Fidelity National Information Services Inc.: 10-K Risk Factor Changes

As of December 31, 2024, we had total debt of approximately $11.3 billion. Our level of debt, or any increase in our debt level, could adversely affect our business, financial condition, operating results and operational flexibility, including as follows: (i) the debt level may cause us to have difficulty borrowing money in the future for working capital, capital expenditures, acquisitions or other purposes; (ii) our debt level may limit operational flexibility and our ability to pursue business opportunities and implement certain business strategies; (iii) some of our debt has a variable rate of interest, which exposes us to the risk of increased interest rates; (iv) we have a higher level of debt than some of our competitors or potential competitors, which may cause a competitive disadvantage and may reduce flexibility in responding to changing business and economic conditions, including increased competition and vulnerability to general adverse economic and industry conditions; (v) there are significant debt maturities or maturities that may need to be refinanced, potentially at higher rates; and (vi) failure to satisfy our obligations under our outstanding debt or failure to comply with the financial or other restrictive covenants contained in the indenture governing our senior notes or in our credit facility could result in an event of default that could cause all of our debt to become due and payable. 24 24 24 Table of Contents Table of Contents

As of December 31, 2023, we had total debt of approximately $19.1 billion. On January 31, 2024, we completed the Worldpay Sale. We intend to the use a portion of the proceeds from the sale to repay or otherwise retire approximately $9.0 billion of debt during 2024. However, there can be no assurance that we will be able to complete any such repayment transactions on terms acceptable to us, or at all. Our level of debt or any increase in our debt level could adversely affect our business, financial condition, operating results and operational flexibility, including the following: (i) the debt level may cause us to have difficulty borrowing money in the future for working capital, capital expenditures, acquisitions or other purposes; (ii) our debt level may limit operational flexibility and our ability to pursue business opportunities and implement certain business strategies; (iii) some of our debt has a variable rate of interest, which exposes us to the risk of increased interest rates; (iv) we have a higher level of debt than some of our competitors or potential competitors, which may cause a competitive disadvantage and may reduce flexibility in responding to changing business and economic conditions, including increased competition and vulnerability to general adverse economic and industry conditions; (v) there are significant maturities on our debt that we may not be able to repay at maturity or that may be refinanced at higher rates; and (vi) if we fail to satisfy our obligations under our outstanding debt or fail to comply with the financial or other restrictive covenants contained in the indenture governing our senior notes, or our credit facility, an event of default could result that could cause all of our debt to become due and payable.

We are unable to predict whether or when high profile digital banking security breaches or other information system failures will occur and, if they occur, whether consumers will reduce their digital banking service. If consumers reduce digital banking services, and we are not able to adapt to offer our clients alternative technologies, then our revenue and related earnings could be adversely affected. 18 18 18 Table of Contents Table of Contents

We are unable to predict whether or when high profile digital banking security breaches will occur and if they occur, whether consumers will reduce their digital banking service. If consumers reduce digital banking services, and we are not able to adapt to offer our clients alternative technologies, then our revenue and related earnings could be adversely affected.

The Company is subject to numerous global privacy, data protection, cybersecurity, cyber resilience, and AI laws and regulations, which are continuing to change in ways that impose increasingly complex and costly compliance obligations on us and that have had, and are expected to continue to have, a significant impact on our operations. Failure to comply with new and evolving laws and regulations in these areas could result in significant penalties, damage to our reputation, and loss of business. We have incurred, and will continue to incur, costs to comply with these new laws and regulations. There are also several additional laws being considered by state legislatures, the U.S. Congress, and governments around the world. As a result, we expect that a more substantial compliance effort with varying regimes in different jurisdictions will continue to be necessary in the future, which has the potential to further increase the cost and complexity of our business. Moreover, privacy, data protection, cybersecurity, cyber resilience, and AI laws may be interpreted and applied inconsistently from country to country and may impose inconsistent or conflicting requirements. Complying with varying jurisdictional requirements could increase the costs and complexity of compliance and associated recordkeeping costs or require us to change our business practices in a manner adverse to our business and to incur additional costs. Data localization requirements in evolving privacy, data protection, cybersecurity, cyber resilience, and AI laws could also increase the cost and alter the approach to housing data around the world. In addition, our businesses are increasingly subject to laws and regulations relating to digital transformation, surveillance, encryption, and data onshoring in the jurisdictions in which we operate. For example, under DORA, E.U. regulators are increasingly seeking to mitigate cyber threats and enhance digital resilience within the financial system through new regulations targeting the provision of critical third-party technology services. Compliance with these laws and regulations may require us to change our technology for information security, operational infrastructure, policies, and procedures, which could be time-consuming and costly and may result in additional regulatory burdens for the Company. Furthermore, compliance with these laws and regulations may indirectly impact us in circumstances where we act as a third-party service provider to clients, who are themselves subject to these laws and regulations and who will expect us to take appropriate steps to support them in achieving compliance.

The Company is subject to numerous global privacy, data protection and cybersecurity laws, which are continuing to change in ways that impose increasingly complex and costly compliance obligations on FIS and that have had, and are expected to continue to have, a significant impact on FIS' operations. Failure to comply with new and evolving laws in these areas could result in significant penalties, damage to our brand, and loss of business. FIS has incurred, and will continue to incur, costs to comply with these new laws. There are also several additional laws being considered by state legislatures, the U.S. Congress, and governments around the world. As a result, a more substantial compliance effort with varying regimes in different jurisdictions is expected to continue in the future, which has the potential to further increase the costs and complexities of FIS' business. Moreover, privacy, data protection and cybersecurity laws may be interpreted and applied inconsistently from country to country and impose inconsistent or conflicting requirements. Complying with varying jurisdictional requirements could increase the costs and complexity of compliance and associated recordkeeping costs or require us to change our business practices in a manner adverse to our business and to incur additional costs. Data localization requirements in evolving privacy, data protection and cybersecurity laws could also increase the cost and alter the approach to housing data around the world. In addition, our businesses are increasingly subject to laws and regulations relating to digital transformation, surveillance, cyber resilience, encryption, and data onshoring in the jurisdictions in which we operate. In particular, U.K. and European regulators are increasingly seeking to mitigate cyber threats and enhance digital resilience within the financial system through new regulations targeting the provision of critical third-party technology services. Compliance with these laws and regulations may require us to change our technology for information security, operational infrastructure, policies, and procedures, which could be time-consuming and costly and may result in additional regulatory burdens for the Company. Furthermore, compliance with these laws and regulations may indirectly impact the Company in circumstances where it acts as a third-party service provider to clients, who are themselves subject to these laws and regulations, and will expect the Company to take appropriate steps to support them in achieving compliance.

