Intuitive Surgical Inc.: 10-K Risk Factor Changes

Our information technology systems are critical to the success of our products, help us operate effectively and efficiently, interface with customers, maintain our supply chain and manufacturing operations, maintain financial accuracy and efficiency, 34 34 34 Table of Contents Table of Contents and help us produce our Consolidated Financial Statements. If we do not allocate and effectively manage the resources necessary to build and sustain the proper information technology infrastructure, we could be subject to transaction errors, processing inefficiencies, the loss of existing customers, difficulty attracting new customers, business operation disruptions, diversion of the attention of management and key information technology resources, security breaches, or the unauthorized access to, loss of, or damage to intellectual property, confidential information, or personal information. Our information technology systems and those of our third-party service providers, strategic partners, and other contractors or consultants are vulnerable to attack, damage, or interruption from a variety of sources. These sources include computer viruses and malware (e.g., ransomware), malicious code, natural disasters, terrorism, war, telecommunication and electrical failures, hacking, cyberattacks, phishing attacks and other social engineering schemes, employee theft or misuse, human error, fraud, denial or degradation of service attacks, sophisticated nation-state and nation-state-supported actors, or unauthorized access or use by persons inside our organization, or persons with access to systems inside our organization. The risk of a security breach or a disruption has generally increased in number, intensity, and sophistication. Techniques used to compromise or sabotage systems, including the use of advanced technologies, such as machine learning or artificial intelligence, change frequently, may originate from less regulated and remote areas of the world, may be difficult to detect, and generally are not recognized until after they are launched against a target. As a result, we may be unable to anticipate these techniques or to implement adequate preventative measures. If our information technology systems, or those of our critical third-party vendors, do not effectively and securely collect, store, process, and report relevant data for the operation of our business, our ability to effectively plan, forecast, and execute our business plan and comply with applicable laws and regulations could be impaired. Any such impairment could materially and adversely affect our financial condition, results of operations, and the timeliness with which we report our internal and external operating results. Our business requires us to use and store customer, employee, and business partner personal information. This may include names, addresses, phone numbers, email addresses, contact preferences, tax identification numbers, and payment account information. We have implemented, and our critical third-party vendors may implement, various controls, systems, and processes intended to secure our information technology systems and the information on it. For example, we require usernames and passwords in order to access our information technology systems and use encryption and authentication technologies to secure the transmission and storage of data. We also have programs in place to detect, contain, and respond to data security incidents, and we make ongoing improvements to our information-sharing products in order to minimize vulnerabilities, in accordance with industry and regulatory standards. However, we cannot guarantee that these measures will be effective or that attempted security breaches or disruptions would not be successful or damaging. These security measures may be compromised as a result of security breaches by unauthorized persons, employee error, malfeasance, faulty password management, or other irregularity and result in persons obtaining unauthorized access to our data or accounts. Third parties may attempt to fraudulently induce employees or customers into disclosing usernames, passwords, or other sensitive information or otherwise attempt to hack into our information technology systems to obtain personal data relating to patients or employees, our confidential or proprietary information, or confidential information we hold on behalf of third parties. In addition, with the prolific use of artificial intelligence technologies, there is an increased risk of unauthorized or accidental disclosure. For example, our employees, third-party service providers, strategic partners, or other contractors or consultants may input inappropriate or confidential information into an artificial intelligence system (in particular, a system that is managed, owned, or controlled by a third party), thereby compromising our business operations. Even if the vulnerabilities that may lead to the foregoing are identified, we may be unable to adequately investigate or remediate due to attackers increasingly using tools and techniques that are designed to circumvent controls, avoid detection, and remove or obfuscate forensic evidence. The occurrence of any of these events may cause business operation disruptions, diversion of the attention of management and key information technology resources, and possibly lead to security breaches of, or the unauthorized access to, our confidential information or other business data. If the unauthorized persons successfully hack into or interfere with our connected products or services, they may create issues with product functionality that could pose a risk of the loss of data, a risk to patient safety, and a risk of product recall or field action, which could adversely impact our business and reputation. We may also face increased cybersecurity risks due to our reliance on internet technology and the number of our employees who are working remotely, a situation that has persisted since the beginning of the COVID-19 pandemic, which may create additional opportunities for cybercriminals to exploit vulnerabilities. As described above, we also rely on external vendors to supply and/or support certain aspects of our information technology systems. The systems of these external vendors may contain defects in design or manufacture or other problems that could unexpectedly compromise the security of our own information technology systems, and we are dependent on these third parties to deploy appropriate security programs to protect their systems. In addition to potential exposure to data breaches, security and cybersecurity incidents, or other actions that may compromise the security of or interfere with the function of our systems, defects or vulnerabilities in the software or systems of our external vendors may expose failures in our internal controls and risk management processes, which may adversely impact our business, financial condition, or results of operations and may also harm our reputation, brand, and customer relationships. 35 35 35 Table of Contents Table of Contents While we devote significant resources to network security, data encryption, and other security measures to protect our systems and data, these security measures cannot provide absolute security. We and certain of our service providers are, from time to time, subject to cyberattacks and security breaches and incidents. We consider such cyberattacks or security breaches and incidents to be in the ordinary course of business for a company of our size in our industry. While we do not believe that we have experienced any significant system failure, accident, or security breach to date, if such an event were to occur, it could impair our ability to attract and retain customers for our products, impact the price of our stock, materially damage commercial relationships, and expose us to litigation or government investigations, which could result in penalties, fines, or judgments against us. The costs to us to eliminate or alleviate network security problems, bugs, viruses, worms, ransomware and other malicious software programs, and security vulnerabilities could be significant. Our efforts to address these problems may not be successful and could result in unexpected interruptions, delays, cessation of service, and harm to our business operations. Moreover, if a security breach affects our systems or results in the unauthorized release of personal information, our reputation and brand could be materially damaged, and use of our products and services could decrease. We would also be exposed to a risk of loss, litigation and potential liability, and regulatory scrutiny, which could have a material adverse impact on our business, financial condition, or results of operations. Furthermore, we may implement changes to information technology systems that could have significant impacts on our manufacturing, sales, and finance functions, among other teams. These impacts may include (i) operational disruptions resulting from the slow adaptation of the new information technology systems by employees, whether due to inadequate training or resistance to change, or data loss during the transition to the updated information technology system, including critical customer data, or improper planning leading to the loss of essential software features needed for specific business requirements; (ii) inaccurate financial reporting due to inaccurate data transfer or technical issues; (iii) financial losses due to system failures or cost overruns; (iv) security risks involving potential data breaches, unauthorized access, or loss of sensitive information; (v) compliance risks arising should the updated technology fail to meet regulatory requirements or industry standards; and (vi) strategic risks if the technology implementation fails to deliver the expected benefits. While we maintain cyber insurance coverage that is intended to address data security risks, such insurance coverage may be insufficient to cover all losses or claims that may arise.

Our information technology systems are critical to the success of our products, help us operate effectively and efficiently, interface with customers, maintain our supply chain and manufacturing operations, maintain financial accuracy and efficiency, and help us produce our Consolidated Financial Statements. If we do not allocate and effectively manage the resources necessary to build and sustain the proper information technology infrastructure, we could be subject to transaction errors, processing inefficiencies, the loss of existing customers, difficulty attracting new customers, business operation disruptions, diversion of the attention of management and key information technology resources, security breaches, or the unauthorized access to, loss of, or damage to intellectual property, confidential information, or personal information. Our information 34 34 34 Table of Contents Table of Contents technology systems and those of our third-party service providers, strategic partners, and other contractors or consultants are vulnerable to attack, damage, or interruption from a variety of sources. These sources include computer viruses and malware (e.g., ransomware), malicious code, natural disasters, terrorism, war, telecommunication and electrical failures, hacking, cyberattacks, phishing attacks and other social engineering schemes, employee theft or misuse, human error, fraud, denial or degradation of service attacks, sophisticated nation-state and nation-state-supported actors, or unauthorized access or use by persons inside our organization, or persons with access to systems inside our organization. If our information technology systems do not effectively and securely collect, store, process, and report relevant data for the operation of our business, our ability to effectively plan, forecast, and execute our business plan and comply with applicable laws and regulations could be impaired. Any such impairment could materially and adversely affect our financial condition, results of operations, and the timeliness with which we report our internal and external operating results. Our business requires us to use and store customer, employee, and business partner personal information. This may include names, addresses, phone numbers, email addresses, contact preferences, tax identification numbers, and payment account information. We require usernames and passwords in order to access our information technology systems. We also use encryption and authentication technologies to secure the transmission and storage of data. These security measures may be compromised as a result of security breaches by unauthorized persons, employee error, malfeasance, faulty password management, or other irregularity and result in persons obtaining unauthorized access to our data or accounts. Third parties may attempt to fraudulently induce employees or customers into disclosing usernames, passwords, or other sensitive information, which may, in turn, be used to access our information technology systems. As a result of the COVID-19 pandemic, we may also face increased cybersecurity risks due to our reliance on internet technology and the number of our employees who are working remotely, which may create additional opportunities for cybercriminals to exploit vulnerabilities. In addition, unauthorized persons may attempt to hack into our products or systems to obtain personal data relating to patients or employees, our confidential or proprietary information, or confidential information we hold on behalf of third parties. If the unauthorized persons successfully hack into or interfere with our connected products or services, they may create issues with product functionality that could pose a risk of the loss of data, a risk to patient safety, and a risk of product recall or field action, which could adversely impact our business and reputation. We have programs in place to detect, contain, and respond to data security incidents, and we make ongoing improvements to our information-sharing products in order to minimize vulnerabilities, in accordance with industry and regulatory standards. However, because the techniques used to obtain unauthorized access to or steal personal information or intellectual property, or sabotage systems containing personal information or intellectual property, change frequently and may originate from less regulated and remote areas of the world and be difficult to detect, we may not be able to anticipate and prevent these intrusions or mitigate them when and if they occur. Even if identified, we may be unable to adequately investigate or remediate incidents or breaches due to attackers increasingly using tools and techniques that are designed to circumvent controls, avoid detection, and remove or obfuscate forensic evidence. We also rely on external vendors to supply and/or support certain aspects of our information technology systems. The systems of these external vendors may contain defects in design or manufacture or other problems that could unexpectedly compromise the security of our own information technology systems, and we are dependent on these third parties to deploy appropriate security programs to protect their systems. In addition to potential exposure to data breaches, security and cybersecurity incidents, or other actions that may compromise the security of or interfere with the function of our systems, defects or vulnerabilities in the software or systems of our external vendors may expose failures in our internal controls and risk management processes, which may adversely impact our business, financial condition, or results of operations and may also harm our reputation, brand, and customer relationships. While we devote significant resources to network security, data encryption, and other security measures to protect our systems and data, these security measures cannot provide absolute security. We and certain of our service providers are, from time to time, subject to cyberattacks and security breaches and incidents. We consider such cyberattacks or security breaches and incidents to be in the ordinary course of business for a company of our size in our industry. While we do not believe that we have experienced any significant system failure, accident, or security breach to date, if such an event were to occur, it could impair our ability to attract and retain customers for our products, impact the price of our stock, materially damage commercial relationships, and expose us to litigation or government investigations, which could result in penalties, fines, or judgments against us. The costs to us to eliminate or alleviate network security problems, bugs, viruses, worms, ransomware and other malicious software programs, and security vulnerabilities could be significant. Our efforts to address these problems may not be successful and could result in unexpected interruptions, delays, cessation of service, and harm to our business operations. Moreover, if a security breach affects our systems or results in the unauthorized release of personal information, our reputation and brand could be materially damaged, and use of our products and services could decrease. We would also be exposed to a risk of loss, litigation and potential liability, and regulatory scrutiny, which could have a material adverse impact on our business, financial condition, or results of operations. 35 35 35 Table of Contents Table of Contents Globally, attacks are expected to continue accelerating in both frequency and sophistication with increasing use of tools and techniques that are designed to circumvent controls, avoid detection, and remove or obfuscate forensic evidence, all of which hinders our ability to identify, investigate, and recover from incidents. Furthermore, due to the political uncertainty involving Russia and Ukraine, there is also an increased likelihood that the tensions could result in cyberattacks or cybersecurity incidents that could either directly or indirectly impact our operations. Any attempts by cyber-attackers to disrupt our services or information technology systems or the services or information technology systems of our third-party service providers, strategic partners, and other contractors or consultants, if successful, could harm our business, result in the misappropriation of funds, be expensive to remedy, and damage our reputation or brand. While we maintain cyber insurance coverage that is intended to address data security risks, such insurance coverage may be insufficient to cover all losses or claims that may arise.

