McDonald's Corporation: 10-K Risk Factor Changes

2026 vs 2025  ·  SEC EDGAR  ·  2026-07-05
✓ Deterministic extraction — no AI-generated data

Classification is based on semantic text similarity scoring and may include approximations. “No match” means no high-confidence textual match was found — not necessarily that a section was removed.

0
New Risks
0
Removed
20
Modified
60
Unchanged
🟡 Modified Severity6/10Det 6

Information technology system failures or interruptions, breaches of network security, or misuse of technology tools may impact our operations or cause reputational harm.

high match confidence

Sentence-level differences:

  • Reworded sentence: "We are increasingly reliant upon technology systems, such as point-of-sale, that support our business operations, including our digital and delivery solutions, and technologies that facilitate communication and collaboration with affiliated entities, customers, employees, franchisees, suppliers, service providers or other independent third parties, whether developed and maintained by us or provided by third parties."
  • Reworded sentence: "Security incidents and breaches have occurred from time to time and may occur in the future involving our systems, the systems of the parties with whom we communicate or collaborate (including franchisees) or the systems of third-party providers."
  • Reworded sentence: "Despite response procedures and measures in place in the event an incident occurs, an event could result in disruptions, shutdowns, or a security breach including the theft or unauthorized disclosure of certain of the above-described information."
  • Reworded sentence: "McDonald's Corporation 2025 Annual Report 30 McDonald's Corporation 2025 Annual Report 30 McDonald's Corporation 2025 Annual Report 30 Despite the implementation of business continuity measures, any of these technology systems could become vulnerable to damage, disability or failures due to fire, power loss, telecommunications failure or other catastrophic events."
  • Added sentence: "In addition, the AI tools we are incorporating into certain aspects of our business may not generate the intended efficiencies, may increase our exposure to risks (both known and unknown), and could adversely impact our business results."

Current (2026):

We are increasingly reliant upon technology systems, such as point-of-sale, that support our business operations, including our digital and delivery solutions, and technologies that facilitate communication and collaboration with affiliated entities, customers, employees,…

Read full text

We are increasingly reliant upon technology systems, such as point-of-sale, that support our business operations, including our digital and delivery solutions, and technologies that facilitate communication and collaboration with affiliated entities, customers, employees, franchisees, suppliers, service providers or other independent third parties, whether developed and maintained by us or provided by third parties. Any failure or interruption of these systems could significantly impact our or our franchisees’ operations, or our customers’ experiences and perceptions. Security incidents and breaches have occurred from time to time and may occur in the future involving our systems, the systems of the parties with whom we communicate or collaborate (including franchisees) or the systems of third-party providers. Additionally, cybersecurity threats continue to become more sophisticated, including AI-enabled attacks and deepfake technology. Incidents may include unauthorized access, phishing attacks, account takeovers, denial of service, computer viruses, deepfakes and other malicious uses of artificial intelligence, introduction of malware or ransomware, other disruptive problems caused by hackers or unintentional events. Certain of these technology systems contain personal, confidential, financial and other information of our customers, employees, franchisees and their employees, suppliers and other third parties, as well as financial, proprietary and other confidential information related to our business. Despite response procedures and measures in place in the event an incident occurs, an event could result in disruptions, shutdowns, or a security breach including the theft or unauthorized disclosure of certain of the above-described information. The actual or alleged occurrence of any of these types of incidents could result in mitigation costs, reputational damage, adverse publicity, loss of consumer confidence, reduced sales and profits, complications in executing our growth initiatives and regulatory and legal risk, including administrative fines, criminal or civil penalties or civil liabilities. McDonald's Corporation 2025 Annual Report 30 McDonald's Corporation 2025 Annual Report 30 McDonald's Corporation 2025 Annual Report 30 Despite the implementation of business continuity measures, any of these technology systems could become vulnerable to damage, disability or failures due to fire, power loss, telecommunications failure or other catastrophic events. Certain technology systems may also become vulnerable, unreliable or inefficient in cases where technology vendors limit or terminate product support and/or maintenance. Our increasing reliance on third-party systems also subjects us to risks faced by those third-party businesses, including operational, security and credit risks. Further, the technology systems of third parties upon which we rely to conduct our business could be compromised in a manner that adversely affects us and our technology systems, information and business continuity. If technology systems were to fail or otherwise be unavailable, or if business continuity or disaster recovery plans were not effective, and we were unable to recover in a timely manner, we could experience an interruption in our or our franchisees’ operations. While we maintain insurance coverage designed to address certain aspects of cybersecurity risks, such insurance coverage may be insufficient to cover all losses or all types of claims that may arise. In addition, the AI tools we are incorporating into certain aspects of our business may not generate the intended efficiencies, may increase our exposure to risks (both known and unknown), and could adversely impact our business results. These risks include potential operational disruptions, data integrity issues, and unintended consequences from algorithmic decision-making. Further, emerging global and U.S. regulations governing AI use – including requirements for responsible use, transparency, bias mitigation, accountability, and explainability – may impose significant compliance obligations and increase reputational risk. Failure to comply with these standards or to effectively manage associated risks, including ethical considerations such as fairness, non-discrimination, and responsible deployment, could result in regulatory penalties, litigation, operational setbacks, or adverse brand perceptions.

View prior text (2025)

We are increasingly reliant upon technology systems, such as point-of-sale, that support our business operations, including our digital and delivery solutions, and technologies that facilitate communication and collaboration with affiliated entities, customers, employees, franchisees, suppliers, service providers or other independent third parties to conduct our business, whether developed and maintained by us or provided by third parties. Any failure or interruption of these systems could significantly impact our or our franchisees’ operations, or our customers’ experiences and perceptions. In addition, the artificial intelligence tools we are incorporating into certain aspects of our business may not generate the intended efficiencies and may impact our business results. Security incidents and breaches have from time to time occurred and may in the future occur involving our systems, the systems of the parties with whom we communicate or collaborate (including franchisees) or the systems of third-party providers. These may include such things as unauthorized access, phishing attacks, account takeovers, denial of service, computer viruses, deepfakes and other malicious uses of artificial intelligence, introduction of malware or ransomware, other disruptive problems caused by hackers or unintentional events. Certain of these technology systems contain personal, confidential, financial and other information of our customers, employees, franchisees and their employees, suppliers and other third parties, as well as financial, proprietary and other confidential information related to our business. Despite response procedures and measures in place in the event an incident occurs, it could result in disruptions, shutdowns, or a security breach including the theft or unauthorized disclosure of certain of the above-described information. The actual or alleged occurrence of any of these types of incidents could result in mitigation costs, reputational damage, adverse publicity, loss of consumer confidence, reduced sales and profits, complications in executing our growth initiatives and regulatory and legal risk, including administrative fines, criminal or civil penalties or civil liabilities. Despite the implementation of business continuity measures, any of these technology systems could become vulnerable to damage, disability or failures due to fire, power loss, telecommunications failure or other catastrophic events. Certain technology systems may also become vulnerable, unreliable or inefficient in cases where technology vendors limit or terminate product support and/or maintenance. Our increasing reliance on third-party systems also subjects us to risks faced by those third-party businesses, including operational, security and credit risks. Further, the technology systems of third parties upon which we rely to conduct our business could be compromised in a manner that adversely affects us and our technology systems, information and business continuity. If technology systems were to fail or otherwise be unavailable, or if business continuity or disaster recovery plans were not effective, and we were unable to recover in a timely manner, we could experience an interruption in our or our franchisees’ operations. While we maintain insurance coverage designed to address certain aspects of cybersecurity risks, such insurance coverage may be insufficient to cover all losses or all types of claims that may arise.

🟡 Modified CASH AND EQUIVALENTS 🔒
🟡 Modified CONSOLIDATION 🔒
🟡 Modified ▪Impairment and other charges (gains), net 🔒
🟡 Modified Recently Adopted Accounting Pronouncements 🔒
🟡 Modified LONG-LIVED ASSETS 🔒
🟡 Modified FINANCIAL INSTRUMENTS AND HEDGING ACTIVITIES 🔒
🟡 Modified STOCK OPTIONS 🔒
🟡 Modified DEBT OBLIGATIONS 🔒
🟡 Modified Credit Risk 🔒
🟡 Modified Cash Flow Hedges 🔒
🟡 Modified AVAILABILITY OF COMPANY INFORMATION 🔒
🟡 Modified Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities indicated below on the 24th day of February, 2026: 🔒
🟡 Modified of $(1), $1, and $22 🔒
🟡 Modified NATURE OF BUSINESS 🔒
🟡 Modified Recent Accounting Pronouncements Not Yet Adopted 🔒
🟡 Modified FOREIGN CURRENCY TRANSLATION 🔒
🟡 Modified Critical Audit Matter 🔒
🟡 Modified (Registrant) 🔒
🟡 Modified ▪Certain Financial Assets and Liabilities Measured at Fair Value 🔒
19 more changes in this filing

Full diff access, historical comparisons, and cross-company signal tracking.

Get full access — from $29/month Already a Pro subscriber? View full diff →