Phillips Edison & Company (PECO) Risk Analysis

As an owner and operator of public shopping centers, from time to time, we are party to legal and regulatory proceedings that arise in the ordinary course of business. Due to the inherent uncertainties of litigation and regulatory proceedings, we cannot accurately predict the ultimate outcome of any such litigation or proceedings. We could experience an adverse effect to our cash flows, financial condition, and results of operations due to an unfavorable outcome.

We continue to evaluate the market for acquisition opportunities, and we may acquire shopping centers when we believe strategic opportunities exist. Our ability to acquire shopping centers on favorable terms and successfully integrate, operate, reposition, or redevelop them is subject to several risks. We may be unable to acquire a desired property because of competition from other real estate investors, including from other well-capitalized REITs and institutional investment funds. Even if we are able to acquire a desired property, competition from such investors may significantly increase the purchase price. We may also abandon acquisition activities after expending resources to pursue such opportunities. Once we acquire new shopping centers, these shopping centers may not yield expected returns for several reasons, including: (i) failure to achieve expected occupancy and/or rent levels within the projected time frame, if at all; (ii) inability to successfully integrate new shopping centers into existing operations; and (iii) exposure to fluctuations in the general economy, including due to the time lag between signing definitive documentation to acquire a new property and the closing of the acquisition. If any of these events occur, the cost of the acquisition may exceed initial estimates or the expected returns may not achieve those originally contemplated, which could adversely affect our financial condition, cash flows, and results of operations.

Our portfolio is predominantly comprised of omni-channel neighborhood grocery-anchored shopping centers, and during the year ended December 31, 2025, our holdings in Florida and California accounted for 12.3% and 10.5%, respectively, of our ABR (including our wholly-owned portfolio as well as the prorated portion of shopping centers owned through our joint ventures). Therefore, our performance is subject to risks associated with owning and operating neighborhood omni-channel grocery-anchored shopping centers, and may be further subject to additional risk as a result of the geographic concentration noted above. Such risks include, but are not limited to: (i) changes in national, regional, and local economic climates or demographics; (ii) competition from other available shopping centers and e-commerce, and the attractiveness of our shopping centers to our Neighbors; (iii) increased competition for real estate assets targeted by our investment strategies; (iv) adverse local conditions, such as oversupply or reduction in demand for similar shopping centers in an area and changes in real estate zoning laws that may reduce the desirability of real estate in an area; (v) vacancies, changes in market rental rates, and the need to periodically repair, renovate, and re-lease space; (vi) ongoing disruption and/or consolidation in the retail sector; (vii) increases in operating costs, due to inflation or otherwise, including common area expenses, utilities, insurance, and real estate taxes, which are relatively inflexible and generally do not decrease if revenue or occupancy decreases; (viii) increases in the costs to repair, renovate, and re-lease space; (ix) changes in interest rates and the availability of financing, which may render the sale or refinance of a property or loan difficult or unattractive; (x) earthquakes, tornadoes, hurricanes, droughts, wildfires, or other weather and climate-related events and natural disasters, civil unrest, terrorist acts, or acts of war, which may result in uninsured or underinsured losses; (xi) epidemics, pandemics, or other widespread outbreaks or resulting public fear that disrupt the businesses of our Neighbors causing them to fail to pay rent on time or at all; and (xii) changes in laws and governmental regulations, including those governing usage, zoning, the environment, and taxes. Such risks also include, but are not limited to, those that could impact the financial stability of our Neighbors, including their ability to pay rent and expense reimbursements, such as supply chain disruptions and constraints, inflationary pressures throughout the supply chain, including those due to tariffs, labor shortages, inflationary pressures on wages, increases in retail theft, changes in consumer demand due to macroeconomic conditions or otherwise, and other risks and uncertainties described elsewhere in this "Risk Factors" section. These and other factors could adversely affect our financial condition, cash flows, and results of operations.

As part of our capital recycling strategy, we sell shopping centers that no longer meet our growth and investment objectives due to stabilization or perceived future risk. Sales proceeds are then used to fund the construction of developments, redevelopments, expansions, and acquisitions, and to repay debt. An increase in market capitalization rates or a decline in NOI may cause a reduction in the value of shopping centers identified for sale, which would have an adverse effect on the amount of cash generated. Additionally, the sale of shopping centers resulting in significant tax gains may require higher distributions to our stockholders in order to maintain our REIT status or payment of additional income taxes. We intend to utilize Section 1031 Exchanges to mitigate taxable income. However, there can be no assurance that we will identify exchange shopping centers that meet our investment objectives for acquisitions.

We actively pursue opportunities to develop outparcels and redevelop existing properties; however, these activities require various government and other approvals, and any delay or failure in obtaining necessary entitlements can significantly postpone or even prevent a project, jeopardizing our ability to recover our investment. Development and redevelopment projects are subject to numerous risks, including (i) difficulties in leasing new or renovated spaces on the expected timeline or at projected rental rates (resulting in occupancy levels or rents that may be insufficient to make the project profitable); (ii) cost overruns and construction delays that cause actual project costs to exceed original estimates and reduce expected returns; (iii) the potential abandonment of projects mid-stream due to adverse market conditions, which would result in the loss of our invested capital; and (iv) strain on our personnel and capital resources from managing a large pipeline of projects, which could impair our ability to complete developments on schedule and on budget, further pressuring investment returns. Moreover, fluctuations in the level of our development activity can impact our results of operations by limiting the amount of internal overhead costs we are able to capitalize. External economic factors - such as inflationary cost pressures, rising interest rates, increases in the cost of construction materials due to tariffs or trade disputes, supply chain disruptions, and labor shortages - can exacerbate many of these challenges by driving costs higher or causing additional delays. As a result of these factors, the actual incremental unlevered yields (i.e., the return on our investment at project stabilization, excluding financing effects) for development and redevelopment projects may fall short of our underwritten incremental unlevered yield targets, which are based solely on our estimates, using data available to us in our development and redevelopment underwriting processes. The total cost to complete a project might ultimately be substantially higher than initially budgeted, and the incremental net operating income realized at stabilization can be lower than anticipated, due to a number of factors, including slower lease-up, lower-than-expected rental rates or occupancy, inability to collect anticipated rents, or Neighbors (tenants) vacating or defaulting (for example, through bankruptcy). If we fail to successfully reinvest in our portfolio through development and redevelopment or if our projects encounter significant delays, cost overruns, or fail to achieve the anticipated financial performance, our business, financial condition, cash flows, and results of operations could be adversely affected.

In some circumstances where an ERISA plan holds an interest in an entity, the assets of the entity are deemed to be ERISA plan assets unless an exception applies. This is known as the "look-through rule." Under those circumstances, the obligations and other responsibilities of plan sponsors, plan fiduciaries and plan administrators, and of parties in interest and disqualified persons, under Title I of ERISA or Section 4975 of the IRC, may be applicable, and there may be liability under these and other provisions of ERISA and the IRC. We believe that our assets should not be treated as plan assets because the shares of our common stock should qualify as "publicly-offered securities" that are exempt from the look-through rules under applicable Treasury Regulations. We note, however, that because certain limitations are imposed upon the transferability of shares of our common stock so that we may qualify as a REIT, and perhaps for other reasons, it is possible that this exemption may not apply. If that is the case, and if we are exposed to liability under ERISA or the IRC, our performance and results of operations could be adversely affected.

We maintain insurance coverage with third-party carriers who provide a portion of the coverage of potential losses, including commercial general liability, fire, flood, extended coverage, and rental loss insurance on all of our shopping centers. We currently self-insure a portion of our commercial insurance deductible risk through our captive insurance company. To the extent that our captive insurance company is unable to bear that risk, we may be required to fund additional capital to our captive insurance company or we may be required to bear that loss. As a result, our operating results may be adversely affected. There are some types of losses, generally catastrophic in nature, such as losses due to wars, acts of terrorism, earthquakes, floods, hurricanes, pollution, or environmental matters, that are uninsurable or not economically insurable, or may be insured subject to limitations, such as large deductibles or sublimits. Terrorist activities or violence occurring at our properties also may directly affect their value through damage, destruction, or loss. Insurance for such acts may be unavailable or cost more, which could result in an increase to our operating expenses and adversely affect our results of operations. To the extent that our Neighbors are affected by such attacks or threats of attacks, their businesses may be adversely affected, including their ability to continue to meet obligations under their existing leases. If any of our shopping centers incur a casualty or other loss that is not fully or adequately insured, the value of our assets will be reduced by any such uninsured loss, which may reduce the value of our stockholders' investment. In addition, other than any working capital reserve or other reserves we may establish, we have no source of funding to repair or reconstruct any uninsured property. Also, to the extent we must pay unexpectedly large amounts for insurance, such payments could adversely impact our cash flows and ability to make distributions to our stockholders.

We and our Neighbors face risks from cybersecurity attacks that seek to disrupt business operations, gain unauthorized access to our network, steal sensitive data, and cause similar harm to our business. We may face such cybersecurity attacks through malware, computer viruses, attachments to e-mails, malicious persons inside our organization, vulnerabilities in our or third party software, or other security issues with our and third party information technology ("IT") systems. The risk of a cybersecurity attack, including by computer hackers (individual or hacking organizations), foreign governments, and cyber terrorists, has generally increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased. The techniques and sophistication used to conduct cybersecurity attacks and breaches of IT systems, as well as the sources and targets of these attacks, change frequently and are often not recognized until such attacks are launched or have been in place for a period of time. Remote and hybrid working arrangements at our company (and at many third party providers) also increase cybersecurity risks due to the challenges associated with managing remote computing assets and security vulnerabilities that are present in many non-corporate and home networks. The use of artificial intelligence has further enhanced malicious actors' ability to conduct sophisticated attacks, often at a low cost, including through the use of deepfake and similar social engineering techniques and technologies. Our IT networks and related systems are essential to the operation of our business and our ability to perform day-to-day operations and, in some cases, may be critical to the operations of certain of our Neighbors. In addition to our own IT systems, we also depend on third parties to provide IT services relating to several key business functions, such as administration, accounting, communications, document management and storage, human resources, payroll, tax, investor relations, and certain finance functions. Our IT systems and those provided by third parties may contain personal, financial, or other information that is entrusted to us by our Neighbors and associates, as well as proprietary PECO information and other confidential information related to our business. There is no guarantee that our cybersecurity risk management programs and processes, including our and third parties' policies, controls, and procedures, will be fully implemented, complied with or effective in protecting our and third party systems and information against cybersecurity attacks. As have many companies, we and our third party vendors have been impacted by security incidents in the past, and will likely continue to experience security incidents of varying degrees. While we do not believe these incidents have had a material impact to date, as our reliance on technology has increased, so have the risks posed to our systems, both internal and those we have outsourced. The primary risks that could directly result from the occurrence of a cyber incident include operational interruption, damage to our relationship with our Neighbors, and loss of competitive confidential information. Our financial results and business operations may be negatively affected by such an incident or the resulting negative media attention. A cybersecurity attack on our or third party IT systems could also: (i) disrupt the proper functioning of our networks and systems and therefore our operations and/or those of certain of our Neighbors; (ii) compromise the personal information, confidential information, or proprietary information of our Neighbors, associates, and vendors, which others could use to compete against us or for disruptive, destructive, or otherwise harmful purposes and outcomes; (iii) result in our inability to maintain the building systems relied upon by our Neighbors for the efficient use of their leased space possibly resulting in harm to customers of those neighbors; (iv) require significant management attention and resources to remedy the damages that result; (v) result in misstated financial reports, violations of loan covenants, and/or missed reporting deadlines; (vi) result in our inability to properly monitor our compliance with the rules and regulations regarding our qualification as a REIT; (vii) subject us to claims for breach of contract, damages, credits, penalties, or termination of leases or other agreements or relationships; (viii) cause reputational damage that adversely affects Neighbor, investor, and associate confidence in us, which could negatively affect our ability to attract and retain Neighbors, investors, and associates; (ix) result in significant remediation costs, some or all of which may not be recoverable from our insurance carriers; and (x) result in increases in the cost of obtaining insurance on favorable terms, or at all, if the attack results in significant insured losses. Such security incidents could also result in a violation of applicable federal and state privacy and other laws, and subject us to private consumer, business partner, or securities litigation and governmental investigations and proceedings, any of which could result in our exposure to material civil or criminal liability, and we may not be able to recover these expenses from our service providers, responsible parties, or insurance carriers. Similarly, our Neighbors rely extensively on IT systems to process transactions and manage their businesses and thus are also at risk from and may be adversely affected by cybersecurity attacks. An interruption in the business operations of our Neighbors or a deterioration in their reputation resulting from a cybersecurity attack, including unauthorized access to customers' information, credit card data, and other confidential information, could indirectly negatively affect our business and cause lost revenues.

We currently use artificial intelligence ("AI") and automated decision-making technologies (collectively, "AI Technologies"), including generative AI Technologies (i.e., AI Technologies that can produce and output new content, software code, data and information), in certain internal business practices and are making additional investments in this area. We expect that increased investment will be required in the future to continuously improve our use of AI Technologies. As with many technological innovations, there can be no assurance that the usage of or our investments in such technologies will always be beneficial to our business, including our efficiency or profitability. Technological advances in AI are rapidly evolving, and along with this rapid evolution comes risks and challenges that could negatively impact our business. AI Technologies may create incomplete, inaccurate, or misleading outputs or other discriminatory or unexpected results or behaviors, such as hallucinatory behavior that can generate irrelevant, nonsensical, or factually incorrect results. While we take measures designed to ensure the accuracy of such AI-generated content, those measures may not always be successful. Accordingly, reliance on these models could lead us to make impaired decisions that could result in adverse consequences to us, including legal liability, reputational and competitive harm, and Neighbor loss. Additionally, sensitive or otherwise confidential information could be leaked, disclosed, or revealed in connection with the use of AI Technologies by our employees, vendors, contractors, and where an AI model processes personal information and makes connections with that data, it may disclose sensitive, proprietary, or confidential information generated by the model. Furthermore, bad actors may utilize AI Technologies to obtain sensitive or confidential information of our business. Uncertainty in the regulatory environment relating to AI Technologies may hinder our ability to use such technologies in our business or require us to change our business practices, which could decrease any benefits from using AI Technologies and negatively impact our business. Additionally, we may need to expend additional resources to modify and maintain our use of AI Technologies to comply with applicable law, and failure to do so may lead to regulatory fines or penalties. We use AI Technologies licensed from third parties in certain internal business practices and our ability to continue to use such technologies at the scale we need may be dependent on access to specific third-party software and infrastructure. We cannot control the availability or pricing of such third-party AI Technologies, especially in a highly competitive environment, and we may be unable to negotiate favorable economic terms with the applicable providers.