From time to time, we enter into collaborations, in-licensing arrangements, joint ventures, strategic alliances, or partnerships to complement or augment our research and development, product development, training, procedure development, and marketing efforts. For example, in 2016, we entered into an agreement to form the Joint Venture. In January 2019, the Joint Venture acquired certain assets related to the da Vinci distribution business of Chindex, a subsidiary of Fosun Pharma, following which the Joint Venture began direct distribution operations for da Vinci products and services in China. There can be no assurance that we and the Joint Venture can successfully complete development of robotic-assisted, catheter-based medical devices, or that we and the Joint Venture will successfully commercialize such products. There can also be no assurance that the Joint Venture will not require additional contributions to fund its business, that the Joint Venture will become profitable, or that the expected benefits of the acquisition of certain assets of Chindex will be realized. Proposing, negotiating, and implementing collaborations, in-licensing agreements, joint ventures, strategic alliances, or partnerships may be a lengthy and complex process. In addition, other companies, including those with substantially greater financial, marketing, sales, technology, or other business resources, may compete with us for these opportunities or arrangements. As a result, we may not identify, secure, or complete any such arrangements in a timely manner, on a cost-effective basis, or on otherwise favorable terms, if it all. There can be no assurance that we will realize the expected benefits from these alliances. In addition, we may not be in a position to exercise sole decision-making authority regarding any collaboration or other arrangement, which could create the potential risk of creating impasses on decisions, and our alliances may have economic or business interests that are, or that may become, inconsistent with our interests. It is possible that conflicts may arise in these relationships, such as conflicts concerning the achievement of performance milestones or the interpretation of significant terms under any agreement, such as those related to financial obligations, termination rights, or the ownership or control of intellectual property developed during the collaboration. These alliances can be difficult to manage, given the potentially different interests of the parties involved, and we could suffer delays in product development or other operational difficulties. There can be no assurance that we will realize a return on our strategic investments. Further, if we acquire privately held companies, valuations of such companies are inherently complex due to the lack of readily available market data. If we determine that our investments in privately held companies have experienced a decline in value, we may be required to record impairments, which could be material and have an adverse effect on our results of operations. These alliances may also involve significant costs and divert the focus and attention of our management and other key personnel. Any of these relationships may require us to incur non-recurring and other charges, increase our near- and long-term expenditures, or disrupt our ordinary business activities. Such arrangements may also expose us to numerous known and unknown risks, including unique risks with respect to the economic, political, and regulatory environment of any foreign entities with whom we partner, including Fosun Pharma. Any of the foregoing may have a material adverse effect on our business, financial condition, or results of operations.

From time to time, we enter into collaborations, in-licensing arrangements, joint ventures, strategic alliances, or partnerships to complement or augment our research and development, product development, training, procedure development, and marketing efforts. For example, in 2016, we entered into an agreement to form the Joint Venture. In January 2019, the Joint Venture acquired certain assets related to the da Vinci distribution business of Chindex, a subsidiary of Fosun Pharma, following which the Joint Venture began direct distribution operations for da Vinci products and services in China. There can be no assurance that we and the Joint Venture can successfully complete development of robotic-assisted, catheter-based medical devices, or that we and the Joint Venture will successfully commercialize such products. There can also be no assurance that the Joint Venture will not require additional contributions to fund its business, that the Joint Venture will become profitable, or that the expected benefits of the acquisition of certain assets of Chindex will be realized. Proposing, negotiating, and implementing collaborations, in-licensing agreements, joint ventures, strategic alliances, or partnerships may be a lengthy and complex process. In addition, other companies, including those with substantially greater financial, marketing, sales, technology, or other business resources, may compete with us for these opportunities or arrangements. As a result, we may not identify, secure, or complete any such arrangements in a timely manner, on a cost-effective basis, or on otherwise favorable terms, if it all. There can be no assurance that we will realize the expected benefits from these alliances. In addition, we may not be in a position to exercise sole decision-making authority regarding any collaboration or other arrangement, which could create the potential risk of creating impasses on decisions, and our alliances may have economic or business interests that are, or that may become, inconsistent with our interests. It is possible that conflicts may arise in these relationships, such as conflicts concerning the achievement of performance milestones or the interpretation of significant terms under any agreement, such as those related to financial obligations, termination rights, or the ownership or control of intellectual property developed during the collaboration. These alliances can be difficult to manage, given the potentially different interests of the parties involved, and we could suffer delays in product development or other operational difficulties. 38 38 38 Table of Contents Table of Contents There can be no assurance that we will realize a return on our strategic investments. Further, if we acquire privately held companies, valuations of such companies are inherently complex due to the lack of readily available market data. If we determine that our investments in privately held companies have experienced a decline in value, we may be required to record impairments, which could be material and have an adverse effect on our results of operations. These alliances may also involve significant costs and divert the focus and attention of our management and other key personnel. Any of these relationships may require us to incur non-recurring and other charges, increase our near- and long-term expenditures, or disrupt our ordinary business activities. Such arrangements may also expose us to numerous known and unknown risks, including unique risks with respect to the economic, political, and regulatory environment of any foreign entities with whom we partner, including Fosun Pharma. Any of the foregoing may have a material adverse effect on our business, financial condition, or results of operations.

There are numerous state, federal, and foreign laws, regulations, decisions, and directives regarding data privacy and security and the collection, storage, transmission, use, disclosure, and other processing of different types of information about individuals and other data (including customer data), the scope of which is continually evolving and subject to differing interpretations. We may be subject to significant consequences, including penalties and fines, for any failure to comply with such laws, regulations, and directives. For example, the GDPR, which is in effect across the EEA, imposes several stringent requirements for controllers and processors of data relating to an identifiable living individual or “personal data” including, for example, imposing strict standards when obtaining consent from individuals to process their personal data, requiring robust disclosures to individuals, providing individual data rights, imposing short timelines for data breach notifications, limiting retention periods and secondary use of information, imposing certain requirements pertaining to health data as well as pseudonymized (i.e., key-coded) data, regulating cross-border transfers of personal data out of the EEA, as well as additional obligations when we contract third-party processors in connection with the processing of personal data. The GDPR also includes a principle of accountability and the obligation to demonstrate compliance with the foregoing obligations through policies, procedures, training, and audits. The GDPR provides that EEA member states may make their own further laws and regulations limiting the processing of genetic, biometric, or health data, which could limit our ability to use and share personal data or could cause our costs to increase and harm our business and financial condition. Failure to comply with the requirements of the GDPR and the applicable national data protection laws of the EEA member states may result in significant fines, regulatory investigations, reputational damage, orders to cease/change our data processing activities, enforcement notices, assessment notices (for a compulsory audit), and/or civil claims (including class actions). Compliance with data protection obligations imposed by GDPR and EEA member state laws may be onerous and adversely affect our business, financial condition, or results of operations. Further, since 2021, we have been subject to the UK GDPR, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. The UK GDPR mirrors the obligations, monetary fines, and enforcement regime under the GDPR; however, the relationship between the UK and the EU in relation to certain aspects of data protection law remains unclear, and it is unclear how UK data protection laws and regulations will develop in the medium to longer term and how data transfers to and from the UK will be regulated in the long term. These changes may lead to additional costs and increase our overall risk exposure. We are also subject to evolving EEA and UK privacy laws on cookies, tracking technologies, and e-marketing, which continue to evolve and which regulators actively enforce. In the United States, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations implemented thereunder, imposes privacy, security, and breach notification obligations on certain healthcare providers, health plans, and healthcare clearinghouses, known as covered entities, as well as their business associates that perform certain services that involve creating, receiving, maintaining, or transmitting individually identifiable health information for or on behalf of such covered 38 38 38 Table of Contents Table of Contents entities and their covered subcontractors. Entities that are found to be in violation of HIPAA, as the result of a breach of unsecured personal information, a complaint about privacy practices, or an audit by the U.S. Department of Health and Human Services (“HHS”), may be subject to significant civil, criminal, and administrative fines and penalties and/or additional reporting and oversight obligations if they are required to enter into a resolution agreement and corrective action plan with HHS to settle allegations of HIPAA non-compliance. Even when HIPAA does not apply, according to the Federal Trade Commission (the “FTC”), violating consumers’ privacy rights or failing to take appropriate steps to keep consumers’ personal information secure may constitute unfair and/or deceptive acts or practices in violation of Section 5(a) of the FTC Act. The FTC has authority to initiate enforcement actions against entities that make deceptive statements about privacy and data sharing in privacy policies, fail to limit third-party use of personal health information, fail to implement policies to protect personal health information, or engage in other unfair practices that harm customers or that may violate Section 5(a) of the FTC Act. The FTC expects a company’s data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. Additionally, federal and state consumer protection laws are increasingly being applied by the FTC and states’ attorneys general to regulate the collection, use, storage, and disclosure of personal or personally identifiable information, through websites or otherwise, and to regulate the presentation of website content. Further, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”) gives California residents expanded rights to access, correct, and delete their personal information, opt out of certain personal information sharing, and receive detailed information about how their personal information is used. The CCPA imposes compliance burdens on many organizations doing business in California that collect personal information about California residents. The CCPA’s definition of personal information is very broad and specifically includes biometric information (though information subject to HIPAA is expressly exempted). The CCPA allows for significant fines by the state attorney general, as well as a private right of action from individuals in relation to certain security breaches. The enactment of the CCPA has prompted a wave of similar legislative developments in other U.S. states, such as Virginia, Colorado, Connecticut, and Utah, and at the federal level, reflecting a trend toward more stringent privacy legislation in the U.S. These developments are increasing our compliance burden and our risk, including risks of regulatory fines, litigation, and associated reputational harm. In addition, recent legal developments in Europe have created complexity and compliance uncertainty regarding certain transfers of personal data from the EEA or UK to third countries, including the United States. Case law from the Court of Justice of the European Union (the “CJEU”) states that the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism and potential alternative to the Privacy Shield) alone may not necessarily be sufficient in all circumstances and that transfers must be assessed on a case-by-case basis. On October 7, 2022, President Biden signed an Executive Order on ‘Enhancing Safeguards for United States Intelligence Activities,’ which introduced new redress mechanisms and binding safeguards to address the concerns raised by the CJEU in relation to data transfers from the EEA to the United States and which formed the basis of the new EU-US Data Privacy Framework (“DPF”), as released on December 13, 2022. The European Commission adopted its Adequacy Decision in relation to the DPF on July 10, 2023, rendering the DPF effective as an EU GDPR transfer mechanism to U.S. entities self-certified under the DPF. On October 12, 2023, the UK Extension to the DPF came into effect (as approved by the UK Government), as a UK GDPR data transfer mechanism to U.S. entities self-certified under the UK Extension to the DPF. However, we expect the existing legal complexity and uncertainty regarding international persona data transfers to continue. In particular, we expect the DPF Adequacy Decision to be challenged. We rely on a mixture of mechanisms to transfer personal data from our EU business to the U.S. and are evaluating whether additional mechanisms will be required to establish adequate safeguards for personal data. We expect the existing legal complexity and uncertainty regarding international personal data transfers to continue. In particular, we expect the DPF Adequacy Decision to be challenged and international transfers to the United States and to other jurisdictions more generally to continue to be subject to enhanced scrutiny by regulators. As supervisory authorities issue further guidance on personal data export mechanisms, including circumstances where the standard contractual clauses cannot be used and/or start taking enforcement action, we could suffer additional costs, complaints, and/or regulatory investigations or fines. As the regulatory guidance and enforcement landscape in relation to data transfers continues to develop, we could suffer additional costs, complaints, and/or regulatory investigations or fines, and we may have to stop using certain tools and vendors. Moreover, if we are unable to transfer personal data between and among countries and regions in which we operate, it could affect the manner in which we provide our services. These operational changes could adversely affect our business, financial condition, or results of operations. In China, we are also subject to various aspects of the country’s data compliance regime, which can include the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law (“PIPL”). In addition, the relevant government authorities of China promulgated several regulations or released a number of draft regulations for public comment that are designed to provide further implemental guidance in accordance with these laws. We cannot predict what impact the 39 39 39 Table of Contents Table of Contents new laws and regulations or the increased costs of compliance, if any, will have on our operations in China, in particular the Data Security Law or PIPL, due to their recent enactment and the limited guidance available. It is also generally unclear how the laws will be interpreted and enforced in practice by the relevant government authorities, as these laws are drafted broadly and, thus, leave great discretion to the relevant government authorities to exercise. In Israel, The Protection of Privacy Law, 5741-1981 (the “Israeli Privacy Law”) regulates the protection of privacy and personal data, along with several other specific regulations enacted thereunder and, in particular, the Privacy Protection Regulations (Data Security), 5777-2017 (together with Israeli Protection of Privacy Law, the “Israeli Privacy Law and Regulations”). Under the Israeli Privacy Law and Regulations, organizations are subject to various privacy and data protection requirements, including mandatory registration of databases with the Israeli Registrar of Databases (if certain conditions are met), executing data processing agreements with data recipients, safeguarding the collection and processing of personal data, safeguarding the transfer of personal data (which is specifically subject to the requirements of the Privacy Protection Regulations), personal data breach notification obligations, and other requirements. The Privacy Protection Authority (the “PPA”) is responsible for enforcement of the Israeli Privacy Law and Regulations and periodically publishes opinions and guidelines on privacy matters. In terms of enforcement, failure to comply with the Israeli Privacy Law and Regulations can result in PPA investigations, administrative fines or sanctions, and civil or criminal actions (civil proceedings may include statutory damages without the need to prove actual damages). Furthermore, any failure, or perceived failure, by us to comply with or make effective modifications to our policies or to comply with any federal, state, or international privacy, data-retention, or data-protection-related laws, regulations, orders, or industry self-regulatory principles could result in proceedings or actions against us by governmental entities or others, a loss of customer confidence, damage to our brand and reputation, and a loss of customers, any of which could have an adverse effect on our business. In addition, various federal, state, and foreign legislative or regulatory bodies may enact new or additional laws and regulations concerning privacy, data-retention, and data-protection issues, including laws or regulations mandating disclosure to domestic or international law enforcement bodies, which could adversely impact our business or our reputation with customers. For example, some countries have adopted laws mandating that some personal information regarding customers in their country be maintained solely in their country. Having to maintain local data centers and redesign product, service, and business operations to limit personal information processing to within individual countries could increase our operating costs significantly.

