NCR Voyix (VYX) Risk Analysis

The retail and restaurant markets in which we compete are characterized by rapid technological advancements, including frequent new product introductions and enhancements, increasingly sophisticated consumer needs and preferences and evolving security technology and industry standards. Our success depends in part on our ability to develop innovative or sufficiently differentiated solutions and capabilities in a timely and cost-effective manner. We have made significant investments in the development and deployment of new and innovative functionalities within our solutions, and we expect to continue allocating capital to enhance our platform, SaaS solutions and service offerings, including, among other things, acquiring and using artificial intelligence tools to assist with product development and testing and building, leasing, expanding and maintaining our cloud infrastructure. The development process for new solutions and service offerings requires high levels of innovation and can be time consuming and costly. Technological advances and changes to industry or regulatory standards relating to safety and security may also impact our ability to develop, test and deliver new solutions and capabilities in a timely or efficient manner, or at all. We may fail to successfully anticipate our customers' needs and technological and industry trends. We also may be unsuccessful in marketing and selling these solutions, once developed, which could natively impact our business and operating results. As we continue pursuing the strategic adoption of our platform and SaaS solutions by new and existing customers, our ability to timely or efficiently sunset certain legacy products may be hindered by contractual terms, market conditions, delays in the deployment of our solutions or customer preferences. In specific instances, we may have made, or may choose to make, certain assurances to our customers regarding current or future capabilities, specifications and expected service levels of our platform and solutions, which we may be unable to deliver successfully. Our financial results, reputation and long-term growth strategy could be adversely impacted if we are unable to deliver such technologies, fail to enhance our capabilities or our solutions do not perform as intended.

As we operate our business, we obtain, process and, in some cases, store sensitive business and personal information, including, but not limited to, information related to our customers, their end-users and their transactions. We also have access to certain transactional and personal data of our customers and their consumers due to the proprietary or third-party products, solutions and service offerings we provide. Additionally, we collect, process and store certain personal data of our employees and independent contractors or third-party consultants in the ordinary course of business. We face a variety of risks, including to our reputation, relating to the handling, securing and protection of such information, and these risks will increase as our business grows. While we have programs and measures in place that are designed to protect and safeguard our data and the third-party data we collect, store and process, and while we have implemented access controls designed to limit the risk of unauthorized use or disclosure by employees and contractors, the techniques used to prevent access or obtain unauthorized access to data are complex and evolving as threat actors adopt new and emerging technologies. For example, threat actors are increasingly using artificial intelligence and machine learning to develop and deploy techniques that enhance their likelihood of success at penetrating or bypassing security measures, compromising and disrupting systems and exploiting vulnerabilities. These threat actors are increasingly sophisticated, and they have increasingly targeted employees, contractors, service providers and third parties through evolving techniques, including through social engineering and/or misrepresentation (such as phishing attempts and similar techniques). An attack, disruption, intrusion, denial of service, theft, misuse or other breach, or an inadvertent act by an employee or contractor, could result in unauthorized access to, disclosure of, or prevent or access to, our data or third-party data we collect, store or process, resulting in claims, costs and reputational harm that could negatively affect our operating results or stock price. Like most companies, we are regularly subject to attempts by third parties (which may include individuals or groups of hackers and sophisticated organizations, such as state-sponsored organizations, nation-states and individuals sponsored by them) to identify and exploit system vulnerabilities or to penetrate or bypass our security measures to gain unauthorized access to our networks and systems. We anticipate that we will continue to be increasingly subject to such attempts given the nature of our business and as cyberattacks become more sophisticated and difficult to predict and protect against. Successful attempts by one of these malicious actors could lead to the compromise of personal information or the confidential data of us or our customers. Attempts of this nature typically involve technology-related viruses, worms and other malicious software programs that attack networks, systems, products and services, exploit potential security vulnerabilities, create system disruptions and cause shutdowns or denials of service. Our products and services may also be accessed or modified improperly as a result of customer, partner, employee, contractor or supplier error or malfeasance. We have administrative, technical, organizational and physical security measures in place to defend against intrusions and attacks and to protect our information. However, we have experienced security incidents in the past, and we may face additional security incidents in the future. In April 2023, we determined that a single data center outage impacting certain of our customers was caused by a cyber ransomware incident. Following an extensive investigation which included Company experts, external forensic cybersecurity experts and federal law enforcement, among others, we concluded that the incident impacted operations for some customers only with respect to specific Aloha cloud-based services and Counterpoint. Functionality was fully restored to all impacted customers, and we built a new cloud environment to host the affected applications. We have incurred certain expenses related to this cyber ransomware incident and may incur additional costs in the future, including payment of damages or other costs to customers or others. Because the techniques used to obtain unauthorized access to, or sabotage technology systems, change frequently, grow more complex over time and generally are not recognized until a cyberattack is launched against a target, we may be unable to anticipate or implement the measures needed to prevent such techniques. In addition, a cyberattack, vulnerability exploitation or other security incident could remain undetected and persist in our environments or those of our customers, partners and other third parties for an extended period of time. Future security incidents may not be prevented or remediated, and the cost associated with responding to any such incident may be significant. If any security or data breach or significant denial-of-service attack or other cyberattack involving our systems, our customers' data or the systems of third parties that store or process our data or that of our customers occurs or is believed to have occurred, our reputation and brand could be significantly damaged, and we could be required to expend significant capital and other resources to address problems caused by any such actual or perceived event and to remediate our systems. In addition, we could be exposed to business losses, litigation, regulatory action or other liabilities and our ability to operate our business may be impaired. While we maintain cybersecurity insurance, there can be no assurance that our insurance will cover any or all of losses we incur in connection with any cybersecurity incident.

