S&P Global Inc.: 10-K Risk Factor Changes

•The markets for credit ratings, financial research, market data and solutions, index-based products, automotive data, commodities analytics and price assessments, ESG products and scores, and related news and information about these markets are intensely competitive. Our businesses compete domestically and internationally on the basis of a number of factors, including the quality of their offerings, client service, reputation, price, geographic scope, range of products and technological innovation. •While our businesses face competition from traditional content and analytics providers (including exchanges), we also face competition from non-traditional providers, many of whom are our clients, such as asset managers, investment banks, private equity and technology-led companies that are adding content and analytics capabilities to their core businesses. •The competitive landscape may also experience consolidation in the form of mergers and acquisitions, joint ventures or strategic partnerships, which results in competitors that are better capitalized or that are able to gain a competitive advantage through synergies. 22 22 22 Table of Contents Table of Contents •In addition, in some of the countries in which our businesses operate, governments have, and may in the future, provide financial or other support to locally-based competitors (particularly credit rating agencies) and have, and may from time to time in the future, establish official credit rating agencies, credit ratings criteria, benchmarks or benchmark providers, or procedures for evaluating local issuers. •Changes in the markets in which we compete may drive us to lower the fees we charge for our products and services in order to remain competitive. In addition, if we are not able to successfully compete with our competitors, we may be required to significantly reduce the costs for our products or services, or we may lose significant market share, revenue or customers, which would materially adversely affect our business, financial condition and results of operations. Moreover, certain of our fees are based on the performance of our customers, and such fees are negatively impacted when our customers’ performance is down, including due to changes in their markets.

•The markets for credit ratings, financial research, market data and solutions, index-based products, automotive data, and commodities analytics and price assessments and related news and information about these markets are intensely competitive. Ratings, Market Intelligence, Commodity Insights, Indices and Mobility compete domestically and internationally on the basis of a number of factors, including the quality of their offerings, client service, reputation, price, geographic scope, range of products and technological innovation. •While our businesses face competition from traditional content and analytics providers (including exchanges), we also face competition from non-traditional providers, many of whom are our clients, such as asset managers, investment banks, private equity and technology-led companies that are adding content and analytics capabilities to their core businesses. •The competitive landscape may also experience consolidation in the form of mergers and acquisitions, joint ventures or strategic partnerships, which results in competitors that are better capitalized or that are able to gain a competitive advantage through synergies. •In addition, in some of the countries in which our businesses operate, governments have, and may in the future, provide financial or other support to locally-based competitors (particularly credit rating agencies) and have, and may from time to time in the future, establish official credit rating agencies, credit ratings criteria, benchmarks or benchmark providers, or procedures for evaluating local issuers. •If we are not able to successfully compete with our competitors, we may be required to significantly reduce the costs for our products or services, or we may lose significant market share, revenue or customers, which would materially adversely affect our business, financial condition and results of operations.

The development, maintenance, sale and support of our products and services are dependent upon the knowledge, experience and ability of our highly skilled, educated and trained employees. Accordingly, our business is dependent on successfully attracting, retaining and training talented employees in a highly competitive business environment. Our ability to attract and retain talented employees is dependent on a number of factors, including prevailing market conditions and compensation packages offered by companies competing for the same talent. While we offer competitive salary and benefit packages, intense competition for talent within our markets is driving difficulties in attracting and retaining skilled employees. If we are less 21 21 21 Table of Contents Table of Contents successful in our recruiting efforts, or if we are unable to attract or retain key employees, our ability to develop and deliver successful products and services or achieve strategic goals may be adversely affected, which could have a material adverse effect on our business and results of operations.

21 21 21 Table of Contents Table of Contents The development, maintenance, sale and support of our products and services are dependent upon the knowledge, experience and ability of our highly skilled, educated and trained employees. Accordingly, our business is dependent on successfully attracting, retaining and training talented employees in a highly competitive business environment. Our ability to attract and retain talented employees is dependent on a number of factors, including prevailing market conditions and compensation packages offered by companies competing for the same talent. While we offer competitive salary and benefit packages, we are facing challenges attracting and retaining talented employees due to strong competition for employees within our markets and increased compensation costs, which have been influenced by both the strong competition for employees within our markets and the current inflationary pressures. If we are less successful in our recruiting efforts, or if we are unable to attract or retain key employees, our ability to develop and deliver successful products and services or achieve strategic goals may be adversely affected, which could have a material adverse effect on our business and results of operations.

•We, and certain types of information we collect, compile, use, and publish, are subject to numerous U.S. federal and state laws and non-U.S. regulations governing the protection of personal and confidential information of our clients and employees in the jurisdictions in which we operate. Further, global privacy, data localization, data maintenance, data transfer and data protection legislation, regulatory, enforcement, and policy activity are rapidly and continually evolving and creating a complex regulatory compliance environment. There is also increasing concern among certain privacy and data protection advocates, government regulators, litigators, and the press regarding marketing and privacy matters as well as data protection, particularly as they relate to individual privacy, threats to personal information, and perceived national security interests. Costs and adaptation of our business practices to comply with and implement the increasing privacy-related and data protection, data maintenance and transfer restriction measures have been, and we expect will continue to be, significant, particularly as the laws and regulations across jurisdictions change frequently and sometimes conflict. In addition, such measures, as well as any associated inquiries or investigations or any other government actions, increase our operating costs and require significant management time and attention, and may result in negative publicity and subject us to costs that may harm our business, including fines or damages as well as demands or orders that we modify or cease existing business practices. •There has been increased public attention regarding the use of personal information and data transfer, accompanied by examinations of regulated entities, and legislation and regulations intended to strengthen data protection, information security and consumer and personal privacy. The law in these areas continues to develop and the changing nature and interpretations by courts around the world of privacy and data protection laws around the world, including in jurisdictions such as the U.S. (including in an increasing number of U.S. states), the European Union (the “EU”), the People’s Republic of China and India, could have a significant impact on our processing of personal and sensitive information of our employees, vendors and customers and other data, and in turn, our business practices. •Failure to comply with privacy and data protection requirements could result in significant penalties. The EU’s comprehensive General Data Privacy Regulation (“GDPR”), for example, is a comprehensive regulation applying across all EU member states, providing for penalties of up to the greater of €20 million or 4% of worldwide revenue, and the average GDPR penalties increased in 2023 compared to prior years. •We devote meaningful time and financial resources to compliance with current and future applicable international and U.S. privacy, cybersecurity, data protection and related laws and regulations. We have made, and expect to continue to make, capital investments and other expenditures to address cybersecurity preparedness and prevent future breaches, including costs associated with additional security technologies, personnel, experts and credit monitoring services for those whose data has been breached. Any such expenses that we incur in the future, which could be material, will impact our results of operations in the period in which they are incurred, but may not meaningfully limit the success of future attempts to compromise our information or information technology systems. •Continued privacy and data protection concerns may result in new or amended laws and regulations. Future laws and regulations with respect to the collection, compilation, use, and publication of information and consumer privacy could result in limitations on our operations, increased compliance or litigation expense, adverse publicity, or loss of revenue, which could have a material adverse effect on our business, financial condition, and results of operations. It is also possible that we could be prohibited from collecting or disseminating certain types of data, which could affect our ability to meet our customers’ needs or require changes in our processes, technologies, and data management. •We are also from time to time subject to, or face assertions that we are subject to, additional obligations relating to personal and other data by contract or due to assertions that self-regulatory obligations or industry standards apply to our practices.

16 16 16 Table of Contents Table of Contents •Global privacy, data localization and data protection legislation, enforcement, and policy activity are rapidly expanding and creating a complex regulatory compliance environment. Costs to comply with and implement these privacy-related and data protection measures have been, and we expect will continue to be, significant. In addition, an inadvertent failure to comply with federal, state, or international privacy-related or data protection laws and regulations despite our best efforts could result in proceedings against us by governmental entities or others. •Certain types of information we collect, compile, use, and publish, including offerings in all our businesses, are subject to regulation by governmental authorities in jurisdictions in which we operate. In addition, there is increasing concern among certain privacy and data protection advocates and government regulators regarding marketing and privacy matters as well as data protection, particularly as they relate to individual privacy and perceived national security interests. •There has been increased public attention regarding the use of personal information and data transfer, accompanied by legislation and regulations intended to strengthen data protection, information security and consumer and personal privacy. The law in these areas continues to develop and the changing nature of privacy and data protection laws in the U.S., the European Union (the “EU”), the People’s Republic of China and elsewhere could have a significant impact on our processing of personal and sensitive information of our employees, vendors and customers and other data. •Failure to comply with privacy and data protection requirements could result in significant penalties. The EU’s comprehensive General Data Privacy Regulation (“GDPR”), for example, provides for penalties of up to the greater of €20 million or 4% of worldwide revenue. Such laws and regulations, as well as any associated inquiries or investigations or any other government actions, are costly to comply with, increase our operating costs and require significant management time and attention, and may result in negative publicity and subject us to remedies that may harm our business, including fines or demands or orders that we modify or cease existing business practices. •We devote meaningful time and financial resources to compliance with current and future applicable international and U.S. privacy, cybersecurity, data protection and related laws. We have made, and expect to continue to make, capital investments and other expenditures to address cybersecurity preparedness and prevent future breaches, including costs associated with additional security technologies, personnel, experts and credit monitoring services for those whose data has been breached. Any such expenses that we incur in the future, which could be material, will impact our results of operations in the period in which they are incurred, but they may not meaningfully limit the success of future attempts to breach our information technology systems. •In addition, the EU and other jurisdictions, including the People’s Republic of China and India, are considering imposing or have already imposed additional restrictions, including in relation to cross-border transfers of personal and other types of data. These requirements are increasing in complexity and number, change frequently and increasingly conflict among the various countries in which we operate, which results in greater compliance risk and cost for us. •Continued privacy and data protection concerns may result in new or amended laws and regulations. Future laws and regulations with respect to the collection, compilation, use, and publication of information and consumer privacy could result in limitations on our operations, increased compliance or litigation expense, adverse publicity, or loss of revenue, which could have a material adverse effect on our business, financial condition, and results of operations. It is also possible that we could be prohibited from collecting or disseminating certain types of data, which could affect our ability to meet our customers’ needs. •We are also from time to time subject to, or face assertions that we are subject to, additional obligations relating to personal and other data by contract or due to assertions that self-regulatory obligations or industry standards apply to our practices.

•In the normal course of business, both in the U.S. and abroad, we and our subsidiaries are defendants in numerous legal proceedings and are often the subject of government and regulatory proceedings, investigations and inquiries (including market studies), as discussed under Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, in this Annual Report on Form 10-K and in Note 13 – Commitments and Contingencies to the consolidated financial statements under Item 8, Consolidated Financial Statements and Supplementary Data, in this Annual Report on Form 10-K, and we face the risk that additional proceedings, investigations and inquiries (including market studies) will arise in the future. •Many of these proceedings, investigations and inquiries (including market studies) regularly relate to the activity of our Ratings, Indices, and Commodity Insights businesses. In addition, various government and self-regulatory agencies frequently make inquiries and conduct investigations into our compliance with applicable laws and regulations, including those related to our regulated activities, antitrust matters, and other matters, such as environmental, social and governance (“ESG”) matters. From time to time, we also face proceedings, investigations or inquiries related to tax matters. Enhancements to our products and services combined with evolving regulation requires us to continuously evaluate our regulatory and compliance obligations, and government and self-regulatory agencies may conduct investigations to determine whether our products and services subject us to additional regulations. Any of these proceedings, investigations or inquiries (including market studies) impose additional expenses on the Company, require the attention of senior management, and could ultimately result in adverse judgments, damages, fines, penalties, activity restrictions, reduced demand for our products and services, or negative impacts on our cash flows, which could have a material adverse effect on our business, financial condition or results of operations. •In view of the uncertainty inherent in litigation, government and regulatory enforcement matters, and changing political sentiments, we cannot predict the eventual outcome of the matters we are currently facing or the timing of their resolution, or in most cases reasonably estimate what the eventual judgments or impact of activity restrictions may be. As a result, we cannot provide assurance that the outcome of the matters we are currently facing or that we may face in the future will not have a material adverse effect on our business, financial condition or results of operations. •As litigation or the process to resolve pending matters progresses, as the case may be, we continuously review the latest information available and assess our ability to predict the outcome of such matters and the effects, if any, on our consolidated financial condition, cash flows, business and competitive position, which may require that we record liabilities in the consolidated financial statements in future periods. •Risks relating to legal proceedings may be heightened in foreign jurisdictions that lack the legal protections or liability standards comparable to those that exist in the U.S. In addition, new laws and regulations have been and may continue to be enacted that establish lower liability standards, shift the burden of proof or relax pleading requirements, thereby increasing the risk of successful litigations against the Company in the U.S. and in foreign jurisdictions. These 17 17 17 Table of Contents Table of Contents litigation risks are often difficult to assess or quantify and could have a material adverse effect on our business, financial condition or results of operations. •We may not have adequate insurance or reserves to cover these risks, and the existence and magnitude of these risks often remains unknown for substantial periods of time and could have a material adverse effect on our business, financial condition or results of operations.

•In the normal course of business, both in the U.S. and abroad, we and our subsidiaries are defendants in numerous legal proceedings and are often the subject of government and regulatory proceedings, investigations and inquiries, as discussed under Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, in this Annual Report on Form 10-K and in Note 13 - Commitments and Contingencies to the consolidated financial statements under Item 8, Consolidated Financial Statements and Supplementary Data, in this Annual Report on Form 10-K, and we face the risk that additional proceedings, investigations and inquiries will arise in the future. •Many of these proceedings, investigations and inquiries regularly relate to the activity of our Ratings, Indices, and Commodity Insights businesses. In addition, various government and self-regulatory agencies frequently make inquiries and conduct investigations into our compliance with applicable laws and regulations, including those related to our regulated activities, antitrust matters, and other matters, such as ESG. From time to time, we also face proceedings, investigations or inquiries related to tax matters. Any of these proceedings, investigations or inquiries impose additional expenses on the Company, require the attention of senior management, and could ultimately result in adverse judgments, damages, fines, penalties or activity restrictions, which could have a material adverse effect on our business, financial condition or results of operations. •In view of the uncertainty inherent in litigation and government and regulatory enforcement matters, we cannot predict the eventual outcome of the matters we are currently facing or the timing of their resolution, or in most cases reasonably estimate what the eventual judgments or impact of activity restrictions may be. As a result, we cannot 17 17 17 Table of Contents Table of Contents provide assurance that the outcome of the matters we are currently facing or that we may face in the future will not have a material adverse effect on our business, financial condition or results of operations. •As litigation or the process to resolve pending matters progresses, as the case may be, we continuously review the latest information available and assess our ability to predict the outcome of such matters and the effects, if any, on our consolidated financial condition, cash flows, business and competitive position, which may require that we record liabilities in the consolidated financial statements in future periods. •Risks relating to legal proceedings may be heightened in foreign jurisdictions that lack the legal protections or liability standards comparable to those that exist in the U.S. In addition, new laws and regulations have been and may continue to be enacted that establish lower liability standards, shift the burden of proof or relax pleading requirements, thereby increasing the risk of successful litigations against the Company in the U.S. and in foreign jurisdictions. These litigation risks are often difficult to assess or quantify and could have a material adverse effect on our business, financial condition or results of operations. •We may not have adequate insurance or reserves to cover these risks, and the existence and magnitude of these risks often remains unknown for substantial periods of time and could have a material adverse effect on our business, financial condition or results of operations.

•Our major expenditures include employee compensation and capital investments. •We offer competitive salary and benefit packages to attract and retain the quality employees required to grow and expand our businesses. Compensation costs are influenced by general economic factors, including but not limited to changes in the cost of health insurance, post-retirement benefits, inflation, trends specific to the skill sets required for our workforce, and the amount of competition for qualified employees within our markets. •We make significant investments in information technology data centers and other technology initiatives and we cannot provide assurances that such investments will result in increased revenues. •We rely on data provided by third-party data suppliers for a variety of our products and we rely significantly on AWS to provide, develop and maintain our cloud infrastructure. We are facing increasing costs from our third-party service providers due to a number of reasons, including inflationary pressures and costs associated with the increasing complexity of the data we require. •Although we believe we are prudent in our investment strategies and execution of our implementation plans, there is no assurance as to the ultimate recoverability or effectiveness of these investments. •A significant increase in any of the operating costs and expenses mentioned above could have a material adverse effect on our profitability.

•Our major expenditures include employee compensation and capital investments. •We offer competitive salary and benefit packages in order to attract and retain the quality employees required to grow and expand our businesses. Compensation costs are influenced by general economic factors, including those affecting the cost of health insurance and post-retirement benefits and inflation, any trends specific to the employee skill sets we require, and competition for talented employees within our markets. We are currently facing increased compensation costs, which have been influenced by strong competition for employees within our markets and the current inflationary pressures. •We make significant investments in information technology data centers and other technology initiatives and we cannot provide assurances that such investments will result in increased revenues. •We rely on data provided by third-party data suppliers for a variety of our products and we rely significantly on Amazon Web Services (“AWS”) to provide, develop and maintain our cloud infrastructure. We are facing increasing costs from our third-party service providers due to a number of reasons, including inflationary pressures and costs associated with the increasing complexity of the data we require. 23 23 23 Table of Contents Table of Contents •Although we believe we are prudent in our investment strategies and execution of our implementation plans, there is no assurance as to the ultimate recoverability or effectiveness of these investments. •A significant increase in any of the operating costs and expenses mentioned above could have a material adverse effect on our profitability.

•Our reputation, credibility, and the strength of our brand are key competitive strengths. •Given our role in the financial, commodities and automotive markets, our ability to attract and retain customers is uniquely affected by external perceptions of our reputation, credibility, and brand. •We provide credit ratings, pricing and valuation services, benchmark products, ESG scores and indices, many of which depend on contributions or inputs from third parties or market participants. Our customers and other market participants expect us to be able to demonstrate that our products and services are produced independently and are not readily subject to manipulation. We believe our products and services are designed with appropriate methodologies, processes, and procedures to maintain independence and integrity; however, we may not be able to prevent third parties or market participants from working together or colluding to try to manipulate their inputs and thus the resulting outputs of our products and services. From time to time, we are involved in third-party investigations or litigation related to the markets and stakeholders our products and services serve. Any failures, negative publicity, investigations, or lawsuits that implicate the independence and integrity of our credit ratings, pricing and valuation services, benchmarks, and indices could result in a loss of confidence in the administration of these products and services and could harm our reputation and our business. •Negative perceptions or publicity could damage our reputation with customers, prospects, regulators, and the public generally, which in turn could negatively impact, among other things, our ability to attract and retain customers, employees and suppliers, as well as suitable candidates for acquisitions or other combinations. For example, we may face negative perceptions or publicity with respect to our sustainability and corporate responsibility policies and practices or our ESG products, methodologies, or scores, including as a result of a failure to meet publicly disclosed ESG and climate-related targets or goals, or as a result of misalignment with evolving market standards, ESG regulations and codes of conduct or regulatory expectations. In addition, we may face similar negative perceptions or publicity as a result of “anti-ESG” sentiment among certain stakeholders, including governmental authorities, regulators, shareholders and customers. •Our divisions are all actively engaged in analyzing and providing views on economic conditions, including assessing the impact of events that create volatility and economic uncertainty, such as the ongoing military conflicts between Russia and Ukraine and Israel and Hamas and tensions across the Taiwan Strait. Notwithstanding the care we take in carrying out our work, the views and assumptions we express, the conclusions we draw, the actions we take (including, but not limited to, rating actions, revising the composition of our indices, etc.), and the work our divisions produce are likely to be heavily scrutinized with the benefit of hindsight. We have faced significant regulatory and media scrutiny following prior periods of volatility and economic uncertainty. Such scrutiny has in the past and may in the future impact our reputation, brand and credibility and result in government and regulatory proceedings, investigations, inquiries and litigation. •Given our businesses are often privy to material non-public information concerning our customers, our data could be improperly used, including for insider trading by our employees and third-party vendors with access to key systems. We have experienced insider trading incidents involving employees in the past, and it is not always possible to deter misconduct by employees or third-party vendors. We take precautions to detect and prevent such activity, including training on insider trading policies for our employees, contractual obligations for our third-party vendors, and policies that require access restrictions for material non-public information, but such precautions are not guaranteed to deter misconduct. Any breach of our clients’ confidences as a result of employee or third-party vendor misconduct could harm our reputation. •Damage to our reputation, credibility, and brand could have a material adverse effect on our business and results of operations.

•Our reputation, credibility, and the strength of our brand are key competitive strengths. •Given our role in the financial, commodities and automotive markets, our ability to attract and retain customers is uniquely affected by external perceptions of our reputation, credibility, and brand. •We provide credit ratings, pricing and valuation services, benchmark products, and indices, many of which depend on contributions or inputs from third parties or market participants. Our customers and other market participants expect us to be able to demonstrate that our products and services are produced independently and are not readily subject to manipulation. We believe our products and services are designed with appropriate methodologies, processes, and procedures to maintain independence and integrity; however, we may not be able to prevent third parties or market participants from working together or colluding to try to manipulate their inputs and thus the resulting outputs of our products and services. From time to time, we are involved in third-party investigations or litigation related to the markets and stakeholders our products and services serve. Any failures, negative publicity, investigations, or lawsuits that implicate the independence and integrity of our credit ratings, pricing and valuation services, benchmarks, and indices could result in a loss of confidence in the administration of these products and services and could harm our reputation and our business. •Negative perceptions or publicity, including with respect to our sustainability and corporate responsibility policies and practices, could damage our reputation with customers, prospects, regulators, and the public generally, which could negatively impact, among other things, our ability to attract and retain customers, employees and suppliers, as well as suitable candidates for acquisition or other combinations. •Our divisions are all actively engaged in analyzing and providing views on economic conditions, including assessing the impact of events that create volatility and economic uncertainty, such as the COVID-19 pandemic and the ongoing military conflict between Russia and Ukraine. Notwithstanding the care we take in carrying out our work, the views and assumptions we express, the conclusions we draw, the actions we take (including, but not limited to, rating actions, revising the composition of our indices, etc.), and the work our divisions produce are likely to be heavily scrutinized with the benefit of hindsight. We have faced significant regulatory and media scrutiny following prior periods of 25 25 25 Table of Contents Table of Contents volatility and economic uncertainty. Such scrutiny has in the past and may in the future impact our reputation, brand and credibility and result in government and regulatory proceedings, investigations, inquiries and litigation. •Damage to our reputation, credibility, and brand could have a material adverse effect on our business and results of operations.

•Some of our products support the investment processes and other activities of our clients, which, in the aggregate, manage or own trillions of dollars of assets. The use of our products as part of such activities, including the investment process, from time to time exposes us to claims for significant dollar amounts by our clients or the parties whose assets are managed by our clients. Such claims have not materially adversely affected us to date, but there can be no assurance that future claims will not materially adversely affect our business, financial condition or results of operations. •The products we develop or license, and the proprietary methodologies, models and processes on which these products rely, from time to time contain undetected errors or defects, despite testing and/or other quality assurance practices. Moreover, many of our products use new and evolving technologies, such as AI, that may contain their own undetected errors or defects. For example, the AI used in our products could include undetected errors or defects that lead to harmful consequences such as accuracy issues, unintended biases or discriminatory outputs. Errors or defects may exist during any part of a product’s life cycle and may persist notwithstanding testing and/or other quality assurance practices. Ineffective or insufficient collaboration within the Company increases the risk that such errors or defects may not be detected. Deploying products containing such errors or defects may damage our reputation, and the costs associated with remediating such errors or defects may have an impact on our profitability. •Any claim relating to our products, even one in which the outcome is ultimately favorable to us, involves a significant commitment of our management, personnel, financial and other resources and could have a negative impact on our reputation. In addition, such claims and lawsuits could have a material adverse effect on our business, financial condition or results of operations. 20 20 20 Table of Contents Table of Contents

•Some of our products support the investment processes and other activities of our clients, which, in the aggregate, manage or own trillions of dollars of assets. The use of our products as part of such activities, including the investment process, from time to time exposes us to claims for significant dollar amounts by our clients or the parties whose assets are managed by our clients. Such claims have not materially adversely affected us to date, but there can be no assurance that future claims will not materially adversely affect our business, financial condition or results of operations. •The products we develop or license, and the proprietary methodologies, models and processes on which these products rely, from time to time contain undetected errors or defects, despite testing and/or other quality assurance practices. Such errors may exist during any part of a product’s life cycle and may persist notwithstanding testing and/or other quality assurance practices. Ineffective or insufficient collaboration within the Company increases the risk that such errors may not be detected. Deploying products containing such errors may damage our reputation, and the costs associated with remediating such errors may have an impact on our profitability. •Any claim relating to our products, even one in which the outcome is ultimately favorable to us, involves a significant commitment of our management, personnel, financial and other resources and could have a negative impact on our reputation. In addition, such claims and lawsuits could have a material adverse effect on our business, financial condition or results of operations.

•Our operations rely on the secure processing, storage and transmission of confidential, sensitive and other types of data and information in our information systems and networks and those of our third-party service providers, including our vendors. Cyber threats continue to further evolve and continue to be more difficult to detect and successfully defend against. As a result, cyber threats have in the past and may in the future defeat the measures that we or our third-party service providers take to anticipate, detect, avoid, or mitigate such threats. •Our businesses often have access to material non-public information concerning the Company’s customers, including sovereigns, public and private companies, and other third parties around the world, the unauthorized disclosure of which could affect the trading markets for such customers’ securities and could damage such customers’ competitive positions. Some of our own products and services also include material non-public information that could affect trading markets. Unauthorized disclosure of this information as a result of cyber attacks and other unauthorized occurrences on our information systems and networks could cause our customers to lose faith in our ability to protect confidential information and therefore cause customers to cease doing business with us. •The cyber threats we and our third-party service providers (including our vendors) face are rapidly evolving and are becoming increasingly sophisticated and include denial of service attacks, ransomware, spyware, phishing/smishing/vishing attacks, business compromise attacks, employee errors, negligence or malfeasance, the use of malicious codes or worms, payment fraud, and other unauthorized occurrences on, or conducted through, our or our third-party service providers’ (including our vendors’) information systems and networks, originating from a wide variety of sources, including criminals, terrorists, nation states, financially motivated actors, internal actors, and external service providers. The cyber risks the Company faces range from cyber attacks common to most industries, to more sophisticated and targeted attacks, including attacks carried out by state-sponsored actors, intended to obtain 13 13 13 Table of Contents Table of Contents unauthorized access to certain information or information systems or networks due in part to our prominence in the global marketplace, such as our ratings on debt issued by sovereigns and corporate issuers, our impending methodology changes in our benchmarks businesses, or the composition of our indices. Our third-party service providers, including our vendors, are also the subject of a variety of cyber attacks, including attacks carried out by state-sponsored actors. •We and our third-party service providers, including our vendors, experience cyber attacks, data breaches and other cyber threats of varying degrees on a regular basis. The volume of such attacks, breaches and threats have increased over the years and we expect that volume to continue to increase. Breaches of our or our third-party service providers’ (including our vendors’) information systems and networks may cause material interruptions or malfunctions in our or such third-party’s websites, applications or data processing, or may compromise the confidentiality and integrity of material information regarding us, our business or our customers. Although cyber attacks and data breaches on the Company and its third-party service providers have not had a material adverse effect on the Company, there can be no assurance that there will not be a material adverse effect in the future. •In the ordinary course of business, we are exposed to vulnerabilities in widely deployed third-party software. While such vulnerabilities have not resulted in a material adverse effect on the Company, they require us to devote time and resources to remediation on a regular basis. Notwithstanding our efforts, there can be no assurance that we will not suffer a material adverse effect resulting from vulnerabilities in widely deployed third-party software. •Misappropriation, improper modification, destruction, corruption or unavailability of our data and information, including personal data, due to cyber incidents, attacks or other security breaches, or the perception of such an occurrence, could damage our brand and reputation, result in litigation, regulatory actions, sanctions or other statutory penalties, lead to loss of customer confidence in our security measures and reliability, which would harm our ability to retain customers and gain new ones, result in financial losses that are either not insured against or not fully covered through any insurance maintained by us, and lead to increased expenses related to addressing or mitigating the risks associated with any such incidents. We may be required to expend significant resources to mitigate the impact of any errors, interruptions, delays or cessations of service and we may have insufficient recourse against our third-party service providers, including our vendors. Additionally, our failure to timely or accurately communicate cyber incidents to relevant parties, including as a result of a failure of our third-party service providers, including our vendors, to inform us of incidents impacting their information systems or networks in a timely manner could result in regulatory or litigation risk, and reputational harm. •We devote significant resources to maintain and regularly update our systems and processes that are designed to protect the security of our information systems, software, networks and other technology assets and the confidentiality, integrity and availability of information belonging to the enterprise and our customers, clients and employees. However, such measures may be circumvented or become obsolete, and additional measures that we take to prevent or mitigate cyber incidents may be expensive or ineffective. Accordingly, there can be no assurance that our security measures will be sufficient to protect our information or information systems and networks. •While we conduct cyber due diligence during the acquisition process, following the completion of acquisitions, we have identified weaknesses and vulnerabilities in acquired entities’ information systems and networks, which expose us to unexpected liabilities or make our own information systems or networks more vulnerable to a cyber attack. Such weaknesses and vulnerabilities have been, and may continue to be identified as we complete integration of IHS Markit Ltd. information systems and networks. •Any of the foregoing could have a material adverse effect on our business, financial condition or results of operations.

•Our operations rely on the secure processing, storage and transmission of confidential, sensitive and other types of data and information in our computer systems and networks and those of our third-party vendors. •Our businesses often have access to material non-public information concerning the Company’s customers, including sovereigns, public and private companies, and other third parties around the world, the unauthorized disclosure of which could affect the trading markets for such customers’ securities and could damage such customers’ competitive positions. Some of our own products and services also include material non-public information that could affect trading markets. The cyber risks the Company faces range from cyber attacks common to most industries, to more sophisticated and targeted attacks, including attacks carried out by state-sponsored actors, intended to obtain unauthorized access to certain information or systems due in part to our prominence in the global marketplace, such as our ratings on debt issued by sovereigns and corporate issuers, our impending methodology changes in our benchmarks businesses, or the composition of our indices. Unauthorized disclosure of this information could cause our customers to lose faith in our ability to protect their or our own confidential information and therefore cause customers to cease doing business with us. •We and our third-party service providers, including our vendors, experience cyber attacks and data breaches of varying degrees on a regular basis. Breaches of our or our third-party service providers’ systems and networks, whether from circumvention of security systems, denial-of-service attacks or other cyber attacks, hacking, computer viruses or malware, employee error, malfeasance, physical breaches or other actions, may cause material interruptions or malfunctions in our or such third-party service providers’ websites, applications or data processing, or may compromise the confidentiality and integrity of material information regarding us, our business or our customers. Although there has not been a cyber attack or data breach on the Company or its third-party service providers that has had a material adverse effect on the Company to date, there can be no assurance that there will not be a material adverse effect in the future. •In the ordinary course of business, we are exposed to vulnerabilities in widely deployed third-party software. While such vulnerabilities have not resulted in a material adverse effect on the Company to date, they require us to devote 13 13 13 Table of Contents Table of Contents time and resources to remediation on a regular basis. Notwithstanding our efforts, there can be no assurance that we will not suffer a material adverse effect resulting from vulnerabilities in widely deployed third-party software. •Misappropriation, improper modification, destruction, corruption or unavailability of our data and information, including personal data, due to cyber incidents, attacks or other security breaches, or the perception of such an occurrence, could damage our brand and reputation, result in litigation, regulatory actions, sanctions or other statutory penalties, lead to loss of customer confidence in our security measures and reliability, which would harm our ability to retain customers and gain new ones, result in financial losses that are either not insured against or not fully covered through any insurance maintained by us, and lead to increased expenses related to addressing or mitigating the risks associated with any such incidents. •We are exposed to additional cyber security risks as we continue our integration with IHS Markit Ltd. (“IHS Markit”) following our merger, as described in the risk factor below entitled “The process of integrating the businesses of S&P Global and IHS Markit following the Merger involves significant costs, resources and challenges, which may materially adversely impact the anticipated synergies of the Merger and our business, financial condition and results of operations.” •Although we devote significant resources to maintain and regularly update our systems and processes that are designed to protect the security of our computer systems, software, networks and other technology assets and the confidentiality, integrity and availability of information belonging to the enterprise and our customers, clients and employees, there is no assurance that all of our security measures will provide absolute security. •Measures that we take to avoid or mitigate material incidents can be expensive, and may be insufficient, circumvented, or become obsolete. •Cyber threats are rapidly evolving and are becoming increasingly sophisticated and include denial of service attacks, ransomware, phishing attacks and payment fraud. Despite our efforts to ensure the integrity of our systems, as cyber threats evolve and become more difficult to detect and successfully defend against, one or more cyber threats might defeat the measures that we or our vendors take to anticipate, detect, avoid or mitigate such threats. Certain techniques used to obtain unauthorized access, introduce malicious software, disable or degrade service, or sabotage systems may be designed to remain dormant until a triggering event and we may be unable to anticipate these techniques or implement adequate preventative measures since techniques change frequently or are not recognized until launched. •Given our businesses are often privy to material non-public information concerning our customers, our data could be improperly used, including for insider trading by our employees and third-party vendors with access to key systems. We have experienced insider trading incidents involving employees in the past, and it is not always possible to deter misconduct by employees or third-party vendors. We take precautions to detect and prevent such activity, including implementing and training on insider trading policies for our employees and contractual obligations for our third-party vendors, but such precautions are not guaranteed to deter misconduct. Any breach of our clients’ confidences as a result of employee or third-party vendor misconduct could harm our reputation. •While we conduct cyber due diligence during the acquisition process, following the completion of acquisitions, we have identified weaknesses and vulnerabilities in acquired entities’ information systems, which expose us to unexpected liabilities or make our own systems more vulnerable to a cyber attack. •Any of the foregoing could have a material adverse effect on our business, financial condition or results of operations.

•We have made and expect to continue to make acquisitions, divestitures and other strategic transactions to strengthen our business and grow our Company. For example, we acquired ChartIQ on January 3, 2023, TruSight Solutions LLC on January 4, 2023, and Market Scan Information Systems, Inc. on February 16, 2023. Additionally, on May 2, 2023, we sold our Engineering Solutions business. Such transactions present significant challenges and risks, as the market for acquisitions, divestitures and other strategic transactions is highly competitive, especially in light of industry consolidation, which may affect our ability to complete such transactions. •If we are unsuccessful in completing such transactions or if such opportunities for expansion do not arise, our business, financial condition or results of operations could be materially adversely affected. •If such transactions are completed, the anticipated growth and other strategic objectives of such transactions may not be fully realized or may take longer to realize than expected, and a variety of factors may adversely affect any anticipated benefits from such transactions. Our acquisitions, divestitures and other strategic transactions face difficulties, including, but not limited to, the following: ◦the process of integration being more expensive or requiring more resources than anticipated; ◦an acquisition changing the composition of our markets and product mix, and difficulty gaining the skills necessary for such markets or products; ◦delays or difficulties consolidating corporate and administrative infrastructures and eliminating duplicative operations, including issues in integrating financial reporting, information technology infrastructure, data and content management systems and product platforms, communications and other systems; ◦delays or difficulties harmonizing corporate cultures, operating practices, management philosophies, employee development and compensation programs, internal controls, compliance programs and other policies, procedures and processes; ◦assuming unintended liabilities; ◦unexpected regulatory and operating difficulties and expenditures, including regulatory challenges that impact our ability to conduct due diligence; ◦failure to maintain employee morale or retain key personnel of the current or acquired business; ◦failure to retain existing business and operational relationships; ◦continuing operational or financial obligations that arise under transition services agreements requiring significant management and operational resources that limit our ability to fully implement cost reduction and efficiency initiatives or other aspects of our transition plans, or divert the management’s focus from other business operations; ◦difficulty coordinating geographically separate organizations, including consolidating offices; ◦the impact of divestitures on our revenue growth being larger than projected due to greater dis-synergies or adverse effects on our overall product offerings than expected; ◦divestitures requiring continued financial involvement in the divested business through continuing equity ownership, guarantees, indemnities or other financial obligations; ◦incurring impairment charges or other losses related to divestitures; and ◦diversion of management’s focus from other business operations. •The failure of acquisitions, divestitures and other strategic transactions to perform as expected could have a material adverse effect on our business, financial condition or results of operations.

•We have made and expect to continue to make acquisitions, divestitures and other strategic transactions to strengthen our business and grow our Company. For example, on February 28, 2022, we completed our Merger with IHS Markit, and as a condition of securing regulatory approval for the Merger, we were required to divest CUSIP Global Services, our Leveraged Commentary and Data (“LCD”) business and a related family of leveraged loan indices. On June 1, 2022, we also sold our Base Chemicals business, which we acquired in our Merger, to News Corp; such sale was also required as a condition of securing regulatory approval for the Merger. Additionally, on November 30, 2022, we announced our intention to divest our Engineering Solutions business, and on January 17, 2023, we announced that we entered into a Securities and Asset Purchase Agreement with Allium Buyer LLC, a Delaware limited liability company controlled by funds affiliated with Kohlberg Kravis Roberts & Co. L.P., to sell the division for approximately $975 million in cash, subject to customary purchase price adjustments. The divestiture of our Engineering Solutions business is expected to close in the second quarter of 2023. Such transactions present significant challenges and risks, as the market for acquisitions, divestitures and other strategic transactions is highly competitive, especially in light of industry consolidation, which may affect our ability to complete such transactions. •If we are unsuccessful in completing such transactions or if such opportunities for expansion do not arise, our business, financial condition or results of operations could be materially adversely affected. •If such transactions are completed, the anticipated growth and other strategic objectives of such transactions may not be fully realized or may take longer to realize than expected, and a variety of factors may adversely affect any anticipated benefits from such transactions. Our acquisitions, divestitures and other strategic transactions face difficulties, including, but not limited to, the following: ◦the process of integration being more expensive or requiring more resources than anticipated; ◦an acquisition changing the composition of our markets and product mix (for example, the Merger exposed us to the automotive industry and the upstream exploration and production industry), and difficulty gaining the skills necessary for such markets or products; ◦delays or difficulties consolidating corporate and administrative infrastructures and eliminating duplicative operations, including issues in integrating financial reporting, information technology infrastructure, data and content management systems and product platforms, communications and other systems; 22 22 22 Table of Contents Table of Contents ◦delays or difficulties harmonizing corporate cultures, operating practices, management philosophies, employee development and compensation programs, internal controls, compliance programs and other policies, procedures and processes; ◦assuming unintended liabilities; ◦unexpected regulatory and operating difficulties and expenditures; ◦failure to maintain employee morale or retain key personnel of the current or acquired business; ◦failure to retain existing business and operational relationships; ◦difficulty coordinating geographically separate organizations, including consolidating offices; ◦the impact of divestitures on our revenue growth being larger than projected due to greater dis-synergies or adverse effects on our overall product offerings than expected; ◦divestitures requiring continued financial involvement in the divested business through continuing equity ownership, guarantees, indemnities or other financial obligations; ◦incurring impairment charges or other losses related to divestitures; and ◦diversion of management’s focus from other business operations. •Moreover, we may face regulatory challenges that impact our ability to conduct due diligence. For example, notwithstanding extensive integration planning, given the restrictions imposed by antitrust regulations, we did not have full access to IHS Markit data prior to the completion of the Merger. We relied on third-parties, clean rooms and publicly available data to inform our assumptions about the business. Since closing of the Merger, we have adjusted some of our assumptions based on full access to IHS Markit. While such adjustments have not been material to date, there can be no assurance that future discoveries will not have a material adverse effect on our ability to realize the cost or revenue synergies or other benefits we expect from the Merger. •The failure of acquisitions, divestitures and other strategic transactions to perform as expected could have a material adverse effect on our business, financial condition or results of operations.

Our business could be materially and adversely affected by a public health crisis, especially of an infectious disease like COVID-19. The steps governments take to prevent or contain such an event (such as travel restrictions, social distancing, quarantines, shelter in place orders or business shutdowns) may negatively impact our operations, or the operations of our suppliers or customers, or may limit our ability to interact with customers and effectively maintain and grow our operations, including through securing new subscriptions and renewals. Public health crises may introduce volatility and uncertainty into the global financial and commodities markets and adverse general economic conditions. Risks posed to our businesses, financial condition and results of operations from volatility in the financial and commodities markets that could result from such an event are described in the risk factor above entitled “Changes in the volume of securities issued and traded in domestic and/or global capital markets, asset levels and flows into investment products, high interest rates, changes in interest rates and volatility in the financial markets, and volatility in the commodities markets impact our business, financial condition or results of operations.” Actions taken by governments to stabilize the markets and support economic growth may not be sufficient to address the market dislocations or avert severe and prolonged reductions in economic activity. The negative impact of a public health crisis on our clients could result in our products and services facing pricing pressure or delayed renewals, and challenges to new sales, which would in turn reduce revenue, ultimately impacting our results of operations. Moreover, if a public health crisis caused prolonged recessions in the U.S. and other major markets, our businesses would be materially and adversely 25 25 25 Table of Contents Table of Contents affected. Due to the uncertain nature of public health crises, we cannot predict the extent to which any such event would impact our business, financial condition or results of operations.

Our business could be materially and adversely affected by a pandemic, epidemic or public health crisis, such as the COVID-19 pandemic. The restriction in human mobility caused by such an event, or the steps governments take to prevent or contain such an event (such as travel restrictions, social distancing, quarantines, shelter in place orders or business shutdowns), may negatively impact our operations, or the operations of our suppliers or customers, or may limit our ability to interact with customers and effectively maintain and grow our operations, including through securing new subscriptions and renewals. The COVID-19 pandemic introduced, and future pandemics, epidemics and public health crises may introduce, volatility and uncertainty into the global financial and commodities markets and adverse general economic conditions. Risks posed to our businesses, financial condition and results of operations from volatility in the financial and commodities markets that could result from such an event, including COVID-19, are described in the risk factor above entitled “Changes in the volume of securities issued and traded in domestic and/or global capital markets, asset levels and flows into investment products, changes in interest rates and volatility in the financial markets, and volatility in the commodities markets impact our business, financial condition or results of operations.” Actions taken by governments to stabilize the markets and support economic growth may not be sufficient to address the market dislocations or avert severe and prolonged reductions in economic activity. The negative impact of a pandemic, epidemic or public health crisis, such as COVID-19, on our clients could result in our products and services facing pricing pressure or delayed renewals, and challenges to new sales, which would in turn reduce revenue, ultimately impacting our results of operations. For example, the uncertainty created by COVID-19 and other macroeconomic events has, and may continue to, put pressure on Commodity Insights clients, which has, and may continue to, translate into slower demand for our subscription and related products and services. Moreover, if a pandemic, epidemic or public health crisis, including COVID-19, caused prolonged recessions in the U.S. and other major markets, our businesses would be materially and adversely affected. To date, the COVID-19 pandemic has not had a material adverse effect on our business, financial condition or results of operations. However, due to the uncertain nature of COVID-19 and other pandemics, epidemics and public health crises, we cannot predict the extent to which any such event may impact our business, financial condition or results of operations.

•The financial services industry is highly regulated, rapidly evolving and subject to the potential for increasing regulation in the U.S., Europe and elsewhere. The businesses conducted by Ratings are regulated under the laws of various jurisdictions around the world, including the Credit Rating Agency Reform Act of 2006, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the U.S. Securities Exchange Act of 1934, the EU’s credit rating agency regulation, and the U.K.’s credit rating agency regulation. •The U.S. Congress, the International Organization of Securities Commissions ("IOSCO"), the SEC, the European Commission, including through the European Securities Market Authority and the U.K. Financial Conduct Authority (“FCA”), as well as regulators in other countries in which Ratings operates, have reviewed the role of rating agencies and their processes and the need for greater oversight or regulations concerning the issuance of credit ratings or the activities of credit rating agencies, and they may conduct such reviews in the future. Other laws, regulations and rules relating to credit rating agencies are from time to time considered by local, national and multinational bodies and are likely to continue to be considered in the future, including, for example, provisions seeking to reduce regulatory and investor reliance on credit ratings or to increase competition among credit rating agencies, provisions regarding remuneration and rotation of credit rating agencies, and liability standards applicable to credit rating agencies. Other laws, regulations and rules are being considered or are likely to be considered in the future that may impact ancillary and other services provided by Ratings in addition to its credit rating products and services, for example regulatory oversight regimes for ESG ratings providers such as the proposal for an EU regulation on the transparency and integrity of ESG rating activities. •These laws and regulations, and any other similar future rule-making, could result in reduced demand for credit ratings and/or significant increased costs, which we may be unable to pass through to customers. In addition, there may be uncertainty over the scope, interpretation and administration of such laws and regulations. We may be required to incur significant expenses and/or take actions inconsistent with our business objectives in order to comply with such laws and regulations and to mitigate the risk of fines, penalties or other sanctions. Legal proceedings could become increasingly lengthy and there may be increased uncertainty over and exposure to liability. It is difficult to accurately assess the future impact of legislative and regulatory requirements on our business and our customers’ businesses, and they may affect Ratings’ communications with issuers as part of the rating assignment process, alter the manner in which Ratings’ ratings are developed, affect the manner in which Ratings or its customers or users of credit ratings operate, impact the demand for our ratings or our other products and services and alter the economics of the credit ratings business. Each of these developments could materially increase the costs and legal risk associated with the issuance of our credit ratings or our other products and services and may have a material adverse effect on our operations, profitability and competitiveness, the demand for our credit ratings or our other products and services, and the manner in which our credit ratings are utilized. •Additional information regarding rating agencies is provided under Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, in this Annual Report on Form 10-K.

•The financial services industry is highly regulated, rapidly evolving and subject to the potential for increasing regulation in the U.S., Europe and elsewhere. The businesses conducted by Ratings are in certain cases regulated under the Credit Rating Agency Reform Act of 2006 (the “Reform Act”), the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”), the U.S. Securities Exchange Act of 1934 (the “Exchange Act”), and/or the laws of the states or other jurisdictions in which they conduct business. •In the past several years, the U.S. Congress, the International Organization of Securities Commissions ("IOSCO"), the SEC, the European Commission, including through the European Securities Market Authority ("ESMA") and the U.K. Financial Conduct Authority (“FCA”), as well as regulators in other countries in which Ratings operates, have been reviewing the role of rating agencies and their processes and the need for greater oversight or regulations concerning the issuance of credit ratings or the activities of credit rating agencies. Other laws, regulations and rules relating to credit rating agencies are being considered by local, national and multinational bodies and are likely to continue to be considered in the future, including provisions seeking to reduce regulatory and investor reliance on credit ratings, and liability standards applicable to credit rating agencies. •These laws and regulations, and any other similar future rule-making, could result in reduced demand for credit ratings and increased costs, which we may be unable to pass through to customers. In addition, there may be uncertainty over the scope, interpretation and administration of such laws and regulations. We may be required to incur significant expenses and/or take actions inconsistent with our business objectives in order to comply with such laws and regulations and to mitigate the risk of fines, penalties or other sanctions. Legal proceedings could become increasingly lengthy and there may be uncertainty over and exposure to liability. It is difficult to accurately assess the future impact of legislative and regulatory requirements on our business and our customers’ businesses, and they may affect Ratings’ communications with issuers as part of the rating assignment process, alter the manner in which Ratings’ ratings are developed, affect the manner in which Ratings or its customers or users of credit ratings operate, impact the demand for ratings and alter the economics of the credit ratings business. Each of these developments could increase the costs and legal risk associated with the issuance of credit ratings and may have a material adverse effect on our operations, profitability and competitiveness, the demand for credit ratings and the manner in which such ratings are utilized. •Additional information regarding rating agencies is provided under Item 7, Management’s Discussion and Analysis of Financial Condition and Results of Operations, in this Annual Report on Form 10-K. 18 18 18 Table of Contents Table of Contents Our Indices and Commodity Insights businesses are subject to new and evolving regulatory regimes in the EU, the U.K. and Australia and the potential for increased or changing regulations in the U.S. and elsewhere. Our Indices business is subject to evolving regulatory regimes in the EU, the U.K. and Australia. Our Commodity Insights business is subject to regulatory regimes in the EU and the U.K. This evolving regulatory landscape can increase our exposure, compliance risk and costs of doing business globally and therefore could have a material adverse effect on our business, financial condition or results of operations. •In addition to the extensive and evolving U.S. laws and regulations, foreign jurisdictions have taken measures to increase regulation of the financial services and commodities industries. •In October of 2012, IOSCO issued its Principles for Oil Price Reporting Agencies ("PRA Principles"), which IOSCO states are intended to enhance the reliability of oil price assessments that are referenced in derivative contracts subject to regulation by IOSCO members. Commodity Insights has taken steps to align its operations with the PRA Principles and, as recommended by IOSCO in its final report on the PRA Principles, has aligned to the PRA Principles for other commodities for which it publishes benchmarks. •In July of 2013, IOSCO issued its Principles for Financial Benchmarks ("Financial Benchmark Principles"), which are intended to promote the reliability of financial benchmarks by setting standards related to benchmark governance, benchmark quality, transparency and accountability mechanisms, including with regard to the indices and benchmarks published by Indices. Indices has taken steps to align its governance regime, control framework and operations with the Financial Benchmark Principles and engages an independent auditor to perform an annual reasonable assurance review of its adherence to the Financial Benchmark Principles. •The benchmark industry is subject to regulation in the EU (the “EU Benchmark Regulation”) and the U.K. (the “U.K. Benchmark Regulation”) as well as the evolving regulation of financial and commodity benchmarks in other jurisdictions. Indices and Commodity Insights are both supervised by the Netherlands Authority for the Financial Markets for the EU Benchmark Regulation. Indices is also supervised by the Financial Conduct Authority for the U.K. Benchmark Regulation. This legislation has and may continue to cause operating obligations, increased compliance risk and additional costs for Indices and Commodity Insights. •Indices is subject to the benchmark regulation in Australia under which it is required to and has obtained a license from and is subject to the supervision of the Australian Securities and Investment Commission regarding its administration of the S&P ASX 200 index. This legislation has and may continue to cause increased compliance risk and additional costs for Indices. •The EU's package of legislative measures called the Markets in Financial Instruments Directive and Regulation (collectively "MiFID II") have applied in all EU Member States since 2018. MiFID II includes provisions that, among other things: (i) mandate conditions and requirements on the licensing of benchmarks for the purposes of clearing related securities and provide for non-discriminatory access to exchanges and clearing houses for this purpose; (ii) modify the categorization and treatment of certain classes of derivatives; (iii) expand the categories of trading venues that are subject to regulation; (iv) require the unbundling of investment research from other services, including execution services, and direct that investment firms must pay for research either out of a dedicated research payment account which is paid for by clients or from the investment firm’s profits; and (v) provide for the mandatory trading of certain derivatives on exchanges (complementing the mandatory derivative clearing requirements in the EU Market Infrastructure Regulation of 2011, or EMIR). MiFID II and potential subsequent amendments may result in changes to the manner in which Indices and Commodity Insights license their indices and price assessments, respectively, and could also have an indirect impact on the credit ratings and third-party research products offered by other divisions of the Company for use within the EU. MiFID II and the Market Abuse Regulation (“MAR”) may impose additional regulatory burdens on the activities of Indices and Commodity Insights in the EU, although the exact impact and costs are not yet known.

Many of our offerings use new and evolving technologies, such as AI. These new and evolving technologies often present social and ethical risks and challenges that could affect their adoption, and therefore our business. For example, the use of AI could lead to harmful consequences such as accuracy issues, unintended biases or discriminatory outputs. If we enable or offer solutions that draw controversy due to their perceived or actual impact on society or if we fail to properly remediate any social or ethical issues that may arise in our offerings, we may experience brand or reputational harm, competitive harm, legal liability 15 15 15 Table of Contents Table of Contents or loss of public confidence, or our products and services may become less marketable or less competitive. For our AI products and services to be competitive in the evolving and continually developing AI landscape, we must apply resources and make investments to secure such competitiveness and to ensure that our AI products and services are developed and implemented in a way to minimize unintended and harmful impacts. In addition, our failure to continue development and adoption of ethical and transparent policies and procedures related to AI could negatively impact our reputation and customer confidence. Any of these social or ethical issues could materially and adversely affect our business, financial condition or results of operations.

Social and ethical issues relating to the use of new and evolving technologies, such as artificial intelligence (“AI”), in our offerings may result in reputational harm and liability, and may cause us to incur additional research and development costs to resolve such issues. We are increasingly building AI into many of our offerings. As with many innovations, AI presents risks and challenges that could affect its adoption, and therefore our business. If we enable or offer solutions that draw controversy due to their perceived or actual impact on society, we may experience brand or reputational harm, competitive harm or legal liability. Potential government regulation related to AI use and ethics may also increase the burden and cost of research and development in this area, and failure to properly remediate AI usage or ethics issues may cause public confidence in AI to be undermined, which could slow adoption of AI in our products and services. The rapid evolution of AI will require the application of resources to develop, test and maintain our products and services to help ensure that AI is implemented ethically in order to minimize unintended, harmful impact. Emerging AI applications may require additional investment in the development of proprietary datasets and machine learning models, and development of new approaches and processes, which may be costly and could impact our profit margin. Developing, testing, and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems.