SHW: 10-K Risk Factor Changes

Net sales of our consolidated foreign subsidiaries totaled approximately 19.2%, 19.2% and 19.4% of our total consolidated Net sales in 2024, 2023 and 2022, respectively. Sales outside of the United States make up a significant part of our current business and future strategic plans. Our results of operations, cash flow, liquidity or financial condition have in the past and could in the future be adversely affected by a variety of domestic and international factors, including general economic conditions, political instability, inflation rates, recessions, sanctions, tariffs, foreign currency exchange rates, foreign currency exchange controls, interest rates, foreign investment and repatriation restrictions, legal and regulatory constraints, civil unrest, armed conflicts and wars (including the ongoing conflict between Russia and Ukraine and Israel and Hamas), difficulties in staffing and managing foreign operations and other economic and political factors. In addition, public health crises in foreign jurisdictions may temporarily reduce the demand for some of our products and adversely affect the availability and cost of raw materials. Our inability to successfully manage the risks and uncertainties relating to any of these factors could adversely affect our results of operations, cash flow, liquidity or financial condition. In many foreign countries, it is not uncommon for others to engage in certain business practices we are prohibited from engaging in because of regulations applicable to us, such as the Foreign Corrupt Practices Act and the UK Bribery Act. Recent years have seen a substantial increase in anti-bribery law enforcement activity, with more frequent and aggressive investigations and enforcement proceedings by both U.S. and non-U.S. regulators, and an increase in criminal and civil proceedings brought against companies and individuals. Although we have internal control policies and procedures designed to promote compliance with these regulations, there can be no assurance our policies and procedures will prevent a violation of these regulations. Any violation could cause an adverse effect on our results of operations, cash flow or financial condition.

Net sales of our consolidated foreign subsidiaries totaled approximately 19.2%, 19.4% and 21.2% of our total consolidated Net sales in 2023, 2022 and 2021, respectively. Sales outside of the United States make up a significant part of our current business and future strategic plans. Our results of operations, cash flow, liquidity or financial condition could be adversely affected by a variety of domestic and international factors, including general economic conditions, political instability, inflation rates, recessions, sanctions, tariffs, foreign currency exchange rates, foreign currency exchange controls, interest rates, foreign investment and repatriation restrictions, legal and regulatory constraints, civil unrest, armed conflicts and wars (including the ongoing conflict between Russia and Ukraine and the Israel-Hamas war), difficulties in staffing and managing foreign operations and other economic and political factors. In addition, public health crises in foreign jurisdictions may temporarily reduce the demand for some of our products and adversely affect the availability and cost of raw materials. Our inability to successfully manage the risks and uncertainties relating to any of these factors could adversely affect our results of operations, cash flow, liquidity or financial condition. In many foreign countries, it is not uncommon for others to engage in certain business practices we are prohibited from engaging in because of regulations applicable to us, such as the Foreign Corrupt Practices Act and the UK Bribery Act. Recent years have seen a substantial increase in anti-bribery law enforcement activity, with more frequent and aggressive investigations and enforcement proceedings by both U.S. and non-U.S. regulators, and an increase in criminal and civil proceedings brought against companies and individuals. Although we have internal control policies and procedures designed to promote compliance with these regulations, there can be no assurance our policies and procedures will prevent a violation of these regulations. Any violation could cause an adverse effect on our results of operations, cash flow or financial condition.

