KLA Corporation: 10-K Risk Factor Changes

In the conduct of our business, we collect, use, transmit and store data on information systems and networks, including systems and networks owned and maintained by KLA and/or by third-party providers. This data includes confidential information, transactional information and IP belonging to us, our customers and our business partners, as well as personally identifiable information of individuals. We also integrate and use third-party services and products, including software, in our systems, networks and operations. Despite network security and other measures, our, our customers’, suppliers’ and other third-party providers’ information systems and networks are susceptible to computer viruses, ransomware, cyber-related security breaches and similar disruptions from unauthorized intrusions, tampering, misuse or criminal acts made directly against our systems or networks, or through our third-party providers or the supply chain, including phishing, or other events or developments that we may be unable to anticipate or fail to mitigate, including, but not limited to, financial fraud, including check fraud, vulnerabilities or misconfigurations in information systems, networks, software or hardware. In addition, insider actors, malicious or otherwise, could misappropriate our, our customers’ or business partners’ data, tamper with our products or 19 19 19 Table of Contents Table of Contents otherwise cause disruptions to our business operations. We have experienced cyber-related attacks in the past, and expect to experience cyber-related attacks and incidents in the future. Our security measures may also be breached due to employee errors, malfeasance, or otherwise. Third parties may also attempt to influence employees, users, suppliers or customers to disclose sensitive information in order to gain access to our, our customers’ or business partners’ data. Because the techniques used to obtain unauthorized access to the information systems change frequently and increasingly leverage on technologies such as artificial intelligence (“AI”), may not be recognized until launched against a target and are increasingly designed to circumvent controls, avoid detection and remove or obfuscate forensic artifacts, we may be unable to anticipate these techniques, implement adequate preventative measures, or adequately identify, investigate and recover from cybersecurity incidents. AI may be used to generate cyberattacks as AI capabilities improve and are increasingly adopted. These attacks crafted with AI tools could directly attack information systems with greater speed and/or efficiency than a human threat actor or create more effective phishing emails. In addition, the threat could be introduced from the result of our customers and business partners incorporating the output of an AI tool that includes a threat, such as introducing malicious code by incorporating AI generated source code. Any cybersecurity incident or occurrence could impact our business directly, or indirectly by impacting third parties in the supply chain, in many potential ways: disruptions to operations; misappropriation, corruption or theft of confidential information, including IP and other critical data, of KLA, our customers or other business partners; misappropriation of funds and Company assets; reduced value of our investments in research, development and engineering; litigation with, or payment of damages to, third parties; reputational damage; costs to comply with regulatory inquiries or actions; data privacy issues; costs to rebuild our information systems and networks; and increased cybersecurity protection and remediation costs. Cybersecurity incidents affecting our customers could result in substantial delays in our ability to ship to those customers or install our products, which could result in delays in revenue recognition or the cancellation of orders, and cybersecurity incidents affecting our suppliers could result in substantial delays in our ability to obtain necessary components for our products from those suppliers, which could hamper our ability to ship our products to our customers, harming our results of operations. For example, in February 2023, one of our suppliers experienced a ransomware event that caused delays in its manufacturing operations, resulting in its shipment delays to us for components we ordered, which in turn caused delays in some of our outbound shipments during the quarter. Such events could cause disruptions in the future. We carry insurance that provides limited protection against the potential losses arising from a cybersecurity incident, but it will not likely cover all such losses, and the losses it does not cover may be significant.

In the conduct of our business, we collect, use, transmit and store data on information systems and networks, including systems and networks owned and maintained by KLA and/or by third-party providers. This data includes confidential information, transactional information and intellectual property belonging to us, our customers and our business partners, as well as personally identifiable information of individuals. Despite network security and other measures, our, our customers’, suppliers’ and other third-party providers’ information systems and networks are susceptible to computer viruses, ransomware, cyber-related security breaches and similar disruptions from unauthorized intrusions, tampering, misuse, or criminal acts made directly against, or through our third-party providers in the supply chain, and against, our systems and networks, including phishing, or other events or developments that we may be unable to anticipate or fail to mitigate, including but not limited to vulnerabilities or misconfigurations in information systems, networks, software or hardware. We have experienced cyber-related attacks in the past, and are likely to experience cyber-related attacks in the future. Our security measures may also be breached due to employee errors, malfeasance, or otherwise. Third parties may also attempt to influence employees, users, suppliers or customers to disclose sensitive information in order to gain access to our, our customers’ or business partners’ data. Because the techniques used to obtain unauthorized access to the information systems change frequently, may not be recognized until launched against a target and are increasingly designed to circumvent controls, avoid detection and remove or obfuscate forensic artifacts, we may be unable to anticipate these techniques, implement adequate preventative measures, or adequately identify, investigate and recover from cybersecurity incidents. Any cybersecurity incident or occurrence could impact our business directly, or indirectly by impacting third parties in the supply chain, in many potential ways: disruptions to operations; misappropriation, corruption or theft of confidential information, including intellectual property and other critical data, of KLA, our customers or other business partners; misappropriation of funds and Company assets; reduced value of our investments in research, development and engineering; litigation with, or payment of damages to, third parties; reputational damage; costs to comply with regulatory inquiries or actions; data privacy issues; costs to rebuild our information systems and networks; and increased cybersecurity protection and remediation costs. Cybersecurity incidents affecting our customers could result in substantial delays in our ability to ship to those customers or install our products, which could result in delays in revenue recognition or the cancellation of orders, and cybersecurity incidents affecting our suppliers could result in substantial delays in our ability to obtain necessary components for our products from those suppliers, which could hamper our ability to ship our products to our customers, harming our results of operations. We carry insurance that provides limited protection against the potential losses arising from a cybersecurity incident but it will not likely cover all such losses, and the losses it does not cover may be significant.

We enter into factoring arrangements with financial institutions to sell certain of our trade receivables and promissory notes from customers without recourse. In addition, we maintain cash and cash equivalents with several domestic and foreign financial institutions, in excess of the Federal Deposit Insurance Corporation insurance limit. If we were to stop entering into these factoring arrangements, our operating results, financial condition and cash flows could be adversely impacted by delays or failures in collecting trade receivables. However, by engaging these financial institutions for factoring arrangements and for banking services, we are exposed to additional risks that any of such financial institutions may prove to be not financially viable. If any of these financial institutions experiences financial difficulties or is otherwise unable to honor the terms of our factoring or deposit arrangements, we may experience material financial losses due to the failure of such arrangements or a lack of access to our funds, any of which could have an adverse impact upon our operating results, financial condition and cash flows.

We enter into factoring arrangements with financial institutions to sell certain of our trade receivables and promissory notes from customers without recourse. In addition, we maintain bank accounts with several domestic and foreign financial institutions, any of which may prove not to be financially viable. If we were to stop entering into these factoring arrangements, our operating results, financial condition and cash flows could be adversely impacted by delays or failures in collecting trade receivables. However, by entering into these arrangements, and by engaging these financial institutions for banking services, we are exposed to additional risks. If any of these financial institutions experiences financial difficulties or is otherwise unable to honor the terms of our factoring or deposit arrangements, we may experience material financial losses due to the failure of such arrangements or a lack of access to our funds, any of which could have an adverse impact upon our operating results, financial condition and cash flows.

As is typical in the industries in which we serve, from time to time we have received communications from other parties asserting the existence of patent rights, copyrights, trademark rights or other IP rights which they believe cover certain of our products, processes, technologies or information. In addition, we occasionally receive notification from customers who believe that we owe them indemnification or other obligations related to IP claims made against such customers by third parties. With respect to IP infringement disputes, our customary practice is to evaluate such infringement assertions and to consider whether to seek licenses where appropriate. However, there can be no assurance that licenses will be granted or, if granted, will be on acceptable terms or that costly litigation or other administrative proceedings will not occur. The inability to obtain necessary licenses or other rights on reasonable terms could seriously harm our results of operations and financial condition. Furthermore, we may potentially be subject to claims by customers, suppliers or other business partners, or by governmental law enforcement agencies, related to our receipt, distribution and/or use of third-party IP or confidential information. Legal proceedings and claims, regardless of their merit, and associated internal investigations with respect to IP or confidential information disputes are often expensive to prosecute, defend or conduct; may divert management’s attention and other Company resources; and/or may result in restrictions on our ability to sell our products, settlements on significantly adverse terms or adverse judgments for damages, injunctive relief, penalties and fines, any of which could have a significant negative effect on our business, results of operations and financial condition. There can be no assurance regarding the outcome of future legal proceedings, claims or investigations. The instigation of legal proceedings or claims, our inability to favorably resolve or settle such proceedings or claims, or the determination of any adverse findings against us or any of our employees in connection with such proceedings or claims could materially and adversely affect our business, financial condition and results of operations, as well as our business reputation.