There are numerous state, federal, and foreign laws, regulations, decisions, and directives regarding privacy and the collection, storage, transmission, use, processing, disclosure, and protection of different types of personal data and personal information and other customer or other data, the scope of which is continually evolving and subject to differing interpretations. We may be subject to significant consequences, including penalties and fines, for any failure to comply with such laws, regulations, and directives. For example, the GDPR, which is in effect across the EEA, imposes several stringent requirements for controllers and processors of personal data including, for example, imposing strict standards when obtaining consent from individuals to process their personal data, requiring robust disclosures to individuals, providing individual data rights, imposing short timelines for data breach notifications, limiting retention periods and secondary use of information, imposing certain requirements pertaining to health data as well as pseudonymized (i.e., key-coded) data, regulating cross-border transfers of personal data out of the EEA, as well as additional obligations when we contract third-party processors in connection with the processing of personal data. The GDPR provides that EEA member states may make their own further laws and regulations limiting the processing of genetic, biometric, or health data, which could limit our ability to use and share personal data or could cause our costs to increase and harm our business and financial condition. Failure to comply with the requirements of the GDPR and the applicable national data protection laws of the EEA member states may result in fines of up to 4% of the total worldwide annual turnover of the preceding financial year and other administrative penalties. In addition to fines, a breach of the GDPR may result in regulatory investigations, reputational damage, orders to cease/change our data processing activities, enforcement notices, assessment notices (for a compulsory audit), and/or civil claims (including class actions). Compliance with new data protection rules imposed by GDPR may be onerous and adversely affect our business, financial condition, or results of operations. Further, since 2021, we have been subject to the UK GDPR, which, together with the amended UK Data Protection Act 2018, retains the GDPR in UK national law. The UK GDPR mirrors the fines under the GDPR, e.g., fines up to 4% of worldwide annual turnover of the preceding financial year. The relationship between the UK and the EU in relation to certain aspects of data protection law remains unclear, and it is unclear how UK data protection laws and regulations will develop in the medium to longer term and how data transfers to and from the UK will be regulated in the long term. These changes may lead to additional costs and increase our overall risk exposure. In the United States, the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, and regulations implemented thereunder (collectively, “HIPAA”), imposes privacy, security, and breach notification obligations on certain healthcare providers, health plans, and healthcare clearinghouses, known as covered entities, as well as their business associates that perform certain services that involve creating, receiving, maintaining, or transmitting individually identifiable health information for or on behalf of such covered entities and their covered subcontractors. Entities that are found to be in violation of HIPAA, as the result of a breach of unsecured personal information, a complaint about privacy practices, or an audit by the U.S. Department of Health and Human Services (“HHS”), may be subject to significant civil, criminal, and administrative fines and penalties and/or additional reporting and oversight obligations if they are required to enter into a resolution agreement and corrective action plan with HHS to settle allegations of HIPAA non-compliance. Even when HIPAA does not apply, according to the Federal Trade Commission (the “FTC”), violating consumers’ privacy rights or failing to take appropriate steps to keep consumers’ personal information secure may constitute unfair and/or deceptive acts or practices in violation of Section 5(a) of the Federal Trade Commission Act. The FTC expects a company’s data security measures to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities. 36 36 36 Table of Contents Table of Contents Further, the California Consumer Privacy Act (the “CCPA”) went into effect in 2020 and gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing, and receive detailed information and how their personal information is used. The CCPA imposes compliance burdens on many organizations doing business in California that collect personal information about California residents. The CCPA’s definition of personal information is very broad and specifically includes biometric information. The CCPA allows for significant fines by the state attorney general, as well as a private right of action from individuals in relation to certain security breaches. The enactment of the CCPA is prompting a wave of similar legislative developments in other U.S. states and creating the potential for a patchwork of overlapping but different state laws. These developments are increasing our compliance burden and our risk, including risks of regulatory fines, litigation, and associated reputational harm. Additionally, a new California ballot initiative, the California Privacy Rights Act (the “CPRA”) recently passed in California. The CPRA will substantially expand the requirements of the CCPA and will impose additional data protection obligations on companies doing business in California. The majority of the provisions will go into effect on January 1, 2023, and additional compliance investment and potential business process changes may be required. Similar laws have passed in Virginia, Colorado, Connecticut, and Utah and have been proposed in other states and at the federal level, reflecting a trend toward more stringent privacy legislation in the U.S. In addition, recent legal developments in Europe have created complexity and compliance uncertainty regarding certain transfers of personal data from the EEA or UK to the United States. For example, on July 16, 2020, the Court of Justice of the European Union (the “CJEU”) invalidated the EU-U.S. Privacy Shield Framework (“Privacy Shield”) under which personal data could be transferred from the EU to U.S. entities who had self-certified under the Privacy Shield scheme. The CJEU further noted that reliance on the standard contractual clauses (a standard form of contract approved by the European Commission as an adequate personal data transfer mechanism and potential alternative to the Privacy Shield) alone may not necessarily be sufficient in all circumstances and that transfers must be assessed on a case-by-case basis. European court and regulatory decisions subsequent to the CJEU decision of July 16, 2020, have taken a restrictive approach to international data transfers. We rely on a mixture of mechanisms to transfer personal data from our EU business to the U.S. (including having previously relied on Privacy Shield) and are evaluating whether additional mechanisms will be required to establish adequate safeguards for personal data. As supervisory authorities issue further guidance on personal data export mechanisms, including circumstances where the standard contractual clauses cannot be used and/or start taking enforcement action, we could suffer additional costs, complaints, and/or regulatory investigations or fines. Moreover, if we are unable to transfer Personal Information between and among countries and regions in which we operate, it could affect the manner in which we provide our services and could adversely affect our financial results. In Israel, The Protection of Privacy Law, 5741-1981 (the “Israeli Privacy Law”) regulates the protection of privacy and personal data, along with several other specific regulations enacted thereunder and, in particular, the Privacy Protection Regulations (Data Security), 5777-2017 (together with Israeli Privacy Law, the “Israeli Privacy Law and Regulations”). Under the Israeli Privacy Law and Regulations, organizations are subject to various privacy and data protection requirements, including mandatory registration of databases with the Israeli Registrar of Databases (if certain conditions are met), executing data processing agreements with data recipients, safeguarding the collection and processing of personal data, safeguarding the transfer of personal data (which is specifically subject to the requirements of the Privacy Protection Regulations), personal data breach notification obligations, and other requirements. The Privacy Protection Authority (the “PPA”) is responsible for enforcement of the Israeli Privacy Law and Regulations and periodically publishes opinions and guidelines on privacy matters. In terms of enforcement, failure to comply with the Israeli Privacy Law and Regulations can result in PPA investigations, administrative fines or sanctions, and civil or criminal actions (civil proceedings may include statutory damages without the need to prove actual damages). Furthermore, any failure, or perceived failure, by us to comply with or make effective modifications to our policies or to comply with any federal, state, or international privacy, data-retention, or data-protection-related laws, regulations, orders, or industry self-regulatory principles could result in proceedings or actions against us by governmental entities or others, a loss of customer confidence, damage to our brand and reputation, and a loss of customers, any of which could have an adverse effect on our business. In addition, various federal, state, and foreign legislative or regulatory bodies may enact new or additional laws and regulations concerning privacy, data-retention, and data-protection issues, including laws or regulations mandating disclosure to domestic or international law enforcement bodies, which could adversely impact our business or our reputation with customers. For example, some countries have adopted laws mandating that some personal information regarding customers in their country be maintained solely in their country. Having to maintain local data centers and redesign product, service, and business operations to limit personal information processing to within individual countries could increase our operating costs significantly. 37 37 37 Table of Contents Table of Contents

