Microchip Technology Inc.: 10-K Risk Factor Changes

Our net sales in any given quarter depend upon a combination of shipments from backlog, and orders that are both received and shipped in the same quarter, which we call turns orders. We measure turns orders at the beginning of a quarter based on the orders needed to meet the shipment targets that we set entering the quarter. Historically, our ability to respond quickly to customer orders has been part of our competitive strategy, resulting in customers placing orders with relatively short delivery schedules. Shorter lead times generally mean that turns orders as a percentage of our business are relatively high in any particular quarter and reduce our visibility on future shipments. Turns orders correlate to overall semiconductor industry conditions and product lead times. Although our backlog had been strong in fiscal 2022, fiscal 2023 and the first half of fiscal 2024, due to favorable business conditions and the impact of our Preferred Supply Program and our LTSAs, the business conditions that led us to implement the Preferred Supply Program changed and, as a result, on February 1, 2024, we discontinued the Preferred Supply Program for new orders. This change in our Preferred Supply Program does not impact our LTSAs. With the cancellation of the Preferred Supply Program, turns orders are once again key to our ability to meet our business objectives. Because turns orders can be difficult to predict, especially in times of economic volatility where customers may change order levels within the quarter, varying levels of turns orders make it more difficult to forecast net sales. The level of turns orders has in the past and may in the future decrease in periods where customers are holding excess inventory of our products. Our customers may have increased their order levels in previous periods of tight supply to help ensure they have sufficient inventory of our products to meet their needs, or they may have been unable to sell their products at their forecasted levels which would reduce our level of turns orders. As a significant portion of our products are manufactured at foundries, foundry lead times may affect our ability to satisfy certain turns orders. If we do not achieve a sufficient level of turns orders in a particular quarter relative to our revenue targets or effectively manage our production based on changes in order forecasts, our revenue and operating results will likely suffer. In February 2021, we announced our Preferred Supply Program and, starting in the first quarter of calendar 2022, we began entering into LTSAs, which offer our customers the ability to receive prioritized capacity. To participate in the original 17 17 17 Table of Contents Table of Contents Preferred Supply Program, customers were expected to place 12 months of orders, which could not be cancelled or rescheduled by the customer except in the event of price increases. In August 2023, we modified our Preferred Supply Program to allow orders for six months of continuous backlog, and those orders could be cancelled or rescheduled if our planned delivery date was greater than six months from the request date. The capacity priority under the Preferred Supply Program began for shipments in July 2021, and ended upon delivery of orders that were placed under the Preferred Supply Program prior to February 1, 2024. The Preferred Supply Program and the LTSAs are not a guarantee of supply; however, they were designed to provide the highest priority for those orders which are under these programs, and the capacity priority was on a first-come, first-served basis until the available capacity was booked. A significant portion of our backlog was booked under these programs while the programs were in effect. There can be no assurance that these programs will continue to be successful or that they will provide the benefits we expect to our business. For example, in the fourth quarter of fiscal 2023 and in fiscal 2024, we accommodated requests by customers to push-out certain orders to help them manage inventory levels and, in some cases, to help other customers that are experiencing supply shortages. However, in the event that we decide to not accommodate a request to push out orders and customers under these programs still attempt to cancel or reschedule orders, or refuse shipment, we may have to take legal or other action to enforce the terms of the programs, and any such actions could result in damage to our customer relationships or cause us to incur significant costs. We may be unable to recover damages from customers that default under these programs. Additionally, these programs have resulted in some customers holding excess inventory of our products and thus decreased their need to place new orders, including turns orders, in recent periods.

Our net sales in any given quarter depend upon a combination of shipments from backlog, and orders that are both received and shipped in the same quarter, which we call turns orders. We measure turns orders at the beginning of a quarter based on the orders needed to meet the shipment targets that we set entering the quarter. Historically, our ability to respond quickly to customer orders has been part of our competitive strategy, resulting in customers placing orders with relatively short delivery schedules. Shorter lead times generally mean that turns orders as a percentage of our business are relatively high in any particular quarter and reduce our visibility on future shipments. Turns orders correlate to overall semiconductor industry conditions and product lead times. Although our backlog has been strong in recent periods due to favorable industry conditions and the impact of our Preferred Supply Program and our LTSAs, in the future we expect turns orders to remain important to our ability to meet our business objectives. Because turns orders can be difficult to predict, especially in times of economic volatility where customers may change order levels within the quarter, varying levels of turns orders make it more difficult to forecast net sales. The level of turns orders may also decrease in future periods in situations where customers are holding excess inventory of our products. Our customers may have increased their order levels in recent previous periods to help ensure they have sufficient inventory of our products to meet their needs, or they may have been unable to sell their products at their forecasted levels which would reduce our level of turns orders. As a significant portion of our products are manufactured at foundries, foundry lead times may affect our ability to satisfy certain turns orders. If we do not achieve a sufficient level of turns orders in a particular quarter relative to our revenue targets or effectively manage our production based on changes in order forecasts, our revenue and operating results will likely suffer. In February 2021, we announced our Preferred Supply Program and, starting in the first quarter of calendar 2022, we began entering into LTSAs, which offer our customers the ability to receive prioritized capacity. To participate in the Preferred Supply Program, customers are expected to place 12 months of orders, which cannot be cancelled or rescheduled by the customer except in the event of price increases. The capacity priority under the Preferred Supply Program began for shipments in July 2021. The Preferred Supply Program and the LTSAs are not a guarantee of supply; however, they will provide the highest priority for those orders which are under these programs, and the capacity priority will be on a first-come, first-served basis until the available capacity is booked. A significant portion of our capacity is booked under these programs. We believe these programs will enable us to be in a stronger position to make capacity and raw material commitments to our suppliers, buy capital equipment with confidence, hire employees and ramp up manufacturing and manufacture products more efficiently. Since these are relatively new programs, there can be no assurance that the programs will be successful or that they will provide the benefits we expect to our business. For example, in recent periods, we have accommodated requests by customers to push-out certain orders to help them manage inventory levels and, in some cases, to help other customers that are experiencing supply shortages. However, in the event that customers under these programs attempt to cancel or reschedule orders, or refuse shipment, we may have to take legal or other action to enforce the terms of the 17 17 17 Table of Contents Table of Contents programs, and any such actions could result in damage to our customer relationships or cause us to incur significant costs. We may be unable to recover damages from customers that default under these programs. Additionally, as orders under these programs cannot be cancelled or returned except in the event of price increases, these programs may result in customers holding excess inventory of our products and thus decrease their need to place new orders, including turns orders, in later periods.

A significant portion of our sales are from or are derived from government agencies or customers who sell to U.S. government agencies. Such sales are subject to uncertainties regarding governmental spending levels, spending priorities, regulatory and policy changes. Future sales into U.S. government projects are subject to uncertain government appropriations and national defense policies and priorities, including the budgetary process, changes in the timing and spending priorities, the impact of any past or future government shutdowns, contract terminations or renegotiations, future sequestrations, changes in regulations that we must comply with to be eligible to accept new contracts, such as the Cybersecurity Maturity Model Certification requirements, or the impact of pandemics. For example, in fiscal 2022, as a result of the COVID-19 pandemic, we experienced suspensions and stop work orders for some of our subcontracts. Additionally, the amendment to the U.S. National Defense Authorization Act (NDAA) was signed into law on December 23, 2022, and its provisions go into effect in December 2027. The NDAA amendment prohibits U.S. government agencies from buying semiconductor products or services manufactured by SMIC, YMTC, CXMT and any other entity that the U.S. government determines is owned, controlled, or connected to the government of a foreign country of concern (Prohibited Companies). Some of our products are manufactured at SMIC, and some of our suppliers buy products manufactured at YMTC. If we are unable to alternately source or manufacture certain of our products, or discontinue use of products from Prohibited Companies, if any, when the NDAA amendment goes into effect in December 2027, this could adversely impact our sales to U.S. government agencies and their prime customers. Although such actions have not yet had a material adverse impact on our business, there can be no assurance as to the future costs or implications of such actions. Sales into government projects are also subject to uncertainties related to monetary, regulatory, tax and trade policies implemented by current or future administrations or by the U.S. Congress. Delays, reductions in or terminations of government contracts or subcontracts, including those caused by any past or future shutdown of the U.S. federal government, could materially and adversely affect our operating results. If, in the future, the U.S. government fails to complete its annual budget process, provide for a continuing resolution to fund government operations or increase the federal debt limit, another federal government shutdown may occur, during which we may experience further delays, reductions in or terminations of government contracts or subcontracts, which could materially and adversely affect our operating results. While we generally function as a subcontractor in these type of transactions, further changes in U.S. government procurement regulations and practices, particularly surrounding initiatives to reduce costs or increase compliance obligations (such as the Cybersecurity Maturity Model Certification), may adversely impact the contracting environment, our ability to hire and retain employees, and our operating results. The U.S. government and its contractors may terminate their contracts with us at any time. Uncertainty in government spending and termination of contracts for government related projects could have a material adverse impact on the revenue from our government related business. Our contracts with U.S. governmental agencies or prime customers require us to comply with the contract terms, and governmental regulations, particularly for our facilities, systems and personnel that service such customers. To be awarded new contracts, we may be required to meet certain levels of the Cybersecurity Maturity Model Certifications that we may not meet, or may choose not to meet. We are also required to have facility 22 22 22 Table of Contents Table of Contents security clearances to perform classified contracts and to build and sell classified products for U.S. governmental agencies. These clearances are subject to the requirements and regulations including the National Industrial Security Program Operating Manual that governs the protection of classified information released or disclosed in connection with the performance of classified government contracts. Complying with these regulations, including audit requirements, requires that we devote significant resources to such matters in terms of training, personnel, information technology and facilities. The increased cost of compliance may adversely affect our operating results. Any failure to comply with these requirements and regulations may result in fines and penalties, or loss of current or future business including our ability to continue as a supplier to U.S. governmental agencies and its contractors and may materially and adversely affect our operating results.

