LDOS: 10-K Risk Factor Changes

Our services are subject to numerous environmental, health, and safety laws and regulations. Some of our services and operations involve using, handling, or disposing of hazardous substances, including explosive, chemical, biological, or radioactive materials. These activities and our operations generally subject us to complex and stringent foreign, federal, state, and local environmental, health, and safety laws and regulations, which have tended to become more stringent over time. Among other things, these laws and regulations require us to incur costs to comply and could impose liability on us for handling or disposing of hazardous substances. For example, we provide infrastructure and site services necessary to accomplish critical waste management and the continued environmental cleanup of the Hanford Site in southeastern Washington. In addition, some of our work sites put our employees and others in close proximity with mechanized 32Leidos Holdings, Inc. Annual Report 32Leidos Holdings, Inc. Annual Report 32Leidos Holdings, Inc. Annual Report 32 Leidos Holdings, Inc. Annual Report 32Leidos Holdings, Inc. Annual Report 32Leidos Holdings, Inc. Annual Report 32 Leidos Holdings, Inc. Annual Report 32Leidos Holdings, Inc. Annual Report 32 Leidos Holdings, Inc. Annual Report 32 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I equipment, moving vehicles, chemical and manufacturing processes, and highly regulated materials. On some work sites, we may be responsible for safety and have an obligation to implement effective safety procedures. If we fail to implement these procedures, or if the procedures we implement are ineffective, we may suffer the loss of or injury to our employees, as well as expose ourselves to possible litigation. Failure to comply with these environmental, health and safety laws and regulations could result in civil, criminal, regulatory, administrative, or contractual sanctions, including fines, penalties, suspension or debarment from contracting with the U.S. government, or reputational harm. In addition, our failure to maintain adequate safety standards and equipment could result in reduced profitability and loss of work or customers. Our current and previous ownership, leasing and operation of real property, and disposal of hazardous substances also subject us to environmental laws and regulations, some of which hold current or previous owners or operators of businesses and real property jointly and severally liable for hazardous substance releases, even if they did not know of and were not responsible for the releases. Past business practices at companies that we have acquired may also expose us to future unknown environmental liabilities. Liabilities related to environmental contamination, human exposure to hazardous substances, or violations of these laws or regulations, could result in substantial costs to us, including cleanup costs, fines, civil or criminal sanctions, and third-party claims for property loss or damage or personal injury. Our continuing work in the areas governed by these laws and regulations exposes us to the risk of substantial liability and may adversely affect our financial condition and operating results.

Our services are subject to numerous environmental, health, and safety laws and regulations. Some of our services and operations involve using, handling, or disposing of hazardous substances. These activities and our operations generally subject us to complex and stringent foreign, federal, state, and local environmental, health, and safety laws and regulations, which have tended to become more stringent over time. Among other things, these laws and regulations require us to incur costs to comply and could impose liability on us for handling or disposing of hazardous substances. For example, we provide infrastructure and site services necessary to accomplish critical waste management and the continued environmental cleanup of the Hanford Site in southeastern Washington. In addition, some of our work sites put our employees and others in close proximity with mechanized equipment, moving vehicles, chemical and manufacturing processes, and highly regulated materials. On some work sites, we may be responsible for safety and have an obligation to implement effective safety procedures. If we fail to implement these procedures, or if the procedures we implement are ineffective, we may suffer the loss of or injury to our employees, as well as expose ourselves to possible litigation. Failure to comply with these environmental, health and safety laws and regulations could result in civil, criminal, regulatory, administrative, or contractual sanctions, including fines, penalties, or suspension or debarment from contracting with the U.S. government. In addition, our failure to maintain adequate safety standards and equipment could result in reduced profitability and loss of work or customers. Our current and previous ownership and operation of real property also subject us to environmental laws and regulations, some of which hold current or previous owners or operators of businesses and real property jointly and severally liable for hazardous substance releases, even if they did not know of and were not responsible for the releases. Past business practices at companies that we have acquired may also expose us to future unknown environmental liabilities. Liabilities related to environmental contamination or human exposure to hazardous substances, or violations of these laws or regulations, could result in substantial costs to us, including cleanup costs, fines, civil or criminal sanctions, and third-party claims for property damage or personal injury. Our continuing work in the areas governed by these laws and regulations exposes us to the risk of substantial liability and may adversely affect our financial condition and operating results.

We are subject to income taxes in the U.S. and numerous foreign jurisdictions. Changes in U.S. (federal or state) or foreign tax laws and regulations, or their interpretation and application, including those with retroactive effect, could result in increases in our tax expense and adversely affect our financial results. See “Liquidity and Capital Resources” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” contained within this Annual Report on Form 10-K for additional information on the impact of this change. Significant judgment is required in determining our worldwide provision for income taxes. In the ordinary course of our business, there are many transactions and calculations where the ultimate tax determination is uncertain. We are regularly under audit by tax authorities. Although we believe that our tax estimates and tax positions are reasonable, they could be materially affected by many factors, including the final outcome of tax audits and related litigation, the introduction of new tax accounting standards, legislation, regulations, and related interpretations, our global mix of earnings, the realizability of deferred tax assets and changes in uncertain tax positions. An increase or decrease in our effective tax rate, or an ultimate determination that we owe more taxes than the amounts previously accrued, could have a material adverse impact on our financial condition and results of operations.

We are subject to income taxes in the U.S. and numerous foreign jurisdictions. Changes in U.S. (federal or state) or foreign tax laws and regulations, or their interpretation and application, including those with retroactive effect, could result in increases in our tax expense and adversely affect our financial results. For example, beginning in 2022, the Tax Cuts and Jobs Act of 2017 eliminated the option to deduct research and development expenditures immediately in the year incurred and requires taxpayers to amortize such expenditures over five years, which likely will materially decrease our cash from operations unless Congress defers, modifies or repeals this provision with retroactive effect. See “Liquidity and Capital Resources” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” contained within this Annual Report on Form 10-K for additional information on the impact of this change. Leidos Holdings, Inc. Annual Report - 41 Leidos Holdings, Inc. Annual Report - 41 Leidos Holdings, Inc. Annual Report - 41 Table of ContentsPART I Table of Contents PART I Significant judgment is required in determining our worldwide provision for income taxes. In the ordinary course of our business, there are many transactions and calculations where the ultimate tax determination is uncertain. We are regularly under audit by tax authorities. Although we believe that our tax estimates and tax positions are reasonable, they could be materially affected by many factors, including the final outcome of tax audits and related litigation, the introduction of new tax accounting standards, legislation, regulations, and related interpretations, our global mix of earnings, the realizability of deferred tax assets and changes in uncertain tax positions. An increase or decrease in our effective tax rate, or an ultimate determination that we owe more taxes than the amounts previously accrued, could have a material adverse impact on our financial condition and results of operations.

Revenues under contracts with the DoD and U.S. Intelligence Community, either as a prime contractor or subcontractor to other contractors, represented approximately 48% of our total revenues for fiscal 2024, 49% of our total revenues for fiscal 2023 and 44% of our total revenues for fiscal 2022. U.S. government and DoD spending levels are difficult to predict and subject to significant risk. Laws and plans adopted by the U.S. government relating to, along with pressures on and uncertainty surrounding the U.S. federal budget, potential changes in budgetary priorities and defense spending levels, the appropriations process and the permissible federal debt limit, could adversely affect the funding for individual programs and delay purchasing or payment decisions by our customers. Considerable uncertainty exists regarding how future budget and program decisions will unfold, including the defense spending priorities of the U.S. Presidential Administration and Congress and what challenges potential budget reductions will present for us and our industry generally. Current U.S. government spending levels for defense-related or other programs may not be sustained. Future spending and program authorizations may not increase or may decrease or shift to programs in areas where we do not provide services or are less likely to be awarded contracts. Such changes in spending authorizations and budgetary priorities may occur as a result of uncertainty surrounding the federal budget and the federal government’s ability to meet its debt obligations, changes in the priorities of the U.S. Presidential Administration as a result of the recent election cycle, increasing political pressure and legislation, shifts in spending priorities from defense-related or other programs as a result of competing demands for federal funds, the number and intensity of military conflicts or other factors. For example, the conflicts between Russia and Ukraine and in the Middle East have resulted in increased security assistance to each of Ukraine and Israel to help preserve their territorial integrity, secure their borders, and with respect to the Russia/Ukraine conflict, improve interoperability with NATO. Changes in the priorities of the U.S. Presidential Administration in respect thereto could have an adverse impact on our results. In addition, if government funding relating to our contracts with the U.S. government or DoD becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contracts or subcontracts under such programs may be terminated or adjusted by the U.S. government or the prime contractor. Our operating results could also be adversely affected by spending caps or changes in the U.S. government or the DoD’s budgetary priorities, as well as delays in program starts or the award of contracts or task orders under contracts.