We manufacture, perform research and development activities, and distribute our products in OUS markets. Revenue from OUS markets accounted for approximately 34%, 33%, and 33% of our revenue for the years ended December 31, 2023, 2022, and 2021, respectively. Our OUS operations are, and will continue to be, subject to a number of risks including: •the failure to obtain or maintain the same degree of protection against infringement of our intellectual property rights due to differing intellectual property protection laws in OUS countries from those in the U.S.; •multiple OUS regulatory requirements that are subject to change and that could impact our ability to manufacture and sell our products; •changes in tariffs, trade barriers, and regulatory requirements; •protectionist laws, policies, and business practices that favor local competitors or lead to non-U.S. customers favoring domestic technology solutions, which could slow our growth in OUS markets; •local or national regulations that make it difficult or impractical to market or use our products; •U.S. relations with the governments of the other countries in which we operate; 27 27 27 Table of Contents Table of Contents •the inability or regulatory limitations on our ability to move goods across borders; •the risks associated with foreign currency exchange rate fluctuations; •the difficulty in establishing, staffing, and managing OUS operations, including differing labor relations; •the expense of establishing facilities and operations in new foreign markets; •the building and maintenance of an organization capable of supporting geographically dispersed operations, including appropriate business procedures and controls; •anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act (“FCPA”), and other local laws prohibiting corrupt payments to government officials; •antitrust and anti-competition laws; •economic weakness, including inflation, or political instability in particular foreign economies and markets, including exposure to a higher degree of financial risk if we extend credit to customers in these economies; and •business interruptions due to natural disasters, outbreak of disease, climate change, and other events beyond our control. For example, in Israel, we have certain research and development operations primarily related to digital products. Depending on the length and extent of the conflict between Israel and Hamas, there may be adverse impacts to certain research and development timelines. Also, we have increased, and will continue to increase, our operations in China. There is inherent risk, based on the complex relationships between China and the U.S., that political, diplomatic, military, or other events could result in business disruptions, including increased regulatory enforcement against companies, tariffs, trade embargoes, or export restrictions. Tariffs increase the cost of our products and the components and raw materials that go into making them. These increased costs adversely impact the gross margin that we earn on our products. Tariffs can also make our products more expensive for customers, which could make our products less competitive and reduce consumer demand. Countries may also adopt other measures, such as controls on imports or exports of goods, technology, or data, which could adversely impact our operations and supply chain and limit our ability to offer our products and services as designed. These measures can require us to take various actions, including changing suppliers and restructuring business relationships. Changing our operations in accordance with new or changed trade restrictions can be expensive, time-consuming, disruptive to our operations and distracting to management. Such restrictions can be announced with little or no advance notice, and we may not be able to effectively mitigate all adverse impacts from such measures. Political uncertainty surrounding trade and other international disputes could also have a negative effect on consumer confidence and spending. Any of these events could reduce customer demand, increase the cost of our products and services, or otherwise have a materially adverse impact on our customers’ and suppliers’ businesses or results of operations. For example, in 2020, the U.S. government amended the Entity List rules to expand the requirement to obtain a license prior to the export of certain technologies. In addition, in 2020, a new U.S. regulation seeks to prohibit the U.S. government from contracting with companies who use the products or services of certain Chinese companies. We believe that these regulations do not materially adversely impact our business at this time but cannot predict the impact that additional regulatory changes may have on our business in the future. These actions or similar actions may result in policies and regulations in response that could adversely affect our business operations in China or may otherwise limit our ability to offer our products and services in China and other parts of the world. Additionally, in July 2023, the Chinese government launched a one-year anti-corruption campaign targeting the healthcare sector. The efforts of this campaign largely aim to curb kickbacks and corruption among individuals who have exploited their positions within medical institutions. As a result of this anti-corruption campaign, the medical institutions have heightened their scrutiny with respect to initiating tenders. Therefore, some tenders were cancelled or delayed without an updated timeline. In the third and fourth quarters of 2023, the effect of this anti-corruption campaign contributed to fewer systems being placed in China. Currently, the extent of the impact of this anti-corruption campaign on our business remains uncertain. Following a national referendum and enactment of legislation by the government of the UK, the UK formally withdrew from the EU and ratified a trade and cooperation agreement governing its relationship with the EU. The EU–UK Trade and Cooperation Agreement (the “TCA”) was applied provisionally as of January 1, 2021, and entered into force on May 1, 2021. The TCA does not specifically refer to medical devices. However, as a result of Brexit, the EU Medical Devices Regulation will not be implemented in the UK, and previous legislation that sought to mirror the EU Medical Devices Regulation in the UK law has been revoked. The regulatory regime for medical devices in Great Britain continues to be based on the requirements derived from previous EU legislation, and the UK may choose to retain regulatory flexibility or align with the EU Medical Devices Regulation going forward. On June 26, 2022, the MHRA published its response to a 10-week consultation on the future regulation of medical devices in the UK. Regulations implementing the new regime were originally scheduled to come into force in July 2023 but the MHRA has confirmed that it is aiming for the core aspects of the new regime to apply from July 28 28 28 Table of Contents Table of Contents 2025. Devices which have valid CE certification issued by EU notified bodies under the EU Medical Devices Regulation or Medical Devices Directive are subject to transitional arrangements. The Government has confirmed that general medical devices compliant with the EU Medical Devices Directive with a valid declaration and CE marking can be placed on the Great Britain market up until the sooner of expiry of certificate or June 30, 2028. Medical devices, including custom-made devices, compliant with the EU Medical Devices Regulation can be placed on the Great Britain market up until June 30, 2030. Following these transitional periods, it is expected that all medical devices will require a UK Conformity Assessment mark. Manufacturers may choose to use the UKCA mark on a voluntary basis prior to the regulations coming into force. However, from July 2025, products that do not have existing and valid CE certification under the EU Medical Devices Directive or EU Medical Devices Regulation and are therefore not subject to the transitional arrangements will be required to carry the UKCA mark if they are to be sold into the market in Great Britain. UKCA marking will not be recognized in the EU. The rules for placing medical devices on the market in Northern Ireland, which is part of the UK, differ from those in Great Britain (England, Scotland and Wales) and continue to be based on EU law. The TCA does provide for cooperation and exchange of information in the area of product safety and compliance, including market surveillance, enforcement activities and measures, standardization-related activities, exchanges of officials, and coordinated product recalls (or other similar actions). For medical devices that are locally manufactured but use components from other countries, the “rules of origin” criteria will need to be reviewed. Depending on which countries products will ultimately be sold in, manufacturers may start seeking alternative sources for components if this would allow them to benefit from no tariffs. The rules for placing medical devices on the Northern Ireland market will differ from those in Great Britain. These developments, or the perception that any related developments could occur, have had and may continue to have a material adverse effect on global economic conditions and financial markets, and our business would likely be impacted and the demand for our products could be depressed. In addition, the U.S. federal government has made changes to the U.S. trade policy, including entering into a successor to the North American Free Trade Agreement (“NAFTA”), known as the United States-Mexico-Canada Agreement (“USMCA”), effective as of July 1, 2020. In addition, the U.S. federal government has implemented, or is considering the imposition of, tariffs on certain foreign goods. Such tariffs and, if enacted, any further legislation or actions taken by the U.S. federal government that restrict trade, such as additional tariffs, trade barriers, and other protectionist or retaliatory measures taken by governments in Europe, Asia, and other countries, could adversely impact our ability to sell products and services in our OUS markets. Tariffs could increase the cost of our products and the components and raw materials that go into making them. These increased costs could adversely impact the gross margin that we earn on our products, which could make our products less competitive and reduce consumer demand. Countries may also adopt other protectionist measures that could limit our ability to offer our products and services. Furthermore, in certain markets, our OUS sales are denominated in U.S. dollars. As a result, an increase in the value of the U.S. dollar relative to foreign currencies could make our products less competitive and/or less affordable in those OUS markets. If we are unable to meet and manage these risks, our OUS operations may not be successful, which would limit the growth of our business and could have a material adverse effect on our business, financial condition, or result of operations.

We manufacture, perform research and development activities, and distribute our products in OUS markets. Revenue from OUS markets accounted for approximately 33%, 33%, and 32% of our revenue for the years ended December 31, 2022, 2021, and 2020, respectively. Our OUS operations are, and will continue to be, subject to a number of risks including: •the failure to obtain or maintain the same degree of protection against infringement of our intellectual property rights due to differing intellectual property protection laws in OUS countries from those in the U.S.; •multiple OUS regulatory requirements that are subject to change and that could impact our ability to manufacture and sell our products; •changes in tariffs, trade barriers, and regulatory requirements; •protectionist laws, policies, and business practices that favor local competitors or lead to non-U.S. customers favoring domestic technology solutions, which could slow our growth in OUS markets; •local or national regulations that make it difficult or impractical to market or use our products; •U.S. relations with the governments of the other countries in which we operate; •the inability or regulatory limitations on our ability to move goods across borders; •the risks associated with foreign currency exchange rate fluctuations; •the difficulty in establishing, staffing, and managing OUS operations, including differing labor relations; •the expense of establishing facilities and operations in new foreign markets; •the building and maintenance of an organization capable of supporting geographically dispersed operations, including appropriate business procedures and controls; 32 32 32 Table of Contents Table of Contents •anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act (“FCPA”), and other local laws prohibiting corrupt payments to governmental officials; •antitrust and anti-competition laws; •economic weakness, including inflation, or political instability in particular foreign economies and markets, including exposure to a higher degree of financial risk if we extend credit to customers in these economies; and •business interruptions due to natural disasters, outbreak of disease, climate change, and other events beyond our control. We have increased, and will continue to increase, our operations in China. There is inherent risk, based on the complex relationships between China and the U.S., that political, diplomatic, military, or other events could result in business disruptions, including increased regulatory enforcement against companies, tariffs, trade embargoes, or export restrictions. Tariffs increase the cost of our products and the components and raw materials that go into making them. These increased costs adversely impact the gross margin that we earn on our products. Tariffs can also make our products more expensive for customers, which could make our products less competitive and reduce consumer demand. Countries may also adopt other measures, such as controls on imports or exports of goods, technology, or data, which could adversely impact our operations and supply chain and limit our ability to offer our products and services as designed. These measures can require us to take various actions, including changing suppliers and restructuring business relationships. Changing our operations in accordance with new or changed trade restrictions can be expensive, time-consuming, disruptive to our operations and distracting to management. Such restrictions can be announced with little or no advance notice, and we may not be able to effectively mitigate all adverse impacts from such measures. Political uncertainty surrounding trade and other international disputes could also have a negative effect on consumer confidence and spending. Any of these events could reduce customer demand, increase the cost of our products and services, or otherwise have a materially adverse impact on our customers’ and suppliers’ businesses or results of operations. For example, in 2020, the U.S. government amended the Entity List rules to expand the requirement to obtain a license prior to the export of certain technologies. In addition, in 2020, a new U.S. regulation seeks to prohibit the U.S. government from contracting with companies who use the products or services of certain Chinese companies. We believe that these regulations do not materially adversely impact our business at this time but cannot predict the impact that additional regulatory changes may have on our business in the future. These actions or similar actions may result in policies and regulations in response that could adversely affect our business operations in China or may otherwise limit our ability to offer our products and services in China and other parts of the world. Following a national referendum and enactment of legislation by the government of the UK, the UK formally withdrew from the EU and ratified a trade and cooperation agreement governing its relationship with the EU. The EU–UK Trade and Cooperation Agreement (the “TCA”) was applied provisionally as of January 1, 2021, and entered into force on May 1, 2021. The TCA does not specifically refer to medical devices. However, as a result of Brexit, the EU Medical Devices Regulation will not be implemented in the UK, and previous legislation that sought to mirror the EU Medical Devices Regulation in the UK law has been revoked. The regulatory regime for medical devices in Great Britain continues to be based on the requirements derived from previous EU legislation, and the UK may choose to retain regulatory flexibility or align with the EU Medical Devices Regulation going forward. On June 26, 2022, the MHRA published its response to a 10-week consultation on the future regulation of medical devices in the UK. Regulations implementing the new regime were originally scheduled to come into force in July 2023 but have recently been postponed to July 2024. Devices issued by EU notified bodies are now subject to transitional arrangements. Following these transitional periods, it is expected that all medical devices will require a UKCA mark, but CE marks issued by EU notified bodies will remain valid until this time. Manufacturers may choose to use the UKCA mark on a voluntary basis until June 30, 2023. However, UKCA marking will not be recognized in the EU. Following the transitional period, compliance with the UK legislation will be a prerequisite to be able to affix the UKCA mark to our products, without which they cannot be sold or marketed in Great Britain. The TCA does provide for cooperation and exchange of information in the area of product safety and compliance, including market surveillance, enforcement activities and measures, standardization-related activities, exchanges of officials, and coordinated product recalls (or other similar actions). For medical devices that are locally manufactured but use components from other countries, the “rules of origin” criteria will need to be reviewed. Depending on which countries products will ultimately be sold in, manufacturers may start seeking alternative sources for components if this would allow them to benefit from no tariffs. The rules for placing medical devices on the Northern Ireland market will differ from those in Great Britain. These developments, or the perception that any related developments could occur, have had and may continue to have a material adverse effect on global economic conditions and financial markets, and our business would likely be impacted and the demand for our products could be depressed. In addition, the U.S. federal government has made changes to the U.S. trade policy, including entering into a successor to the North American Free Trade Agreement (“NAFTA”), known as the United States-Mexico-Canada Agreement (“USMCA”), effective as of July 1, 2020. In addition, the U.S. federal government has implemented, or is considering the imposition of, tariffs on certain foreign goods. Such tariffs and, if enacted, any further legislation or actions taken by the U.S. federal 33 33 33 Table of Contents Table of Contents government that restrict trade, such as additional tariffs, trade barriers, and other protectionist or retaliatory measures taken by governments in Europe, Asia, and other countries, could adversely impact our ability to sell products and services in our OUS markets. Tariffs could increase the cost of our products and the components and raw materials that go into making them. These increased costs could adversely impact the gross margin that we earn on our products, which could make our products less competitive and reduce consumer demand. Countries may also adopt other protectionist measures that could limit our ability to offer our products and services. Furthermore, a large portion of our OUS sales are denominated in U.S. dollars. As a result, an increase in the value of the U.S. dollar relative to foreign currencies could make our products less competitive and/or less affordable in OUS markets. If we are unable to meet and manage these risks, our OUS operations may not be successful, which would limit the growth of our business and could have a material adverse effect on our business, financial condition, or result of operations.

In the U.S., hospitals generally bill for the services performed with our products to various third-party payors, such as Medicare, Medicaid, other government programs, and private insurance plans. If hospitals do not obtain sufficient reimbursement from third-party payors for procedures performed with our products, or if government and private payors’ policies do not cover surgical procedures performed using our products, we may not be able to generate the revenues necessary to support our business. In addition, to the extent that there is a shift from an inpatient setting to outpatient settings, we may experience pricing pressure and a reduction in the number of procedures performed. Our success in OUS markets also depends on the eligibility of our products for coverage and reimbursement through government-sponsored healthcare payment systems and third-party payors. Reimbursement practices vary significantly by country. Many OUS markets have government-managed healthcare systems that control reimbursement for new products and procedures. Other foreign markets have both private insurance systems and government-managed systems that control reimbursement for new products and procedures. Market acceptance of our products may depend on the availability and level of coverage and reimbursement in a country within a particular time. In addition, healthcare cost containment efforts similar to those in the U.S. are prevalent in many of the other countries in which we sell, and intend to sell, our products, and these efforts are expected to continue. Refer to our risk factor titled “Changes in Healthcare Legislation and Policy May Have a Material Adverse Effect on Our Business, Financial Condition, or Results of Operations” for additional risks related to the ability of hospitals to obtain reimbursements. In China, since 2022, several provinces, including the Hunan Provincial Healthcare Security Administration, have implemented significant limits on what hospitals can charge patients for surgeries using robotic surgical technology, including soft tissue surgery and orthopedics. These limits have significantly impacted the number of procedures performed and have impacted our instruments and accessories revenue in those provinces. Companies providing robotic surgical technology, 32 32 32 Table of Contents Table of Contents including our joint venture in China, have been meeting with Chinese government healthcare agencies to discuss these developments and to provide feedback. We cannot assure you that additional provincial or national healthcare agencies and administrations will not impose similar limits, and we expect to continue to face increased pricing pressure, both of which could further impact the number of procedures performed and our instruments and accessories revenue in China.

In the U.S., hospitals generally bill for the services performed with our products to various third-party payors, such as Medicare, Medicaid, other government programs, and private insurance plans. If hospitals do not obtain sufficient reimbursement from third-party payors for procedures performed with our products, or if government and private payors’ policies do not cover surgical procedures performed using our products, we may not be able to generate the revenues necessary to support our business. In addition, to the extent that there is a shift from an inpatient setting to outpatient settings, we may 29 29 29 Table of Contents Table of Contents experience pricing pressure and a reduction in the number of procedures performed. Our success in OUS markets also depends on the eligibility of our products for coverage and reimbursement through government-sponsored healthcare payment systems and third-party payors. Reimbursement practices vary significantly by country. Many OUS markets have government-managed healthcare systems that control reimbursement for new products and procedures. Other foreign markets have both private insurance systems and government-managed systems that control reimbursement for new products and procedures. Market acceptance of our products may depend on the availability and level of coverage and reimbursement in a country within a particular time. In addition, healthcare cost containment efforts similar to those in the U.S. are prevalent in many of the other countries in which we sell, and intend to sell, our products, and these efforts are expected to continue. Refer to our risk factor titled “Changes in Healthcare Legislation and Policy May Have a Material Adverse Effect on Our Business, Financial Condition, or Results of Operations” for additional risks related to the ability of hospitals to obtain reimbursements. In China, the Hunan Provincial Healthcare Security Administration implemented significant limits on what hospitals can charge patients for surgeries using robotic surgical technology, including soft tissue surgery and orthopedics. This rule has had and may continue to have a material negative impact on our procedures performed in the Hunan province. In addition to the Hunan province, the Hainan province (an island province of China) recently announced a policy to implement almost identical limits on what hospitals can charge patients for surgeries using robotic surgical technology. We cannot assure you that other provincial healthcare administrations will not impose similar limits.

Robotic-assisted surgery with a da Vinci surgical system or robotic-assisted bronchoscopy with an Ion endoluminal system are technologies that compete with established and emerging treatment options in reconstructive medical procedures or disease management. These competitive treatment options include open surgery, conventional MIS, drug therapies, radiation treatment, and other emerging diagnostic and interventional surgical approaches. Some of these procedures are widely accepted in the medical community and, in many cases, have a long history of use. Technological advances could make such treatments more effective or less expensive than using our products, which could render our products obsolete or unmarketable. Studies could be published that show that other treatment options are more beneficial and/or cost-effective than robotic-assisted medical procedures. For example, in 2023, certain drugs initially approved for use in diabetes patients gained market acceptance for use in weight loss following FDA approvals for weight loss indications. The availability and effectiveness of weight loss drugs have adversely impacted our da Vinci surgical system bariatric procedures by causing some patients to reconsider the surgical option. At this time, it is difficult to predict the long-term market impact of these drugs, including their long-term efficacy and potential drawbacks. We cannot be certain that physicians will use our products to replace or supplement established treatments or that our products will continue to be competitive with current or future technologies. Additionally, we face or expect to face competition from companies that develop or have developed wristed, robotic-assisted, or computer-assisted medical systems and products. Companies have introduced products in the field of robotic medical procedures or have made explicit statements about their efforts to enter the field including, but not limited to, the following companies: Asensus Surgical, Inc.; Beijing Surgerii Robotics Company Limited; CMR Surgical Ltd.; Johnson & Johnson; Medicaroid Corporation; Medtronic plc; meerecompany Inc.; Noah Medical; Shandong Weigao Group Medical Polymer Company Ltd.; Shanghai Microport Medbot (Group) Co., Ltd.; and Shenzhen Edge Medical Co., Ltd. Other companies with substantial experience in industrial robotics could potentially expand into the field of medical robotics and become competitors. Our revenues may be reduced due to pricing pressure or eliminated if our competitors develop and market products that are more effective or less expensive than our products. If we are unable to compete successfully, our revenues will suffer, which could have a material adverse effect on our business, financial condition, or result of operations. We may not be able to maintain or improve our competitive position against current or potential competitors, especially those with greater resources. In addition, third-party service providers that service da Vinci surgical system and Ion endoluminal system operators may emerge and compete with us on price or offerings. To date, substantially all of our customers have sourced services on their systems from us through service contract commitments or time and materials contracts. Furthermore, there are third-party service providers offering consulting services targeted at analyzing the cost-effectiveness of hospitals’ robotic-assisted medical programs, including procedures performed, placement of systems, and consumption of instruments and accessories. We currently provide similar services and analysis to our customers, but it is difficult to assess the impact that this may have on our business. If we are unable to compete successfully with any third-party service providers, our revenues may suffer.

Robotic-assisted surgery with a da Vinci Surgical System or robotic-assisted bronchoscopy using an Ion endoluminal system are technologies that compete with established and emerging treatment options in reconstructive medical procedures or 28 28 28 Table of Contents Table of Contents disease management. These competitive treatment options include open surgery, conventional MIS, drug therapies, radiation treatment, and other emerging diagnostic and interventional surgical approaches. Some of these procedures are widely accepted in the medical community and, in many cases, have a long history of use. Technological advances could make such treatments more effective or less expensive than using our products, which could render our products obsolete or unmarketable. Studies could be published that show that other treatment options are more beneficial and/or cost-effective than robotic-assisted medical procedures. We cannot be certain that physicians will use our products to replace or supplement established treatments or that our products will continue to be competitive with current or future technologies. Additionally, we face or expect to face competition from companies that develop or have developed wristed, robotic-assisted, or computer-assisted medical systems and products. Companies have introduced products in the field of robotic medical procedures or have made explicit statements about their efforts to enter the field including, but not limited to, the following companies: Asensus Surgical, Inc.; avateramedical GmbH; CMR Surgical Ltd.; Johnson & Johnson; Medicaroid Corporation; Medrobotics Corporation; Medtronic plc; meerecompany Inc.; Olympus Corporation; Samsung Electronics Co., Ltd; Shandong Weigao Group Medical Polymer Company Ltd.; Shanghai Microport Medbot (Group) Co., Ltd.; and Titan Medical Inc. Other companies with substantial experience in industrial robotics could potentially expand into the field of medical robotics and become competitors. Our revenues may be reduced due to pricing pressure or eliminated if our competitors develop and market products that are more effective or less expensive than our products. If we are unable to compete successfully, our revenues will suffer, which could have a material adverse effect on our business, financial condition, or result of operations. We may not be able to maintain or improve our competitive position against current or potential competitors, especially those with greater resources. In addition, third-party service providers that provide services to da Vinci Surgical System and Ion endoluminal system operators may emerge and compete with us on price or offerings. To date, substantially all of our customers have sourced services on their systems from us through service contract commitments or time and materials contracts. Furthermore, there are third-party service providers offering consulting services targeted at analyzing the cost-effectiveness of hospitals’ robotic-assisted medical programs, including procedures performed, placement of systems, and consumption of instruments and accessories. We currently provide similar services and analysis to our customers, but it is difficult to assess the impact that this may have on our business. If we are unable to compete successfully with any third-party service providers, our revenues may suffer.

