--- ticker: SYY company: Sysco Corporation filing_type: 10-K year_current: 2023 year_prior: 2022 risks_added: 0 risks_removed: 0 risks_modified: 8 risks_unchanged: 18 source: SEC EDGAR url: https://riskdiff.com/syy/2023-vs-2022/ markdown_url: https://riskdiff.com/syy/2023-vs-2022/index.md generated: 2026-05-10 --- # Sysco Corporation: 10-K Risk Factor Changes 2023 vs 2022 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-05-10 > All data extracted directly from official filings. No hallucinated content. > **[AI-Generated Summary]** The paragraph below was produced by a language > model and may contain errors. All other content on this page is deterministically > extracted from the original SEC filing. > Sysco maintained its overall risk disclosure structure between 2022 and 2023, with no new risks added and none removed, though 8 of the 26 total risks were substantively modified. The most significant updates involved heightened emphasis on cybersecurity threats, multiemployer pension plan obligations, and economic/political instability - suggesting Sysco reassessed the materiality and scope of these existing risk exposures rather than identifying entirely new categories of risk. --- ## Summary | Status | Count | |--------|-------| | New risks added | 0 | | Risks removed | 0 | | Risks modified | 8 | | Unchanged | 18 | --- ## Modified: We rely on technology in our business, and any cybersecurity incident, other technology disruption or delay in implementing new technology could negatively affect our business and our relationships with customers. **Key changes:** - Reworded sentence: "Further, our business involves the storage and transmission of numerous classes of sensitive and/or confidential information and intellectual property, including customers' and suppliers' personal information, private information about employees and financial and strategic information about us and our business partners." - Reworded sentence: "Cyber threats are constantly evolving, are becoming more sophisticated and are being made by groups and individuals with a wide range of expertise and motives, and this increases the difficulty of detecting and successfully defending against them." - Reworded sentence: "Further, we anticipate continuing to devote significant resources to maintaining and upgrading our security measures generally, including those we employ to protect personal information against these cybersecurity threats." - Reworded sentence: "Failure to adequately assess and identify cybersecurity risks associated with acquisitions and new initiatives could increase our vulnerability to such risks." - Reworded sentence: "For example, we may incorporate emerging artificial intelligence (AI) solutions into our platform, offerings, services and features, and these applications may become important in our operations over time." **Prior (2022):** We use technology in substantially all aspects of our business operations, and our ability to serve customers most effectively depends on the reliability of our technology systems. We use software and other technology systems, among other things, to generate and select orders, to load and route trucks, to make purchases, to manage our warehouses and to monitor and manage our business on a day-to-day basis. We also use mobile devices, social networking and other online platforms to connect with our employees, suppliers, business partners and customers. Further, our business involves the storage and transmission of numerous classes of sensitive and/or confidential information and intellectual property, including customers' and suppliers' personal information, private information about employees and financial and strategic information about the 14 14 14 company and our business partners. This sensitive and/or confidential information and intellectual property are stored on information technology systems controlled by us, as well as systems controlled by third parties, such as our service providers. These technology systems and the operation thereof are vulnerable to disruption from circumstances beyond our control, including fire, natural disasters, power outages, systems failures, security breaches, espionage, cyber-attacks, viruses, theft and inadvertent release of information. We and our third-party providers experience cybersecurity incidents of varying degrees from time-to-time, including ransomware and phishing attacks, as well as distributed denial of service attacks and the theft of data. To date, these have not had a material impact on our financial condition, results of operations or liquidity; however, there is no assurance that there will not be a material adverse effect in the future, especially if the amount of insurance coverage we maintain is not sufficient to cover claims or liabilities relating to an incident. Potential consequences of a future material cybersecurity incident include business disruption; disruption to systems; theft, destruction, loss, corruption, misappropriation or unauthorized release of sensitive and/or confidential information or intellectual property (including personal information in violation of one or more privacy laws); reputational and brand damage; and potential liability, including litigation or other legal actions against us or the imposition by governmental authorities of penalties, fines, fees or liabilities, which, in turn, could cause us to incur significantly increased cybersecurity protection and remediation costs and the loss of customers. As the ongoing COVID-19 pandemic has resulted in many of our employees, contractors and other corporate partners working remotely, we must increasingly rely on information technology systems that are outside our direct control. These systems are potentially vulnerable to cyber-based attacks and security breaches. In addition, cyber criminals are increasing their attacks on individual employees with business email compromise scams designed to trick victims into transferring sensitive data or funds, or steal credentials that compromise information systems. The actions and controls we have implemented and are implementing to date, or which we seek to cause or have caused third-party providers to implement, may be insufficient to protect our systems, information or other intellectual property. Further, we anticipate devoting significant additional resources to upgrade our security measures generally, including those we employ to protect personal information against these cybersecurity threats. Further, as we pursue our strategy to grow through acquisitions and to pursue new initiatives that improve our operations and cost structure, we are also expanding and improving our information technologies, resulting in a larger technological presence and corresponding exposure to cybersecurity risk. Failure to adequately assess and identify cybersecurity risks associated with acquisitions and new initiatives would increase our vulnerability to such risks. Sysco's efforts to prevent security breaches and cybersecurity incidents, and to implement effective disaster recovery plans, may not be entirely effective to insulate us from technology disruption that could result in adverse effects on our results of operations. Additionally, information technology systems continue to evolve and, in order to remain competitive, we must implement new technologies in a timely and efficient manner. Our failure to implement timely new technologies may adversely affect our competitiveness and, consequently, our results of operations. **Current (2023):** We use technology in substantially all aspects of our business operations, and our ability to serve customers most effectively depends on the reliability of our technology systems. We use software and other technology systems, among other things, to generate and select orders, to load and route trucks, to make purchases, to manage our warehouses and to monitor and manage our business on a day-to-day basis. We also use mobile devices, social networking and other online platforms to connect with our employees, suppliers, business partners and customers. Further, our business involves the storage and transmission of numerous classes of sensitive and/or confidential information and intellectual property, including customers' and suppliers' personal information, private information about employees and financial and strategic information about us and our business partners. This sensitive and/or confidential information and intellectual property are stored on information technology systems controlled by us, as well as systems controlled by third parties, such as our service providers. These technology systems and the operation thereof are vulnerable to disruption from circumstances beyond our control, including fire, natural disasters, power outages, systems failures, security breaches, espionage, cyber-attacks, viruses, theft and inadvertent release of information. We and our third-party providers experience cybersecurity incidents of varying degrees from time-to-time, including ransomware and phishing attacks, as well as distributed denial of service attacks and the theft of data. Cyber threats are constantly evolving, are becoming more sophisticated and are being made by groups and individuals with a wide range of expertise and motives, and this increases the difficulty of detecting and successfully defending against them. For example, as disclosed in our Quarterly Report on Form 10-Q for our third quarter of fiscal 2023, in March 2023, Sysco became aware of a cybersecurity event perpetrated by a threat actor believed to have begun in January 2023. Immediately upon detection, Sysco initiated an investigation, with the assistance of cybersecurity and forensics professionals, determining that the threat actor had extracted certain company data, including data relating to operation of the business, customers, employees and personal data. This data extraction did not impact Sysco's operational systems and related business functions, and its service to customers continued uninterrupted. Sysco also notified federal law enforcement and provided other required notifications. To date, these cybersecurity incidents have not had a material impact on our financial condition, results of operations or liquidity. However, there is no assurance that there will not be a material adverse effect in the future, especially if the amount of insurance coverage we maintain is not sufficient to cover claims or liabilities relating to an incident. Potential consequences of a future material cybersecurity incident include: business disruption; disruption to systems; theft, destruction, loss, corruption, misappropriation or unauthorized release of sensitive and/or confidential information or intellectual property (including personal information in violation of one or more privacy laws); loss of revenue; reputational and brand damage; and potential liability, including litigation or other legal actions against us or the imposition by governmental authorities of penalties, fines, fees or liabilities, which, in turn, could cause us to incur significantly increased cybersecurity protection and remediation costs and the loss of customers. In addition, if our suppliers or customers experience such a breach or unauthorized disclosure or system failure, their businesses could be disrupted or otherwise negatively affected. This may result in a disruption in our supply chain or reduced customer orders, which would adversely affect our business operations. We have also outsourced several information technology support services and administrative functions to third-party service providers, including cloud-based service providers, and may outsource other functions in the future to achieve cost savings and 15 15 15 efficiencies. If these service providers do not perform effectively due to breach or system failure, we may not be able to achieve the expected benefits and our business may be disrupted. The COVID-19 pandemic has resulted in many of our employees, contractors and other corporate partners working remotely, increasing reliance on information technology systems that are outside our direct control. These systems are potentially vulnerable to cyber-based attacks and security breaches. In addition, cyber criminals are increasing their attacks on individual employees with business email compromise scams designed to trick victims into transferring sensitive data or funds, or steal credentials that compromise information systems. The actions and controls we have implemented and are implementing to date, or which we seek to cause or have caused third-party providers to implement, may be insufficient to protect our systems, information or other intellectual property. Further, we anticipate continuing to devote significant resources to maintaining and upgrading our security measures generally, including those we employ to protect personal information against these cybersecurity threats. Further, as we pursue our strategy to grow through acquisitions and to pursue new initiatives that improve our operations and cost structure, we are also expanding and improving our information technologies, resulting in a larger technological presence and corresponding exposure to cybersecurity risk. Failure to adequately assess and identify cybersecurity risks associated with acquisitions and new initiatives could increase our vulnerability to such risks. Our efforts to prevent security breaches and cybersecurity incidents, and to implement effective disaster recovery plans, may not be entirely effective to insulate us from technology disruption or protect us from adverse effects on our results of operations. Additionally, information technology systems continue to evolve and, in order to remain competitive, we must implement new technologies in a timely and efficient manner. For example, we may incorporate emerging artificial intelligence (AI) solutions into our platform, offerings, services and features, and these applications may become important in our operations over time. Our failure to implement timely and/or successfully new technologies, including AI, may adversely affect our competitiveness and, consequently, our results of operations. --- ## Modified: We may be required to pay material amounts under multiemployer defined benefit pension plans, which could adversely affect our financial condition, results of operations and cash flows. **Key changes:** - Reworded sentence: "In fiscal 2023, our total contributions to these plans were approximately $52.6 million." - Reworded sentence: "We estimate our share of the aggregate withdrawal liability on the multiemployer plans in which we participate could have been as much as $142.6 million as of August 18, 2023." **Prior (2022):** We contribute to several multiemployer defined benefit pension plans based on obligations arising under collective bargaining agreements covering union-represented employees. In fiscal 2022, our total contributions to these plans were approximately $45.5 million. The costs of providing benefits through such plans have increased in recent years. The amount of any increase or decrease in our required contributions to these multiemployer plans will depend upon many factors, including collective bargaining negotiations, actions taken by trustees who manage the plans, government regulations, changes in the funded status of these plans and the potential payment of a withdrawal liability if we, for any reason, cease to have an ongoing obligation to contribute to a given plan. Based upon the information available to us from the administrators of these plans, none of these plans have assets sufficient to fully pay their liabilities, and therefore all such plans have unfunded vested benefits. Increases in the unfunded liabilities of these plans may result in increased future contribution obligations imposed on us and on other participating employers. Under federal law, significant underfunding experienced by a given plan generally results in increased contribution obligations in the form of surcharges and supplemental contribution obligations. Our risk of such increased payments may be greater if any of the participating employers in these underfunded plans withdraws from a given plan due to insolvency and is not able to contribute an amount sufficient to fund the unfunded liabilities associated with its participants in the plan. We could also be treated as partially withdrawing from participation in one of these plans if the number of our employees participating in a given plan is reduced to a certain percentage over a certain period of time, or if we cease to have an obligation to contribute under one or more, but fewer than all, of the collective bargaining agreements that require us to make contributions to a particular plan. Such reductions in the number of employees participating in these plans could occur as a result of changes in our business operations, such as facility closures or consolidations. Based on the latest information available from plan administrators, we estimate our share of the aggregate withdrawal liability on the multiemployer plans in which we participate could have been as much as $156.2 million as of August 13, 2022. A significant increase to funding requirements could adversely affect the company's financial condition, results of operations or cash flows. **Current (2023):** We contribute to several multiemployer defined benefit pension plans based on obligations arising under collective bargaining agreements covering union-represented employees. In fiscal 2023, our total contributions to these plans were approximately $52.6 million. The costs of providing benefits through such plans have increased in recent years. The amount of any increase or decrease in our required contributions to these multiemployer plans will depend upon many factors, including collective bargaining negotiations, actions taken by trustees who manage the plans, government regulations, changes in the funded status of these plans and the potential payment of a withdrawal liability if we, for any reason, cease to have an ongoing obligation to contribute to a given plan. Based upon the information available to us from the administrators of these plans, none of these plans have assets sufficient to fully pay their liabilities, and therefore all such plans have unfunded vested benefits. Increases in the unfunded liabilities of these plans may result in increased future contribution obligations imposed on us and on other participating employers. Under federal law, significant underfunding experienced by a given plan generally results in increased contribution obligations in the form of surcharges and supplemental contribution obligations. Our risk of such increased payments may be greater if any of the participating employers in these underfunded plans withdraws from a given plan due to insolvency and is not able to contribute an amount sufficient to fund the unfunded liabilities associated with its participants in the plan. We could also be treated as partially withdrawing from participation in one of these plans if the number of our employees participating in a given plan is reduced to a certain percentage over a certain period of time, or if we cease to have an obligation to contribute under one or more, but fewer than all, of the collective bargaining agreements that require us to make contributions to a particular plan. Such reductions in the number of employees participating in these plans could occur as a result of changes in our business operations, such as facility closures or consolidations. We estimate our share of the aggregate withdrawal liability on the multiemployer plans in which we participate could have been as much as $142.6 million as of August 18, 2023. This estimate is based on the information available from plan administrators, which had valuation dates between February 1, 2020 and December 31, 2022. As the valuation dates for all of the plans was between February 1, 2020 and December 31, 2022, the company's estimate reflects the condition of the financial markets as of this date range. Due to the lack of current information, management believes Sysco's current share of the withdrawal liability could materially differ from this estimate. A significant increase to funding requirements could adversely affect our financial condition, results of operations and cash flows. --- ## Modified: Economic and political instability and changes in laws and regulations could adversely affect our results of operations and financial condition. **Key changes:** - Reworded sentence: "Local or regional geopolitical events, such as Brexit and, civil unrest in France in 2023 related to socioeconomic issues, have negatively impacted our operations." - Reworded sentence: "In addition, military conflicts, such as the invasion of Ukraine by Russia, can negatively impact global demand." - Reworded sentence: "Although our business has not been materially impacted to date by the ongoing invasion of Ukraine by Russia, it is impossible to predict the extent to which our operations, or those of our suppliers and customers, will be impacted in the short 9 9 9 and long term, or the ways in which the conflict may impact our business." - Reworded sentence: "Any such disruptions may also magnify the impact of other risks described in this Annual Report on Form 10-K." **Prior (2022):** Our international operations subject us to certain risks, including economic and political instability and potential unfavorable changes in laws and regulations in international markets in which we operate. For example, the U.K. exited the EU on January 31, 2020, with a transition period that ended on December 31, 2020. Local or regional geopolitical events, such as Brexit and, the "yellow vest" protests in France in 2020, have negatively impacted our operations. Similar future trade or labor disruptions or disputes could have a negative impact on our operations in the EU and other parts of the world. 9 9 9 In addition, military conflicts, such as the invasion of Ukraine by Russia, can negatively impact global demand. In response to such conflicts, various governments can and have recently imposed export controls on certain products and financial and economic sanctions on certain industry sectors and parties, which actions can have a negative impact on our operations. Although our business has not been materially impacted to date by the ongoing invasion of Ukraine by Russia, it is impossible to predict the extent to which our operations, or those of our suppliers and customers, will be impacted in the short and long term, or the ways in which the conflict may impact our business. The extent and duration of the military action, sanctions and resulting market disruptions are difficult to predict, but could be substantial. Further escalation of geopolitical tensions related to the military conflict, including increased trade barriers or restrictions on global trade, could result in, among other things, cyberattacks, supply disruptions, lower consumer demand and changes to foreign exchange rates and financial markets. Any or all of these factors could disrupt our business directly and could disrupt the business of our customers, which could have an adverse effect on our business and results of operations. Any such disruptions may also magnify the impact of other risks described in this Form 10-K. **Current (2023):** Our international operations subject us to certain risks, including economic and political instability and potential unfavorable changes in laws and regulations in international markets in which we operate. Local or regional geopolitical events, such as Brexit and, civil unrest in France in 2023 related to socioeconomic issues, have negatively impacted our operations. Similar future trade or labor disruptions or disputes could have a negative impact on our operations in the EU and other parts of the world. In addition, military conflicts, such as the invasion of Ukraine by Russia, can negatively impact global demand. In response to such conflicts, various governments can and have recently imposed export controls on certain products and financial and economic sanctions on certain industry sectors and parties, which actions can have a negative impact on our operations. Although our business has not been materially impacted to date by the ongoing invasion of Ukraine by Russia, it is impossible to predict the extent to which our operations, or those of our suppliers and customers, will be impacted in the short 9 9 9 and long term, or the ways in which the conflict may impact our business. The extent and duration of the military action, sanctions and resulting market disruptions are difficult to predict, but could be substantial. Further escalation of geopolitical tensions related to the military conflict, including increased trade barriers or restrictions on global trade, could result in, among other things, cyberattacks, supply disruptions, lower consumer demand and changes to foreign exchange rates and financial markets. Any or all of these factors could disrupt our business directly and could disrupt the business of our customers, which could have an adverse effect on our business and results of operations. Any such disruptions may also magnify the impact of other risks described in this Annual Report on Form 10-K. --- ## Modified: A shortage of qualified labor and increases in labor costs could adversely affect our business and materially reduce earnings. **Key changes:** - Reworded sentence: "The future success of our operations, including the achievement of our strategic objectives, depends on our ability, and the ability of certain third parties on which we rely, to identify, recruit, develop and retain diverse, qualified and talented individuals." - Reworded sentence: "Unsuccessful recruiting and retention efforts as a result of such continuing shortages for a prolonged period of time could have a material adverse effect on our financial condition and results of operations." - Reworded sentence: "Increases in such labor costs for a prolonged period of time could have a material adverse effect on our financial condition and results of operations." **Prior (2022):** The future success of our operations, including the achievement of our strategic objectives, depends on our ability, and the ability of certain third parties on which we rely, to identify, recruit, develop and retain qualified and talented individuals. As a result, any shortage of qualified labor could significantly adversely affect our business. Any such shortage could decrease our ability to effectively serve our customers and achieve our strategic objectives. In the current operating environment, we are experiencing a shortage of qualified labor in certain geographies, particularly with regard to recruiting and retaining warehouse workers and drivers, resulting in increased costs from certain temporary wage actions, such as hiring and referral and retention bonus programs. See the discussion under "Human Capital Resources" in Item 1, "Business" for additional information regarding our talent acquisition and talent management efforts in the context of these labor shortages. Unsuccessful recruiting and retention efforts as a result of such continuing shortages for a prolonged period of time could have a material adverse effect on the company's financial condition and results of operations. Labor shortages will also likely lead to higher wages for employees and higher costs to purchase the services of third parties. Increases in labor costs, such as increases in minimum wage requirements, wage inflation and/or increased overtime, reduce our profitability and that of our customers. Increases in such labor costs for a prolonged period of time could have a material adverse effect on the company's financial condition and results of operations. **Current (2023):** The future success of our operations, including the achievement of our strategic objectives, depends on our ability, and the ability of certain third parties on which we rely, to identify, recruit, develop and retain diverse, qualified and talented individuals. As a result, a shortage of qualified labor could adversely affect our business, decrease our ability to effectively serve our customers, and achieve our strategic objectives. We are experiencing a shortage of qualified labor in certain geographies, particularly in the area of warehouse workers and drivers. Such shortages frequently result in increased costs from certain temporary wage actions, such as hiring, referral, and retention bonus programs. See the discussion under "Human Capital Resources" in Item 1, "Business" for additional information regarding our talent acquisition and talent management efforts in the context of these labor shortages. Unsuccessful recruiting and retention efforts as a result of such continuing shortages for a prolonged period of time could have a material adverse effect on our financial condition and results of operations. Labor shortages also likely lead to higher wages for employees and higher costs to purchase the services of third parties. Increases in labor costs, such as increases in minimum wage requirements, wage inflation and/or increased overtime, reduce our profitability and that of our customers. Increases in such labor costs for a prolonged period of time could have a material adverse effect on our financial condition and results of operations. Further, potential changes in labor legislation and case law could result in current non-union portions of our workforce, including warehouse and delivery personnel, being subjected to greater organized labor influence. If additional portions of our workforce became subject to collective bargaining agreements, this could result in increased costs of doing business as we would become subject to mandatory, binding arbitration or labor scheduling, costs and standards, which may reduce our operating flexibility. --- ## Modified: Failure to successfully renegotiate union contracts could result in work stoppages, which could have a material adverse effect on our business, financial condition and results of operations. **Key changes:** - Reworded sentence: "As of July 1, 2023, we had approximately 72,000 employees, approximately 15% of whom were represented by unions, primarily the International Brotherhood of Teamsters and unions in France and Sweden." - Reworded sentence: "We believe our operating sites have good relationships with their unions, but a work stoppage due to failure of multiple operating subsidiaries to renegotiate union contracts could have a material adverse effect on our business, financial condition and results of operations." **Prior (2022):** As of July 2, 2022, we had approximately 71,000 employees, approximately 17% of whom were represented by unions, primarily the International Brotherhood of Teamsters and unions in France and Sweden. Approximately 9% of our union employees are covered by collective bargaining agreements that are subject to renegotiation in fiscal 2023. Failure to effectively renegotiate these contracts could result in work stoppages. We believe our operating sites have good relationships with their unions, but a work stoppage due to failure of multiple operating subsidiaries to renegotiate union contracts could have a material adverse effect on us. **Current (2023):** As of July 1, 2023, we had approximately 72,000 employees, approximately 15% of whom were represented by unions, primarily the International Brotherhood of Teamsters and unions in France and Sweden. Approximately 15% of our union employees are covered by collective bargaining agreements that are subject to renegotiation in fiscal 2024. Failure to effectively renegotiate these contracts could result in work stoppages. We believe our operating sites have good relationships with their unions, but a work stoppage due to failure of multiple operating subsidiaries to renegotiate union contracts could have a material adverse effect on our business, financial condition and results of operations. --- ## Modified: Our failure to comply with data privacy regulations could adversely affect our business. **Key changes:** - Reworded sentence: "There are new and emerging data privacy laws, as well as frequent updates and changes to existing data privacy laws, in most jurisdictions in which we operate." - Reworded sentence: "In the UK and Europe, the General Data Protection Regulation (the GDPR), which came into effect in 2018, places stringent requirements on companies when handling personal data." **Prior (2022):** There are new and emerging data privacy laws, as well as frequent updates and changes to existing data privacy laws, in most jurisdictions in which Sysco operates. Given the complexity of these laws and the often-onerous requirements they place on businesses regarding handling personal data, it is important for Sysco to understand their impact and respond accordingly. Failure to comply with data privacy laws can result in substantial fines or penalties, legal liability and / or reputational damage. In the UK and Europe, the General Data Protection Regulation (GDPR), which came into effect in 2018, places stringent requirements on companies when handling personal data and there continues to be a growing trend of other countries adopting similar laws, including Canada. Since 2020, five US states (i.e., California, Virginia, Colorado, Utah and Connecticut) have enacted stringent consumer privacy laws. In January 2023, we expect significant changes to come into effect in California, which will further enhance and extend an individual's rights over their personal data and the obligations placed on companies that handle this data, with the adoption of the California Privacy Rights Act (CPRA). Most notably, it is expected that employee and business data will be brought into scope, which raises the compliance requirements for Sysco significantly, in terms of internal controls, processes and governance requirements. Continued state by state introduction of privacy laws could lead to significantly greater complexity in our compliance requirements globally, which could result in complaints from data subjects and/or action from regulators. If Sysco does not provide sufficient resources to ensure it is able to respond, adapt and implement the necessary requirements to respond to the various forthcoming changes, which could include federal data privacy requirements in the US, while continuing to maintain our compliance with global data privacy laws, this could adversely impact our reputation and Sysco could face exposure to fines levied by regulators, which could have a significant financial impact on our business. 15 15 15 **Current (2023):** There are new and emerging data privacy laws, as well as frequent updates and changes to existing data privacy laws, in most jurisdictions in which we operate. Given the complexity of these laws and the often-onerous requirements they place on businesses regarding the collection, storage, handling, use, disclosure, transfer, and security of personal data, it is important for us to understand their impact and respond accordingly. Failure to comply with data privacy laws can result in substantial fines or penalties, legal liability and / or reputational damage. In the UK and Europe, the General Data Protection Regulation (the GDPR), which came into effect in 2018, places stringent requirements on companies when handling personal data. There continues to be a growing trend of other countries adopting similar laws. Additionally, there continues to be significant uncertainty with respect to the California Consumer Privacy Act of 2018 (the CCPA), which went into effect on January 1, 2020, and imposes additional obligations on companies regarding the handling of personal information and provides certain individual privacy rights to persons whose information is collected. Both the GDPR and the CCPA are continuously evolving and developing and may be interpreted and applied differently from jurisdiction to jurisdiction and may create inconsistent or conflicting requirements. For example, the California Privacy Rights Act (the CPRA), which was approved by California voters as a ballot initiative in November 2020, modifies the CCPA significantly, further enhancing and extending an individual's rights over their personal data and the obligations placed on companies that handle this data. The resulting new regulations became effective on January 1, 2023. Most notably, employee and business data were brought into scope, which raises the compliance requirements for us significantly, in terms of internal controls, processes and governance requirements. Furthermore, since 2020, several other U.S. states have enacted (and additional U.S. states are considering enacting) stringent consumer privacy laws, which may impose varying standards and requirements on our data collection, use and processing activities. Continued state by state introduction of privacy laws can be expected to lead to significantly greater complexity in our compliance requirements globally, which could result in complaints from data subjects and/or action from regulators. If we do not provide sufficient resources to ensure we are able to respond, adapt and implement the necessary requirements to respond to the various forthcoming changes, which could include federal data privacy requirements in the US, while continuing to maintain our compliance with global data privacy laws, this could adversely impact our reputation and we could face exposure to fines levied by regulators, which could have a significant financial impact on our business. 16 16 16 --- ## Modified: Changes in applicable tax laws or regulations and the resolution of tax disputes could negatively affect our financial results. **Key changes:** - Reworded sentence: "For example: 12 12 12 •The U.S." - Added sentence: "•On August 16, 2022, the U.S." - Added sentence: "Congress passed the Inflation Reduction Act of 2022 (Inflation Reduction Act), which, among other provisions, creates a new corporate alternative minimum tax (CAMT) of at least 15% for certain large corporations that have at least an average of $1 billion in adjusted financial statement income over a consecutive three-year period effective after December 31, 2022." - Added sentence: "The Inflation Reduction Act also includes a 1% excise tax on certain stock repurchases beginning in 2023." - Added sentence: "We do not expect to meet the CAMT threshold in the near term." **Prior (2022):** As a multinational corporation, we are subject to income taxes, as well as non-income-based taxes, in both the U.S. and various foreign jurisdictions. Significant judgment is required in determining our worldwide provision for income taxes and other tax liabilities. Changes in tax laws or tax rulings may have a significant adverse impact on our effective tax rate. For example, the U.S. and many countries where we do business are actively considering or have recently enacted changes in relevant tax, accounting and other laws, regulations and interpretations, including changes to tax laws applicable to corporate multinationals. Further, in the ordinary course of a global business, there are many intercompany transactions and calculations where the ultimate tax determination could change if tax laws or tax rulings were to be modified. We are also subject to non-income- 12 12 12 based taxes, such as payroll, sales, use, value-added, net worth, property and goods and services taxes, in both the U.S. and various foreign jurisdictions. Although we believe that our income and non-income-based tax estimates are appropriate, there is no assurance that the final determination of tax audits or tax disputes will not be different from what is reflected in our historical income tax provisions and accruals. Given the unpredictability of possible further changes to the U.S. or foreign tax laws and regulations and their potential interdependency, it is very difficult to predict the cumulative effect of such tax laws and regulations on our results of operations and cash flow, but such laws and regulations (and changes thereto) could adversely impact our financial results. **Current (2023):** As a multinational corporation, we are subject to income taxes, as well as non-income-based taxes, in both the U.S. and various foreign jurisdictions. Significant judgment is required in determining our worldwide provision for income taxes and other tax liabilities. Changes in tax laws or tax rulings may have a significant adverse impact on our effective tax rate. For example: 12 12 12 •The U.S. and many countries where we do business are actively considering or have recently enacted changes in relevant tax, accounting and other laws, regulations and interpretations, including changes to tax laws applicable to corporate multinationals. •On August 16, 2022, the U.S. Congress passed the Inflation Reduction Act of 2022 (Inflation Reduction Act), which, among other provisions, creates a new corporate alternative minimum tax (CAMT) of at least 15% for certain large corporations that have at least an average of $1 billion in adjusted financial statement income over a consecutive three-year period effective after December 31, 2022. The Inflation Reduction Act also includes a 1% excise tax on certain stock repurchases beginning in 2023. We do not expect to meet the CAMT threshold in the near term. •On October 8, 2021, the Organization for Economic Co-operation and Development (OECD) announced the OECD/G20 Inclusive Framework on Base Erosion and Profit Shifting, which provides for a two-pillar solution to address tax challenges arising from the digitalization of the economy. Pillar One expands a country's authority to tax profits from companies that make sales into their country but do not have a physical location in the country. Pillar Two includes an agreement on international tax reform, including rules to ensure that large corporations pay a minimum rate of corporate income tax. On December 20, 2021, the OECD released Pillar Two Model Rules defining the global minimum tax, which calls for the taxation of large corporations at a minimum rate of 15%. The OECD continues to release additional guidance on the two-pillar framework, with widespread implementation anticipated by 2024. We are continuing to evaluate the potential impact on future periods of the Pillar Two Framework, pending legislative adoption by individual countries. Further, in the ordinary course of a global business, there are many intercompany transactions and calculations where the ultimate tax determination could change if tax laws or tax rulings were to be modified. We are also subject to non-income-based taxes, such as payroll, sales, use, value-added, net worth, property and goods and services taxes, in both the U.S. and various