Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - ADBE

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

As previously discussed, our actual results could differ materially from our forward-looking statements. Below we discuss some of the factors that could cause these differences. The occurrence of these and many other factors described in this report, and factors that we do not presently know or that we currently believe to be immaterial, could materially and adversely affect our operations, performance and financial condition. Many factors affect more than one category and the factors are not in order of significance or probability of occurrence because they have been grouped by categories.

Risks Related to Our Ability to Grow Our Business

We may be unsuccessful at innovating in response to rapid technological or industry changes to meet customer needs, which could cause our business and financial results to suffer materially.

We operate in rapidly evolving industries and expect the pace of innovation to continue to accelerate. For example, artificial intelligence (“AI”), including generative and agentic, enables users of all skill levels to create and provide new ways of marketing, creating and editing content and interacting with documents. While we continue to release new AI solutions and to focus on enhancing the AI capabilities of our solutions and incorporating AI across existing solutions, there can be no assurance that our new or enhanced solutions and AI innovations will be successful, adopted or monetizable or that we will innovate effectively to keep pace with the rapid evolution of AI across our solutions. If we do not successfully innovate, adapt to rapid technological or industry changes and meet customer needs, our business and our financial results may be materially harmed.

We participate in rapidly evolving and intensely competitive markets, and, if we do not compete effectively, our business and financial results could materially suffer.

The markets for our solutions are rapidly evolving and intensely competitive. We expect competition to continue to intensify. Our numerous competitors include companies of various sizes and both public and private companies, including large, global companies and smaller companies with more specialized focuses, new entrants, and AI or cloud-native companies. Our competitors include companies with significant sales and research and development resources, broad brand awareness, long operating histories or access to large customer bases. Our competitors may deploy technical, marketing and financial resources more easily and effectively. Our competitors may develop or acquire additional products, services or solutions that are similar to ours or that achieve greater or faster acceptance. Our competitors may undertake faster and more far-reaching and successful development efforts or marketing campaigns, may adopt more aggressive pricing policies or may more effectively appeal to customers. As a result, current and potential customers may select the products, services or solutions of our competitors. For example, we face increasing competition from companies offering generative and agentic AI solutions, including but not limited to prompt-based and multi-modal creation and editing, document productivity and understanding, ad distribution and creation, and purpose-built AI agents. For additional information regarding our competition and the risks arising out of the competitive environment in which we operate, see the section titled “Competition” contained in Part I, Item 1 of this report.

Table of Contents

Issues relating to the development and use of AI in our solutions may result in reputational harm, liability and adverse business and financial results.

Social, ethical and operational issues relating to the use of AI, including generative AI and agentic AI, in our solutions may result in reputational harm, liability and additional costs. We are increasingly incorporating AI technologies, developed by us and by third parties, into many of our solutions. If our AI development, deployment, content labeling or governance is ineffective or inadequate, it may result in incidents that impair the public acceptance of AI solutions or cause harm to individuals, customers or society, or result in our solutions not working as intended or producing unexpected outcomes.

Jurisdictions around the world are developing and passing new regulations that apply specifically to the use of AI. For example, the U.S. AI regulatory framework remains in development and has been introduced at the federal level through executive orders and legislation has been introduced and enacted at the state level. Additionally, obligations under the EU AI Act have gone into effect and will continue to be implemented in phases through 2030, and other jurisdictions have passed or are considering similarly focused legislation. Some of our operations are subject to the EU AI Act and depending on how the EU AI Act is implemented and interpreted, we may have to adapt our business practices, contractual arrangements and services to comply with such obligations. Non-compliant companies under the EU AI Act may be subject to administrative fines. The use and availability of third-party AI models in our solutions could result in scrutiny and legal liability, including intellectual property infringement claims. Such claims or scrutiny could cause reputational harm and loss of customers, and adversely impact our business and financial results. In addition, new competition regulations on AI development and deployment could impose new requirements on our markets that could impact our business and financial results.

Uncertainty around new and evolving AI uses may require significant, additional investment to develop models and proprietary datasets, responsible-use frameworks and new approaches and processes to attribute or compensate content creators. We have experienced, and may in the future experience, challenges accessing AI models, datasets or hardware. AI solutions may continue to modify workforce needs, result in negative publicity, reputational harm, liability and decreased demand for our solutions, all of which could adversely impact our business.

If our reputation or our brands are damaged, our business and financial results may be adversely affected.

We believe our reputation and brands have been, and we expect them to continue to be, important to our business and financial results. Maintaining and enhancing our brands may require us to make substantial investments and these investments may not be successful. Our brands may be negatively affected by the actual or perceived failure to meet our sustainability commitments or appropriately respond to climate concerns; and uses of our solutions, particularly our AI solutions, in ways that are out of our control, such as to create or disseminate content that is deemed to be misleading, deceptive or intended to manipulate public opinion, or for illicit, objectionable or illegal ends, or by our failure to respond appropriately and in a timely manner to such uses. Further, such uses of our solutions may result in controversy or claims related to defamation, rights of publicity, illegal content, intellectual property infringement,

Table of Contents

harmful content, misinformation and disinformation, harmful bias, misappropriation, data privacy, derivative uses of third-party AI and personal injury torts. Entry into markets with weaker protection of brands or changes in the legal systems in countries in which we operate may also impact our ability to protect our brands. If we fail to maintain, enhance or protect our brands, or if we incur excessive expenses in our efforts to do so, our users’ trust in us and purchasing decisions and our business and financial results may be adversely affected.