We operate all over the world serving customers in more than 120 countries. Our business, operations and business plans and strategies are sensitive to global and regional business and economic conditions. Adverse changes in such conditions in the United States and worldwide have in the past impacted and may in the future reduce the demand for some of our products, adversely impact our ability to predict and meet any future changes in the demand for our products and impair the ability of those with whom we do business to satisfy their obligations to us, each of which could adversely affect our results of operations, cash flow, liquidity or financial condition. Changes in inflation rates, interest rates, tax rates, unemployment rates, labor costs, healthcare costs, recessionary conditions, geopolitical conditions, governmental policies, laws and regulations (including import and export requirements such as new or increased tariffs, sanctions, quotas or trade barriers), business disruptions due to cybersecurity incidents, terrorist activity, armed conflicts and wars (including the ongoing conflict between Russia and Ukraine and Israel and Hamas), public health crises, pandemics, outbreaks of disease, catastrophic events, adverse weather conditions or natural disasters (including those that may be related to climate change or otherwise), supply chain disruptions (including those caused by industry capacity constraints, labor shortages, raw material availability and transportation and logistics delays and constraints) and other economic factors have in the past and could in the future adversely affect demand for some of our products, our ability to predict and meet any future changes in the demand for our products, the availability, delivery or cost of raw materials, our ability to adequately staff and maintain operations at affected facilities and our results of operations, cash flow, liquidity or financial condition and that of our customers, vendors and suppliers. In particular, high levels of ongoing global inflation have impacted consumer and manufacturing behavior in recent years. We expect inflationary pressure to continue to impact consumer and manufacturing customer behavior during 2025, including in the United States housing market as a result of elevated mortgage rates and in global industrial markets as a result of softer demand. Such impacts could adversely affect the demand for some of our products and our results of operations, cash flow, liquidity or financial condition. In addition, market uncertainty and volatility in various geographies have been magnified as a result of potential shifts in U.S. and foreign trade, economic and other policies following the 2024 U.S. presidential and congressional elections, and any such actual shifts, including price increases on certain raw materials, or changes in the availability of, or tariffs on certain imported raw materials, could adversely impact our results of operations, cash flow, liquidity or financial condition.

We operate all over the world serving customers in more than 120 countries. Our business, operations, and business plans and strategies are sensitive to global and regional business and economic conditions. Adverse changes in such conditions in the United States and worldwide have in the past impacted and may in the future reduce the demand for some of our products, adversely impact our ability to predict and meet any future changes in the demand for our products, and impair the ability of those with whom we do business to satisfy their obligations to us, each of which could adversely affect our results of operations, cash flow, liquidity or financial condition. Changes in inflation rates, interest rates, tax rates, unemployment rates, labor costs, healthcare costs, recessionary conditions, geopolitical conditions, governmental policies, laws and regulations, business disruptions due to cybersecurity incidents, terrorist activity, armed conflicts and wars (including the ongoing conflict between Russia and Ukraine and the Israel-Hamas war), public health crises, pandemics, outbreaks of disease, catastrophic events, adverse weather conditions or natural disasters (including those that may be related to climate change or otherwise), supply chain disruptions (including those caused by industry capacity constraints, labor shortages, raw material availability, and transportation and logistics delays and constraints), and other economic factors have in the past and could in the future adversely affect demand for some of our products, our ability to predict and meet any future changes in the demand for our products, the availability, delivery or cost of raw materials, our ability to adequately staff and maintain operations at affected facilities and our results of operations, cash flow, liquidity or financial condition and that of our customers, vendors and suppliers. With respect to inflation in particular, high levels of inflation impacted consumer behavior in 2023. We expect inflationary pressure to continue to impact consumer and manufacturing customer behavior during 2024, including in the United States housing market as a result of elevated mortgage rates and in global industrial markets as a result of softer demand. Any such shift in consumer and manufacturing customer behavior could adversely affect the demand for some of our products and our results of operations, cash flow, liquidity or financial condition.

Our operations are subject to various domestic and foreign health, safety and environmental laws, regulations and requirements, including those related to climate change, producer responsibility and chemicals registration and management. These laws, regulations and requirements not only govern our current operations and products, but also may impose potential liability on us for our past operations. Global focus on climate change and chemical use and management may result in the imposition of new or additional regulations or requirements applicable to, and new or additional financial and transition risks for, our business and industry. A number of government authorities and agencies have introduced, or are contemplating, regulatory changes to address climate change, including the regulation and disclosure of greenhouse gas emissions and the management and use of chemicals in operations and products. For example, the European Union Corporate Sustainability Reporting Directive requires that we make expansive disclosures on various environmental- and social-related topics. Similarly, California has enacted legislation that will require broad disclosures, including of greenhouse gas emissions. Chemicals we use in our products, packaging and operations may be restricted or prohibited by initiatives to address new and existing chemicals under current laws and regulations or by emerging laws and regulations in domestic and foreign jurisdictions. The outcome of new and emerging legislation or regulation in the U.S., European Union and other jurisdictions in which we operate may result in fees or restrictions on certain activities or materials (including changes to our products or product packaging) and new or additional requirements, including to fund energy efficiency activities or renewable energy use and to disclose information regarding our greenhouse gas emissions performance, renewable energy usage and efficiency, waste generation and recycling rates, climate-related risks, opportunities and oversight and related strategies and initiatives across our global operations. Compliance with these climate change, chemical management and other initiatives has in the past and may in the future result in additional costs to us, including, among other things, increased production costs, additional taxes, additional investments in renewable energy use and other initiatives, reduced emission allowances, additional restrictions on production or operations and increased costs associated with reporting and data assurance. They may also require us to alter the contents our products and/or product packaging, which may 14 14 14 Table of Contents Table of Contents alter the performance and profitability of such products and packaging. We may not be able to timely recover the cost of compliance with such new or more stringent laws and regulations, which could adversely affect our results of operations, cash flow or financial condition. Despite our efforts to timely comply with such initiatives, implement measures to improve our operations and execute on our related strategies and initiatives, any actual or perceived failure to comply with new or additional requirements or meet stakeholder expectations with respect to the impacts of our operations on the environment or on our customers or employees and related strategies and initiatives may result in adverse publicity, increased litigation risk and adversely affect our business and reputation, which could adversely impact our results of operations, cash flow and financial condition. We expect health, safety and additional environmental laws, regulations and requirements to continue to evolve and to be applied with increasing stringency on our industry. Our costs to comply with these laws, regulations and requirements may increase as they become more stringent in the future, and these increased costs may adversely affect our results of operations, cash flow or financial condition.

Our operations are subject to various domestic and foreign health, safety and environmental laws, regulations and requirements, including those related to climate change and chemicals registration and management. These laws, regulations and requirements not only govern our current operations and products, but also may impose potential liability on us for our past operations. Increased global focus on climate change may result in the imposition of new or additional regulations or requirements applicable to, and increased financial and transition risks for, our business and industry. A number of government authorities and agencies have introduced, or are contemplating, regulatory changes to address climate change, including the regulation and disclosure of greenhouse gas emissions. The outcome of new legislation or regulation in the U.S. and other jurisdictions in which we operate may result in fees or restrictions on certain activities or materials and new or additional requirements, including to fund energy efficiency activities or renewable energy use and to disclose information regarding our greenhouse gas emissions performance, renewable energy usage and efficiency, waste generation and recycling rates, climate-related risks, opportunities and oversight and related strategies and initiatives across our global operations. Compliance with these climate change initiatives may also result in additional costs to us, including, among other things, increased production costs, additional taxes, additional investments in renewable energy use and other initiatives, reduced emission allowances or additional restrictions on production or operations. We may not be able to timely recover the cost of compliance with such new or more stringent laws and regulations, which could adversely affect our results of operations, cash flow or financial condition. Despite our efforts to timely comply with climate change initiatives, implement measures to improve our operations and execute on our related strategies and initiatives, any actual or perceived failure to comply with new or additional requirements or meet stakeholder expectations with respect to the impacts of our operations on the environment and related strategies and initiatives may result in adverse publicity, increased litigation risk, and adversely affect our business and reputation, which could adversely impact our results of operations, cash flow and financial condition. We expect health, safety and additional environmental laws, regulations and requirements to be increasingly stringent upon our industry in the future. Our costs to comply with these laws, regulations and requirements may increase as they become more stringent in the future, and these increased costs may adversely affect our results of operations, cash flow or financial condition.

Our continued success depends in part on our ability to identify, attract and onboard qualified candidates with the requisite education, background, skills and experience and our ability to retain, develop, progress and engage qualified employees across our business, including our stores, fleet, manufacturing, research and development, information technology, corporate and other operations and functions. To the extent we are unable to remain competitive with our total rewards programs (which include compensation and benefits programs and practices), talent management strategy, workplace culture and strategies, initiatives, programs and practices that drive belonging and a positive employee experience, or if qualified candidates or employees become more difficult to attract or retain under reasonable terms, we may experience higher labor-related costs and may be unable to attract, retain, develop and progress a qualified global workforce, which could adversely affect our business and future success and impair our ability to meet our strategic objectives and the needs of our customers. A number of factors may adversely affect the labor force available to us or increase labor costs generally, including high employment levels, population migration, unemployment programs and subsidies, immigration laws and volatility in general macroeconomic factors impacting the labor market. Although we have not experienced any material labor shortage to date, over the past few years, we have experienced an increasingly competitive labor market. A sustained labor shortage or increased turnover rates within our employee base (or within the employee base of key suppliers or third-party manufacturers), could negatively affect our supply chain or our ability to efficiently operate our manufacturing and distribution facilities and overall business. 9 9 9 Table of Contents Table of Contents

Our continued success depends in part on our ability to identify, attract and onboard qualified candidates with the requisite education, background, skills and experience and our ability to retain, develop, progress and engage qualified employees across our business, including our stores, fleet, manufacturing, research and development, information technology, corporate and other operations and functions. We continue to face elevated wage rates and intense competition for talent due to the ongoing impacts of a tightened labor market and other macroeconomic conditions. To the extent we are unable to remain competitive with our total rewards programs (which include compensation and benefits programs and practices), talent management strategy, 11 11 11 Table of Contents Table of Contents inclusive workplace culture and related inclusion, diversity and equity and employee engagement strategies, initiatives, programs and practices, or if qualified candidates or employees become more difficult to attract or retain under reasonable terms, we may experience higher labor-related costs and may be unable to attract, retain, develop and progress a qualified global workforce, which could adversely affect our business and future success and impair our ability to meet our strategic objectives and the needs of our customers.

We rely on information technology systems to conduct our business. Information technology systems are important to many of our business-critical operating and financial processes, including production planning, manufacturing, distribution, communication with our employees, customers and suppliers, sales and customer service, research and development, recording and processing transactions and the production of accurate and timely reports on our financial and operating results. In connection with our digitization initiative, we have begun a multi-year phased process to upgrade and harmonize certain components of our information technology systems, including our financial processing systems. We are making significant investments in this complex, enterprise-wide initiative. Planned implementations will lead to changes in our operating and financial processes as well as our internal control over financial reporting. Disruptions to our information technology systems could occur if we do not effectively design or implement these systems solutions, or otherwise fail to manage resulting changes in processes and controls. This could adversely affect our operations, negatively impact our financial reporting and the effectiveness of our internal control over financial reporting and have a material adverse effect on our business, results of operations and financial condition. Some of the information technology systems we rely on are maintained or operated by third-party providers, including cloud-based systems. Cybersecurity incidents, attacks and cybersecurity threats are increasingly sophisticated, constantly evolving and originate from many sources globally and often cannot be recognized or understood until the target has already been attacked. Despite our efforts to prevent these threats and disruptions to our information technology systems, these systems and those of our third-party providers may be affected by damage or interruption resulting from, among other causes, cybersecurity incidents, attacks, security breaches, power outages, system or operational failures or malware (including ransomware and other programs that operate with malicious intent). These risks are expected to continue to be magnified due to the increased reliance on information technology systems to conduct our business, including those used in furtherance of supporting remote and 8 8 8 Table of Contents Table of Contents hybrid in-office work environments and managing our global operating and financial processes. Disruptions to these systems may impair our ability to conduct business and threaten the availability, confidentiality and integrity of our systems and information and have a material adverse effect on our business, results of operations and financial condition. As part of our business, we collect and handle information about our business, customers, employees and suppliers. Despite the security measures we have in place, our facilities and systems and those of third parties we rely on or do business with, may be vulnerable to cybersecurity incidents, attacks, security breaches, malware (including ransomware and other programs that operate with malicious intent), power outages, system failures, acts of vandalism, human or technical errors, fraud (including through phishing or other social engineering attempts) or other similar events or disruptions. Our information, facilities and systems and those hosted or supported by third parties on our behalf could also be impacted by the intentional or unintentional improper conduct of our employees, vendors or others who have access to and may mishandle or misappropriate information or access systems or facilities. Any such event involving the misappropriation, loss or other unauthorized disclosure of information or disruption of our systems, whether impacting us or third parties we rely on or do business with, could result in losses, damage our reputation or relationships with customers and suppliers, expose us to the risks of litigation, regulatory action and liability, including individual claims or consumer class actions, commercial litigation, administrative and civil or criminal investigations or actions, regulatory intervention and sanctions or fines, investigation and remediation costs, loss of intellectual property, release of confidential information, alteration or corruption of data or systems, costs related to remediation or the payment of ransom, and litigation and possible prolonged negative publicity, and disrupt our operations and have a material adverse effect on our business, results of operations and financial condition. We and third parties we rely on or do business with have experienced cybersecurity attacks and incidents in the past, some of which have resulted in unauthorized access to our information and systems and other disruptions to our business operations, and we could in the future experience similar incidents. Although we implement various controls to try to mitigate risks to our systems, information and other property, there can be no guarantee that the actions and controls we have implemented, or which we have caused third-party service providers to implement, will be sufficient to protect and mitigate risks to our systems, information or other property. The domestic and international regulatory environment related to information security, data collection and transfer, digital marketing or telemarketing and privacy is increasingly rigorous and complex, with new and rapidly changing requirements applicable to our business, which often require changes to our business practices. Compliance with these requirements, including the European Union’s General Data Protection Regulation, China’s Personal Information Protection, Data Security and Cyber Security Laws, the California Consumer Privacy Act as amended by the California Privacy Rights Act, other U.S. state privacy laws and a growing number of other international and domestic regulations, are costly and will result in additional costs in our efforts to continue to comply. These laws and regulations can provide for significant penalties for non-compliance, which could result in additional costs of compliance, enforcement actions, regulatory investigations and fines, individual or class action litigation, commercial litigation or reputational harm. Ongoing efforts to comply with these laws also may divert management and employee attention from other business and growth initiatives.

We rely on information technology systems to conduct our business, including recording and processing transactions, manufacturing and selling our products, researching and developing new products, maintaining and growing our competitive position, and supporting and communicating with our employees, customers, suppliers and other vendors. These information technology systems are important to many business-critical processes including, but not limited to, production planning, manufacturing, distribution, finance, company operations, research and development, sales and customer service. Some of these systems are maintained or operated by third-party providers, including cloud-based systems. Cyber attacks and cybersecurity threats are increasingly sophisticated, constantly evolving and originate from many sources globally, and often cannot be recognized or understood until the target has already been attacked. Despite our efforts to prevent these threats and disruptions to our information technology systems, these systems may be affected by damage or interruption resulting from, among other causes, cyber attacks, security breaches, power outages, system failures or malware (including but not limited to ransomware and other programs that operate with malicious intent). These risks are expected to continue to be magnified due to the increased reliance on information technology systems to conduct our business, including those used in furtherance of supporting remote and hybrid in-office work environments and managing our global operations. Disruptions to these systems may impair our ability to conduct business and have a material adverse effect on our business, results of operations and financial condition. While we maintain cybersecurity insurance, costs related to a cyberattack may exceed the amount of our insurance coverage or may be excluded under the terms of the policy. As part of our business, we collect and handle sensitive and confidential information about our business, customers, employees and suppliers. Despite the security measures we have in place, our facilities and systems, and those of third parties we rely on or do business with, may be vulnerable to cyber attacks, security breaches, malware (including but not limited to ransomware and other programs that operate with malicious intent), power outages, system failures, acts of vandalism, human or technical errors or other similar events or disruptions. Our information, facilities and systems and those hosted or supported by third parties on our behalf could also be impacted by the intentional or unintentional improper conduct of our employees, vendors or others who have access to and may mishandle or misappropriate sensitive and confidential information. Any such event involving the misappropriation, loss or other unauthorized disclosure of information, whether impacting us or third parties we rely on or do business with, could result in losses, damage our reputation or relationships with customers and suppliers, expose us to the risks of litigation, regulatory action and liability, disrupt our operations and have a material adverse effect on our business, results of operations and financial condition. We continue to mitigate these risks in a number of ways, including through additional investment, engagement of third-party experts and consultants, improving the security of our facilities and systems (including through upgrades to our security and information technology systems), providing annual training for all employees (with more enhanced or frequent training based on role or responsibility), assessing the continued appropriateness of relevant insurance coverage and strengthening our controls and procedures to identify, detect, protect against, respond to and mitigate these threats. We and third parties we rely on or do business with have experienced cybersecurity attacks and incidents in the past, some of which have resulted in unauthorized access to our information and systems and other disruptions to our business operations, and we could in the future experience similar incidents. The domestic and international regulatory environment related to information security, data collection and transfer, digital marketing or telemarketing, and privacy is increasingly rigorous and complex, with new and rapidly changing requirements applicable to our business, which often require changes to our business practices. Compliance with these requirements, including the European Union’s General Data Protection Regulation, China’s Personal Information Protection, Data Security, and Cyber Security Laws, the California Consumer Privacy Act as amended by the California Privacy Rights Act, a growing number of other U.S. comprehensive state privacy laws, and other international and domestic regulations, are costly and will result in additional costs in our efforts to continue to comply. These laws and regulations can provide for significant penalties for non-compliance, which could result in additional costs of compliance, enforcement actions, regulatory investigations and fines, individual or class action litigation, or reputational harm. Ongoing efforts to comply with these laws also may divert management and employee attention from other business and growth initiatives.

Our competitive position and the value of our products and brands could be reduced and our business adversely affected if we are unable to maintain or adequately protect our intellectual property. We have numerous patents, trade secrets, trademarks, trade names copyrights and know-how that are valuable to our business. Despite our efforts to protect such intellectual property and other proprietary information from unauthorized use or disclosure, third parties may attempt to disclose, obtain or use our trademarks or such other intellectual property and information without our authorization. We also face attempts, including through cybersecurity attacks and social engineering tactics, to gain unauthorized access to our systems for the purpose of improperly acquiring our trade secrets or confidential business information. In addition, advances in artificial intelligence technology and increasingly widespread use of generative artificial intelligence tools may increase the risk of unauthorized access to intellectual property, may increase the risk that existing intellectual property law may not provide adequate protection and may introduce potential liability from the use of artificial intelligence tools. The theft or unauthorized use or publication of our trade secrets and other confidential business information as a result of such incidents could adversely affect the value of our investment in research and development and our business. Although we rely on the patent, trademark, trade secret and copyright laws of the United States and other countries to protect our intellectual property rights, the laws of some countries may not protect such rights to the same extent as the laws of the United States. Unauthorized use of our intellectual property by third parties, the failure of foreign countries to have laws to protect our intellectual property rights, or an inability to effectively enforce such rights in foreign countries could have an adverse effect on our business.

Our competitive position and the value of our products and brands could be reduced and our business adversely affected if we are unable to maintain or adequately protect our intellectual property. We have numerous patents, trade secrets, trademarks, trade names and know-how that are valuable to our business. Despite our efforts to protect such intellectual property and other proprietary information from unauthorized use or disclosure, third parties may attempt to disclose, obtain or use our trademarks or such other intellectual property and information without our authorization. We also face attempts, including through cyber attacks and social engineering tactics, to gain unauthorized access to our systems for the purpose of improperly acquiring our trade secrets or confidential business information. The theft or unauthorized use or publication of our trade secrets and other confidential business information as a result of such incidents could adversely affect the value of our investment in research and development and our business. Although we rely on the patent, trademark, trade secret and copyright laws of the United States and other countries to protect our intellectual property rights, the laws of some countries may not protect such rights to the same extent as the laws of the United States. Unauthorized use of our intellectual property by third parties, the failure of foreign countries to have laws to protect our intellectual property rights, or an inability to effectively enforce such rights in foreign countries could have an adverse effect on our business. 12 12 12 Table of Contents Table of Contents