Ternium SA (TX) Risk Factors

A substantial majority of Ternium's employees at its manufacturing subsidiaries are represented by labor unions and are covered by collective bargaining or similar agreements, which are subject to periodic renegotiation. Strikes or work stoppages could occur prior to or during the negotiations leading to new collective bargaining agreements, during wage and benefits negotiations or, occasionally, during other periods for other reasons. Ternium's subsidiaries could also suffer plant stoppages or strikes if they were to implement cost reduction plans. From time to time, we take measures to increase competitiveness; none of the measures taken in the past have resulted in significant labor unrest. However, we cannot assure that this situation will remain stable or that future measures will not result in labor actions against Ternium companies. Any future stoppage, strike, disruption of operations or new collective bargaining agreements could result in lost sales and could increase our costs, thereby affecting our results of operations. For further information on the geographic distribution of employees, see Item 6. "Directors, Senior Management and Employees-D. Employees".

We depend on a limited number of key suppliers for the provision of certain key inputs. For example, in 2023 Ternium Argentina and Ternium Brasil purchased iron ore mainly from Vale, a Brazilian company. There is a trend in the industry towards consolidation among suppliers of raw materials, slabs and other inputs. We have entered into long-term contracts for the supply of some (but not all) of our principal inputs and expect that such agreements will be maintained and, depending on the circumstances, renewed. However, if any key supplier fails to deliver, or if existing contracts cannot be renewed in the future, or if applicable regulations or sanctions limit or prohibit purchases from certain suppliers, we could face limited access to certain raw materials, slabs, energy or other inputs, or could be subject to higher costs and delays resulting from the need to obtain our input requirements from other suppliers.

There is a growing awareness on greenhouse gas (GHG) emissions and climate change across different sectors of society. The Paris Agreement, adopted at the 2015 United Nations Climate Conference, sets out the global framework to limit the planet's rising temperature and to strengthen the countries' ability to deal with the effects of climate change. The EU Emissions Trading System (ETS) signaled a major EU energy policy to combat global warming based on a "cap & trade" program, and the European Green Deal, launched in 2019, focuses on adopting the required policies and measures aimed at achieving zero GHG emissions in Europe by 2050. The EU Taxonomy Regulation establishes a classification system for environmentally sustainable economic activities, laying out definitions to businesses, stakeholders and policymakers on which economic undertakings can be considered environmentally sustainable and requiring companies to disclose, in the annual reports, how environmentally sustainable their economic activities are. More recently, as part of the European Green Deal, the EU adopted the Corporate Sustainability Reporting Directive, which requires European large companies and listed issuers to disclose information on their risks and opportunities arising from social and environmental issues, and on the impacts of their activities on people and the environment. In the case of Ternium, the new EU non-financial disclosure requirements will apply with respect to the Company's 2025 annual report. Similarly, CBAM (EU's Carbon Border Adjustment Mechanism), which was adopted on May 17, 2023, aims at promoting emissions reductions worldwide by subjecting the import of certain products, including steel, from countries outside of the European Union to a carbon levy linked to the carbon price payable for goods produced in EU countries. Similarly, in response to an increasing investor focus and reliance on climate and ESG-related disclosure and investment, the Security Exchange Comission (SEC) announced in March 2021 the creation of a Climate and ESG Task Force to identify ESG-related misconduct and potential violations, and in March 2022, the SEC released a proposal to amend its disclosure rules. In March 2024, the SEC adopted the final rule on climate-related disclosures, which will require registrants, including the Company, from fiscal year 2025, to significantly expand the climate-related disclosures in their periodic reports, including information about climate-related risks that are reasonably likely to have a material impact on their business, results of operations, or financial condition, and certain climate-related financial statement metrics in a note to their audited financial statements. Other countries are introducing or considering similar measures or regulations with the aim at lowering emissions as well as government initiatives to promote the use of alternative energy sources and substitute existing products and services with lower emissions alternatives (with many jurisdictions implementing tax advantages and other subsidies to promote the development of renewable energy sources, or even requiring minimum thresholds for power generation from renewable sources). Ternium's industrial system includes two main technological routes to produce steel: the blast furnace / basic oxygen furnace route (BF/BOF) and the electric arc furnace route (EAF). The BF/BOF route has a significantly higher carbon emission intensity than the EAF route. Although several new initiatives and pilot projects under development seek to significantly reduce the BF/BOF route carbon emission intensity, no technology has yet achieved sufficient technology readiness level, nor is any technology available at scale or economically feasible, and there is no certainty that any such technology will be available in the near future. This issue affects most steel companies, as the BF/BOF route currently represents approximately 72% of global steelmaking production capacity. For further information about Ternium's technological routes to produce steel, see item 4. "Information on the Company – B. Business Overview – Production Facilities and Processes". In addition, Ternium is developing several projects aimed at reducing carbon emission intensity in both of its steelmaking routes, These projects could experience delays or higher-than-anticipated costs, or may not yield the expected results. Government and international organization's initiatives to promote the reduction of GHG emissions, such as the introduction of a carbon tax or carbon-pricing systems, the adoption of "cap-and-trade" systems or measures to avoid carbon leakage or promote the use of renewable energy sources could affect Ternium's steel production costs. In Argentina, the 2017 tax reform introduced a tax on certain fossil fuels, which did not include natural gas. Metallurgical coal and petrochemical coke were exempted as long as they are used as part of an industrial process, other than for energy generation. Effective since March 2018, the tax on fossil fuels is set to increase 10% every year until 2028, when it is expected to reach an average $10 per ton of carbon dioxide equivalent emitted. Similarly, in 2013, Mexico approved carbon taxing rules applicable to fossil fuels (setting a zero tax on natural gas) and in 2019 the government implemented a pilot program for the adoption of an Emissions Trading System aimed at reducing GHG emissions, by setting a cap on emissions and allowing for the trade of emission certificates. For the time being, there is no regulation for setting such system nor to determine allowances. Although existing carbon pricing mechanisms in Mexico and Argentina do not materially limit or penalize Ternium's GHG emissions, new carbon pricing mechanisms could increase Ternium's production costs. Particularly in Mexico, the state governments could set carbon taxes on top of the federal tax regime and the Emission Trading System. In addition, the Brazilian Congress has been discussing initiatives to introduce a carbon tax on industry processes and power generation facilities, which, if applicable to Ternium Brasil's and Usiminas' operations, would result in incremental costs. Such increases in costs could affect, in turn, Ternium's profitability and net results. If there is not enough progress in significantly reducing emissions in the coming years, or emerging technologies for the reduction of carbon emission intensity of the BF/BOF route are not commercially available or are not economically viable, there is an increased likelihood of abrupt policy interventions as governments attempt to meet their environmental goals by adopting policy, legal, technology and market changes in the transition to a low-carbon global economy. In addition to incremental production costs, the adoption of new climate change legislation in the countries in which we operate could result in incremental compliance costs and unexpected capital expenditures, affect our competitiveness and reduce our market share and results of operations. Furthermore, shifts in customer preferences and failure to respond to stakeholders' demand for climate-related measures and environmental standards could adversely affect the ability or willingness of our customers or suppliers to do business with us, harm our reputation, erode stakeholder support and restrict or reduce access to financial resources.

Communities or individuals living or owning land near areas where Ternium operates may take actions to oppose and interfere with its mining activities. Even if a community has an agreement in place with Ternium, internal disputes within that community could result in blockades to disrupt our operations or iron ore transportation, or legal proceedings to suspend mining activity. Although we make significant efforts to maintain good relationships with such communities, actions taken by them (or by interest groups within those communities), including requesting the government to revoke or cancel concessions or environmental or other permits, may hamper our ability to conduct mining activities as planned, prevent us from fulfilling agreements reached with the government, or significantly increase the cost of exploring and/or exploiting the mines, thereby adversely affecting our business and results of operations. Mexico In the past, Ternium's mining operations in Mexico faced actions by certain native or local communities demanding higher compensation or other benefits, or seeking to stop mining activities. Although attempted legal actions did not succeed, Mexican legislation affords judges the power to preemptively suspend environmental or other permits or concessions and take certain other measures to protect the "ejidos" (land jointly owned by native communities) until the claim is resolved. An adverse legal decision suspending or cancelling permits, or the illegal blockade or occupation of facilities, could adversely impact Ternium's mining activities and results of operations. More recently, the security situation in Aquila, where Las Encinas has its main mining operation, has worsened, with growing violence in the region being caused by criminal groups seeking territorial control and the exploitation of economic resources. In addition, a long-standing internal dispute between two differentiated groups of the native community prevented the election of community representatives and stirred a great deal of turmoil. In January 2023, two important community leaders went missing, which triggered an investigation by the Attorney General's office that resulted in the arrest of at least two suspects. The ensuing crisis forced Las Encinas to keep its main mining operation idled during the first half of 2023. Similarly, the Jalisco area, where Consorcio Peña Colorada operates, is not exempt from the presence of criminal groups and, consequently, security has also deteriorated in such region in the past months. If violence and conflict continue to increase in the regions where Ternium has its mining operations, Ternium's mining activities in Mexico may be partially or totally suspended, or even permanently shut down.

For purposes of carrying out its operations, Ternium relies heavily on information systems; and digital technologies have an increasingly significant role across the business. Although we devote significant resources to protect our systems and data, and continually monitor external developments and available information on threats and security incidents, we have experienced and we expect to continue experiencing varying degrees of cyber incidents in the normal conduct of business, and also occasionally experience sophisticated cybersecurity threats including actual or potential unauthorized access to data and systems, loss or destruction of data, computer viruses or other malicious code, phishing, spoofing and/or other cyberattacks. Cybersecurity threats and incidents often arise from numerous sources, many of which fall beyond our control, such as fraud or malice from third parties, including fraud involving business email, failures of computer servers or other accidental technological failure, electrical or telecommunication outages or other damage to its property or assets. Cybersecurity threats and incidents, such as phishing attacks, attempts to compromise user credentials, attempts to compromise firewall infrastructure, fake websites, impersonation and whaling, continued to increase throughout 2023. The sophistication of these attacks also grew at a fast pace, with issues such as remote work bearing a significant concern for companies in different industries. Microsoft has informed that the manufacturing?sector?was the industry most subject to ransomware attacks in 2023. Experts agree that cyberattacks are increasing in sophistication and frequency and call for a global response to cybersecurity threats, and regulators are placing increased focus on cybersecurity and its effects. Cyber ecosystem risk is becoming more problematic. According to the World Economic Forum's 2024 Global Cybersecurity Outlook, the gap between organizations that are cyber resilient and those that are not is widening at an alarming rate and this phenomenon is particularly alarming in light of the interconnected nature of the cyber ecosystem. According to data set forth in such Report, 41% of the organizations that suffered a material incident in the past 12 months attributed the incidents to a third party, and 54% of the organizations have insufficient visibility into the vulnerabilities of their supply chain. This raises a significant concern as even resilient companies may be exposed to the vulnerabilities of third-party suppliers, service providers or clients. In addition, emerging technologies, like generative artificial intelligence (AI), which are becoming available more widely and faster, are expected to exacerbate cyber resilience challenges. Approximately half of executives surveyed at the World Economic Forum's annual meeting on cybersecurity stated that advances in adversarial capabilities (phishing, malware, deepfakes) present the most concerning impact of generative AI on cybersecurity concerns. The cybersecurity incidents we suffered in 2023 were contained in a timely manner. Four incidents evidenced a high level of sophistication. None of the cybersecurity incidents led to any known breaches of business-critical IT systems and, as such, did not result in any material business impact to Ternium. In this context, we continue to seek to improve cybersecurity controls, processes and procedures to monitor, detect, evaluate and respond to hacking, malware infection, cybersecurity compromise and other risks. In addition, we carry out cybersecurity awareness and ethical phishing campaigns aimed at protecting us against cyberthreats. Given the rapidly evolving nature of cyber threats, there can be no assurance that the systems and measures that we have put in place to prevent or limit the effects of cyber incidents or attacks and the mitigation actions adopted in connection with such attacks will be sufficient to prevent or detect such incidents or attacks, to avoid a material adverse impact on our systems. While we continue to attempt to mitigate these risks, we remain vulnerable to additional known or unknown threats, including theft, misplacement or loss of data, programming errors, employee errors and/or dishonest behavior that could potentially lead to the compromising of sensitive information, improper use of our systems or networks, as well as unauthorized access, use, disclosure, modification or destruction of such information, systems and/or networks. If Ternium's systems and measures for protecting against cybersecurity risks are circumvented or breached, this could result in disruptions to its business and operations (including but not limited to, defective products, production downtimes or loss of productivity), access to financial reporting systems, the loss of access to critical data or systems, misuse or corruption of critical data and proprietary information (including intellectual property and customer data), as well as damage to our reputation with customers and the market, failure to meet customer requirements, customer dissatisfaction and/or regulatory fines and penalties (including for inadequate protection of personal data and/or failure to notify the competent authorities for such breach) or other financial costs and losses. ?In addition, failure to adequately and timely monitor and evaluate our hardware and software systems and applications to prevent or manage technology obsolescence risks may result in increased costs, increased operational risk of service failure, loss of technology competitiveness and reputation. In addition, given that cybersecurity threats continue to evolve, we may be required to devote additional resources in the future to enhance its protective measures or to investigate and/or remediate any cybersecurity vulnerabilities. Ternium does not currently maintain cybersecurity insurance and the insurance it carries for property damage and general liability may not protect Ternium from damages derived from cyber events. Moreover, any investigation of a cyberattack would take time before completion, during which Ternium would not necessarily know the extent of the actual or potential harm or how best to remediate it, and certain errors or actions could be repeated or compounded before duly discovered and remediated (all or any of which could further increase the costs and consequences arising out of any cyberattack). Furthermore, in response to the increase in the number and sophistication of ransomware attacks, U.S. and other regulatory agencies have implemented regulations to prevent victims from making ransomware payments and to deter third parties from facilitating or processing such payments to cyber actors. This would constrain our ability to deal with ransomware attacks, should they occur. For information regarding Ternium's cybersecurity risk management and strategy, see Item 16K. "Cybersecurity".