Birkenstock Holding plc (BIRK) Risk Factors

The footwear, skincare, accessories and sleep system industries are very competitive, and we expect to continue to face intense competitive pressures. Competitive factors that affect our market position include our ability to predict and respond to changing consumer preferences, trends and tastes in a timely manner (see also "-Our business is subject to changes in consumer preferences, and if we are unsuccessful in adapting to any such changes, it may adversely impact our business."), our ability to continue marketing and developing new products that appeal to consumers, our ability to accurately predict customer demand and ensure product availability, the strength and recognition of the BIRKENSTOCK brand, our ability to price our products competitively, our ability to manage the impact of the rapidly changing retail environment and the expansion of our online presence, our ability to adapt to changes in technology, and our marketing and content distribution efforts. Our competitors may have significantly greater financial resources, more developed consumer and customer bases or more appealing products, more comprehensive product lines and greater distribution capabilities, and may spend substantially more on product advertising, marketing and endorsements. Our competitors may also own more recognized brands, implement more effective marketing campaigns, adopt more aggressive pricing policies, make more attractive offers to potential employees and distribution partners, have a larger online presence or respond more quickly to changes in consumer preferences. Some of our competitors may be better able to take advantage of market opportunities and withstand market downturns better than we can. For example, we face competition from established competitors in Asia and the Middle East, where we are a relatively new market entrant. Additionally, the general availability of offshore footwear manufacturing capacity and changes in technology allow for rapid expansion by competitors and new entrants in the footwear market. The majority of our branded peers have outsourced large parts of their value chain to third-party manufacturers in Asia, which may enable competitors to sustain more aggressive pricing policies compared to ours. We may be unable to compete successfully in the future, and increased competition may result in price reductions, reduced gross profit margins, loss of market share and an inability to generate cash flows that are sufficient to maintain or expand our development, which could have a material adverse effect on our business, financial condition and results of operations. See also "-Counterfeit or "knock-off" products, as well as products that are "inspired-by-BIRKENSTOCK," may siphon off demand we have created for our brand, and may result in customer confusion, harm to our brand, a loss of our market share or a decrease in our results of operations."

Our business and financial performance is largely dependent on the image, perception and recognition of the BIRKENSTOCK brand, which, in turn, depends on many factors such as the distinctive character and quality of our products and product design, the image and presentation of our online and retail stores, our social media and content distribution activities, public relations and marketing and our general corporate and market profile, which can be, and have been from time to time, adversely affected for reasons within and outside our control. For example, our products can be actively or mistakenly presented in a specific context not related to our brand (e.g., ethically, religiously, politically); we could experience, and have experienced from time to time, customer dissatisfaction through our customer service in our DTC or B2B channels; we could have, and have had from time to time, issues with our suppliers, such as quality control problems, affecting the quality of our products or our reputation; and we could be, and have been from time to time, the subject of negative publicity, including inaccurate adverse information. Our brand value also depends on our ability to maintain positive consumer perception of our corporate integrity and culture, including with regard to the sustainability of our products. Negative claims or publicity involving us or our products, the third-party brands we partner with for collaborations or the production methods of any of our suppliers or the materials we or they source or use could seriously damage our reputation and brand image, regardless of whether such claims or publicity are accurate. In addition, we have been increasing our online presence through our expanding e-commerce business. Our social media presence amplifies consumer engagement with the BIRKENSTOCK brand; however, it reduces our control over brand perception due to the proliferation of consumer comments and hashtags and, thus, our brand could become associated with content that is not aligned with our values. Customers may provide feedback and public commentary about our products and other aspects of our business online through social media platforms and any negative information concerning us, whether accurate or not, may cause harm to our brand without affording us an opportunity for redress or correction. Social media influencers or other endorsers of our products could engage in behavior that reflects poorly on our brand, the occurrence of which is beyond our control, and their behavior may be attributed to or associated with us or otherwise adversely affect us. In connection with, and subsequent to, our IPO, we experienced a significant growth in media coverage. Our brand reputation could be harmed if it becomes associated with negative media, such as if we or our senior executives were to take positions on social or other issues that may be unpopular with some consumers, which may impact our ability to attract or retain customers. Our brand reputation could also be harmed if we experience a cyber-attack or loss of consumer data. Adverse publicity could undermine consumer confidence in the BIRKENSTOCK brand and reduce demand for our products, even if such publicity is unfounded. Moreover, our transformation from a historically family-owned German company to a publicly held company listed on a U.S. stock exchange may negatively impact our reputation. Any failure to maintain favorable brand recognition could have a material adverse effect on our business, financial condition and results of operations.

As we market, sell and manufacture our products in many countries, we face a variety of risks generally associated with doing business in international markets and importing merchandise from these regions, including, among others, changes in the rate of economic growth, the impact or expected impact of elections (including the general election in Germany in February 2025), political instability resulting in the disruption of trade, trade disputes, expropriation or other governmental action, quotas and other trade regulations, export license requirements, delays associated with customs procedures, including increased security requirements applicable to foreign goods and measures related to pandemics, social unrest, war, terrorist activities or other armed conflicts, imposition of confiscatory taxation or adverse taxes, other charges and restrictions on imports, currency and exchange rate risks, changes in double taxation treaties, risks related to labor practices increasing minimum wages and inflationary pressures, national and regional labor strikes, bribery and corruption, environmental matters or other issues in the countries or factories in which our products are manufactured, risk of loss at sea or other delays in the delivery of products caused by transportation problems and increased costs of transportation. We also sell our products and have operations in emerging markets, including Brazil, India and certain countries in Africa. Our operations in countries with less developed or less predictable legal systems present several risks, including legal uncertainty, bribery and corruption, civil disturbances, economic and governmental instability, differing business and operating practices, differing consumer behaviors and preferences and the imposition of exchange controls. The uncertainty of the legal environment in these countries, in particular with respect to the enforcement of IP rights, could limit our ability to enforce our rights and grow our business. In addition, we or any of our distributors or wholesale partners may be subject to legal proceedings regarding bribery and corruption in these countries, and we are unable to monitor the lawful conduct of our distributors and wholesale partners' operations. Any of these risks could have a material adverse effect on our business, financial condition and results of operations.

We heavily rely on multiple and, in certain cases, older IT systems and networks to support our e-commerce business and for research, procurement, manufacturing, sales, logistics, business and other processes, including, among others, inventory tracking and transaction recording and processing. The consistent, efficient and secure operation of our IT systems and networks is therefore critical to the successful performance of our operations and the products we sell. We continue to utilize various legacy hardware, software and operating systems, which have been from time to time, and in the future may be, vulnerable to increased risks, including the risk of system failures and disruptions. If such systems are not successfully upgraded or replaced in a timely manner, system outages, disruptions or delays or other issues may arise. From time to time, we upgrade our IT systems and networks, which may divert the efforts and attention of our management and personnel across the business. We must also successfully integrate the technology systems of any acquired companies into our existing and future technology systems, including those of our customers, vendors, suppliers and other third-party service providers. If a new system does not function properly or is not adequately supported by third-party service providers and processes, it could negatively affect our ability to produce, process and deliver customer orders and process and receive payments for our products. Despite IT maintenance and security measures, our IT systems and networks are exposed to the risk of malfunctions and interruptions from a variety of sources, including equipment damage, deficient database design, power outages, computer viruses, malware, ransomware, cyber attacks and a range of other hardware, software and network problems. We have experienced temporary outages in our IT systems in the past. Although we have countermeasures in place to prevent malfunctions and interruptions, any such malfunctions or interruptions could compromise the operational integrity of these systems and networks should our countermeasures fail in the future. In addition, we rely on systems and websites that allow for the secure storage and transmission of proprietary or confidential information regarding our consumers, customers, suppliers, employees and others, including credit card data and other personal information. We also store data in third-party data centers and use third-party servers or applications by means of cloud computing. As the importance of our e-commerce business continues to increase, the salience of this risk has increased. Our systems, websites, data (wherever stored), software or networks and those of third parties (including data centers), are vulnerable to security breaches, including unauthorized access (from within our organization or by third parties), computer viruses or other malicious code and other cyber threats that could have a security impact. We may not be able to anticipate evolving techniques used to effect security breaches (which change frequently and may not be known until launched), or prevent attacks by hackers, including phishing or other cyber-attacks, or prevent breaches due to employee error or malfeasance, in a timely manner or at all. Cyber-attacks have become far more prevalent in the past few years, potentially leading to the theft or manipulation of confidential and proprietary information or loss of access to, or destruction of, data on our or third-party systems, as well as interruptions or malfunctions in our or third parties' operations. In addition, our IT systems and networks and those of third parties with which we work have been in the past, and in the future may be, the target of cyber-attacks or other security breaches. For instance, we use order, fulfillment and customer relationship management systems as part of our e-commerce operations and other sales channels and human resource management systems as part of our employee services and payroll processes, and such systems may be subject to security breaches. While we implement mitigation measures from time to time as we identify new threats and risks, we cannot assure you that such measures will be effective or that breaches or other cyber-attacks, including industrial espionage or ransomware attacks, will not occur in the future. Failure to effectively prevent, detect and remediate security breaches, including attacks on our IT infrastructure by hackers, viruses, employee error or misconduct or other disruptions could seriously harm our operations and the operations of our customers. Such breaches may result, among other things, in unauthorized access to trade secrets, confidential business information and personal information, data losses, business interruptions, non-compliance with legal requirements, legal claims or proceedings, deterioration in customer relationships and reputational harm. See also "-We are subject to various Privacy Laws and regulations governing the use and processing of personal data, and any failure to protect this data and/or sensitive/confidential information could harm our reputation and expose us to litigation." In addition, due to the constantly evolving nature of security threats, we cannot predict the form and impact of any future incident, and the cost and operational expense of implementing, maintaining and enhancing protective measures to guard against increasingly complex and sophisticated cyber threats could increase significantly. To the extent we integrate artificial intelligence ("AI") into our operations, this may increase the cybersecurity and privacy risks, including the risk of unauthorized or misuse of AI tools, we are exposed to, and threat actors may leverage AI to engage in automated, targeted and coordinated attacks of our systems. While we regularly review our network security, backup and disaster recovery, enhanced training and other security measures to protect our systems and data, these measures cannot provide absolute security or guarantee that we will be successful in preventing or responding to every breach or disruption on a timely basis. Furthermore, certain measures we may undertake to update our IT systems and networks may be subject to works councils' co-determination rights. While works councils have been co-operative in the past, a potentially extensive exercise of these co-determination rights may result in operational difficulties and in us being prevented from implementing planned policy or IT system changes. See "-Risks Related to Our Employees and Operations-We are dependent on good relationships with our employees and employee representative bodies and stakeholders." Finally, although risk management is primarily the responsibility of the Company's management, our board of directors is responsible for overseeing management's identification, monitoring and management of risk. In particular, our board of directors, through its audit committee, is responsible for oversight of cybersecurity risks and our management is responsible for day-to-day risk management processes. Our board of directors has tasked management with the responsibility to manage our cybersecurity initiatives, including with respect to the Company's supply chain, suppliers and service providers. Our board of directors, with or potentially through its audit committee, expects to receive regular reports from management on material cybersecurity risks and the degree of the Company's exposure to those risks. Management has worked, and expects to continue to work, with third-party service providers, as appropriate, to monitor and, as appropriate, respond to cybersecurity risks. However, we cannot guarantee that these risk management processes will be effective at mitigating the risk to our IT systems and networks described above. See also "Item 16K. Cybersecurity." Any disruptions of our IT systems, including as a result of cyber-attacks and industrial espionage, may disrupt operations, or result in legal liability. The materialization of any of the above risks could have a material adverse effect on our business, financial condition and results of operations.