As is typical in the industries in which we serve, from time to time we have received communications from other parties asserting the existence of patent rights, copyrights, trademark rights or other intellectual property rights which they believe cover certain of our products, processes, technologies or information. In addition, we occasionally receive notification from customers who believe that we owe them indemnification or other obligations related to intellectual property claims made against such customers by third parties. With respect to intellectual property infringement disputes, our customary practice is to evaluate such infringement assertions and to consider whether to seek licenses where appropriate. However, there can be no assurance that licenses can be obtained or, if obtained, will be on acceptable terms or that costly litigation or other administrative proceedings will not occur. The inability to obtain necessary licenses or other rights on reasonable terms could seriously harm our results of operations and financial condition. Furthermore, we may potentially be subject to claims by customers, suppliers or other business partners, or by governmental law enforcement agencies, related to our receipt, distribution and/or use of third-party intellectual property or confidential information. Legal proceedings and claims, regardless of their merit, and associated internal investigations with respect to intellectual property or confidential information disputes are often expensive to prosecute, defend or conduct; may divert management’s attention and other Company resources; and/or may result in restrictions on our ability to sell our products, settlements on significantly adverse terms or adverse judgments for damages, injunctive relief, penalties and fines, any of which could have a significant negative effect on our business, results of operations and financial condition. There can be no assurance regarding the outcome of future legal proceedings, claims or investigations. The instigation of legal proceedings or claims, our inability to favorably resolve or settle such proceedings or claims, or the determination of any adverse findings against us or any of our employees in connection with such proceedings or claims could materially and adversely affect our business, financial condition and results of operations, as well as our business reputation. 17 17 17 Table of Contents Table of Contents

•We may not be able to keep pace with trends and technological changes in the industries in which we operate; •We have a highly concentrated customer base; and •Prevailing local and global economic conditions may negatively affect the purchasing decisions of our customers. 14 14 14 Table of Contents Table of Contents

The threat of terrorism targeted at, or acts of war in, the regions of the world in which we do business increases the uncertainty in our markets. Any act of terrorism or war that affects the economy or the industries we serve could adversely affect our business. Increased international political instability or geopolitical tensions in various parts of the world, disruption in air transportation and further enhanced security measures as a result of terrorist attacks may hinder our ability to do business and may increase our costs of operations. We maintain significant operations in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its Arab neighbors, and a state of hostility varying in degree and intensity has led to security and economic challenges for Israel. In addition, some of our employees in Israel are obligated to perform annual reserve duty in the Israel Defense Forces, and may be called to active military duty in emergency circumstances. We cannot assess the impact that emergency conditions in Israel in the future may have on our business, operations, financial condition or results of operations, but it could be material. Instability in any region could directly impact our ability to operate our business (or our customers’ ability to operate their businesses), cause us to incur increased costs in transportation, make such transportation unreliable, increase our insurance costs, and cause international currency markets to fluctuate. Instability in the region could also have the same effects on our suppliers and their ability to timely deliver their products. If international political instability and geopolitical tensions continue or increase in any region in which we do business, our business and results of operations could be harmed.

The threat of terrorism targeted at, or acts of war in, the regions of the world in which we do business increases the uncertainty in our markets. Any act of terrorism or war that affects the economy or the industries we serve could adversely affect our business. Increased international political instability in various parts of the world, disruption in air transportation and further enhanced security measures as a result of terrorist attacks may hinder our ability to do business and may increase our costs of operations. We maintain significant operations in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its Arab neighbors, and a state of hostility varying in degree and intensity has led to security and economic challenges for Israel. In addition, some of our employees in Israel are obligated to perform annual reserve duty in the Israel Defense Forces, and may be called to active military duty in emergency circumstances. We cannot assess the impact that emergency conditions in Israel in the future may have on our business, operations, financial condition or results of operations, but it could be material. Instability in any region could directly impact our ability to operate our business (or our customers’ ability to operate their businesses), cause us to incur increased costs in transportation, make such transportation unreliable, increase our insurance costs, and cause international currency markets to fluctuate. Instability in the region could also have the same effects on our suppliers and their ability to timely deliver their products. If international political instability continues or increases in any region in which we do business, our business and results of operations could be harmed. We are predominantly uninsured for losses and interruptions caused by terrorist acts and acts of war.