We may not realize the anticipated benefits of acquisitions, investments or other strategic transactions, and they may disrupt our business and adversely affect our business and financial results.

We have acquired and may continue to acquire businesses, products, talent and technologies as part of our business strategy. Acquisitions, investments and other strategic transactions involve numerous risks and uncertainties, the occurrence of which may have an adverse effect on our business. These risks and uncertainties include:

•inability to achieve the expected financial and strategic benefits on a timely basis or at all;

•difficulty in effectively integrating operations, technologies, products, services, solutions, culture or personnel;

•disruption of our ongoing business and distraction of our management and other personnel;

•challenges to completing or failure to complete an announced transaction related to the failure to obtain regulatory approval, or the need to satisfy certain conditions precedent to closing such transaction (such as divestitures, ownership or operational restrictions or other structural or behavioral remedies) that could limit the anticipated benefits of the transaction;

•entry into markets in which we have minimal prior experience and where competitors in such markets have stronger market positions;

•inability to retain personnel, key customers, distributors, vendors and other business partners of the acquired business;

•delay in customer and distributor purchasing decisions due to uncertainty about the direction of our solutions;

•incurring higher than anticipated costs to effectively integrate an acquired business, to bring an acquired company into compliance with applicable laws and regulations, additional compensation issued or assumed in connection with an acquisition, to divest products, services or solutions acquired in unsuccessful acquisitions to amortize costs for acquired intangible assets or because of our inability to take advantage of anticipated tax benefits;

•increased collection times, elevated delinquency or bad debt write-offs related to receivables of an acquired business we assume;

•difficulty in maintaining controls, procedures and policies during the transition and integration of an acquired business and inability to conclude that our internal controls over financial reporting are effective;

•potential identified or unknown security vulnerabilities in acquired or integrated entities’ systems, technologies, or products that expose us to additional security risks or delay our ability to integrate the acquired products into our existing solutions;

•exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, a transaction;

•incurrence of additional debt to finance a transaction, which will increase our interest expense and leverage, and/or issuance of equity securities to finance transactions, which will dilute current shareholders’ percentage ownership and earnings per share;

•in the case of foreign transactions, the impact of particular economic, tax, currency, political, legal and regulatory risks associated with specific countries;

•brand or reputational harm associated with our acquisitions, investments or other strategic transactions; and

•failure to identify significant problems, liabilities or other challenges during due diligence.

Table of Contents

Our ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by adverse economic and political events, including trade tensions, and increased global scrutiny and evolving regulatory expectations relating to acquisitions and other strategic transactions. We may not be able to complete acquisitions or other strategic transactions to realize the anticipated benefits of such acquisitions or transactions on favorable terms, or at all, including as a result of challenges in obtaining regulatory approvals, and may incur additional costs. For example, we have experienced difficulties in obtaining regulatory approvals, resulting in the termination of a previously announced acquisition and the incurrence of additional costs.

Risks Related to the Operation of Our Business

If we are unable to recruit and retain key personnel, our business may be harmed, and our hybrid work model may present challenges, which could adversely impact our business.

Much of our future success depends on the continued service, availability and performance of our senior management and highly skilled personnel across all levels of our organization. Our senior management has acquired specialized knowledge and skills with respect to our business, and the loss of any of these individuals could harm our business, especially if we are not successful in developing adequate succession plans. Our efforts to attract, develop, integrate and retain highly skilled employees may be compounded by intensified restrictions on immigration or the availability of work visas. The technology industry has been and may continue to be subject to substantial and continuous competition for talent, particularly with AI and cybersecurity backgrounds, and demand for cutting-edge or unique skill sets may continue to be highly competitive, both of which are heightened with hybrid or remote working arrangements. Our hybrid work environment may also present operational, security and workplace culture challenges, which could negatively affect our ability to execute against our business objectives and retain and recruit personnel.

We have experienced, and may continue to experience, higher compensation costs to retain and recruit senior management or highly skilled personnel that may not be offset by innovation, improved productivity or increased sales. We continue to hire personnel in countries where exceptional technical knowledge and other expertise are offered at lower costs, which increases the efficiency of our global workforce structure and reduces our personnel-related expenditures. Nonetheless, as globalization continues, competition for talent in those countries has increased, which may impact our ability to retain these employees and increase our compensation-related expenses.

Service interruptions or failures of our information technology systems or those of third parties may impair the availability of our solutions, which may expose us to liability, damage our reputation and harm our future financial results.

Much of our business, including our online store at adobe.com, our cloud solutions and various business processes such as our enterprise resource planning system and customer and sales support, relies on hardware and services that are hosted, managed and controlled directly by us or third-party service providers to be available to our customers and users without disruption. If any critical third-party service provider of hosting or content delivery services is negatively affected or becomes unavailable to us for any reason, we may not be able to deliver the corresponding solutions to our customers and users. Failure of our systems or those of our third-party service providers could cause large, system-wide failures, disrupt our business operations and those of our customers, subject us to reputational harm, require costly and time-intensive notifications, and cause us to lose customers, users and future business. Occasionally, we migrate data among data centers and to third-party hosted environments.

It is also possible that hardware or software failures or errors in our systems (or those of our third-party service providers) could result in data loss or corruption, cause the information that we collect or maintain to be incomplete or contain inaccuracies that our customers regard as significant, or cause us to fail to meet committed service levels or comply with applicable notification requirements or other relevant contractual obligations to our customers. Furthermore, our ability to collect and report data may be delayed or interrupted by a number of factors, including access to the internet, the failure of our network or software systems, security breaches or significant variability in visitor traffic on customer websites. We may also find, on occasion, that we cannot deliver data and reports to our customers in near real-time due to factors such as significant spikes in customer activity on their websites or failures of our network or software (or that of a third-party service provider). If we fail to plan infrastructure capacity appropriately and expand it proportionally with the needs of our customer and user base, and we experience a rapid and significant demand on the capacity of our data centers or those of third parties, service outages or performance issues could occur, which may impact our customers. Such a strain on our infrastructure capacity may subject us

Table of Contents

to regulatory and customer notification requirements, violations of service level agreement commitments or financial liabilities and result in customer dissatisfaction or harm our business. If we supply materially inaccurate information or experience significant interruptions in our systems, our reputation could be harmed, we could lose customers and we could be found liable for damages or incur other losses.

Security incidents, improper access to or disclosure of our customers’ data or other cybersecurity incidents may harm our reputation and materially and adversely affect our business.

Our solutions collect, store, manage and otherwise process third-party data, including our customers’ data and our own data. Some of our solutions include third-party open-source software, which may contain security vulnerabilities that may be exploited, potentially compromising our solutions. Increasing use of AI in our internal systems and solutions may create new attack methods.

Cybersecurity incidents can be caused by human error from our workforce or that of our third-party service providers, by malicious third parties, acting alone or in groups, or by more sophisticated organizations, including nation-states and state-sponsored organizations.

Our solutions are incorporated into the supply chain of a large number of companies worldwide and, as a result, if our solutions experience a compromise, a large portion or, in some instances, all of our customers and their data for a given solution could be simultaneously affected. The potential liability and associated consequences we could suffer as a result of such a large scale event could be significant, and materially and adversely impact our business. While we actively combat such fraudulent activities, we have experienced, and may in the future experience, impacts to our revenue and reputation from such activities.

Maintaining the security of our solutions is a critical issue for us and our customers. We devote significant resources to address security vulnerabilities through various methods, including, but not limited to, engineering more secure products, enhancing security and reliability features in our products and systems, regularly reviewing our service providers’ security controls, and continually assessing and improving, as appropriate, our incident response process. However, it is impossible to accurately predict the extent, frequency or impact cybersecurity issues may have on us, and our security measures do not provide full effective protection from all such events. There can be no assurance that we have the capability to detect all vulnerabilities or new attack methods and our internal security controls may not keep pace with quickly evolving threats. The costs to prevent, eliminate, mitigate or remediate cybersecurity or other security problems and vulnerabilities are significant and may reduce our margins. Breaches of our security measures and the accidental loss, inadvertent disclosure or unauthorized dissemination of proprietary information or sensitive, personal or confidential data about us, our employees, our customers or their end users, including the potential loss or disclosure of such information or data have in the past, and could in the future, expose us, our employees, our customers or other individuals affected to a risk of loss or misuse of this information. Further, our efforts to address these problems, including notifying affected third parties when appropriate, have in the past been, and may in the future be, unsuccessful or delayed, which could result in business interruptions, cessation of service, loss of existing or potential customers and reputational harm. Actual or perceived security vulnerabilities or incidents have resulted in, and may result in additional, claims or litigation and liability or fines, costly and time-intensive notice requirements, governmental inquiry or oversight or a loss of customer confidence, any of which have in the past and may in the future harm our business and damage our brand and reputation. Our customers may also adopt security measures to protect their computer systems and their instances of our software from attack and may suffer a cybersecurity breach on their own systems, unrelated to our

Table of Contents

systems. Even if such breach is unrelated to our security systems, solutions or programs, such breach could cause us reputational harm and require us to incur significant economic and operational consequences to adequately assess and respond to their breach, and to implement additional safeguards designed to protect against future breaches.

While we maintain insurance to cover operational risks, such as cybersecurity risk and technology outages, our insurance may not be sufficient to cover all liability described herein.

