely on us for the delivery of time-sensitive, accurate, complete and up-to-date data and applications. Our business is dependent on our ability to process substantial volumes of data and transactions rapidly and efficiently on our computer-based networks, database storage facilities, and other network infrastructure, which are located across multiple facilities globally. If we experience significant growth of our client base, increases in the number of products or services we offer, or increases in the speed at which we are required to provide products and services, it may strain our systems. Additionally, our systems and networks may become strained due to aging or end-of-life technology that we have not yet updated or replaced. Our computer operations, as well as our other business centers, and those of our suppliers and clients, may be vulnerable to interruption by fire, natural disaster, public health crisis (e.g., pandemics), extreme weather or climate conditions, power loss, telecommunication failures, terrorist attacks, acts of war or civil unrest, internet failures, computer viruses, security breaches, employee or systems errors, and other events beyond our reasonable control. In addition, in remote work environments, the daily activities and productivity of our workforce is now more closely tied to key vendors consistently delivering their services without material disruption. Our ability to deliver information using the internet and to operate in a remote working environment may be impaired because of infrastructure failures, service outages at third-party internet providers, malicious attacks, or other factors. We also currently use multiple providers of cloud services; however, one supplier provides the majority of our cloud computing support. While we believe this provider to be reliable, we have limited control over its performance, and a disruption or loss of service from this provider could impair our system's operation and our ability to operate for a period of time. We maintain back-up facilities and certain other redundancies for each of our data centers to minimize the risk that any event will disrupt those operations, but if we were to suffer such an event it may mean we are unable to provide our service for a prolonged period of time, and our IT disaster recovery processes may not be adequate. From time to time we have experienced outages across certain of our products and service providers, and we may still experience outages or other disruptions in the future, and such outages or disruptions may have a material adverse effect on the Company. We are currently implementing a multi-year project to enhance our information technology disaster recovery processes with modernized tooling and automation to maximize resiliency and minimize recovery time in the event of a service disruption. However, a loss of our services involving our significant facilities may materially disrupt our business and may induce our clients to seek alternative data suppliers. Any such losses or damages we incur could have a material adverse effect on our business. Although we seek to minimize these risks through security measures, controls, back-up data centers, emergency planning and disaster recovery processes, there can be no assurance that such efforts will be successful or effective. Additionally, we may face significant increases in our use of power and data storage and may experience a shortage of capacity and increased costs associated with such usage. --- ## Modified: Exposure to fluctuations in currency exchange rates and the failure of hedging arrangements **Key changes:** - Reworded sentence: "Due to the global nature of our operations, we are exposed to market risk arising from fluctuations in foreign currency exchange rates, particularly in our primary currency exposures, namely the British Pound Sterling, Euro, Indian Rupee and Philippine Peso." - Reworded sentence: "To manage this exposure, we use derivative instruments, specifically foreign currency forward contracts, that are designed to offset the impact of currency movements on a portion of our projected operating expenses related to our primary currency exposures." **Prior (2024):** Due to the global nature of our operations, we conduct business outside the U.S. in several currencies. Our primary currency exposures include the British Pound Sterling, Euro, Indian Rupee and Philippine Peso. To the extent our international activities increase in the future, our exposure to fluctuations in currency exchange rates may increase as well. To manage this exposure, we utilize derivative instruments, namely foreign currency forward contracts. By their nature, all derivative instruments involve elements of market and credit risk. The market risk associated with these instruments resulting from currency exchange movements is expected to offset the market risk of the underlying transactions, assets and liabilities being hedged. Credit risk is managed through the continuous monitoring of exposure to the counterparties associated with these instruments. Our primary objective in holding derivatives is to reduce the volatility of earnings with changes in foreign currency. Although we believe that our foreign exchange hedging policies are reasonable and prudent under the circumstances, our attempt to hedge against these risks may not be successful, which could cause an adverse impact on both our results of operations and cash flows. **Current (2025):** Due to the global nature of our operations, we are exposed to market risk arising from fluctuations in foreign currency exchange rates, particularly in our primary currency exposures, namely the British Pound Sterling, Euro, Indian Rupee and Philippine Peso. These fluctuations can adversely affect our financial results. To the extent our international activities increase in the future, our exposure to fluctuations in currency exchange rates may increase as well. To manage this exposure, we