American Tower (AMT) Risk Analysis

Our industries are highly competitive and our customers have numerous alternatives in leasing communications infrastructure assets. Competition due to pricing or alternative contractual arrangements from peers could materially and adversely affect our lease rates. We may not be able to renew existing customer leases or enter into new customer leases, or if we are able to renew or enter into new leases, they may be at rates lower than our current rates or on less favorable terms than our current terms, resulting in an adverse impact on our results of operations and growth rate. During the year ended December 31, 2025, churn was approximately 2% of our tenant billings. An increase in our future churn rate resulting from non-renewal, or renegotiations at less favorable terms than our current rates, from one or more of our larger customers could materially and adversely impact our growth rate and revenue. In addition, some of our data center competitors may have significant advantages over us, including greater name recognition, longer operating histories, lower operating costs, lower levels of leverage, pre-existing relationships with current or potential customers, greater financial, marketing and other resources, access to better networks and access to less expensive power. These advantages could allow our data center competitors to respond more quickly or effectively to strategic opportunities and, as a result, we may lose existing or potential data center customers, incur costs to improve our data centers or be forced to reduce our rental rates. These risks are compounded by the fact that a significant percentage of our data center customer leases expire every year.

A significant reduction in leasing demand for our communications infrastructure would materially and adversely affect our business, results of operations or financial condition. Factors that may affect such demand include: - the ability and willingness of wireless and cloud service providers to maintain or increase capital expenditures on network infrastructure;- the financial condition of communications service providers;- increased mergers, consolidations or exits that reduce the number of communications service providers or increased use of network sharing among governments or communications service providers;- a decrease in demand for wireless or colocation services, including due to general economic conditions, changes in global tariff or trade policies or regulations, disruption in the financial and credit markets or global social, political or health crises, inflation, slowing growth, high interest rates or recession;- delays or changes in the deployment of next generation wireless technologies;- technological changes, including artificial intelligence ("AI"), wireless equipment changes, satellite technology and an increase in the use of radio access network ("RAN") sharing among wireless service providers;- zoning, environmental, health, tax or other government regulations or changes in the application and enforcement thereof; and - governmental licensing of spectrum or restriction or revocation of our customers' spectrum licenses.

As part of our normal business activities, including in our data centers, we rely on energy systems, cooling systems, communication networks, information technology and other computing resources, and collect, store, manage and otherwise process third-party data, including our customers' data, our vendors' data and our own data. We are vulnerable to physical or cybersecurity breaches, attacks, computer viruses, ransomware, malware, fraud, worms, adverse impacts of artificial intelligence, social engineering, denial-of-service attacks, malicious software programs, insider threats, unauthorized access and other cybersecurity incidents that could disrupt our, our customers' or our vendors' operations, expose us to liability and have a material adverse effect on our financial performance and operating results. These threats may result from human error, equipment failure, fraud or malice on the part of employees or third parties. A party who is able to compromise the security measures on our or our vendors' networks or the security of our communications infrastructure could misappropriate our proprietary information or the personal information of our customers, our vendors, our employees or management, or cause interruptions or malfunctions in our operations or our customers' operations. As we provide assurances to our customers that we provide a high level of security, such a compromise could be particularly harmful to our brand and reputation. We may be required to expend significant capital and resources to address any breaches, protect against such threats or to alleviate problems caused by security breaches. Globally, the frequency, severity and sophistication of cybersecurity incidents have increased, and these trends will likely continue, especially during times of geopolitical tension or instability among countries from which a number of recent cybersecurity events have been alleged to have originated. Such cyber-attacks could be in the form of espionage, phishing campaigns and otherwise. Additionally, the use of AI technologies has led to increased exposure to cybersecurity threats globally. AI systems may be used by threat actors to exploit vulnerabilities more efficiently or to facilitate increasingly sophisticated cyberattacks, any of which could result in data breaches, operational disruptions or liability. We are continuously evaluating and enhancing our cybersecurity and information security systems and creating new systems and processes. However, there can be no assurance that these measures are or will be effective in preventing or limiting the impact of future cybersecurity incidents. As techniques used to breach security grow in frequency and sophistication, and are generally not recognized until launched against a target, we, or our vendors, may not be able to promptly detect that a cyber breach has occurred or implement security measures in a timely manner. If and when implemented, we, or our vendors, may not be able to determine the extent to which these measures could be circumvented. Any breaches that may occur could expose us to increased risk of lawsuits, regulatory penalties, loss of existing or potential customers, damage relating to loss of proprietary information, harm to our reputation and increases in our security costs or related insurance, which could have a material adverse effect on our financial performance and operating results. We offer managed services in certain of our data centers where we provide "remote hands" services for our customers. The access to our customers' networks and data, which is gained from these services, creates some risk that our customers' networks or data will be improperly accessed. If we were held responsible for any such breach, it could result in a significant loss to us, including damage to our customer relationships, harm to our brand and reputation and legal liability. Additionally, while we maintain insurance coverage for cybersecurity incidents, we may not have adequate insurance to cover the associated costs in the event of a breach resulting in loss of data, such as personally identifiable information or other such data protected by data privacy or other laws, and we may be liable for damages, fines and penalties for such losses under applicable regulatory frameworks. Although we and our vendors have disaster recovery programs and security measures in place, if our computer systems and our backup systems are compromised, degraded, damaged, breached or otherwise cease to function properly, we could suffer interruptions in our operations, including our ability to correctly record, process and report financial information, our customers' network availability may be impacted or we could unintentionally allow misappropriation of proprietary or confidential information (including information about our customers or landlords, or customer information on our fiber, data center or managed networks businesses), which could result in a loss of revenue, damage to our reputation, damage to our customer and vendor relationships, litigation, regulatory investigations and penalties under existing or future data privacy laws and require us to incur significant costs to remediate or otherwise resolve these issues.

Our use of TRSs enables us to engage in non-REIT qualifying business activities. Under the Code, no more than 20% (25% beginning in 2026) of the value of the assets of a REIT may be represented by securities of one or more TRSs and no more than 25% of the value of the assets of the REIT may be represented by non-qualifying assets (including securities of one or more TRSs). This limitation may hinder our ability to make certain attractive investments or take advantage of acquisition opportunities, including the purchase of non-qualifying assets, the expansion of non-real estate activities and investments in the businesses to be conducted by our TRSs, and to that extent limit our opportunities and our flexibility to change our business strategy. Further, as a REIT, we must distribute to our stockholders an amount equal to at least 90% of our REIT taxable income (determined before the deduction for distributed earnings and excluding any net capital gain). To meet our annual distribution requirements, we may be required to distribute amounts that may otherwise be used for our operations, including amounts that may otherwise be invested in future acquisitions, capital expenditures or repayment of debt. As no more than 25% of our gross income may consist of dividend income from our TRSs and other non-qualifying types of income, our ability to receive distributions from our TRSs may be limited, which may impact our ability to fund distributions to our stockholders or to use income of our TRSs to fund other investments. In addition, the majority of our income and cash flows from our TRSs are generated from our international operations. In many cases, there are local withholding taxes and currency controls that may impact our ability or willingness to repatriate funds to the United States to help satisfy REIT distribution requirements. Additionally, to the extent we have excess cash in foreign locations that could be used in, or is needed by, our U.S. or foreign operations, we may incur significant foreign taxes to repatriate these funds, which would reduce the net amount ultimately available for such purposes.

Efforts to regulate greenhouse gas emissions, the use of fossil fuels or requirements to use alternative fuel to power energy resources that serve our data centers or the generators we use in our emerging markets to deliver primary power to our customers may have direct or indirect effects on our business by increasing the cost of compliance. Although in the United States, the current administration has taken steps to reconsider many greenhouse gas initiatives (including reporting and disclosure requirements), there is an increased focus by many foreign (including the European Union), state (including California and New York) and local governments, regulators, investors, employees, customers and other stakeholders regarding environmental and energy policies relating to climate change, greenhouse gas emissions and other climate-related matters, including policies related to disclosure requirements. Accordingly, we will need to be prepared to contend with overlapping, yet distinct, climate-related disclosure requirements in multiple jurisdictions. Although a reduction in greenhouse gas emissions standards and reporting obligations in the U.S. may be possible at the federal level in the short-term, foreign and state governmental initiatives are becoming more stringent and may require us and our customers to make capital expenditures, such as investing in internal compliance systems and investments in personnel, which would result in increased costs for us and our customers. Failure to comply with applicable laws and regulations or other requirements imposed on us could also lead to fines and/or lost revenue.