Many of our services are based on sophisticated software and computing systems, and we may encounter delays when developing new technology solutions and services. Further, the technology solutions underlying our services have occasionally contained, and may in the future contain, undetected errors or defects when first introduced or when new versions are released. In addition, we may experience difficulties in installing or integrating our technologies on platforms used by our clients, or our clients may cancel a project after we have expended significant effort and resources to complete an installation. Finally, our systems and operations have been, and in the future could be, exposed to damage or interruption from fire, floods, severe weather events, natural disasters, power loss, telecommunications failure, unauthorized entry and computer viruses. Defects in 14 14 14 Table of Contents Table of Contents our technology solutions or those of our third-party partners or elsewhere in the global cyber environment, errors or delays in the processing of electronic transactions, or other difficulties have resulted, and in the future could result, in (i) interruption of business operations; (ii) delay in market acceptance; (iii) additional development and remediation costs; (iv) diversion of technical and other resources; (v) loss of clients; (vi) negative publicity; or (vii) exposure to liability claims. Any one or more of the foregoing could have an adverse effect on our business, financial condition or results of operations. We cannot be certain that control measures, including system redundancies, security controls, and application development and testing controls, will be successful in preventing disruption or limiting our exposure. Further, most of the solutions we offer are very complex software systems that are regularly updated. No matter how careful the design and development, complex software often contains errors and defects when first introduced and when major new updates or enhancements are released. If errors or defects are discovered in current or future solutions, then we may not be able to correct them in a timely manner, if at all. In our development of updates and enhancements to our software solutions, we may make a major design error that causes the solution to operate incorrectly or less efficiently. The failure of software to perform properly could result in the Company and its clients being subjected to losses or liability, including censures, fines, or other sanctions by the applicable regulatory authorities, and we could be liable to parties who are financially harmed by those errors. In addition, such errors could cause the Company to lose revenue, lose clients or suffer damage to its reputation. In addition, we generally depend on a number of third parties, both in the United States and internationally, to supply elements of our systems, computers, research and market data, connectivity, communication network infrastructure, other equipment and related support and maintenance. We cannot be certain that any of these third parties will be able to continue providing these services to meet our evolving needs effectively. If our vendors, or in certain cases vendors of our customers, fail to meet their obligations, provide poor or untimely service or suffer operational disruptions, and we are unable to make alternative arrangements for the provision of these services, then we may in turn fail to provide our services or to meet our obligations to our customers, and our business, financial condition or results of operations could be adversely affected.

Many of our services are based on sophisticated software and computing systems, and we may encounter delays when developing new technology solutions and services. Further, the technology solutions underlying our services have occasionally contained, and may in the future contain, undetected errors or defects when first introduced or when new versions are released. In addition, we may experience difficulties in installing or integrating our technologies on platforms used by our clients, or our clients may cancel a project after we have expended significant effort and resources to complete an installation. Finally, our systems and operations could be exposed to damage or interruption from fire, floods, hurricanes, earthquakes, tornadoes, typhoons, drought, high-winds, severe weather events, other natural disasters, power loss, telecommunications failure, unauthorized entry and computer viruses. Defects in our technology solutions, errors or delays in the processing of electronic transactions, or other difficulties could result in (i) interruption of business operations; (ii) delay in market acceptance; (iii) additional development and remediation costs; (iv) diversion of technical and other resources; (v) loss of clients; (vi) negative publicity; or (vii) exposure to liability claims. Any one or more of the foregoing could have an adverse effect on our business, financial condition or results of operations. Although we attempt to limit our potential liability through controls, including system redundancies, security controls, application development and testing controls, and disclaimers and limitation-of-liability provisions in our license and client agreements, we cannot be certain that these measures will always be successful in preventing disruption or limiting our liability. Further, most of the solutions we offer are very complex software systems that are regularly updated. No matter how careful the design and development, complex software often contains errors and defects when first introduced and when major new updates or enhancements are released. If errors or defects are discovered in current or future solutions, then we may not be able to correct them in a timely manner, if at all. In our development of updates and enhancements to our software solutions, we may make a major design error that makes the solution operate incorrectly or less efficiently. The failure of software to properly perform could result in the Company and its clients being subjected to losses or liability, including censures, fines, or other sanctions by the applicable regulatory authorities, and we could be liable to parties who are financially harmed by those errors. In addition, such errors could cause the Company to lose revenue, lose clients or damage its reputation. In addition, we generally depend on a number of third parties, both in the United States and internationally, to supply elements of our systems, computers, research and market data, connectivity, communication network infrastructure, other equipment and related support and maintenance. We cannot be certain that any of these third parties will be able to continue providing these services to meet our evolving needs effectively. If our vendors, or in certain cases vendors of our customers, fail to meet their obligations, provide poor or untimely service, or we are unable to make alternative arrangements for the provision of these services, then we may in turn fail to provide our services or to meet our obligations to our customers, and our business, financial condition or results of operations could be adversely affected.

Security breaches, privacy breaches, cyberattacks, unintentional disclosures of confidential information, third-party breaches, service outages, or a failure to comply with information security laws or regulations, contractual provisions, or industry security requirements by us, our vendors, clients, or technology partners could harm our business by disrupting delivery of services, exposing sensitive or confidential information, or damaging our reputation, any of which could result in a breach of one or more client contracts or regulatory investigations, enforcement actions, fines or litigation. Cybersecurity is fundamental to our complex, global business. We and our vendors, service providers, technology partners, and clients electronically receive, process, store and transmit sensitive and confidential information of our business partners, clients and such clients' customers. We collect consumer personal data, such as names and addresses, Social Security Numbers, driver’s license numbers, financial account numbers, transactional history, cardholder data and payment history records. Such information is necessary to support our clients' transaction processing and to conduct our check authorization and collection businesses. We also collect personal data from our employees and contractors as necessary to support those relationships, comply with legal obligations, manage our workforce, and provide compensation and benefits. Our information systems and networks are dependent upon hardware, software, communication infrastructure and other technological components that are both developed by us and provided by third parties. These components sometimes require patches, updates, or remediation of known or potential vulnerabilities. Implementation challenges in timely completing these tasks can lead to security vulnerabilities that expose us, our systems and data to potential compromise or interruption. Our information systems are also 12 12 12 Table of Contents Table of Contents vulnerable to human error as well as malicious insider threats. Finally, the systems we rely on, which include hardware and software manufactured, developed or operated by third-party vendors and service providers, have in the past been subject to, and may in the future be subject to, cyber attacks or security incidents due to employee error or malfeasance, software bugs, hardware malfunctions or other security vulnerabilities. The uninterrupted operation of information systems operated by us, our vendors and service providers, and other third parties, as well as the confidentiality of the customer or consumer information that resides on such systems, is critical to the successful operation of our Company. For that reason, security or privacy breaches are some of the principal operational risks we face as a provider of services to financial institutions and businesses. Like other such providers, we are a regular target of attempts to identify and exploit system vulnerabilities and/or penetrate or bypass our security measures to gain unauthorized access to our networks and systems. If we fail to maintain an adequate security infrastructure, adapt to emerging security threats (such as the use of artificial intelligence by threat actors in furtherance of cyber attacks), regularly identify security vulnerabilities, prevent unauthorized access, identity theft or other cybersecurity risks (e.g., distributed denial of service, ransomware, and other cyber attacks), manage vendor or supply chain cybersecurity risks, adequately train users of our information systems, or implement sufficient security standards and technology to protect against security or privacy breaches, then the confidentiality, integrity or availability of the information we secure could be compromised. Unauthorized access to, or abuse of authorized access to, our computer systems or databases or our vendors' computer systems or databases could result in the theft or publication of confidential information and personal data, the deletion or modification of records, disruption of service delivery, installation of malware, and the potential need to pay ransom or otherwise cause interruptions in our operations. These issues could give rise to legal actions from clients and/or such clients' customers, regulatory investigations or enforcement activity, losses and expenses associated with such events, and damage to our reputation. Because we serve a diverse client base with different technology and service needs, we must continue to enhance our ability to manage the risks from the resulting diversity in potential security attacks. As a provider of services to financial institutions and businesses, we are bound by many of the same limitations on disclosure of the information we receive from clients that apply to the clients themselves. If we fail to comply with these regulations and industry security requirements, including those imposed by the payment card industry through its digital security standards and other rules, we could be exposed to damages from legal actions from clients and/or their customers, governmental proceedings, public disclosure and consumer notification requirements, and the imposition of significant fines or prohibitions on providing services. We operate in a highly regulated environment and are subject to a myriad of complex, evolving regulations and standards, including cybersecurity and privacy laws, regulations and industry standards. In addition, if more restrictive privacy laws, data protection rules or industry security requirements are adopted in the future on the federal or state level, or by a non-U.S. jurisdiction in or from which we serve clients, or by a specific industry body, those changes could have an adverse impact on our Company through increased costs or by imposing changes or inefficiencies on business processes. A material privacy or security incident would trigger SEC disclosure obligations and could trigger other applicable disclosure requirements, or be disclosed publicly, even if there is no legally required disclosure. Incident disclosure may increase the risks of private lawsuits or government enforcement action related to incidents, increase attention from malicious actors, and lead to greater regulatory scrutiny. The occurrence of any such incidents, and the related responses (if any) by regulators or third parties, may result in adverse publicity and reputational harm to us. If we are unable, or appears to be unable, to prevent cybersecurity or privacy breaches, we risk reputational damage. Our existing clients could lose confidence in our information systems and consequently choose to terminate their agreements with us. Such reputational harm could also inhibit our ability to attract new clients; potentially increase government, regulatory, or media scrutiny; or give rise to new regulatory requirements that adversely affect our ability to do business in one or more parts of the world.