Revenues under contracts with the DoD and U.S. Intelligence Community, either as a prime contractor or subcontractor to other contractors, represented approximately 49% of our total revenues for fiscal 2023, and 44% of our total revenues for both fiscal 2022 and 2021. U.S. government and DoD spending levels are difficult to predict and subject to significant risk. Laws and plans adopted by the U.S. government relating to, along with pressures on and uncertainty surrounding the U.S. federal budget, potential changes in budgetary priorities and defense spending levels, the appropriations process and the permissible federal debt limit, could adversely affect the funding for individual programs and delay purchasing or payment decisions by our customers. Considerable uncertainty exists regarding how future budget and program decisions will unfold, including the defense spending priorities of the U.S. Presidential Administration and Congress and what challenges potential budget reductions will present for us and our industry generally. Current U.S. government spending levels for defense-related or other programs may not be sustained. Future spending and program authorizations may not increase or may decrease or shift to programs in areas where we do not provide services or are less likely to be awarded contracts. Such changes in spending authorizations and budgetary priorities may occur as a result of uncertainty surrounding the federal budget and the federal government’s ability to meet its debt obligations, changes in the priorities of the U.S. Presidential Administration as a result of the upcoming election cycle, increasing political pressure and legislation, shifts in spending priorities from defense-related or other programs as a result of competing demands for federal funds, the number and intensity of military conflicts or other factors. For example, the conflicts between Russia and Ukraine and Israel and Hamas have resulted in increased security assistance to each of Ukraine and Israel to help preserve their territorial integrity, secure their borders, and with respect to the Russia/Ukraine conflict, improve interoperability with NATO. Changes in defense budgetary priorities as a result of such conflict could have an adverse impact on our results. In addition, if government funding relating to our contracts with the U.S. government or DoD becomes unavailable, or is reduced or delayed, or planned orders are reduced, our contract or subcontract under such programs may be terminated or adjusted by the U.S. government or the prime contractor. Our operating results could also be adversely affected by spending caps or changes in the U.S. government or the DoD's budgetary priorities, as well as delays in program starts or the award of contracts or task orders under contracts. Leidos Holdings, Inc. Annual Report - 19 Leidos Holdings, Inc. Annual Report - 19 Leidos Holdings, Inc. Annual Report - 19 Table of ContentsPART I Table of Contents PART I The U.S. government also conducts periodic reviews of U.S. defense strategies and priorities, which may shift DoD or other budgetary priorities, reduce overall U.S. government spending, or delay contract or task order awards for defense-related or other programs from which we would otherwise expect to derive a significant portion of our future revenues. In addition, changes to the federal or DoD acquisition system and contracting models could affect whether and how we pursue certain opportunities and the terms under which we are able to do so. A significant decline in overall U.S. government spending, including in the areas of national security, intelligence, and homeland security, a significant shift in its spending priorities, the substantial reduction or elimination of particular defense-related programs or significant delays in contract or task order awards for large programs could adversely affect our future revenues and results of operations and limit our growth prospects. In addition, our ability to grow in advanced technology areas, such as hypersonics programs, space exploration, and classified programs, will also be affected by the overall budget environment, whether development programs transition to production and the timing of such transition, all of which are dependent on U.S. Government authorization and funding.

We are subject to various laws and regulations in the U.S. and globally relating to data privacy and security. These laws and regulations are complex, constantly evolving, and may be subject to significant change in the future. In addition, the application, interpretation and enforcement of these laws and regulations are often uncertain, particularly in new and rapidly evolving areas of technology, and may differ in material respects among jurisdictions, interpreted and applied inconsistently among jurisdictions or in a manner that is inconsistent with our current policies and practices, all of which can make compliance challenging and costly, and expose us to related risks and liabilities. In the U.S., numerous federal, state, and local data privacy and security laws and regulations govern the collection, sharing, use, retention, disclosure, security, storage, transfer, and other processing of personal information, including protected health information. Numerous other states also are enacting or considering, comprehensive state-level data privacy and security laws. As a contractor supporting defense, health care, and national security customers, we are also subject to additional, specific regulatory compliance requirements relating to data privacy and security. Under DFARS and other federal regulations, we are required to implement the security and privacy controls in National Institute of Standards and Technology Special Publications on certain of our networks and information technology systems. To the extent that we do not comply with applicable security and control requirements, and there is unauthorized access or disclosure of sensitive information (including personal information), this could potentially result in a contract termination or loss of intellectual property, which could materially and adversely affect our business and financial results and lead to reputational harm. We will also be subject to numerous emerging and as yet unspecified cybersecurity requirements under the FAR and through federal regulation, to include the DOD Cybersecurity Maturity Model Certification (“CMMC”) program, which, once implemented, will require successful assessment by a third party against specified cyber controls. Should we or our supply chain fail to implement these new requirements, this may adversely affect our ability to receive awards or execute on relevant government programs. We are in the process of evaluating our readiness against these new requirements and while we have confidence we will meet or

We are subject to various laws and regulations in the U.S. and globally relating to data privacy and security. These laws and regulations are complex, constantly evolving, and may be subject to significant change in the future. In addition, the application, interpretation and enforcement of these laws and regulations are often uncertain, particularly in new and rapidly evolving areas of technology, and may differ in material respects among jurisdictions, interpreted and applied inconsistently among jurisdictions or in a manner that is inconsistent with our current policies and practices, all of which can make compliance challenging and costly, and expose us to related risks and liabilities. In the U.S., numerous federal, state, and local data privacy and security laws and regulations govern the collection, sharing, use, retention, disclosure, security, storage, transfer, and other processing of personal information, including protected health information. Numerous other states also are enacting or considering, comprehensive state-level data privacy and security laws. As a contractor supporting defense, health care, and national security customers, we are also subject to additional, specific regulatory compliance requirements relating to data privacy and security. Under DFARS and other federal regulations, we are required to implement the security and privacy controls in National Institute of Standards and Technology Special Publications on certain of our networks and information technology systems. To the extent that we do not comply with applicable security and control requirements, and there is unauthorized access or disclosure of sensitive information (including personal information), this could potentially result in a contract termination or loss of intellectual property, which could materially and adversely affect our business and financial results and lead to reputational harm. We will also be subject to numerous emerging and as yet unspecified cybersecurity requirements under the FAR and through federal regulation, to include the DOD Cybersecurity Maturity Model Certification ("CMMC") program, which, once implemented, will require successful assessment by a third party against specified cyber controls. Should we or our supply chain fail to implement these new requirements, this may adversely affect our ability to receive awards or execute on relevant government programs. We are in the process of evaluating our readiness against these new requirements and while we have confidence we will meet or exceed requirements, to the extent we do not, we will be unable to bid on such contract awards, which could adversely impact our revenue and our profitability. Leidos Holdings, Inc. Annual Report - 26 Leidos Holdings, Inc. Annual Report - 26 Leidos Holdings, Inc. Annual Report - 26 Table of ContentsPART I Table of Contents PART I The overarching complexity of data privacy and security laws and regulations around the world poses a compliance challenge that could manifest in costs, damages, or liability in other forms as a result of failure to implement proper programmatic controls, failure to adhere to those controls, or the breach of applicable data privacy and security requirements by us, our employees, our business partners (including our service providers, suppliers or subcontractors) or our customers. We also expect that there will continue to be new proposed laws, regulations, and industry standards concerning data privacy and security, and we cannot yet determine the impact such future laws, regulations and standards, or amendments to or re-interpretations of existing laws, regulations or standards, may have on our business. Any failure or perceived failure by us, our service providers, suppliers, subcontractors, or other business partners to comply with applicable laws, regulations, our public privacy policies and other public statements about data privacy and security and other obligations in these areas could result in regulatory or government actions lawsuits against us (including civil claims, such as representative actions and other class action-type litigation), legal liability, monetary penalties, fines, sanctions, damages and other costs, orders to cease or change our processing of data, changes to our business practices, diversion of internal resources, and harm to our reputation, all of which could adversely affect our business, financial condition and results of operations. We may also incur substantial expenses in implementing and maintaining compliance with such laws, regulations, and other obligations. For additional background on the data privacy and security laws that apply to our business and the related compliance risks, see “Regulation” within Item 1 of this Annual Report on Form 10-K.

We generate revenues under various types of contracts, including cost-reimbursement, FPIF, T&M, FPLOE and FFP contracts. Our earnings and profitability may vary materially depending on changes in the proportionate amount of revenues derived from each type of contract, the nature of services or products provided, the achievement of performance objectives, and the stage of performance at which the right to receive fees, particularly under incentive-fee and award-fee contracts, is finally determined. Cost-reimbursement and T&M contracts are generally less profitable than FFP contracts. Our operating results in any period may also be affected, positively or negatively, by customers’ variable purchasing patterns of our more profitable proprietary products. Our profitability is adversely affected when we incur contract costs that we cannot bill to our customers. To varying degrees, each of our contract types involves some risk of underestimating the costs and resources necessary to fulfill the contract. While FFP contracts allow us to benefit from cost savings, these contracts also increase our exposure to the risk of cost overruns. Revenues from FFP contracts represented approximately 43% of our total revenues for fiscal 2024. When making proposals on these types of contracts, we rely heavily on our estimates of costs and timing to complete the associated projects, as well as assumptions regarding technical issues. In each case, our failure to accurately estimate costs or the resources and technology needed to perform our contracts or to effectively manage and control our costs during performance could result, and in some instances has resulted, in reduced profits or losses. More generally, any increased or unexpected costs or unanticipated delays in the performance of our contracts, including costs and delays caused by contractual disputes or other factors outside of our control, such as performance failures of our subcontractors, rising inflationary pressures, and fluctuations in interest rates, natural disasters or other force majeure events, could make our contracts less profitable than expected or unprofitable. 26Leidos Holdings, Inc. Annual Report 26Leidos Holdings, Inc. Annual Report 26Leidos Holdings, Inc. Annual Report 26 Leidos Holdings, Inc. Annual Report 26Leidos Holdings, Inc. Annual Report 26Leidos Holdings, Inc. Annual Report 26 Leidos Holdings, Inc. Annual Report 26Leidos Holdings, Inc. Annual Report 26 Leidos Holdings, Inc. Annual Report 26 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I

We generate revenues under various types of contracts, including cost-reimbursement, FP-IF, T&M, FP-LOE and FFP contracts. Our earnings and profitability may vary materially depending on changes in the proportionate amount of revenues derived from each type of contract, the nature of services or products provided, the achievement of performance objectives, and the stage of performance at which the right to receive fees, particularly under incentive-fee and award-fee contracts, is finally determined. Cost-reimbursement and T&M contracts are generally less profitable than FFP contracts. Our operating results in any period may also be affected, positively or negatively, by customers' variable purchasing patterns of our more profitable proprietary products. Leidos Holdings, Inc. Annual Report - 30 Leidos Holdings, Inc. Annual Report - 30 Leidos Holdings, Inc. Annual Report - 30 Table of ContentsPART I Table of Contents PART I Our profitability is adversely affected when we incur contract costs that we cannot bill to our customers. To varying degrees, each of our contract types involves some risk of underestimating the costs and resources necessary to fulfill the contract. While FFP contracts allow us to benefit from cost savings, these contracts also increase our exposure to the risk of cost overruns. Revenues from FFP contracts represented approximately 39% of our total revenues for fiscal 2023. When making proposals on these types of contracts, we rely heavily on our estimates of costs and timing to complete the associated projects, as well as assumptions regarding technical issues. In each case, our failure to accurately estimate costs or the resources and technology needed to perform our contracts or to effectively manage and control our costs during performance could result, and in some instances has resulted, in reduced profits or losses. More generally, any increased or unexpected costs or unanticipated delays in the performance of our contracts, including costs and delays caused by contractual disputes or other factors outside of our control, such as performance failures of our subcontractors, rising inflationary pressures, and fluctuations in interest rates, natural disasters or other force majeure events, could make our contracts less profitable than expected or unprofitable.

As a government contractor and a provider of information technology services operating in multiple regulated industries and geographies, we and our service providers, suppliers and subcontractors collect, store, transmit, and otherwise process personal, confidential, proprietary, and sensitive information, including protected health information, personnel information, personal information, classified information, controlled unclassified information, intellectual property and financial information, concerning our business, employees, and customers. Therefore, we are continuously exposed to unauthorized attempts to compromise access, release or otherwise compromise such information through cyber-attacks and other information security threats, including, among other things, physical break-ins, theft, denial-of-service attacks, worms, computer viruses, software bugs, malicious or destructive code, social engineering, phishing attacks and impersonating authorized users, credential stuffing, account takeovers, insider threats, malfeasance or improper access by employees or service providers, human error, fraud, use of AI, “bots” or other automation software, or other similar disruptions. We are also exposed to hackers who have requested “ransom” in exchange for not disclosing information or restoring access to information or systems. These techniques may be perpetrated by internal bad actors, such as employees or contractors, or by third parties (including traditional computer hackers, persons involved with well-funded organized crime or state-sponsored actors). Any electronic or physical break-in or other security breach or compromise of our information technology systems and networks or facilities, or those of our service providers, suppliers, joint ventures or subcontractors, may jeopardize the confidentiality, integrity or availability of information, including personal, confidential, proprietary or sensitive information, stored or transmitted through these systems and networks or stored in those facilities. This could lead to disruptions in mission-critical systems, unauthorized access to or release of personal, confidential, proprietary, sensitive or otherwise protected information and corruption of data or systems. We could also be subject to operational downtimes, delays and other detrimental impacts on our operations or ability to provide products and services to our customers. We are also increasingly subject to customer-driven cybersecurity certification requirements, including but not limited to CMMC, which are expected to be necessary to win future contracts. Security incidents could also result in liability, trigger other obligations under such contracts, or increase the difficulty of winning future contracts. Many statutory requirements, both in the U.S. and abroad, also include different obligations for companies to provide notice of information security incidents involving certain types of information (including obligations to notify affected individuals and regulators in the event of cybersecurity breaches involving certain personal information), which could result from breaches of our service providers, our suppliers or subcontractors. Although we have implemented policies, procedures and controls designed to protect against, detect and mitigate these threats and attacks, we and our service providers, suppliers, joint ventures, and subcontractors have faced and continue to face advanced and persistent attacks on our and their information systems. We cannot guarantee that future incidents will not occur, and if an incident does occur, our incident response planning may not prove fully adequate. We may also not be able to mitigate its impacts successfully. Techniques used by others to gain unauthorized access to personal, confidential, proprietary, or sensitive information or disrupt systems and networks for economic or strategic gain are constantly evolving, increasingly sophisticated, increasingly difficult to detect and successfully defend against and may see their frequency increased, and effectiveness enhanced, by the use of AI. Further, cybersecurity risks may be heightened as a result of ongoing global conflicts such as the military conflict between Russia and Ukraine and the related sanctions imposed by the United States and other countries, or the ongoing conflict in the Middle East, which continues to expand.

As a government contractor and a provider of information technology services operating in multiple regulated industries and geographies, we and our service providers, suppliers and subcontractors collect, store, transmit, and otherwise process personal, confidential, proprietary, and sensitive information, including protected health information, personnel information, personal information, classified information, controlled unclassified information, intellectual property and financial information, concerning our business, employees, and customers. Therefore, we are continuously exposed to unauthorized attempts to compromise access, release or otherwise compromise such information through cyber-attacks and other information security threats, including, among other things, physical break-ins, theft, denial-of-service attacks, worms, computer viruses, software bugs, malicious or destructive code, social engineering, phishing attacks and impersonating authorized users, credential stuffing, account takeovers, insider threats, malfeasance or improper access by employees or service providers, human error, fraud, use of AI, “bots” or other automation software, or other similar disruptions. We are also exposed to hackers who have requested “ransom” in exchange for not disclosing information or restoring access to information or systems. These techniques may be perpetrated by internal bad actors, such as employees or contractors, or by third parties (including traditional computer hackers, persons involved with well-funded organized crime or state-sponsored actors). Any electronic or physical break-in or other security breach or compromise of our information technology systems and networks or facilities, or those of our service providers, suppliers, joint ventures or subcontractors, may jeopardize the confidential integrity or availability of information, including personal, confidential, proprietary or sensitive information, stored or transmitted through these systems and networks or stored in those facilities. This could lead to disruptions in mission-critical systems, unauthorized access to or release of personal, confidential, proprietary, sensitive or otherwise protected information and corruption of data or systems. We could also be subject to operational downtimes, delays and other detrimental impacts on our operations or ability to provide products and services to our customers. We are also increasingly subject to customer-driven cybersecurity certification requirements, including but not limited to CMMC, which are expected to be necessary to win future contracts. Security incidents could also result in liability, trigger other obligations under such contracts, or increase the difficulty of winning future contracts. Many statutory requirements, both in the U.S. and abroad, also include different obligations for companies to provide notice of information security incidents involving certain types of information (including obligations to notify affected individuals and regulators in the event of cybersecurity breaches involving certain personal information), which could result from breaches of our service providers, our suppliers or subcontractors. Although we have implemented policies, procedures and controls designed to protect against, detect and mitigate these threats and attacks, we and our service providers, suppliers, joint ventures, and subcontractors have faced and continue to face advanced and persistent attacks on our information systems. We cannot guarantee that future incidents will not occur, and if an incident does occur, our incident response planning may not prove fully adequate. We may also not be able to mitigate its impacts successfully. Techniques used by others to gain unauthorized access to personal, confidential, proprietary, or sensitive information or disrupt systems and networks for economic or strategic gain are constantly evolving, increasingly sophisticated, increasingly difficult to detect and successfully defend against and may see their frequency increased, and effectiveness enhanced, by the use of AI. Further, cybersecurity risks maybe heightened as a result of ongoing global conflicts such as the military conflict between Russia and Ukraine and the related sanctions imposed by the United States and other countries, or the ongoing Israel/Hamas conflict and its regional effects. While we generally perform cybersecurity diligence on our key service providers, we do not control our service providers and our ability to monitor their cybersecurity is limited, so we cannot ensure the cybersecurity measures they take will be sufficient to protect any information we share with them. Due to applicable laws and regulations or contractual obligations, we may be held accountable for cybersecurity breaches or other information security incidents attributed to our service providers as they relate to the information we share with them. Leidos Holdings, Inc. Annual Report - 32 Leidos Holdings, Inc. Annual Report - 32 Leidos Holdings, Inc. Annual Report - 32 Table of ContentsPART I Table of Contents PART I We seek to detect and investigate all information security incidents and to prevent their occurrence, prolongation, or recurrence. We continue to invest in and improve our threat protection, detection and mitigation policies, procedures and controls. In addition, we work with other companies in the industry and government participants on increased awareness and enhanced protections against information security and malicious insider threats. However, because of the evolving nature and sophistication of these security threats, which can be difficult to detect, there can be no assurance that our policies, procedures and controls, or those of our service providers, suppliers, or subcontractors, have protected against, detected, mitigated or will detect, prevent or mitigate, any of these threats and we cannot predict the full impact of any such past or future incident. We may be currently unaware of certain vulnerabilities or lack the capability to detect them, which may allow them to persist in our information technology environment over long periods, and, even if discovered, it could take considerable time for us to obtain full and reliable information about the extent, amount and type of information compromised, and our remediation efforts may not be completely successful. As cybersecurity threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate or remediate any information security vulnerabilities, cybersecurity breaches or other information security incidents. We may also experience similar security threats to the information technology systems we develop, install, or maintain under customer contracts. Although we work cooperatively with our customers and other business partners, including our service providers, suppliers, and subcontractors, to seek to minimize the potential for and impact of cyber-attacks and other security threats, we must rely on the safeguards put in place by those entities. See also the risk factor “Internal system or service failures, or failures in the systems or services of third parties on which we rely, could disrupt our business and impair our ability to effectively provide our services and products to our customers, which could damage our reputation and adversely affect our revenues and profitability.” The occurrence of any unauthorized access to, attacks on cybersecurity breaches of other information security threats to our or our service providers', suppliers' or subcontractors' information technology infrastructure, systems or networks or data, or our failure to make adequate or timely disclosure to the public, regulators, or law enforcement agencies following any such event, could disrupt our infrastructure, systems, or networks or those of our customers, impair our ability to provide services to our customers and may jeopardize the security of data collected, stored, transmitted or otherwise processed through our information technology infrastructure, systems and networks. As a result, we could be exposed to claims, fines, penalties, loss of revenues, product development delays, compromise, corruption, or loss of confidential, proprietary, or sensitive information (including personal information or technical business information), contract terminations and damages, remediation costs and other costs and expenses, regulatory investigations or sanctions, indemnity obligations, and other potential liabilities. Any of the foregoing could adversely affect our reputation, ability to win work on sensitive contracts or loss of current and future contracts (including sensitive U.S. government contracts), business operations and financial results. We have insurance against some cyber-risks and attacks; however, our insurer may deny coverage as to any future claim, our insurance coverage may not be sufficient to offset the impact of a material loss event, and such insurance may increase in cost or cease to be available on commercial terms in the future. Leidos Holdings, Inc. Annual Report - 33 Leidos Holdings, Inc. Annual Report - 33 Leidos Holdings, Inc. Annual Report - 33 Table of ContentsPART I Table of Contents PART I

