--- ticker: UPS company: United Parcel Service Inc. filing_type: 10-K year_current: 2024 year_prior: 2023 risks_added: 0 risks_removed: 1 risks_modified: 6 risks_unchanged: 16 source: SEC EDGAR url: https://riskdiff.com/ups/2024-vs-2023/ markdown_url: https://riskdiff.com/ups/2024-vs-2023/index.md generated: 2026-05-10 --- # United Parcel Service Inc.: 10-K Risk Factor Changes 2024 vs 2023 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-05-10 > All data extracted directly from official filings. No hallucinated content. > **[AI-Generated Summary]** The paragraph below was produced by a language > model and may contain errors. All other content on this page is deterministically > extracted from the original SEC filing. > UPS removed its COVID-19 pandemic risk factor in 2024, reflecting the transition from acute pandemic concerns to normalized operations. The company substantively modified six risk disclosures, with notable changes to factors addressing asset impairment, labor disruptions, climate regulation compliance, and workforce retention, suggesting heightened attention to structural cost pressures and operational vulnerabilities. The stability of 16 unchanged risks indicates that core categories - including cybersecurity, supply chain disruption, and competitive pressures - remain consistently material to UPS's risk profile. --- ## Summary | Status | Count | |--------|-------| | New risks added | 0 | | Risks removed | 1 | | Risks modified | 6 | | Unchanged | 16 | --- ## No Match in Current: The consequences of the COVID-19 pandemic have had, and may continue to have, a significant impact on us, as well as on the operations of many of our customers. *This section from the 2023 filing does not have a high-confidence textual match in 2024. It may have been removed, merged, or substantially reworded.* The consequences of the COVID-19 pandemic have had a substantial impact on business and consumer activity, including contributing to a curtailment of certain business activities (including a decrease in demand for a broad variety of goods and services), significant ongoing supply chain disruptions, economic uncertainty and volatility in global financial markets. These consequences have significantly impacted, and may continue to significantly impact us, and have had, and may continue to have, a material adverse impact on the operations, financial performance and liquidity of many of our customers. Because of ongoing uncertainty with respect to the consequences of the COVID-19 pandemic, the future impact on our operations, financial condition and liquidity also remains uncertain and difficult to predict. This impact will continue to depend on evolving factors, many of which are not within our control, and to which we may not be able to effectively respond. These risks include, but are not limited to: a significant reduction in revenue due to renewed or extended curtailment of business activities; a significant increase in our expenses or a reduction in our operating margins due to long-term changes in the mix of our products and services; effects from governmental, business and individuals' actions that have been and continue to be taken in response to the pandemic (including workforce pressures); reductions in operating effectiveness due to employees working remotely or in hybrid models; unavailability of personnel; the delay or cancellation of capital projects and related delays in, or loss of, expected benefits therefrom; limited access to liquidity; increased volatility and pricing in the capital markets; further disruption of global supply chains; impairments in the fair value of our assets; increases in pension funding obligations; and reductions in our customers' credit-worthiness. --- ## Modified: Changes in markets and our business plans have resulted, and may in the future result, in substantial impairments of the carrying value of our assets, thereby reducing our net income. **Key changes:** - Added sentence: "If the carrying value of an asset exceeds its estimated fair value, we may be required to incur charges to reduce the carrying value thereof." - Added sentence: "For example, during the year ended December 31, 2023, as a result of a number of factors including changes in business strategy and challenging macroeconomic conditions such as increases in the risk-free interest rate and volatility of the stock prices of market comparables, we incurred impairment charges of $125 and $111 million in respect of goodwill and indefinite-lived intangible assets, respectively." **Prior (2023):** We regularly assess the carrying values of our assets relative to their estimated fair values. The determination of fair value is dependent on a significant number of estimates and assumptions that could be impacted by a variety of factors, including changes in business strategy, revenue, expenses, government regulations, including regulation related to climate change, costs of capital and economic or market conditions. The use of different estimates or assumptions could also result in different estimates of fair value. Our estimates of fair value have resulted from time to time, and may in the future result, in substantial impairments of our assets. In addition, we have been and may be required in the future to recognize increased depreciation and amortization charges if we determine the useful lives or salvage values of our assets are less than we originally estimated. Such changes have in the past, and may in the future, reduce our net income. 15 15 15 **Current (2024):** We regularly assess the carrying values of our assets relative to their estimated fair values. If the carrying value of an asset exceeds its estimated fair value, we may be required to incur charges to reduce the carrying value thereof. The determination of fair value is dependent on a significant number of estimates and assumptions that could be impacted by a variety of factors, including changes in business strategy, revenue, expenses, government regulations, including regulation related to climate change, costs of capital and economic or market conditions. The use of different estimates or assumptions could also result in different estimates of fair value. Our estimates of fair value have resulted from time to time, and may in the future result, in substantial impairments of our assets. For example, during the year ended December 31, 2023, as a result of a number of factors including changes in business strategy and challenging macroeconomic conditions such as increases in the risk-free interest rate and volatility of the stock prices of market comparables, we incurred impairment charges of $125 and $111 million in respect of goodwill and indefinite-lived intangible assets, respectively. In addition, we have been and may be required in the future to recognize increased depreciation and amortization charges if we determine the useful lives or salvage values of our assets are less than we originally estimated. Such changes have in the past, and may in the future, reduce our net income. --- ## Modified: Strikes, work stoppages or slowdowns by our employees could materially adversely affect us. **Key changes:** - Reworded sentence: "In the third quarter of 2023, a new national master agreement with the Teamsters, which runs through July 31, 2028, was ratified." - Added sentence: "Other employees may choose to organize in the future." - Reworded sentence: "As a result, customers have reduced, and in the future may reduce, their business or stop doing business with us if they believe that such actions or threatened actions may adversely affect our ability to provide services." - Reworded sentence: "The terms of collective bargaining agreements also may affect our competitive position and results of operations." **Prior (2023):** Many of our U.S. employees are employed under a national master agreement and various supplemental agreements with local unions affiliated with the International Brotherhood of Teamsters (the "Teamsters"). These agreements run through July 31, 2023. Our airline pilots, airline mechanics, ground mechanics and certain other employees are employed under other collective bargaining agreements. In addition, some of our international employees are employed under collective bargaining or similar agreements. Actual or threatened strikes, work stoppages or slowdowns by our employees could adversely affect our ability to meet our customers' needs. We have begun negotiating the various supplemental agreements with the Teamsters and expect that negotiations with respect to the national master agreement will commence in April 2023. We are negotiating in good faith in an effort to reach an agreement that is in the best interests of our employees, the Teamsters and UPS; however, no assurances of our ability to do so, or the timing or terms thereof, can be provided. Customers may reduce their business or stop doing business with us if they believe that such actions or threatened actions may adversely affect our ability to provide services. We may permanently lose customers if we are unable to provide uninterrupted service, and this could materially adversely affect us. The terms of future collective bargaining agreements also may affect our competitive position and results of operations. Furthermore, our actions or responses to any such negotiations, labor disputes, strikes or work stoppages could negatively impact how our brand is perceived and our corporate reputation and have adverse effects on our business, including our results of operations. **Current (2024):** Many of our U.S. employees are employed under a national master agreement and various supplemental agreements with local unions affiliated with the International Brotherhood of Teamsters (the "Teamsters"). In the third quarter of 2023, a new national master agreement with the Teamsters, which runs through July 31, 2028, was ratified. Our airline pilots, airline mechanics, ground mechanics and certain other employees are employed under other collective bargaining agreements. In addition, some of our international employees are employed under collective bargaining or similar agreements. Other employees may choose to organize in the future. Actual or threatened strikes, work stoppages or slowdowns by our employees could adversely affect our ability to meet our customers' needs. As a result, customers have reduced, and in the future may reduce, their business or stop doing business with us if they believe that such actions or threatened actions may adversely affect our ability to provide services. We may permanently lose customers if we are unable to provide uninterrupted service, and this could materially adversely affect us. The terms of collective bargaining agreements also may affect our competitive position and results of operations. Furthermore, our actions or responses to any such negotiations, labor disputes, strikes or work stoppages could negatively impact how our brand is perceived and our reputation and have adverse effects on our business, including our results of operations. --- ## Modified: Increasingly stringent regulations related to climate change, including reporting obligations, could materially increase our operating costs. **Key changes:** - Reworded sentence: "Regulation and required disclosures of greenhouse gas ("GHG") emissions and related matters exposes us to potentially significant new taxes, fees, disclosure and compliance obligations and other costs." - Reworded sentence: "In addition, the impact that participation in the Paris Climate Accords may have on future U.S." - Added sentence: "Furthermore, many countries, as well as U.S." - Added sentence: "states, in which we operate or are subject to regulation have adopted, or are expected to adopt, additional requirements relating to the disclosure of GHG emissions and related matters." - Added sentence: "In many cases these requirements differ and may conflict from country to country." **Prior (2023):** Regulation of greenhouse gas ("GHG") emissions exposes us to potentially significant new taxes, fees and other costs. Compliance with such regulation, and any increased or additional regulation, or the associated costs is further complicated by the fact that various countries and regions may adopt different approaches to climate change regulation. For example, in 2016, the International Civil Aviation Organization ("ICAO") adopted the Carbon Offsetting and Reduction Scheme for International Aviation ("CORSIA"), which is a global, market-based emissions offset program to encourage carbon-neutral growth. A voluntary participation pilot phase began in 2021, and full mandatory participation is scheduled to begin in 2027. ICAO continues to develop details regarding implementation, but compliance with CORSIA will increase our operating costs. In the U.S., Congress has considered but, to date, not passed various bills that would regulate GHG emissions. Nevertheless, we believe some form of federal climate change legislation is possible in the future. Even in the absence of such legislation, the Environmental Protection Agency could determine to regulate GHG emissions, especially aircraft or diesel engine emissions, and this could impose substantial costs on us. In addition, the impact that the re-entry into the Paris climate accord may have on future U.S. policy regarding GHG emissions, on CORSIA and on other GHG regulation remains uncertain. The extent to which other countries implement that accord could also have a material adverse effect on us. Increased regulation relating to GHG emissions in the U.S. or abroad, especially aircraft or diesel engine emissions, could, among other things, increase the cost of fuel and other energy we purchase and the capital costs associated with updating or replacing our aircraft or vehicles prematurely. We cannot predict the impact any future regulation will have on our cost structure or our operating results. It is likely that such regulation could significantly increase our operating costs and that we may not be willing or able to pass such costs along to our customers. Moreover, even without such regulation, increased awareness and any adverse publicity in the global marketplace about the GHGs emitted by companies in the airline and transportation industries could harm our reputation and reduce customer demand for our services, especially our air services. 16 16 16 **Current (2024):** Regulation and required disclosures of greenhouse gas ("GHG") emissions and related matters exposes us to potentially significant new taxes, fees, disclosure and compliance obligations and other costs. Compliance with such regulation, and any increased or additional regulation, or the associated costs is further complicated by the fact that various countries and regions may adopt different approaches to climate change regulation and disclosures. For example, the Carbon Offsetting and Reduction Scheme for International Aviation ("CORSIA"), a global, market-based emissions offset program to encourage carbon-neutral growth began a voluntary pilot phase in 2021, with mandatory participation scheduled to begin in 2027. The International Civil Aviation Organization, which adopted CORSIA, continues to develop details regarding implementation, but compliance with CORSIA is expected to increase our operating costs, potentially significantly. 16 16 16 In the U.S., Congress has considered but, to date, not passed various bills that would regulate GHG emissions. Nevertheless, we believe some form of federal climate change legislation is possible in the future. Even in the absence of such legislation, the Environmental Protection Agency could determine to regulate GHG emissions, especially aircraft or diesel engine emissions, and this could impose substantial costs on us. In addition, the impact that participation in the Paris Climate Accords may have on future U.S. policy regarding GHG emissions, on CORSIA and on other GHG regulation remains uncertain. The extent to which other countries implement that accord could also have a material adverse effect on us. Increased regulation relating to GHG emissions in the U.S. or abroad, especially aircraft or diesel engine emissions, could, among other things, increase the cost of fuel and other energy we purchase and the capital costs associated with updating or replacing our aircraft or vehicles prematurely. We cannot predict the impact any future regulation will have on our cost structure or our operating results. It is likely that such regulation could significantly increase our operating costs and that we may not be willing or able to pass such costs along to our customers. Moreover, even without such regulation, increased awareness and any adverse publicity in the global marketplace about the GHGs emitted by companies in the airline and transportation industries could harm our reputation and reduce customer demand for our services, especially our air services. Furthermore, many countries, as well as U.S. states, in which we operate or are subject to regulation have adopted, or are expected to adopt, additional requirements relating to the disclosure of GHG emissions and related matters. In many cases these requirements differ and may conflict from country to country. Compliance with these disclosure requirements may increase our operating costs or require significant management time and attention. Any failure to comply with applicable disclosure regulations in the U.S. (at either the federal or state level) or other countries could result in substantial fines or other penalties, which could materially adversely affect us. --- ## Modified: Failure to attract or retain qualified employees could materially adversely affect us. **Key changes:** - Reworded sentence: "We depend on the skills and continued service of our large workforce." **Prior (2023):** We maintain a large workforce. We necessarily depend on the skills and continued service of our employees. We also regularly seek to hire a large number of part-time and seasonal workers. We must be able to attract, engage, develop and retain a large and diverse global workforce and maintain an environment that supports our core values. If we are unable to hire, properly train or retain qualified employees, we could experience higher labor costs, reduced revenues, further increased workers' compensation and automobile liability claims, regulatory noncompliance, customer losses and diminution of our brand value or company culture, which could materially adversely affect us. Our ability to control labor costs has in the past been, and is expected to continue to be, subject to numerous factors, including turnover, training costs, regulatory changes, market pressures, inflation, unemployment levels and healthcare and other benefit costs. In addition, our strategic initiatives, including transformation, have led and are expected to continue to lead to the creation of fewer, but more impactful, jobs as we strive to lower our cost to serve. Our inability to continue to retain experienced and motivated employees may also materially adversely affect us. 10 10 10 **Current (2024):** We depend on the skills and continued service of our large workforce. We also regularly hire a large number of part-time and seasonal workers. We must be able to attract, develop and retain a large and diverse global workforce. If we are unable to hire, properly train or retain qualified employees, we could experience higher labor costs, reduced revenues, further increased workers' compensation and automobile liability claims costs, regulatory noncompliance, customer losses and diminution of our brand value or company culture, which could materially adversely affect us. Our ability to control labor costs has in the past been, and is expected to continue to be, subject to numerous factors, including labor-related contractual obligations, turnover, training costs, regulatory changes, market pressures, inflation, unemployment levels and healthcare and other benefit costs. In addition, we strive to lower our cost to serve, including labor costs, through various strategic initiatives. Our inability to continue to retain experienced and motivated employees through the execution of these initiatives may also materially adversely affect us. --- ## Modified: We maintain significant physical operations. Increases in operational security requirements impose substantial costs on us and we could be the target of an attack or have a security breach, which could materially adversely affect us. **Key changes:** - Reworded sentence: "As a result of concerns about global terrorism and homeland security, various governments have adopted and may adopt additional heightened security requirements, resulting in significantly increased operating costs." - Reworded sentence: "We cannot determine the effect that any new requirements will have on our operations, cost structure or operating results, and new rules or other future security requirements may significantly increase our operating costs and reduce operating efficiencies." **Prior (2023):** As a result of concerns about global terrorism and homeland security, various governments have adopted and may continue to adopt stricter security requirements, resulting in increased operating costs. Regulatory and legislative requirements may change periodically in response to evolving threats. We cannot determine the effect that any new requirements will have on our operations, cost structure or operating results, and new rules or other future security requirements may increase our operating costs and reduce operating efficiencies. Regardless of our compliance with security requirements or the steps we take to secure our facilities or fleet, we could also be the target of an attack or security breaches could occur, which could materially adversely affect us. **Current (2024):** As a result of concerns about global terrorism and homeland security, various governments have adopted and may adopt additional heightened security requirements, resulting in significantly increased operating costs. Regulatory and legislative requirements may change periodically in response to evolving threats. We cannot determine the effect that any new requirements will have on our operations, cost structure or operating results, and new rules or other future security requirements may significantly increase our operating costs and reduce operating efficiencies. Regardless of our compliance with security requirements or our own security measures, we could also be the target of an attack or security breaches could occur, which could materially adversely affect one or more of our operations, or our business. --- ## Modified: A significant cybersecurity incident, or increased data protection regulations, could materially adversely affect us. **Key changes:** - Reworded sentence: "We rely on information technology networks and systems and other operational technologies, including the internet and a number of internally-developed systems and applications, as well as certain technology systems from third-party vendors (collectively referred to as "IT") to operate our business." - Reworded sentence: "IT and other systems (ours, as well as those of our franchisees, acquired businesses, and third-party service providers) have been and will continue in the future to be susceptible to damage, disruptions and shutdowns due to programming errors, defects or other vulnerabilities, power outages, hardware failures, misconfigurations, computer viruses, cyber-attacks, encryption caused by ransomware or malware attacks, exfiltration of data, attacks by foreign governments, state-sponsored actors, or criminal groups, theft, misconduct by employees or other insiders, telecommunications failures, misuse, human errors or other catastrophic events." - Reworded sentence: "We utilize and interact with the IT networks and systems of third parties for many aspects of our business, including related to our customers, franchisees and service providers such as cloud service providers and third-party delivery services." - Removed sentence: "The occurrence of any of the events described above could result in material disruptions in our business, the loss of existing or potential customers, damage to our brand and reputation, additional regulatory scrutiny, litigation and other potential material liability." - Removed sentence: "Similarly, an actual or alleged failure to comply with increasingly challenging U.S." **Prior (2023):** We rely on information technology ("IT") networks and systems, including the internet and a number of internally-developed systems and applications, as well as certain technology systems from third-party vendors, to operate our business. For example, we rely on IT to receive package level information in advance of the physical receipt of packages, to move and track packages through our operations, to efficiently plan deliveries, to execute billing processes, and to track and report financial and operational data. Our franchise locations and subsidiaries also rely on IT systems to manage their business processes and activities. In addition, our services, and the operation of our networks and systems involve the collection, storage and transmission of significant amounts of proprietary information and sensitive or confidential data, including personal information of customers, employees and others. We regularly move data across national borders, and are subject to a variety of evolving laws and regulations in the U.S. and abroad regarding privacy, data protection and data security. The scope of these laws is often uncertain and may be conflicting, particularly with respect to foreign laws. For example, the E.U.'s General Data Protection Regulation greatly increases the jurisdictional reach of, and potential penalties under, E.U. law, and adds a broad array of requirements for handling personal data, including the public disclosure of significant data breaches. In addition, China and other countries have also enacted or proposed stringent data localization laws which could significantly increase our costs, require us to make extensive system or operational changes, or adversely affect the value of our services. IT systems (ours, as well as those of our franchisees, acquired businesses, and third-party service providers) are susceptible to damage, disruptions and shutdowns due to programming errors, defects or other vulnerabilities, power outages, hardware failures, computer viruses, cyber-attacks, ransomware or malware attacks, attacks by foreign governments and state-sponsored actors, theft, misconduct by employees or other insiders, telecommunications failures, misuse, human errors or other catastrophic events. These events, which have become more frequent and sophisticated, could, from time to time, cause material service outages, allow inappropriate or block legitimate access to systems or information, or result in other material interruptions in our business. In addition, the occurrence of any of these events could expose us, our customers, franchisees, service providers or others, to a risk of loss, disclosure or misuse of proprietary information and sensitive or confidential data, including personally identifiable information. 11 11 11 The techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently. In recent periods, the frequency and sophistication of cyber-attacks has increased, including as a result of state-sponsored cybersecurity attacks during periods of geopolitical conflict, such as the ongoing conflict in Ukraine. Accordingly, we may be unable to anticipate these techniques or to implement adequate measures to recognize, detect or prevent the occurrence of any of the events described above. We also may not discover the occurrence of any of the events described above for a significant period of time after the event occurs. Hybrid and remote working arrangements may heighten these risks. We also depend on and interact with the IT networks and systems of third-parties for many aspects of our operations, including our customers, franchisees and service providers such as cloud service providers and third-party delivery services. These third parties may have access to information we maintain about our company, operations, customers, employees and vendors, or operating systems that are critical to or can significantly impact our business operations. These third parties are subject to risks resulting from data breaches, cyberattacks, IT systems disruptions, and other events or actions described above that could damage, disrupt or close down their networks or systems. Security processes, protocols and standards that we implement and contractual provisions requiring security measures that we impose on such third-parties may not be sufficient or effective at preventing such events. Any of these events could result in unauthorized access to, or disruptions or denials of access to, misuse or disclosure of, information or systems that are important to us, including proprietary information, sensitive or confidential data, and other information about our operations, customers, employees and suppliers, including personal information. We have invested and expect to continue to invest in IT security initiatives, IT risk management and disaster recovery plans. The costs and operational consequences of implementing, maintaining and enhancing further data or system protection measures could increase significantly to overcome increasingly frequent, complex and sophisticated cyber threats and regulatory requirements. The occurrence of any of the events described above could result in material disruptions in our business, the loss of existing or potential customers, damage to our brand and reputation, additional regulatory scrutiny, litigation and other potential material liability. In addition, our customers' confidence in our ability to protect data and systems and to provide services consistent with their expectations could be impacted, further disrupting our operations. Similarly, an actual or alleged failure to comply with increasingly challenging U.S. and foreign data protection regulations or other data protection standards may expose us to litigation, fines, sanctions or other penalties. While we maintain cyber insurance, we cannot be certain that our coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. Although to date we are unaware of any material data breach or system disruption, including a cyber-attack, we cannot provide any assurances that such events and impacts will not occur and be material in the future. Our efforts to deter, identify, mitigate and/or eliminate future breaches may require significant additional effort and expense and may not be successful. **Current (2024):** We rely on information technology networks and systems and other operational technologies, including the internet and a number of internally-developed systems and applications, as well as certain technology systems from third-party vendors (collectively referred to as "IT") to operate our business. For example, we rely on these technologies to receive package level information in advance of the physical receipt of packages, to move and track packages through our operations, to efficiently plan deliveries, to execute billing processes, and to track and report financial and operational data. Our franchise locations and subsidiaries also rely on IT systems to manage their business processes and activities. IT and other systems (ours, as well as those of our franchisees, acquired businesses, and third-party service providers) have been and will continue in the future to be susceptible to damage, disruptions and shutdowns due to programming errors, defects or other vulnerabilities, power outages, hardware failures, misconfigurations, computer viruses, cyber-attacks, encryption caused by ransomware or malware attacks, exfiltration of data, attacks by foreign governments, state-sponsored actors, or criminal groups, theft, misconduct by employees or other insiders, telecommunications failures, misuse, human errors or other catastrophic events. In recent periods, the frequency and sophistication of cyber-attacks have increased and are expected to continue to increase, including as a result of state-sponsored cybersecurity attacks during periods of geopolitical conflict, such as the ongoing conflicts in Ukraine and the Middle East. In addition, the rapid evolution and increased adoption of artificial intelligence technologies may intensify our cybersecurity risks. Accordingly, we may be unable to anticipate these techniques or to implement adequate measures to recognize, detect or prevent the occurrence of any of the events described 11 11 11 above. In addition, our security processes, protocols and standards may not prove to be sufficient, effective or may not be complied with, either intentionally or inadvertently. To date, we have not experienced a material cybersecurity incident. However, cybersecurity incidents have in the past and may in the future expose us, our customers, franchisees, service providers or others, to loss, disclosure or misuse of proprietary information and sensitive or confidential data or result in disruptions to our operations or those of our customers, franchisees, service providers or others. For example, cyber criminals have in the past gained access, and are expected to continue to try to gain access to customer accounts. The type of activity includes fraudulently diverting and misappropriating items being transported in our network, fraudulently charging shipment fees to customer or franchisee accounts, and fraudulently sending text messages to recipients purporting to be from UPS. The occurrence of any of the events described above could result in material disruptions in our business, the loss of existing or potential customers, damage to our brand and reputation, additional regulatory scrutiny, litigation and other potential material liability. We also may not discover the occurrence of any of the events described above for a significant period of time after the event occurs. We utilize and interact with the IT networks and systems of third parties for many aspects of our business, including related to our customers, franchisees and service providers such as cloud service providers and third-party delivery services. These third parties have access to information we maintain about our company, operations, customers, employees and vendors, or operating systems that are critical to or can significantly impact our business operations. These third parties are subject to risks described above, and other risks, that could damage, disrupt or close down their networks or systems. Security processes, protocols and standards that we implement and contractual provisions requiring security measures that we impose on such third parties may not be sufficient or effective at preventing such events or may not be adhered to. These events have in the past and could in the future result in unauthorized access to, or disruptions or denials of access to, misuse or disclosure of, information or systems that are important to us, including proprietary information, sensitive or confidential data, and other information about our operations, customers, employees and suppliers, including personal information. We have invested and expect to continue to invest in IT security initiatives, IT risk management and disaster recovery capabilities. The costs and operational consequences of implementing, maintaining and enhancing further data or system protection measures could increase significantly to overcome increasingly frequent, complex and sophisticated cyber threats and regulatory requirements. In addition, our customers' confidence in our ability to protect data and systems and to provide services consistent with their expectations could be impacted, further disrupting our operations. While we maintain cyber insurance, we cannot be certain that our coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim. Although to date we are unaware of any material data breach or cybersecurity incident, including an information system disruption, we cannot provide any assurances that such material events and impacts will not occur in the future. Our efforts to deter, identify, mitigate and/or eliminate future breaches or cybersecurity incidents may require significant additional effort and expense and may not be successful. In addition, there has recently been heightened regulatory and enforcement focus relating to the collection, use, retention, transfer, and processing of personal data in the U.S. (at both the state and federal level) and internationally, including the EU's General Data Protection Regulation, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and other similar laws that have been or are expected to be enacted by other jurisdictions. In addition, China and certain other jurisdictions have enacted more stringent data localization requirements. An actual or alleged failure to comply with applicable data protection laws, regulations, or other data protection standards has in the past and may in the future expose us to litigation, fines, sanctions, or other penalties, which could harm our reputation and adversely affect our business, results of operations, and financial condition. The regulatory environment is increasingly challenging, based on discretionary factors, and difficult to predict. Consequently, compliance with applicable regulations in the various jurisdictions in which we do business may present material obligations and risks to our business, including significantly expanded compliance burdens, costs, and enforcement risks which are expected to increase over time; require us to make extensive system or operational changes; or adversely affect the cost or attractiveness of the services we offer. 12 12 12 --- *Data sourced from SEC EDGAR. Last updated 2026-05-10.*