As a result of our Microsemi acquisition, in May 2018, a significant portion of our sales are from or are derived from government agencies or customers who sell to U.S. government agencies. Such sales are subject to uncertainties regarding governmental spending levels, spending priorities, regulatory and policy changes. Future sales into U.S. government projects are subject to uncertain government appropriations and national defense policies and priorities, including the budgetary process, changes in the timing and spending priorities, the impact of any past or future government shutdowns, contract terminations or renegotiations, future sequestrations, changes in regulations that we must comply with to be eligible to accept new contracts, such as the Cybersecurity Maturity Model Certification requirements and mandatory vaccine requirements, or the impact of the COVID-19 pandemic. For example, in fiscal 2022, as a result of the COVID-19 pandemic, we experienced suspensions and stop work orders for some of our subcontracts. Additionally, the amendment to the U.S. National Defense Authorization Act (NDAA) was signed into law on December 23, 2022, and its provisions go into effect in December 2027. The NDAA amendment prohibits U.S. government agencies from buying semiconductor products or services manufactured by SMIC, YMTC, CXMT and any other entity that the U.S. government determines is owned, controlled, or connected to the government of a foreign country of concern (Prohibited Companies). Some of our products are manufactured at SMIC, and some of our suppliers buy products manufactured at YMTC. If we are unable to alternately source 21 21 21 Table of Contents Table of Contents or manufacture certain of our products, or discontinue use of products from Prohibited Companies, if any, when the NDAA amendment goes into effect in December 2027, this could adversely impact our sales to U.S. government agencies and their prime customers. Although such actions have not yet had a material adverse impact on our business, there can be no assurance as to the future costs or implications of such actions. Sales into government projects are also subject to uncertainties related to monetary, regulatory, tax and trade policies implemented by current or future administrations or by the U.S. Congress. In the past, Microsemi experienced delays and reductions in appropriations on programs that included its products. For example, in 2018 there were two federal government shutdowns. Further delays, reductions in or terminations of government contracts or subcontracts, including those caused by any past or future shutdown of the U.S. federal government, could materially and adversely affect our operating results. If the U.S. government fails to complete its annual budget process, provide for a continuing resolution to fund government operations or increase the federal debt limit, another federal government shutdown may occur, during which we may experience further delays, reductions in or terminations of government contracts or subcontracts, which could materially and adversely affect our operating results. While we generally function as a subcontractor in these type of transactions, further changes in U.S. government procurement regulations and practices, particularly surrounding initiatives to reduce costs or increase compliance obligations (such as the Cybersecurity Maturity Model Certification and mandatory vaccine requirements), may adversely impact the contracting environment, our ability to hire and retain employees, and our operating results. The U.S. government and its contractors may terminate their contracts with us at any time. For example, in 2014, the U.S. government terminated a $75 million contract with Microsemi. Uncertainty in government spending and termination of contracts for government related projects could have a material adverse impact on the revenue from our government related business. Our contracts with U.S. governmental agencies or prime customers require us to comply with the contract terms, and governmental regulations, particularly for our facilities, systems and personnel that service such customers. To be awarded new contracts, we may be required to meet certain levels of the Cybersecurity Maturity Model Certification that we may not meet, or choose to meet. Complying with these regulations, including audit requirements, requires that we devote significant resources to such matters in terms of training, personnel, information technology and facilities. Any failure to comply with these requirements may result in fines and penalties, or loss of current or future business, that may materially and adversely affect our operating results.

The current administration in the U.S. and administrations in other global jurisdictions in which we operate, have indicated support for significant legislative and policy changes in areas including but not limited to tax, trade, labor, and the environment. If implemented, these changes could increase our effective tax rate, decrease our revenue and increase our selling and/or manufacturing costs, which could have a material adverse effect on our business, results of operations or financial conditions. Changes in tax policy, trade regulations or other matters, and any uncertainty surrounding the scope or timing of such changes, could negatively impact the stock market, and reduce the trading price of our stock. For example, in February 2022, the U.S. began implementing widescale sanctions against Russia due to Russia's invasion of Ukraine. Sanctions against Belarus and certain Ukrainian regions were later implemented. Because the actions by Russia against Ukraine are in conflict with our Guiding Values, we chose to cease shipments into Russia and Belarus, and we will continue to comply with applicable U.S. sanctions regarding Ukraine. While sales of our products into these regions, and to customers that sell into these regions, have been negatively impacted, at this time, we have not experienced a material adverse impact on our revenue. Retaliatory acts by Russia in response to the sanctions could include cyber-attacks, sanctions, or other actions that could disrupt the economy. As a result of the foregoing risks or similar risks, the imposition of sanctions could have a material adverse effect on our business, results of operations or financial condition. New technology trends, such as AI, require us to keep pace with evolving regulations and industry standards. In the U.S., the EU, and China, there are various current and proposed regulatory frameworks relating to the use of AI in products and services. We expect that the legal and regulatory environment relating to emerging technologies such as AI will continue to develop and could increase the cost of doing business, and create compliance risks and potential liability, all of which may have a material adverse effect on our financial condition and results of operations.

The current administration in the U.S. and administrations in other global jurisdictions in which we operate, have indicated support for significant legislative and policy changes in areas including but not limited to tax, trade, labor, and the environment. If implemented, these changes could increase our effective tax rate, and increase our selling and/or manufacturing costs, which could have a material adverse effect on our business, results of operations or financial conditions. Changes in tax policy, trade regulations or other matters, and any uncertainty surrounding the scope or timing of such changes, could negatively impact the stock market, and reduce the trading price of our stock. For example, in February 2022, the U.S. began implementing widescale sanctions against Russia due to Russia's invasion of Ukraine. Sanctions against Belarus and certain Ukrainian regions were later implemented. Because the actions by Russia against Ukraine are in conflict with our Guiding Values, Microchip chose to cease shipments into Russia and Belarus, and we will continue to comply with applicable U.S. sanctions regarding Ukraine. While sales of our products into these regions, and to customers that sell into these regions, have been negatively impacted, at this time, we have not experienced a material adverse impact on our revenue. Retaliatory acts by Russia in response to the sanctions could include cyber attacks, sanctions, or other actions that could disrupt the economy. As a result of the foregoing risks or similar risks, the imposition of sanctions could have a material adverse effect on our business, results of operations or financial condition.

A significant portion of our sales involve export and import activities. Our U.S.-manufactured products or products based on U.S. technology or U.S. software are subject to laws and regulations that govern international trade, including but not limited to the Foreign Corrupt Practices Act, Export Administration Regulations (EAR), International Traffic in Arms Regulations and economic embargoes or trade sanctions against certain countries and parties, including those administered by the U.S. Departments of State, Commerce, and Treasury. Licenses or license exceptions are often required for the shipment of our products to certain countries. Our inability to timely obtain a license, for any reason, including a delay in license processing due to a federal government shutdown, or changes in government policies of approval or denial of licenses, could cause a delay in scheduled shipments which could have a material adverse impact on our revenue within the quarter of a shutdown, and in following quarters depending on the extent that license processing is delayed. Further, determination by a government that we have failed to comply with trade regulations or anti-bribery regulations can result in penalties which may include denial of export privileges, fines, penalties, and seizure of products, or loss of reputation, any of which could have a material adverse effect on our business, sales and earnings. A change in laws and regulations could restrict our ability to transfer product to previously permitted countries, customers, distributors or others. For example, in October 2022, the U.S. Commerce Department published a regulation that imposed restrictions on activities in or involving China, Hong Kong, and Macau related to advanced computing integrated circuits (ICs), advanced-node ICs, computer and other commodities that contain such ICs, certain semiconductor manufacturing items, and supercomputers. The regulation also expanded controls on transactions involving semiconductor manufacturing and semiconductor equipment manufacturing end-uses. Further, this regulation expanded the scope of foreign-produced items subject to license requirements under U.S. law and added 28 entities located in China to the U.S. Commerce Department Entity List. In November 2023, the U.S. Commerce Department added restrictions and export license requirements to end uses and product categories previously described in the October 2022 regulation. In addition, the U.S. Departments of Commerce, State, and Treasury have been adding parties to the restricted parties lists, and imposing prohibitions and export licensing requirements on transactions with them. The result is that there has been a slow-down in the processing of export license applications by the U.S. Government and an increased burden on us to conduct additional due diligence imposed by the October 2022 and November 2023 regulations, as well as by sanctions imposed on Russia for invading Ukraine. At this time, there has not been a material impact on our ability to obtain necessary licenses for exportation. A previous example occurred in fiscal 2020, when the U.S. Commerce Department effectively banned U.S. companies from selling products or transferring technology to certain Chinese companies, including 31 31 31 Table of Contents Table of Contents Huawei and their related companies worldwide. In fiscal 2020, the U.S. Federal Acquisition Regulation prohibited U.S. governmental agencies from buying equipment incorporating covered telecommunications equipment, as a substantial component or critical technology, where the technology came from certain Chinese companies. In July 2020, this was expanded to prohibit U.S. governmental agencies from entering into a contract with any company that uses covered telecommunications equipment whether or not the Chinese technology is related to the procurement. The EAR also effectively prohibits sales of items for a “military end use,” to a "military end-user," or for a "military intelligence" end-user, or end-use to certain countries, such as Belarus, Burma, Cambodia, Cuba, China, Iran, North Korea, Russia, Syria and Venezuela. Any of the foregoing changes to the regulatory requirements could adversely impact our operational costs due to the administrative impacts of complying with these regulations and may limit those with whom we conduct business. Any one or more of these sanctions, future sanctions, a change in laws or regulations, or a prohibition on shipment of our products or transfer of our technology to significant customers could have a material adverse effect on our business, financial condition and results of operations. The U.S. and other countries have levied tariffs and taxes on certain goods, implemented trade restrictions, and introduced national security protection policies. Trade tensions between the U.S. and China, have continued to escalate from 2018 to present, and include the U.S. increasing tariffs on Chinese origin goods and China increasing tariffs on U.S. origin goods. We took steps to mitigate the costs of these tariffs on our business by adjusting our operations and supply chain. Although these tariff increases did not result in a material adverse impact on our operating costs in fiscal 2019 or fiscal 2020, they did reduce demand for our products during fiscal 2019 and fiscal 2020. Increased tariffs on our customers' products could adversely impact their sales, and increased tariffs on our products in comparison to those of our competitors could each result in lower demand for our products. Further, governments may impose restrictions on the sale to certain customers of our products, or any applications containing our products. For example, the Chinese government announced restrictions relating to certain sales of products containing certain products made by Micron, and they may direct companies within China to purchase Chinese-made products. Similar restrictions on our products or the products of our customers or suppliers could negatively impact our business and financial results. It is also possible that evolving U.S. export controls may encourage non-U.S. governments to request that our customers purchase from companies not subject to U.S. export controls, thereby harming our business, market position, and financial results. Excessive export controls increase the risk of investing in U.S. advanced semiconductor products, because by the time a new product is ready for market, it may be subject to new unilateral export controls restricting its sale. At the same time, such controls may increase investment in foreign competitors, which would be less likely to be restricted by U.S. controls. Further changes in trade or national security protection policy, tariffs, additional taxes, restrictions on exports or other trade barriers, including those taken against the U.S. in retaliation for U.S. policies, may limit our ability to obtain equipment, components or raw materials (including rare earth minerals), limit our ability to produce products, increase our selling and/or manufacturing costs, decrease margins, reduce the competitiveness of our products, reduce our ability to sell products, or reduce our ability to have mergers and acquisitions approved by governmental agencies, any of which could have a material adverse effect on our business, results of operations or financial conditions.

A significant portion of our sales require export and import activities. Our U.S.-manufactured products or products based on U.S. technology or U.S. software are subject to laws and regulations that govern international trade, including but not limited to the Foreign Corrupt Practices Act, Export Administration Regulations (EAR), International Traffic in Arms Regulations and trade sanctions against embargoed countries and restricted parties, including those administered by the U.S. Departments of State, Commerce, and Treasury. Licenses or license exceptions are often required for the shipment of our products to certain countries. Our inability to timely obtain a license, for any reason, including a delay in license processing due to a federal government shutdown like that which occurred in 2018, or changes in government policies of approval or denial of licenses, could cause a delay in scheduled shipments which could have a material adverse impact on our revenue within the quarter of a shutdown, and in following quarters depending on the extent that license processing is delayed. Further, determination by a government that we have failed to comply with trade regulations or anti-bribery regulations can result in penalties which may include denial of export privileges, fines, penalties, and seizure of products, or loss of reputation, any of which could have a material adverse effect on our business, sales and earnings. A change in laws and regulations could restrict our ability to transfer product to previously permitted countries, customers, distributors or others. For example, in October 2022, the U.S. Commerce Department published an interim final rule entitled "Implementation of Additional Export Controls: Certain Advanced Computing and Semiconductor Manufacturing Items; Supercomputer and Semiconductor End Use; Entity List Modification." This regulation imposes restrictions on advanced computing integrated 28 28 28 Table of Contents Table of Contents circuits (ICs), computer commodities that contain such ICs, as well as on certain semiconductor manufacturing items, and expands controls on transactions involving items for supercomputer and semiconductor manufacturing end-uses. This rule, for example, expands the scope of foreign-produced items subject to license requirements for 28 existing entities on the Entity List that are located in China. An additional example occurred in April 2018, when the U.S. Commerce Department banned U.S. companies from selling products or transferring technology to ZTE, a Chinese company, and certain subsidiaries. This ban was lifted in July 2018. In fiscal 2020, the U.S. Commerce Department effectively banned U.S. companies from selling products or transferring technology to certain Chinese companies, including Huawei and their related companies worldwide. In fiscal 2020, the U.S. Federal Acquisition Regulation prohibited U.S. governmental agencies from buying equipment incorporating covered telecommunications equipment, as a substantial component or critical technology, where the technology came from certain Chinese companies. In July 2020, this was expanded to prohibit U.S. governmental agencies from entering into a contract with any company that uses covered telecommunications equipment whether or not the Chinese technology is related to the procurement. The EAR also effectively prohibits sales of items for a “military end use,” to a "military end-user," or for a "military intelligence" end-user, or end-use to certain countries, such as Belarus, Burma, Cambodia, Cuba, China, Iran, North Korea, Russia, Syria and Venezuela. Any of the foregoing changes could adversely impact our operational costs due to the administrative impacts of complying with these regulations and may limit those with whom we conduct business. Any one or more of these sanctions, future sanctions, a change in laws or regulations, or a prohibition on shipment of our products or transfer of our technology to significant customers could have a material adverse effect on our business, financial condition and results of operations. The U.S. and other countries have levied tariffs and taxes on certain goods, implemented trade restrictions, and introduced national security protection policies. Trade tensions between the U.S. and China, which escalated in 2018, have continued and include the U.S. increasing tariffs on Chinese origin goods and China increasing tariffs on U.S. origin goods. We took steps to mitigate the costs of these tariffs on our business by making adjustments in operations and supply. Although these tariff increases did not result in a material adverse impact on our operating costs in fiscal 2019 or fiscal 2020, they did reduce demand for our products during fiscal 2019 and fiscal 2020. Increased tariffs on our customers' products could adversely impact their sales, and increased tariffs on our products in comparison to those of our competitors could each result in lower demand for our products. Further changes in trade or national security protection policy, tariffs, additional taxes, restrictions on exports or other trade barriers, including those taken against the U.S. in retaliation for U.S. policies, may limit our ability to obtain equipment, components or raw materials (including rare earth minerals), limit our ability to produce products, increase our selling and/or manufacturing costs, decrease margins, reduce the competitiveness of our products, reduce our ability to sell products, or reduce our ability to have mergers and acquisitions approved by governmental agencies, any of which could have a material adverse effect on our business, results of operations or financial conditions.

We are subject to numerous laws and regulations in the U.S. and internationally regarding privacy, data protection and cybersecurity, such as the European Union’s (EU) General Data Protection Regulation (GDPR), the U.K. equivalent to the GDPR, the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). The scope of these laws and regulations is rapidly evolving, subject to differing interpretations, and may be inconsistent among jurisdictions. Some of these laws create a broad definition of personal information, establish data privacy rights, impose data breach notification requirements, and create potentially severe statutory damages or other remedial frameworks and private rights of action for certain data breaches. Some of the laws and regulations also place restrictions on our ability to collect, store, use, transmit and process personal information and other data across our business. For example, the GDPR restricts the ability of companies to transfer personal data from the European Economic Area (EEA) to the U.S. and other countries. Further, such laws and regulations have resulted and will continue to result in significantly greater compliance burdens and costs for companies such as us that have employees, customers, and operations in the EEA. We have relied mainly on the European Commission’s Standard Contractual Clauses (SCCs), for transfers of personal information from the EEA to the U.S. or other countries. However, the Court of Justice of the EU in a July 2020 decision (Schrems II) invalidated the EU-U.S. Privacy Shield Framework (Privacy Shield), and also called for stricter conditions in the use of the SCCs. Following the Schrems II decision, certain data protection authorities in the EU have issued statements advising companies within their jurisdiction not to transfer personal data to the U.S. under the SCCs. The EU and U.S. have established a successor framework to the Privacy Shield, the EU-U.S. Data Privacy Framework (EU-U.S. DPF), but it already has faced a legal challenge and may face additional legal challenges. If we are unable to implement sufficient safeguards to ensure that our transfers of personal information from the EEA are lawful, we may face increased exposure to regulatory actions and substantial fines and injunctions against processing personal information from the EEA. The loss of our ability to lawfully transfer personal data out of the EEA may cause reluctance or refusal by European customers to communicate with us as they are currently, and we may be required to increase our data processing capabilities in the EEA at significant expense. Additionally, other countries outside of the EEA have passed or are considering passing laws requiring local data residency which could increase the cost and complexity of providing our products in those jurisdictions. Furthermore, the GDPR and the U.K. equivalent of the GDPR expose us to two parallel data protection regimes in Europe, each of which potentially authorizes fines and enforcement actions for certain violations. Substantial fines may be imposed for breaches of data protection requirements, which can be up to 4% of a company’s worldwide revenue or 20 million Euros, whichever is greater, and classes of individuals or consumer protection organizations may initiate litigation related to our processing of their personal data. Although the U.K. data protection regime currently permits data transfers from the U.K. to the EEA and other third countries, covered by a European Commission 'adequacy decision' through the continued use of SCCs and binding corporate rules, these laws and regulations are subject to change, and any such changes could have adverse implications for our transfer of personal data from the U.K. to the EEA and other third countries. Additionally, the EU AI Act could impose onerous obligations that may disadvantage us and require us to change our business practices. In the U.S., federal, state, and local governments have enacted numerous laws and regulations relating to privacy, data protection, and cybersecurity. For example, California has enacted the CCPA, which creates new individual privacy rights for California consumers (as defined in the law) and places increased privacy and security obligations on entities handling personal data of consumers or households. The CPRA, which became operative January 1, 2023, expands the CCPA’s requirements, including applying to personal information of business representatives and employees and establishing a new regulatory agency to implement and enforce the law. Additionally, numerous other states have proposed or enacted laws addressing privacy and security, many of which impose obligations similar to those of the CCPA. The U.S. federal government 28 28 28 Table of Contents Table of Contents also is contemplating federal privacy legislation. The CCPA, CPRA, and other evolving legislation relating to privacy, data protection, and information security may impact our business activities and require us to modify our policies and practices. Other jurisdictions have enacted or are considering similar cross-border personal data transfer laws and local personal data residency laws, any of which would increase the cost and complexity of doing business and could result in fines from regulators. For example, China’s law imposes various requirements relating to data processing and data localization. Data broadly defined as important under China’s law, including personal data, may not be transferable outside of China without prior assessment and approval by the Cyberspace Administration of China (CAC). Compliance with these requirements, including CAC assessments and any deemed failures of such assessments, could cause us to incur liability, prevent us from using data collected in China or impact our ability to transfer data outside of China. The inability to import personal data to the U.S. could significantly and negatively impact our business operations, limit our ability to collaborate with parties that are subject to European, China and other data privacy and security laws, or require us to increase our personal data processing capabilities in Europe and/or elsewhere at significant expense. Some European regulators have prevented companies from transferring personal data out of Europe for allegedly violating the GDPR’s cross-border data transfer limitations, which could negatively impact our business. While we plan to continue to undertake efforts to conform to current legal and regulatory obligations and to account for relevant best practices, such efforts may be unsuccessful or result in significant costs. We may also experience reluctance, or refusal by European or multi-national customers to continue to provide us with personal data due to the potential risk exposure of personal data transfers and the current data protection obligations imposed on them by applicable data protection laws or by certain data protection authorities. These and any other laws relating to privacy or data protection and their interpretations continue to develop and their uncertainty and inconsistency may increase the cost of compliance, cause compliance challenges, restrict our ability to offer products in certain locations in the same way that we have been, and potentially adversely affect certain third-party service providers. Further, any actual or alleged failure by us or our service providers to comply with laws, regulations, or other actual or asserted obligations relating to privacy, data protection, or cybersecurity may subject us to claims, demands, and litigation, sanctions or fines by regulators, and other damages and liabilities. Any of the foregoing may harm our reputation and market position and otherwise could adversely affect our business, financial condition and results of operations.

We are subject to numerous laws and regulations in the U.S. and internationally regarding privacy and data protection such as the European Union’s (EU) General Data Protection Regulation (GDPR), the U.K. equivalent to the GDPR, the California Consumer Privacy Act, and the California Privacy Rights Act. The scope of these laws and regulations is rapidly evolving, subject to differing interpretations, and may be inconsistent among jurisdictions. Some of these laws create a broad definition of personal information, establish data privacy rights, impose data breach notification requirements, and create potentially severe statutory damages frameworks and private rights of action for certain data breaches. Some of the laws and regulations also place restrictions on our ability to collect, store, use, transmit and process personal information and other data across our business. For example, the GDPR restricts the ability of companies to transfer personal data from the European Economic Area (EEA) to the U.S. and other countries. Further, such laws and regulations have resulted and will continue to result in significantly greater compliance burdens and costs for companies such as us that have employees, customers, and operations in the EEA. In order to comply with the GDPR, we have relied mainly on the European Commission’s Standard Contractual Clauses (SCCs), for transfers of personal information from the EEA to the U.S. or other countries. However, the Court of Justice of the EU in a July 2020 decision (Schrems II) invalidated the EU-U.S. Privacy Shield Framework, and also called for stricter conditions in the use of the SCCs. Following the Schrems II decision, certain data protection authorities in the EU have issued statements advising companies within their jurisdiction not to transfer personal data to the U.S. under the SCCs. At present, there are few, if any, viable alternatives to the SCCs. If we are unable to implement sufficient safeguards to ensure that our transfers of personal information from the EEA are lawful, we may face increased exposure to regulatory actions and substantial fines and injunctions against processing personal information from the EEA. The loss of our ability to lawfully transfer personal data out of the EEA may cause reluctance or refusal by European customers to communicate with us as they are currently, and we may be required to increase our data processing capabilities in the EEA at significant expense. Additionally, other countries outside of the EEA have passed or are considering passing laws requiring local data residency which could increase the cost and complexity of providing our products in those jurisdictions. Furthermore, the GDPR and the U.K. equivalent of the GDPR expose us to two parallel data protection regimes in Europe, each of which potentially authorizes fines and enforcement actions for certain violations. Substantial fines may be imposed for breaches of data protection requirements, which can be up to 4% of a company’s worldwide revenue or 20 million Euros, whichever is greater. Although the U.K. data protection regime currently permits data transfers from the U.K. to the EEA and other third countries, covered by a European Commission 'adequacy decision' through the continued use of SCCs and binding corporate rules, these laws and regulations are subject to change, and any such changes could have adverse implications for our transfer of personal data from the U.K. to the EEA and other third countries. While we plan to continue to undertake efforts to conform to current regulatory obligations and evolving best practices, such efforts may be unsuccessful or result in significant costs. We may also experience reluctance, or refusal by European or multi-national customers to continue to provide us with personal data due to the potential risk exposure of personal data transfers and the current data protection obligations imposed on them by applicable data protection laws or by certain data protection authorities. These and any other data privacy laws and their interpretations continue to develop and their uncertainty and inconsistency may increase the cost of compliance, cause compliance challenges, restrict our ability to offer products in certain locations in the same way that we have been, potentially adversely affect certain third-party service 26 26 26 Table of Contents Table of Contents providers, or subject us to sanctions by data protection regulators, all of which could adversely affect our business, financial condition and results of operations.

We are a U.S.-based multinational company subject to tax in many U.S. and foreign jurisdictions. Our income tax obligations could be affected by many factors, including changes to our operating structure, intercompany arrangements and tax planning strategies. Our income tax expense is computed based on tax rates at the time of the respective financial period. Our future effective tax rates, financial condition and results from operations could be unfavorably affected by changes in the tax rates in jurisdictions where our income is earned, by changes in the tax rules and regulations, including those that align with the Organisation for Economic Co-operation and Development’s Base Erosion Profit Shifting recommendations, or the interpretation of tax rules and regulations in the jurisdictions in which we do business or by changes in the valuation of our deferred tax assets.

We are a U.S.-based multinational company subject to tax in many U.S. and foreign jurisdictions. Our income tax obligations could be affected by many factors, including changes to our operating structure, intercompany arrangements and tax planning strategies. Our income tax expense is computed based on tax rates at the time of the respective financial period. Our future effective tax rates, financial condition and results from operations could be unfavorably affected by changes in the tax rates in jurisdictions where our income is earned, by changes in the tax rules and regulations or the interpretation of tax rules and regulations in the jurisdictions in which we do business or by changes in the valuation of our deferred tax assets. For example, the Organization for Economic Cooperation and Development has been working on a Base Erosion and Profit Shifting Project and released an implementation package in December 2022 which provides a coordinated system to ensure that multinational enterprises pay a global minimum tax. The guidelines and proposals may change aspects of the existing framework under which our tax obligations are determined in many of the countries where we do business. Similarly, the 29 29 29 Table of Contents Table of Contents European Commission and several countries have issued proposals that would change aspects of the current tax framework under which we are taxed. These proposals include changes to the existing income tax framework, possibilities of a global minimum tax, and proposals to change or impose new types of non-income taxes, including taxes based on a percentage of revenue. In August 2022, the U.S. government enacted the Inflation Reduction Act of 2022 (Inflation Reduction Act). The Inflation Reduction Act includes a new corporate alternative minimum tax (Corporate AMT) of 15.0% on the adjusted financial statement income (AFSI) of corporations with average AFSI exceeding $1.00 billion over a three-year period. The Corporate AMT is effective for us beginning in fiscal 2024. We are evaluating the Corporate AMT and its potential impact on our tax expense, cash taxes, and effective tax rate.

We rely on the uninterrupted operation of complex IT systems and networks to operate our business. Any improper handling of confidential data, or significant disruption to our systems or networks, including, but not limited to, any that may relate to new system implementations, computer viruses, security breaches or incidents, cyber-attacks, ransom-style attacks, theft or tampering, inadvertent error, facility issues, natural disasters, terrorism, war, telecommunication failures or energy blackouts, security breaches or incidents in our customers’ or third-party providers’ networks, in third-party products we use, or in cloud-based services provided to, by, or enabled by us, or any perception any of the foregoing has occurred, could have a material adverse impact on our business, operations, supply chain, sales and operating results, result in regulatory inquiries, investigations or other proceedings against us, result in claims, demands and litigation against us, or damage our reputation. Such improper handling of confidential data, or system or network disruption, or any cyber-attack or other means of effectuating a security breach or incident, could result in loss, unavailability, an unauthorized release of, or other unauthorized use or processing of, personal data, or our suppliers’ or our customers’ intellectual property or confidential, proprietary or sensitive information. Any such matter, or any perception that it has occurred, could harm our business or competitive position, result in a loss of customer confidence, and cause us to incur significant costs to remedy the damages, and may result in regulatory investigations, inquiries or other proceedings, enforcement actions, remediation obligations, claims for damages, litigation, and fines, penalties, damages, other liabilities, and other sanctions. We have experienced and continue to experience verifiable attacks on our IT systems and data, including network compromises, attempts to breach our security measures and attempts to introduce malicious software into our IT systems. For example, in fiscal 2019, we learned of an ongoing compromise of our computer networks by what is believed to be sophisticated hackers. We engaged outside legal counsel and a leading forensic investigatory firm with experience in such 25 25 25 Table of Contents Table of Contents matters. We took steps to identify malicious activity on our network including a compromise of our network and, in May 2019, we began implementing a containment plan. We routinely evaluate the effectiveness of the containment mechanisms that were implemented and continue to implement additional measures. We analyzed the information that was compromised and we do not believe that this IT system compromise has had a material adverse effect on our business or resulted in any material damage to us. As a result of the IT system compromise, our management, including our chief executive officer and our chief financial officer, concluded that our internal controls related to IT system access were not effective resulting in a material weakness in our internal controls for fiscal 2019. Although this material weakness in our internal control was remediated in fiscal 2020, there can be no assurance that similar control issues will not be identified in future periods. Additionally, new information can develop that may impact our assessment of cyber events, including information learned as we develop and deploy mitigations. Due to the types of products we sell and the significant amount of sales we make to government agencies or customers whose principal sales are to U.S. government agencies, we have experienced and expect to continue to experience in the future, attacks on our IT systems and data, including attempts to breach our security, network compromises and attempts to introduce malicious software into our IT systems. Geopolitical events and tensions may increase these risks. Also, as AI continues to evolve, cyber-attackers could use AI to develop malicious code, sophisticated phishing attempts, and convincing deep fakes. A deep fake is a manipulation of our content or the voices or images of our leaders to maliciously publish false messages that appear to be authentic. Such messages may harm our reputation, which may in turn have an adverse impact on our revenue and profits, and reduce the trading price of our stock. A threat could also be introduced by our or our customers and business partners use of AI tools. The output of these tools may include threats such as introducing malicious code when AI generated source code is incorporated into products or systems. Were any future attacks to be successful, or through the unintentional introduction of security vulnerability due to AI usage, we may be unaware of the incident, its magnitude, or its effects until significant harm is done. More generally, we may face significant delays in identifying, remediating, and otherwise responding to any interruption, disruption, security breach or incident. In recent years, we have regularly implemented improvements to our protective measures that have included, but have not been limited to, implementation of the following: firewalls, endpoint intrusion detection and response software, regular patches, log monitors, event correlation tools, network segmentation, routine backups with offsite retention of storage media, system audits, dual factor identification, data partitioning, privileged account segregation and monitoring, routine password modifications, and an enhanced information security program including training classes and phishing exercises for employees and contractors with system access, along with tabletop exercises conducted by information security personnel. As a result of the material weakness in our internal controls resulting from the IT systems compromise in fiscal 2019, we have taken remediation actions and implemented additional controls and we are continuing to take actions to attempt to address evolving threats. However, our system improvements have not been fully effective in preventing attacks on our IT systems and data, including breaches of our security measures, and there can be no assurance that any future system improvements will be effective in preventing future cyber-attacks or disruptions, a ransom-style attack, or limiting the damage from any future cyber-attacks or disruptions. Our ability to recover from ransomware and other ransom-style attacks may be limited if our backups have been affected by the attack, or if restoring data from backups is delayed or not feasible. Our system improvements have resulted in increased costs to us and we may be required to dedicate additional expenditures and resources to making system improvements and otherwise addressing cybersecurity matters in the future, whether in response to any disruption, interruption, breach, incident or otherwise. Further any future improvements, attacks or disruptions could result in additional costs related to rebuilding our internal systems, defending litigation, complaints or other claims, providing notices to regulatory agencies or other third parties, responding to regulatory inquiries, actions or other proceedings, or paying damages, fines or penalties. Such attacks or disruptions could have a material adverse impact on our business, operations and financial results. Furthermore, our efforts to comply with evolving laws and regulations related to cybersecurity, such as the recently enacted SEC rules requiring disclosure of a material cybersecurity incident, may be costly and any actual or alleged failure to comply could result in investigations, proceedings, investor lawsuits and reputational damage. In addition, employees and former employees, in particular former employees who become employees of our competitors, customers, licensees, or other third parties, including state actors, have in the past and may in the future misappropriate, wrongfully use, publish, access, process or provide to our competitors, customers, licensees or other third parties, including state actors, our technology, intellectual property, or other proprietary or confidential information. This risk would be exacerbated to the extent our competitors for talent, particularly engineering talent, attempt to hire our employees. Similarly, we provide access to certain of our technology, intellectual property, and other proprietary or confidential information to our direct and indirect customers and licensees and certain of our consultants, who may wrongfully use such technology, intellectual property or information, or wrongfully disclose such technology, intellectual property or information to third parties, including our competitors or state actors. 26 26 26 Table of Contents Table of Contents Third-party service providers, such as wafer foundries, assembly and test contractors, distributors, credit card processors, and other vendors have access to portions of our and our customers' data. These service providers also face significant cybersecurity threats, and they may be subject to cyber-attacks, disruptions, and interruptions to their networks and systems, and otherwise may suffer from security breaches and incidents. Any such breach or incident, including any involving misappropriation, loss or other unauthorized processing of data maintained or otherwise processed by our third-party service providers, or any perception any of these has occurred, could negatively impact our business, operations and financial results, as well as our relationship with our customers. Our contracts may not contain limitations of liability, and even where they do, there can be no assurance that limitations of liability in our contracts are sufficient to protect us from liabilities, damages, or claims related to our cybersecurity practices or measures. We do not have insurance coverage specially for cybersecurity matters. Insurance coverage that we do have may not be adequate or sufficient to protect us from or to mitigate liabilities arising out of our cybersecurity practices or measures or otherwise relating to any cybersecurity breach or incident, and we cannot be sure that such coverage will continue to be available on commercially reasonable terms or at all, or that such coverage will pay future claims.

We rely on the uninterrupted operation of complex IT systems and networks to operate our business. Any improper handling of confidential data, or significant disruption to our systems or networks, including, but not limited to, new system implementations, computer viruses, security breaches, facility issues, natural disasters, terrorism, war, telecommunication failures or energy blackouts could have a material adverse impact on our business, operations, supply chain, sales and operating results. Such improper handling of confidential data, or system or network disruption, could result in an unauthorized release of our, our suppliers’ or our customers’ intellectual property or confidential, proprietary or sensitive information, or the release of personal data. Any release of such information or data could harm our business or competitive position, result in a loss of customer confidence, and cause us to incur significant costs to remedy the damages. In addition, any release of such information or data or the failure to properly manage the collection, handling, transfer or disposal of such information may result in regulatory inquiries or penalties, enforcement actions, remediation obligations, claims for damages, litigation, and other sanctions. We have experienced verifiable attacks on our IT systems and data, including network compromises, attempts to breach our security measures and attempts to introduce malicious software into our IT systems. For example, in fiscal 2019, we learned of an ongoing compromise of our computer networks by what is believed to be sophisticated hackers. We engaged outside legal counsel and a leading forensic investigatory firm with experience in such matters. We took steps to identify malicious activity on our network including a compromise of our network and, in May 2019, we began implementing a containment plan. We routinely evaluate the effectiveness of the containment mechanisms that were implemented and continue to implement additional measures. We have analyzed the information that was compromised. We do not believe that this IT system compromise has had a material adverse effect on our business or resulted in any material damage to us. As a result of the IT system compromise, our management, including our chief executive officer and our chief financial officer, concluded that our internal controls related to IT system access were not effective resulting in a material weakness in our internal controls for fiscal 2019. Although this material weakness in our internal control was remediated in fiscal 2020, there can be no assurance that similar control issues will not be identified in future periods. Due to the types of products we sell and the significant amount of sales we make to government agencies or customers whose principal sales are to U.S. government agencies, we have experienced and expect to continue to experience in the future, attacks on our IT systems and data, including attempts to breach our security, network compromises and attempts to introduce malicious software into our IT systems. Were any future attacks to be successful, we may be unaware of the incident, its magnitude, or its effects until significant harm is done. In recent years, we have regularly implemented improvements to our protective measures which include, but are not limited to, implementation of the following: firewalls, endpoint intrusion detection and response software, regular patches, log monitors, event correlation tools, network segmentation, routine backups with offsite retention of storage media, system audits, dual factor identification, data partitioning, privileged account segregation and monitoring, routine password modifications, and an enhanced information security program including training classes and phishing exercises for employees and contractors with system access, along with tabletop exercises conducted by information security personnel. As a result of the material weakness in our internal controls resulting from the IT systems compromise in fiscal 2019, we have taken remediation actions and implemented additional controls and we are continuing to take actions to attempt to address evolving threats. However, our system improvements have not been fully effective in preventing attacks on our IT systems and data, including breaches of our security measures, and there can be no assurance that any future system improvements will be effective in preventing future cyber-attacks or disruptions or limiting the damage from any future cyber-attacks or disruptions. Such system improvements have resulted in increased costs to us and any future improvements, attacks or disruptions could result in additional costs related to rebuilding our internal systems, defending litigation, complaints or other claims, providing notices to regulatory agencies or other third parties, responding to regulatory actions, or paying damages. Such attacks or disruptions could have a material adverse impact on our business, operations and financial results. Our products, or IP that we purchase or license from third parties for use in our products, as well as industry-standard specifications that we implement in our products, may be subject to security vulnerabilities. And, while some of our products contain encryption or security algorithms to protect third-party content or user-generated data stored on our products, these products could still be hacked or the encryption schemes could be compromised, breached, or circumvented by motivated and sophisticated attackers. Our products are being used in application areas that create new or increased cybersecurity, privacy or safety risks including applications that gather and process data, such as the cloud or Internet of Things, and automotive applications. We, our customers, and the users of our products may not promptly learn of or have the ability to 25 25 25 Table of Contents Table of Contents fully assess the magnitude or effects of a vulnerability, including the extent, if any, to which a vulnerability has been exploited. Security vulnerabilities and any limitations of, or adverse effects resulting from, mitigation techniques can adversely affect our results of operations, financial condition, sales, customer relationships, share price, prospects, and reputation in a number of ways, any of which may be material. Adverse publicity about security vulnerabilities or mitigations could damage our reputation with customers or users and reduce demand for our products and services. These effects may be greater to the extent that competing products are not susceptible to the same vulnerabilities or if vulnerabilities can be more effectively mitigated in competing products. Moreover, third parties can release information regarding potential vulnerabilities of our products before mitigations are available. This, in turn, could lead to attempted or successful exploits of vulnerabilities, adversely affect our ability to introduce mitigations, or otherwise harm our business and reputation. Third-party service providers, such as wafer foundries, assembly and test contractors, distributors, credit card processors and other vendors have access to portions of our and our customers' data. In the event that these service providers do not properly safeguard the data that they hold, security breaches and loss of data could result. Any such breach or loss of data by our third-party service providers could negatively impact our business, operations and financial results, as well as our relationship with our customers.

In fiscal 2023, we announced our intent to expand our production capacity in the U.S. While select investments are still being made, due to weak business conditions, in the fourth quarter of fiscal 2024, we paused most of our multi-year $800 million expansion and capital equipment investment plan at Fab 4 in Gresham, Oregon and paused our $880 million silicon carbide (SiC) and silicon production capacity expansion at Fab 5 in Colorado Springs, Colorado. These expansion projects subject us to a number of risks, including the following: •availability of necessary funding, which may include external sources; •ability to realize expected grants, investment tax credits, and other government incentives, including through the CHIPS Act and foreign, state, and local grants; •increases to our cost structure until new production is ramped to adequate scale; •sufficient customer demand to utilize our increased capacity; •slowing macroeconomic business conditions; •growth in our inventories; •ability to timely ramp production in a cost-effective manner; •potential changes in laws or provisions of grants, investment tax credits, and other government incentives; •availability of labor, services, equipment, and construction materials; •ability to complete construction as scheduled, and within budget; and •availability of the necessary workforce to support the expanded capacity. Investments in capital expenditures for our capacity expansion projects may not generate expected returns, or cash flows. Significant judgement is required to determine which capital investments will result in optimal returns, and we could invest in projects that are ultimately less profitable than those projects we do not select. Delays in commencement, completion and ramping of expanded production facilities, or failure to optimize our investment choices, or increased costs could significantly adversely impact our ability to realize expected returns on our capital expenditures. Changes in laws or rulemaking in jurisdictions where we have planned expansion may cause us to reconsider the location or size of such expansion plans. For example, Regulation 27, a recently adopted rule in Colorado requires companies to significantly reduce greenhouse gas emissions in a short timeframe. Because we have contractual obligations to certain customers to assess the impact that manufacturing process changes may have on the products that we provide to such customers, we have to take a measured approach when implementing changes to our facilities, manufacturing processes, and manufacturing inputs. We have designed our Colorado expansion plan to meet the requirements of Regulation 27. Further adverse impacts to our construction projects could negatively impact our ability to reduce costs or meet customer demand. If we do receive government incentives through the CHIPS Act, or through foreign, state, and local grants, the restrictions and operational requirements that are associated with such grants could add complexity to our operations and increase our costs. With regard to the CHIPS Act, we have signed a non-binding Preliminary Memorandum of Terms to receive a grant under the CHIPS Act for modernization and expansion of our Colorado Springs, Colorado facility and expansion of our Gresham, Oregon facilities. These preliminary terms are subject to a comprehensive due diligence process and continued negotiation and 19 19 19 Table of Contents Table of Contents review and ultimately may not result in us receiving CHIPS Act funding. Our failure to conclude definitive agreements for any reason and receive final awards could make it more difficult to meet the requirements of Regulation 27, and could create a negative perception or reputational concern with respect to us and our business. Any of the above factors could have a material adverse effect on our business, results of operations or financial condition.

We have announced our intent to expand our production capacity in the United States. In particular, we have continued our multi-year $800 million capacity expansion plan at Fab 4 in Gresham, Oregon and we plan to invest $880 million to expand our silicon carbide (SiC) and silicon production capacity, including the production of 8-inch wafers at Fab 5 in Colorado Springs, Colorado. These expansion projects subject us to a number of risks, including the following: •availability of necessary funding, which may include external sources; •ability to realize expected grants, investment tax credits, and other government incentives, including through the CHIPS Act and foreign, state, and local grants; •increases to our cost structure until new production is ramped to adequate scale; •sufficient customer demand to utilize our increased capacity; •ability to timely ramp production in a cost-effective manner; •potential changes in laws or provisions of grants, investment tax credits, and other government incentives; •availability of labor, services, equipment, and construction materials; •ability to complete construction as scheduled, and within budget; and •availability of the necessary workforce to support the expanded capacity. Investments in capital expenditures for our capacity expansion projects may not generate expected returns, or cash flows. Significant judgement is required to determine which capital investments will result in optimal returns, and we could invest in projects that are ultimately less profitable than those projects we do not select. Delays in completion and ramping of expanded production facilities, or failure to optimize our investment choices, could significantly impact our ability to realize expected returns on our capital expenditures. Further, adverse impacts to our construction projects could negatively impact our ability to reduce costs or meet customer demand. Any of the above factors could have a material adverse effect on our business, results of operations, or financial condition.

•interruptions in and unauthorized access to our IT systems and security breaches or incidents impacting our systems, or data that we or our service providers maintain or otherwise process; •exposure of our customers' business and proprietary confidential information due to security vulnerabilities of our products; •risks related to use of artificial intelligence (AI); •risks related to compliance with laws and regulations regarding privacy, data protection and cybersecurity; •risks related to legal proceedings, investigations or claims; •risks related to contractual relationships with our customers; and •protecting and enforcing our intellectual property rights.

•attacks on our IT systems, interruptions in our IT systems, our products or our improper handling of data; •risks related to compliance with privacy and data protection laws and regulations; •risks related to legal proceedings, investigations or claims; •risks related to contractual relationships with our customers; and •protecting and enforcing our intellectual property rights.

We must comply with federal, state, local and foreign governmental regulations related to the use, storage, emissions, discharge and disposal of hazardous substances used in our products and manufacturing processes, or that are the result of our manufacturing operations, such as greenhouse gases. We must also comply with rules and regulations regarding limiting greenhouse gas emissions, public reporting of environmental metrics such as greenhouse gas emissions and hazardous substances, and obtain third-party assurance of greenhouse gas reporting. Regulations could require us to change manufacturing processes, substitute materials which may cost more or be less available, obtain new permits and undertake 33 33 33 Table of Contents Table of Contents other costly activities. Our failure to comply, or the failure of entities that we have acquired over time to have complied, with regulations could result in significant fines, litigation or administrative actions by regulators or others, liability for clean-up, criminal and civil liabilities, import/export restrictions, reduction or suspension of production, cessation of operations or future liabilities. Restrictions on emissions could result in significant costs such as the need for additional equipment, higher energy costs, carbon taxes, and emission cap and trade programs, and could also result in reduction or suspension of production, or even cessation of operations. Such regulations have required us in the past, and could require us in the future, to incur significant expenses to comply with such regulations. Our failure to control the use of, or adequately restrict the discharge of, hazardous substances could not only impact the health of our employees, customers and communities in which we operate, but could also impact our ability to operate. Such failure could also restrict our ability to ship certain products to certain countries, require us to modify our products, shipping materials or logistics, or require us to incur other significant costs and expenses. Environmental laws continue to expand with a focus on reducing or eliminating hazardous substances in electronic products and shipping materials. Future environmental regulations could require us to close or reduce production at certain facilities, reengineer certain of our existing products and may prevent us or make it more expensive for us to manufacture, sell and ship our products. For example, in Colorado, Regulation 27 requires companies operating in Colorado to significantly reduce greenhouse gas emissions in a short timeframe. Because we have contractual obligations to certain customers to assess the impact that manufacturing process changes may have on the products that we provide to such customers, we have to take a measured approach when implementing changes to our facilities, manufacturing processes, and manufacturing inputs. We have designed our Colorado expansion plan to meet the requirements of Regulation 27 and some of this plan is dependent on CHIPS Act funding. If we do not receive CHIPS Act funding, or are unable to implement the necessary abatement plan, we may be required to limit our expansion plans in Colorado, ramp down our existing operations significantly or risk noncompliance with the rule. The magnitude of the penalties that may be imposed for non-compliance is not currently known but could include significant monetary penalties and orders to reduce or cease production. In March 2022, the SEC proposed a rule entitled Enhancement and Standardization of Climate-Related Disclosures for Investors which it then adopted March 6, 2024. However, on April 4, 2024, the SEC announced that it was delaying the implementation of the rule pending challenge in the U.S. Eighth Circuit Court. While the rule is not yet implemented, if it were to be implemented in its current form, we would incur significant additional costs of compliance due to the need for expanded data collection, analysis, and certification. Further, certain elements of the proposed rule, such as mandatory third-party verification of emissions, may be difficult to comply with in the proposed required timeframe as there may be an insufficient number of qualified third-party verification entities to meet demand. In addition, the number and complexity of laws and customer requirements focused on the energy efficiency of electronic products, the recycling of electronic products, the reduction of chemicals used in and to manufacture electronic products, and the reduction in the amount of packing materials and the increase in the required recycling of packing materials have expanded significantly. It may be difficult for us to timely comply with these laws and we may have insufficient quantities of compliant products to meet customers' needs, thereby adversely impacting our sales and profitability. We may have to write off inventory if we hold unsaleable inventory as a result of changes to regulations. We expect these risks to continue. These requirements may increase our own costs, as well as those passed on to us by our supply chain.

We must comply with federal, state, local and foreign governmental regulations related to the use, storage, discharge and disposal of hazardous substances used in our products and manufacturing processes. Our failure to comply, or the failure of entities that we have acquired over time to have complied, with regulations could result in significant fines, liability for clean-up, suspension of production, cessation of operations or future liabilities. Such regulations have required us in the past, and could require us in the future, to incur significant expenses to comply with such regulations. Our failure to control the use of, or adequately restrict the discharge of, hazardous substances could impact the health of our employees and others and could impact our ability to operate. Such failure could also restrict our ability to ship certain products to certain countries, require us to modify our logistics, or require us to incur other significant costs and expenses. Environmental laws continue to expand with a focus on reducing or eliminating hazardous substances in electronic products and shipping materials. Future environmental regulations could require us to reengineer certain of our existing products and may make it more expensive for us to manufacture, sell and ship our products. In addition, the number and complexity of laws focused on the energy efficiency of electronic products, the recycling of electronic products, and the reduction in the amount and the recycling of packing materials have expanded significantly. It may be difficult for us to timely comply with these laws and we may have insufficient quantities of compliant products to meet customers' needs, thereby adversely impacting our sales and profitability. We may have to write off inventory if we hold unsaleable inventory as a result of changes to regulations. We expect these risks to continue. These requirements may increase our own costs, as well as those passed on to us by our supply chain.

Our ability to obtain patents, licenses and other intellectual property rights covering our products and manufacturing processes is important for our success. To that end, we have acquired certain patents and licenses and intend to continue to seek patents on our technology and manufacturing processes. The process of seeking patent protection can be expensive, and patents may not be issued from currently pending or future applications. In addition, our existing and new patents, trademarks and copyrights that are issued may not have sufficient scope or strength to provide meaningful protection or commercial advantage to us. We may be subject to, or may initiate, interference proceedings in the U.S. Patent and Trademark Office, patent offices of a foreign country or U.S. or foreign courts, which can require significant financial resources. In addition, the laws of certain foreign countries do not protect our intellectual property rights to the same extent as the laws of the U.S. Infringement of our intellectual property rights by a third-party could result in harm to our competitive position, uncompensated lost market and revenue opportunities for us. Although we continue to aggressively defend and 30 30 30 Table of Contents Table of Contents protect our intellectual property on a worldwide basis, there can be no assurance that we will be successful. Certain of our software, as well as that of our customers, may be derived from “open source” software that is generally made available to the public by its authors. Open source software licenses impose certain obligations on us in the event we were to distribute derivative works of the open source software. These obligations may require us to make source code for the derivative works available to the public and/or license such derivative works under a particular type of license, rather than the forms of license we customarily use to protect our intellectual property. While we believe we have complied with our obligations under the various applicable licenses for open source software, in the event that the copyright holder of any open source software were to legally establish that we had not complied with the terms of a license for a particular work, we could be required to release the source code of that work to the public and/or stop distribution of that work if the license is terminated which could adversely impact our business and results of operations. Governments and courts are considering new issues in intellectual property law with respect to works created by AI technology, which could result in changing and inconsistent intellectual property rights in development processes, procedures and technologies we create with AI technology, which could have a material adverse effect on our business.

Our ability to obtain patents, licenses and other intellectual property rights covering our products and manufacturing processes is important for our success. To that end, we have acquired certain patents and licenses and intend to continue to seek patents on our technology and manufacturing processes. The process of seeking patent protection can be expensive, and patents may not be issued from currently pending or future applications. In addition, our existing and new patents, trademarks and copyrights that are issued may not have sufficient scope or strength to provide meaningful protection or commercial advantage to us. We may be subject to, or may initiate, interference proceedings in the U.S. Patent and Trademark Office, patent offices of a foreign country or U.S. or foreign courts, which can require significant financial resources. In addition, the laws of certain foreign countries do not protect our intellectual property rights to the same extent as the laws of the U.S. Infringement of our intellectual property rights by a third-party could result in uncompensated lost market and revenue opportunities for us. Although we continue to aggressively defend and protect our intellectual property on a worldwide basis, there can be no assurance that we will be successful.

In recent years, there has been an increased focus on corporate responsibility matters, including greenhouse gas emissions and climate-related risks, renewable energy, water stewardship, waste management, data privacy, cybersecurity, trade controls, diversity, equality and inclusion, responsible sourcing and supply chain, use of products for illegal or unethical purposes, human rights, and social responsibility. We are committed to corporate responsibility and actively manage these issues including through our guiding values and our internal policies. As an example, since we do not support the actions of Russia against Ukraine, in March 2022 we stopped selling products to customers and distributors located in Russia and Belarus. However, we have been made aware that there are entities in Russia that indirectly obtained our products after March 2022 despite the preventative measures we took and continue to take. Though we continue to improve our processes and procedures to prevent the unauthorized flow of our products, our actions have not been fully successful. We operate in an extensive, ever-changing global supply chain, an expectation of complete traceability of standard semiconductor products to every end use and prevention of product misuse and diversion is unachievable. Thus, despite our efforts, our products may be used for illegal or objectionable applications and third parties may engage in conduct that we do not support or condone. Also, we have publicly announced environmental goals including those related to greenhouse gas emissions reduction, achieving net zero carbon emissions and renewable energy usage, which we may refine or expand further in the future. These goals reflect our current plans and aspirations, and are not guarantees that we will be able to achieve them. These goals could expose us to heightened scrutiny and financial, legal, reputational, operational, compliance, and other risks, including lost customer opportunities, which could negatively impact us. Further, any failure to set or achieve corporate responsibility initiatives that meet our stakeholders' evolving expectations could also negatively impact us. In addition, we are or expect to become subject to various new or proposed climate-related and other sustainability laws and regulations, including, for example, the state of California's new climate change disclosure requirements, the EU's new Corporate Sustainability Reporting Directive and climate-change disclosure requirements from the SEC. Compliance with such laws and regulations, as well as the overall increased focus and scrutiny from the SEC and other regulators, investors, customers, vendors, employees, and other stakeholders concerning ESG and climate matters, could impose additional costs on us and expose us to new risks, including resulting in changes to our current ESG goals. Evolving stakeholder expectations, voluntary and required reporting regimes that are not harmonized and continue to change, and our efforts to manage these issues, report on them, and accomplish our goals, present numerous operational, regulatory, reputational, financial, legal, and other risks, any of which could have a material adverse impact, including on our reputation and stock price. It is also possible that government, customers, investors and other stakeholders might not be satisfied with our policies, programs, goals, performance and related disclosures, or the speed of their adoption, 35 35 35 Table of Contents Table of Contents implementation and measurable success, or that we have adopted such policies, programs and commitments. Such risks and uncertainties include: •reputational harm, including damage to our relationship with customers, supplies, investors, governments, or other stakeholders; •we may lose customers who choose not to do business with us, or we may choose to discontinue or restrict business with certain customers due to our policies; •liabilities or penalties associated with inadequate processes to collect, audit, or disclose information; •adverse impacts on our ability to sell and manufacture products; •increased risk of litigation, investigations, or regulatory enforcement action; •unfavorable ESG ratings or investor sentiment; •diversion of resources and increased costs to control, assess, and report on ESG metrics; •our ability to achieve our goals within announced timeframes; •increased costs and resources to monitor, report and achieve our goals; •unforeseen operational and technological difficulties; •access to and increased cost of capital; and •adverse impacts on our stock price. Any failure, or perceived failure, to meet evolving stakeholder expectations or industry standards, or achieve our corporate responsibility goals could have an adverse effect on our business, results of operations, financial condition, reputation, or stock price.

In recent years, there has been an increased focus on ESG matters, including greenhouse gas emissions and climate-related risks, renewable energy, water stewardship, waste management, diversity, equality and inclusion, responsible sourcing and supply chain, human rights, and social responsibility. We are committed to ESG and actively manage these issues. We have publicly announced certain goals, which we may refine or expand further in the future. These goals reflect our current plans and aspirations, and are not guarantees that we will be able to achieve them. Evolving stakeholder expectations, and our efforts to manage these issues, report on them, and accomplish our goals, present numerous operational, regulatory, reputational, financial, legal, and other risks, any of which could have a material adverse impact, including on our reputation and stock price. Such risks and uncertainties include: •reputational harm, including damage to our relationship with customers, supplies, investors, governments, or other stakeholders; •adverse impacts on our ability to sell and manufacture products; •increased risk of litigation, investigations, or regulatory enforcement action; •unfavorable ESG ratings or investor sentiment; •diversion of resources and increased costs to control, assess, and report on ESG metrics; •our ability to achieve our goals within announced timeframes; •increased costs to achieve our goals; •unforeseen operational and technological difficulties; •access to and increased cost of capital; and •adverse impacts on our stock price. Any failure, or perceived failure, to meet evolving expectations and industry standards, or achieve our ESG goals could 31 31 31 Table of Contents Table of Contents have an adverse effect on our business, results of operations, financial condition, or stock price.

As of March 31, 2024, the principal amount of our outstanding indebtedness was $6.02 billion. At March 31, 2024, we had no outstanding borrowings under our Revolving Credit Facility which provides up to $2.75 billion of revolving loan commitments that terminate in 2026, $750.0 million in outstanding borrowings under our 2025 Term Loan Facility, and $1.36 billion in outstanding principal amount of our Commercial Paper. At March 31, 2024, we had $3.20 billion in aggregate principal amount of Senior Notes and $710.2 million in aggregate principal of Convertible Debt outstanding. With respect to such balance of Senior Notes, our 0.983% 2024 Notes in the principal amount of $1.00 billion mature on September 1, 2024, and we intend to finance the repayment of such notes using available borrowings under our Revolving Credit Facility or our Commercial Paper program or by issuing senior notes or convertible debt. Since interest rates have increased significantly since we issued our 0.983% 2024 Notes, we expect our interest expense will increase as a result of the refinancing of such notes. Also, if we refinance such fixed rate notes with variable rate debt, changes in interest rates will have a more significant impact on our interest expense in future periods. There can be no assurance that we will be able to refinance our current or future debt on reasonable terms, if at all.

As of March 31, 2023, the principal amount of our outstanding indebtedness was $6.47 billion. As a result of our acquisition of Microsemi, we have substantially more debt than we had prior to May 2018. At March 31, 2023, we had $100.0 million in outstanding borrowings under our Revolving Credit Facility which provides up to $2.75 billion of revolving loan commitments that terminate in 2026. At March 31, 2023, we had $5.60 billion in aggregate principal amount of Senior Notes and $766.6 million in aggregate principal of Convertible Debt outstanding. Our maintenance of substantial levels of debt could adversely affect our ability to take advantage of opportunities and could adversely affect our financial condition and results of operations. We may need or desire to refinance our current or future debt and there can be no assurance that we will be able to do so on reasonable terms, if at all. 32 32 32 Table of Contents Table of Contents

Voluntary actions we may take or have taken as part of our ESG initiatives could require us to limit emissions, change manufacturing processes, substitute materials which may cost more or be less available, fund offset projects, or undertake other costly activities. Voluntary restrictions on emissions could result in significant costs such as the need for additional equipment, higher energy costs, carbon taxes, and emission cap and trade programs. The cost of compliance with such voluntary efforts could restrict our manufacturing operations, increase our costs, and have an adverse effect on our operating results. Sustained adverse changes in climate could have a direct adverse economic impact on us due to the effects of extreme weather and climate events on our production facilities, our supply chain and customers. Utility shortages, higher costs of utilities, and reduced availability of water could disrupt our operations as well as those of our customers and suppliers. Certain of our operations are located in arid or tropical regions, which some experts believe may become vulnerable to more frequent fires, storms, severe floods and droughts. While our business recovery plans are intended to allow us to recover from natural disasters or other disruptive events, our plans may not protect us from all events. 34 34 34 Table of Contents Table of Contents

Climate change regulations or voluntary actions we may have taken as part of our Environmental, Social, and Governance initiatives could require us to limit emissions, change manufacturing processes, substitute materials which may cost more or be less available, fund offset projects, obtain new permits or undertake other costly activities. Failure to obtain required permits could result in fines, suspension or cessation of production. Restrictions on emissions could result in significant costs such as higher energy costs, carbon taxes, and emission cap and trade programs. The cost of compliance with such regulations could restrict our manufacturing operations, increase our costs, and have an adverse effect on our operating results. In March 2022, the SEC proposed a rule entitled Enhancement and Standardization of Climate-Related Disclosures for Investors. While the proposed rule is not yet in effect and is subject to change as a result of the SEC comment process, if it 30 30 30 Table of Contents Table of Contents were to go in effect in its current form, we would incur significant additional costs of compliance due to the need for expanded data collection, analysis, and certification. Further, certain elements of the proposed rule, such as mandatory third-party verification of emissions, may be difficult to comply with in the proposed required timeframe as there may be an insufficient number of qualified third-party verification entities to meet demand. Sustained adverse change in climate could have a direct adverse economic impact on us, such as utility shortages, and higher costs of utilities. Certain of our operations are located in arid or tropical regions, which some experts believe may become vulnerable to fires, storms, severe floods and droughts. While our business recovery plans are intended to allow us to recover from natural disasters or other disruptive events, our plans may not protect us from all events.

We are subject to examination of our U.S. and certain foreign income tax returns for fiscal 2007 and later. We regularly assess the likelihood of adverse outcomes of these examinations to determine the adequacy of our provision for income taxes and have reserved for potential adjustments that may result from current or future examinations. There can be no assurance that the final determination of any of these or any future examinations will not have an adverse effect on our effective tax rates, financial position and results of operations. In September 2021, we received a Statutory Notice of Deficiency (2007 to 2012 Notice) from the United States Internal Revenue Service (IRS) for fiscal 2007 through fiscal 2012. The disputed amounts largely relate to transfer pricing matters. In December 2021, we filed a petition in the U.S. Tax Court challenging the 2007 to 2012 Notice. In September 2023, we received a Revenue Agent Report (RAR) from the IRS for fiscal 2013 and fiscal 2016. In October 2023, we received a Statutory Notice of Deficiency (2014 to 2015 Notice) from the IRS for fiscal 2014 and fiscal 2015. The disputed amounts for fiscal 2013 to fiscal 2016 largely relate to transfer pricing matters. In December 2023, we filed a petition in the U.S. Tax Court challenging the 2014 to 2015 Notice. In May 2023, we received a proposed income adjustment from the Malaysian Inland Revenue Board (IRB) for fiscal 2020. In December 2023, we received a Notice of Assessment from the IRB asserting the same proposed income adjustment. If the adjustment is upheld by the highest court that has jurisdiction over this matter in Malaysia, it could result in income taxes and penalties up to $410.0 million. The disputed amounts largely relate to the characterization of certain assets. Depending on 32 32 32 Table of Contents Table of Contents the outcome of the IRB audit, we may need to adjudicate this matter in Malaysia, and if we do, we may be required to pay the assessment and then, upon a series of favorable court rulings, request a refund of the amount. The timing of adjudicating this matter is uncertain but could commence in the next 12 months. The ultimate outcome of disputes of this nature is uncertain, and if the IRS and IRB were to prevail on their assertions, the assessed tax, penalties, and deficiency interest could have a material adverse impact on our financial position, results of operations or cash flows.

We are subject to examination of our U.S. and certain foreign income tax returns for fiscal 2007 and later. We regularly assess the likelihood of adverse outcomes of these examinations to determine the adequacy of our provision for income taxes and have reserved for potential adjustments that may result from current or future examinations. There can be no assurance that the final determination of any of these or any future examinations will not have an adverse effect on our effective tax rates, financial position and results of operations.