foreign jurisdictions. Although we believe that our income and non-income-based tax estimates are appropriate, there is no assurance that the final determination of tax audits or tax disputes will not be different from what is reflected in our historical income tax provisions and accruals. Given the unpredictability of possible further changes to the U.S. or foreign tax laws and regulations and their potential interdependency, it is very difficult to predict the cumulative effect of such tax laws and regulations on our results of operations and cash flow, but such laws and regulations (and changes thereto) could adversely impact our financial results. Additionally, we are subject to regular review and audit by both domestic and foreign tax authorities as well as to the prospective and retrospective effects of changing tax regulations and legislation. Although we believe our tax estimates are reasonable, the ultimate tax outcome may materially differ from the tax amounts recorded in our Consolidated Financial Statements and may materially affect our income tax provision, net income, or cash flows in the period or periods for which such determination and settlement occurs. --- ## Modified: Global health developments and economic uncertainty resulting from the COVID-19 pandemic or other future public health crises may continue to adversely affect our business, financial condition and results of operations. **Key changes:** - Reworded sentence: "Public health crises, pandemics and epidemics could adversely affect our business, financial condition and results of operations." **Prior (2022):** Public health crises, pandemics and epidemics, such as the COVID-19 pandemic, have impacted our operations directly and may continue to impact us directly, or may continue to disrupt the operations of our business partners, suppliers and customers in ways that could have an adverse effect on our business, results of operations and financial condition. Fear of such events may further alter consumer confidence, behavior and spending patterns, and could adversely affect the economies and financial markets of many countries (or globally), resulting in an economic downturn that could affect customers' demand for our products. In response to the outbreak of COVID-19 and its development into a pandemic, governmental authorities in many countries in which we operate, and in which our customers are present and suppliers operate, have, imposed mandatory closures, sought voluntary closures and imposed restrictions on, or advisories with respect to, travel, business operations and public gatherings or interactions. Among other matters, these actions have required or strongly urged various venues where foodservice products are served, including restaurants, schools, hotels and cruise liners, to reduce or discontinue operations, which have adversely affected and will continue to adversely affect demand in the foodservice industry, including demand for our products and services. Mutations of the virus have arisen, and are continuing to arise, some of which have proven to be particularly aggressive variants. As these variants spread, some governmental authorities have reintroduced certain restrictions and others may decide to do so in the future, which could adversely affect demand in the foodservice industry. To the extent the COVID-19 pandemic continues to adversely affect our business, results of operations and financial condition, it may also have the effect of heightening many of the other risks described in this Annual Report on Form 10-K and subsequent filings with the SEC, such as those risks relating to our level of indebtedness, and may have an adverse effect on the price of our common stock. **Current (2023):** Public health crises, pandemics and epidemics could adversely affect our business, financial condition and results of operations. For example, the coronavirus (COVID-19) pandemic adversely impacted our business, results of operations and financial condition directly and disrupted the operations of our business partners, suppliers and customers. While our operations have generally stabilized since the peak of the COVID-19 pandemic, we cannot predict with certainty the extent to which our operations may be impacted in the future by any continuing effects of COVID-19 on us or on our business partners, suppliers and customers. Fear of COVID-19 or similar events may further alter consumer confidence, behavior and spending patterns, and could adversely affect the economies and financial markets of many countries (or globally), resulting in an economic downturn that could affect customers' demand for our products. In response to the outbreak of COVID-19 and its development into a pandemic, governmental authorities in many countries in which we, our customers and our suppliers were present and operated, imposed mandatory closures, sought voluntary closures and imposed restrictions on, or advisories with respect to, travel, business operations and public gatherings or interactions. Among other matters, these actions required or strongly urged various venues where foodservice products were served, including restaurants, schools, hotels and cruise liners, to reduce or discontinue operations, which adversely affected demand in the foodservice industry, including demand for our products and services. Mutations of the virus have arisen, and may arise in the future, some of which could prove to be particularly aggressive variants, causing some governmental authorities to reintroduce certain restrictions in the future, which could adversely affect demand in the foodservice industry. The future outbreak of a public health crisis (including the reemergence of COVID-19) that adversely affects our business, results of operations and financial condition, could also have the effect of heightening many of the other risks described in this Annual Report on Form 10-K and subsequent filings with the SEC, such as those risks relating to our level of indebtedness, and may have an adverse effect on the price of our common stock. 8 8 8 --- *Data sourced from SEC EDGAR. Last updated 2026-05-10.*