In addition to the risks described above relating to cybersecurity threats or other technology risks, our data processing activities subject us to numerous data privacy and security laws and regulations in many jurisdictions. Federal, state and local governments in the United States have enacted numerous data privacy and security laws, including data breach notification laws, personal data privacy laws, consumer protection laws and other similar laws. For example, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA"), applies to the personal information of consumers, business representatives and employees who are California residents and requires businesses to provide specific disclosures in privacy notices and to honor requests made by individuals to exercise certain privacy-related rights. The CCPA provides for administrative fines of up to $7,500 per violation and permits private litigants affected by certain data breaches to recover significant statutory damages. A number of other states, such as Virginia and Colorado, also have passed comprehensive privacy laws, and similar laws are being considered in other states and municipalities and by the federal government. Outside the United States, the number of laws, regulations and industry standards governing data privacy and security is increasing. The European Union's General Data Protection Regulation ("EU GDPR"), the United Kingdom's General Data Protection Regulation and Brazil's General Data Protection Law impose strict requirements for processing the personal data of individuals. Violations of these laws could cause us to incur significant fines, penalties, claims by regulators or other third-party lawsuits alleging significant damages and may damage our brand and business. For example, under EU GDPR, the authorities may impose fines of up to the greater of €20 million or 4% of an organization's global revenue, or they could limit our ability to process personal data. As foreign jurisdictions continue to enact and modify their data privacy laws, maintaining compliance with differing data privacy standards will become more complex, and it is possible that these laws will be interpreted and applied inconsistently, or in a manner that is inconsistent or conflicts with our existing data privacy practices. Changing our policies and practices to achieve compliance may be onerous and costly, and we may not be able to respond timely or effectively to regulatory, legislative and other developments. These required changes could impair our ability to offer existing or planned features, solutions and services, and they also may increase our cost of doing business. Any actual or perceived failure by us or any third parties with which we do business to achieve compliance with our posted privacy statements or notices, changing consumer expectations, evolving regulations, industry standards or contractual obligations may result in actions or other claims against us by governmental entities or private actors or cause us to incur significant fines or other liabilities. Any such actions, particularly to the extent we were found to have engaged in violations or are found otherwise liable for damages, could result in the expenditure of substantial resources and could also adversely affect our business, financial condition, and results of operations. In addition, the legal and regulatory landscape relating to the use of artificial intelligence, machine learning and other automated decision-making capabilities continues to evolve, and there is uncertainty regarding the scope and timing of the adoption of these new and existing laws and regulations. For example, the European Union has adopted the EU Artificial Intelligence Act, which is currently in its implementation phase. The United States, at federal, state and local levels, is considering new artificial intelligence-related laws and regulations. The EU Artificial Intelligence Act and any other new legal frameworks could require us to comply with burdensome, and potentially conflicting, requirements, depending on the nature and categorization of artificial intelligence. As a result, our adoption and use of artificial intelligence within our commercial offerings and internal operations may require us to expend resources and other costs in order to achieve compliance, cause us to incur regulatory fines and/or penalties, or otherwise cause us to change our commercial offerings and features, which could harm our business, financial condition and operating results.