The healthcare industry has been consolidating, and organizations continue to consolidate purchasing decisions for many of our healthcare provider customers. Numerous initiatives and reforms by legislators, regulators, and third-party payers to curb the rising cost of healthcare have catalyzed a consolidation of aggregate purchasing power within the markets in which we sell our products. As the healthcare industry consolidates, competition to provide products and services is expected to continue to intensify, resulting in pricing pressures and decreased average selling prices. In addition, for smaller hospitals or groups that do not consolidate with larger networks, these entities may face increasing cost and/or competitive pressures, which could impact 46 46 46 Table of Contents Table of Contents their ability to purchase additional products and services from us or make contractual payments over time. We expect that market demand, government regulation, third-party payor coverage and reimbursement policies, government contracting requirements, new entrants, technology, and societal pressures will continue to change the worldwide healthcare industry, resulting in further consolidation, which may exert further downward pressure on prices of our products and services and may have a material adverse impact on our business, financial condition, or results of operations.

The healthcare industry has been consolidating, and organizations continue to consolidate purchasing decisions for many of our healthcare provider customers. Numerous initiatives and reforms by legislators, regulators, and third-party payers to curb the rising cost of healthcare have catalyzed a consolidation of aggregate purchasing power within the markets in which we sell our products. As the healthcare industry consolidates, competition to provide products and services is expected to continue to intensify, resulting in pricing pressures and decreased average selling prices. We expect that market demand, government regulation, third-party payor coverage and reimbursement policies, government contracting requirements, and societal pressures will continue to change the worldwide healthcare industry, resulting in further consolidation, which may exert further downward pressure on prices of our products and services and may have a material adverse impact on our business, financial condition, or results of operations. 42 42 42 Table of Contents Table of Contents

Hospitals, health systems, and physicians depend on a number of government agencies and services to effectively deliver healthcare to their patients. A prolonged government shutdown could impact inspections, regulatory review and certifications, grants, or approvals or could cause other situations that could impede their ability to effectively deliver healthcare, including attempts to reduce payments and other reimbursements to hospitals by federal healthcare programs. These situations could adversely affect our customers’ ability to perform procedures with our devices and/or their decisions to purchase additional products from us. In addition, the ability of the FDA, foreign authorities, and notified bodies to review and clear, approve, or certify new products can be affected by a variety of factors, including government budget and funding levels, ability to hire and retain key personnel and accept the payment of user fees, and statutory, regulatory, and policy changes. In addition, government funding of other government agencies that fund research and development activities is subject to the political process, which is inherently fluid and unpredictable. Disruptions at the FDA and other agencies or notified bodies, including a prolonged government shutdown, may cause significant regulatory delays and, therefore, delay our efforts to seek clearances, approvals, or certifications from the FDA, foreign authorities, and notified bodies and adversely affect business travel and import and export of products, all of which could have a material adverse effect on our business, financial condition, or results of operations. For example, over the last several years, the U.S. government has shut down several times, and certain regulatory agencies, such as the FDA, have had to furlough critical FDA employees and stop critical activities. Separately, in response to the global COVID-19 pandemic, the FDA postponed most inspections of domestic and foreign manufacturing facilities at various points. Even though the FDA has since resumed standard inspection operations of domestic facilities where feasible, any resurgence of the virus or emergence of new variants may lead to further inspectional or administrative delays. If a prolonged government shutdown occurs, or if global health concerns prevent the FDA, other regulatory authorities, or notified bodies from conducting their regular inspections, reviews, or other regulatory activities, it could significantly impact the ability of the FDA, other regulatory authorities, or notified bodies to timely review and process our regulatory submissions, which could have a material adverse effect on our business. For instance, in the EU, notified bodies must be officially designated to certify products and services in accordance with the EU Medical Devices Regulation. Their designation process, which is significantly stricter under the new regulation, has experienced considerable delays due to the COVID-19 pandemic. Despite a recent increase in designations, the current number of notified bodies designated under the new Regulation remains significantly lower than the number of notified bodies designated under the previous regime. The current designated notified bodies are, therefore, facing a backlog of requests, and review times have lengthened. This situation could impact our ability to grow our business in the EU and EEA.

Hospitals, health systems, and physicians depend on a number of government agencies and services to effectively deliver healthcare to their patients. A prolonged government shutdown could impact inspections, regulatory review and certifications, grants, or approvals or could cause other situations that could impede their ability to effectively deliver healthcare, including attempts to reduce payments and other reimbursements to hospitals by federal healthcare programs. These situations could adversely affect our customers’ ability to perform procedures with our devices and/or their decisions to purchase additional products from us. 41 41 41 Table of Contents Table of Contents In addition, the ability of the FDA, foreign authorities, and notified bodies to review and clear, approve, or certify new products can be affected by a variety of factors, including government budget and funding levels, ability to hire and retain key personnel and accept the payment of user fees, and statutory, regulatory, and policy changes. In addition, government funding of other government agencies that fund research and development activities is subject to the political process, which is inherently fluid and unpredictable. Disruptions at the FDA and other agencies or notified bodies, including a prolonged government shutdown, may cause significant regulatory delays and, therefore, delay our efforts to seek clearances, approvals, or certifications from the FDA, foreign authorities, and notified bodies and adversely affect business travel and import and export of products, all of which could have a material adverse effect on our business, financial condition, or results of operations. For example, over the last several years, the U.S. government has shut down several times, and certain regulatory agencies, such as the FDA, have had to furlough critical FDA employees and stop critical activities. Separately, in response to the global COVID-19 pandemic, the FDA postponed most inspections of domestic and foreign manufacturing facilities at various points. Even though the FDA has since resumed standard inspection operations of domestic facilities where feasible, the FDA has continued to monitor and implement changes to its inspectional activities to ensure the safety of its employees and those of the firms it regulates as it adapts to the evolving COVID-19 pandemic, and any resurgence of the virus or emergence of new variants may lead to further inspectional delays. Regulatory authorities outside the United States have adopted similar restrictions or other policy measures in response to the COVID-19 pandemic. If a prolonged government shutdown occurs, or if global health concerns continue to prevent the FDA, other regulatory authorities, or notified bodies from conducting their regular inspections, reviews, or other regulatory activities, it could significantly impact the ability of the FDA, other regulatory authorities, or notified bodies to timely review and process our regulatory submissions, which could have a material adverse effect on our business. For instance, in the EU, notified bodies must be officially designated to certify products and services in accordance with the EU Medical Devices Regulation. While several notified bodies have been designated, the COVID-19 pandemic has significantly slowed down their designation process, and the current designated notified bodies are facing a large number of requests with the new regulation, as a consequence of which review times have lengthened. Unless additional transitional measures are implemented, this situation could impact our ability to grow our business in the EU and EEA.

Our investment portfolio includes both domestic and international investments. The credit ratings and pricing of our investments can be negatively affected by liquidity concerns, credit deterioration, financial results, economic risk, political risk, or other factors. As a result, the value and liquidity of our cash equivalents and marketable securities could fluctuate substantially. Our other income and expense could also vary materially from expectations depending on gains or losses realized on the sale or exchange of investments, impairment charges resulting from revaluations of debt and equity securities and other investments, changes in interest rates, increases or decreases in cash balances, volatility in foreign exchange rates, and changes in the fair value of derivative instruments. Increased volatility in the financial markets and overall economic uncertainty could increase the risk that actual amounts realized on our investments may differ significantly from the fair values currently assigned to them. The value of our investments may also decline due to instability in the global financial markets, which may reduce the liquidity of securities included in our portfolio. The closure of SVB and other institutions swept into receivership and the appointment of the FDIC as receiver in 2023 created bank-specific and broader financial institution liquidity risk and concerns. Although the U.S. Department of the Treasury, the Federal Reserve, and the FDIC jointly released a statement that depositors at SVB and other banks that have been similarly swept into receivership would have access to their funds, even those in excess of the standard FDIC insurance limits, under a systemic risk exception, future adverse developments with respect to specific financial institutions or the broader financial services industry may impair our ability to access capital needed to support near-term working capital needs, whether from our existing investment and deposit accounts and credit facilities or otherwise, and may lead to market-wide liquidity shortages and create additional market and economic uncertainty. Any decline in available funding or access to our cash and liquidity resources could also result in breaches of our financial and/or contractual obligations. Our Intuitive Ventures fund invests in early-stage companies, which involve substantial risks and uncertainties. These risks and uncertainties include, among other things, uncertainties inherent in research and development; uncertainties regarding the ability of Intuitive Ventures to identify investment candidates; uncertainties regarding the success of Intuitive Ventures’ investments; uncertainties and variables inherent in the operating and financial performance in investments made, including, among other things, competitive developments and general economic, political, business, industry, regulatory and market conditions; future exchange and interest rates; and changes in tax and other laws, regulations, rates and policies. While we have not realized any significant losses on our cash equivalents, marketable securities, or other investments, future fluctuations in their value could have a material adverse impact on our business, financial condition, or results of operations.

Our investment portfolio includes both domestic and international investments. The credit ratings and pricing of our investments can be negatively affected by liquidity concerns, credit deterioration, financial results, economic risk, political risk, or other factors. As a result, the value and liquidity of our cash equivalents and marketable securities could fluctuate substantially. Our other income and expense could also vary materially from expectations depending on gains or losses realized on the sale or exchange of investments, impairment charges resulting from revaluations of debt and equity securities and other investments, changes in interest rates, increases or decreases in cash balances, volatility in foreign exchange rates, and changes in the fair value of derivative instruments. Increased volatility in the financial markets and overall economic uncertainty could increase the risk that actual amounts realized on our investments may differ significantly from the fair values currently assigned to them. Our Intuitive Ventures fund plans to invest in early-stage companies, which involve substantial risks and uncertainties. These risks and uncertainties include, among other things, uncertainties inherent in research and development; uncertainties regarding the ability of Intuitive Ventures to identify investment candidates; uncertainties regarding the success of Intuitive Ventures’ investments; uncertainties and variables inherent in the operating and financial performance in investments made, including, among other things, competitive developments and general economic, political, business, industry, regulatory and market conditions; future exchange and interest rates; and changes in tax and other laws, regulations, rates and policies. While we have not realized any significant losses on our cash equivalents, marketable securities, or other investments, future fluctuations in their value could have a material adverse impact on our business, financial condition, or results of operations.

We are subject to taxes in the U.S. and other jurisdictions around the world. Tax rates in these jurisdictions may be subject to significant change due to economic and/or political conditions. A number of other factors may also impact our future effective tax rate, including: •the jurisdictions in which profits are determined to be earned and taxed; •the resolution of issues arising from tax audits with various tax authorities; •changes in the valuation of our deferred tax assets and liabilities; •increases in expenses not deductible for tax purposes, including write-offs of acquired intangibles and impairment of goodwill in connection with acquisitions; •changes in the availability of tax credits, tax holidays, and tax deductions; •changes in share-based compensation; •changes in tax laws or the interpretation of such tax laws; and •changes in generally accepted accounting principles. 44 44 44 Table of Contents Table of Contents We are unable to predict what changes to the tax laws of the U.S. and other jurisdictions may be proposed or enacted in the future or what effect such changes would have on our business, including changes resulting from the base erosion and profit shifting (“BEPS”) project undertaken by the Organization for Economic Co-operation and Development (“OECD”). As part of the OECD’s BEPS project, over 140 member jurisdictions of the OECD Inclusive Framework have joined the Two-Pillar Solution to Address the Tax Challenges of the Digitalization of the Economy, which includes a reallocation of taxing rights among jurisdictions and a global minimum tax rate of 15%. On December 15, 2022, the Council of the European Union approved its directive to implement rules regarding such a 15% global minimum tax rate. Other countries have adopted, or have announced plans to adopt, new tax laws to align with the global minimum tax. These changes could increase tax uncertainty and may adversely impact our provision for income taxes. Any significant increase in our future effective tax rate could have a material adverse impact on our business, financial condition, or results of operations.