We have significant manufacturing operations in the U.S., Singapore, Israel, Germany, United Kingdom, Italy and China. In addition, our business is international in nature, with our sales, service and administrative personnel and our customers and suppliers located in numerous countries throughout the world. Operations at our manufacturing facilities and our assembly subcontractors and those of our suppliers, as well as our other operations and those of our customers, are subject to disruption for a variety of reasons, including work stoppages, acts of war such as Russia’s invasion of Ukraine, terrorism, public health crises such as the COVID-19 pandemic, fire, earthquake, volcanic eruptions, drought, storms, sea-level rise, extreme temperatures, energy shortages, spikes in energy demand or power blackouts, disruptions in the availability of water necessary for our operations (including, but not limited to, in areas of relatively high water stress), flooding or other natural disasters; and certain of these events may become more frequent or intense as a result of climate change. Such disruption has caused (as with the COVID-19 pandemic, for example) and could in the future cause inefficiencies in our workforce and delays in, among other things, shipments of products to our customers, our ability to perform services requested by our customers, the ability of our suppliers to supply us components for our products in a timely manner, or the timely installation and acceptance of our products at customer sites. Such disruptions could also induce illiquidity for our customers and suppliers, further straining our supply chain and causing continued uncertainty in customers’ abilities to pay for the products they purchase and their demand for our products and services. In case of any disruptions in our supply chain, we may need to commit to increased purchases and provide longer lead times to secure critical components, which could increase inventory obsolescence risk. We cannot provide any assurance that alternate means of conducting our operations (whether through alternate production capacity or service providers or otherwise) would be available if a major disruption were to occur or that, if such alternate means were available, they could be obtained on favorable terms. 21 21 21 Table of Contents Table of Contents We maintain a program of insurance coverage for a variety of property, casualty and other risks. The types and amounts of insurance we obtain vary depending on availability, cost and decisions with respect to risk retention. Some of our policies have broad exclusions. In addition, one or more of our insurance providers may be unable or unwilling to continue to provide certain coverage in the future or pay a claim. Losses not covered by insurance may be large, which could harm our results of operations and financial condition. In addition, as part of our cost-cutting actions, we have consolidated several operating facilities. Our California operations are now primarily centralized in our Milpitas facility. The consolidation of our California operations into a single campus could further concentrate the risks related to any of the disruptive events described above, such as acts of war or terrorism, earthquakes, fires or other natural disasters, if any such event were to impact our Milpitas facility.

We have significant manufacturing operations in the U.S., Singapore, Israel, Germany, United Kingdom, Italy and China. In addition, our business is international in nature, with our sales, service and administrative personnel and our customers and suppliers located in numerous countries throughout the world. Operations at our manufacturing facilities and our assembly subcontractors and those of our suppliers, as well as our other operations and those of our customers, are subject to disruption for a variety of reasons, including work stoppages, acts of war such as Russia’s invasion of Ukraine, terrorism, health epidemics and pandemics, fire, earthquake, volcanic eruptions, energy shortages or power blackouts, flooding or other natural disasters; and certain of these events may become more frequent or intense as a result of climate change. Such disruption could cause delays in, among other things, shipments of products to our customers, our ability to perform services requested by our customers, the ability of our suppliers to supply us components for our products in a timely manner, or the timely installation and acceptance of our products at customer sites. We cannot provide any assurance that alternate means of conducting our operations (whether through alternate production capacity or service providers or otherwise) would be available if a major disruption were to occur or that, if such alternate means were available, they could be obtained on favorable terms. 21 21 21 Table of Contents Table of Contents In addition, as part of our cost-cutting actions, we have consolidated several operating facilities. Our California operations are now primarily centralized in our Milpitas facility. The consolidation of our California operations into a single campus could further concentrate the risks related to any of the disruptive events described above, such as acts of war or terrorism, earthquakes, fires or other natural disasters, if any such event were to impact our Milpitas facility.

Managing global operations and sites located throughout the world presents a number of challenges, including, but not limited to: •Global trade issues and changes in and uncertainties with respect to trade policies, including the ability to obtain required import and export licenses, trade sanctions, tariffs and international trade disputes; •Political and social attitudes, laws, rules, regulations and policies within countries that favor domestic companies over non-domestic companies, including customer- or government-supported efforts to promote the development and growth of local competitors; •Ineffective or inadequate legal protection of IP rights in certain countries; •Managing cultural diversity and organizational alignment; •Exposure to the unique characteristics of each region in the global market, which can cause capital equipment investment patterns to vary significantly from period to period; •Periodic local or international economic downturns; •Potential adverse tax consequences, including withholding tax rules that may limit the repatriation of our earnings, and higher effective income tax rates in foreign countries where we do business; •Compliance with customs regulations in the countries in which we do business; •Existing and potentially new tariffs or other trade restrictions and barriers (including those applied to our products, spare parts and services, or to parts and supplies that we purchase); 15 15 15 Table of Contents Table of Contents •Political instability, geopolitical tensions, natural disasters, legal or regulatory changes, acts of war such as Russia’s invasion of Ukraine or terrorism in regions where we, our customers or our suppliers have operations or where we or they do business; •Rising inflation and fluctuations in interest and currency exchange rates may adversely impact our ability to compete on price with local providers or the value of revenues we generate from our international business. Although we attempt to manage some of our near-term currency risks through the use of hedging instruments, there can be no assurance that such efforts will be adequate; •Our ability to receive prepayments for certain of our products and services sold in certain jurisdictions. These prepayments increase our cash flows for the quarter in which they are received. If our practice of requiring prepayments in those jurisdictions changes or deteriorates, our cash flows would be harmed; •Required refunds for customer prepayments resulting from our inability to ship to certain jurisdictions, especially for customers in China, as described in more detail below. If we are required to make such refunds, our cash flows could be negatively affected; •Longer payment cycles and difficulties in collecting accounts receivable outside of the U.S.; •Difficulties in managing foreign distributors (including monitoring and ensuring our distributors’ compliance with applicable laws); and •Inadequate protection or enforcement of our IP and other legal rights in foreign jurisdictions. Any of the factors above could have a significant negative impact on our business and results of operations.