If we are unable to develop, manage and maintain our sales channels, including our direct sales force, third-party distributors, and sales partners, or third-party relationships upon which we rely for critical business operations, our revenue and business may be adversely affected.

We rely on our direct sales channel and a number of third-party distributors and sales partners to distribute our solutions. We sell many solutions through our direct sales force. Risks associated with this sales channel include challenges related to hiring, retaining and motivating our direct sales force, and substantial amounts of ongoing training for sales representatives. Our business could be harmed if our direct sales expansion efforts do not generate the corresponding efficiencies and revenue we anticipated from such investment. In addition, the loss of key sales employees could impact our customer relationships and future ability to sell to certain accounts covered by such employees.

We rely on third-party distribution platforms and are subject to changes in pricing structure, terms of service, privacy practices and other policies at the discretion of the platform provider.

If an agreement with one of our distributors or partners was terminated, any prolonged delay in securing a replacement distributor or partner could have a negative impact on our results of operations. We also face legal risk and potential reputational harm from the activities of these independent third parties including, but not limited to, export control violations, workplace conditions, corruption and anti-competitive behavior.

We also rely on third-party service providers and technologies to deliver our solutions and business operations and to operate critical business systems, such as cloud-based infrastructure, data center facilities, generative AI, large language models, encryption and authentication technology, company email and other communication channels, and communications with customers. If such third parties are negatively affected, if we fail to effectively develop, manage and maintain our relationships with such third parties, or if we are unable to renew our agreements with them on favorable terms or at all, our expenses could significantly increase, and we and our customers may experience service interruptions. Any disruption or damage to, or failure of our systems generally, including the systems of our third-party platform providers, could result in interruptions in our services and harm our business. Further, interruptions in our services caused by us or our third-party service providers may cause us to issue credits or pay penalties, cause customers to make warranty or other claims against us or to terminate their subscriptions or contracts, and adversely affect our attrition rates and our ability to attract new customers, all of which may adversely affect our financial results. Our business and reputation would also be harmed if our customers and potential customers believe our services are unreliable.

We face various risks associated with operating as a multinational corporation, and global adverse economic and geopolitical conditions may harm our business and financial condition.

We derive a large portion of our total revenue from, and have significant operations, outside of the United States. As a multinational corporation, we are subject to a number of risks, including from global adverse economic and geopolitical conditions, that are uncertain and beyond our control and that make forecasting financial results and decisions about future investments difficult, such as:

•inflation and actions taken by central banks to counter inflation, including increasing interest rates;

•international and regional economic, political and labor conditions, including any instability or security concerns abroad, such as uncertainty caused by economic sanctions, downturns and recessions, trade disputes, tariffs, armed conflicts and wars, and epidemics and pandemics like COVID-19;

Table of Contents

•tax laws in the United States as well as other countries and jurisdictions;

•increased financial accounting and reporting burdens and complexities;

•changes in, or impositions of, legislative or regulatory requirements in the United States and other countries, including antitrust and competition regulations, consumer protection laws, or other government actions;

•changes in laws governing the flow of data across borders including into the United States;

•inadequate local infrastructure and difficulties in managing and staffing international operations;

•costs, potential liability, delays or loss of sales resulting from trade restrictions imposed by the United States and other countries, as well as trade laws, including but not limited to economic sanctions, tariffs and export controls;

•costs and delays associated with developing products in multiple languages; and

•operating in locations with a higher rate of corruption and fraudulent business practices.

Additionally, third parties we do business with and our customers have international operations and are also subject to the above risks. Other third parties, such as our service providers, suppliers and distributors, may be unable to deliver or be delayed in delivering critical services, products or technologies that we rely on, and our business and reputation may be harmed. If our global sales are reduced, delayed or canceled because of any of the above risks, our revenue may decline.

Further, a disruption in global financial markets could impair our banking partners, on which we rely for operating cash management, capital market transactions and derivative programs. Such disruption could also negatively impact our customers’ ability to pay us due to delays or inability to access their existing cash.

As of November 28, 2025, our investment portfolio consisted of money market funds, corporate debt securities, U.S. Treasury securities, time deposits and other investments. These investments are subject to credit, liquidity, market, and interest rate risks as well as economic downturns or events that affect global or regional financial markets that may cause the value of our investments to decline, requiring impairment charges, which could adversely affect our financial condition.

As we continue to target enterprise customers for certain of our solutions, we may face increased costs, longer sales cycles, greater competition and less predictability in completing our sales. We may be required to submit more robust proposals, participate in extended proof-of-concept evaluation cycles and engage in more extensive contract negotiations. In addition, our enterprise customers often demand more complex configurations and additional integration services and product features. Adverse macroeconomic and geopolitical events such as trade disputes and tariffs have caused, and may continue to cause, additional spend scrutiny and delays in our enterprise customers’ purchasing decisions, particularly for larger and more complex deals. Due to these factors, we often must devote greater sales support to certain enterprise customers, which increases our costs and time required to complete a sale, without assurance that potential customers will ultimately purchase our solutions. We also may be required to devote more services resources to implementation, which increases our costs, without assurance that customers receiving these services will renew or renew at the same level. Our revenue from enterprise customers may be affected by longer-than-expected sales, contract negotiation and implementation cycles, extended collection cycles, potential deferral of revenue and alternative licensing arrangements. Additionally, our enterprise sales pattern has historically been, and is expected to remain, uneven, where a higher percentage of a quarter’s total sales occur during the final weeks of each quarter, which is common in our industry.

Table of Contents

Risks Related to Laws and Regulations

We are, and may in the future become, subject to litigation, regulatory inquiries, investigations and other actions, which could result in an unfavorable outcome and have an adverse effect on our business, financial condition, results of operations and cash flows.

We are, and may in the future become, subject to various legal proceedings (including class action lawsuits), claims, negotiations, regulatory inquiries, investigations, enforcement actions and other actions, including relating to antitrust, consumer protection, data privacy and security, employment practices, product liability and the validity or alleged infringement of third-party intellectual property rights, including patent rights, among others. Any proceedings, actions, claims or inquiries initiated by or against us, whether successful or not, may be highly time consuming; result in costly litigation, damage awards, consent decrees, injunctive relief or increased costs of business; require us to change our business practices or products; result in negative publicity; require significant amounts of management time; result in the diversion of significant operational resources; or otherwise harm our business and financial results.

Disputes and litigation can be complex and are typically costly and can be disruptive to our business operations by diverting the attention of management and key personnel. In addition, we have incurred, and may in the future incur, significant costs in acquiring the necessary third-party intellectual property rights for use in our products, in some cases to fulfill contractual obligations with our customers. Any of these occurrences could significantly harm our business.

We have not prevailed, and may not in the future prevail, in every lawsuit or dispute. For further information about specific litigation and proceedings, see the section titled “Legal Proceedings” contained in Part II, Item 8, Note 16 of our Notes to Consolidated Financial Statements of this report.

We are subject to risks associated with compliance with laws and regulations globally, which may harm our business.

We are a global company subject to varied and complex laws, regulations, government actions and customs, both domestically and internationally. The application of these laws and regulations to our business is often unclear and evolving, and may at times conflict. Further, we are subject to the U.S. Foreign Corrupt Practices Act and other anti-corruption and anti-bribery laws, which may conflict with local customs and practices in other foreign countries, particularly those with developing economies where it is common to engage in practices that would be prohibited under such laws. We cannot provide assurance that our employees, contractors, agents, business partners and vendors will not take actions in violation of our internal policies, U.S. laws or other applicable international laws. Compliance with the above laws and regulations may involve significant costs or require additional changes to our business practices that result in reduced revenue and profitability. Non-compliance could also result in fines, damages, criminal sanctions against us, our officers or our employees, prohibitions on the conduct of our business and damage to our reputation.

In addition, approximately 50% of our employees are located outside the United States. Accordingly, we are exposed to changes in laws governing our employee relationships in various U.S. and foreign jurisdictions, including laws and regulations regarding wage and hour requirements, fair labor standards, employee data privacy, unemployment tax rates, workers’ compensation rates, citizenship requirements, immigration and payroll and other taxes, which likely would have a direct impact on our operating costs.

Table of Contents

Increasing regulatory focus on privacy and security issues and expanding laws and regulatory requirements could impact our business models and expose us to increased liability.

We are subject to global data protection, privacy and security laws, regulations and codes of conduct that relate to our various business units and data processing activities, which may include sensitive, confidential, and personal information. Government officials and regulators, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data, including the transferring of personal information across international borders. This scrutiny can result in new and shifting interpretations of existing laws, thereby further impacting our business. For example, European data transfers outside the European Economic Area are highly regulated and litigated. The mechanisms that we and many other companies rely upon for European data transfers (for example, Standard Contractual Clauses and the EU - US Data Privacy Framework) are the subject of legal challenge, regulatory interpretation and judicial decisions by the Court of Justice of the European Union. Certain other countries in which we do business have also established specific legal requirements for cross-border transfers of personal information and data localization.

We may be subject to certain aspects of the EU’s Digital Services Act, which imposes additional legal requirements on certain types of digital service providers, including online platforms and content sharing sites. Moreover, some of our customers are subject to the EU’s Digital Operational Resilience Act and similar UK regulatory requirements on operational resilience. There may be certain aspects of the EU’s Data Act that could apply to certain types of cloud services providers and require them to facilitate data portability (e.g., switching between services), as well as certain requirements concerning cross border international transfers of, and governmental access to, non-personal information outside of the European Economic Area. Further, the U.S. Department of Justice issued a rule entitled Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons, which placed additional restriction on certain data transactions involving countries of concern and covered individuals that may impact certain business activities, and has impacted the transfer of data in connection with certain transactions.

Further, the U.S. Securities and Exchange Commission’s Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure and other expanding global laws require us to make certain disclosures related to material cybersecurity incidents and the reasonably likely impact of such an incident. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward and any such mandatory disclosures could be costly and lead to negative publicity, loss of customer confidence in the effectiveness of our security measures, diversion of management’s attention and governmental investigations.

The laws, regulations and codes above may impact our innovation and business drivers in developing new and emerging technologies (for example, AI and machine learning) and may impact demand for our solutions and has resulted in more onerous obligations in our contracts and changes to our business practices, and may require us to bear additional burdensome contractual obligations and make additional changes to our business practices in the future. These changes may impact the duration of customer relationships and result in additional compliance and operational costs, which may adversely impact our business. Additionally, we collect and store information on behalf of our business customers and if our customers fail to comply with contractual obligations or applicable laws, it could result in litigation or reputational harm to us.

Table of Contents

Our intellectual property portfolio is a valuable asset and we may not be able to protect our intellectual property rights, including our source code, from infringement or unauthorized copying, use or disclosure.

Our patents, trademarks, trade secrets, copyrights and other intellectual property are valuable assets to us. Infringement or misappropriation of such intellectual property could result in lost revenues and ultimately reduce their value. We protect our intellectual property by relying on federal, state and common law rights in the United States and internationally, as well as a variety of administrative procedures and contractual restrictions. Despite our efforts, protecting our intellectual property rights and preventing unauthorized use of our intellectual property are inherently difficult. For instance, we actively combat software piracy, but we continue to lose revenue due to illegal use of our software. Third parties may illegally copy and sell counterfeit versions of our products. To the extent counterfeit installations and sales replace otherwise legitimate ones, our financial results could be adversely affected. We apply for patents and other intellectual property rights in the United States and in foreign countries, but we are not always successful in obtaining patent or other intellectual property protection or in obtaining such protection timely to meet our business needs. Our patents may be invalidated or circumvented. Moreover, due to challenges in detecting patent infringement pertaining to generative AI technologies, it may be more difficult to protect our generative AI and related innovations with patents. Further, the laws of some foreign countries do not provide the same level of intellectual property protection as U.S. laws and courts and could fail to adequately protect our intellectual property rights. Such loss could make it easier for third parties to compete with our products by copying functionality, which could cause us to lose customers and could adversely affect our revenue and operating margins. If we cannot protect our intellectual property against unauthorized copying, use, or other misappropriation, our business could be harmed.

Changes in tax rules and regulations or interpretations thereof may adversely affect our effective tax rates.

We are a U.S.-based multinational company subject to tax in multiple domestic and foreign tax jurisdictions. Significant judgment is required in determining our current provision for income taxes and deferred tax assets or liabilities. Tax laws in the United States as well as other countries and jurisdictions in which we conduct business are subject to change as new laws are passed and/or new interpretations are made available, which have in the past and may in the future have a material impact on our business.

Changes in our operating landscape, such as changes in laws or interpretations of tax rules, have in the past and may in the future adversely affect our effective tax rates and/or cause us to respond by making changes to our business structure, which could adversely affect our operations and financial results. An increase in our effective tax rate would reduce our profitability.

Moreover, we are subject to the examination of our income tax returns by domestic and foreign tax authorities. We regularly assess the likelihood of outcomes resulting from these examinations to determine the adequacy of our provision for income taxes and have reserved for potential adjustments that may result from these examinations. While we believe our tax estimates are reasonable, we cannot provide assurance that the final determination of any of these examinations will not have an adverse effect on our financial position and results of operations.

Contracting with government entities exposes us to additional risks inherent in the government procurement process.

We provide solutions, directly and indirectly, to a variety of domestic and foreign government entities, which introduces certain risks and challenges not present in private commercial agreements, including varying governmental budgeting processes; changes in governmental administrations and policies; fluctuations due to government spending cuts and shutdowns; and highly competitive and lengthy bidding process that may be subject to political influence. Additionally, we are subject to complex regulatory requirements and executive orders, including those related to procurement; export controls; employment; security; and other evolving government-specific contractual requirements. We incur significant up-front time and costs without any assurance that we will win a contract. Operating within a highly regulated industry, we have been and may in the future be subject to audits and investigations relating to our government contracts and any violations could result in termination of contracts and various civil and criminal penalties and administrative sanctions, including payment of fines and suspension or debarment from future government business, as well as harm to our reputation and financial results. We have made, and may

Table of Contents

continue to make, significant investments to support future sales opportunities in various government sectors, including to obtain various security authorizations and certifications. Such processes are complex, lengthy and can often be delayed. Furthermore, requirements may change, or we may be unable to achieve or sustain one or more government authorizations or certifications, which could affect our ability to sell to government entities until we meet any new or revised requirements.

Risks Related to Financial Performance

If there is a change in subscriptions or renewals in a reporting period, this could cause our financial results to suffer and may not be immediately reflected in our revenue and financial results for that period because we recognize revenue over the subscription term.

As a result, most of the subscription revenue we report each quarter is the result of subscription agreements entered into during previous quarters. Our subscription model could also make it difficult for us to rapidly increase our revenue from subscription-based or hosted services through additional sales in any period, as revenue from new customers will be recognized over the applicable subscription term. If our customers do not renew their subscriptions or if they renew on terms less favorable to us, our revenue may decline. Further, such impact on our revenue may not be immediately reflected in our financial results in the period in which our renewal rates changed and may adversely affect our financial results in future periods.

We are subject to fluctuations in foreign currency exchange rates and may not be able to effectively hedge our exposure.

We attempt to mitigate a portion of these foreign currency exchange risks to our financial results through foreign currency hedging based on our judgment of the appropriate trade-offs among risk, opportunity and expense. We regularly review our hedging program and make adjustments that we believe are appropriate. Our hedging activities have not, and may not in the future, offset more than a portion of the adverse financial impact, including on our actual revenue recognized, resulting from unfavorable movement in foreign currency exchange rates, which could adversely affect our financial condition, business performance or results of operations.

We test goodwill for impairment at least annually. We review our goodwill and intangible assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable, including declines in stock price, market capitalization or reduced future cash flow estimates and slower growth rates in our industry. Depending on the results of our review, we may be required to record a significant charge to earnings in our consolidated financial statements during the period in which any impairment of our goodwill or intangible assets was determined, negatively impacting our results of operations.

Our existing and future debt obligations may adversely affect our financial condition and future financial results.

As of November 28, 2025, we had $6.15 billion in senior unsecured notes outstanding and a $3 billion commercial paper program with no amounts outstanding. We also had a $1.5 billion senior unsecured revolving credit agreement, which was undrawn. This debt or future additional indebtedness may adversely affect our financial condition and future financial results by, among other things:

•requiring the dedication of a portion of our expected cash flows from operations to service our debt, thereby reducing the amount of expected cash flows available for other purposes, including capital expenditures and acquisitions;

•increasing our vulnerability to adverse changes in our business and general economic and industry conditions; and

Table of Contents

•limiting our ability to obtain future financing for working capital, capital expenditures, future acquisitions, general corporate or other purposes, which may also impact our ability to service and repay outstanding indebtedness as it becomes due.

Our senior unsecured notes, commercial paper program and revolving credit agreement impose restrictions on us and require us to maintain compliance with specified covenants. Our ability to comply with these covenants may be affected by events beyond our control. If we breach any of the covenants and do not obtain a waiver from the noteholders or lenders, then, subject to applicable cure periods, any outstanding debt may be declared immediately due and payable.

In addition, changes by any rating agency to our credit rating may negatively impact the value and liquidity of both our debt and equity securities, as well as the potential costs associated with a refinancing of our debt. Under certain circumstances, if our credit ratings are downgraded or other negative action is taken, the interest rate payable by us under our revolving credit agreement could increase. Downgrades in our credit ratings could also restrict our ability to obtain additional financing in the future and affect the terms of any such financing.

General Risk Factors

Catastrophic events, including events associated with climate change, may disrupt our business and adversely affect our financial condition and results of operations.

Our business relies on our network infrastructure and enterprise apps, internal technology systems and websites. Our corporate headquarters, significant research and development activity, certain of our data centers and other critical business operations are in the San Francisco Bay Area and the Salt Lake Valley Area, both of which are near major earthquake faults. Exposure to climate-related events that may harm our business may continue to increase in intensity. A catastrophic event, particularly one that may disrupt our data centers or our critical activities, could prevent us from conducting normal business operations and providing our solutions, which could adversely affect our business.

Our stock price has been, and may continue to be, volatile and subject to fluctuations. All factors described in this Part I, Item 1A of this report, some of which are beyond our control, may affect our stock price, including:

•shortfalls or declines in our results or shortfalls, changes to estimates, recommendations or expectations in guidance we provide or provided by financial analysts about our revenue, margins, earnings, annualized recurring revenue, growth rates or other key performance metrics;

•changes to our key performance metrics;

•changes in investor and analyst valuation models for our stock;

•changes in annualized recurring revenue, unearned revenue, remaining performance obligations and revenue recognized at a point in time, all of which may impact actual or implied growth rates;

•developments related to products or services, technological advancements, strategic alliances, acquisitions or significant transactions by us or our competitors;

•changes in the amounts or frequency of stock repurchases;

•the loss of large customers or our inability to retain or increase sales to existing customers or attract new customers;

•changes to our management team, including recruitment or departure of key personnel;

•variations in our or our competitors’ financial and business performance, changes in the competitive landscape generally and developments in our industry;

•adverse economic, political or market conditions; and

Table of Contents

•other events, such as significant litigation, regulatory investigations or actions, and negative media or social media coverage.

In addition, the market for technology stocks or the stock market in general has experienced, and may in the future experience, extreme fluctuations, which has caused, and may in the future cause, our stock price to decline for reasons unrelated to our financial performance. Volatility in our stock price has increased, and may continue to increase, our susceptibility to securities class action litigation, which could result in substantial costs and divert management’s attention and resources, which may adversely affect our business.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

CYBERSECURITY

Risk Management and Strategy

Adobe has certain security processes, infrastructure, systems, policies and practices for assessing, identifying and managing risks from cybersecurity threats. We maintain an information security risk management framework for managing cybersecurity risks, priorities and projects for our products, services, infrastructure and corporate resources. As part of our framework, a cybersecurity risk steering committee meets regularly to review newly identified risks and progress on remediating existing risks.

We conduct regular security reviews, simulations and testing, including internal and external penetration testing, vulnerability assessments and regular scans on our hosts and network devices. We review available threat intelligence, including information from industry groups and our security vendor. We consult with third parties, including cybersecurity consultants, as part of our cybersecurity threat and risk management strategy.

Depending on the environment, our risk mitigation strategies include a variety of technical, physical and operational measures designed to manage and mitigate material risks from cybersecurity threats to our systems and data. We require employees annually to complete a general security awareness training, and additional engineering and security specific training may also be required for certain positions. Further, we maintain a vendor security review program, which is designed to provide an assessment of the security practices of those third-party vendors that process Adobe non-public data or connect to our networks.

For a description of the risks from cybersecurity threats that may materially affect us, see the risks described in the section titled “Risk Factors” contained in Part I, Item IA of this report, including under the headings “Security incidents, improper access to or disclosure of our customers’ data or other cybersecurity incidents may harm our reputation and materially and adversely affect our business.”

Governance

Our Board of Directors (the “Board”) addresses cybersecurity risks as part of its general oversight function. Our Audit Committee of the Board (the “Audit Committee”) oversees enterprise risks, including cybersecurity risks, and the adequacy and effectiveness of our information security, technology and policies and our internal controls regarding these areas. The Audit Committee receives regular cybersecurity updates from our Chief Security Officer (“CSO”), in conjunction with senior cyber legal and other professionals, and reports those updates to the Board. The updates address topics such as cybersecurity risks and the prevention, detection, mitigation and remediation of cybersecurity incidents. We have a Cyber Disclosure Committee, comprised of our CSO, cyber legal professionals and other cross-functional leaders, that meets regularly to assess and make determinations regarding certain cybersecurity incidents, and have an escalation process to inform management and the Audit Committee when appropriate.

Our cybersecurity risk assessment and management processes are implemented and maintained by management, including our CSO and our cyber legal professionals, whom each has extensive cybersecurity experience in their respective areas of responsibility and expertise. Our CSO, who reports to the Chief Financial Officer, has primary responsibility for the strategy, engineering and operations of cybersecurity across Adobe in partnership with our executive-level product leaders and our cyber legal professionals, who report to the Chief Legal Officer, and have primary responsibility for the legal aspects of cybersecurity across Adobe.

Table of Contents

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
FUNI	2 hours ago
ADBE	3 hours ago
CVGW	1 day, 3 hours ago
RFIL	1 day, 4 hours ago
BBCP	2 days, 3 hours ago
DWAY	2 days, 4 hours ago
EXDW	2 days, 4 hours ago
FWFW	2 days, 6 hours ago
GIPL	2 days, 7 hours ago
WLSS	2 days, 8 hours ago
MOBX	2 days, 23 hours ago
ANIX	3 days, 4 hours ago
MCLE	3 days, 12 hours ago
HURC	6 days, 3 hours ago
MGSD	6 days, 12 hours ago
IMTH	1 week ago
NRT	2 weeks, 1 day ago
KPEA	2 weeks, 1 day ago
VWAV	2 weeks, 2 days ago
CLRI	2 weeks, 2 days ago
RGBP	2 weeks, 2 days ago
GTLL	2 weeks, 2 days ago
DJCO	2 weeks, 3 days ago
CETX	2 weeks, 3 days ago
FUST	2 weeks, 3 days ago
GTIM	2 weeks, 3 days ago
IBAC	2 weeks, 3 days ago
BDTB	2 weeks, 3 days ago
CVM	3 weeks, 2 days ago
GTIJF	3 weeks, 2 days ago
VPLM	3 weeks, 2 days ago
CTXR	3 weeks, 2 days ago
CTOR	3 weeks, 2 days ago
BRN	3 weeks, 2 days ago
LMNR	3 weeks, 2 days ago
CLBZ	3 weeks, 2 days ago
BNED	3 weeks, 2 days ago
ISSC	3 weeks, 3 days ago
HEI	3 weeks, 3 days ago
HOV	3 weeks, 3 days ago
ENGN	3 weeks, 3 days ago
SIF	3 weeks, 3 days ago
SNPS	3 weeks, 5 days ago
BNBX	3 weeks, 6 days ago
A	3 weeks, 6 days ago
MSBB	3 weeks, 6 days ago
OTLK	3 weeks, 6 days ago
BDL	3 weeks, 6 days ago
ABM	3 weeks, 6 days ago
TOL	3 weeks, 6 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - ADBE

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - ADBE

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing