high match confidence
Sentence-level differences:
- Reworded sentence: "Legislators and regulators around the world are increasingly adopting or revising privacy, data protection, data management, data transfer, AI and cybersecurity laws and regulations."
- Reworded sentence: "and international privacy and data protection laws may increase the complexity of our compliance operations, entail substantial expenses, divert resources from other initiatives and projects, require us to modify our data processing practices, policies or services, and adversely impact our business."
- Reworded sentence: "As we develop integrated and personalized products and services and acquire new companies to meet the needs of a changing marketplace, we may expand our data profile through additional data types and sources, across multiple channels, and involving new partners."
- Reworded sentence: "For example, as agentic commerce solutions scale, we may see increased instances of erroneous or disputed payments, increased chargebacks and reputational harm."
Current (2025):
Our business relies on the processing of data across national borders. Legislators and regulators around the world are increasingly adopting or revising privacy, data protection, data management, data transfer, AI and cybersecurity laws and regulations. For example, our ongoing…
Read full text
Our business relies on the processing of data across national borders. Legislators and regulators around the world are increasingly adopting or revising privacy, data protection, data management, data transfer, AI and cybersecurity laws and regulations. For example, our ongoing efforts to comply with complex U.S. and international privacy and data protection laws may increase the complexity of our compliance operations, entail substantial expenses, divert resources from other initiatives and projects, require us to modify our data processing practices, policies or services, and adversely impact our business. In addition, privacy laws in numerous jurisdictions, including but not limited to the U.S., China, India, Australia, New Zealand, Brazil, Kingdom of Saudi Arabia, Hong Kong and Japan, have established specific legal requirements for cross-border transfers of personal information and substantial compliance and audit obligations. Certain countries have also established specific legal requirements for data localization, such as where personal data must remain stored in the country. The global proliferation of new privacy and data protection laws may lead to inconsistent and conflicting requirements or legal interpretations, which create an uncertain regulatory environment. Noncompliance could also result in regulatory penalties and significant legal liability. Enforcement actions and investigations by regulatory authorities into companies related to data security incidents and privacy violations are generally increasing. In Europe, data protection authorities continue to apply and enforce the General Data Protection Regulation (GDPR), imposing record setting fines. As we develop integrated and personalized products and services and acquire new companies to meet the needs of a changing marketplace, we may expand our data profile through additional data types and sources, across multiple channels, and involving new partners. This potential expansion could amplify the impact of these various laws and regulations on our business. As a result, we are required to constantly monitor our privacy, data and cybersecurity practices and potentially change them when necessary or appropriate. We also may need to provide increased care in our data management, governance and quality practices, particularly as it relates to the use of data in products leveraging AI. We are also subject to a variety of laws and regulations governing the development, use and deployment of AI technologies. These laws and regulations are increasingly complex, fragmented and still evolving, and there is no single global regulatory framework for AI. Our development, deployment and use of AI and machine learning is subject to various risks at each stage of use. In the context of AI development, risks include those related to intellectual property considerations, the collection and use of personal data, third party risks, technical limitations of algorithms and the accuracy of training data, and compliance with emerging AI legal standards. The increased risk of inadvertent disclosure of confidential information or personal data in connection with the utilization of AI technologies may result in stronger regulatory scrutiny, leading to legal and regulatory investigations and 25 25 25 25 25 25 Table of Contents Table of Contents Table of Contents enforcement actions that may negatively affect our business, even if unfounded. In the context of use and deployment, risks include technical, operational and compliance considerations, and our ability to monitor and safely deploy AI systems throughout the organization with appropriate safeguards and in compliance with the various regulatory schemes related to AI technology. In particular, the adoption of agentic commerce, in which autonomous AI agents initiate and execute transactions on behalf of users, presents novel and complex regulatory, privacy and cybersecurity risks. Legal frameworks governing such autonomous agents remain nascent, with limited direct guidance specific to payments. The interplay between payments regulations, data privacy laws and evolving AI regulations may create uncertainty around compliance obligations and potential liability exposure as more participants (including sellers, fintechs, AI developers and enablers) enter the agentic commerce ecosystem. The market is still assessing how regulators may apply existing consumer protection and other laws in the context of AI. For example, as agentic commerce solutions scale, we may see increased instances of erroneous or disputed payments, increased chargebacks and reputational harm. Furthermore, reliance on agentic AI introduces challenges in monitoring cross-border, prohibited or high-risk transactions, where conflicting regulatory requirements may apply. The fragmented regulatory landscape for emerging technologies such as AI and inconsistent requirements across legal frameworks may amplify difficulties in identifying, preventing or mitigating risk with a single global approach, potentially increasing our compliance costs or stratifying our ability to leverage certain data or technologies for innovation. For instance, the EU has adopted a comprehensive AI Act that establishes harmonized rules across Europe, with key provisions for high-risk AI systems taking effect in August 2026. Meanwhile, several U.S. states, including California, Colorado and Utah, have adopted AI-specific frameworks or are considering applying existing consumer and data protection laws to regulate AI. Depending on how these different regulations are interpreted and enforced, they may limit the ability to develop and deploy AI systems or significantly increase associated compliance costs. Our development and implementation of governance frameworks aimed at complying with emerging laws and regulations applicable to our AI and machine learning systems may not be successful in mitigating all of these emerging risks.
View prior text (2024)
Our business relies on the processing of data across national borders. Legal requirements relating to the collection, storage, handling, use, disclosure, transfer, disposal and security of personal data continue to evolve, and we are subject to an increasing number of privacy, data protection, cybersecurity and AI requirements around the world. For example, our ongoing efforts to comply with complex U.S. state privacy and data protection regulations, and emerging international privacy and data protection laws, may increase the complexity of our compliance operations, entail substantial expenses, divert resources from other initiatives and projects, and limit the services we are able to offer. Additionally, privacy laws in other regions, such as China’s Personal Information Protection Law and India’s Personal Data Protection Act, may have extraterritorial application and include restrictions on cross-border data transfers, extensive notification and localization requirements, and substantial compliance and audit obligations. The global proliferation of new privacy and data protection laws may lead to inconsistent and conflicting requirements, which create an uncertain regulatory environment. Noncompliance could also result in regulatory penalties and significant legal liability. Enforcement actions and investigations by regulatory authorities into companies related to data security incidents and privacy violations are generally increasing. In Europe, data protection authorities continue to apply and enforce the General Data Protection Regulation (GDPR), imposing record setting fines. We are also subject to a variety of laws and regulations governing the development, use, and deployment of AI technologies. These laws and regulations are still evolving, and there is no single global regulatory framework for AI. The market is still assessing how regulators may apply existing consumer protection and other laws in the context of AI. There is thus uncertainty on what new laws will look like and how existing laws will apply to our development, use, and deployment of AI. In the midst of this uncertainty, we may face challenges due to the complexity and rapidly changing nature of AI technology and applicable laws. Our use of AI and machine learning is subject to various risks at each stage of use. In the context of AI development, risks include those related to intellectual property considerations, the collection and use of personal information, third party risks, technical limitations of algorithms and the accuracy of training data, and compliance with emerging AI legal standards. In the context of use and deployment, risks include ethical and compliance considerations, and our ability to monitor and safely deploy AI systems throughout the organization with appropriate safeguards. The EU has adopted a comprehensive AI Act that applies harmonized rules across Europe with the aim of fostering innovation and respecting fundamental rights. The EU AI Act comes into force in stages with the key provisions related to high risk AI coming into force in August 2026. There is still limited guidance on the EU AI Act, but it could, depending on how provisions are interpreted and enforced, limit the ability to create and deploy AI systems for uses deemed high-risk in the EU or add increased compliance costs associated with these systems. Our development and implementation of governance frameworks for our AI and machine learning systems may not be successful in mitigating all of these emerging risks. Further, as we develop integrated and personalized products and services and acquire new companies to meet the needs of a changing marketplace, we may expand our data profile through additional data types and sources, across multiple channels, and involving new partners. This potential expansion could amplify the impact of these various laws and regulations on our business. As a result, we are required to constantly monitor our privacy, 23 23 23 23 23 23 Table of Contents Table of Contents Table of Contents data and cybersecurity practices and potentially change them when necessary or appropriate. We also may need to provide increased care in our data management, governance and quality practices, particularly as it relates to the use of data in products leveraging AI.