We expect that a majority of the business that we seek in the foreseeable future will be awarded through a competitive bidding process. The U.S. government has increasingly relied on contracts that are subject to a continuing competitive bidding process, including GSA Schedule and other multi-award contracts, which has resulted in greater competition and increased pricing pressure. The competitive bidding process involves substantial costs, including labor cost and managerial time to prepare bids and proposals for contracts that may not be awarded to us, may be split among competitors, or that may be awarded but for which we do not receive meaningful task orders, and several risks, including the risk of inaccurately estimating the resources and costs that will be required to fulfill any contract we win. Following contract award, we may encounter significant expense, delay, contract modifications, or even cancellation of the contract award as a result of our competitors protesting the award of contracts to us. Any resulting loss or delay of start-up and funding of work under protested contract awards may adversely affect our revenues and profitability. In addition, multiple-award contracts require that we make sustained post-award efforts to obtain task orders under the contract. As a result, we may not be able to obtain these task orders or recognize revenues under these multiple-award contracts. We are also experiencing increased competition, which impacts our ability to obtain contracts; see the risk factor “We face intense competition that can impact our ability to obtain contracts and, therefore, affect our future revenues and growth prospects.” Our failure to compete effectively in this procurement environment would adversely affect our revenues and profitability. 18Leidos Holdings, Inc. Annual Report 18Leidos Holdings, Inc. Annual Report 18Leidos Holdings, Inc. Annual Report 18 Leidos Holdings, Inc. Annual Report 18Leidos Holdings, Inc. Annual Report 18Leidos Holdings, Inc. Annual Report 18 Leidos Holdings, Inc. Annual Report 18Leidos Holdings, Inc. Annual Report 18 Leidos Holdings, Inc. Annual Report 18 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I

We expect that a majority of the business that we seek in the foreseeable future will be awarded through a competitive bidding process. The U.S. government has increasingly relied on contracts that are subject to a continuing competitive bidding process, including GSA Schedule and other multi-award contracts, which has resulted in greater competition and increased pricing pressure. The competitive bidding process involves substantial costs, including significant cost and managerial time to prepare bids and proposals for contracts that may not be awarded to us, may be split among competitors, or that may be awarded but for which we do not receive meaningful task orders, and several risks, including the risk of inaccurately estimating the resources and costs that will be required to fulfill any contract we win. Following contract award, we may encounter significant expense, delay, contract modifications, or even contract loss as a result of our competitors protesting the award of contracts to us in competitive bidding. Any resulting loss or delay of start-up and funding of work under protested contract awards may adversely affect our revenues and profitability. In addition, multi-award contracts require that we make sustained post-award efforts to obtain task orders under the contract. As a result, we may not be able to obtain these task orders or recognize revenues under these multi-award contracts. We are also experiencing increased competition, which impacts our ability to obtain contracts; see the risk factor “We face intense competition that can impact our ability to obtain contracts and, therefore, affect our future revenues and growth prospects.” Our failure to compete effectively in this procurement environment would adversely affect our revenues and profitability. Leidos Holdings, Inc. Annual Report - 20 Leidos Holdings, Inc. Annual Report - 20 Leidos Holdings, Inc. Annual Report - 20 Table of ContentsPART I Table of Contents PART I

Any system or service disruptions, including those caused by ongoing projects to improve our information technology systems and networks and the delivery of services, whether through our shared services organization or outsourced services, if not anticipated and appropriately mitigated, could materially and adversely affect our business including, among other things, an adverse effect on our ability to perform on contracts, bill our customers for work performed on our contracts, collect the amounts that have been billed and produce accurate financial statements in a timely manner. We, and the service providers, suppliers and subcontractors on which we rely, are also subject to systems failures, including network, software or hardware failures, whether caused by us, third-party service providers, cybersecurity threats, malicious insiders, software bugs or errors, natural disasters, power shortages, terrorist attacks, pandemics or other events, which could cause loss of data and interruptions or delays in our business, cause us to incur remediation costs, subject us to claims and damage our reputation. In addition, the failure or disruption of our communications, or those of our service providers, suppliers or subcontractors, could cause us to interrupt or suspend our operations or otherwise adversely affect our business. Our property and business 28Leidos Holdings, Inc. Annual Report 28Leidos Holdings, Inc. Annual Report 28Leidos Holdings, Inc. Annual Report 28 Leidos Holdings, Inc. Annual Report 28Leidos Holdings, Inc. Annual Report 28Leidos Holdings, Inc. Annual Report 28 Leidos Holdings, Inc. Annual Report 28Leidos Holdings, Inc. Annual Report 28 Leidos Holdings, Inc. Annual Report 28 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I interruption insurance may be inadequate to compensate us for all losses resulting from any system or operational failure or disruption.

Any system or service disruptions, including those caused by ongoing projects to improve our information technology systems and networks and the delivery of services, whether through our shared services organization or outsourced services, if not anticipated and appropriately mitigated, could materially and adversely affect our business including, among other things, an adverse effect on our ability to perform on contracts, bill our customers for work performed on our contracts, collect the amounts that have been billed and produce accurate financial statements in a timely manner. We, and the service providers, suppliers and subcontractors on which we rely, are also subject to systems failures, including network, software or hardware failures, whether caused by us, third-party service providers, cybersecurity threats, malicious insiders, natural disasters, power shortages, terrorist attacks, pandemics or other events, which could cause loss of data and interruptions or delays in our business, cause us to incur remediation costs, subject us to claims and damage our reputation. In addition, the failure or disruption of our communications, or those of our service providers, suppliers or subcontractors, could cause us to interrupt or suspend our operations or otherwise adversely affect our business. Our property and business interruption insurance may be inadequate to compensate us for all losses resulting from any system or operational failure or disruption.

There is increased attention from governmental organizations, customers, employees, and other stakeholders globally on companies’ environmental, social, and governance (“ESG”) practices and disclosures such as diversity, equity and inclusion, workplace culture, community investment, environmental management, climate impact, and information security. We may be expected to expend resources to monitor, report on, and adopt policies and practices that we believe will improve alignment with our evolving ESG strategy and goals, as well as ESG-related standards and expectations of legal regimes and stakeholders such as customers, investors, stockholders, raters, employees, and business partners. 24Leidos Holdings, Inc. Annual Report 24Leidos Holdings, Inc. Annual Report 24Leidos Holdings, Inc. Annual Report 24 Leidos Holdings, Inc. Annual Report 24Leidos Holdings, Inc. Annual Report 24Leidos Holdings, Inc. Annual Report 24 Leidos Holdings, Inc. Annual Report 24Leidos Holdings, Inc. Annual Report 24 Leidos Holdings, Inc. Annual Report 24 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I If our practices and disclosures do not meet evolving rules and regulations or our stakeholder expectations and standards (or if we are viewed negatively based on positions we do or do not take or work we do or do not perform or cannot publicly disclose for certain customers and industries), then our reputation, our ability to attract or retain leading experts, employees and other professionals and our ability to attract new business and customers could be negatively impacted, as could our attractiveness as an investment, service provider, employer, or business partner. Similarly, our failure or perceived failure in our efforts to execute our ESG strategy, or to satisfy various reporting standards within the timelines expected by us and stakeholders or at all, could also result in similar negative impacts. Organizations that provide information to investors on corporate governance and related matters have developed rating processes for evaluating companies on their approach to ESG matters, and unfavorable ratings of our ESG efforts may lead to negative investor sentiment, diversion of investment to other companies, and difficulty in hiring skilled employees. In addition, complying or failing to comply with existing or future federal, state, local, and foreign ESG legislation and regulations applicable to our business and operations, which may conflict with one another, including those related to greenhouse gas emissions, climate change, or other matters could cause us to incur additional compliance and operational costs or actions and suffer reputational harm, which could adversely affect our business. In addition, our share price and demand for our securities could be adversely affected.

There is increased scrutiny from governmental organizations, customers, and employees on companies' environmental, social, and governance (“ESG”) practices and disclosures such as DEI, workplace culture, community investment, environmental management, climate impact, and information security. We have expended and may further expend resources to monitor, report on, and adopt policies and practices that we believe will improve alignment with our evolving ESG strategy and goals, as well as ESG-related standards and expectations of legal regimes and stakeholders such as customers, investors, stockholders, raters, employees, and business partners. Leidos Holdings, Inc. Annual Report - 27 Leidos Holdings, Inc. Annual Report - 27 Leidos Holdings, Inc. Annual Report - 27 Table of ContentsPART I Table of Contents PART I If our ESG practices, including our goals for DEI, environmental sustainability, and information security, do not meet evolving rules and regulations or stakeholder expectations and standards (or if we are viewed negatively based on positions we do or do not take or work we do or do not perform or cannot publicly disclose for certain customers and industries), then our reputation, our ability to attract or retain leading experts, employees and other professionals and our ability to attract new business and customers could be negatively impacted, as could our attractiveness as an investment, service provider, employer, or business partner. Similarly, our failure or perceived failure in our efforts to execute our ESG strategy and achieve our current or future ESG-related goals, targets, and objectives, or to satisfy various reporting standards within the timelines expected by stakeholders or at all, could also result in similar negative impacts. Organizations that provide information to investors on corporate governance and related matters have developed rating processes for evaluating companies on their approach to ESG matters, and unfavorable ratings of our ESG efforts may lead to negative investor sentiment, diversion of investment to other companies, and difficulty in hiring skilled employees. In addition, complying or failing to comply with existing or future federal, state, local, and foreign ESG legislation and regulations applicable to our business and operations, which may conflict with one another, including those related to greenhouse gas emissions, climate change, or other matters could cause us to incur additional compliance and operational costs or actions and suffer reputational harm, which could adversely affect our business. In addition, our share price and demand for our securities could be adversely affected.

Any epidemics, pandemics, or similar outbreaks have in the past created (as in the case of COVID-19 and its variants) and could again create economic uncertainty and disruptions to the global economy that could adversely affect our businesses, or could lead to operational difficulties, including travel limitations, that could impair our ability to manage or conduct our business. Any future epidemic, pandemic, or similar outbreak may have similar impacts, and we cannot currently anticipate the potential impact on our business and results of operations.

Any epidemics, pandemics, or similar outbreaks such as COVID-19 and its variants could create economic uncertainty and disruptions to the global economy that could adversely affect our businesses, or could lead to operational difficulties, including travel limitations, that could impair our ability to manage or conduct our business. For example, the spread of COVID-19 and mitigating measures caused unprecedented disruptions to the global economy and normal business operations across sectors and countries, including the sectors in which we, our customers and other third parties operate. Further, new contract awards have been and may continue to be delayed and our ability to perform on our existing contracts has been and may continue to be delayed or impaired, which will negatively impact our revenues. In addition, our program costs have increased as a result of COVID-19, and these cost increases may not be fully recoverable or adequately covered by insurance or equitable adjustments to contract prices. Any future epidemic, pandemic, or similar outbreak may have similar impacts, and we cannot currently anticipate the potential impact on our business and results of operations due to any such outbreak.

Some provisions of our certificate of incorporation and bylaws may delay, discourage, or prevent a merger or acquisition that our stockholders may consider favorable, including transactions in which stockholders might receive a premium for their shares. These restrictions, which may also make it more difficult for our stockholders to elect directors not endorsed by our current directors and management, include mergers and certain other business combinations between a related person and 36Leidos Holdings, Inc. Annual Report 36Leidos Holdings, Inc. Annual Report 36Leidos Holdings, Inc. Annual Report 36 Leidos Holdings, Inc. Annual Report 36Leidos Holdings, Inc. Annual Report 36Leidos Holdings, Inc. Annual Report 36 Leidos Holdings, Inc. Annual Report 36Leidos Holdings, Inc. Annual Report 36 Leidos Holdings, Inc. Annual Report 36 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I us requiring approval by the holders of a majority of the voting power of such securities that are not owned by the related person unless approved by a majority of continuing directors or certain other exceptions; our stockholders may not act by written consent; our Board may issue, without stockholder approval, shares of undesignated preferred stock, the terms of which may be determined by the Board; and we are also subject to certain restrictions on business combinations under Section 203 of the Delaware General Corporation Law, which imposes additional requirements for business combinations, and may prevent our stockholders from receiving the benefit from any premium to the market price of our common stock offered by a bidder in a takeover context.

Some provisions of our certificate of incorporation and bylaws may delay, discourage, or prevent a merger or acquisition that our stockholders may consider favorable, including transactions in which stockholders might receive a premium for their shares. These restrictions, which may also make it more difficult for our stockholders to elect directors not endorsed by our current directors and management, include mergers and certain other business combinations between a related person and us requiring approval by the holders of a majority of the voting power of such securities that are not owned by the related person unless approved by a majority of continuing directors or certain other exceptions; our stockholders may not act by written consent; our Board may issue, without stockholder approval, shares of undesignated preferred stock, the terms of which may be determined by the Board; and we are also subject to certain restrictions on business combinations under Section 203 of the Delaware General Corporation Law, which imposes additional requirements for business combinations, and may prevent our stockholders from receiving the benefit from any premium to the market price of our common stock offered by a bidder in a takeover context.

Volatile, negative, or uncertain economic conditions, an increase in the likelihood of a recession, or concerns about these or other similar risks may negatively impact our customers’ ability and willingness to fund their projects. For example, declines in state and local tax revenues, as well as other economic declines, may result in lower government spending. Our customers reducing, postponing, or canceling spending on projects in respect of which we provide services may reduce demand for our services quickly and with little warning, which could have a material adverse effect on our business, results of operations, and financial condition.

Volatile, negative, or uncertain economic conditions, an increase in the likelihood of a recession, or concerns about these or other similar risks may negatively impact our customers’ ability and willingness to fund their projects. For example, declines in state and local tax revenues, as well as other economic declines, may result in lower government spending. Our customers reducing, postponing, or canceling spending on projects in respect of which we provide services may reduce demand for our services quickly and with little warning, which could have a material adverse effect on our business, results of operations, and financial condition. Leidos Holdings, Inc. Annual Report - 21 Leidos Holdings, Inc. Annual Report - 21 Leidos Holdings, Inc. Annual Report - 21 Table of ContentsPART I Table of Contents PART I Moreover, instability in the credit or capital markets in the U.S., including as a result of failures of financial institutions and any related market-wide reduction in liquidity, or concerns or rumors about events of these kinds or similar risks, could affect the availability of credit or our credit ratings, making it relatively difficult or expensive to obtain additional capital at competitive rates, on commercially reasonable terms or in sufficient amounts, or at all, thus making it more difficult or expensive for us to access funds or refinance our existing indebtedness, or obtain financing for acquisitions. Such instability could also cause counterparties, including vendors, suppliers, and subcontractors, to be unable to perform their obligations or to breach their obligations to us under our contracts with them. In addition, instability in the credit or capital markets could negatively impact our customers’ ability to fund their projects and, therefore, utilize our services, which could have a material adverse effect on our business, results of operations, and financial condition.

As of January 3, 2025, goodwill was 46% of our total assets. The amount of our goodwill may substantially increase in the future as a result of any acquisitions that we make. Goodwill is tested for impairment whenever events or changes in circumstances indicate that the carrying value may not be recoverable and at least annually. The impairment test is based on several factors requiring judgment. Examples of events could include a significant adverse change in legal factors or in the business climate, an adverse action or assessment by a regulator, unanticipated competition, adverse contract acquisition performance, loss of key personnel, or a more-likely-than-not expectation that a reporting unit or a significant portion of a reporting unit will be sold or otherwise disposed. Adverse changes in fiscal and economic conditions, such as those related to federal budget cuts and the nation’s debt ceiling, deteriorating market conditions for companies in our industry and unfavorable changes in discount rates could result in an impairment of goodwill. For example, during fiscal 2023, the SES reporting unit refined its portfolio and made strategic business decisions to exit certain product offerings, and cease operations in certain countries in order to align the operations of the reporting unit with its strategic business plan. These decisions, along with the delays in airline travel infrastructure projects and higher than anticipated costs of servicing, contributed to a significant reduction in the reporting unit’s forecasted revenue and cash flows. As a result, we conducted a quantitative goodwill impairment analysis, and our estimates led us to determine that the carrying value of the SES reporting unit exceeded its estimated fair value. Accordingly, we recognized a non-cash goodwill impairment charge of $596 million in fiscal 2023. Any future impairment of goodwill could have a negative impact on our results of operations and shareholders’ equity in the period in which they are recognized. For additional information on our accounting policies related to impairment of goodwill, see our discussion under “Critical Accounting Estimates” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” of this Annual Report on Form 10-K, “Note 3—Summary of Significant Accounting Policies” and “Note 8—Goodwill and Intangible Assets” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.

As of December 29, 2023, goodwill and intangible assets, net was 53% of our total assets. The amount of our goodwill may substantially increase in the future as a result of any acquisitions that we make. Intangible assets and goodwill are tested for impairment whenever events or changes in circumstances indicate that the carrying value may not be recoverable and at least annually in the case of goodwill and intangible assets with indefinite lives. The impairment test is based on several factors requiring judgment. Examples of events or changes in circumstances indicating that the carrying value of intangible assets may not be recoverable could include a significant adverse change in legal factors or in the business climate, an adverse action or assessment by a regulator, unanticipated competition, adverse contract acquisition performance, loss of key personnel, or a more-likely-than-not expectation that a reporting unit or a significant portion of a reporting unit will be sold or otherwise disposed. Adverse changes in fiscal and economic conditions, such as those related to federal budget cuts and the nation’s debt ceiling, deteriorating market conditions for companies in our industry and unfavorable changes in discount rates could result in an impairment of goodwill and other intangibles. For example, during fiscal 2023, the SES reporting unit refined its portfolio and made strategic business decisions to exit certain product offerings, and cease operations in certain countries in order to align the operations of the reporting unit with its strategic business plan. These decisions, along with the delays in airline travel infrastructure projects and disruptions in and higher than anticipated costs of servicing, contributed to a significant reduction in the reporting unit’s forecasted revenue and cash flows. As a result, we conducted a quantitative goodwill impairment analysis, and our estimates led us to determine that the carrying value of the SES reporting unit exceeded its estimated fair value. Accordingly, we recognized a non-cash goodwill impairment charge of $596 million and had $308 million of goodwill remaining at the SES reporting unit as of December 29, 2023. Any future impairment of goodwill or other intangible assets could have a negative impact on our results of operations and shareholders' equity in the period in which they are recognized. For additional information on our accounting policies related to impairment of goodwill, see our discussion under “Critical Accounting Estimates” in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” of this Annual Report on Form 10-K, "Note 3—Summary of Significant Accounting Policies” and “Note 8—Goodwill and Intangible Assets” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.

We derive a portion of our revenues from programs with the U.S. government and its agencies that are subject to security restrictions (e.g., contracts involving classified information and classified programs), which preclude the dissemination of information and technology that is classified for national security purposes under applicable law and regulation. In general, access to classified information, technology, facilities, or programs requires appropriate personnel security clearances, is subject to additional contract oversight and potential liability, and may also require appropriate facility clearances and other specialized infrastructure. In the event of a security incident involving classified information, technology, facilities, programs, or personnel holding clearances, we may be subject to legal, financial, operational and reputational harm. We are limited in our ability to provide information about these classified programs, their risks or any disputes or claims relating to such programs. As a result, investors have less insight into our classified business or our business overall. However, historically the business risks associated with our work on classified programs have not differed materially from those of our other government contracts. 30Leidos Holdings, Inc. Annual Report 30Leidos Holdings, Inc. Annual Report 30Leidos Holdings, Inc. Annual Report 30 Leidos Holdings, Inc. Annual Report 30Leidos Holdings, Inc. Annual Report 30Leidos Holdings, Inc. Annual Report 30 Leidos Holdings, Inc. Annual Report 30Leidos Holdings, Inc. Annual Report 30 Leidos Holdings, Inc. Annual Report 30 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I

We derive a portion of our revenues from programs with the U.S. government and its agencies that are subject to security restrictions (e.g., contracts involving classified information and classified programs), which preclude the dissemination of information and technology that is classified for national security purposes under applicable law and regulation. In general, access to classified information, technology, facilities, or programs requires appropriate personnel security clearances, is subject to additional contract oversight and potential liability, and may also require appropriate facility clearances and other specialized infrastructure. In the event of a security incident involving classified information, technology, facilities, programs, or personnel holding clearances, we may be subject to legal, financial, operational and reputational harm. We are limited in our ability to provide information about these classified programs, their risks or any disputes or claims relating to such programs. As a result, investors have less insight into our classified business or our business overall. However, historically the business risks associated with our work on classified programs have not differed materially from those of our other government contracts. Leidos Holdings, Inc. Annual Report - 35 Leidos Holdings, Inc. Annual Report - 35 Leidos Holdings, Inc. Annual Report - 35 Table of ContentsPART I Table of Contents PART I

This risk factor summary contains a high-level summary of risks associated with our business. It does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary. A summary of our risks includes, but is not limited to, the following: uWe depend on government agencies as our primary customers and if our reputation or relationships with these agencies were harmed, our future revenues and growth prospects could be adversely affected. uA decline in the U.S. government budget, changes in spending or budgetary priorities or delays in contract awards may significantly and adversely affect our future revenues and limit our growth prospects. uBecause we depend on U.S. government contracts, a delay in the completion of the U.S. government’s budget and appropriations process could delay procurement of the products, services and solutions we provide and adversely affect our future revenues. uDue to the competitive process to obtain contracts and the likelihood of bid protests, we may be unable to achieve or sustain revenue growth and profitability. uThe U.S. government may terminate, cancel, modify, renew on less favorable terms or curtail our contracts at any time prior to their completion and, if we do not replace them, this may adversely affect our future revenues and profitability. uWe face intense competition that can impact our ability to obtain contracts and therefore affect our future revenues and growth prospects. uDeterioration of economic conditions or weakening in credit or capital markets may have a material adverse effect on our business, results of operations and financial condition. uWe cannot predict the consequences of current or future geopolitical events, but they may adversely affect the markets in which we operate and our results of operations. uGlobal supply chain issues and inflationary pressures have disrupted supply and increased the prices of goods and services, which could raise the costs associated with providing our services, diminish our ability to compete for new contracts or task orders and reduce customer buying power. uOur failure to comply with various complex procurement rules and regulations could result in our being liable for penalties, including termination of our U.S. government contracts, disqualification from bidding on future U.S. government contracts and suspension or debarment from U.S. government contracting. uThe U.S. government may adopt new contract rules and regulations or revise its procurement practices in a manner adverse to us at any time. uApplication of the U.S. government's organizational conflict of interest (OCI) rules could limit our ability to successfully compete for new contracts or task orders, which would adversely affect our results of operations. uAs a U.S. government contractor, our partners and we are subject to reviews, audits and cost adjustments by the U.S. government, which could adversely affect our profitability, cash position or growth prospects if resolved unfavorably to us. uOur business is subject to governmental review and investigation, which could adversely affect our financial position, operating results and growth prospects. uInvestigations, audits, claims, disputes, enforcement actions, litigation, arbitration or other legal proceedings could require us to pay potentially large damage awards or penalties and could be costly to defend, which would adversely affect our cash balances and profitability, and could damage our reputation. uOur business and operations expose us to numerous legal and regulatory requirements, and any violation of these requirements could harm our business. uOur business is subject to complex and evolving laws and regulations regarding data privacy and security which could subject us to investigations, claims or monetary penalties against us, require us to change our business practices or otherwise adversely affect our revenues and profitability. uMisconduct of employees, subcontractors, agents, suppliers, business partners or joint ventures and others working on our behalf could cause us to lose existing contracts or customers and adversely affect our ability to obtain new contracts and could have a material adverse impact on our business, reputation and future results.

This risk factor summary contains a high-level summary of risks associated with our business. It does not contain all of the information that may be important to you, and you should read this risk factor summary together with the more detailed discussion of risks and uncertainties set forth following this summary. A summary of our risks includes, but is not limited to, the following: •We depend on government agencies as our primary customers and if our reputation or relationships with these agencies were harmed, our future revenues and growth prospects could be adversely affected. •A decline in the U.S. government budget, changes in spending or budgetary priorities or delays in contract awards may significantly and adversely affect our future revenues and limit our growth prospects. •Because we depend on U.S. government contracts, a delay in the completion of the U.S. government’s budget and appropriations process could delay procurement of the products, services and solutions we provide and adversely affect our future revenues. •Due to the competitive process to obtain contracts and the likelihood of bid protests, we may be unable to achieve or sustain revenue growth and profitability. •The U.S. government may terminate, cancel, modify, renew on less favorable terms or curtail our contracts at any time prior to their completion and, if we do not replace them, this may adversely affect our future revenues and profitability. •We face intense competition that can impact our ability to obtain contracts and therefore affect our future revenues and growth prospects. •Deterioration of economic conditions or weakening in credit or capital markets may have a material adverse effect on our business, results of operations and financial condition. •We cannot predict the consequences of current or future geopolitical events, but they may adversely affect the markets in which we operate and our results of operations. •Global supply chain issues and inflationary pressures have disrupted supply and increased the prices of goods and services, which could raise the costs associated with providing our services, diminish our ability to compete for new contracts or task orders and reduce customer buying power. •Our failure to comply with various complex procurement rules and regulations could result in our being liable for penalties, including termination of our U.S. government contracts, disqualification from bidding on future U.S. government contracts and suspension or debarment from U.S. government contracting. •The U.S. government may adopt new contract rules and regulations or revise its procurement practices in a manner adverse to us at any time. Leidos Holdings, Inc. Annual Report - 16 Leidos Holdings, Inc. Annual Report - 16 Leidos Holdings, Inc. Annual Report - 16 Table of ContentsPART I Table of Contents PART I •Efforts by the U.S. government to revise its organizational conflict of interest rules could limit our ability to successfully compete for new contracts or task orders, which would adversely affect our results of operations. •As a U.S. government contractor, our partners and we are subject to reviews, audits and cost adjustments by the U.S. government, which could adversely affect our profitability, cash position or growth prospects if resolved unfavorably to us. •Our business is subject to governmental review and investigation, which could adversely affect our financial position, operating results and growth prospects. •Investigations, audits, claims, disputes, enforcement actions, litigation, arbitration or other legal proceedings could require us to pay potentially large damage awards or penalties and could be costly to defend, which would adversely affect our cash balances and profitability, and could damage our reputation. •Our business and operations expose us to numerous legal and regulatory requirements, and any violation of these requirements could harm our business. •Our business is subject to complex and evolving laws and regulations regarding data privacy and security which could subject us to investigations, claims or monetary penalties against us, require us to change our business practices or otherwise adversely affect our revenues and profitability. •We utilize artificial intelligence, which could expose us to liability or adversely affect our business, especially if we are unable to compete effectively with others in adopting artificial intelligence. •Misconduct of employees, subcontractors, agents, suppliers, business partners or joint ventures and others working on our behalf could cause us to lose existing contracts or customers and adversely affect our ability to obtain new contracts and customers and could have a material adverse impact on our business, reputation and future results. •A failure to attract, train, retain and motivate skilled employees, including our management team, would adversely affect our ability to execute our strategy and may disrupt our operations. •We may not realize the full amounts reflected in our backlog as revenues, which could adversely affect our expected future revenues and growth prospects. •Our earnings and profitability may vary based on the mix of our contracts and may be adversely affected by our failure to estimate and manage costs, time and resources accurately. •We use estimates in recognizing revenues, and if we make changes to estimates used in recognizing revenues, our profitability may be adversely affected. •Cybersecurity breaches and other information security incidents could negatively impact our business and financial results, impair our ability to effectively provide our services to our customers and cause harm to our reputation or competitive position. •Internal system or service failures, or failures in the systems or services of third parties on which we rely, could disrupt our business and impair our ability to effectively provide our services and products to our customers, which could damage our reputation and adversely affect our revenues and profitability. •Customer systems failures could damage our reputation and adversely affect our revenues and profitability. •Our success depends, in part, on our ability to work with complex and rapidly changing technologies to meet the needs of our customers. •We have classified contracts with the U.S. government, which may limit investor insight into portions of our business. Leidos Holdings, Inc. Annual Report - 17 Leidos Holdings, Inc. Annual Report - 17 Leidos Holdings, Inc. Annual Report - 17 Table of ContentsPART I Table of Contents PART I •We have made and continue to make acquisitions, investments, joint ventures and divestitures that involve numerous risks and uncertainties. •Goodwill and other intangible assets represent significant assets on our balance sheet and any impairment of these assets could negatively impact our results of operations, and shareholders' equity. •We depend on our teaming arrangements and relationships with other contractors and subcontractors. If we are not able to maintain these relationships, or if these parties fail to satisfy their obligations to us or the customer, our revenues, profitability and growth prospects could be adversely affected. •We could incur significant liabilities and suffer negative publicity if our inspection or detection systems fail to detect bombs, explosives, weapons, contraband or other threats. •We face risks associated with our international business. •Changes in tax laws and regulations or exposure to additional tax liabilities could adversely affect our financial results. Leidos Holdings, Inc. Annual Report - 18 Leidos Holdings, Inc. Annual Report - 18 Leidos Holdings, Inc. Annual Report - 18 Table of ContentsPART I Table of Contents PART I

Misconduct encompasses a wide range of improper activities that could pose risks to our business. This includes fraud, falsifying time records or other documentation, and violations of laws such as the Anti-Kickback Act. Non-compliance with our internal policies and procedures, as well as failure to adhere to federal, state, or local government procurement regulations—including those related to the use and protection of classified or sensitive information—also constitute misconduct. Examples include failure to comply with legislation on labor pricing and costs in government contracts, violating environmental, health, or safety laws, engaging in bribery of foreign government officials, breaching import-export controls, and participating in improper lobbying or similar activities. Any incidents of data loss or information security lapses that compromise personal information or lead to the improper use or disclosure of sensitive or classified data could negatively impact us. We could face legal claims, incur remediation costs, and be subjected to regulatory investigations or sanctions. Such events might corrupt or disrupt our systems or those of our customers, impair our ability to provide services, result in the loss of existing and future contracts, and impose indemnity obligations. The damage to our reputation could be significant, leading to other potential liabilities. See also the risk factor: “Cybersecurity breaches and other information security incidents could negatively impact our business and financial results, impair our ability to effectively provide our services to our customers and cause harm to our reputation or competitive position.” While we have established policies, procedures, training programs, and other compliance controls designed to prevent and detect misconduct, these measures may not be effective, exposing us to unforeseen risks or losses. This risk may increase as we continue to grow and engage with new partners. In our regular business operations, we form and participate in joint ventures—joint efforts or business arrangements of various types—which can introduce additional compliance complexities. Failure to comply with applicable laws or regulations could damage our reputation and subject us to administrative, civil, or criminal investigations and enforcement actions. Potential repercussions include fines and penalties, restitution or other damages, and the loss of security clearances. We might also face the loss of current and future customer contracts, revocation of privileges, and other sanctions such as suspension or debarment from contracting with federal, state, or local government agencies. Any of these outcomes would adversely affect our business, reputation, and future results.

Misconduct could include fraud or other improper activities such as falsifying time or other records and violations of laws, such as the Anti-Kickback Act, and the failure to comply with our policies and procedures or with federal, state, or local government procurement regulations, regulations regarding the use and safeguarding of classified or other protected information, legislation regarding the pricing of labor and other costs in government contracts, laws and regulations relating to environmental, health or safety matters, bribery of foreign government officials, import-export control, lobbying or similar activities and any other applicable laws or regulations. Any data loss or information security lapses resulting in the compromise of personal information or the improper use or disclosure of sensitive or classified information could result in claims, remediation costs, regulatory investigations or sanctions against us, corruption or disruption of our systems or those of our customers, impairment of our ability to provide services to our customers, loss of current and future contracts, indemnity obligations, serious harm to our reputation and other potential liabilities. See also the risk factor “Cybersecurity breaches and other information security incidents could negatively impact our business and financial results, impair our ability to effectively provide our services to our customers and cause harm to our reputation or competitive position.” Although we have implemented policies, procedures, training, and other compliance controls to prevent and detect these activities, these precautions may not prevent all misconduct, and as a result, we could face unknown risks or losses. This risk of improper conduct may increase as we continue to expand and do business with new partners. In the ordinary course of our business, we form and are members of joint ventures (meaning joint efforts or business arrangements of any type). Our failure to comply with applicable laws or regulations could damage our reputation and subject us to administrative, civil, or criminal investigations and enforcement actions, fines and penalties, restitution or other damages, loss of security clearance, loss of current and future customer contracts, loss of privileges and other sanctions, including suspension or debarment from contracting with federal, state or local government agencies, any of which would adversely affect our business, reputation and our future results. Leidos Holdings, Inc. Annual Report - 29 Leidos Holdings, Inc. Annual Report - 29 Leidos Holdings, Inc. Annual Report - 29 Table of ContentsPART I Table of Contents PART I

We are routinely subject to governmental investigations relating to compliance with various laws and regulations with respect to our role as a contractor to federal, state and local government customers and in connection with performing services in countries outside the United States. If a review or investigation identifies improper or unlawful activities, we may be subject to disgorgement of profits, fines, damages, litigation, civil or criminal penalties, exclusion from sales channels or sales opportunities, injunctions, or administrative sanctions, including the termination of contracts, the triggering of price reduction clauses, suspension of payments, suspension or debarment from doing business with governmental agencies or other consequences. We may suffer harm to our reputation if allegations of impropriety are made against us, which would impair our ability to win new contract awards or receive contract renewals. Penalties and sanctions are not uncommon in our industry. If we incur a material penalty or administrative sanction or otherwise suffer harm to our reputation, our revenues, profitability, cash position and future prospects could be adversely affected. More generally, increases in scrutiny and investigations into business practices and major programs supported by contractors from government organizations, legislative bodies, or agencies may lead to increased legal costs and may harm our reputation, revenues, profitability and growth prospects. For a description of our current legal proceedings, see “Item 3. Legal Proceedings” along with “Note 21—Commitments and Contingencies” of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K. 22Leidos Holdings, Inc. Annual Report 22Leidos Holdings, Inc. Annual Report 22Leidos Holdings, Inc. Annual Report 22 Leidos Holdings, Inc. Annual Report 22Leidos Holdings, Inc. Annual Report 22Leidos Holdings, Inc. Annual Report 22 Leidos Holdings, Inc. Annual Report 22Leidos Holdings, Inc. Annual Report 22 Leidos Holdings, Inc. Annual Report 22 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I

We are routinely subject to governmental investigations relating to compliance with various laws and regulations with respect to our role as a contractor to federal, state and local government customers and in connection with performing services in countries outside the United States. If a review or investigation identifies improper or illegal activities, we may be subject to disgorgement of profits, fines, damages, litigation, civil or criminal penalties, exclusion from sales channels or sales opportunities, injunctions, or administrative sanctions, including the termination of contracts, the triggering of price reduction clauses, suspension of payments, suspension or debarment from doing business with governmental agencies or other consequences. We may suffer harm to our reputation if allegations of impropriety are made against us, which would impair our ability to win new contract awards or receive contract renewals. Penalties and sanctions are not uncommon in our industry. If we incur a material penalty or administrative sanction or otherwise suffer harm to our reputation, our revenues, profitability, cash position and future prospects could be adversely affected. More generally, increases in scrutiny and investigations into business practices and major programs supported by contractors from government organizations, legislative bodies, or agencies may lead to increased legal costs and may harm our reputation, revenues, profitability and growth prospects. For a description of our current legal proceedings, see "Item 3. Legal Proceedings" along with "Note 21—Commitments and Contingencies" of the notes to the consolidated financial statements contained within this Annual Report on Form 10-K.

We must comply with laws and regulations relating to the formation, administration and performance of U.S. government contracts, which affect how we do business with our customers. Such laws and regulations may impose added costs on our business and our failure to comply with them may lead to civil or criminal penalties, termination of our U.S. government contracts, or suspension or debarment from contracting with federal agencies. For additional background on the regulations that apply to our business and the related compliance risks, see “Regulation” within Item 1 of this Annual Report on Form 10-K and the risk factor “Our business is subject to governmental review and investigation, which could adversely affect our financial position, operating results and growth prospects.” 20Leidos Holdings, Inc. Annual Report 20Leidos Holdings, Inc. Annual Report 20Leidos Holdings, Inc. Annual Report 20 Leidos Holdings, Inc. Annual Report 20Leidos Holdings, Inc. Annual Report 20Leidos Holdings, Inc. Annual Report 20 Leidos Holdings, Inc. Annual Report 20Leidos Holdings, Inc. Annual Report 20 Leidos Holdings, Inc. Annual Report 20 Leidos Holdings, Inc. Annual Report Table of ContentsPART I Table of Contents PART I Table of Contents PART I Government contract laws and regulations can impose terms or obligations that are different than those typically found in commercial transactions. One of the significant differences is that the U.S. Government may terminate any of our government contracts, not only for default based on our performance but also at its convenience. Generally, prime contractors have a similar right under subcontracts related to government contracts. If a contract is terminated for convenience, we typically would be entitled to receive payments for our allowable costs incurred and the proportionate share of fees or earnings for the work performed, but we would receive no payment or other consideration for the loss of revenue or profit associated with the future work that was cancelled. If a contract is terminated for default, the U.S. Government could seek the return of any amounts previously paid to us under the contract and also seek to recover from us any added costs for having another contractor complete the work, exposing us to liability and adversely affecting our ability to compete for future contracts and orders. In addition, the U.S. Government could terminate a prime contract under which we are a subcontractor, notwithstanding the fact that our performance and the quality of the products or services we delivered were consistent with our contractual obligations as a subcontractor. Similarly, the U.S. Government could indirectly terminate a program or contract by not funding it, or by reducing the amount of funding previously obligated to the program or contract. The decision to terminate programs or contracts for convenience or default could adversely affect our business and future financial performance.

We must comply with laws and regulations relating to the formation, administration and performance of U.S. government contracts, which affect how we do business with our customers. Such laws and regulations may impose added costs on our business and our failure to comply with them may lead to civil or criminal penalties, termination of our U.S. government contracts, or suspension or debarment from contracting with federal agencies. For additional background on the regulations that apply to our business and the related compliance risks, see “Regulation” within Item 1 of this Annual Report on Form 10-K and the risk factor “Our business is subject to governmental review and investigation, which could adversely affect our financial position, operating results and growth prospects." The FAR and many of our U.S. government contracts contain organizational conflict of interest clauses that may limit our ability to compete for or perform certain other contracts or other types of services for particular customers. Organizational conflicts of interest arise when we engage in activities that may make us unable to render impartial assistance or advice to the U.S. government, impair our objectivity in performing contract work, or provide us with an unfair competitive advantage. A conflict-of-interest issue that precludes our competition for or performance on a significant program or contract could harm our prospects. Government contract laws and regulations can impose terms or obligations that are different than those typically found in commercial transactions. One of the significant differences is that the U.S. Government may terminate any of our government contracts, not only for default based on our performance but also at its convenience. Generally, prime contractors have a similar right under subcontracts related to government contracts. If a contract is terminated for convenience, we typically would be entitled to receive payments for our allowable costs incurred and the proportionate share of fees or earnings for the work performed. However, to the extent insufficient funds have been appropriated by the U.S. Government to the program to cover our costs upon termination for convenience, the U.S. Government may assert that it is not required to appropriate additional funding. If a contract is terminated for default, the U.S. Government could make claims to reduce the contract value or recover its procurement costs and could assess other special penalties, exposing us to liability and adversely affecting our ability to compete for future contracts and orders. In addition, the U.S. Government could terminate a prime contract under which we are a subcontractor, notwithstanding the fact that our performance and the quality of the products or services we delivered were consistent with our contractual obligations as a subcontractor. Similarly, the U.S. Government could indirectly terminate a program or contract by not funding it. The decision to terminate programs or contracts for convenience or default could adversely affect our business and future financial performance.

Our continued success and ability to compete in a highly competitive environment depends on our ability to attract, retain and develop highly trained and skilled technical and professional talent. Competition for skilled talent is intense, and the costs associated with attracting and retaining them are high and made even more competitive as a result of the external environment, including increasing rates of job transition and low unemployment. In addition, many U.S. government programs require contractors to have security clearances, some of which can be difficult and time-consuming to obtain and talent with such security clearances are in great demand. As a result, it is difficult to retain employees and meet all of our needs for employees in a timely manner, which may affect our growth. Although we intend to continue to devote significant resources to attracting, retaining and developing qualified employees, we may not be able to attract, retain, and effectively develop these employees. Any failure to do so could impair our ability to perform our contractual obligations efficiently and on schedule to meet our customers’ needs and win new business, which could adversely affect our future results. We believe our success will also depend on the continued employment of a highly qualified and experienced senior leadership team and its ability to retain existing business, generate new business, execute our business plans in an efficient and effective manner, and our ability to adequately plan for the succession of our senior leadership team and continually develop new members of senior leadership. An inability to retain appropriately qualified and experienced senior executives, our failure to do adequately succession planning, or our failure to continue to develop new leaders could cause us to lose customers or new business.

Our continued success and ability to compete in a highly competitive environment depend on our ability to recruit and retain highly trained and skilled science, engineering, technical, math, and professional personnel. Competition for skilled personnel is intense, and the costs associated with attracting and retaining them are high and made even more competitive as a result of the external environment, including increasing rates of job transition and low unemployment. In addition, many U.S. government programs require contractors to have security clearances, certain of which can be difficult and time-consuming to obtain and personnel with such security clearances are in great demand. As a result, it is difficult to retain employees and meet all of our needs for employees in a timely manner, which may affect our growth. Although we intend to continue to devote significant resources to recruiting, training and retaining qualified employees, we may not be able to attract, effectively train and retain these employees. Any failure to do so could impair our ability to perform our contractual obligations efficiently and timely meet our customers’ needs and win new business, which could adversely affect our future results. In addition, certain personnel may be required to receive various security clearances to work on certain customer engagements or to perform certain tasks. Necessary security clearances may be delayed or not obtained, which may negatively impact our ability to perform on such engagements in a timely matter or at all. We believe our success will also depend on the continued employment of a highly qualified and experienced senior management team and its ability to retain existing business, generate new business, execute our business plans in an efficient and effective manner, and our ability to adequately plan for the succession of our senior management team and continually develop new members of senior management. An inability to retain appropriately qualified and experienced senior executives, our failure to do adequately succession planning, or our failure to continue to develop new members could cause us to lose customers or new business opportunities.