use derivative instruments, specifically foreign currency forward contracts, that are designed to offset the impact of currency movements on a portion of our projected operating expenses related to our primary currency exposures. Although we believe that our foreign exchange hedging policies are reasonable and prudent under the circumstances, our attempt to hedge fluctuations in foreign currency exchange rates may not be successful, which could cause an adverse impact on both our results of operations and cash flows. --- ## Modified: Competition in our industry may cause price reductions or loss of market share, or limit our growth or profitability **Key changes:** - Reworded sentence: "We continue to experience intense competition across all of our products and services, with competitors ranging in size from smaller, highly specialized, single-product businesses to multi-billion-dollar companies." - Reworded sentence: "Clients within the financial services industry that strive to reduce their operating costs may seek to reduce their spending on financial market data and related services, such as ours." - Added sentence: "16 16 16 Table of Contents Table of Contents" **Prior (2024):** We continue to experience intense competition across all markets for our products and services, with competitors ranging in size from smaller, highly specialized, single-product businesses to multi-billion-dollar companies. While we believe the breadth and depth of our suite of products and applications offer benefits to our clients that are a competitive advantage, our competitors may offer price incentives to attract new business. Future competitive pricing pressures may result in decreased sales volumes and price reductions, resulting in lower revenues and ASV. Weak economic conditions may also result in clients seeking to utilize lower-cost information that is available from alternative sources. The impact of cost-cutting pressures across the industries we serve could lower demand for our products and services. Clients within the financial services industry that strive to reduce their operating costs may seek to reduce their spending on financial market data and related services, such as 15 15 15 Table of Contents Table of Contents ours. If our clients consolidate their spending with fewer suppliers, by selecting suppliers with lower-cost offerings or by self-sourcing their needs for financial market data, our business could be negatively affected. **Current (2025):** We continue to experience intense competition across all of our products and services, with competitors ranging in size from smaller, highly specialized, single-product businesses to multi-billion-dollar companies. New and existing competitors are constantly developing innovative products or business models, including alternative data, analytics, technology-enabled platforms, and fintech solutions. Many of these competitors also have significant AI capabilities and funding. Some of these competitors may be able to introduce new technology, deliver products and services, or leverage data and analytics faster or more effectively than we can. The rapid pace of technological change, including advances in AI, cloud computing, and machine learning, along with evolving client demands, could cause our products and services to become outdated or less competitive. If we fail to keep pace with innovation, invest in developing new technology or data products, or successfully respond to disruptive competitors and emerging industry standards, our market position, revenues and operating results could be adversely affected. While we believe the breadth and depth of our suite of products and applications offer benefits to our clients that are a competitive advantage, our competitors may offer price incentives to attract new business. Future competitive pricing pressures may result in decreased sales volumes and price reductions, resulting in lower revenues and ASV. Weak economic conditions may also result in clients seeking to utilize lower-cost information that is available from alternative sources. The impact of cost-cutting pressures across the industries we serve could lower demand for our products and services. Clients within the financial services industry that strive to reduce their operating costs may seek to reduce their spending on financial market data and related services, such as ours. If our clients consolidate their spending with fewer suppliers, by selecting suppliers with lower-cost offerings or by self-sourcing their needs for financial market data, our business could be negatively affected. 16 16 16 Table of Contents Table of Contents --- ## Modified: Legislative and regulatory changes in the environments in which we and our clients operate **Key changes:** - Reworded sentence: "20 20 20 Table of Contents Table of Contents Many of our clients operate within a highly regulated environment and must comply with governmental legislation and regulations." - Reworded sentence: "Some recent legislative and regulatory changes that we believe could impact us and our clients include: (a) in the U.S., the Financial Data Transparency Act 2022 ("FDTA"), which requires the FDTA's sponsoring U.S." **Prior (2024):** As a business, we are subject to numerous laws and regulations in the U.S. and in the other countries in which we operate. These laws, rules, and regulations, and their interpretations, may conflict or change in the future, and compliance with these changes may increase our costs or cause us to make changes in or otherwise limit our business practices. In addition, the global nature and scope of our business operations make it more difficult to monitor areas that may be subject to regulatory and compliance risk. If we fail to comply with any applicable law, rule, or regulation, we could be subject to claims and fines and suffer reputational damage. Uncertainty caused by political change globally and complex relationships across countries heightens the risk of regulatory uncertainty. Many of our clients operate within a highly regulated environment and must comply with governmental legislation and regulations. The U.S. regulators have increased their focus on the regulation of the financial services industry. Increased regulation of our clients may increase their expenses, causing them to seek to limit or reduce their costs from outside services such as ours. Additionally, if our clients are subjected to investigations or legal proceedings they may be adversely impacted, possibly leading to their liquidation, bankruptcy, receivership, reduction in assets under management, or diminished operations, which would adversely affect our revenues. Some recent legislative and regulatory changes that we believe might materially impact us and our clients include: (a) in the European Union ("EU") and the United Kingdom ("UK"), the Markets in Financial Instruments Directive (recast) ("MiFID II"), which became effective in January 2018, may adversely affect demand for our products and services; (b) in the UK, the uncertainty surrounding the UK and EU regulatory frameworks following the UK's departure from the EU in January 2020 ("Brexit"), including the Financial Services and Markets Bill, may negatively impact our revenues or growth; and (c) evolving laws, rules and regulations in a variety of jurisdictions around such areas as climate, data privacy, cybersecurity, AI and data protection. **Current (2025):** As a business, we are subject to numerous laws and regulations in the U.S. and in the other countries in which we operate. These laws, rules, and regulations, and their interpretations, may conflict or change in the future, and compliance with these changes may increase our costs or cause us to make changes in or otherwise limit our business practices. In addition, the global nature and scope of our business operations make it more difficult to monitor areas that may be subject to regulatory and compliance risk. If we fail to comply with any applicable law, rule, or regulation, we could be subject to claims and fines and suffer reputational damage. Uncertainty caused by political change globally and complex relationships across countries heightens the risk of regulatory uncertainty. 20 20 20 Table of Contents Table of Contents Many of our clients operate within a highly regulated environment and must comply with governmental legislation and regulations. During the last several years, global regulators have increased their focus on the regulation of the financial services industry. Increased regulation of our clients may increase their expenses, causing them to seek to limit or reduce their costs from outside services such as ours. Some recent legislative and regulatory changes that we believe could impact us and our clients include: (a) in the U.S., the Financial Data Transparency Act 2022 ("FDTA"), which requires the FDTA's sponsoring U.S. government agencies to identify standards, including common identifiers, for reporting financial products and transactions to those agencies; (b) in the EU, the EU's DORA imposes operational resilience and cyber security standards and obligations, including technical and organizational standards and responsibilities which require technology and/or organizational investment, upon (i) many of our financial market clients, who aim to pass such obligations onto vendors, including us, and (ii) information and communications technology providers designated by the EU as "Critical Third Party Providers." The United Kingdom ("UK") is advancing similar legislation and other jurisdictions could follow; and (c) in Asia Pacific, we and our clients are subject to a number of regulatory risks. For example, in China, there is an evolving regulatory environment and complex data security and data transfer regulations. These factors may increase compliance risk and costs for us and our clients. --- ## Modified: Economic, political and other forces beyond our control could adversely affect our business. **Key changes:** - Reworded sentence: "Negative conditions in the general economy in either the U.S." **Prior (2024):** Our costs and the demand for our products and services may be impacted by domestic and international factors that are beyond our control. Negative conditions in the general economy in either the United States or abroad, including conditions resulting from financial and credit market fluctuations, changes in economic policy, inflation rate fluctuations and trade uncertainty, including changes in tariffs, sanctions, international treaties and other trade restrictions, or other geopolitical events, such as the ongoing military conflicts between Russia and Ukraine and in the Middle East, could result in an increase in our costs and/or a reduction in demand for our products and services, which could have an adverse effect on our results of operations and financial condition. **Current (2025):** Our costs and the demand for our products and services may be impacted by domestic and international factors that are beyond our control. Negative conditions in the general economy in either the U.S. or abroad, including conditions resulting from financial and credit market fluctuations, changes in economic policy, inflation rate fluctuations and trade uncertainty, including changes in tariffs, sanctions, international treaties and other trade restrictions, or other geopolitical events, such as the ongoing military conflicts between Russia and Ukraine and in the Middle East, natural and man-made disasters and public health crises (e.g., pandemics) could result in an increase in our costs and/or a reduction in demand for our products and services, which could have an adverse effect on our results of operations and financial condition. 22 22 22 Table of Contents Table of Contents In addition, the U.S. has imposed tariffs on many foreign products, including tariffs on imports from China, that in the past have resulted in and may result in future retaliatory tariffs on U.S. goods and products and restrictions on exports to the U.S. Such developments have the potential to adversely impact the U.S. economy, our industry and the demand for our products. There remains uncertainty surrounding tariffs imposed by the U.S. and China and trade relations between the two countries, and we cannot predict whether these policies will continue, or if new policies will be enacted (which may restrict our ability to operate in China, or lead to other consequences, such as the need to comply with data localization requirements). As a result, such changes could have a material adverse effect on our business, financial condition and results of operations. --- ## Modified: Transition to new technologies, applications and processes could expose us to unanticipated disruptions or impacts **Key changes:** - Reworded sentence: "To remain competitive, we must invest, adapt and migrate to new technologies, applications and processes, including the evolving use of AI technology and agentic AI (see "Our use of AI technologies may not be successful and may present business, compliance, and reputational risks" below for further discussion)." - Reworded sentence: "The implementation of new technologies and infrastructure, such as migration to new cloud-based systems and increased utilization of AI internally and in our products and services, is complex and can involve substantial expenditures, as well as, risks inherent in the conversion to any new system, including potential loss of information and disruption to operations." **Prior (2024):** The technology landscape is constantly evolving. To remain competitive, we must adapt and migrate to new technologies, applications and processes, including the evolving use of AI technology. Use of more advanced technologies and infrastructure is critical to the development of our products and services, the scaling of our business for future growth, and the accurate maintenance of our data and operations. The implementation of new technologies and infrastructure, such as migration to new cloud-based systems and increased utilization of AI internally and in our products and services, is complex and can involve substantial expenditures as well as risks inherent in the conversion to any new system, including potential loss of information and disruption to operations. We may experience unanticipated interruption and delay in the performance and delivery of certain of our products and services. Certain of our technologies are also dependent upon third-party providers to maintain adequate systems to protect the security of our confidential information and data. Failure by our providers to maintain appropriate security could result in unauthorized access to our systems or a network disruption that could further lead to improper disclosure of confidential information or data, regulatory penalties and remedial costs. Any disruption to either the 14 14 14 Table of Contents Table of Contents provider's systems or the communication links between us and the provider could negatively affect our ability to operate our data systems and could impair our ability to provide products and services to our clients. If the products and services to our clients are disrupted, or if there is unauthorized access to the confidential information of our clients or our vendors, we could suffer significant damage to our brand and reputation and lose clients. We also may incur increased operating expenses to recover data, repair or remediate systems, equipment or facilities, and to protect ourselves from such disruptions. As we increase our reliance on third-party systems, our exposure to damages from services disruptions may increase, and we may incur additional costs to remedy damages caused by these disruptions. **Current (2025):** The technology landscape is constantly evolving. To remain competitive, we must invest, adapt and migrate to new technologies, applications and processes, including the evolving use of AI technology and agentic AI (see "Our use of AI technologies may not be successful and may present business, compliance, and reputational risks" below for further discussion). Use of more advanced technologies and infrastructure is critical to the development of our products and services, the scaling of our business for future growth, and the accurate maintenance of our data and operations. The implementation of new technologies and infrastructure, such as migration to new cloud-based systems and increased utilization of AI internally and in our products and services, is complex and can involve substantial expenditures, as well as, risks inherent in the conversion to any new system, including potential loss of information and disruption to operations. --- ## Modified: Unauthorized access to confidential data including client data, other cyber-attacks, and the failure of our cyber-security systems and procedures **Key changes:** - Reworded sentence: "Many of our products, as well as our internal systems and processes, involve the collection, retrieval, processing, storage and transmission of our own, as well as supplier and client, proprietary information and sensitive or confidential data through a variety of media channels." - Reworded sentence: "In addition, failure by our clients or third-party service providers to notify us of system failures or security breaches in a timely manner could lead to unauthorized access to our systems and data, resulting in adverse effects on our business, operating results or financial condition." - Removed sentence: "We also make acquisitions periodically." - Removed sentence: "While significant effort is placed on addressing information technology security issues with respect to the acquired companies, we may inherit such risks when these acquisitions are integrated into our infrastructure." - Added sentence: "14 14 14 Table of Contents Table of Contents" **Prior (2024):** In providing our digital-enabled products and services to clients, we rely on information technology infrastructure that is managed internally along with placing reliance on third-party service providers for critical functions. We and these third-party service providers are subject to the risks of system failures and security breaches, including cyber-attacks (such as those sponsored by nation-states, terrorist organizations, or global corporations seeking to illicitly obtain technology or other intellectual property and those accomplished by phishing scams, hacking, viruses, denials of service attacks, tampering, intrusions, physical break-ins, ransomware and malware), as well as employee errors or malfeasance. In some cases, these risks might be heightened when employees are working remotely. Our and our vendors' use of mobile and cloud technologies may increase our risk for such threats. Our protective systems and procedures and those of third parties to which we are connected, such as cloud computing providers, may not be effective against these threats. Our information technology systems must be constantly updated and patched to protect against known vulnerabilities and to optimize performance. While we have dedicated resources responsible for maintaining appropriate levels of cybersecurity and implemented systems and processes intended to help identify cyberattacks and protect and remediate our network infrastructure, we are aware that these attacks have become increasingly frequent, sophisticated, and difficult to detect and, as a result, we may not be able to anticipate, prevent or detect all such attacks. We also may be impacted by a cyberattack targeting one of our vendors or within our technology supply chain or infrastructure. Our contracts with service providers typically require them to implement and maintain adequate security controls, but we may not have the ability to effectively monitor these security measures. As a result, inadequacies of the third-party security technologies and practices may not be detected until after a security breach has occurred. These risks may be heightened in connection with employees working from remote work environments, as our dependency on certain service providers, such as video conferencing and web conferencing services, has significantly increased. In addition, to access our network, products and services, customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own security risk. 13 13 13 Table of Contents Table of Contents We could suffer significant damage to our brand and reputation: if a cyber-attack or other security incident were to allow unauthorized access to, or modification of, clients' or suppliers' data, other external data, internal data or information technology systems; if the products and services provided to clients were disrupted; or if products and services were perceived as having security vulnerabilities. The costs we would incur to address and resolve these security incidents would increase our expenses. These types of security incidents could also lead to lawsuits, regulatory investigations and claims, loss of business and increased legal liability. Cyberattacks, security breaches or third-party reports of perceived security vulnerability to our systems, even if no breach has occurred, also could damage our brand and reputation, result in litigation, regulatory actions, loss of client confidence and increased legal liability. We also make acquisitions periodically. While significant effort is placed on addressing information technology security issues with respect to the acquired companies, we may inherit such risks when these acquisitions are integrated into our infrastructure. While we maintain insurance coverage that is intended to address certain aspects of cybersecurity and data protection risks, such coverage may not include, or may not be sufficient to cover, all or the majority of the costs, losses or types of claims. **Current (2025):** Many of our products, as well as our internal systems and processes, involve the collection, retrieval, processing, storage and transmission of our own, as well as supplier and client, proprietary information and sensitive or confidential data through a variety of media channels. We rely on, and continuously invest in, internal processes, controls, policies, procedures and employee training programs designed to protect confidential data received in the ordinary course of business, including information from client portfolios and strategies. However, these measures do not guarantee security, and improper access to or release of confidential information may still occur - whether due to employee error or malfeasance, system error, inadvertent release, failure to properly purge or protect data, or through cyber-attacks. Our size, scale and role in the financial markets increases our risk for cyber-attacks and our exposure to other cyber-security risks. We use third-party service providers for certain critical functions. We and our third-party service providers are subject to the risks of system failures, security breaches and cyber-attacks, such as those sponsored by nation-states, terrorist organizations, or global corporations seeking to illicitly obtain technology or other intellectual property, including through the use of generative AI, agentic AI, phishing scams, hacking, viruses, denial of service attacks, tampering, intrusions, physical break-ins, ransomware and malware, employee errors or malfeasance. Cyber-security risks also may be derived from fraud or malice on the part of our employees or third-party service providers, or may result from human error, software bugs, server malfunctions, software or hardware failures or other technological failures. Our and our vendors' use of mobile and cloud technologies may increase our risk for such threats. Our protective systems and procedures and those of third parties to which we are connected, such as cloud computing providers, may not be effective against these threats. In addition, failure by our clients or third-party service providers to notify us of system failures or security breaches in a timely manner could lead to unauthorized access to our systems and data, resulting in adverse effects on our business, operating results or financial condition. We also make acquisitions periodically. While significant effort is placed on addressing information technology security issues with respect to the companies we acquire, we may inherit such risks when these acquisitions are integrated into our infrastructure. Although we conduct due diligence during acquisition processes, acquired businesses may not have invested as heavily in security measures and technology, and this may introduce additional security risk. While we have dedicated resources responsible for maintaining appropriate levels of cybersecurity, and implemented systems and processes intended to help identify cyberattacks and protect and remediate our network infrastructure, we may not be able to anticipate, prevent or detect all such attacks. As these threats continually evolve, we are required to devote additional resources and investment to modify or enhance our systems and processes, including patch and vulnerability management, which we may not be able to do in a timely or complete manner, or without adversely impacting our business, financial condition or results of operations. We make a range of commitments to our clients regarding our security practices, processes and security posture. If we do not adequately implement and enforce these security practices to the satisfaction of our clients, we could be in violation of our commitments to our clients. Cyberattacks, security breaches or third-party reports of perceived security vulnerability to our systems, even if no breach has occurred, also could damage our brand and reputation, result in litigation, regulatory actions, loss of client confidence and increased legal liability. While we maintain insurance coverage that is intended to address certain aspects of cybersecurity and data protection risks, such coverage may not include, or may not be sufficient to cover, all or the majority of the costs, losses or types of claims. 14 14 14 Table of Contents Table of Contents --- ## Modified: Adverse resolution of litigation or governmental investigations **Key changes:** - Reworded sentence: "We are party to lawsuits in the normal course of our business, including a purported class action relating to our acquisition, and operation of, the CGS business (Dinosaur Financial Group LLC et al." - Added sentence: "While we maintain insurance coverage in respect of certain risks, some of these lawsuits may not be covered by existing insurance." - Added sentence: "Even if we successfully defend against these lawsuits, the costs of defending such lawsuits may be material to our business, operating results or financial condition and may divert our management's attention from our business operations." - Added sentence: "From time to time, we receive client complaints." - Added sentence: "We believe we have strong contractual protection in the terms and conditions included in our arrangements with our clients." **Prior (2024):** We are party to lawsuits in the normal course of our business. Litigation and governmental investigations can be expensive, lengthy and disruptive to normal business operations. Moreover, the results of complex legal proceedings are difficult to predict. Unfavorable resolution of lawsuits could have a material adverse effect on our business, operating results or financial condition. For additional information regarding legal matters, see Item 3. Legal Proceedings, of this Annual Report on Form 10-K. **Current (2025):** We are party to lawsuits in the normal course of our business, including a purported class action relating to our acquisition, and operation of, the CGS business (Dinosaur Financial Group LLC et al. v. S&P Global, Inc. et al). Litigation and governmental investigations can be expensive, lengthy and disruptive to normal business operations. Moreover, the results of complex legal proceedings are difficult to predict. Unfavorable resolution of lawsuits could have a material adverse effect on our business, operating results or financial condition. While we maintain insurance coverage in respect of certain risks, some of these lawsuits may not be covered by existing insurance. Even if we successfully defend against these lawsuits, the costs of defending such lawsuits may be material to our business, operating results or financial condition and may divert our management's attention from our business operations. For additional information regarding legal matters, see Item 3. Legal Proceedings, of this Annual Report on Form 10-K. From time to time, we receive client complaints. We believe we have strong contractual protection in the terms and conditions included in our arrangements with our clients. Nonetheless, in the interest of managing client relationships, we may from time to time engage in dialogue with clients in an effort to resolve such complaints, and if such complaints cannot be resolved through dialogue, we may face litigation regarding such complaints. --- ## Modified: Compliance with global data privacy laws which are constantly evolving **Key changes:** - Reworded sentence: "We, and certain types of information we collect, compile, use, and publish, are subject to numerous global laws and regulations governing the protection of personal and confidential information of our clients, employees and products in the jurisdictions in which we operate." - Added sentence: "Further, global privacy, data localization, data maintenance, data transfer and data protection legislation, regulatory, enforcement, and policy activity are rapidly and continually evolving and creating a complex regulatory compliance environment." - Added sentence: "21 21 21 Table of Contents Table of Contents" **Prior (2024):** Many of our products, as well as our internal systems and processes, involve the collection, retrieval, processing, storage and transmission through a variety of media channels of our own, as well as supplier and customer, proprietary information and sensitive or confidential data. We rely on, and continuously invest in, a complex system of internal processes and controls, along with policies, procedures and training, designed to protect data that we receive in the ordinary course of business, including information from client portfolios and strategies. However, these measures do not guarantee security, and improper access to or release of confidential information may still occur through, for example, employee error or malfeasance, system error, other inadvertent release, failure to properly purge and protect data, or cybersecurity threats or attacks. Additionally, the maintenance and enhancement of our systems may not be completely effective in preventing loss, unauthorized access or misappropriation. Data misappropriation, unauthorized access or data loss could instill a lack of confidence in our products and systems and damage our brand, reputation and business. Breaches of security measures could expose us, our clients or the individuals affected to a risk of loss or misuse of this information, potentially resulting in litigation and liability for us, as well as the loss of existing or potential clients and suppliers. Many jurisdictions in which we operate have laws and regulations relating to data privacy and protection of personal information, including, for example, the European Union's General Data Protection Regulation, an increasing number of U.S. state laws, such as California's Consumer Privacy Act and Connecticut's Personal Data Privacy and Online Monitoring Act, China's Personal Information Protection Law, and India's Digital Personal Data Protection Act. These laws contain requirements regarding the handling of personal and sensitive data, including our use, protection and the ability of persons whose data is stored to correct or delete such data about themselves. The law in this area continues to develop and the changing nature of these laws could impact our processing and cross-border transfer of personal and sensitive information related to our content, operations, employees, clients, suppliers and others, and may expose us to claims of violations. **Current (2025):** We, and certain types of information we collect, compile, use, and publish, are subject to numerous global laws and regulations governing the protection of personal and confidential information of our clients, employees and products in the jurisdictions in which we operate. These include, for example, the EU's General Data Protection Regulation, an increasing number of U.S. state laws, such as California's Consumer Privacy Act and Connecticut's Personal Data Privacy and Online Monitoring Act, China's Personal Information Protection Law, and India's Digital Personal Data Protection Act. These laws contain requirements regarding the handling of personal and sensitive data, including our use, protection and the ability of persons whose data is stored to correct or delete such data about themselves. The law in this area continues to develop and the changing nature of these laws could impact our processing and cross-border transfer of personal and sensitive information related to our content, operations, employees, clients, suppliers and others, and may expose us to claims of violations. Further, global privacy, data localization, data maintenance, data transfer and data protection legislation, regulatory, enforcement, and policy activity are rapidly and continually evolving and creating a complex regulatory compliance environment. 21 21 21 Table of Contents Table of Contents --- ## Modified: Inability to hire and retain key qualified personnel or navigate key management transitions **Key changes:** - Reworded sentence: "The development, maintenance, sale and support of our products and services are dependent upon the knowledge, experience and ability of our highly skilled, educated and trained key personnel." **Prior (2024):** Our business is based on successfully attracting, motivating and retaining talented and diverse employees. Creating a diverse and inclusive environment that promotes empowerment and engagement is key to our ability to attract, retain, and develop talent. Competition for talent, especially engineering personnel, is strong. We need technical resources such as engineers to help develop new products and services and enhance existing products and services. We rely upon sales personnel to sell our products and services and maintain healthy business relationships. Our future success also is dependent on the continued service and performance of the members of our senior leadership team. All of these personnel possess business and technical capabilities that are difficult to replace. If we are unsuccessful in our recruiting efforts, or if we are unable to retain key employees, our ability to develop and deliver successful products and services may be negatively affected and could have a material, adverse effect on our business. **Current (2025):** The development, maintenance, sale and support of our products and services are dependent upon the knowledge, experience and ability of our highly skilled, educated and trained key personnel. Accordingly, our business is dependent on successfully attracting, retaining and training talented employees and navigating key management transitions (including in our executive leadership team) in a highly competitive business environment. Competition for talent, especially engineering, technology, and sales personnel, is strong. Our ability to attract and retain talented employees is dependent on a number of factors, including prevailing market conditions and compensation packages offered by companies competing for the same talent. Key management transitions, such as our recent change in Chief Executive Officer, involve inherent risk, and such transition periods can be disruptive and may result in a loss of personnel with deep institutional or technical knowledge. If we are unsuccessful in our recruiting efforts, or if we are unable to retain key employees or offer competitive compensation and benefit packages and career structures, or if we are unable to navigate key management transitions, our ability to develop and deliver successful products and services or achieve strategic goals may be adversely affected, which could have a material adverse effect on our business and results of operations. --- ## Modified: Our indebtedness may impair our financial condition and operations and restrict our activities or our ability to satisfy our obligations **Key changes:** - Reworded sentence: "Our indebtedness could have important consequences for our business, including making it more difficult to satisfy our obligations, increasing our vulnerability to general adverse economic and industry conditions, limiting our flexibility in planning for, or reacting to, changes in our business and the industry in which we operate, and placing us at a competitive disadvantage compared to our peers." **Prior (2024):** As of August 31, 2024, our total outstanding principal amount of debt was $1.4 billion, none of which is secured. This includes our obligations under the Senior Notes and the 2022 Credit Facilities. In addition, under the 2022 Revolving Facility, we have $250.0 million of unused commitments and an option to increase the size of the facility by an additional $750.0 million. Refer to Part II, Item 8. Note 12, Debt in the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for definitions of these terms and more information on our debt. Our indebtedness could have important consequences to investors, including: a.making it more difficult for us to satisfy our obligations; b.limiting our ability to borrow additional amounts to fund working capital, capital expenditures, acquisitions, debt service requirements, execution of our growth strategy and other purposes; 20 20 20 Table of Contents Table of Contents c.requiring us to dedicate a substantial portion of our cash flows from operations to pay interest on our debt and scheduled amortization on the 2022 Term Facility, which would reduce availability of our cash flow to fund working capital, capital expenditures, acquisitions, execution of our strategy and other general corporate purposes; d.making us more vulnerable to adverse changes in general economic, industry and government regulations and in our business by limiting our flexibility in planning for, and making it more difficult for us to react quickly to, changing conditions; e.placing us at a competitive disadvantage compared with those of our competitors that have less debt; and f.exposing us to risks inherent in interest rate fluctuations because some of our borrowings are at variable rates of interest, which could result in higher interest expense in the event of increases in market interest rates. In addition, we may not be able to generate sufficient cash flows from our operations to repay our indebtedness when it becomes due and to meet our other cash needs. If we are not able to pay our debts as they become due, we will be required to pursue one or more alternative strategies, such as selling assets, refinancing or restructuring our indebtedness or selling additional debt or equity securities. We may not be able to refinance our debt or sell additional debt or equity securities or our assets on favorable terms, if at all, and if we must sell our assets, it may negatively affect our ability to generate revenues. **Current (2025):** Our indebtedness could have important consequences for our business, including making it more difficult to satisfy our obligations, increasing our vulnerability to general adverse economic and industry conditions, limiting our flexibility in planning for, or reacting to, changes in our business and the industry in which we operate, and placing us at a competitive disadvantage compared to our peers. Our ability to meet our payment and other obligations under our debt depends on our ability to generate sufficient cash flow in the future. We cannot be certain that our business will generate cash flow from operations, or that future borrowings will be available to us under our existing or any future credit facilities or otherwise, in an amount sufficient to enable us to meet our indebtedness obligations and to fund other liquidity needs. Certain of our borrowings are based upon variable interest rates, and although we leverage interest rate swap agreements to manage a portion of our floating interest rate exposure, in the event of increases in interest rates, this could result in higher interest expense. In addition, we are subject to certain covenants, including financial covenants and certain limitations on the incurrence of additional debt, the creation of liens, our ability to enter certain transactions, and other matters. These covenants could adversely affect our ability to finance our future operations or capital needs and pursue available business opportunities. Events beyond our control, including changes in general economic and business conditions, may affect our ability to meet required financial covenants. A breach of any of these covenants or any other restrictive covenants contained in the definitive documentation governing our indebtedness would result in a default or an event of default, which could result in all of our debt becoming immediately due and payable or require us to negotiate an amendment to financial or other covenants that could cause us to incur additional fees and expenses. If new debt is added to our current debt levels, the risks described above could intensify. --- *Data sourced from SEC EDGAR. Last updated 2026-06-01.*