Our ability to successfully execute our growth strategy and achieve our business objectives is dependent on our ability to retain key business leaders, highly skilled software development, technical, and sales personnel and other critical individuals. The market for highly skilled workers and leaders in our industry is extremely competitive, and we may need to invest significant amounts of compensation to attract and retain these employees. We may never realize returns on these investments as key employees may decide to leave the Company for other opportunities. Changes of key business leaders could be disruptive to our business, delay the execution of our strategy, or distract the attention of management. In addition, as our business model and our industries continue to evolve, we must attract employees with different skill sets. If we are unable to retain our key personnel, or we are unable to attract highly qualified individuals by offering competitive compensation, attractive work environments and leadership opportunities, our business and operating results could be negatively impacted.

There are a number of vendors that provide services and produce components or technologies for utilization in our commercial offerings. Some services and components are licensed or purchased from single sources due to price, quality, technology, functionality or other reasons. For example, we rely on certain companies that provide us with computer chips,microprocessors and operating systems. The companies that develop these computer chips and processors have experienced a significant increase in demand due to the adoption and use of artificial intelligence, which has increased the price of these chips and processors and, in some cases, has made these chips difficult to procure. We also rely on key technology providers with respect to our payments offerings. If we are unable to secure the necessary services, components or technologies from our vendors at a reasonable price or at all, and have to find an alternative supplier, the delivery of our commercial offerings could be delayed, or these offerings may no longer be profitable. Such delays or increased costs could affect our business and operating results. In 2024, we announced our entry into a commercial agreement with Ennoconn to transition our point-of-sale and self-checkout hardware businesses to an outsourced design and manufacturing model, including the sale of certain assets relating to these businesses. Under the terms of the Hardware Business Transition, Ennoconn will design, manufacturer, warrant, supply and ship self-checkout and point-of-sale hardware directly to our customers, and we will sell hardware to our customers as a sales agent. In January 2026, we announced the commencement of the implementation phase of the Hardware Business Transition. This arrangement involves a number of risks, including, but not limited to, decreased control over the production process, which could lead to production delays or interruptions or inferior product quality control. If Ennoconn experiences any significant difficulties in its manufacturing processes, becomes subject to increased costs due to the supply of the components needed to manufacture these hardware products, becomes insolvent or unwilling to continue to manufacture products of acceptable quality in a timely manner, or otherwise does not comply with their agreement with us, we could experience significant interruptions in delivering end-to-end commerce solutions to our customers, which may expose us to legal claims, reputational harm and affect our operations and financial results.

In August 2024, we announced our entry into a commercial agreement with Ennoconn Corporation ("Ennoconn") to transition our point-of-sale and self-checkout hardware businesses to an outsourced design and manufacturing model, including the sale of certain assets relating to these businesses (the "Hardware Business Transition"). On January 8, 2026, we announced the commencement of the implementation phase of this ODM model. We have experienced delays, and may experience additional unanticipated delays, as certain aspects of our hardware business migrate to Ennoconn. We expect to complete the Hardware Business Transition in April 2026; however, it may not be implemented successfully or within the anticipated timeline. We anticipate that, once the Hardware Business Transition is implemented, we will recognize revenue on a net basis, excluding the costs paid to Ennoconn, as a hardware point-of-sale and self-checkout sales agent. Once the implementation of the Hardware Business Transition has been completed, a substantial majority of the revenue related to the sale of hardware will no longer be recognized by us and will instead be recognized by our counterparty, which will result in a substantial decrease to our hardware-related revenue. This could have an adverse impact on our business and results of operations. We also expect to reduce hardware-related costs in connection with the Hardware Business Transition. However, if we are unable to reduce costs in connection with the Hardware Business Transition or if the Hardware Business Transition has an adverse impact on our hardware sales or customer relationships, our future operating results and financial condition may be negatively impacted. In addition, as a result of the Hardware Business Transition, Ennoconn will design, manufacture, warrant, supply, and ship self-checkout and point-of sale hardware directly to our customers. If Ennoconn fails to deliver on their commitments or otherwise breaches its obligations to our customers, then our reputation and our customer relationships may be harmed which may adversely impact our results of operations and financial condition.

Our business is sensitive to the strength of domestic and global economic conditions, particularly as they affect, either directly or indirectly, the retail and restaurant sectors of the economy. Economic conditions are influenced by a number of factors, including political conditions, consumer confidence, unemployment levels, interest rates, tax rates, currency exchange rates, commodity prices and government actions to stimulate economic growth. The imposition or threat of new or modified trade policies, import or export tariffs, global and regional market conditions, spending trends in the retail and restaurant industries, tax legislation, new or modified global or regional trade agreements, fluctuations in oil and commodity prices, among other things, have created a challenging and unpredictable environment in which to sell our offerings across our different geographies and industries. The retail and restaurant industries depend on, among other things, consumer discretionary spending and consumer confidence, which is influenced, in part, by general economic conditions. A material decline in consumer confidence could impact the ability or willingness of our customers to make expenditures, thereby affecting their willingness to purchase our products and services. For example, a material decline in consumer confidence could result in consumers choosing to dine out less frequently or reduce the amount they spend while dining out, which could negatively impact our business customers within our Restaurant segment. Negative or unpredictable global economic conditions also may have an adverse effect on our customers' ability to pay us for the products they have purchased from us or to obtain the financing they need from a third-party financing company to purchase our offerings, or may impact the number of payment processing transactions by customers using our payments offerings, which could negatively impact our operating results. In addition, potential international, regional or domestic political unrest, economic or political instability, terrorist attacks or other hostilities, public health crises and natural disasters can create or contribute to a climate of global or regional uncertainty that adversely impacts our results of operations and financial condition, including our revenue growth and profitability.

For each of the years ended December 31, 2025 and 2024, the percentage of our revenue from outside of the United States was 39%. Our international operations subject us to a variety of risks and challenges, including, but not limited to: - the impact of ongoing and future economic conditions on the stability of national and regional economies and industries within those economies;- political conditions and local regulations that could adversely affect demand for our solutions, our ability to access funds and resources or our ability to sell commercial offerings in these markets;- the impact of a downturn in the global economy, or in regional economies, on demand for our offerings;- competitive labor markets and increasing wages in markets in which we operate;- varied employee/employer relationships, existence of works councils and differing labor practices and other challenges caused by distance, language, local expertise and cultural differences, increasing the complexity of doing business in multiple jurisdictions;- currency exchange rate fluctuations that could result in lower demand for our offerings as well as generate currency translation losses;- limited availability of local currencies to pay vendors, employees and third parties and to distribute funds outside of the country;- changes to global or regional trade agreements that could limit our ability to sell in these markets;- the imposition of import or export tariffs, taxes, trade policies or import and export controls that could increase the expense of, or limit demand for our offerings;- changes to and compliance with a variety of laws and regulations that may increase our cost of doing business or otherwise prevent us from effectively competing internationally or that may impose burdensome requirements or restrictions on us;- government uncertainty or limitations on the ability to enforce legal rights and remedies;- reduced protection for intellectual property rights in certain countries;- implementing and managing systems, procedures and controls to monitor our operations in foreign markets;- changing competitive requirements and deliverables in developing and emerging markets;- longer collection cycles and the financial viability and reliability of contracting partners and customers;- managing a geographically dispersed workforce, work stoppages and other labor conditions or issues;- disruptions in transportation and shipping infrastructure; and - the impact of natural disasters, pandemics, catastrophic events, civil unrest, war and terrorist activity on our international operations, supply chains, the global economy or markets in general, or on our business or our customers' businesses or on the ability of our suppliers to meet commitments. These risks and challenges, among others, could increase our cost of doing business internationally, including shortages of goods and increased costs, shipping delays, longer payment cycles, increased taxes and restrictions on the repatriation of funds to the United States. We have employees and third-party consultants outside of the U.S. that provide software development and support services. A sustained loss of the software development services provided by international employees and third-party consultants could negatively impact our software development efforts, adversely affect our competitive position, harm our reputation, impede our ability to achieve and maintain profitability, and negatively impact our business, financial condition, and results of operations.

Our business, financial condition, results of operations, access to capital markets and borrowing costs may be adversely affected by a major natural disaster or catastrophic event, including, without limitation, civil unrest, geopolitical instability, war, terrorist attack, pandemics or other (actual or threatened) public health emergencies or other events beyond our control, and any direct or indirect measures taken in response thereto. A significant natural disaster, such as an earthquake, fire, flood or hurricane, could have a material and adverse effect on our business, and our insurance coverage may be insufficient to compensate us all, or even a portion of, the losses that may occur. We have operations and customers all over the world and certain locations in which we operate or serve customers, such as California, Texas and India, are particularly vulnerable to natural disasters and extreme weather. Acts of terrorism also may disrupt our business operations, or those of our customers, and such acts could negatively impact consumer demand or the global economy. While we have disaster recovery and business continuity plans, they may not be sufficient to mitigate the impact of any such event. Despite any precautions we may take, the occurrence of a natural disaster or other unanticipated catastrophic event at our headquarters or other key facilities could result in lengthy interruptions in access to, or functionality of, our platform and other offerings, or these events could expose us to other liabilities, resulting in potential adverse effects on our business, financial condition or operating results.

Geopolitical tensions and trade disputes can disrupt supply chains, increase our vendor costs, and increase the costs of offerings. This could cause our offerings to be more expensive for customers, resulting in their reduced demand. A geopolitical conflict in a region where we operate could disrupt our business operations in that region. Countries also could adopt restrictive trade measures, such as tariffs, laws and regulations concerning investments and limitations on foreign ownership of businesses, taxation, foreign exchange controls, capital controls, employment regulations, the repatriation of earnings and import and export controls, any of which could adversely affect our operations and supply chain and limit our ability to sell our offerings at competitive prices, or at all. Changes in laws, policies or treaties governing the terms of foreign trade, and in particular increased trade restrictions, tariffs or taxes on imports from countries where our products are manufactured or assembled or from where we import products or raw materials (either directly or through our suppliers) could have an impact on our competitive position, business operations and financial results. The United States has proposed the implementation of, and, in many cases, has implemented, a number of tariffs on imports to the United States from a large number of countries. U.S. foreign trade policy has continued to evolve under the current presidential administration, including the announcement of a number of new tariffs on foreign imports of certain products that were announced in the wake of the U.S. Supreme Court's decision in February 2026 invalidating a number of previously imposed tariffs. In response to the tariffs imposed or threatened by the United States, many countries have imposed, or threatened to impose, reciprocal tariffs on exports from the United States. At this time, it is unknown whether the imposed tariffs will remain in place, be expanded or be removed, and we do not know the full extent of the ultimate impact of the recently invalidated tariffs or the effect of those tariffs recently imposed on our Company, operations and financial results. Similarly, the Company's operations, vendor costs and product pricing are impacted by various trade treaties, such as the United States-Mexico-Canada Agreement. Any termination or modification to trade treaties that impact the Company's products could impact our business, financial condition, and results of operations. In addition, as a result of these recent developments in U.S. foreign trade policy, we do not know whether certain foreign countries will adopt retaliatory trade policies or what the impact of any such retaliatory trade policies could be on our business. If geopolitical tensions, trade disputes and other global conflicts develop or further escalate, which could occur with little to no advanced notice, then we may not be able to effectively mitigate any increased costs of our offerings, enhanced disruptions to our supply chain or impairment to our ability to effectively operate and compete in some or all of the countries in which we do business.

We face intense competition in the retail and restaurant markets in which we sell our commercial offerings. Our competitors range from large and established entities to emerging start-ups. Our competitors also include other large companies in the information technology industry, many of which have more financial and technical resources than we do. Our competitors may introduce superior products and services, successfully use and deploy new technologies such as artificial intelligence that may reduce customer demand for our offerings, reduce prices, have greater technical, marketing and other resources, have greater name recognition, have larger installed bases of customers, have well-established relationships with our current and potential customers, advertise aggressively or beat us to market with new products and services. Our business and operating performance could also be impacted by changes to our competitive landscape, such as industry consolidation, or the entry of new competitors and technologies. Competitive offerings and pricing pressures may cause us to experience lower customer satisfaction, decreased demand for our solutions, lost market share and reduced operating profits.

We have taken significant steps, including the Spin-Off of NCR Atleos, the Digital Banking Sale and the Hardware Business Transition, to strategically position us for long-term growth. We have developed a modernized suite of SaaS solutions that natively integrates with our cloud-based platform in order to meet the evolving needs of our retail and restaurant customers. Accordingly, our strategic focus has now shifted towards accelerating the adoption of the Voyix Commerce Platform and our subscription-based SaaS solutions. The successful adoption of our platform and SaaS solutions by new and existing customers is dependent on a variety of factors including, among others, the demand for, and the performance and competitive differentiation of, our platform and solutions; the timely development and deployment of new or enhanced solutions and capabilities; our ability to convert existing customers and attract new customers to our platform and solutions; our ability to expand our customers' use of our full suite of offerings, including, among others, our payment acceptance and processing capabilities; the optimization, performance and expansion of our services offerings; and the continued expansion of third-party integrations and open platform enablers to increase the extensibility and interoperability of our platform and SaaS solutions. We expect to continue pursuing potential customers that are small- and medium-sized businesses by increasing our use of indirect sales channels and by developing, marketing and selling solutions aimed at such businesses. It is not certain whether these initiatives will yield the anticipated benefits or if our solutions will lead to a measurable increase in such small- and medium-sized customers. If we are unable to achieve the adoption of our platform by new and existing customers or cannot realize the anticipated benefits of our investments in our platform, SaaS solutions, services offerings and payment capabilities, then we may be unable to meet our growth targets, and our revenue, financial condition and results of operations could be negatively impacted.

We take pride in the customer service and support that we provide to customers, and we believe these capabilities are critical to attracting new customers, retaining our existing customers and growing our business. If we are unable to maintain the high level of customer service and support that customers expect from us, including through our use of third-party service providers or by leveraging advanced technologies such as artificial intelligence, our business may be negatively impacted. To maintain sufficient service levels, we also may need to hire additional support personnel, which could increase our costs. Our sales are highly dependent on our business reputation, which is often advanced by positive recommendations given by our existing customers. Any failure to, or market perception that we do not, maintain high-quality customer support may adversely affect our reputation and brand, our ability to benefit from the network effect of referrals, our ability to cross-sell and upsell our solutions and services to existing and prospective customers and our business, financial condition or results of operations. Further, certain customer agreements include service level commitments or milestones, and if we fail to meet these contractual commitments, we could face contract terminations, pay damages or be obligated to issue credits to our customers. Our failure to meet contractual service commitments also may result in customer dissatisfaction, reputational harm or the loss of customers, which could have a material adverse effect on our business and results of operations.