We are subject to taxes in the U.S. and other jurisdictions around the world. Tax rates in these jurisdictions may be subject to significant change due to economic and/or political conditions. A number of other factors may also impact our future effective tax rate, including: •the jurisdictions in which profits are determined to be earned and taxed; •the resolution of issues arising from tax audits with various tax authorities; •changes in the valuation of our deferred tax assets and liabilities; •increases in expenses not deductible for tax purposes, including write-offs of acquired intangibles and impairment of goodwill in connection with acquisitions; •changes in the availability of tax credits, tax holidays, and tax deductions; 43 43 43 Table of Contents Table of Contents •changes in share-based compensation; and •changes in tax laws or the interpretation of such tax laws and changes in generally accepted accounting principles. We are unable to predict what changes to the tax laws of the U.S. and other jurisdictions may be proposed or enacted in the future or what effect such changes would have on our business. Any significant increase in our future effective tax rate could have a material adverse impact on our business, financial condition, or results of operations.

In February 2022, Russian military forces launched a military action in Ukraine, and sustained conflict and disruption in the region has continued. Russia’s military actions against Ukraine have led to substantial expansion of sanction programs imposed by the United States, the European Union, the United Kingdom, Canada, Switzerland, Japan, and other countries against Russia, Belarus, the Crimea Region of Ukraine, the so-called Donetsk People’s Republic, and the so-called Luhansk People’s Republic, including, among others: •blocking sanctions against some of the largest state-owned and private Russian financial institutions (and their subsequent removal from the Society for Worldwide Interbank Financial Telecommunication payment system) and certain Russian businesses, some of which have significant financial and trade ties to the European Union; •blocking sanctions against Russian and Belarusian individuals, including the Russian President, other politicians, and those with government connections or involved in Russian military activities; and •blocking of Russia’s foreign currency reserves as well as expansion of sectoral sanctions and export and trade restrictions, limitations on investments and access to capital markets, and bans on various Russian imports. In retaliation against new international sanctions and as part of measures to stabilize and support the volatile Russian financial and currency markets, the Russian authorities also imposed significant currency control measures aimed at restricting the outflow of foreign currency and capital from Russia, imposed various restrictions on transacting with non-Russian parties, banned exports of various products, and imposed other economic and financial restrictions. The situation is rapidly evolving, and additional sanctions by Russia on the one hand, and by the other countries on the other hand, could adversely affect the global economy, financial markets, energy supply and prices, certain critical materials and metals, supply chains, and global logistics and could adversely affect our business, financial condition, or results of operations. Separately, on October 7, 2023, Hamas, a U.S.-designated terrorist organization, launched a series of coordinated attacks from the Gaza Strip onto Israel. On October 8, 2023, Israel formally declared war on Hamas, and the armed conflict is ongoing as of the date of this filing. Hostilities between Israel and Hamas could escalate and involve surrounding countries in the Middle East. Furthermore, following Hamas’ attack on Israel, the Houthi movement, which controls parts of Yemen, launched a number of attacks on marine vessels in the Red Sea. The Red Sea is an important maritime route for international trade. As a result of such disruptions, we may experience in the future extended lead times, delays in supplier deliveries, and increased freight costs. The risk of ongoing supply disruptions may further result in delayed deliveries of our products. 40 40 40 Table of Contents Table of Contents We are actively monitoring the situation in Ukraine and Russia and the conflict between Israel and Hamas and assessing the impacts on our business, including our business partners and customers. To date, we have not experienced any material interruptions in our infrastructure, supplies, technology systems, or networks needed to support our operations. We have no way to predict the progress, outcome, or consequences of the military conflict in Ukraine or its impacts in Ukraine, Russia, Belarus, Europe, or the U.S., or of the conflict in the Israel-Gaza regions and any potential increases in hostilities in the Middle East. The length, impact, and outcome of ongoing military conflicts is highly unpredictable and could lead to significant market and other disruptions, including significant volatility in commodity prices and supply of energy resources, instability in financial markets, supply chain interruptions, political and social instability, trade disputes or trade barriers, changes in consumer or purchaser preferences, as well as an increase in cyberattacks and espionage. The extent and duration of the military action, sanctions, other consequences, such as restrictions on transactions or banning the export of energy products, including natural gas, and the resulting market disruptions could be significant and could potentially have substantial impact on the global economy and our business for an unknown period of time. Impacts to our business may include, but are not limited to, procedures performed, demand for our products, and ability to spend on capital equipment and healthcare in general. Any such disruption may also magnify the impact of other risks described.

In February 2022, Russian military forces launched a military action in Ukraine, and sustained conflict and disruption in the region has continued. The length, impact, and outcome of this ongoing military conflict is highly unpredictable and could lead to significant market and other disruptions, including significant volatility in commodity prices and supply of energy resources, instability in financial markets, supply chain interruptions, political and social instability, trade disputes or trade barriers, changes in consumer or purchaser preferences, as well as an increase in cyberattacks and espionage. Russia’s military actions against Ukraine have led to substantial expansion of sanction programs imposed by the United States, the European Union, the United Kingdom, Canada, Switzerland, Japan, and other countries against Russia, Belarus, the 40 40 40 Table of Contents Table of Contents Crimea Region of Ukraine, the so-called Donetsk People’s Republic, and the so-called Luhansk People’s Republic, including, among others: •blocking sanctions against some of the largest state-owned and private Russian financial institutions (and their subsequent removal from the Society for Worldwide Interbank Financial Telecommunication payment system) and certain Russian businesses, some of which have significant financial and trade ties to the European Union; •blocking sanctions against Russian and Belarusian individuals, including the Russian President, other politicians, and those with government connections or involved in Russian military activities; and •blocking of Russia’s foreign currency reserves as well as expansion of sectoral sanctions and export and trade restrictions, limitations on investments and access to capital markets, and bans on various Russian imports. In retaliation against new international sanctions and as part of measures to stabilize and support the volatile Russian financial and currency markets, the Russian authorities also imposed significant currency control measures aimed at restricting the outflow of foreign currency and capital from Russia, imposed various restrictions on transacting with non-Russian parties, banned exports of various products, and imposed other economic and financial restrictions. The situation is rapidly evolving, and additional sanctions by Russia on the one hand, and by the other countries on the other hand, could adversely affect the global economy, financial markets, energy supply and prices, certain critical materials and metals, supply chains, and global logistics and could adversely affect our business, financial condition, or results of operations. We are actively monitoring the situation in Ukraine and Russia and assessing its impact on our business, including our business partners and customers. To date, we have not experienced any material interruptions in our infrastructure, supplies, technology systems, or networks needed to support our operations. We have no way to predict the progress or outcome of the military conflict in Ukraine or its impacts in Ukraine, Russia, Belarus, Europe, or the U.S. The extent and duration of the military action, sanctions, other consequences, such as Russia imposing restrictions on transactions or banning the export of energy products, including natural gas, and the resulting market disruptions could be significant and could potentially have substantial impact on the global economy and our business for an unknown period of time. Impacts to our business may include, but are not limited to, procedures performed, demand for our products, and ability to spend on capital equipment and healthcare in general. Any such disruption may also magnify the impact of other risks described.

Macroeconomic conditions, such as high inflationary pressure, changes to monetary policy, high interest rates, volatile currency exchange rates, credit and sovereign debt concerns, concerns about slowed growth in China and other OUS markets, decreasing consumer confidence and spending, including capital spending, concerns about the stability and liquidity of certain financial institutions, the introduction of or changes in tariffs or trade barriers, and global or local recessions can adversely impact demand for our products, which could negatively impact our business, financial condition, or results of operations. Recent macroeconomic conditions have been adversely impacted by geopolitical instability and military hostilities in multiple geographies (including the conflict between Ukraine and Russia and the conflict between Israel and Hamas), monetary and financial uncertainties, and the COVID-19 pandemic. The results of these macroeconomic conditions, and the actions taken by governments, central banks, companies, and consumers in response, have resulted in, and may continue to result in, higher inflation in the U.S. and globally, which is likely, in turn, to lead to an increase in costs and may cause changes in fiscal and monetary policy, including additional increases in 26 26 26 Table of Contents Table of Contents interest rates. Other adverse impacts of recent macroeconomic conditions have been, and may continue to be, supply chain constraints, logistics challenges, liquidity concerns in the broader financial services industry, and fluctuations in labor availability. Adverse developments that affect financial institutions, transactional counterparties, or other third parties, or concerns or rumors about these events, have in the past led to, and may in the future lead to, market-wide liquidity problems. For example, on March 10, 2023, Silicon Valley Bank (“SVB”) was closed by the California Department of Financial Protection and Innovation, which appointed the U.S. Federal Deposit Insurance Corporation (“FDIC”) as receiver. Similarly, other institutions have been, and may continue to be, swept into receivership. Uncertainty may remain over liquidity concerns in the broader financial services industry, and there may be unpredictable impacts to our business and our industry. In a higher inflationary environment, we may be unable to raise the prices of our products and services sufficiently to keep up with the rate of inflation. Impacts from inflationary pressures could be more pronounced and materially adversely impact aspects of our business where revenue streams and cost commitments are linked to contractual agreements that extend further into the future, as we may not be able to quickly or easily adjust pricing, reduce costs, or implement countermeasures. A higher inflationary environment can also negatively impact raw material, component, and logistics costs that, in turn, may increase the costs of producing and distributing our products. Furthermore, hospitals and distributors may choose to postpone or reduce spending due to financial difficulties or difficulties in obtaining credit to finance purchases of our products due to increased interest rates and restraints on credit. Hospitals and distributors may also be adversely affected by the liquidity concerns in the broader financial services industry, as described above, that could result in delayed access or loss of access to uninsured deposits or loss of their ability to draw on existing credit facilities involving a troubled or failed financial institution. Hospitals, in particular, are experiencing and may continue to experience financial and operational pressures as a result of staffing shortages, the supply chain environment, and high inflation, which could impact their ability to access capital markets and other funding sources, increase the cost of funding, or impede their ability to comply with debt covenants, all of which could impede their ability to provide patient care, defer elective surgeries, and impact their profitability. To the extent that hospitals face financial pressures, delayed access or loss of access to uninsured deposits, delayed access or loss of ability to draw on existing credit facilities, reductions in government spending, or higher interest rates, hospitals’ ability or willingness to spend on capital equipment may be adversely impacted, all of which could have a material adverse effect on our business, financial condition, or results of operations. Additionally, with economic uncertainty, an increase in unemployment rates, and increasing health insurance premiums, co-payments and deductibles may result in cost-conscious consumers pursuing fewer elective surgical procedures, which, in turn, could adversely affect procedure volumes and system demand. We are unable to predict the impact of efforts by central banks and federal, state, and local governments to combat elevated levels of inflation. If their efforts to create downward pressure on inflation are too aggressive, they may lead to a recession. Alternatively, if they are insufficient or are not sustained long enough to bring inflation to lower, more acceptable levels, hospitals’ ability or willingness to spend on capital equipment may be impacted for a prolonged period of time. If a recession occurs, economies weaken, or inflationary trends continue, our business and operating results could be materially adversely affected. Also, we have, and may continue to, experience supply chain constraints due to the current supply chain environment, including difficulties obtaining a sufficient supply of component materials used in our products. If interest rates continue to rise, access to credit may become more difficult, which may result in the insolvency of key suppliers, including single-source suppliers, which would exacerbate supply chain challenges. Such supply chain constraints could cause us to fail to meet product demand, which could result in deferred or canceled procedures.

Macroeconomic conditions, such as high inflation, changes to monetary policy, increasing interest rates, volatile currency exchange rates, credit and sovereign debt concerns in certain European countries, concerns about slowed growth in China and other OUS markets, decreasing consumer confidence and spending, including capital spending, and global or local recessions can adversely impact demand for our products, which could negatively impact our business, financial condition, or results of operations. Recent macroeconomic conditions have been adversely impacted by political instability and military hostilities in multiple geographies (including the conflict between Ukraine and Russia), monetary and financial uncertainties, and the ongoing COVID-19 pandemic. The results of these macroeconomic conditions, and the actions taken by governments, central banks, companies, and consumers in response, have and may continue to result in higher inflation in the U.S. and globally, which is likely, in turn, to lead to an increase in costs and may cause changes in fiscal and monetary policy, including increased interest rates. Other adverse impacts of recent macroeconomic conditions have been and may continue to be supply chain constraints, logistics challenges, and fluctuations in labor availability. In a higher inflationary environment, we may be unable to raise the prices of our products and services sufficiently to keep up with the rate of inflation. Impacts from inflationary pressures could be more pronounced and materially adversely impact aspects of our business where revenue streams and cost commitments are linked to contractual agreements that extend further into the future, as we may not be able to quickly or easily adjust pricing, reduce costs, or implement countermeasures. A higher inflationary environment can also negatively impact raw material, component, and logistics costs that, in turn, may increase the costs of producing and distributing our products. Recently, the costs of raw materials, transportation, construction, services, and energy necessary for the production and distribution of our products have increased significantly. Furthermore, hospitals and distributors may choose to postpone or reduce spending due to financial difficulties or difficulties in obtaining credit to finance purchases of our products due to increased interest rates and restraints on credit. Hospitals, in particular, are experiencing and may continue to experience financial and operational pressures as a result of staffing shortages, the supply chain environment, and increased inflation, which could impact their ability to access capital markets and other funding sources, increase the cost of funding, or impede their ability to comply with debt covenants, all of which could impede their ability to provide patient care, defer elective surgeries, and impact their profitability. To the extent that hospitals face financial pressures, reductions in government spending, or higher interest rates, hospitals’ ability or willingness to spend on capital equipment may be adversely impacted, all of which could have a material adverse effect on our business, financial condition, or results of operations. We are unable to predict the impact of efforts by central banks and federal, state, and local governments to combat elevated levels of inflation. If their efforts to create downward pressure on inflation are too aggressive, they may lead to a recession. Alternatively, if they are insufficient or are not sustained long enough to bring inflation to lower, more acceptable levels, hospitals’ ability or willingness to spend on capital equipment may be impacted for a prolonged period of time. If a recession occurs, economies weaken, or inflationary trends continue, our business and operating results could be materially adversely affected. In addition, in early 2023, the U.S. Government reached its existing statutory limit on the amount of permissible federal debt, and this limit must be raised in order for the U.S. Government to continue to pay its obligations on a timely basis. If the debt ceiling is not raised, it is unclear how the U.S. Government would prioritize its payments towards its various programs, which could have a significant impact on the overall economy as well as on medical procedures performed. Also, we have and may continue to experience supply chain constraints due to the current supply chain environment and logistic challenges, including difficulties obtaining a sufficient supply of component materials used in our products. If interest rates continue to rise, access to credit may become more difficult, which may result in the insolvency of key suppliers, including single-source suppliers, which would exacerbate supply chain challenges. Such supply chain constraints could cause us to fail to meet product demand, which could result in deferred or canceled procedures. 26 26 26 Table of Contents Table of Contents

We are highly dependent on the principal members of our management and scientific staff. For example, our product development plans depend, in part, on our ability to attract and retain software, mechanical, electrical, and robotics engineers. Attracting and retaining qualified personnel is critical to our success, and competition for qualified personnel is intense. We may not be able to attract and retain personnel on acceptable terms given the constrained labor market and competition for such personnel. Additionally, as a result of the volatility in our stock price, certain long-term incentive benefits, such as equity grants, may be viewed as having less value and, accordingly, could lead to higher attrition. Moreover, we may also encounter higher costs of labor through recruiting expenses, wage rates, retention benefits, or the potential existence of different employee/employer relationships, such as work councils and/or labor unions. Fluctuations in labor availability globally, including labor shortages and staff burnout and attrition, may also impact our ability to hire and retain personnel critical to our manufacturing, logistics, and commercial operations. The extent and duration of the impact of labor market challenges are subject to numerous factors, including the remaining impact of COVID-19, availability of qualified and highly skilled persons in the markets where we operate and unemployment levels within these markets, behavioral changes, such as fully engaging employees, including those working from home or in a hybrid fashion, prevailing wage rates, health and other insurance and benefit costs, inflation, adoption of new or revised employment and labor laws and regulations or government programs, safety levels of our operations, and our reputation within the labor market. The loss of any of our qualified personnel or our inability to attract and retain qualified personnel could harm our business and our ability to compete, and related expenses could adversely affect our results of operations and financial condition. Moreover, if we fail to attract, motivate, or retain personnel, or relax our standards in order to meet the demands of our growth, our corporate culture, our ability to achieve our strategic objectives, and our compliance with obligations under our internal controls and other requirements may be harmed. We believe that a critical contributor to our success has been our corporate culture, which we believe fosters innovation, teamwork, and a focus on execution, as well as facilitates critical knowledge transfer and knowledge sharing. We could also be subject to union or council efforts to organize our employees. These organizational efforts, if successful, decrease operational flexibility and could adversely affect our operating efficiency. In addition, our response to any organizational efforts could be perceived negatively and harm our business and reputation. 36 36 36 Table of Contents Table of Contents

We are highly dependent on the principal members of our management and scientific staff. For example, our product development plans depend, in part, on our ability to attract and retain software, mechanical, electrical, and robotics engineers. Attracting and retaining qualified personnel will be critical to our success, and competition for qualified personnel is intense. We may not be able to attract and retain personnel on acceptable terms given the constrained labor market and competition for such personnel among technology and healthcare companies. Additionally, as a result of recent declines in our stock price, certain long-term incentive benefits, such as recently issued stock options, may be viewed as having less value and, accordingly, could lead to higher attrition. Moreover, we may encounter higher recruiting expenses, wage rates, and retention benefits, which may result from higher inflationary environments. Fluctuations in labor availability globally, including labor shortages and staff burnout and attrition, may also impact our ability to hire and retain personnel critical to our manufacturing, logistics, and commercial operations. The extent and duration of the impact of labor market challenges are subject to numerous factors, including the continuing impact of the COVID-19 pandemic, availability of qualified and highly skilled persons in the markets where we operate and unemployment levels within these markets, behavioral changes, such as fully engaging employees and earning loyalty, prevailing wage rates, health and other insurance and benefit costs, inflation, adoption of new or revised employment and labor laws and regulations or government programs, safety levels of our operations, and our reputation within the labor market. The loss of any of our qualified personnel or our inability to attract and retain qualified personnel could harm our business and our ability to compete, and related expenses could adversely affect our results of operations and financial condition. Moreover, if we fail to attract, motivate, or retain personnel, or relax our standards in order to meet the demands of our growth, our corporate culture, our ability to achieve our strategic objectives, and our compliance with obligations under our internal controls and other requirements may be harmed. We believe that a critical contributor to our success has been our corporate culture, which we believe fosters innovation, teamwork, and a focus on execution, as well as facilitates critical knowledge transfer and knowledge sharing. Many of our employees have worked remotely during the COVID-19 pandemic, which makes it challenging to maintain or enhance our culture. While we are exploring ways to improve the employee experience, regardless of whether an employee is working from home, fully on-site, or in a hybrid fashion, the impact this will have on our corporate culture, innovation, collaboration, and ability to attract and retain talent is uncertain.

Manufacturing our products is a complex process. We (or our critical suppliers) may encounter difficulties in scaling up or maintaining production of our products, including: •problems involving production yields; •quality control and assurance; •component supply shortages; •import or export restrictions on components, materials, or technology; •shortages of qualified personnel; and •compliance with state, federal, and foreign regulations. If demand for our products exceeds our manufacturing capacity, we could develop a substantial backlog of customer orders. If we are unable to develop or maintain larger-scale manufacturing capabilities or build new manufacturing capabilities or facilities on schedule or within budget, our ability to generate revenue and maintain profit margins as expected will be limited and our reputation in the marketplace could be damaged, all of which may have a material adverse impact on our business, financial condition, or results of operations. In addition, as we build new facilities for manufacturing capacity, the development of these facilities is subject to risks relating to our ability to complete our projects on schedule or within budget. Refer to our risk factor titled “We are subject to risks associated with real estate construction and development” for additional risks related to building our new manufacturing facilities. Also, after new manufacturing facilities are completed, we may encounter difficulties transferring our production lines from our existing facilities to the new facilities, which require qualification, validation, and regulatory approval and is subject to all of the risks highlighted above. Moreover, certain new manufacturing facilities are in foreign countries and in locations where we have not previously had manufacturing sites, both of which could increase the risks related to transferring our production lines. The facility transfers may require an increase in safety stock inventory to support the production line transfers, create a substantial backlog of customer orders, or increase costs while the production lines mature, all of which may have a material adverse impact on our business, financial condition, or results of operations.

Manufacturing our products is a complex process. We (or our critical suppliers) may encounter difficulties in scaling up or maintaining production of our products, including: •problems involving production yields; •quality control and assurance; •component supply shortages; •import or export restrictions on components, materials, or technology; •shortages of qualified personnel; and •compliance with state, federal, and foreign regulations. If demand for our products exceeds our manufacturing capacity, we could develop a substantial backlog of customer orders. If we are unable to develop or maintain larger-scale manufacturing capabilities or build new manufacturing capabilities or facilities on schedule or within budget, our ability to generate revenue and maintain profit margins as expected will be limited and our reputation in the marketplace could be damaged, all of which may have a material adverse impact on our business, financial condition, or results of operations.

A significant portion of our revenue is generated through our sales of instruments and accessories. Third parties have offered and may continue to offer customers counterfeit instruments and accessories and/or instruments and accessories that have been remanufactured and/or are unauthorized, including instruments that have been remanufactured to support the use of some of our limited-use instruments beyond their labeled useful life. As of the filing date, we are unaware that the FDA or any other regulatory agency has granted 510(k) or equivalent market authorization for the remanufacturing of any instruments for use with a da Vinci X or da Vinci Xi surgical system, but we understand that the FDA has granted 510(k) clearance to one company for a remanufactured EndoWrist instrument used with our da Vinci Si surgical system. While we generally do not approve the use by our customers of unauthorized and unapproved instruments and accessories that lack FDA clearance or other applicable regulatory approval or certification with our systems, such activities could potentially result in reduced revenue, increased patient safety risks, and negative publicity for us if these products cause injuries and/or do not function as intended when used with our systems, any of which could have a material adverse effect on our business, financial condition, or results of operations. In addition, we may be subject to laws that regulate or attempt to regulate the manner in which third-party instruments and accessories or third-party service providers interact with our systems, and such laws could also negatively impact our business, financial condition, or results of operations.

A significant portion of our revenue is generated through our sales of instruments and accessories. Third parties have offered and may continue to offer customers counterfeit instruments and accessories and/or instruments and accessories that have been remanufactured and/or are unauthorized, including instruments that have been remanufactured to support the use of some of our limited-use instruments beyond their labeled useful life. As of the filing date, we are unaware that the FDA or any other regulatory agency has granted 510(k) or equivalent clearance for the remanufacturing of any instruments for use with a da Vinci X or da Vinci Xi Surgical System, but we understand that the FDA has granted 510(k) clearance to one company for the remanufacturing of an EndoWrist instrument used with our da Vinci S and da Vinci Si Surgical Systems. While our sales arrangements with customers generally prohibit the use of unauthorized and unapproved instruments and accessories that lack FDA clearance or other applicable regulatory approval or certification with our systems, such activities could potentially result in reduced revenue, increased patient safety risks, and negative publicity for us if these products cause injuries and/or do not function as intended when used with our systems, any of which could have a material adverse effect on our business, financial condition, or results of operations.