Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - GEN

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors, of this Annual Report on Form 10-K. We encourage you to read those sections carefully. There may also be other factors that have not been anticipated or that are not described in our periodic filings with the Securities and Exchange Commission (SEC), generally because we did not believe them to be significant at the time, which could cause actual results to differ materially from our projections and expectations. All forward-looking statements should be evaluated with the understanding of their inherent uncertainty.

SUMMARY RISK FACTORS

We are subject to a number of risks that, if realized, could materially and adversely affect our business, financial condition, results of operations, and cash flows and our ability to make distributions to our stockholders. Some of our more significant challenges and risks include, but are not limited to, the following, which are described in greater detail below:

•If we are unable to develop new and enhanced solutions and products, or continually improve the performance, features, and reliability of our existing solutions and products, our business and operating results could be adversely affected.

•We operate in a highly competitive and dynamic environment, and if we are unable to compete effectively, we could experience a loss in market share and a reduction in revenue.

•Issues in the development and deployment of AI, including generative AI and emerging AI-enabled cyber threats, could expose us to regulatory, privacy, IP, cybersecurity, operational and reputational risks.

•Our acquisitions and divestitures create special risks and challenges that could adversely affect our financial results.

•Our revenue and operating results depend significantly on our ability to retain our existing customers and increase their adoption of our offerings, convert existing non-paying customers to paying customers, and add new customers.

•If we fail to manage our sales and distribution channels effectively, if our partners choose not to market and sell our solutions to their customers, or if we have an adverse change in our relationships with key third-party partners, service providers or vendors, our operating results could be materially and adversely affected.

•Changes in industry structure and market conditions have and may continue to lead to charges related to discontinuance of certain products or businesses and asset impairments.

•Our international operations involve risks that could increase our expenses, adversely affect our operating results and require increased time and attention from management.

•Our future success depends on our ability to attract and retain personnel in a competitive marketplace.

•If we fail to offer high-quality customer support, our customer satisfaction may suffer and have a negative impact on our business and reputation.

•If the information provided to us by customers or other third parties is incorrect or fraudulent, we may misjudge a customer’s qualifications to receive our products and services and our results of operations may be harmed and could subject us to regulatory scrutiny or penalties.

•Our solutions, systems, websites and the data on these sources have been and may continue to be subject to cybersecurity events that could materially harm our reputation and future sales.

Table of Contents

•We collect, use, disclose, store or otherwise process personal information and other sensitive data, which is subject to stringent and changing state and federal laws and regulations.

•Our inability to successfully recover from a disaster or other business continuity event could impair our ability to deliver our products and services, which could harm our business.

•We are dependent upon Broadcom for certain engineering and threat response services, which are critical to many of our products and business.

•Our solutions are complex and operate in a wide variety of environments, systems and configurations, which could result in failures of our solutions to function as designed.

•Negative publicity regarding our brand, solutions and business could harm our competitive position.

•Our reputation and/or business could be negatively impacted by sustainability and governance matters and/or our reporting of such matters.

•We are affected by seasonality, which has in the past and may in the future impact our revenue and results of operations.

•The legal and regulatory regimes governing certain of our products and services are uncertain and evolving.

•If we do not protect our proprietary information and prevent third parties from making unauthorized use of our products and technology, our financial results could be harmed.

•From time to time, we are party to lawsuits and investigations, which have previously and could in the future require significant management time and attention, cause us to incur significant legal expenses and prevent us from selling our products.

•Third parties have claimed and additional third parties in the future may claim that we infringe their proprietary rights.

•Some of our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.

•Our substantial indebtedness and related debt obligations could limit our financial and operating flexibility and increase our vulnerability to adverse business and economic conditions.

•Our Amended Credit Agreement imposes operating and financial restrictions on us.

•The failure of financial institutions or transactional counterparties could adversely affect our current and projected business operations and our financial condition and results of operations.

•We rely on a variety of funding sources to support our business model. If our existing funding arrangements are not renewed or replaced or our existing funding sources are unwilling or unable to provide funding to us on terms acceptable to us, or at all, it could have a material adverse effect on our business, financial condition, results of operations and cash flows.

•Adverse macroeconomic conditions have adversely affected and may continue to adversely affect the consumer finance industry and our MoneyLion business.

•Fluctuations in our quarterly financial results have affected the trading price of our stock in the past and could affect the trading price of our stock in the future.

•

•Changes to our effective tax rate could increase our income tax expense and reduce (increase) our net income (loss), cash flows and working capital, and audits by tax authorities could result in additional tax payments for prior periods.

•Our corporate and legal entity structure, as well as our intercompany arrangements, are subject to the tax laws of multiple jurisdictions. These laws are complex and may be subject to differing interpretations by tax authorities. As a result, we may be required to pay additional taxes, interest, or penalties in various jurisdictions, which could adversely affect our results of operations.

•Our ability to use our deferred tax assets to offset future taxable income may be limited.

The above list is not exhaustive, and we face additional challenges and risks. Please carefully consider all of the information in this Annual Report on Form 10-K, including the matters set forth below in this Part I, Item 1A.

Table of Contents

PART I

Item 1. Business

Purpose and Mission

Purpose: Powering Digital Freedom.

Mission: We create innovative and easy-to-use technology solutions that help people grow, manage and secure their digital and financial lives.

Our Values

Protecting people is what inspires us, and our people are at the core of what we do. We seek to attract talent that embraces the following values:

•Customer Driven. Community Minded. We are customer obsessed and drive positive impact.

•Think Big. Be Bold. We embrace change and innovate fearlessly.

•Be Scrappy. Make it Happen. Big or small, we get things done irrespective of title or role.

•Play to Win. Together. We win for our customers, with passion and integrity.

Company Overview

Gen Digital Inc. is a global leader in consumer Cyber Safety and Trust-Based Solutions, empowering people around the world to live safer digital lives while building confidence and control over their financial futures. Through its trusted brands including Norton, Avast, LifeLock, and MoneyLion, Gen helps people protect what matters most — their data, identity, privacy, reputation and financials — through award-winning cyber-security, online privacy, identity protection and financial wellness solutions used by nearly 500 million users in more than 150 countries. Today, digital life and financial life are increasingly intertwined, reshaping how people work, bank, shop, learn, connect and manage their households every day. Advances in cloud computing, mobile platforms, and artificial intelligence (AI) have expanded how consumers interact and transact online, and we expect technological advancements to continue to unlock new possibilities. At the same time, the expansion of consumers’ digital footprint is increasing exposure to cyber risks. Cybercriminals are combining long-standing techniques such as phishing, vishing and smishing with data-driven social engineering, deepfakes, account-takeover attacks and abuse of generative-AI systems and AI agents to execute increasingly sophisticated scams, fraud and other attacks that target people’s identities, privacy and finances. In this environment, we provide solutions designed to help consumers secure, control and manage their digital and financial lives.

We are well-positioned to drive awareness and adoption of Cyber Safety and Trust-Based Solutions for individuals, families, and small businesses, fueled by an increasingly connected world. We also offer personal finance products, tools and content that deliver actionable insights and guidance to users. Our global, omni-channel sales approach includes direct, indirect and freemium channels and a family of brands, enabling us to grow our customer base and maximize the global reach of our products and services. Most of our subscriptions are offered on annual terms, but we also provide monthly subscriptions. We also distribute both first-party and third-party product offerings through integrated marketplaces and other partner platforms.

As of April 3, 2026, we have approximately 500 million total users, which come from direct, partner and freemium channels. Of these total users, we have approximately 79 million paid customers which reflects all customers with at least one paid subscription as of the end of the period, and / or individuals with a unique account and at least one paid transaction in the trailing twelve months.

•Direct-to-consumer channel: We use advertising to elevate our family of brands, attract new customers and generate significant demand for our services. Our direct subscriptions are primarily sold through our e-commerce platform and mobile apps, and we have a direct billing relationship with the majority of these customers.

•Indirect partner distribution channels: We use strategic and affiliate partner distribution channels to refer prospective customers to us and expand our reach to our partners’ and affiliates’ customer bases. We developed and implemented a global partner sales organization that targets new, as well as existing, partners to enhance our partner distribution channels.

•Freemium channels: Our go-to-market is diversified with multiple freemium channels through brands like Avast. We use free versions of our products to reach the broadest set of consumers globally and bring cyber safety to a larger audience, especially in international markets. The user can choose to add specific premium solutions or upgrade to suites that provide security, identity, and privacy across multiple platforms and devices, thereby becoming a paid customer.

Table of Contents

•Consumer and Enterprise marketplace: The acquisition of MoneyLion further expanded our go-to-market reach through a consumer and enterprise marketplace, which is branded Engine by Gen. Consumers can access a broad range of personalized and actionable offers for both financial and non-financial products and services.

Our Strategy

Our strategy is focused on delivering long-term sustainable and disciplined growth. For more than a decade, we have protected people’s digital lives. That is our foundation. Today, we are building something larger: a platform that moves beyond protection into full empowerment — giving people the confidence, tools, and insights to control, manage and grow their digital and financial lives.

Our three primary growth drivers are:

1.Securing Digital Lives: Extending and deepening our leadership in cyber safety by leveraging technology innovation to protect consumers, families, and small businesses against an evolving and increasingly sophisticated threat landscape, including emerging risks from AI-generated scams, deepfakes, and agentic threats, while delivering proactive, personalized safety companion across devices, browsers, and AI agents.

2.Empowering Financial Wellness: Expanding our trusted solutions platform to empower consumers to protect, manage and grow their financial lives — through identity protection, financial fraud protection, credit monitoring, earned wage access, personalized financial product insights, and a recommended platform of trusted third-party financial solutions — deepening the customer relationship from protection into empowerment and financial decision-making and compounding lifetime value across the platform.

3.Scaling Gen’s AI-Powered Platform Delivering a Trust Layer: Connecting our ecosystem of brands, products, and partners through a unified data and AI infrastructure to deliver personalized, proactive, and increasingly automated experiences — closing the gap between what AI can do and what consumers trust it to do. Our platform turns user-permissioned data into trusted recommendations and actionable intelligence, positioning Gen as the trust layer for the AI economy.

The key elements of our strategy include the following:

•Extend our leadership in Cyber Safety through AI-driven innovation: Cyber Safety is a large market with an ever-evolving threat landscape. AI is simultaneously enabling more sophisticated attacks and more powerful defenses. Our strategy is to lead in both defense and empowerment, deploying AI-native capabilities such as our advanced scam detection engine, agentic security, and privacy protection solutions that anticipate threats before they materialize. Our telemetry across devices, identities, and financial signals powers a flywheel: more data improves detection, better detection builds trust, and trust drives growth. We continue to expand our portfolio into adjacent areas including family safety, small business protection, and AI-safe browsing to reach new customer cohorts and geographies.

•Grow our customer base through multiple channels: We maintain multiple go-to-market channels to reach new customers globally, including direct, app stores, and partnerships across various business models, such as premium, freemium, and embedded marketplaces. We leverage our expertise in digital marketing, our family of trusted brands, and our expanding network of telecom, financial institution, and employer benefit partners to grow our customer base. We have access to numerous first party financial products through MoneyLion as well as our Engine marketplace that extends distribution through partners, increasing the number of consumers that see our value proposition. We believe continued investment in these distribution channels, combined with the breadth of our first-party and third-party product portfolio, will allow us to efficiently acquire new customers across cyber safety and financial wellness.

•Deepen customer value through cross-sell of all of our services: security, privacy, identity, reputation, and financial protection and empowerment: We believe our approximately 500 million users — including 79 million paid customers — represent a significant and underleveraged opportunity to deliver trusted financial solutions. Our Engine marketplace connects consumers with over 600 third-party financial product providers across lending, insurance, credit, and banking, represents a hosted decisioning engine. We leverage our identity and behavioral data advantages to deliver personalized financial product recommendations to existing customers, increasing average revenue per user and strengthening the overall value of the Gen relationship. Customers with connected financial accounts demonstrate higher engagement, stronger ARPU, and better retention, which further deepens loyalty over time.

•Continue our focus on customer retention and loyalty: We continue to optimize and expand the value we provide to customers, which we believe positively impacts retention and lifetime value. We aim to increase customer engagement through actionable identity and financial alerts, AI-powered insights, and the introduction of new product capabilities and financial wellness community content. Comprehensive cyber safety membership adoption — integrating security, identity, privacy, and financial wellness into a single trusted relationship — reinforces our view that the future of cyber safety lies in all-in-one solutions and ultimately a seamless secure trust layer.

•Leverage our global brands and partner network to drive reach and innovation: We will continue building our family of trusted brands globally — Norton, Avast, LifeLock, MoneyLion and more — as we expand protection and empowerment to consumers across more than 150 countries. We will also continue to invest in our partner network, which includes over 650 channel partners and over 600 third-party product providers in Engine by Gen, to enrich the choices available to our customers and accelerate our reach into new markets and customer segments.

Table of Contents

•Scale our AI-powered platform to drive compounding growth: We are investing in a unified data and AI platform that gives consumers structured, secure access to their most important information and puts the power of distribution in their hands, while connecting our brands, products, and third-party partners into a single intelligent ecosystem. This platform enables hyper-personalized recommendations, faster AI innovation across our portfolio, and new revenue streams through trust, data, and decisioning services. Over time, we expect it to shift our growth model from linear subscription economics toward compounding network effects, as each customer and partner interaction enriches the ecosystem.

•Build the trust layer for the AI economy: As AI agents move onto consumer devices, browsing the web and executing code on the user’s behalf, the security stakes have fundamentally changed. We are building the trust layer for consumer AI: an AI-native browser, agentic protection integrated into our core memberships including an agentic VPN, and an agentic skill scanner establishing our platform as the security foundation for AI adoption. The assets required to win in this category — trusted brands, rich behavioral and financial data, broad global distribution — are difficult to replicate, creating a durable and compounding advantage as the market scales.

•Pursue strategic transactions to enhance our competitive advantage: To complement our organic growth strategy, we selectively pursue acquisitions, investments, and other strategic transactions that we believe can enhance our platform capabilities, expand our current lines of business, accelerate growth in existing or adjacent markets, strengthen our ecosystem, broaden our distribution reach, deepen our proprietary data and technology assets, or otherwise enhance our competitive position. We evaluate potential opportunities based on a variety of factors, including their strategic fit, ability to drive long-term value creation, operational and technological synergies, customer and user expansion opportunities, and financial returns. Our approach to acquisitions and other strategic transactions is guided by our financial discipline and balanced with our broader capital allocation priorities, which may include investments in innovation and growth initiatives, debt repayment, dividends, and share repurchases.

Operating Segment Information

We present financial information for our Cyber Safety Platform and Trust-Based Solutions operating segments to provide investors with greater transparency into the performance and drivers of our business. These segments reflect how our Chief Operating Decision Maker (our Chief Executive Officer) evaluates results, allocates resources, and assesses growth opportunities. By distinguishing between our core cybersecurity offerings and our Trust-Based Solutions, we enable investors to better understand the distinct market dynamics, revenue growth, and profitability profiles of each segment, as well as how they collectively support our long-term strategy and value creation.

Our Cyber Safety Platform Segment

Cyber Safety Platform includes our security, comprehensive suites, and privacy products, which deliver technology solutions and superior threat protection to help people navigate the digital world, securely, privately and with confidence. We develop our broad portfolio of Cyber Safety products and services based on consumer insights and continuously enhance our offerings through product innovation and technology integration, including acquired capabilities, to outpace evolving threats.

Our Cyber Safety portfolio provides protection across two primary categories, security and performance, and online privacy, and is delivered across multiple channels and geographies. Leveraging our technology platforms, we integrate software and service capabilities within these two categories into comprehensive and easy-to-use products and solutions across our brands.

We protect and empower consumers by providing solutions and services in two main ways:

•Comprehensive membership plans: Providing a comprehensive and all-in-one Cyber Safety portfolio of solutions for a membership fee. Plans are offered through Norton 360 and Avast One subscriptions, with both brands providing multiple levels of membership tiers that range from basic, mid-level, or premium tiers where online privacy features and identity and restoration services are included.

•Point solutions: Providing stand-alone products and services in security, device performance, and privacy, offering flexibility for consumers to choose between free or paid solutions. These products solve for a specific need, when you need it, and can add on to the value you already have. Please see below for our full set of products by category.

We are well-positioned across two key Cyber Safety categories:

•Security and Performance: Our offerings provide real-time threat protection for PCs, Macs and mobile devices against malware, ransomware, phishing, and other emerging cyber threats. Scams have also continued to become more prevalent and sophisticated and we offer a range of AI-powered features integrated into Norton Cyber Safety products to provide always-on protection from today’s most sophisticated scams across phone calls, texts, emails, deepfakes and websites. Norton Scam Protection and Scam Protection Pro utilize Norton Genie AI engine to analyze the meaning of words, not just links, helping to stop hidden scam patterns that even the most careful person can miss. We also offer solutions designed to help small businesses safeguard devices, online activities, and customer data.

•Online Privacy: Our privacy solutions include virtual private network (VPN) offerings through the Norton, Avast and freemium brands. These solutions provide encrypted data tunnels and connections that allows customers to securely transmit and access private information, such as passwords, bank details, and credit card numbers, when accessing the

Table of Contents

internet through their devices, including on public Wi-Fi networks. Our VPN solutions also incorporate advanced privacy, malware protection, and AI-powered protection against sophisticated cyber threats, including scams and phishing attacks.

Our Trust-Based Solutions Segment

We have also evolved beyond Cyber Safety to offer Trust-Based solutions, including identity protection, restoration support services, digital reputation, and secure financial wellness, including our first-party MoneyLion products and our Engine marketplace offerings. These innovative solutions and insights empower consumers to manage their identity, reputation and finances confidently.

•Identity Protection and Reputation: In the United States, we offer Identity Theft protection as a premium membership service primarily through LifeLock, which includes monitoring of credit reports, the dark web, social media, and financial accounts to help detect potential misuse of and safeguard our customers’ personal information. All plans include reimbursements for certain losses and expenses incurred, with coverage limits of up to $3 million depending on the plan. Outside the United States, we offer identity solutions under the Norton, Avast, and other brands, which include dark web monitoring in over 50 countries, monitoring of credit, social media and financial accounts, restoration support, and identity theft insurance in select countries.

•Secure Financial Wellness: In the United States, we offer modern personal finance products, tools, and financial-related content that delivers actionable insights and guidance to our users. Through our MoneyLion brand, we provide a broad suite of financial products and services to make premium banking, borrowing and investing accessible to everyone, enhanced with identity features so users can protect the wealth they build. Our leading marketplace solutions provide valuable distribution, acquisition, growth, and monetization channels for our partners. This purpose-built platform helps consumers navigate all of their financial inflection points, combining our deep first-party product expertise, engaging content, marketplaces, innovative technology, data and AI capabilities to create the ultimate marketplace solution, Engine by Gen.

Innovation, Research and Development

Gen has a long history of innovation, and we plan to continue to invest in research and development to drive our long-term success.

As cyber threats evolve, and an increasing amount of our financial lives happen online, we are focused on delivering a portfolio that protects each element of our customers’ digital and financial lives. To do this, we engage and listen to our customers, and we embrace innovation by deploying a global research and development strategy across our platform.

Our global technology research organization is focused on applied research projects, with the goal of rapidly creating new products to address consumer trends and grow the business, including defending consumer digital safety, privacy, identity and secure financial wellness. We also have a global threat response and security technology organization that is comprised of our dedicated team of threat and security researchers, supported by advanced systems to innovate security technology and threat intelligence.

We have one of the world’s largest consumer cyber safety networks. Leveraging our capabilities, our global threat response team handles a wide variety of attacks, including social engineering attacks, file-based attacks, web and network-based attacks, privacy and data exfiltration attacks, identity theft attacks, algorithmic manipulation attacks, and more.

Our differentiated approach is powered by our global scale and visibility, geographically distributed cloud data platform, and advanced AI-based automation. Through our AI Foundry, we build advanced AI models to improve our user’s experiences, by providing recommendations, insights, and personalized messaging tailored to their customer journey. We are also building AI-native products, AI agentic solutions, and the trust layer that makes powerful AI, safe and simple for everyday life.

Industry Overview

Cyber safety is a large market, fueled by the increase in activities online and the expanding digital lives of consumers globally. The core markets we participate in include security, identity, privacy, and increasingly, financial wellness.

Table of Contents

The cyber threat landscape is larger and more complicated than ever before. Attack cycles have compressed, threats are more personalized and convincing, and they are almost always aimed at a financial outcome — drained accounts, stolen credentials, and fraudulent transactions. New technologies, smart devices, digital identities and an increasingly more connected world mean consumers will encounter a range of new cyber safety challenges. Consumer demands and behaviors are rapidly changing and driving more activities online, from shopping, socializing, working, banking, to other activities in healthcare, entertainment and so much more. Almost every aspect of a person’s life has a digital component. Unfortunately, many of those activities are left unprotected, and attackers are exploiting this larger opportunity and the inherent security and privacy vulnerabilities. Cybercriminals have not only expanded their reach, but the sophistication of digital threats and attacks are becoming increasingly more realistic and believable. The rise of AI-generated deepfakes, synthetic identities, and autonomous AI agents — software that can browse, transact, and act on a consumer's behalf — introduces an entirely new attack surface and makes trust infrastructure more critical than ever.

At the same time, consumer demand for financial guidance and access is growing with equal urgency. Despite advances in financial technology, significant gaps remain: many consumers lack access to personalized, data-driven tools to help them manage, protect, and grow their financial lives. The embedded finance marketplace model — connecting consumers with personalized third-party offers across lending, insurance, credit, and banking — has emerged as a scalable and high-intent channel for closing this gap, meeting consumers at the moment they are most ready to act.

What is emerging is the convergence of cyber safety and financial wellness into a single consumer need. Almost every cyber threat ultimately targets a financial outcome, and almost every financial decision increasingly carries a digital risk. Consumers are no longer looking for a security product and a financial app — they are looking for a trusted platform that protects and empowers their entire digital and financial life, simultaneously and proactively.

We believe these dynamics — the expanding digital threat landscape, the growing demand for accessible financial wellness solutions, and the convergence of cyber safety and financial protection — will continue to drive demand for integrated platforms that address consumers' digital and financial needs together. Gen operates across both markets, connecting its family of Cyber Safety brands with financial wellness and marketplace capabilities to serve consumers across all aspects of their digital and financial lives.

Competitive Landscape

We operate in a highly competitive and dynamic environment. Our competitors may vary by offering, geography, business model and channel.

Our principal competitors are set forth below:

•Security: Our principal competitors in this segment include Apple, Bitdefender, ESET, F-Secure, Google, Kaspersky, Malwarebytes, McAfee, Microsoft, Trend Micro and Webroot.

•Online Privacy: Our principal competitors in this segment include Apple, Aura, Brave, DuckDuckGo, IPVanish, Kape, Mozilla, Nord Security and Proton.

•Identity and Reputation: Our principal competitors in this segment include credit bureaus such as Equifax, Experian and TransUnion, as well as certain credit monitoring and identity theft protection solutions from others such as Allstate, Aura, Generali (Iris), Intuit (Credit Karma) and Microsoft.

•Secure Financial Wellness: Our principal competitors in this segment include Bankrate, Chime, Dave, Intuit (Credit Karma), LendingTree, NerdWallet, Robinhood and SoFi.

•Other Competitors: In addition to competitors listed above, we also face competition from companies focused on one or a few of the above or adjacent categories. Many of these players are expanding into new segments and developing competing products. These include ‘pure play’ providers such as 1Password, Bark, Dashlane, LastPass, Life360, and Truecaller, as well as internet service providers, big tech platform providers, insurance companies and financial services organizations.

We believe we compete effectively based on the strength of our technology, people, product offerings, and presence across the key Cyber Safety and Trust-Based Solutions categories.

Table of Contents

For more information on the risks associated with our competitors, please see “Risk Factors” – Risks Related to Our Business Strategy and Industry – “We operate in a highly competitive and dynamic environment, and if we are unable to compete effectively, we could experience a loss in market share and a reduction in revenue” and “We may need to change our pricing models to compete successfully,” in Item 1A included in this Annual Report on Form 10-K.

Seasonality

As is typical for many consumer technology companies, portions of our business are impacted by seasonality. However, we believe the net impact on our business is limited. Seasonal behavior in orders primarily reflects consumer spending patterns during our fiscal third and fourth quarters, as order volume is generally higher due to the holidays in our third quarter, as well as due to follow-on holiday purchases and the U.S. tax filing season which is in our fourth quarter. Revenue generally reflects similar seasonal patterns but to a lesser extent than orders because of our subscription business model, as the majority of our in-period revenues are recognized ratably from our deferred revenue balance.

Human Capital Management

At Gen, our mission is to build a comprehensive and easy-to-use integrated portfolio that prevents, detects and responds to cyber threats and cybercrimes in today’s digital world. Our ability to execute on this mission depends on attracting, developing, and retaining a highly skilled and engaged workforce.

•General Employee Demographics: As of April 3, 2026, we employed approximately 3,900 team members across more than 20 countries. None of our U.S. employees are represented by a labor union or covered by a collective bargaining agreement.

•Employee Development and Training: Our people programs are designed to provide our team members with the resources and opportunities needed to grow and succeed. During fiscal 2026, we continued to invest in learning and development through our Learn@Gen platform and program, which provides employees with access to a broad range of digital and in person learning content and development opportunities. These offerings include the LinkedIn Learning catalog, Gen Mentorship programs, Peer Learning Academics, and leadership development initiatives.

•Employee Engagement: We are committed to fostering a positive and productive work environment. Employee feedback is a critical component of this effort. We maintain an ongoing dialogue with our workforce through our Engage pulse surveys, which focus on targeted topics and inform actions and continuous improvements across the organization.

•Benefits, Health and Wellness: At Gen, we value our people and are committed to reinforcing a positive and supportive experience through the programs and benefits we provide which are designed to support physical, mental and financial well-being in an integrated and equitable manner.

•Human Capital Governance: Our Board of Directors, through its Compensation and Leadership Development Committee, provides oversight of our human capital management strategies. We work closely with the Committee on matters including executive compensation, overall reward strategy, talent management, talent acquisition, leadership development, succession planning, retention, and employee engagement.

Intellectual Property

Our intellectual property (IP) is an important and vital asset that enables us to develop, market, and sell our software products and services and enhance our competitive position. We are a leader among consumer cyber safety and secure financial wellness solutions in pursuing patents and currently have a portfolio of over 1,000 U.S. and international patents issued with many additional patents pending. We protect our intellectual property rights and investments in a variety of ways to safeguard our technologies and our long-term success. Our IP portfolio is spread across different entities and in multiple countries. As we continue to expand our international operations, we have developed a strategy to ensure global distribution of our IP aligns with our long-term strategic objectives, business model, and goals. We work actively in the U.S. and internationally to ensure the enforcement of copyright, trademark, trade secret and other protections that apply to our software products and services. The term of the patents we hold is, on average, in excess of ten years.

From time to time, we enter into cross-license agreements with other technology companies covering broad groups of patents. We also use software from third parties in our business and generally must rely on those third parties to protect the licensed rights. This can include open source software, which is subject to limited proprietary rights. While it may be necessary in the future to seek or renew licenses relating to various aspects of our products, services, and business methods, we believe, based upon past experience and industry practice, such licenses generally can be obtained on commercially reasonable terms. The ability to maintain and protect our intellectual property rights is important to our success, but we believe our business is not materially dependent on any individual patent, copyright, trademark, trade secret, license, or other intellectual property right.

However, circumstances outside our control could pose a threat to our intellectual property rights. Effective intellectual property protection may not be available, and the efforts we have taken to protect our proprietary rights may not be sufficient or effective. Any significant impairment of our intellectual property rights could harm our business or our ability to compete. In addition, protecting our intellectual property rights is costly and time consuming. Any unauthorized disclosure or use of our intellectual property could make it more expensive to do business and harm our operating results.

Table of Contents

In addition, a large number of patents, copyrights and trademarks are owned by other companies in the technology industry. Those companies may request license agreements, threaten litigation, or file suit against us based on allegations of infringement or other violations of intellectual property rights.

For more information on the risks associated with our intellectual property, please see “Risk Factors” in Item 1A included in this Annual Report on Form 10-K.

Governmental Regulation

We collect, use, store or disclose an increasingly high volume, and variety of personal information, including from employees and customers, in connection with the operation of our business. The personal information we process is subject to an increasing number of federal, state, local and foreign laws regarding privacy and data security.

Gen is also subject to extensive and evolving federal, state laws and regulations governing consumer financial products and services, including laws relating to consumer protection, fair lending, anti-money laundering, electronic payments, money transmission, credit reporting and licensing. Certain of our products and platform are regulated and supervised by various governmental and regulatory authorities, including the Consumer Financial Protection Bureau, the Federal Trade Commission and state banking and financial services regulators. Applicable compliance requirements include, among others, regulations relating to unfair, deceptive or abusive acts or practices, lending and servicing activities, electronic fund transfers, customer disclosures, sanctions compliance, cybersecurity and the collection, use and protection of consumer data.

Available Information

Our internet homepage is located at GenDigital.com. We make available our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports as soon as reasonably practicable after we electronically file such material with the SEC on our investor relations website located at Investor.GenDigital.com. We also use our website as a tool to disclose important information about the company and comply with our disclosure obligations under Regulation Fair Disclosure. The information contained, or referred to, on our website, including in any reports that are posted on our website, is not part of this annual report unless expressly noted. The SEC maintains a website that contains reports, proxy and information statements, and other information regarding our filings at http://www.sec.gov.

Item 1A. Risk Factors

A description of the risk factors associated with our business is set forth below and in “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” “Legal Proceedings,” “Quantitative and Qualitative Disclosures About Market Risk” and “Controls and Procedures.” The list is not exhaustive, and you should carefully consider these risks and uncertainties before investing in our common stock.

RISKS RELATED TO OUR BUSINESS STRATEGY AND INDUSTRY

If we are unable to develop new and enhanced solutions and products, or continually improve the performance, features, and reliability of our existing solutions and products, our business and operating results could be adversely affected.

We have incurred, and will continue to incur, significant research and development expenses, including investments in AI, to drive organic growth and reduce reliance on third-party technologies. If these investments do not produce the anticipated benefits, or if such benefits are delayed, our operating results could be adversely affected.

We must continually address the challenges of dynamic and accelerating market trends and competitive developments. The development and integration of new technologies — including generative AI (“Gen AI”) and machine learning — is complex, time-consuming, and subject to significant risks. Customers may also demand features or capabilities that our current solutions do not offer, and failure to innovate in a timely and cost-effective manner could impair our ability to retain existing customers and attract new customers.

The development and introduction of new solutions involve significant commitments of time and resources and are subject to risks and challenges including but not limited to:

•Lengthy development cycles;

•Evolving industry and regulatory standards and technological developments, including AI and machine learning, by our competitors and customers;

•Rapidly changing customer preferences and accurately anticipating technological trends or needs;

•Evolving platforms, operating systems, and hardware products, such as mobile devices;

•Product and service interoperability challenges with customer’s technology and third-party vendors;

•The integration of products and solutions from acquired companies;

Table of Contents

•Availability of engineering and technical talent;

•Entering new or unproven market segments;

•New and evolving regulation; and

•Executing new product and service strategies.

In addition, third parties, including, but not limited to, operating systems and internet browser companies, have in the past and may in the future limit the interoperability of our solutions with their own products and services, including to promote competing offerings. Such actions could delay the development of, impair the functionality of, or reduce the demand for our solutions and products, which could result in decreased revenue, harm to our reputation, and adverse effects on our business, financial condition, results of operations, and cash flows.

We operate in a highly competitive and dynamic environment, and if we are unable to compete effectively, we could experience a loss in market share and a reduction in revenue.

We operate in intensely competitive and dynamic markets characterized by rapid technological developments, evolving industry and regulatory standards and market trends, changing customer requirements and preferences, and frequent new product introductions and improvements. We have experienced, and expect to continue to experience, significant competitive pressures.

Our cyber safety and financial wellness businesses compete with a broad range of companies, including established security software vendors, operating system and platform providers, companies who specialize in a niche segment of the cyber safety market and which are expanding their portfolios into competing cyber safety products, traditional banks and credit unions, licensed and non-bank digital financial service providers, specialty finance companies, digital wealth management and brokerage platforms, embedded finance providers, financial marketplaces, and other technology companies. Many of these competitors have longer operating histories, greater brand recognition, larger customer bases, and significantly greater financial, technical, and marketing resources than we do. They may be able to offer more competitive pricing or terms, bundle products more effectively, introduce new, enhanced, broader or more specialized offerings more quickly (including for free), or respond more rapidly to technological and consumer trends. We expect our competition to continue to increase, as there are generally no substantial barriers to entry into the markets we serve.

In addition, operating system and platform providers increasingly incorporate native security, privacy, and financial features into their products, often at no additional cost, which may reduce demand for our offerings or diminish their differentiation. Industry consolidation, vertical integration, and the introduction of new or alternative technologies may further intensify competition.

We cannot be sure that we will accurately predict how the markets in which we compete or intend to compete will evolve. Failure on our part to anticipate changes in our markets and to develop solutions and enhancements that meet the demands of those markets or to effectively compete against our competitors will significantly impair our business, financial condition, results of operations, and cash flows.

Issues in the development and deployment of AI, including generative AI and emerging AI-enabled cyber threats, could expose us to regulatory, privacy, IP, cybersecurity, operational and reputational risks.

We have incorporated, and are continuing to develop and deploy, AI, including Gen AI, into many of our products, solutions and services. AI systems, including AI internally developed and AI present in third party solutions, may be flawed, contain errors or vulnerabilities, reflect unintended bias, or produce inaccurate, misleading or “hallucinatory” outputs, and such deficiencies may not be easily detectable. Customers may rely on AI-generated outputs in making financial, security or other significant decisions. If AI-enabled features in our products produce incorrect, incomplete or biased outputs, we could face claims of misrepresentation, negligence, product liability or other legal theories, as well as customer dissatisfaction, reputational harm and loss of business. Furthermore, we may face allegations of misrepresentations or “AI washing” if our disclosures about our AI capabilities or our AI-related governance are deemed to be exaggerated or misleading, which could result in enforcement actions, litigation or reputational harm.

AI can present ethical issues and may subject us to new or heightened legal, regulatory, ethical, or other challenges, including issues relating to discrimination, intellectual property infringement or misappropriation, violation of rights of publicity, inability to assert ownership of inventions and works of authorship, loss of trade secrets, defamation, data privacy, and cybersecurity; and inappropriate or controversial data practices by third-party partners, developers and end-users, or other factors adversely affecting public opinion of AI, could impair the acceptance of AI solutions, including those incorporated in our products and services. If the AI solutions that we create or use are deficient, inaccurate or controversial, we could incur

Table of Contents

operational inefficiencies, competitive harm, legal liability, brand or reputational harm, or other adverse impacts on our business and financial results.

The use or adoption of AI technologies in our products may also result in exposure to claims by third parties of copyright infringement or other intellectual property misappropriation, which may require us to pay compensation or license fees to third parties. For example, the large datasets used to train Gen AI technologies or output generated by Gen AI technologies may contain materials that may subject us to third-party claims of intellectual property infringement or violations of rights of publicity. This risk is exacerbated with respect to our use of third-party Gen AI technologies, as it can be very difficult, if not impossible, to validate the processes used by third-party Gen AI technology providers in their collection and use of training data or the algorithm to produce outputs.

The technologies underlying Gen AI and its uses are currently subject to a variety of laws and regulations, including intellectual property, privacy, data protection and information security, consumer protection, competition, and equal opportunity laws, and are expected to be subject to increased regulation and new laws or new applications of existing laws and regulations. Gen AI is the subject of ongoing review by various U.S. governmental and regulatory agencies, and various U.S. states and other foreign jurisdictions are applying, or are considering applying, their platform moderation, cybersecurity, and data protection laws and regulations to Gen AI or are considering general legal frameworks for Gen AI. For example, the EU AI Act, which came into force on August 1, 2024, will generally become fully applicable after a two-year transitional period, with certain obligations taking effect at an earlier or later time. The EU AI Act introduces various requirements for AI systems and models placed on the market or put into service in the EU, including specific transparency and other requirements for general purpose AI systems and the models on which they are based. In addition, several U.S. states, such as California and Colorado, have proposed or enacted laws regarding automated decision‑making, deepfakes, algorithmic discrimination and so called “high‑risk” AI technologies (mandating, among other provisions, requirements for risk management, impact assessments, consumer notices and human oversight). At the federal level, a December 2025 executive order endorsed a federal moratorium on enforcement of state AI laws and the White House released in March 2026 a National Policy Framework for Artificial Intelligence, outlining nonbinding legislative recommendations to inform congressional consideration of a unified federal approach to AI regulation. Ongoing tension between the states and the federal government over how best to regulate AI may result in increased uncertainty, risk and compliance costs for our business. If we cannot use AI, or if our use of AI is restricted, it could lead to business disruption, inefficiency, or competitive disadvantage. Replacement of these technologies with compliant alternatives could require substantial capital expenditures or lead to a loss of proprietary data.

Furthermore, because AI technology itself is highly complex and rapidly developing, it is not possible to predict all of the legal, operational or technological risks that may arise relating to the use of AI, including the increased use of agentic AI and the heightened risk it poses to data privacy and cybersecurity. The rapid evolution of AI, including potential government regulation of AI, requires us to invest significant resources to develop, test, and maintain AI in our products and services in a manner that meets evolving requirements and expectations and we may need to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks are inconsistent across jurisdictions. Developing, testing, and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems.

Our acquisitions and divestitures create special risks and challenges that could adversely affect our financial results.

As part of our business strategy, we may acquire or divest businesses or assets. For example, we acquired MoneyLion in April 2025. Our acquisition and divestiture activities have and may continue to involve a number of risks and challenges, including:

•Complexity, time and costs associated with managing these transactions, including the integration of acquired and the winding down of divested business operations, workforce, products, services, IT systems and technologies;

•Challenges in maintaining uniform standards, controls, procedures and policies within the combined organization;

•Challenges in retaining the customers of acquired businesses, providing the same level of service to existing customers with reduced resources, or retaining the third-party relationships, including with suppliers, service providers, and vendors, among others;

•Diversion of management time and attention;

•Loss or termination of employees, including costs and potential institutional knowledge loss associated with the termination or replacement of those employees;

•Assumption of liabilities of the acquired and divested business or assets, including pending or future litigation, investigations or claims related to the acquired business or assets;

•Addition of acquisition-related debt;

•Difficulty entering into or expanding into new markets or geographies;

•Increased or unexpected costs and working capital requirements;

•Dilution of stock ownership of existing stockholders;

Table of Contents

•Ongoing contractual obligations and unanticipated delays or failure to meet contractual obligations;

•Regulatory risks, including remaining in good standing with existing regulatory bodies or receiving any necessary approvals, as well as being subject to new regulators with oversight over an acquired business;

•Substantial accounting charges for acquisition-related costs, asset impairments, amortization of intangible assets and higher levels of stock-based compensation expense; and

•Difficulty in realizing potential benefits, including cost savings and operational efficiencies, synergies and growth prospects from integrating acquired businesses.

We may not be able to identify appropriate business opportunities that benefit our business strategy or otherwise satisfy our criteria to undertake such opportunities. Even if we do identify potential strategic transactions, we may not be successful in negotiating favorable terms in a timely manner or at all or in consummating the transaction, and even if we do consummate such a transaction, it may not generate sufficient revenue to offset the associated costs, may not otherwise result in the intended benefits or may result in unexpected difficulties and risks. Macroeconomic factors, such as fluctuating tariffs, trade wars, high inflation, high interest rates, and volatility in foreign currency exchange rates and capital markets could negatively influence our future acquisition opportunities. Moreover, to be successful, large complex acquisitions depend on large-scale product, technology, and sales force integrations that are difficult to complete on a timely basis or at all and may be more susceptible to the special risks and challenges described above. Any of the foregoing, and other factors, could harm our ability to achieve anticipated levels of profitability or other financial benefits from our acquired or divested businesses, product lines or assets or to realize other anticipated benefits of divestitures or acquisitions.

Our revenue and operating results depend significantly on our ability to retain our existing customers and increase their adoption of our offerings, convert existing non-paying customers to paying customers, and add new customers.

It is important to our cyber and financial technology businesses that we retain existing customers and that our customers expand their use of our solutions and products over time. If our efforts to sell additional functionality, products and services to our customers and clients are not successful, our business and growth prospects would suffer. For our solutions sold to customers on a monthly or annual subscription basis, renewing customers may require additional incentives to renew, may not renew for the same contract period, or may change their subscriptions. We therefore may be unable to retain our existing customers on the same or more profitable terms, if at all. In addition, we may not be able to accurately predict or anticipate future trends in customer retention or effectively respond to such trends.

Our customer retention rates may decline or fluctuate due to a variety of factors, including the following:

•Our customers’ levels of satisfaction or dissatisfaction with our solutions, the value they place on our solutions and availability of our solutions;

•The quality, breadth, and prices of our solutions, including solutions offered in emerging markets;

•Our general reputation and events impacting that reputation;

•The services and related pricing offered by our competitors; including increasing the availability and efficacy of free solutions;

•Increases in costs we incur and may pass on to our customers in order to offer our products or services;

•Disruption by new services or changes in law or regulations that impact the need for or efficacy of our products and services;

•Changes in auto-renewal and other consumer protection regulations;

•Our customers’ dissatisfaction with our efforts to market additional products and services;

•Our customer service and responsiveness to the needs of our customers;

•Changes in our target customers’ spending levels as a result of general economic conditions, inflationary pressures or other factors; and

•The quality and efficacy of our third-party partners who assist us in renewing customers’ subscriptions.

Declining customer retention rates could cause our revenue to grow more slowly than expected or decline, and our operating results, gross margins and business will be harmed. In addition, our ability to generate revenue and maintain or improve our results of operations partly depends on our ability to cross-sell our solutions to our existing customers and to convert existing non-paying customers to paying customers and add new customers. We may not be successful in cross selling our solutions because our customers may find our additional solutions unnecessary or unattractive. Our failure to sell additional solutions to our existing customers, failure to convert existing non-paying customers to paying customers or add new customers could adversely affect our ability to grow our business.

An important part of our growth strategy involves continued investment in direct marketing efforts, indirect partner distribution channels, expanding partner relationships, freemium channels, our sales force, and infrastructure to add new customers. The number and rate at which new customers purchase our products and services depends on a number of factors, including those outside of our control, such as customers’ perceived need for our solutions and products, competition, general economic conditions, market transitions, product obsolescence, technological change, public awareness of security threats to IT systems,

Table of Contents

macroeconomic conditions, and other factors. New customers, if any, may subscribe or renew their subscriptions, or utilize our products and solutions, at lower rates than we have experienced in the past, introducing uncertainty about their economic attractiveness and potentially impacting our financial results.

Additionally, there are inherent challenges in measuring the usage of our products and solutions across our brands, platforms, regions, and internal systems, and therefore, calculation methodologies for direct customer counts may differ, which may impact our ability to measure the addition of new customers and our understanding of certain details of our business. The methodologies used to measure these metrics require judgment and are also susceptible to algorithms or other technical errors. From time to time, we review our metrics and may discover inaccuracies or make adjustments to improve their accuracy, which can result in adjustments to our historical metrics. Our ability to recalculate our historical metrics may be impacted by data limitations or other factors that require us to apply different methodologies for such adjustments. If investors do not perceive our operating metrics to be accurate, or if we discover material inaccuracies with respect to these figures, our reputation may be significantly harmed, and our results of operations and financial condition could be adversely affected.

We may need to change our pricing models to compete successfully.

The intense competition and evolving general and economic business conditions (including rising government debt levels, potential government policy shifts, changing U.S. consumer spending patterns, economic volatility, fluctuating tariff rates, trade wars, and high inflation and interest rates, among other things), may require us to change our pricing practices.

If our competitors offer deep discounts on certain solutions, provide offerings, or offer free introductory products that compete with ours, we may experience pricing pressure and may be unable to retain current customers and clients or attract new customers and clients at consistent prices within our operating budget. To compete effectively, we may need to lower prices, offer promotional or freemium products, or otherwise change our pricing models. Conversely, if we increase prices in response to economic conditions, cost pressures or strategic considerations, we may experience reduced customer acquisition and retention. Any such pricing changes could reduce revenue, margins and profitability.

Additionally, our solutions are discretionary purchases, and customers may reduce or eliminate their discretionary spending during periods of economic uncertainty, inflation, elevated interest rates, trade disruptions or other macroeconomic stress. We have experienced and may continue to experience a material increase in cancellations by customers or reduced retention during such periods.

Numerous factors, however, have previously and may continue to impede our ability to attract and retain free users, convert these users into paying customers and retain them as paying customers.

If we fail to manage our sales and distribution channels effectively, if our partners choose not to market and sell our solutions to their customers, or if we have an adverse change in our relationships with key third-party partners, service providers or vendors, our operating results could be materially and adversely affected.

A significant portion of our revenue is generated through indirect sales and distribution channels, including distributors, resellers, telecom service providers and strategic partners that bundle or incorporate our products into their offerings. In our MoneyLion business specifically, we also depend on channel partners that provide access to consumers – such as news sites, content publishers, product comparison sites and financial institutions – and on product partners that offer financial products through our marketplace platform.

Our channel and partner agreements are generally nonexclusive, impose no minimum sales or marketing commitments and may be terminated or renegotiated at any time, potentially on less favorable terms. Many of our partners frequently offer competing products or services and may prioritize those offerings based on pricing, promotional support, incentives, economics or strategic considerations.

Sales and revenues generated through indirect channels are subject to general economic conditions, competitive dynamics, changes in partner strategy and performance and partner financial health. Any reduction in partner sales efforts, termination of key relationships, delays in payment, adverse changes in commercial terms or other adverse channel developments could materially and adversely affect our revenue, margins and operating results.

We may in the future incur increasing revenue-sharing costs to compensate content creators for producing original content.

We have limited control over our partners’ business practices, and any misconduct, regulatory or legal noncompliance, financial distress, reputational harm or failure to perform involving a partner could negatively affect our brand, customer relationships and operations. If a partner fails to perform its obligations or comply with applicable requirements, our operations and financial results could be negatively impacted.

Table of Contents

Consolidation among retailers, online platforms, financial institutions or other distribution intermediaries may increase their negotiating leverage, reduce available distribution channels for us and negatively affect pricing and margins. In our MoneyLion business, changes in product partners’ underwriting standards, marketing budgets, financial condition or strategic priorities could reduce the availability of financial products on our platform, decrease marketing and advertising revenue, delay payments or otherwise negatively affect our results.

In general, any changes in these relationships or loss of these partners or vendors, any failure of them to perform their obligations in a timely manner or at all or if they were to cease to provide such functions for any reason, could degrade the functionality of our platform, materially and adversely affect usage of our products and services, impose additional costs or requirements or disadvantage us compared to our competitors. We also rely on relationships with third-party partners to obtain and maintain customers, and our ability to acquire new customers could be materially harmed if we are unable to enter into or maintain these relationships on terms that are commercially reasonable to us, or at all.

Finally, if we fail to manage our sales and distribution channels successfully, these channels may conflict with one another or otherwise fail to perform as we anticipate, which could reduce our sales and increase our expenses as well as weaken our competitive position.

Changes in industry structure and market conditions have and may continue to lead to charges related to discontinuance of certain products or businesses and asset impairments.

In response to changes in industry structure and market conditions, we have been and may continue to be required to strategically reallocate our resources and consider restructuring, disposing of, or otherwise exiting certain businesses. Any decision to limit investment in or dispose of or otherwise exit businesses has and may continue to result in the recording of special charges, such as technology-related write-offs, workforce reduction costs, charges relating to consolidation of excess facilities, or claims from third parties who were resellers or users of discontinued products. Our estimates with respect to the useful life or ultimate recoverability of our carrying basis of assets, including purchased intangible assets, could change as a result of such assessments and decisions. Our loss contingencies have and may continue to include liabilities for contracts that we cannot cancel, reschedule or adjust with suppliers.

Further, our estimates relating to the liabilities for excess facilities are affected by changes in real estate market conditions. Additionally, we are required to evaluate goodwill impairment on an annual basis and between annual evaluations in certain circumstances. Goodwill impairment evaluations have previously and may result in a charge to earnings.

RISKS RELATED TO OUR OPERATIONS

Our international operations involve risks that could increase our expenses, adversely affect our operating results and require increased time and attention from management.

We derive a significant portion of our revenues from customers located outside of the United States, and we have substantial operations outside of the United States, including engineering, finance, sales and customer support. Our international operations are subject to risks in addition to those faced by our domestic operations, including:

•Difficulties staffing, managing, and coordinating the activities of our geographically dispersed and culturally diverse operations;

•Potential loss of proprietary information due to misappropriation or laws that may be less protective of our intellectual property rights than U.S. laws or that may not be adequately enforced;

•Requirements of foreign laws and other governmental controls, including tariffs, trade barriers and labor restrictions, and related laws that reduce the flexibility of our business operations;

•Fluctuations in currency exchange rates, economic instability and inflationary conditions could make our solutions more expensive or could increase our costs of doing business in certain countries;

•Changes in trade relations arising from policy initiatives or other political factors;

•Regulations or restrictions on the use, import or export of encryption technologies that could delay or prevent the acceptance and use of encryption products and public networks for secure communications;

•Regulations or restrictions regarding the collection, processing, sharing, transfer, portability, security and storage of consumer data (including personal information), including privacy and data protection laws;

•Local business and cultural factors that differ from our normal standards and practices, including business practices that we are prohibited from engaging in by the Foreign Corrupt Practices Act and other anti-corruption laws and regulations;

•Central bank and other restrictions on our ability to repatriate cash from our international subsidiaries or to exchange cash in international subsidiaries into cash available for use in the United States;

•Limitations on future growth or inability to maintain current levels of revenues from international sales if we do not invest sufficiently in our international operations;

•Difficulties in staffing, managing and operating our international operations;

•Costs and delays associated with developing software and providing support in multiple languages;

Table of Contents

•Political, social or economic unrest, war, terrorism, regional natural disasters, or export controls and trade restrictions, particularly in areas in which we have facilities and in areas where our engineering and technical development teams are based; and

•Multiple and possibly overlapping tax regimes, which may increase our tax exposure and compliance burden.

The expansion of our existing international operations and entry into additional international markets has required and will continue to require significant management attention and financial resources. These increased costs may increase our cost of acquiring international customers, which may delay our ability to achieve profitability or reduce our profitability in the future. We also have and may continue to face pressure to lower our prices in order to compete in emerging markets, which has previously and could in the future adversely affect revenue derived from our international operations.

It is not possible to predict the broader consequences of existing geopolitical conflicts and other conflicts that may arise in the future, which could include geopolitical instability and uncertainty; adverse impacts on global and regional economic conditions and financial markets, including significant volatility in credit, capital, and currency markets; reduced economic activity; changes in laws and regulations affecting our business, including further sanctions or counter-sanctions which may be enacted; and increased cybersecurity threats and concerns. The ultimate extent to which such conflicts may negatively impact our business, financial condition and results of operations will depend on future developments, which are highly uncertain, difficult to predict and subject to change.

Our future success depends on our ability to attract and retain personnel in a competitive marketplace.

Our future success depends upon our ability to recruit and retain key management, technical (including cyber security and AI experts), sales, marketing, e-commerce, finance and other personnel. Our officers and other key personnel are “at will” employees and we generally do not have employment or non-compete agreements with our employees. Competition is significant for people with the specific skills that we require, including in the areas of AI and machine learning, and especially in the locations where we have a substantial presence and need for such personnel.

To attract and retain talent, we must provide competitive pay packages, including cash and equity-based compensation. Additionally, changes in immigration laws could impair our ability to attract and retain highly qualified employees. If we are unable to hire and retain qualified employees, or conversely, if we fail to manage employee performance or reduce staffing levels when required by market conditions, our business and operating results could be adversely affected.

We have experienced, and may in the future experience, departures of key personnel, including significant changes to our executive leadership team. The loss of any key employee or the failure to effectively manage succession planning and knowledge transfer could disrupt our operations, including adversely affecting the timeliness of product releases, delaying product development, impairing execution of strategic company initiatives, expending resources to train new hires, or adversely affecting our internal control over financial reporting and our results of operations.

If we fail to offer high-quality customer support, our customer satisfaction may suffer and have a negative impact on our business and reputation.

If demand increases, or our resources decrease, we may be unable to offer the level of support our customers expect. Any failure by us to maintain the expected level of support could reduce customer satisfaction and negatively impact our customer retention and our business.

If the information provided to us by customers or other third parties is incorrect or fraudulent, we may misjudge a customer’s qualifications to receive our products and services and our results of operations may be harmed and could subject us to regulatory scrutiny or penalties.

Our decisions to provide many of our products and services to customers are based partly on information that they provide to us or authorize us to receive from third party sources. In addition, data provided by third-party sources, including consumer reporting agencies, is a component of our credit decisions and this data may contain inaccuracies.

We use identity and fraud prevention tools to analyze data provided by external databases to authenticate the identity of each applicant that signs up for our first-party products and services. However, these checks have failed from time to time and may again fail in the future, and fraud, which may be significant, has and may in the future occur. The level of fraud-related charge-offs on the first-party products and services facilitated through our platform could be adversely affected if fraudulent activity were to significantly increase. We may not be able to recoup funds associated with our first-party products and services made in connection with inaccurate statements, omissions of fact or fraud, in which case our revenue, results of operations, profitability and cash flows will be harmed. High profile fraudulent activity or significant increases in fraudulent activity could also lead to regulatory intervention, negative publicity

Table of Contents

and the erosion of trust from our customers, which could negatively impact our results of operations, brand and reputation, and require us to take steps to reduce fraud risk, which could increase our costs.

Our solutions, systems, websites and the data on these sources have been and may continue to be subject to cybersecurity events that could materially harm our reputation and future sales.

Information security risks in the financial technology services industry in particular are significant, in part because of new technologies, the increasing digitalization to conduct financial and other business transactions and the increased sophistication and activities of organized criminals, perpetrators of fraud, hackers, terrorists and other malicious third parties.

Given the digital nature of our platform, we are an attractive target for attacks designed to impede the performance and availability of our offerings, compromise sensitive information and harm our reputation as a leading cyber security company. In addition, we face the risk of cyberattacks by nation-states and state-sponsored actors, which may increase due to geopolitical tensions. These attacks may target us, our partners, suppliers, vendors or customers. Malicious hackers, state-sponsored actors, insiders and third-party service providers have attempted to penetrate, and in some cases succeeded in penetrating, our networks or those of our vendors. Such attempts are increasing in number and in technical sophistication, including through the use of AI, and have in the past and could in the future expose us and the affected parties, to risk of loss or misuse of proprietary, personal or confidential information or disruptions of our business operations. Additionally, deployment of agentic AI with access to our systems, data, and third-party tools creates an expanded surface for cyberattacks, as threat actors may exploit inadequate controls to manipulate agents into executing unauthorized actions, accessing sensitive information, or initiating malicious transactions, and the autonomous nature of these systems may enable attackers to conduct multi-step attacks that evade traditional security controls before detection occurs.

When a data breach occurs, our information technology systems and infrastructure can be subject to damage, compromise, disruption, and shutdown due to attacks or breaches by hackers or other circumstances, such as error or malfeasance by employees or third-party service providers, phishing, social engineering, account takeovers, vulnerability exploitation, misconfigurations, ransomware, or technology malfunction. A data breach may result in significant legal, financial, and reputational harm, including government inquiries, enforcement actions, litigation (including class actions), and negative publicity. A series of breaches may be determined to be material at a later date in the aggregate, even if they may not be material individually at the time of their occurrence. The occurrence of any of these events, as well as a failure to promptly remedy them when they occur, could compromise our systems and the information stored in our systems and may cause us to lose consumer trust. Any such circumstance could adversely affect our ability to attract and maintain customers as well as strategic partners, cause us to suffer negative publicity or damage to our brand, and subject us to legal claims and liabilities or regulatory penalties. In addition, unauthorized parties might alter information in our databases, which would adversely affect both the reliability of that information and our ability to market and perform our services as well as undermine our ability to remain compliant with relevant laws and regulations.

Despite our efforts, we are not always able to anticipate these techniques or to implement adequate or timely preventive or reactive measures. We and our third-party service providers have experienced and may continue to experience such incidents, particularly as we integrate legacy IT infrastructure and systems. Threat actors have previously and could in the future exploit a new vulnerability before we complete our remediation work or identify a vulnerability that we did not effectively remediate. If that happens, there could be unauthorized access to, or acquisition of, data we maintain, and damage to our systems. Our evolving IT environment, including embracing new ways of sharing data and communicating and increasing our internal use of Gen AI, may introduce new attack vectors, and our policies and controls may not keep pace with emerging threats or regulatory requirements.

Finally, the software upon which we rely may contain undetected technical errors or bugs, which may only be discovered after the code has been released for external or internal use. Any technical errors, bugs or defects discovered in the software upon which we rely could result in harm to our reputation, loss of customers, clients or third-party partners, increased regulatory scrutiny, fines or penalties, loss of revenue or liability for damages, any of which could adversely affect our business, financial condition, results of operations and cash flows.

We collect, use, disclose, store or otherwise process personal information and other sensitive data, which is subject to stringent and changing state and federal laws and regulations.

In the operation of our business, particularly in relation to our identity and information protection service and financial wellness offerings, we collect, use, process, store, transmit or disclose (collectively, process) an increasingly large amount of confidential information, including personal information (which includes credit card information and other critical data) from

Table of Contents

employees and customers in multiple jurisdictions. This information is subject to a rapidly evolving and increasingly complex framework of federal, state and foreign privacy, data protection and data security laws, as well as contractual obligations.

At the federal level, the Gramm-Leach-Bliley (the GLBA) (along with its implementing regulations) requires disclosures to consumers about our handling of their nonpublic personal information and provides consumers with certain rights to restrict information sharing. Additionally, our investment adviser and broker-dealer subsidiaries are subject to SEC Regulation S-P, which mandates policies and procedures designed to safeguard customer information.

At the state level, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA), and similar comprehensive privacy laws enacted in multiple other U.S. states, provide consumers with rights to access, correct, delete and restrict the use, sale or sharing of their personal information and impose disclosure, governance and data protection obligations on covered businesses. These state laws provide civil penalties for violations, as well as private rights of action for certain data breaches. Additional states continue to enact comprehensive privacy legislation, creating a fragmented and evolving compliance environment that increases operational complexity and costs.

Additionally, the Federal Trade Commission (the FTC) and many state attorneys general, are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. Any failure or perceived failure by us to comply with such obligations has previously and may in the future result in governmental enforcement actions, fines, litigation (including class actions) or public statements against us by consumer advocacy groups or others and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.

We process personal data relating to individuals in the European Economic Area or the United Kingdom and are subject to the EU General Data Protection Regulation (GDPR) and the UK GDPR, which impose significant compliance obligations, restrict cross-border data transfers and authorize substantial administrative fines for noncompliance. Global privacy and data protection legislation and enforcement are rapidly expanding and evolving, and, in some jurisdictions, may impose data localization laws or cross-border transfer restrictions, which may require us to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition. Additionally, changes to applicable privacy or data security laws could impact how we process personal information and therefore limit the effectiveness of our solutions or our ability to develop new solutions.

If so, in addition to the possibility of fines, lawsuits, regulatory investigations, government actions, consumer and merchant actions, and other claims, we could be required to fundamentally change our business activities and practices or modify our platform, which could have an adverse effect on our business. Any violations or perceived violations of these laws, rules and regulations by us, or any third parties with which we do business, may require us to change our business practices or operational structure, including limiting our activities in certain states and/or jurisdictions, addressing legal claims by governmental entities or private actors, sustaining monetary penalties, sustaining reputational damage, expending substantial costs, time and other resources and/or sustaining other harms to our business. Furthermore, our online, external-facing privacy policy and website make certain statements regarding our privacy, information security and data security practices with regard to information collected from our consumers or visitors to our website. Failure or perceived failure to adhere to such practices may result in regulatory scrutiny and investigation, complaints by affected consumers or visitors to our website, reputational damage and/or other harm to our business. If either we, or the third-party partners, service providers or vendors with which we share consumer data, are unable to address privacy concerns, even if unfounded, or to comply with applicable privacy or data protection laws, regulations and policies, it could result in additional costs and liability to us, damage our reputation, inhibit sales and harm our business, financial condition, results of operations and cash flows. Additionally, there often exists a lack of transparency regarding the sources of data (including personal data) used to train or develop third-party AI technologies or how inputs are converted to outputs, and we may not be able to fully validate this process and its accuracy (particularly where it is part of a complex, multi-step process and inaccurate or incomplete information may be compounded across many steps, such as in agentic AI systems).

Our inability to successfully recover from a disaster or other business continuity event could impair our ability to deliver our products and services and harm our business.

We are heavily reliant on our technology and infrastructure to provide our products and services to our customers. For example, we host many of our products using third-party data center facilities and we do not control the operation of these facilities. These facilities are vulnerable to damage, interference, interruption or performance problems from earthquakes, hurricanes, floods, fires, power loss, telecommunications failures, pandemics and similar events. They are also subject to break-ins, computer viruses, sabotage, intentional acts of vandalism and other misconduct.

Table of Contents

If an arrangement with a third-party service provider or vendor is terminated or if there is a lapse of service or damage to its systems or facilities, we could experience interruptions in our ability to operate our platform. In the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur.

Furthermore, our business administration, human resources, compliance efforts and finance services depend on the proper functioning of our computer, telecommunication and other related systems and operations, which are highly technical and complex. A disruption or failure of these systems or operations because of a disaster, cyberattack or other business continuity event, such as a pandemic, could cause data to be lost or otherwise delay our ability to complete sales and provide the highest level of service to our customers. In addition, we could have difficulty producing accurate financial statements on a timely basis, and deficiencies may arise in our internal control over financial reporting, which may impact our ability to certify our financial results, all of which could adversely affect the trading value of our stock. There are no assurances that data recovery in the event of a disaster would be effective or occur in an efficient manner. If these systems or their functionality do not operate as we expect them to, we may be required to expend significant resources to make corrections or find alternative sources for performing these functions.

We are dependent upon Broadcom for certain engineering and threat response services, which are critical to many of our products and business.

Our Norton branded endpoint security solution has historically relied upon certain threat analytics software engines and other software (the Engine-Related Services) that have been developed and provided by engineering teams that have transferred to Broadcom as part of the Broadcom sale in 2019. The technology, including source code, at issue is shared, and pursuant to the terms of the Broadcom sale, we retain rights to use, modify, enhance and create derivative works from such technology. Broadcom has committed to provide these Engine-Related Services substantially to the same extent and in substantially the same manner, as has been historically provided under a license agreement with a limited term.

As a result, we are dependent on Broadcom for services and technology that are critical to our business, and if Broadcom fails to deliver these Engine-Related Services it would result in significant business disruption, and our business and operating results and financial condition could be materially and adversely affected. Furthermore, if our current sources become unavailable, and if we are unable to develop or obtain alternatives to integrate or deploy them in time, our ability to compete effectively could be impacted and have a material adverse effect on our business. Additionally, in connection with the Broadcom sale, we lost other capabilities, including certain threat intelligence data which were historically provided by our former Enterprise Security business, the lack of which could have a negative impact on our business and products.

Our solutions are complex and operate in a wide variety of environments, systems and configurations, which could result in failures of our solutions to function as designed.

Because we offer complex solutions, errors, defects, disruptions, or other performance problems with our solutions may occur and have occurred. For example, we may experience disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, fraud, security attacks or capacity constraints due to an overwhelming number of users accessing our websites simultaneously. As we continue to expand the number of our customers and the products and services available through our platform, we may not be able to scale our technology to accommodate the increased capacity requirements. The failure of data centers, internet service providers or other third-party service providers or vendors to meet our capacity requirements could result in interruptions or delays in access to our platform or impede our ability to grow our business and scale our operations.

To the extent we use or are dependent on any particular third-party data, technology or software, we may also be harmed if such data, technology, or software becomes non-compliant with existing regulations or industry standards, becomes subject to third-party claims of intellectual property infringement, misappropriation or other violation, or malfunctions or functions in a way we did not anticipate. Any loss of the right to use any of this data, technology or software could result in delays in the provisioning of our products and services until equivalent or replacement data, technology or software is either developed by us, or, if available, is identified, obtained and integrated, and there is no guarantee that we would be successful in developing, identifying, obtaining or integrating equivalent or similar data, technology or software, which could result in the loss or limiting of our products or services or features available in our products or services.

Negative publicity regarding our brand, solutions and business could harm our competitive position.

Our brand recognition and reputation as a trusted service provider are critical aspects of our business and key to retaining existing customers and attracting new customers. Our business could be harmed due to errors, defects, disruptions or other performance problems with our solutions causing our customers and potential customers to believe our solutions are unreliable.

Table of Contents

We may introduce, or make changes to, features, products, services, privacy practices or terms of service that customers and clients do not like, which may materially and adversely affect our brand. Our efforts to build our brand have involved significant expense, and our marketing spend may increase in the near term or in the future and may not generate or maintain brand awareness or increase revenue.

Furthermore, negative publicity, whether or not justified, including intentional brand misappropriation, relating to events or activities attributed to us, our employees, our strategic partners, our affiliates, or others associated with any of these parties, may tarnish our reputation and reduce the value of our brands. Damage to our reputation and loss of brand equity may reduce demand for our solutions and have an adverse effect on our business, operating results and financial condition. Moreover, any attempts to rebuild our reputation and restore the value of our brands may be costly and time consuming, and such efforts may not ultimately be successful.

Our reputation and/or business could be negatively impacted by sustainability and governance matters and/or our reporting of such matters.

The evolving focus from regulators, customers, certain investors, employees, and other stakeholders concerning sustainability and governance matters and related disclosures, both in the United States and internationally, has resulted in, and is likely to continue to result in, increased general and administrative expenses and increased management time and attention spent complying with or meeting sustainability-related requirements and expectations. Our business is subject to evolving reporting standards, including the recent California legislation, Voluntary Carbon Market Disclosures Act, which includes disclosure requirements relating to voluntary carbon offsets and a wide range of environmental marketing claims, and the Corporate Sustainability Reporting Directive, which requires large EU companies to make detailed disclosures in relation to certain sustainability-related issues. We maintain certain sustainability-related initiatives, goals, and/or commitments. Additionally, changing federal enforcement priorities and legal interpretations regarding diversity, equity, and inclusion programs present unknown and evolving risks.

We are affected by seasonality, which has in the past and may in the future impact our revenue and results of operations.

Portions of our business are impacted by seasonality. Seasonal behavior in orders has historically occurred in the third and fourth quarters of our fiscal year, which include the important selling periods during the holidays in our third quarter, as well as follow-on holiday purchases and the U.S. tax filing season, which is typically in our fourth quarter. Revenue generally reflects similar seasonal patterns, but to a lesser extent than orders. This is due to our subscription business model, as a large portion of our in-period revenue is recognized ratably from our deferred revenue balance. An unexpected decrease in sales over those traditionally high-volume selling periods may impact our revenue and could have a disproportionate effect on our results of operations for the entire fiscal year.

RISKS RELATED TO LEGAL AND COMPLIANCE

Our solutions are highly regulated, which could impede our ability to market and provide our solutions, increase regulatory scrutiny or adversely affect our business, financial position, results of operations and cash flows.

Our solutions are subject to a high degree of regulation, including a wide variety of international and U.S. federal, state, and local laws and regulations, such as the Fair Credit Reporting Act, the GLBA, the Consumer Financial Protection Act, the Federal Trade Commission Act (the FTC Act), and comparable state laws that are patterned after the FTC Act, the U.S. Foreign Corrupt Practices Act of 1977, U.S. domestic bribery laws, U.S. consumer protection, consumer financial services and banking laws, and U.S. and foreign anti-corruption laws.

We provide, facilitate or market consumer financial products and services, and in certain cases act as a service provider to regulated financial institutions. Therefore, we are subject to the supervisory, regulatory and enforcement authority of federal and state agencies, including the Consumer Financial Protection Bureau (CFPB), the FTC, state banking and consumer finance regulators and state attorneys general. These authorities may exercise authority with respect to our services, or the marketing and servicing of those services, through the oversight of our financial institution partners and suppliers, or by otherwise exercising their supervisory, regulatory or enforcement authority over consumer financial products and services. The regulatory frameworks applicable to our business continue to evolve, including with respect to earned wage access, lending, banking, digital financial services and related activities. If, for example, the CFPB were to expand its supervisory authority by promulgating new regulations or reinterpreting existing regulations, it is possible that the CFPB could be permitted to conduct periodic examination of our business, which may increase our risk of regulatory or enforcement actions.

We maintain a compliance program designed to enable us to comply with all applicable anti-money laundering, anti-terrorism financing and economic sanctions laws and regulations, including the Bank Secrecy Act (BSA), as amended by the USA PATRIOT Act of 2001, and its implementing regulations. This compliance program includes policies, procedures, processes and other internal controls designed to identify, monitor, manage and mitigate the risk of money laundering and terrorist financing and prevent our platform from being used to facilitate business in countries or with persons or entities that are the subject of sanctions administered by Office of Foreign Assets Control and equivalent international authorities or that are otherwise the target of sanctions. These controls include procedures and processes to detect and report potentially suspicious transactions, perform customer due diligence, respond to requests from law enforcement and meet all recordkeeping and reporting requirements related to particular transactions involving currency or monetary instruments. Certain of our subsidiaries may be “financial institutions” under the BSA that are required to establish and maintain a BSA/AML compliance program. Additionally,

Table of Contents

we are required to maintain a BSA/AML compliance program under our agreements with our third-party partners, and certain state regulatory agencies have intimated they expect such program to be in place and followed.

Additionally, we are regulated by many state regulatory agencies through licensing and other supervisory or enforcement authority, which includes regular examination by state governmental authorities. For a more detailed description of licensing, see “-- If we fail to operate in compliance with state or local licensing requirements, it could adversely affect our business, financial condition, results of operations and cash flows.”

Our wholly-owned subsidiary, ML Wealth, is registered as an investment adviser under the Investment Advisers Act of 1940 (the Advisers Act) and is subject to regulation by the SEC. The Advisers Act, together with related regulations and interpretations of the SEC, impose numerous obligations and restrictions on investment advisers, including requirements relating to the safekeeping of client funds and securities, limitations on advertising, disclosure and reporting obligations, prohibitions on fraudulent activities, restrictions on agency cross and principal transactions between an adviser and its advisory clients and other detailed operating requirements, as well as general fiduciary obligations.

U.S. federal regulators, state attorneys general or other state enforcement authorities and other governmental agencies have in the past and may in the future take formal or informal actions against us, which and could cause reputational and financial harm to our business, financial condition, results of operations and cash flows. Any weaknesses in our compliance management system may also subject us to penalties or enforcement action by the CFPB or state regulators. We have in the past, and may again in the future, enter into settlements, consent decrees and similar arrangements with the FTC, the CFPB, state attorneys generals and other state regulators, and other sovereign regulators and competition authorities such as the United Kingdom’s Competition and Markets Authority (CMA). If we fail to manage our legal and regulatory risk in the jurisdictions in which we operate, our business could suffer, our reputation could be harmed and we would be subject to additional legal and regulatory risks. This could, in turn, increase the size and number of claims and damages asserted against us and/or subject us to regulatory investigations, enforcement actions or other proceedings, or lead to increased regulatory concerns. We may also be required to spend additional time and resources on remedial measures and conducting inquiries, beyond those already initiated and ongoing, which could have an adverse effect on our business. We rely on bank partners, payment processors and other institutions with licensures we do not have to facilitate offerings.

The legal and regulatory regimes governing certain of our products and services are uncertain and evolving.

Changes in the laws, regulations and enforcement priorities applicable to our business, including reexamination of current enforcement practices, could have a material and adverse impact on our business, financial condition, results of operations and cash flows. The CFPB’s authority to change or interpret regulations adopted in the past by other regulators, or to rescind or alter past regulatory guidance, could increase our compliance costs and litigation exposure. If the CFPB or other similar regulatory bodies adopt, or customer advocacy groups are able to generate widespread support for, positions that are detrimental to our business, then our business, financial condition and results of operations could be harmed. We and/or our third-party partners may not be able to respond quickly or effectively to regulatory, legislative and other developments.

In particular, the regulatory landscape regarding earned wage access products (including our Instacash product) is uncertain and evolving given rapid growth in the use of such products in recent years. These developments may not only result in additional compliance requirements but may also be cited by private plaintiffs or plaintiffs’ attorneys as a basis for litigation, including putative class actions, alleging violations of federal or state consumer protection, lending, or unfair or deceptive acts or practices laws. As a result, we could be forced, as we have in the past, to temporarily pause, limit or

Table of Contents

permanently cease to offer our earned wage access product in certain states depending on state regulatory regimes. These changes and uncertainties make our business planning more difficult and could result in changes to our business model, impair our ability to offer our existing or planned features, products and services or increase our cost of doing business.

These changes and uncertainties make our business planning more difficult and could result in changes to our business model, impair our ability to offer our existing or planned features, products and services or increase our cost of doing business.

In addition, numerous federal and state regulators have the authority to promulgate or change regulations that could have a similar effect on our third-party partners and service providers and restrict their business practices. For example, the regulatory frameworks for an open banking paradigm and AI and machine learning technology are evolving and remain uncertain and may affect the operation of our platform and the way in which we use consumer data, AI and machine learning technology, including with respect to consumer protection laws and the laws and regulations governing financial services products. For additional information regarding risks related to the use of AI, see "--Issues in the development and deployment of AI, including generative AI, could expose us to regulatory, privacy, IP, cybersecurity, operational and reputational risks.”

If we fail to operate in compliance with state or local licensing requirements, it could adversely affect our business, financial condition, results of operations and cash flows.

Certain states and localities have adopted laws regulating and requiring licensing, registration, notice filing or other approval by parties that engage in certain activity regarding consumer financial services products such as loans and earned wage access services, life insurance and mortgage transactions, as well as brokering, facilitating and assisting such transactions in certain circumstances, and we currently hold certain state or local licenses. However, the application of some licensing laws to our platform and activities is uncertain and subject to evolving regulatory interpretations including, in particular, as the regulatory landscape regarding earned wage access products develops, as well as increased licensing requirements and regulation of parties engaged in loan solicitation activities.

If we were found to be in violation of applicable state licensing requirements by a court or a state, federal or local enforcement agency, or agree to resolve such concerns by voluntary agreement, we could be subject to or agree to pay fines, damages, injunctive relief (including required modification or discontinuation of our business in certain areas), criminal penalties and other penalties or consequences.

If we expand or modify our business activities, we may be required to obtain additional licenses, and regulators may determine that such licenses were required at an earlier time, potentially resulting in penalties or restrictions. In addition, states that currently impose limited regulation may adopt new licensing or regulatory requirements, including with respect to earned wage access or loan solicitation activities. We may not be able to obtain or maintain all required licenses on acceptable terms, or at all, which could require us to limit or discontinue certain activities. The failure to satisfy those and other regulatory requirements could materially and adversely impact our business.

Certain states may also impose licensing requirements relating to blockchain technologies and digital assets. Although we are not directly involved in the custody, trading or exchange of digital assets and instead rely on a third-party provider, regulatory frameworks governing digital assets continue to evolve and may subject us to additional licensing or compliance obligations.

Because we do not custody digital assets directly and do not maintain insurance covering such assets—and our third-party provider does not maintain separate insurance coverage for customer digital assets—customers transacting in digital assets through our platform may suffer uninsured losses with limited recourse. Any regulatory action, licensing deficiency or customer losses associated with digital asset activities could result in enforcement actions, litigation, reputational harm and adverse impacts on our business.

If loans made by our lending subsidiaries in our consumer lending business are found to violate applicable federal or state interest rate limits or other provisions of applicable consumer lending, consumer protection or other laws, it could adversely affect our business, financial condition, results of operations and cash flows.

In our consumer lending business, we have 34 subsidiaries through which we conduct our consumer lending business. These entities originate loans pursuant to state licenses or applicable exemptions under state law. The loans we originate are subject to state licensing or exemption requirements and federal and state interest rate restrictions, as well as numerous federal and state requirements regarding consumer protection, interest rate, disclosure, prohibitions on certain activities and loan term lengths. We have in the past been, are currently, and may in the future be subject to litigation, investigations, examinations and other proceedings by governmental agencies or private parties relating to the legality of certain lending products or related compliance with applicable laws. If the loans we originate were deemed subject to and in violation of certain federal or state consumer finance or other laws, including the Military Lending Act, we could be subject to fines, damages, injunctive relief (including required modification or discontinuation of our business in certain areas) and other penalties or consequences, and the loans could be rendered void or unenforceable in whole or in part, any of which could have an adverse effect on our business, financial condition, results of operations and cash flows.

Table of Contents

If we do not protect our proprietary information and prevent third parties from making unauthorized use of our products and technology, our financial results could be harmed.

Much of our software and underlying technology is proprietary, and thus we are highly dependent on our ability to protect such technology. There is no guarantee that confidentiality agreements, our procedures and copyright, patent, trademark and trade secret laws will be sufficient to protect our technology. For example, patents may not be issued from our pending patent applications and claims allowed on any future issued patents may not be sufficiently broad to protect our technology. Also, these protections may not preclude competitors from independently developing products with functionality or features similar to our products. These measures afford only limited protection, are costly to maintain and may be challenged, invalidated or circumvented by third parties. Accordingly, enforcement of our intellectual property rights may be difficult, particularly in some countries outside of North America in which we seek to market our software products and services, and the absence of internationally harmonized intellectual property laws or the lack of some laws in certain jurisdictions makes it more difficult to ensure consistent protection of our proprietary rights. For example, software piracy has been, and is expected to be, a persistent problem for the software industry, and a loss of revenue to us.

Third parties have previously and may in the future also develop similar or superior technology independently by designing around our patents. Our consumer agreements do not require a signature and therefore may be unenforceable under the laws of some jurisdictions. Any legal action to protect proprietary information that we may bring or be engaged in with a strategic partner or vendor could adversely affect our ability to access software, operating system and hardware platforms of such partner or vendor, or cause such partner or vendor to choose not to offer our products to their customers. In addition, any legal action to protect proprietary information that we may bring or be engaged in, could be costly, may distract management from day-to-day operations and may lead to additional claims against us, which could adversely affect our operating results.

In addition to registered intellectual property rights such as trademark registrations, we rely on non-registered proprietary information and technology, such as trade secrets, confidential information, know-how and technical information. The secrecy of such trade secrets and other sensitive information could be compromised, which could cause us to lose the competitive advantage resulting from these trade secrets. For example, there is a risk of employees inadvertently inputting trade secret information into Gen AI technologies, thereby enabling third parties, including our competitors, to access such information. We utilize confidentiality and intellectual property assignment agreements with our employees and contractors involved in the development of material intellectual property for us, which require such individuals to assign such intellectual property to us and place restrictions on the employees’ and contractors’ use and disclosure of our confidential information. Additionally, our contractual arrangements may be insufficient, breached or may otherwise not effectively prevent disclosure of, or control access to, our confidential or otherwise proprietary information or provide an adequate remedy in the event of an unauthorized disclosure, which could cause us to lose any competitive advantage resulting from this intellectual property. Individuals that were involved in the development of intellectual property for us or who had access to our intellectual property may make adverse ownership claims to our current and future intellectual property. Likewise, to the extent that our employees, independent contractors or other third parties with whom we do business use intellectual property owned by others in their work for us, disputes may arise as to the rights in related or resulting works of authorship, know-how and inventions.

Additionally, our efforts to enforce our intellectual property and other proprietary rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property and other proprietary rights, and if such defenses, counterclaims or countersuits are successful, it could diminish, or we could otherwise lose, valuable intellectual property and other proprietary rights. Any of the foregoing could adversely impact our business, financial condition, results of operations and cash flows.

In addition, the integration of Gen AI may also expose us to risks regarding intellectual property ownership and license rights, particularly if any copyrighted material is embedded in training models or if the output we produce is infringing intellectual property rights. In addition, the use of Gen AI in connection with the creation or development of intellectual property may present challenges in asserting ownership over the resulting output given the position of some courts and intellectual property offices in various jurisdictions that some human contribution is required for intellectual property protection of an AI-generated work.

From time to time, we are party to lawsuits and investigations, which have previously and could in the future require significant management time and attention, cause us to incur significant legal expenses and prevent us from selling our products.

From time to time, we are involved in litigation, investigations, examinations and other legal or administrative proceedings initiated by governmental agencies or private parties. These matters may involve, among other things, labor and employment, discrimination and harassment, commercial disputes, class actions, general contract and tort claims, defamation, data privacy rights, antitrust, fraud, securities (including “blue sky” laws) violations, consumer protection laws, and other regulatory or

Table of Contents

compliance issues. Such matters may adversely affect our business, financial condition, results of operations and cash flows. Refer to Note 18 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K.

Many of these legal proceedings involve alleged violations of consumer protection laws. In addition, we have in the past and may in the future be subject to litigation, claims, examinations, investigations, legal and administrative cases and proceedings related to our loan products and other financial services we provide. For instance, our membership model and some of the products and services we offer, including our earned wage access product, Instacash, are relatively novel and have been and may in the future continue to be subject to regulatory scrutiny or interest and/or litigation. Any regulatory action in the future could have a material adverse effect on our business, financial condition, results of operations and cash flows.

The defense, settlement or resolution of legal proceedings may be costly and divert management’s attention from the day-to-day operations of our business. Proceedings may evolve over time, increasing their scope or potential exposure. Additionally, in the event we did not previously accrue for such litigation or proceeding in our financial statements, we may be required to record retrospective accruals that adversely affect our results of operations and financial condition.

Finally, we may not be able to maintain insurance coverage on acceptable terms, or at all, and our insurance may not cover all risks or potential liabilities.

Third parties have claimed and additional third parties in the future may claim that we infringe their proprietary rights.

For additional information on such claims, please refer to Note 18 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K.

Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. In addition, former employers of our former, current or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. If we are not successful in defending such claims, we could be required to stop selling, delay shipments of, or redesign our solutions, pay monetary amounts as damages, enter into royalty or licensing arrangements, or satisfy indemnification obligations that we have with some of our partners. We cannot assure you that any royalty or licensing arrangements that we may seek in such circumstances will be available to us on commercially reasonable terms or at all.

Such licenses may terminate, expire or become unavailable on acceptable terms, and licensed technology may become obsolete, defective or incompatible with future versions of our offerings. Failure to comply with license terms could result in termination of rights, damages or operational disruption. If we are unable to obtain or maintain necessary third-party licenses, or if licensors impose more restrictive terms or higher fees or royalties, we may be required to modify our products, obtain alternative technology, incur increased costs or limit certain offerings. Furthermore, incorporating intellectual property or proprietary rights in our products or services licensed from or otherwise made available to us by third parties on a non-exclusive basis could limit our ability to protect the intellectual property and proprietary rights in our products and services and our ability to restrict third parties from developing, selling or otherwise providing similar or competitive technology using the same third-party intellectual property or proprietary rights

Some of our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.

Certain of our products are distributed with software licensed by its authors or other third parties under so-called “open source” licenses. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third parties certain rights of further use. By the terms of certain open source licenses, we could be required to release the source code of our proprietary software (which could include our proprietary source code or AI models) if we combine our proprietary software with open source software in a certain manner. Some open source software may include Gen AI software which may expose us to risks as the intellectual property ownership and license rights, including copyright, of Gen AI software and tools has not been fully interpreted by U.S. courts or been fully addressed by federal, state, or international regulations. In addition to risks related to license requirements, using open source software, including open source software that incorporates or relies on Gen AI, can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. We cannot be sure that all open source, including open source that incorporates or relies on Gen AI, is submitted for approval prior to use in our products. In addition, many of the risks associated with usage of open source, including open source that incorporates or relies on Gen AI, may not or cannot be eliminated and could, if not properly addressed, negatively affect our business.

Table of Contents

These claims could result in litigation and if portions of our proprietary AI models or software are determined to be subject to an open-source license, or if the license terms for the open-source software that we incorporate change, we could be required to publicly release all or affected portions of our source code, purchase a costly license, cease offering the implicated products or services unless and until we can re-engineer such source code in a manner that avoids infringement, discontinue or delay the provision of our offerings if re-engineering could not be accomplished on a timely basis or change our business activities, any of which could negatively affect our business operations and potentially our intellectual property rights and help third parties, including our competitors, develop products and services that are similar to or better than ours. In addition, the re-engineering process could require us to expend significant additional research and development resources, and we may not be able to complete the re-engineering process successfully. If we were required to publicly disclose any portion of our proprietary models, it is possible we could lose the benefit of trade secret protection for our models. Any of these risks associated with the use of open-source software could be difficult to eliminate or manage and, if not addressed, could materially and adversely affect our business, financial condition, results of operations and cash flows.

RISKS RELATED TO OUR LIQUIDITY AND INDEBTEDNESS

Our substantial indebtedness and related debt obligations could limit our financial and operating flexibility and increase our vulnerability to adverse business and economic conditions.

As of April 3, 2026, we had an aggregate of $8,275 million of outstanding indebtedness that will mature in calendar years 2027 through 2033, and $1,495 million, net of our letters of credit, available for borrowing under our revolving credit facility. See Note 10 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information on our outstanding debt. We are not able to control many of these factors. Accordingly, our cash flow may not be sufficient to allow us to pay principal and interest on our debt, including our 6.75% Senior Notes due 2027, 7.125% Senior Notes due 2030 and 6.25% Senior Notes due 2033 (collectively, the Senior Notes), and meet our other obligations. Our level of indebtedness could have other important consequences, including the following:

•We must use a substantial portion of our cash flow from operations to pay interest and principal on the Amended Credit Agreement, our existing Senior Notes, and other indebtedness, which reduces funds available to us for other purposes such as working capital, capital expenditures, other general corporate purposes and potential acquisitions;

•We may be unable to refinance our indebtedness or to obtain additional financing for working capital, capital expenditures, acquisitions or general corporate purposes;

•We have significant exposure to fluctuations in interest rates because borrowings under our senior secured credit facilities bear interest at variable rates;

•Our leverage may be greater than that of some of our competitors, which may put us at a competitive disadvantage and reduce our flexibility in responding to current and changing industry and financial market conditions;

•We may be more vulnerable to an economic downturn or recession and adverse developments in our business;

•We may be unable to comply with financial and other covenants in our debt agreements, which could result in an event of default that, if not cured or waived, may result in acceleration of certain of our debt and would have an adverse effect on our business and prospects and could force us into bankruptcy or liquidation; and

•Changes by any rating agency to our outlook or credit rating could negatively affect the value of our debt and/or our common stock, adversely affect our access to debt markets and increase the interest we pay on outstanding or future debt.

There can be no assurance that we will be able to manage any of these risks successfully. In addition, we conduct a significant portion of our operations through our subsidiaries. Accordingly, repayment of our indebtedness will be dependent in part on the generation of cash flow by our subsidiaries and their respective abilities to make such cash available to us by dividend, debt repayment or otherwise, which may not always be possible. If we do not receive distributions from our subsidiaries, we may be unable to make the required principal and interest payments on our indebtedness.

Our Amended Credit Agreement imposes operating and financial restrictions on us.

Our Amended Credit Agreement contains covenants that limit our ability and the ability of our restricted subsidiaries to:

•Incur additional debt;

•Create liens on certain assets to secure debt;

•Enter into certain sale and leaseback transactions;

•Pay dividends on or make other distributions in respect of our capital stock or make other restricted payments; and

•Consolidate, merge, sell or otherwise dispose of all or substantially all of our assets.

Table of Contents

These covenants may adversely affect our ability to finance our operations, meet or otherwise address our capital needs, pursue business opportunities, react to market conditions or may otherwise restrict activities or business plans. A breach of any of these covenants could result in a default. If a default occurs, the relevant lenders could declare the indebtedness, together with accrued interest and other fees, to be immediately due and payable and, to the extent such indebtedness is secured, proceed against any collateral securing that indebtedness.

The failure of financial institutions or transactional counterparties could adversely affect our current and projected business operations and our financial condition and result of operations.

We regularly maintain cash balances with other financial institutions in excess of the FDIC insurance limit. A failure of a depository institution to return deposits could result in a loss or impact access to our invested cash or cash equivalents and could adversely impact our operating liquidity and financial performance.

Additionally, future adverse developments with respect to specific financial institutions or the broader financial services industry may lead to market-wide liquidity shortages, impair the ability of companies to access near-term working capital needs, and create additional market and economic uncertainty. Our general business strategy, including our ability to access existing debt under the terms of our Amended Credit Agreement may be adversely affected by any such economic downturn, liquidity shortages, volatile business environment or continued unpredictable and unstable market conditions. If the current equity and credit markets deteriorate, or if adverse developments are experienced by financial institutions, it may cause short-term liquidity risk and also make any necessary debt or equity financing more difficult, more costly, more onerous with respect to financial and operating covenants and more dilutive. Failure to secure any necessary financing in a timely manner and on favorable terms could have a material adverse effect on our operations, growth strategy, financial performance and stock price and could require us to alter our operating plans.

We rely on a variety of funding sources to support our business model. If our existing funding arrangements are not renewed or replaced or our existing funding sources are unwilling or unable to provide funding to us on terms acceptable to us, or at all, it could have a material adverse effect on our business, financial condition, results of operations and cash flows.

We cannot guarantee that we will be able to extend or replace our existing funding arrangements at maturity on reasonable terms or at all. In addition, our funding sources may reassess their exposure to our industry or our business, including as a result of any significant underperformance of the consumer receivables facilitated through our platform or regulatory developments, in particular regarding earned wage access products, that impose significant requirements on, or increase potential risks and liabilities related to, the consumer receivables facilitated through our platform, and fail to renew or extend facilities or impose higher costs to access our funding. If our existing funding arrangements are not renewed or replaced or our existing funding sources are unwilling or unable to provide funding on terms acceptable to us, or at all, we would need to secure additional sources of funding or reduce our operations significantly, which could have a material adverse effect on our business, financial condition, results of operations and cash flows.

GENERAL RISKS

Adverse macroeconomic conditions have adversely affected and may continue to adversely affect the consumer finance industry and our MoneyLion business.

We operate globally and as a result our business and revenues are impacted by global macroeconomic conditions. Although inflation has moderated from recent peak levels in certain markets, it remains elevated in many regions, and interest rates in the United States and other jurisdictions remain at historically elevated levels compared to the prior decade. Central banks may maintain higher interest rates for an extended period or adjust monetary policy in response to evolving economic conditions.

In addition, adverse macroeconomic conditions may cause our MoneyLion product partners to reduce or delay their marketing and advertising expenditures on our platform, which could have a material adverse effect on our business, financial condition, results of operations and cash flows. Uncertainty and negative trends in general economic conditions, including significant tightening of credit markets, historically have created a difficult operating environment for the consumer finance industry. The timing and extent of an economic downturn may also require us to change, postpone or cancel our strategic initiatives or growth plans to pursue shorter-term sustainability. The longer and more severe an economic downturn, the greater the potential adverse impact on us, which could be material.

Many new customers on our MoneyLion platform have limited or no credit history and limited financial resources. Sustained high levels of unemployment or financial stress due to the global macroeconomic conditions, including elevated interest rates and inflation, may increase delinquencies, defaults, non-payments, foreclosures and bankruptcies with respect to our loans and earned wage access products and may reduce customer engagement with our investment and other

Table of Contents

financial services.

Fluctuations in our quarterly financial results have affected the trading price of our stock in the past and could affect the trading price of our stock in the future.

Our quarterly financial results have fluctuated in the past and are likely to vary in the future due to a number of factors, many of which are outside of our control. If our quarterly financial results or our predictions of future financial results fail to meet our expectations or the expectations of securities analysts and investors, the trading price of our outstanding securities could be negatively affected. Volatility in our quarterly financial results may make it more difficult for us to raise capital in the future or pursue acquisitions.

Factors associated with our industry, the operation of our business, and the markets for our solutions may cause our quarterly financial results to fluctuate, including but not limited to:

•Fluctuations in demand for our solutions;

•Disruptions in our business operations or target markets caused by, among other things, terrorism or other intentional acts, outbreaks of disease, or earthquakes, floods or other natural disasters;

•Entry of new competition into our markets;

•Technological changes in our markets;

•Our ability to achieve targeted operating income and margins and revenues;

•Competitive pricing pressure or free offerings that compete with one or more of our solutions;

•Our ability to timely complete the release of new or enhanced versions of our solutions;

•The amount and timing of commencement and termination of major marketing campaigns;

•The number, severity and timing of threat outbreaks and cyber security incidents;

•Loss of customers or strategic partners or the inability to acquire new customers or cross-sell our solutions;

•Changes in the mix or type of solutions and subscriptions sold and changes in consumer retention rates;

•The rate of adoption of new technologies and new releases of operating systems, and new business processes;

•Consumer confidence and spending changes;

•The outcome or impact of litigation, claims, disputes, regulatory inquiries or investigations;

•The impact of acquisitions (and our ability to achieve expected synergies or attendant cost savings), divestitures, restructurings, share repurchase, financings, debt repayments, equity investments and other investment activities;

•Changes in U.S. and worldwide economic conditions, such as economic recessions, the impact of inflation, fluctuations in foreign currency exchange rates including the weakening of foreign currencies relative to USD, which has and may in the future negatively affect our revenue expressed in USD, changes in interest rates, geopolitical conflicts and other global macroeconomic factors on our operations and financial performance;

•The publication of unfavorable or inaccurate research reports about our business by cybersecurity industry analysts;

•The success of our sustainability initiatives;

•Changes in tax laws, rules and regulations;

•Changes in tax rates, benefits and expenses; and

•Changes in consumer protection laws and regulations.

Any of the foregoing factors could cause the trading price of our outstanding securities to fluctuate significantly.

In connection with the MoneyLion acquisition, we entered into a Contingent Value Rights Agreement dated April 17, 2025 (the “CVR Agreement”) governing the terms of the CVRs. To the extent neither of the CVR Requirements are met, the CVR holders would not be entitled to receive the CVR Consideration. To the extent we are required to issue shares to the CVR holders under the CVR Agreement, our stockholders may be diluted. For additional information on our obligations under the CVR Agreement, refer to Exhibit [10.42] to this Annual Report on Form 10-K for a copy of the CVR Agreement.

Table of Contents

RISKS RELATED TO TAXES

Changes to our effective tax rate, including through the adoption of new tax legislation or exposure to additional income tax liabilities, could increase our income tax expense and reduce (increase) our net income (loss), cash flows and working capital. In addition, audits by tax authorities could result in additional tax payments for prior periods.

We are a multinational company dual headquartered in the U.S. and the Czech Republic, with our principal executive offices in Tempe, Arizona. As such, we are subject to tax in multiple U.S. and international tax jurisdictions. Our effective tax rate could be adversely affected by several factors, many of which are outside of our control, including:

•Changes to the U.S. federal income tax laws, including forthcoming regulations implementing the One Big Beautiful Bill Act and other changes to the way that our U.S. tax liability is calculated. Such changes could result in significant retroactive adjustments adding cash tax payments/liabilities if adopted;

•Changes to other tax laws, regulations, and interpretations thereof in multiple jurisdictions in which we operate. Ireland, Czech Republic and certain jurisdictions in which we operate have enacted legislation to implement Pillar Two and other countries are actively considering changes to their tax laws to adopt certain parts of the OECD’s proposals. Additionally, on June 28, 2025, the G7 released a joint statement that it had reached an understanding with the United States for a side-by-side system based on certain accepted principles, including that U.S.-parented groups would be exempt from certain provisions of Pillar Two. Furthermore, several countries have proposed or adopted digital services taxes on revenue earned by multinational companies from the provision of certain digital services, regardless of physical presence;

•Changes in the relative proportions of revenues and income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;

•Changes in the valuation of deferred tax assets and liabilities and the discovery of new information in the course of our tax return preparation process;

•The ultimate determination of our taxes owed in any of these jurisdictions is for an amount in excess of the tax provision we have recorded or reserved for;

•The tax effects of, and tax planning and changes in tax rates related to significant infrequently occurring events (including acquisitions, divestitures and restructurings) that may cause fluctuations between reporting periods;

•Tax assessments, or any related tax interest or penalties, that could significantly affect our income tax expense for the period in which the settlements take place; and

•Taxes arising in connection with changes in our workforce, corporate and legal entity structure or operations as they relate to tax incentives and tax rates.

We continue to assess the overall impact of these potential changes as developments occur and will reflect the impact of such changes in future financial statements as appropriate.

From time to time, we receive notices that a tax authority in a particular jurisdiction believes that we owe a greater amount of tax than we have reported to such authority and we are consequently subject to tax audits. Additionally, our ability to recognize the financial statement benefit of tax refund claims is subject to change based on a number of factors, including but not limited to, changes in facts and circumstances, changes in tax laws, correspondence with tax authorities, and the results of tax audits and related proceedings, which may take several years or more to resolve. We ultimately sometimes have to engage in litigation to achieve the results reflected in our tax estimates, and such litigation can be time consuming and expensive. If the ultimate determination of our taxes owed in any of these jurisdictions is for an amount in excess of the tax provision we have recorded or reserved for, our operating results, cash flows, and financial condition could be materially and adversely affected.

We generally conduct our international operations through wholly-owned subsidiaries and are or may be required to report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The amount of taxes we pay in different jurisdictions may depend on a variety of factors including the application of the tax laws of those various jurisdictions (including the U.S.) to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The relevant taxing authorities have in the past and may in the future disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.

Item 1B. Unresolved Staff Comments

None.

Table of Contents

Item 1C. Cybersecurity

Cybersecurity risk management and strategy

We maintain a cybersecurity program designed to protect our systems and data from information security risks, including regular oversight of our programs for security monitoring. Gen has a process for identifying and assessing material risks from cybersecurity threats on a regular basis that operates alongside our broader overall risk assessment process, covering all identified enterprise wide risks. Cybersecurity risk is reviewed quarterly with management and with the board of directors. In addition, we regularly perform evaluations (including independent third-party evaluations) of our security program and our information technology infrastructure and information security management systems. Our processes also address the identification, assessment, and management of cybersecurity threat risks from our use of third-party service providers and other external vendors that support our products, services and internal operations.

Our information security management system is based upon industry frameworks including but not limited to ISO 27001 and NIST Cybersecurity Framework. Our Chief Information Security Officer (CISO) leads our cybersecurity program, which includes the implementation of controls designed to align with these industry frameworks and applicable statutes and regulations. Our CISO has over 30 years of prior work experience in various roles involving managing information security programs, developing cybersecurity strategy, implementing effective information and cybersecurity initiatives and has been the Head of IT Audit, CISO and CIO at three other companies prior to Gen Digital. He has a Bachelor of Science in Computer Information Systems. We have implemented security monitoring capabilities designed to alert us to suspicious activity and developed an incident response program that includes an annual table top exercise and is designed to restore business operations quickly. In addition, employees participate in mandatory annual training and receive communications regarding the cybersecurity environment to increase awareness throughout the company. We also implemented an enhanced annual training program for specific specialized employee populations, including secure coding training.

Governance

The Audit Committee of the Board has direct oversight to the Company’s (1) technology strategy, initiatives, and investments and (2) key cybersecurity information technology risks against both internal and external threats. The Audit Committee considers information technology risks in connection with cybersecurity incidents overseeing our enterprise technology, and reports to the Board on enterprise risk management matters on a quarterly basis. We have processes in place for management to report security instances to the Audit Committee as they occur, if material, and to provide a summary multiple times per year of other incidents to the Audit Committee. Additionally, our CISO attends each Audit Committee meeting and meets regularly with the Board of Directors to brief them on technology and information security matters. We carry insurance that provides protection against some of the potential losses arising from a cybersecurity incident. In the last fiscal three years, we have not experienced any material information security breach incidences and the expenses we have incurred from information security breach incidences were immaterial. This includes penalties and settlements, of which there were none.

” included as part of ”Risk Factors” in Item 1A of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
RAMP	19 minutes ago
MCHP	25 minutes ago
HLNE	35 minutes ago
CRUS	54 minutes ago
AGYS	54 minutes ago
WMS	an hour ago
GEN	an hour ago
THR	3 hours ago
RL	6 hours ago
ALGM	8 hours ago
ELF	23 hours ago
DT	23 hours ago
VIIQ	23 hours ago
FLEX	1 day ago
ENS	1 day ago
VFC	1 day, 5 hours ago
IMVT	1 day, 9 hours ago
ROIV	1 day, 9 hours ago
HAE	1 day, 10 hours ago
AREC	1 day, 22 hours ago
CETI	1 day, 22 hours ago
EDUC	2 days ago
CSWC	2 days ago
EXP	2 days ago
NXT	2 days ago
JHX	2 days ago
DRVN	2 days ago
DOCS	2 days ago
KCRD	2 days, 7 hours ago
UAA	2 days, 8 hours ago
IHT	2 days, 8 hours ago
FATN	3 days ago
LVPA	3 days, 2 hours ago
RBC	6 days, 1 hour ago
AIXN	6 days, 2 hours ago
BOOT	6 days, 23 hours ago
RMTG	6 days, 23 hours ago
OZSC	6 days, 23 hours ago
PBH	1 week ago
NTCT	1 week ago
HWKN	1 week, 1 day ago
RPDL	1 week, 1 day ago
GAIN	1 week, 2 days ago
EA	1 week, 3 days ago
ITOX	1 week, 3 days ago
GRAF	1 week, 3 days ago
CVLT	1 week, 3 days ago
WYGC	1 week, 6 days ago
DXC	1 week, 6 days ago
MCK	1 week, 6 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - GEN

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - GEN

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing