Levi Strauss & Co (LEVI) Risk Analysis

We need liquidity sufficient to fund payments of dividends, repurchases of stock and to make acquisitions. Future activities will depend upon our earnings, economic conditions, liquidity and capital requirements and other factors, including our debt leverage. Even if we have sufficient resources to pay dividends and to repurchase shares of our common stock, our board of directors may determine to use such resources to fund other company initiatives. Accordingly, we cannot make any assurance that future dividends will be paid, or future repurchases will be made, at levels comparable to our historical practices, if at all. Additionally, our Credit Facility contains restrictions, including covenants limiting our ability to incur additional debt, grant liens, make acquisitions and other investments, prepay specified debt, consolidate, merge or acquire other businesses or engage in other fundamental changes, sell assets, pay dividends and other distributions, repurchase our stock, enter into transactions with affiliates, enter into capital leases or certain leases not in the ordinary course of business, enter into certain derivatives, grant negative pledges on our assets, make loans or other investments, guarantee third-party obligations, engage in sale leasebacks and make changes in our corporate structure. These restrictions, in combination with our leveraged condition, may make it more difficult for us to successfully execute our business strategy, grow our business or compete with companies not similarly restricted.

The apparel industry is characterized by low barriers to entry for both suppliers and marketers, global sourcing through suppliers located throughout the world, trade liberalization, continuing movement of product sourcing to lower cost countries, regular promotional activity, and the ongoing emergence of new competitors with widely varying strategies and resources. These factors have contributed, and we expect them to continue to contribute in the future, to intense pricing pressure and uncertainty throughout the supply chain. Macroeconomic pressures around the world such as tariffs, inflation and recession fears are creating a complex and challenging retail environment for us and our customers as consumers reduce discretionary spending. Pricing pressure has been further exacerbated by the variability and availability of raw materials, combined with labor and cost inflation and uncertainty throughout the supply chain. This pressure could have adverse effects on our business and financial condition, including: - reduced gross margins across our product lines and distribution channels;- increased retailer demands for allowances, incentives, and other forms of economic support;- unfavorable consumer reactions to price increases; and - increased pressure on us to reduce our production costs and operating expenses. In addition, we compete with other companies in the apparel industry on the basis of investments in technology and adapting to changes in technology, including the successful use of data analytics, artificial intelligence and machine learning.

Our success depends in large part on the value, overall health and reputation of our brands, which are integral to our business and the implementation of our "Brand Led" strategy for expanding our business. Maintaining, promoting and positioning our brands will depend largely on the success of our marketing, design and merchandising efforts and our ability to provide consistent, high-quality products supported by engaging marketing campaigns and adapting to rapidly changing media environments, including our increasing reliance on social media and digital dissemination of advertising campaigns. Our brands and reputation could be adversely affected if we fail to achieve these objectives, if we fail to deliver high-quality products acceptable to our customers and consumers or if we face or mishandle a product recall. Our brand value also depends on our ability to maintain a positive consumer perception of our brands, corporate integrity and culture. Negative claims or publicity involving us or our products, our cobranding or collaboration partners, the production methods, materials or locations of any of our suppliers or contract manufacturers, consumer data or any of our key employees, endorsers or suppliers could seriously damage our reputation, sales and brand image, regardless of whether such claims or publicity are accurate. Social media, which accelerates and potentially amplifies the scope of negative claims or publicity, can increase the challenges of responding to negative claims or publicity. In addition, the Company, the Levi Strauss Foundation, our senior executives and the descendants of the family of our founder, Levi Strauss, may from time to time take positions or actions (including internal programs) or make statements on or charitable donations to social issues, including donations to the Levi Strauss Foundation (which is not one of our consolidated entities), that may be unpopular with some consumers or customers, which may result in adverse publicity or impact our ability to attract or retain such consumers or customers, and which could adversely impact our results in certain locations. In addition, actions taken or statements made by recipients of such charitable donations could also seriously harm our brand image with consumers. Any harm to our brands and reputation could adversely affect our business and financial condition. Additionally, people or groups who oppose these positions or statements may cause disruptions to our business operations. Adverse publicity, regardless of its accuracy, could undermine consumer confidence in our brands and reduce long-term demand for our products. The appeal of our brands may also depend on the success of our corporate sustainability initiatives, which require company-wide coordination and alignment on managing related risks and costs and may ultimately not be successful. Risks related to our corporate sustainability initiatives include increased public focus, including by governmental and nongovernmental organizations, on these and other environmental sustainability matters, including packaging and waste, animal welfare and land use. Moreover, because of the increased focus from our stakeholders, including consumers, employees and investors, and more recently regulatory organizations, on corporate sustainability practices, there is an increased risk of negative public reaction to, public backlash against and increased pressure on disclosure related to our initiatives, products or practices related to corporate sustainability or social issues that could have an adverse impact on our image, reputation, business operations and financial results. Risks also include increased pressure and regulatory requirements to expand our disclosures in these areas, make commitments, set targets or establish additional goals and take actions to meet them, which could expose us to business, legal, market, reputational, operational and execution costs or risks. The metrics we disclose, such as emissions and water usage, whether they be based on the standards we set for ourselves or those set by others, may influence our reputation and the value of our brand. In addition, as we work to align with the recommendations and requirements of various ratings and disclosure organizations and new and evolving regulations, we will likely expand our disclosures in these areas and, as a result, we may face increased scrutiny related to our sustainability activities. Our failure to achieve progress on our metrics on a timely basis, or at all, could adversely affect our business, financial performance and growth. We could damage our reputation and the value of our brand if we fail to act responsibly in the areas in which we report. Any harm to our reputation resulting from setting these metrics, expanding our disclosure or our failure or perceived failure to meet such metrics or disclosures could adversely affect our business, financial performance and growth.

Changes in U.S. or international social, political, regulatory and economic conditions or in laws and policies governing trade, manufacturing, development and investment in the countries where we currently sell our products or conduct our business, could adversely affect our business, reputation, financial condition and results of operations. For example, we are required to observe certain laws relating to economic sanctions, including those implemented by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) and other sanctions authorities. These requirements may prohibit or restrict activities relating to certain individuals, entities, countries or territories. Although we have implemented controls to promote compliance with economic sanctions, economic sanctions law may change rapidly, and it can be time-consuming for us to alter our business operations to adapt to or comply with any changes in these or other laws. Should our controls prove to be, or be found to have been, ineffective, we may be subject to regulatory or enforcement action that could adversely affect our reputation, financial condition, or business. Changes or proposed changes in U.S. or other countries' trade policies may result in restrictions and economic disincentives on international trade. Tariffs, economic sanctions and other changes in U.S. trade policy have in the past and could in the future trigger retaliatory actions by affected countries, and certain foreign governments have instituted or are considering imposing retaliatory measures on certain U.S. goods. Further, any emerging protectionist or nationalist trends (whether regulatory- or consumer-driven) either in the United States or in other countries could affect the trade environment. For example, the U.S. government recently imposed broad "reciprocal" tariffs of 10% or more on goods imported from most U.S. trading partners into the United States, which drew responses in the form of retaliatory tariffs from other countries. We, like other multinational corporations, conduct a significant amount of business that may be impacted by changes to the trade policies of the United States and foreign countries (including governmental action related to tariffs, international trade agreements, or economic sanctions). In the case of reciprocal and retaliatory tariffs, the imposition of such tariffs has adversely affected our costs of imported goods and materials. Any further such changes have the potential to adversely impact the U.S. economy or certain sectors thereof or the economy of other countries in which we conduct operations, our industry and the global demand for our products, and as a result, could have a material adverse effect on our business, financial condition and results of operations.

We may face significant expenses and liability in connection with the protection of our intellectual property rights, including outside the United States, and if we are unable to successfully protect our rights or resolve conflicts relating to infringement of intellectual property rights with others, our business or financial condition may be adversely affected. Our competitive position largely depends upon our trademarks and other intellectual property rights, which we take steps to establish and protect both domestically and internationally. However, we may be unable to adequately protect or enforce our intellectual property rights or determine the extent of any unauthorized use by third parties, particularly in foreign countries where the laws do not protect proprietary rights as fully as in the United States. We periodically discover counterfeit reproductions of our products or products that otherwise infringe our intellectual property rights. Given that we place significant value on our trademarks, trade dress and the overall appearance and image of our products, if we are unsuccessful in enforcing or protecting our intellectual property rights, continued sales of these infringing products could adversely affect our sales and our brand and could result in a shift of consumer preference away from our brand and products. The actions we take to establish and protect our intellectual property rights are expensive, time-consuming and may not be adequate to prevent imitation of our products or other unauthorized uses of our intellectual property by others. Additionally, the laws and enforcement mechanisms to protect our intellectual property from unauthorized use in evolving technologies, like artificial intelligence, are developing and may be inadequate. We also cannot assure that our rights in, or ownership of, our trademarks or other intellectual property rights would be upheld if challenged. Further, we cannot ensure that licensees will not take any actions that hurt the value of our intellectual property. We also may be unable to prevent others from seeking to block sales of our products as purported violations of their proprietary rights. We may be subject to liability or be prevented from using our trademarks or other intellectual property rights, which could have an adverse effect on our financial conditions and operations, if third parties successfully claim we infringe their intellectual property rights, including from the use of outputs generated using artificial intelligence technologies which may contain or be substantially similar to third-party content protected by intellectual property. Defending infringement claims could be expensive and time consuming and might result in our entering into costly license agreements or other settlement agreements. We also may be subject to significant damages or injunctions against development, manufacturing, use, importation or sale of certain products. Although we take various actions to prevent the unauthorized use or disclosure of our confidential information and intellectual property rights, our controls and efforts to prevent unauthorized use or disclosure thereof might not always be effective. For example, confidential information related to business strategy, innovations, new technologies, mergers and acquisitions, unpublished financial results or personal data could be prematurely, inadvertently or improperly used or disclosed, including by an employee inputting confidential information into artificial intelligence or machine learning technologies, resulting in a loss of reputation, loss of intellectual property rights, a decline in our stock price or a negative impact on our market position, and could lead to damages, fines, penalties or injunctions.

In the ordinary course of our business, we may collect, store, use, transmit, disclose or otherwise process proprietary confidential and sensitive data, including personal information, intellectual property, and trade secrets, and we rely upon third parties (such as service providers) for data processing-related activities. We also rely on third parties for the operation of certain of our e-commerce websites, and do not control these service providers. As a result, we and the third parties upon which we rely face a variety of evolving threats, including but not limited to ransomware attacks, security breaches, cyber-attacks or other malicious activities by hackers, criminal groups, nation-states and nation-state-sponsored organizations and social-activist organizations, computer viruses or other malicious codes, unauthorized access, phishing attacks, or unauthorized uses, any of which may be irreversible and result in operational problems and security incidents. Given the nature of information collected and processed, the retail industry in particular has been the target of many cyber-attacks, and it is possible that an individual or group could defeat our security measures, or those of a third-party service provider. We have been and will continue to be a target of cyber-attacks, including phishing, and other attempts to breach, or gain unauthorized access to, our systems because of the visibility of our brand, making the secure maintenance of proprietary, confidential and sensitive data critical to our business and reputation. In the future, we may see an increase in the number of such attacks as we have shifted to a hybrid working model under which some employees will continue working remotely and accessing our technology infrastructure remotely. Our work to integrate, secure and enhance these systems and related processes in our global operations is ongoing and we will continue to invest in these efforts. We may expend significant resources or modify our business activities to try to protect against security incidents. We cannot provide assurance, however, that the measures we take to secure and enhance these systems will be sufficient to prevent security incidents, cyber-attacks, system failures or data or information loss. Cyber-attacks, malicious internet-based activity and online and offline fraud are prevalent and continue to increase in frequency and magnitude. The techniques used to obtain unauthorized, improper or illegal access to our systems, our data or our customers' data, to disable or degrade service or to sabotage systems, including through the use of artificial intelligence, are constantly evolving, have become increasingly complex and sophisticated, may be difficult to detect quickly and often are not recognized until launched against a target, even if we take all reasonable precautions, including to the extent required by law. In addition to traditional computer "hackers," threat actors, personnel (such as through theft or misuse), sophisticated nation-states and nation-state supported actors and social-activist organizations now engage in attacks. Furthermore, our efforts to address undesirable activity on our platforms may also increase the risk of retaliatory attack. We have and may continue to be subject to a variety of evolving threats, including but not limited to social engineering, such as phishing, malicious code (such as viruses and worms), malware (including as a result of advanced persistent threat intrusions), denial-of-service attacks, credential stuffing, personnel misconduct or error, supply-chain attacks, software bugs, server malfunctions and large-scale, complex automated attacks that can evade detection for long periods of time. Future or past business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities' systems and technologies. Ransomware attacks, including those perpetrated by organized criminal threat actors, nation-states and nation-state supported actors and social-activist organizations, are becoming increasingly prevalent and severe and can lead to significant interruptions in our operations, loss of data and income, reputational harm and diversion of funds. In addition, such incidents could result in unauthorized disclosure and misuse of material confidential information, including personal information. Extortion payments may alleviate the negative impact of a ransomware attack, but we may be unwilling or unable to make such payments due to, for example, applicable laws or regulations prohibiting such payments or beliefs that payment may not result in system restoration. In addition to our own systems, we use third-party service providers to store, transmit and otherwise process information on our behalf, and our third-party service providers are subject to similar cybersecurity risks. Due to applicable laws and regulations or contractual obligations, we may be held responsible for any cybersecurity incident attributed to our service providers as they relate to the information we share with them or to which they are granted access. Although we generally contractually require these service providers to implement and maintain a standard of security (such as implementing reasonable measures) as well as incident response commitments, we cannot control third parties and cannot guarantee that a security breach will not occur in their systems or that we will receive timely information should an incident occur. Our software or information technology systems, or that of third parties upon whom we rely to operate our business, may have material vulnerabilities and, despite our efforts to identify and remediate these vulnerabilities, our efforts may not be successful or we may experience delays in developing and deploying remedial measures designed to address any such identified vulnerabilities. Actual or perceived vulnerabilities or unauthorized access of our or our service providers' information technology systems or networks may result in the loss of confidential business and financial data, misappropriation of our consumers', users' or employees' personal information or a disruption of our business. Any of these outcomes could have a material adverse effect on our business, including unwanted media attention, impairment of our consumer and customer relationships, damage to our reputation, and the value of our brands, resulting in lost sales, fines, lawsuits (including class actions), government enforcement actions (for example, investigations, fines, penalties, audits and inspections) or significant legal and remediation expenses. We also may need to expend significant resources to protect against, respond to or redress problems caused by any unauthorized processing.

We earn a substantial portion of our income in foreign countries and, as such, we are subject to the tax laws in the United States and in numerous foreign jurisdictions. Current economic and political conditions make tax laws and regulations, or their interpretation and application, in any jurisdiction subject to significant change. Recent tax legislation and regulations, including provisions of the 2025 One Big Beautiful Bill Act ("OBBBA") and potential increases in taxes, make significant changes to the U.S. tax regime and could materially impact how our earnings are taxed. In addition, the Organization for Economic Cooperation and Development ("OECD") reached agreement with over 140 countries to implement a minimum 15% tax rate on certain multinational enterprises, commonly referred to as the Pillar Two Inclusive Framework. Many jurisdictions continue to announce changes in their tax laws and regulations based on the Pillar Two Inclusive Framework. While we continue to evaluate the impact of these legislative changes as additional guidance becomes available, uncertainty remains regarding the timing and interpretation by tax authorities in affected jurisdictions. These legislative changes did not have a material impact in fiscal year 2025 but could have an adverse impact on our effective tax rate, tax liabilities, and cash tax in future years, beginning in 2026. We utilize tax rulings and other agreements to obtain certainty in treatment of certain tax matters. These rulings and agreements expire from time to time and may be extended when certain conditions are met, or terminated if certain conditions are not met. We cannot guarantee that such rulings and agreements will be extended or all conditions will continue to be satisfied. Changes in these rulings and agreements or their termination may result in a loss of certainty in treatment, which may adversely impact our effective tax rate. We are also subject to the examination of our tax returns by the Internal Revenue Service ("IRS") and state and local taxing authorities in the United States and by taxing authorities in other jurisdictions. The laws and regulations related to tax matters are extremely complex, require significant judgment and are subject to varying interpretations and application. Although we believe our positions are reasonable, they are subject to challenge and the results of audits or related disputes could have an adverse effect on our financial statements for the period or periods for which the applicable final determinations are made. For example, we and our subsidiaries are also engaged in a number of intercompany transactions across multiple tax jurisdictions. Although we believe we have clearly reflected the economics of these transactions and the proper local transfer pricing documentation is in place, tax authorities may propose and sustain adjustments that could result in changes that may impact our mix of earnings in countries with differing statutory tax rates. Additionally, we regularly assess the likelihood of an adverse outcome resulting from these examinations to determine the adequacy of our provision for income taxes. Although we believe our tax provisions are adequate, the final determination of tax audits and any related disputes could be materially different from our historical income tax provisions and accruals.

In addition to our own sensitive and proprietary business information, we handle transactional and personal information, including without limitation credit card information and personal information about our employees, customers, consumers and users of our digital experiences, which include online distribution channels and product engagement. As a result of our data collection and processing activities, we must comply with increasingly complex and rigorous, and sometimes conflicting laws, regulatory standards, industry standards, external and internal privacy and security policies, contracts and other obligations that govern the processing of business and personal data, including personal health information of our employees. For example, the European Union's General Data Protection Regulation (the "EU GDPR"), the United Kingdom's GDPR (the "UK GDPR"), California's Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 and its regulations (the "CCPA") impose obligations on companies regarding the handling of personal data and provide certain individual privacy rights to persons whose data is stored or otherwise processed. Furthermore, other comprehensive privacy laws, such as China's Personal Information Protection Law, Canada's Personal Information Protection and Electronic Documents Act and India's new Digital Personal Data Protection Act, as well as other states in the United States have enacted data privacy laws that have come into effect or will come into effect in the coming months and years, which are likely to continue to influence other jurisdictions, U.S. states or even the U.S. Congress to pass comparable legislation. Additionally, laws in certain jurisdictions require data localization and impose restrictions on the transfer of personal information across borders. For example, the EU GDPR and the UK GDPR generally restrict the transfer of personal information, including employee and consumer information, to countries outside of the EEA and the United Kingdom (respectively) without appropriate safeguards or other measures. If we cannot implement a valid compliance mechanism for cross-border privacy and security transfers, we may face increased exposure to legal or regulatory actions, substantial fines and injunctions against processing or transferring personal information from Europe or elsewhere. In addition, privacy advocates and industry groups have proposed, and may propose in the future, standards with which we are legally or contractually bound to comply. For example, we are also subject to the Payment Card Industry Data Security Standard ("PCI DSS"). The PCI DSS requires companies to adopt certain measures to ensure the security of cardholder information, and noncompliance with PCI-DSS can result in penalties ranging from $5,000 to $100,000 per month by credit card companies, litigation, damage to our reputation and revenue losses. Furthermore, we are bound by contractual obligations related to privacy, data protection and data security, and our efforts to comply with such obligations may not be successful or may have other negative consequences. We may publish privacy policies, marketing materials and other statements, such as compliance with certain certifications or self-regulatory principles, regarding data privacy and security. If these policies, materials or statements are found to be deficient, lacking in transparency, deceptive, unfair or misrepresentative of our practices, we may be subject to investigation, enforcement actions by regulators or other adverse consequences. In general, negative publicity we might receive regarding any actual or perceived violations of consumer privacy rights, including fines and enforcement actions against us or other similarly placed businesses, may also impair consumers' trust in our privacy practices and make them reluctant to give their consent to share their data with us. In addition, our use of online tracking technologies on our platform puts us and our advertising partners at risk of claims under the California Invasion of Privacy Act ("CIPA") and similar surveillance laws and we have been and may continue to be subject to such claims. These cases typically concern allegations that the use of common third-party technology tools (such as online tracking technologies, cookies, and pixels) on a website constitute interceptions of confidential communications that allegedly constitute wiretapping, which can only be done with the consent of both parties to the communication. CIPA has been a subject of increasing litigation, particularly in the form of class actions. If such suits continue to be brought against us,defending against them in court or in arbitration could substantially increase our legal costs, potential liability, and involve members of our legal teams to assist in defending these claims. Obligations related to data privacy and security are quickly changing, becoming increasingly stringent and creating regulatory uncertainty. Additionally, these obligations may be subject to differing applications and interpretations, which may be inconsistent or conflict among jurisdictions. Compliance with existing and forthcoming data privacy and security laws and regulations can be costly and time consuming, and may require changes to our information technologies, systems and practices and to those of any third parties that process personal information on our behalf and cause us to divert resources from other initiatives and projects to address these evolving compliance and operational requirements. If we or the third parties on which we rely fail, or are perceived to have failed, to address or comply with obligations related to data privacy and security, we could face significant consequences, including, but not limited to, proceedings against the company by governmental entities (for example, investigations, lawsuits (including class actions), fines, penalties, audits and inspections) or other entities or individuals, additional reporting requirements or oversight bans, damage to our reputation and credibility or inability to process data or operate in certain jurisdictions, any of which could have a negative impact on our business, operations, reputation, revenues and profits.