The Hershey Company (HSY) Risk Analysis

The global confectionery and snacks packaged goods industry is intensely competitive and consolidation in this industry continues. Some of our competitors are large private companies, as well as large retailers, that have significant resources and substantial international operations. We continue to experience increased levels of in-store activity for other snack items, which has pressured confectionery category growth. In order to protect our existing market share or capture increased market share in this highly competitive retail environment, we may be required to increase expenditures for promotions and advertising, and must continue to introduce and establish new products. Due to inherent risks in the marketplace associated with advertising and new product introductions, including uncertainties about trade and consumer acceptance, increased expenditures may not prove successful in maintaining or enhancing our market share and could result in lower sales and profits. In addition, we may incur increased credit and other business risks because we operate in a highly competitive retail environment. Furthermore, artificial intelligence ("AI") technologies have developed rapidly, and our business may be adversely affected if we cannot successfully integrate AI into our business in a timely, cost-effective, and compliant manner. Our competitors may incorporate AI into their business more successfully than us, which could have an adverse effect on our competitive position, reputation and operations.

We operate in highly competitive markets and rely on continued demand for our products. To generate revenues and profits, we must sell products that appeal to our customers and to consumers. Our continued success is impacted by many factors, including the following: - Effective retail execution;- Appropriate advertising campaigns and marketing programs;- Our ability to secure adequate shelf space at retail locations;- Our ability to drive sustainable innovation and maintain a strong pipeline of new products in the confectionery and broader snacking categories;- Our ability to react to changes in product category and channel consumption;- Our response to consumer demographics and trends, including but not limited to, trends relating to store trips and the impact of the growing digital commerce channel; and - Consumer health and wellness concerns, including weight management (i.e., use of medications, dieting) and the consumption of certain ingredients. There continues to be competitive product and pricing pressures in the markets where we operate, as well as challenges in maintaining profit margins. We must maintain mutually beneficial relationships with our key customers, including retailers and distributors, to compete effectively. Our largest customer, McLane Company, Inc., accounted for approximately 27% of our consolidated net sales in 2025. McLane Company, Inc. is one of the largest wholesale distributors in the United States to convenience stores, drug stores, wholesale clubs and mass merchandisers, including Wal-Mart Stores, Inc.

In order to sell our iconic, branded products, we need to maintain a good reputation with our customers, consumers, suppliers, vendors and employees, among others. Issues related to the quality and safety of our products, ingredients or packaging could jeopardize our Company's image and reputation. We have in the past recalled or removed certain products from store shelves, and may in the future need to do so again in the future. Negative publicity related to these types of concerns, or related to product contamination or product tampering, whether valid or not, could decrease demand for our products or cause production and delivery disruptions. In addition, negative publicity related to our environmental, social or governance practices could also impact our reputation with customers, consumers, suppliers, and vendors. We have been in the past and in the future could potentially be subject to litigation or government actions as a result of issues or concerns relating to the quality and safety of our products, ingredients or packaging, human and workplace rights, and other environmental, social or governance matters, which could result in payments of fines or damages. Costs associated with these potential actions, as well as the potential impact on our reputation or ability to sell our products, could negatively affect our operating results.

Our operations are impacted by consumer spending levels and impulse purchases, which are affected by general macroeconomic conditions, consumer confidence, employment levels, the availability of consumer credit and interest rates on that credit, consumer debt levels, energy costs and other factors. Volatility in food and energy costs, sustained global recessions, broad political instability, rising unemployment, pandemic, or other outbreaks of disease, climate change, weather, natural and other disasters, changing consumer demand, and declines in personal spending can adversely impact our revenues, profitability, and financial condition. Changes in financial market conditions may make it difficult to access credit markets on commercially acceptable terms, which may reduce liquidity or increase borrowing costs for our Company, our customers and our suppliers. A significant reduction in liquidity could increase counterparty risk associated with certain suppliers and service providers, resulting in disruption to our supply chain and/or higher costs, and could impact our customers, resulting in a reduction in our revenue, or a possible increase in bad debt expense.

In 2025, 2024 and 2023, respectively, we derived approximately 12.3%, 12.8% and 12.7% of our net sales from customers located outside of the United States. Additionally, approximately 16% of our total long-lived assets were located outside of the United States as of December 31, 2025. As part of our strategy, we have made investments outside of the United States, particularly in Canada, Malaysia, Mexico, Brazil, and India. As a result, we are subject to risks and uncertainties relating to international sales and operations, including: - The inability to manage operational stability and business resiliency within our international markets due to unforeseen global economic and environmental changes resulting in business interruption, supply constraints, inflation, deflation or decreased demand;- The inability to establish, develop and achieve market acceptance of our global brands in international markets;- Difficulties and costs associated with compliance and enforcement of remedies under a wide variety of complex laws, treaties and regulations;- Unexpected changes in regulatory environments;- Political and economic instability, including the possibility of civil unrest, terrorism, mass violence or armed conflict;- Nationalization of our properties by foreign governments;- Tax rates that may exceed those in the United States and earnings that may be subject to withholding requirements and incremental taxes upon repatriation;- Potentially negative consequences from changes in tax laws;- The imposition of tariffs on U.S. imports and retaliatory tariffs in response, quotas, trade barriers, other trade protection measures and import or export licensing requirements;- Increased costs, disruptions in shipping or reduced availability of freight transportation;- The impact of currency exchange rate fluctuations between the U.S. dollar and foreign currencies;- Failure to gain sufficient profitable scale in certain international markets resulting in an inability to cover manufacturing fixed costs or resulting in losses from impairment or sale of assets; and - Failure to recruit, retain and build a talented and engaged global workforce. Some of the risks of operating internationally have negatively affected our financial condition and results of operations, including the imposition of tariffs on U.S. imports and associated retaliatory tariffs. If we are not able to achieve our projected international growth objectives and mitigate the numerous risks and uncertainties associated with our international operations, there could be a negative impact on our financial condition and results of operations.

Climate and broader environmental-related changes can increase variability in, or otherwise impact, natural disasters, including weather patterns, with the potential for increased frequency and severity of significant weather events, natural hazards, rising mean temperature and sea levels, and long-term changes in precipitation patterns. Climate change or weather-related disruptions to our supply chain can impact the availability and cost of materials needed for manufacturing, which may increase insurance and other operating costs. Increased focus on the financial impacts of environment and climate change has led to evolving legislative and regulatory efforts to deal with potential causes and adverse impacts of climate change, including regulation of GHG emissions. Laws and regulations related to GHG emissions and other climate or environmental related concerns may adversely affect us, our suppliers and our customers, and may require the Company to invest in additional capital investments to maintain compliance. Our value chain faces similar challenges as our products rely on agricultural ingredients and a global supply chain. Climate and broader changes in the environment pose a significant and increasing risk to global food production systems and to the safety and resilience of the communities where we live, work and source our ingredients. The GHG impacts of land-use change are most pronounced in our cocoa supply chain, where we have already been working for several years to prevent deforestation and build climate and ingredient resilience. Additionally, any non-compliance with legislative and regulatory requirements could negatively impact our reputation and ability to do business. Investors, customers, advisory services, government regulators, and other market participants may be focused on the environmental or sustainability practices, disclosures and performance of companies. We believe our sustainability practices, disclosures and performance are focused on the most material risks and opportunities to our business and support our environmental goals and continue to evolve to meet the growing needs of our stakeholders. However, if our environmental goals do not meet investor or other external stakeholder expectations and standards, our access to capital may be negatively impacted. An enforcement action for non-compliance with regulations or reporting requirements could harm our reputation, financial position and ability to grow. A failure to meet investor or other external stakeholder expectations or standards may adversely affect our results of operations, ability to manage our liquidity, or ability to implement our strategies. The Company publishes its environmental goals, with a particular focus on achieving an absolute reduction in our Scope 1 and 2 GHG emissions, Forest Land and Agriculture ("FLAG") emissions, and non-FLAG emissions consistent with global environmental standards. The costs of our voluntary commitments may be greater than expected, and there can be no assurance the Company will achieve its goals, or meet the evolving sustainability expectations and standards of our investors or other external stakeholders. Any failure to achieve our goals, a perception of our failure to act responsibly with respect to the environment, or failure to respond to new or evolving legal and regulatory requirements or other sustainability concerns could adversely affect our business, reputation and increase risk of litigation. The effects and costs of environmental impacts, or any failure to meet related requirements and expectations, could have a negative impact on our reputation, financial condition and results of operations.

Information technology is critically important to our business operations. We use information technology to manage all business processes including manufacturing, financial, logistics, sales, marketing and administrative functions. These processes collect, interpret, and distribute business data and communicate internally and externally with employees, suppliers, customers, and other third parties. We, and our third-party service providers, are regularly the target of rapidly evolving cyber threats, including denial of service attacks, ransomware, spyware, misinformation, phishing/smishing/vishing attacks, business compromise attacks, typosquatting, automated attacks, employee errors, negligence or malfeasance, the use of malicious codes or worms, payment fraud, and other unauthorized occurrences on, or conducted through, our or our third-party service providers' information systems and networks. Therefore, we continuously monitor and update our information technology networks and infrastructure to prevent, detect, address, and mitigate the risk of unauthorized access, misuse, computer viruses, and other events that could have a security impact. We invest in industry standard security technology to protect the Company's data and business processes against risk of data security breach and cyber attack. Our data security management program includes identity, trust, vulnerability, and threat management business processes as well as adoption of standard data protection policies. We measure our data security effectiveness through industry-accepted methods and remediate significant findings. Additionally, we certify our major technology suppliers and any outsourced services through accepted security certification standards. We maintain and routinely test backup systems and disaster recovery, along with external network security penetration testing by an independent third party as part of our business resiliency preparedness. We also have processes in place to prevent disruptions resulting from our implementation of new software and systems. Employees are trained annually on cybersecurity wellness and our acceptable use policy and we have implemented phishing simulations to increase awareness and compliance. We also currently maintain a cyber insurance policy that provides coverage for security breaches; however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks, and other related breaches. We have been subject to cyber attacks, ransomware, and other security breaches, though these incidents historically have not had a significant impact on our business operations. The techniques that are used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently and may be difficult to detect for long periods of time, and the sophistication of efforts by hackers to gain unauthorized access to information systems has continued to increase in recent years and may continue to do so. AI technologies may amplify certain existing technology-related risks such as cybersecurity threats, data privacy concerns, and intellectual property challenges. Despite continued vigilance in these areas, disruptions in or failures of information technology systems are possible and could have a negative impact on our operations or business reputation. Failure of our systems, including failures due to cyber attacks, ransomware or other security breaches that would prevent the ability of systems to function as intended, could cause transaction errors, loss of customers and sales, and could have negative consequences to our Company, our employees and those with whom we do business. This in turn could have a negative impact on our financial condition and results or operations. In addition, the cost to remediate any damages to our information technology systems suffered as a result of a cyber attack, ransomware or other security breach could be significant.

We rely extensively on information systems and technology to manage our business and summarize operating results. We operationalized the final phase of our multi-year implementation of a new global enterprise resource planning ("ERP") system in April 2024, by implementing the new system in the North America Confectionery segment and select business units included in our International segment. This ERP system replaced our legacy operating and financial systems and is designed to accurately maintain the Company's financial records, enhance operational functionality and provide timely information to the Company's management team related to the operation of the business. The ERP system implementation process has required, and will continue to require, the investment of significant personnel and financial resources as we support post-implementation efforts and system functionality. We may not be able to successfully support post-implementation efforts without experiencing delays, increased costs, and other difficulties. Any disruptions or difficulties in using our ERP system could result in harm to our business,including our ability to forecast, manufacture or facilitate the shipment of our product, record net sales and collect our outstanding receivables. If we are unable to successfully manage post-implementation efforts related to our new ERP system as planned, our financial positions, results of operations and cash flows could be negatively impacted. Additionally, if the ERP system does not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected or our ability to assess those controls adequately could be further delayed.

Changes in U.S. and non-U.S. laws, regulations and policies and the manner in which they are interpreted or applied may alter our business environment. These negative impacts could result from changes in food and drug laws, laws related to advertising and marketing practices, accounting standards, taxation compliance and requirements, tariffs on U.S. imports and retaliatory tariffs in response, competition laws, employment laws, import/export requirements, AI, and environmental laws, among others. It is possible that we could become subject to additional liabilities in the future resulting from changes in laws and regulations that could result in an adverse effect on our financial condition and results of operations. For example, the European Union's Deforestation Regulation ("EUDR") will require the Company to conduct extensive diligence on seven commodities, including cocoa, palm oil and soy, as well as products derived from these commodities, such as chocolate, and the value chain, to ensure the goods do not result from recent deforestation, forest degradation, or breaches of local laws in order to sell such products in the European Union market or exported from it. The EUDR is scheduled to be effective in December 2026, following a two-year postponement. The EUDR, and other current or proposed regulations in markets in which we operate, are likely to increase our compliance costs, could depress sales in such markets if our products are not in compliance by applicable effective dates, and can result in fines and penalties or reputational harm if we do not fully comply. Additionally, compliance with new and evolving laws, regulations or industry standards relating to AI may require significant investment and resources, and may limit our ability to use AI, which may result in reputational harm, legal liability or other adverse effects on our operations and overall business.