Cybersecurity is fundamental to FIS' complex, global business. FIS and its vendors and technology partners electronically receive, process, store and transmit sensitive and confidential information of FIS' clients, such clients' customers and business partners. FIS collects consumer personal data, such as names and addresses, Social Security Numbers, driver’s license numbers, financial account numbers, transactional history, cardholder data and payment history records. Such information is necessary to support our clients' transaction processing and to conduct our check authorization and collection businesses. Our information systems are dependent upon hardware, software, and other technological components that are both developed by FIS and provided by third parties. These components sometimes require patches, updates, or remediation of known or potential vulnerabilities. Implementation challenges in timely completing these tasks can lead to security vulnerabilities that expose FIS, its systems and data to potential compromise or interruption. The uninterrupted operation of information systems operated by FIS and others, as well as the confidentiality of the customer/consumer information that resides on such systems, is critical to the successful operation of FIS. For that reason, security or privacy breaches are some of the principal operational risks FIS faces as a provider of services to financial institutions and businesses, and, like other such providers, FIS is a regular target of third-party attempts to identify and exploit system vulnerabilities and/or penetrate or bypass our security measures in order to gain unauthorized access to our networks and systems. If FIS fails to maintain an adequate security infrastructure, adapt to emerging security threats (such as the use of artificial intelligence by threat actors in furtherance of cyber attacks), identify security vulnerabilities, prevent unauthorized access, identity theft or other cybersecurity risks (e.g., distributed denial of service, ransomware, and other cyber attacks), manage vendor or supply chain cybersecurity risks, or implement sufficient security standards and technology to protect against security or privacy breaches, the confidentiality of the information FIS 12 12 12 Table of Contents Table of Contents secures could be compromised. Unauthorized access to or abuse of authorized access to the computer systems or databases of FIS or our vendors could result in the theft or publication of confidential information and personal data, the deletion or modification of records, disruption of service delivery, installation of malware, and the potential need to pay ransom, or otherwise cause interruptions in FIS’ operations. These issues in turn could give rise to legal actions from clients and/or such clients' customers, regulatory investigation or enforcement activity, losses and expenses associated with such events, and damage to FIS' reputation. Because FIS serves a diverse client base with different technology and service needs, we must continue to work to enhance our ability to manage the risks from the resulting diversity in potential security attacks. As a provider of services to financial institutions and businesses, FIS is bound by many of the same limitations on disclosure of the information FIS receives from clients as apply to the clients themselves. If FIS fails to comply with these regulations and industry security requirements, including those imposed by the payment card industry through its digital security standards and other rules, it could be exposed to damages from legal actions from clients and/or their customers, governmental proceedings, governmental notice requirements, and the imposition of significant fines or prohibitions on providing services. FIS is a highly regulated entity and is subject to a myriad of complex, evolving regulations and standards, including cybersecurity and privacy laws, regulations and industry standards. In addition, if more restrictive privacy laws, data protection rules or industry security requirements are adopted in the future on the federal or state level, or by a non-U.S. jurisdiction in or from which we serve clients, or by a specific industry body, those changes could have an adverse impact on FIS through increased costs or by imposing changes or inefficiencies on business processes. A material privacy or security incident may trigger SEC disclosure obligations, other applicable disclosure requirements, or be disclosed publicly even if there is no legally required disclosure. Incident disclosure may increase the risks of lawsuits or government enforcement action related to incidents, increase attention to malicious actors, and lead to greater regulatory scrutiny more generally. The occurrence of any such incidents, and the related responses (if any) by regulators or third parties, may result in adverse publicity and reputational harm to us. If FIS is unable, or appears to be unable, to prevent cybersecurity or privacy breaches, we risk reputational damage. Our existing clients could lose confidence in FIS' systems and thus choose to terminate their agreements with FIS. Such reputational harm could also inhibit FIS' ability to attract new clients; potentially increase government, regulatory, or media scrutiny; or give rise to new regulatory requirements that adversely affect FIS' ability to do business in one or more parts of the world.

We may be subject to increased costs, regulations, reporting or other requirements, standards or expectations regarding sustainability and climate change-driven impacts on our business. While we seek to mitigate our business risks associated with climate change, this may require us to incur substantial costs and some of these risks may persist. Changing market dynamics, global policy developments, heightened focus from governmental, media, community, industry and investor stakeholders, and increasing frequency and impact of extreme weather events all have the potential to disrupt our business or the businesses of our customers, vendors and technology partners. Further, there is increased scrutiny, including by governments, regulators, investors, employees, clients and other stakeholders, on sustainability matters, which has resulted in new or additional legal and regulatory requirements and may require increased compliance and operational costs. In addition, if we fail to comply with applicable legal requirements and maintain practices that meet our stakeholders' evolving expectations, it could harm our reputation, adversely affect our ability to attract and retain clients and expose us to increased scrutiny from investors and regulatory authorities. Any of these developments could adversely affect our business, financial condition or results of operations.

We may be subject to increased costs, regulations, reporting requirements, standards or expectations regarding climate change-driven impacts on our business. While we seek to mitigate our business risks associated with climate change as part of our sustainability, environmental, social and governance (ESG) strategy, some of these risks may persist. Changing market dynamics, global policy developments, heightened focus from governmental, media, community, industry and investor stakeholders, and increasing frequency and impact of extreme weather events all have the potential to disrupt our business or the businesses of our customers, vendors and technology partners. Any of these developments could adversely affect our business, financial condition or results of operations.

Incorporating AI technologies into our business offers significant potential to enhance the value of the solutions and services we provide to our clients. If we are unsuccessful in identifying opportunities to expand our portfolio with AI capabilities to strengthen or maintain our market position or enhance our customers' experiences, we may have a competitive disadvantage in developing new products and operating our business. However, AI algorithms may produce unfair, unintended, inaccurate, biased or discriminatory outcomes which could be difficult to detect or explain. Further, the training data underlying third-party AI models may also inadvertently breach intellectual property, privacy or other rights and result in the unauthorized use of confidential information. The integration of AI introduces a variety of risks and uncertainties that may harm our reputation, expose us to lawsuits from consumers or other third parties, introduce security vulnerabilities to our information systems, or have other unintended consequences if we are not successful in mitigating such risks. AI systems may have unintended societal impacts and negative outcomes, such as algorithmic errors that result in inadvertent discrimination or bias. Ensuring that our AI systems are used ethically and in a way that aligns with societal values is critical to maintaining trust with our clients, their customers, and regulators, and will likely be required under laws and regulations governing AI systems. 19 19 19 Table of Contents Table of Contents Additionally, AI systems, whether developed internally or integrated from third-party suppliers, may be susceptible to security vulnerabilities. If these systems are targeted or exploited by cyberattacks, we may face financial and operational costs related to recovery and remediation, required public disclosure, as well as potential reputational damage. The increased sophistication of bad actors raises the risk of significant disruptions, which could impact our operations, as well as customer trust. The regulatory landscape surrounding AI is evolving quickly, and the jurisdictions in which we operate are increasingly implementing new, complex and sometimes conflicting compliance requirements. For instance, the E.U. AI Act imposes a number of requirements (some of which take effect in August 2025, August 2026 and August 2027) that differ depending on the type and use of a particular AI system, but which will at a minimum include extensive documentation and transparency requirements. These regulatory changes introduce additional risks, including the possibility of failing to meet compliance obligations, which could result in substantial fines, penalties or other regulatory actions. AI systems are also dependent on strong model governance, which includes the continuous monitoring, auditing and updating of models to reflect the continuous changes in laws, regulations, or legal precedent, and is paramount to managing these ethical and operational concerns. If we do not maintain an adequate model governance function, we may face regulatory risk, lawsuits, security vulnerabilities or other sources of liability and potentially diminish trust in our brand.

While we believe AI has the potential to increase the value of the solutions and services we deliver to our clients, we recognize that incorporating AI technologies into our business generates a variety of risks and uncertainties. In particular, AI algorithms may generate inaccurate, unintended, unfair or discriminatory outcomes, which may not be easily detectable or explainable, and may inadvertently breach intellectual property, privacy or other rights, as well as confidential information. These outcomes, or the risk of these outcomes, may damage our reputation or have other unintended consequences if we are not successful in mitigating these emerging risks. Further, if we are unsuccessful in identifying opportunities to expand our portfolio with artificial intelligence capabilities to strengthen or maintain our market position or enhance our customers’ experiences, we may have a competitive disadvantage in developing new products and operating our business and our customers may prefer different solutions. These and other AI-related risks may emerge or change on a rapid timeframe that may make it difficult for us to predict or to respond to such risks.

At December 31, 2024, the Company had outstanding approximately €4.0 billion aggregate principal amount of Euro-denominated senior notes and approximately €0.1 billion aggregate principal amount of Euro-denominated commercial paper, or the combined equivalent of approximately $4.3 billion aggregate principal amount. A vast majority of this EUR denominated indebtedness has been economically converted into USD through derivative instruments (see "Financial Instruments" in note 15 to the consolidated financial statements). If our cash flows generated in foreign currencies are insufficient to settle our foreign currency denominated indebtedness, then we may need to exchange U.S. Dollars or funds in other currencies to make such payments, which could result in increased costs to us in the event of adverse changes in currency exchange rates. We have utilized and expect to continue to utilize foreign currency forward contracts and other hedges in an effort to mitigate currency risk, but we cannot make assurances that such hedging arrangements will be effective or will remain available to us on acceptable terms, or at all. In addition, we cannot predict economic and market conditions (including prevailing interest rates and foreign currency exchange rates) at the applicable times when our various series of Euro-denominated indebtedness are scheduled to mature, nor can there be any assurance that we would be able to refinance any series of our Euro-denominated indebtedness on acceptable terms at any such time, all of which could have an adverse financial impact on us.

In recent years, our indebtedness denominated in Euro or GBP has significantly increased as a result of our issuance of senior notes of varying maturities and our issuance of Euro-denominated commercial paper. At December 31, 2023, the Company had outstanding approximately €4.5 billion aggregate principal amount of Euro-denominated senior notes, approximately €1.9 billion aggregate principal amount of Euro-denominated commercial paper and approximately £0.9 billion aggregate principal amount of GBP-denominated senior notes, or the combined equivalent of approximately $8.3 billion aggregate principal amount. We expect to reduce the aggregate principal amount of our Euro- and GBP-denominated debt in 2024 as we retire debt with a portion of the proceeds of the Worldpay Sale. 24 24 24 Table of Contents Table of Contents Although we currently have substantial available cash flows in excess of the projected debt service requirements on our existing Euro and GBP-denominated debt, we cannot assure that we will always be able to continue generating earnings in Euros and GBP in amounts sufficient, taking into account the funding requirements and other needs of our business, to make payments of interest and/or repayment of principal on our Euro and GBP senior debt, or to permit us to economically borrow in those currencies if needed to refinance our existing Euro and GBP debt. If our cash flows in Euros or GBP are insufficient for such purposes, we may need to exchange U.S. Dollars or funds in other currencies to make such payments, which could result in increased costs to us in the event of adverse changes in currency exchange rates. We have utilized and expect to continue to utilize foreign currency forward contracts and other hedges on a limited basis in an effort to mitigate currency risk, but we cannot assure that such hedging arrangements will be effective or will remain available to us on acceptable terms, or at all. In addition, we cannot predict economic and market conditions (including prevailing interest rates and foreign currency exchange rates) at the applicable times when our various series of Euro and GBP senior debt are scheduled to mature, nor can there be any assurance that we would be able to refinance any series of our Euro and GBP senior debt in those currencies on acceptable terms at any such time, all of which could have an adverse financial impact on us.

We may not achieve the anticipated benefits of our Worldpay Sale, which we completed in January 2024. The anticipated strategic, financial, and operational gains may not materialize, and costs or revenue dis-synergies could exceed expectations. Additionally, we have entered into ongoing arrangements with Worldpay for transition services which have required, and are expected to continue to require, significant resources and could offset the impact of our cost-saving initiatives. While we retain a 45% equity interest in Worldpay, we do not have control of Worldpay, exposing us to certain risks including risks related to Worldpay’s operations and merchant acquiring business. As a result of the Worldpay Sale, our revenue sources are less diversified, which could increase our exposure to adverse developments affecting financial institutions. Additionally, our common stock now represents a smaller company, with proportionally increased exposure to our remaining business risks.

On January 31, 2024, we completed the Worldpay Sale. We may not realize the anticipated strategic, financial, operational or other benefits from the sale within the expected timeframe, in full or at all, and there can be no assurance that the costs or revenue or expense dis-synergies of the sale will not ultimately exceed anticipated amounts. The anticipated benefits to us from the sale, including our retention of a 45% equity interest in the Joint Venture that owns the assets and liabilities of the Worldpay 22 22 22 Table of Contents Table of Contents Merchant Solutions business, are based on a number of assumptions, some of which may prove incorrect. While we have certain governance rights in the form of board representation and veto rights over certain significant actions that enable us to exercise some influence, we no longer control the management or policies of the Worldpay business. To the extent of our investment in Worldpay, we are exposed to all of the business risks applicable to its results of operations and financial condition, many of which are similar to the risks to which our wholly-owned operations are subject, such as risks arising from economic conditions and reductions in consumer spending, as well as to other risks which apply specifically to the merchant acquiring business. As a result of the sale, our operational and financial profiles have changed. While the sale has enabled us to focus on our Banking Solutions and Capital Markets Solutions business, it has also made our revenue sources less diversified, and our results of operations, cash flows, working capital and financing requirements will be more exposed to developments affecting financial institutions as a result of the increased concentration of our business on serving such customers. Additionally, the shares of our common stock now represent an investment in a smaller company than existed prior to the completion of the sale, and our proportionate exposure to the risks inherent in our remaining businesses has increased. Further, we have incurred and will incur various one-time or ongoing costs in connection with, or as a result of, the sale. Those costs may exceed our estimates or could negate some of the benefits we expected to realize from the sale. We plan to use the net proceeds from the sale to retire debt and to return additional capital to shareholders through our existing share repurchase authorization, as well as for general corporate purposes, while maintaining an investment grade credit rating. These uses of the net proceeds of the sale may not improve our results of operations or cash flows or may not be achieved in the amounts or on the timelines anticipated. We are also potentially subject to unforeseen costs and expenses following the sale, including additional general and administrative costs, costs of dis-synergies, restructuring costs and other unanticipated costs and expenses. In addition, we have continuing operational and financial obligations to Worldpay pursuant to the commercial agreements and transition services agreements that were entered into between FIS and Worldpay at closing. These ongoing arrangements will require significant management and operational resources, will require us to incur costs to provide the transition services and other support we will provide to Worldpay in the near term and may reduce our ability to fully realize cost savings and efficiency initiatives that we would otherwise have been able to implement following the closing of the sale. There can be no assurance that the commercial arrangements with Worldpay, including those relating to client referrals, will result in revenue to us in anticipated amounts.