A majority of our annual revenues are derived from outside the U.S., and we maintain significant operations outside the U.S. We expect that these conditions will continue in the foreseeable future. Managing global operations and sites located throughout the world presents a number of challenges, including but not limited to: •Global trade issues and changes in and uncertainties with respect to trade policies, including the ability to obtain required import and export licenses, trade sanctions, tariffs and international trade disputes; •Political and social attitudes, laws, rules, regulations and policies within countries that favor domestic companies over non-domestic companies, including customer- or government-supported efforts to promote the development and growth of local competitors; •Ineffective or inadequate legal protection of intellectual property rights in certain countries; •Managing cultural diversity and organizational alignment; •Exposure to the unique characteristics of each region in the global market, which can cause capital equipment investment patterns to vary significantly from period to period; •Periodic local or international economic downturns; •Potential adverse tax consequences, including withholding tax rules that may limit the repatriation of our earnings, and higher effective income tax rates in foreign countries where we do business; •Compliance with customs regulations in the countries in which we do business; •Existing and potentially new tariffs or other trade restrictions and barriers (including those applied to our products, spare parts and services, or to parts and supplies that we purchase); •Political instability, natural disasters, legal or regulatory changes, acts of war such as Russia’s invasion of Ukraine or terrorism in regions where we, our customers or our suppliers have operations or where we or they do business; •Rising inflation and fluctuations in interest and currency exchange rates may adversely impact our ability to compete on price with local providers or the value of revenues we generate from our international business. Although we attempt to manage some of our near-term currency risks through the use of hedging instruments, there can be no assurance that such efforts will be adequate; •Our ability to receive prepayments for certain of our products and services sold in certain jurisdictions. These prepayments increase our cash flows for the quarter in which they are received. If our practice of requiring prepayments in those jurisdictions changes or deteriorates, our cash flows would be harmed; •Longer payment cycles and difficulties in collecting accounts receivable outside of the U.S.; •Difficulties in managing foreign distributors (including monitoring and ensuring our distributors’ compliance with applicable laws); and •Inadequate protection or enforcement of our intellectual property and other legal rights in foreign jurisdictions. In addition, government controls, either by the U.S. or other countries, that restrict our business overseas or restrict our ability to import or export our products and services or increase the cost of our operations through the imposition of broad sanctions, trade restrictions, tariffs, new controls, outright bans, or otherwise, could harm our business. For example, Commerce has added numerous China-based entities to the U.S. Entity List, including Fujian Jinhua Integrated Circuit Company, Ltd., Huawei and Semiconductor Manufacturing International Corporation, restricting our ability to provide products and services to 16 16 16 Table of Contents Table of Contents such entities without an export license. Even if we apply for licenses to sell our products or provide services to companies on Commerce’s U.S. Entity List, there can be no assurance that licenses will be granted. In addition, Commerce has imposed export licensing requirements on China-based customers engaged in military end uses or where Commerce has determined there is a risk of diversion to a military end use, as well as requiring our customers to obtain an export license when they use certain semiconductor capital equipment based on U.S. technology to manufacture products connected to Huawei or its affiliates. To date, these rules have not significantly impacted our operations, but we are continually monitoring their impact. If additional companies are added to Commerce’s U.S. Entity List, or other licensing requirements or restrictions are imposed, thereby limiting our ability to sell our products or services to other customers in China, our business could be significantly harmed. Similar actions by the U.S. government or another country could impact our ability to provide our products and services to existing and potential customers. Any of the factors above could have a significant negative impact on our business and results of operations.