Western Digital (WDC) Risk Analysis

We are subject to, and may become subject to, additional, state, federal and international laws and regulations governing our environmental, labor, trade, health and safety practices and public company reporting and disclosures requirements. These laws and regulations, particularly those applicable to our international operations, are or may be complex, extensive and subject to change. If we or our suppliers, customers and partners do not timely comply with such laws and regulations, it may result in an increase in our operating costs. Legislation has been, and may in the future be, enacted in locations where we manufacture or sell our products, which could impair our ability to conduct business in certain jurisdictions or with certain customers and harm our operating results. In addition, climate change and financial reform legislation is a significant topic of discussion and has generated and may continue to generate federal, international or other regulatory responses in the near future, which could substantially increase the complexity of our public-company reporting and disclosure requirements and our compliance and operating costs. If we or our suppliers, customers or partners fail to timely comply with applicable legislation, certain customers may refuse to purchase our products or we may face increased operating costs as a result of taxes, fines or penalties, or legal liability and reputational damage, which could harm our business. In connection with our compliance with environmental laws and regulations, as well as our compliance with industry and coalition environmental initiatives, such as those established by the RBA, the standards of business conduct required by some of our customers, and our commitment to sound corporate citizenship in all aspects of our business, we could incur substantial compliance and operating costs and be subject to disruptions to our operations and logistics. In addition, if we or our suppliers, customers or partners were found to be in violation of these laws or noncompliant with these initiatives or standards of conduct, we could be subject to governmental fines, liability to our customers and damage to our reputation and corporate brand, which could cause our financial condition and operating results to suffer.

We are and may continue to be involved in litigation, including antitrust and commercial matters, putative securities class action suits and other actions. We are the plaintiff in some of these actions and the defendant in others. Some of the actions seek injunctive relief, including injunctions against the sale of our products, and substantial monetary damages, which if granted or awarded, could materially harm our business. We have in the past been and may in the future be the subject of inquiries, requests for information, investigations and actions by government and regulatory agencies regarding our businesses. Any such matters could result in material adverse consequences to our results of operations, financial condition or ability to conduct our business, including fines, penalties or restrictions on our business activities. Litigation is subject to inherent risks and uncertainties that may cause actual results to differ materially from our expectations. In the event of an adverse outcome in any litigation, investigation or governmental proceeding, we could be required to pay substantial damages, fines or penalties and cease certain practices or activities, including the manufacture, use and sale of products. With or without merit, such matters may be complex, may extend for a protracted period of time, may be very expensive and the expense may be unpredictable. Litigation initiated by us could also result in counter-claims against us, which could increase the costs associated with the litigation and result in our payment of damages or other judgments against us. In addition, litigation, investigations or governmental proceedings and any related publicity may divert the efforts and attention of some of our key personnel, affect demand for our products and harm the market prices of our securities. We may be obligated to indemnify our current or former directors or employees, or former directors or employees of companies that we have acquired, in connection with litigation, investigations or governmental proceedings. These liabilities could be substantial and may include, among other things: the costs of defending lawsuits against these individuals; the cost of defending shareholder derivative suits; the cost of governmental, law enforcement or regulatory investigations or proceedings; civil or criminal fines and penalties; legal and other expenses; and expenses associated with the remedial measures, if any, which may be imposed.

Changes in tax laws in the United States, the European Union and around the globe have impacted and will continue to impact our effective worldwide tax rate, which may materially affect our financial position and results of operations. In the United States, the Tax Cuts and Jobs Act of 2017 ("TCJA"), the Inflation Reduction Act of 2022 ("IRA"), and the One Big Beautiful Bill Act of 2025 ("OBBBA") each include broad tax reform provisions. We are currently evaluating the impact of the OBBBA and related tax provisions on our operations and financial reporting, and future guidance provided by the U.S. Department of the Treasury and Internal Revenue Service could change our conclusions regarding such impact. The OBBBA and related guidance could materially impact our effective tax rate, deferred tax positions, and overall tax strategy. Further, the majority of countries in the G20 and Organization for Economic Cooperation and Development (OECD) Inclusive Framework on Base Erosion and Profit Shifting (BEPS) have agreed to adopt a two-pillar approach to taxation, which includes the implementation of a global corporate minimum tax rate of 15%. Several non-U.S. jurisdictions have already enacted legislation or announced their intention to enact future legislation to adopt certain or all components of the Pillar Two Model rules. Our tax obligations could increase materially as this legislation becomes effective in countries that have already adopted a two-pillar approach or if adoption expands to other jurisdictions in which we operate. Due to the large scale of our U.S. and international business operations, enacted and proposed changes to tax laws - including those affecting the taxation of our global activities and intercompany cash movements - could materially increase our worldwide effective tax rate and adversely impact our financial results and cash flows. Additionally, portions of our operations are subject to a reduced tax rate or are free of tax under various tax holidays that expire in whole or in part from time to time, or may be terminated if certain conditions are not met. Although many of these holidays may be extended when certain conditions are met, in the past we have not been able to, and in the future, we may not be able to meet such conditions. If the tax holidays are not extended, or if we fail to satisfy the conditions of the reduced tax rate, then our effective tax rate could increase in the future. Our effective tax rate may be negatively impacted if we are unable to realize deferred tax assets. We regularly review our deferred tax assets for recoverability and establish a valuation allowance if it is more likely than not that some portion or all of a deferred tax asset will not be realized. If we are unable to generate sufficient future taxable income or if there is a change to the time period within which the underlying temporary differences become taxable or deductible, we could be required to increase our valuation allowance against our deferred tax assets, which could result in a material increase in our effective tax rate. Our determination of our tax liability in the United States and other jurisdictions is subject to review by applicable domestic and foreign tax authorities. For example, as disclosed in Part II, Item 8, Note 13, Income Taxes, of the Notes to Consolidated Financial Statements included in this Annual Report on Form 10-K, we are under examination by the Internal Revenue Service for certain fiscal years. Although we believe our tax positions are properly supported, the final timing and resolution of any tax examinations are subject to significant uncertainty and could result in litigation or the payment of significant amounts to the applicable tax authority in order to resolve examination of our tax positions, which could result in an increase of our current estimate of unrecognized tax benefits and may harm our business.

Our success depends upon the continued contributions of our talent. Changes in our key management team have resulted in and may in the future result in loss of continuity, loss of accumulated knowledge, departure of other key employees, disruptions to our operations and inefficiency during transitional periods. Global competition for skilled employees in the technology industry is intense, and our business success is increasingly dependent on our ability to attract, develop and retain top talent, implement succession plans for key management and staff and replace aging skilled employees. Changes in immigration policies may also impair our ability to recruit and hire technical and professional talent. Our ability to hire and retain employees also depends on our ability to build and maintain an inclusive workplace culture, provide opportunities for career development and fund competitive compensation and benefits, each of which contribute to being viewed as an employer of choice. Additionally, because a substantial portion of our key employees' compensation is linked to the performance of our business, we may be at a competitive disadvantage for hiring and retaining talent when our operating results are negatively impacted. If we are unable to hire and retain key talent, our operating results would likely be harmed.

We depend on an external supply base for technologies, software (including firmware), preamps, controllers, dynamic random-access memory, components, equipment and materials for use in our product design and manufacturing. We also depend on suppliers for a portion of our wafer testing, chip assembly, product assembly and product testing, and on service suppliers for providing technical support for our products. In addition, we use logistics partners to manage our worldwide just-in-time hubs and distribution centers and to meet our freight needs. Many of the components and much of the equipment we acquire must be specifically designed for use in our products or for developing and manufacturing our products and are only available from a limited number of suppliers, some of whom are our sole-source suppliers. We therefore depend on these suppliers to meet our business needs, including dedicating adequate engineering resources to develop components that can be successfully integrated into our products. Our suppliers have in the past been, and may in the future be, unable or unwilling to meet our requirements, including as a result of events outside of their control such as trade restrictions (including tariffs, quotas and embargoes), geopolitical conflicts, terrorism, public health crises or natural disasters. If we are unable to purchase sufficient quantities from our current suppliers or qualify and engage additional suppliers, or if we cannot purchase materials at a reasonable price, we may not be able to meet demand for our products. Trade restrictions (including tariffs, quotas and embargoes), demand from other high-volume industries for materials or components used in our products, disruptions in supplier relationships or shortages in other components and materials used in our customers' products could result in increased costs to us or decreased demand for our products, which could negatively impact our business. Delays, shortages or cost increases experienced by our suppliers in developing or sourcing materials and components for use in our products or incompatibility or quality issues relating to our products, could also harm our business. We do not have long-term contracts with some of our existing suppliers, and we do not always have guaranteed manufacturing capacity with our suppliers, so we cannot guarantee that they will devote sufficient resources or capacity to manufacturing our products. Any significant problems that occur at our suppliers could lead to product shortages or quality assurance problems. When we do have contractual commitments with suppliers in an effort to stabilize the supply of our components, those commitments may require us to buy a substantial number of components or make significant cash advances to the supplier and may not result in a satisfactory supply of our components. We have cancelled or deferred, and may continue to cancel or defer, outstanding purchase commitments with certain suppliers due to changes in actual and forecasted demand, which has resulted, and may continue to result in, fees, penalties and other associated charges. Such cancellations or deferments can also negatively impact our relationships with certain suppliers or lead to a decline in the financial performance of certain suppliers, each of which could result in even more limited availability of components needed for our products. In addition, our supply base has experienced industry consolidation. Our suppliers may be acquired by our competitors, decide to exit the industry or redirect their investments or increase costs to us. In addition, some of our suppliers have experienced a decline in financial performance, including as a result of cancelled or deferred purchase commitments. Where we rely on a limited number of suppliers or a single supplier, the risk of supplier loss due to industry consolidation or a decline in financial performance is increased. Some of our suppliers may also be competitors in other areas of our business, which could lead to difficulties in price negotiations or meeting our supply requirements.

Demand for our devices, software and solutions, which we refer to in this Item 1A as our "products", depends in large part on the demand for systems manufactured by our customers and on storage upgrades to existing systems. The demand for systems has been volatile in the past and often has had an exaggerated effect on the demand for our products in any given period. Demand for and prices of our products are influenced by, among other factors, the actual and projected growth of data to be stored, the spending plans of our large hyperscale customers, the balance between supply and demand in the storage market, macroeconomic factors (such as tariffs and actual or perceived threat of recessions), business conditions, the emergence or growth of new or existing technologies (including AI), technology transitions and other actions taken by us or our competitors. We also experience competition from other companies that produce alternative storage technologies such as flash memory, particularly in our legacy markets where we participate with our lower capacity, smaller form factor HDDs. Flash-based solutions also target our larger addressable market, i.e., Cloud. The storage market has in the past experienced, and may in the future experience, periods of excess capacity leading to our factories running below the desired utilization levels, resulting in us taking underutilization charges, inventory write-downs and reductions in ASPs, all of which lead to negative impacts on our revenue and gross margins. While our ASPs tend to be relatively stable, we may experience periods during an industry downturn when we face adverse headwinds to our ASPs. Additionally, our gross margin may face downward pressure if we are unable to migrate our product mix to the higher capacity needs of our customers and/or to reach the desired manufacturing yield in our production. Our gross margin could also face pressure if we are unable to achieve the desired manufacturing yields when we ramp our new technologies. Further, technological changes can reduce the volume and profitability of sales of existing products. We also face significant competition in the distribution channel (in which our distribution customers sell to small computer manufacturers, dealers, systems integrators and other resellers, as well as to Cloud customers in some cases) as a result of limited product qualification programs and a significant focus on price and availability of product. If we fail to respond to changes in demand in the distribution market, our business could suffer. Additionally, if the distribution market weakens as a result of technology transitions or a significant change in consumer buying preference, or if we experience significant price declines due to demand changes in the distribution channel, our operating results would be negatively impacted. Negative changes in the creditworthiness or the ability to access credit, or the bankruptcy or shutdown of any of our significant retail or distribution partners would harm our revenue and our ability to collect outstanding receivable balances. As we compete in new product areas, the overall complexity of our business may increase and may result in increases in R&D expenses and substantial investments in manufacturing capability, technology enhancements and go-to-market capability. We must also qualify our products with customers through potentially lengthy testing processes with uncertain results. Some of our competitors offer products that we do not offer, which may allow them to win sales from us, and some of our customers may be developing storage solutions internally, which may reduce their demand for our products. We expect that competition will continue to be intense, and our competitors may be able to gain a product offering or cost structure advantage over us, which would harm our business. Further, our competitors may utilize pricing strategies, including offering products at prices at or below cost, that we may be unable to competitively match. We may also have difficulty effectively competing with manufacturers benefiting from governmental investments and may be subject to increased complexity and reduced efficiency in our supply chain as a result of governmental efforts to promote domestic technologies in various jurisdictions. In addition, if we fail to effectively manage our government relationships in various jurisdictions in which we operate, we may experience missed opportunities (including incentives and investments), unfavorable policy outcomes or operational inefficiencies, any of which would put us at a competitive disadvantage.

Some of our OEM customers have adopted a subcontractor model that requires us to contract directly with companies, such as ODMs, that provide manufacturing and fulfillment services to our OEM customers. Because these subcontractors are generally not as well capitalized as our direct OEM customers, this subcontractor model exposes us to increased credit risks. Our agreements with our OEM customers may not permit us to increase our product prices to alleviate this increased credit risk. Additionally, as we attempt to expand our OEM and distribution channel sales into emerging economies, the customers with the most success in these regions may have relatively short operating histories, making it more difficult for us to accurately assess the associated credit risks. Our customers' credit risk may also be exacerbated by an economic downturn or other adverse global or regional economic conditions. Any credit losses we may suffer as a result of these increased risks, or as a result of credit losses from any significant customer, especially in situations where there are term extensions under existing contracts with such customers, would increase our operating costs, which may negatively impact our operating results.

The markets for our products continuously undergo technology transitions that can impact our product roadmaps and that we must anticipate in order to adapt our existing products or develop new products effectively. If we fail to adapt to or implement new technologies (including the transition to areal density recording technologies that use heat-assisted magnetic recording ("HAMR") technology to increase HDD capacities), if we fail to quickly and cost-effectively develop new products that meet the specifications and requirements intended or desired by our customers or if technology transitions negatively impact our existing product roadmaps, our business may be harmed. Additionally, the impact of generative AI on the storage and data management markets and regulation thereof is still unfolding and could evolve unpredictably, and it is difficult to accurately forecast related demands. In addition, the success of our technology transitions and product development depends on a number of other factors, including R&D expenses and results; difficulties faced in manufacturing ramp; market acceptance/qualification; effective management of inventory levels in line with anticipated product demand; the vertical integration of some of our products, which may result in more capital expenditures and greater fixed costs than if we were not vertically integrated; our ability to cost effectively respond to customer requests for new products or features (including requests for more efficient and efficiently-produced products with reduced environmental impacts) and software associated with our products; our ability to increase our software development capability; and the effectiveness of our go-to-market capability in selling new products. Moving to new technologies and products may require us to align to, and build, a new supply base. Our success in new product areas may depend on our ability to enter into favorable supply agreements. In addition, if our customers choose to delay transition to new technologies, if demand for the products that we develop is lower than expected or if the supporting technologies to implement these new technologies are not available, we may be unable to achieve the cost structure required to support our profit objectives or may be unable to grow or maintain our market position. Additionally, new technologies could impact demand for our products in unforeseen or unexpected ways and new products could substitute for our current products and make them obsolete, each of which would harm our business. We also develop products to meet certain industry and technical standards, which may change and cause us to incur substantial costs as we adapt to new standards or invest in different manufacturing processes to remain competitive.

Our success depends, in significant part, on the proprietary nature of our technology, including non-patentable IP such as our process technology. If we fail to protect our technology, IP or contract rights, our customers and others may seek to use our technology and IP without the payment of license fees and royalties, which could weaken our competitive position, reduce our operating results and increase the likelihood of costly litigation. We primarily rely on patent, copyright, trademark and trade secret laws, as well as non-disclosure agreements and other methods, to protect our proprietary technologies and processes. There can be no assurance that our existing patents will continue to be held valid, if challenged, or that they will have sufficient scope or strength to protect us. It is also possible that competitors or other unauthorized third parties may obtain, copy, use or disclose, illegally or otherwise, our proprietary technologies and processes, despite our efforts to protect our proprietary technologies and processes. If a competitor is able to reproduce or otherwise capitalize on our technology despite the safeguards we have in place, it may be difficult, expensive or impossible for us to obtain necessary legal protection. There are entities whom we believe may infringe our IP. Enforcement of our rights often requires litigation. If we bring a patent infringement action and are not successful, our competitors may be able to use similar technology to compete with us. Moreover, the defendant in such an action may successfully countersue us for infringement of their patents or assert a counterclaim that our patents are invalid or unenforceable. Also, the laws of some foreign countries may not protect our IP to the same extent as do U.S. laws. In addition to patent protection of IP rights, we consider elements of our product designs and processes to be proprietary and confidential. We rely upon employee, consultant and vendor non-disclosure agreements and contractual provisions and a system of internal safeguards to protect our proprietary information. However, we cannot be certain that these contracts and safeguards have not been and will not be breached, that we will be able to timely detect unauthorized use or transfer of our technology and IP, that we will have adequate remedies for any breach or that our trade secrets will not otherwise become known or be independently discovered by competitors. Any of our registered or unregistered IP rights may be challenged or exploited by others in the industry, which could harm our operating results. Maintaining and strengthening our brands are important to maintaining and expanding our business, as well as to our ability to enter into new markets for our technologies, products and services. The success of our brands depends in part on the positive image that consumers have of our brands. We believe the popularity of our brands makes them a target of counterfeiting or imitation, with third parties attempting to pass off counterfeit products as our products. We license certain IP rights related to our brands for use by third parties and have safeguards in place to monitor and control such use. We also license certain IP rights related to brands from third parties that we rely on to offer, distribute and sell certain of our products. However, we cannot be certain that our licenses to third parties have not been and will not be breached by such parties, that the licenses we take from third parties will not be revoked or invalidated, or that the safeguards we have in place will comprehensively protect against marketplace confusion. Any occurrence of counterfeiting, imitation or confusion with our brands could negatively affect our reputation and impair the value of our brands, which in turn could negatively impact sales and pricing of our branded products, our share and our gross margin, as well as increase our administrative costs related to brand protection and counterfeit detection and prosecution. Additionally, our ability to prevent unauthorized uses of our brands and technologies would be negatively impacted if our trademark registrations were successfully challenged or overturned in the jurisdictions where we do business. We also have trademark applications pending in a number of jurisdictions that may not ultimately be granted, or if granted, may be challenged or invalidated, in which case we would be unable to prevent unauthorized use of our brands and logos in such jurisdictions. We have not filed trademark registrations in all jurisdictions where our brands or logos may be used.

We experience cybersecurity incidents of varying degrees on our technology infrastructure and information systems and, as a result, unauthorized parties have obtained in the past, and may obtain in the future, access to our computer systems and networks, including cloud-based platforms. These incidents have in the past caused, and may in the future cause, disruption to parts of our business operations and result in various investigation, recovery and remediation expenses. In addition, the technology infrastructure and information systems of some of our suppliers, vendors, service providers, cloud solution providers and partners have in the past experienced, and may in the future experience, such incidents. Cybersecurity incidents can be caused by ransomware, computer denial-of-service attacks, worms and other malicious software programs or other attacks, including the covert introduction of malware to computers and networks, and the use of techniques or processes that change frequently, may be disguised or difficult to detect, or are designed to remain dormant until a triggering event, and may continue undetected for an extended period of time. Cybersecurity incidents have in the past resulted from, and may in the future result from, social engineering or impersonation of authorized users, and may also result from efforts to discover and exploit any design flaws, bugs, security vulnerabilities or security weaknesses, intentional or unintentional acts by employees or other insiders with access privileges, intentional acts of vandalism or fraud by third parties and sabotage. In some instances, efforts to correct vulnerabilities or prevent incidents have in the past, and may in the future, reduce the functionality or performance of our information systems and networks, which could negatively impact our business. We believe malicious cybersecurity acts are increasing in number and that cybersecurity threat actors are increasingly organized and well-financed or supported by state actors and are developing increasingly sophisticated systems and means to not only infiltrate information systems, but also to evade detection or to obscure their activities. Additionally, as AI capabilities continue to evolve and become more readily available, we may face increasingly sophisticated cyberattacks that leverage AI technologies. These may include highly convincing phishing or social engineering attacks that use AI-generated deepfakes, the exploitation of vulnerabilities in electronic identity validation security programs via AI-replicated images or voices, or the inadvertent incorporation of malicious or hallucinated content generated by AI tools into our systems or those of our customers or partners. Separately, the AI technologies that we employ for business purposes may be vulnerable to prompt-injection or other adversarial attacks, which could result in unauthorized access to or leakage of sensitive information. Geopolitical tensions or conflicts may also create heightened risk of cybersecurity incidents. Our products are also targets for malicious cybersecurity acts, including those products utilized in cloud-based environments as well as our cloud service offerings. Our cloud services have in the past and may in the future be taken offline as a result of or in order to prevent or mitigate cybersecurity incidents. While some of our products contain encryption or security algorithms to protect third-party content or user-generated data stored on our products, these products could still be hacked or the encryption schemes could be compromised, breached or circumvented by motivated and sophisticated attackers, which could harm our business by exposing us to litigation and indemnification claims and hurting our reputation. When efforts to breach our infrastructure, information systems or products are successful or we are unable to protect against such attacks, we have in the past suffered, and could in the future suffer, interruptions, delays or cessation of operations of our information systems, and loss or misuse of proprietary or confidential information, IP, or sensitive or personal information. We may also experience disruptions or outages of our information systems due to internal or third-party mistakes or technical errors, including due to software updates, which could disrupt our business operations. Compromises of our infrastructure, information systems or products could also cause our customers and other affected third parties to suffer loss or misuse of proprietary or confidential information, IP, or sensitive or personal information and could harm our relationships with customers and other third parties and subject us to liability. As a result of actual or perceived cybersecurity incidents or other information system disruptions, we have in the past experienced and may in the future experience additional costs, notification requirements, civil and administrative fines and penalties, indemnification claims, litigation or damage to our brand and reputation. All of these consequences could harm our reputation and our business and materially and negatively impact our operating results and financial condition.

A large portion of our revenue is derived from our international operations, and many of our products and components are produced overseas. As a result, our business depends significantly on global and regional conditions. Adverse changes in global or regional economic and social conditions, including, but not limited to, volatility in the financial markets, reduced access to credit, recession, inflation, rising interest rates, trade wars or changes to tariffs, slower growth in certain geographic regions, political uncertainty, geopolitical tensions or conflicts, terrorism, other macroeconomic factors and new or changed regulations, could significantly harm demand for our products, increase credit and collectability risks, result in revenue reductions, reduce profitability as a result of underutilization of our assets, cause us to change our business practices, increase manufacturing and operating costs or result in impairment charges or other expenses. Our revenue growth is significantly dependent on the growth of international markets, and we may face challenges in international sales markets. We are also subject to risks that could harm our business associated with our global manufacturing operations, global sales efforts and our utilization of contract manufacturers, including: the need to obtain governmental approvals and compliance with evolving foreign regulations; the need to comply with regulations on international business, including the Foreign Corrupt Practices Act, the United Kingdom Bribery Act 2010, the anti-bribery laws of other countries and rules regarding conflict minerals; the effects of political and economic instability; exchange, currency and tax controls and reallocations; the ongoing development and applicability of global and local tax systems; weaker protection of IP rights; policies and financial incentives by governments in China, the United States, and countries in Europe and Asia designed to reduce dependence on foreign manufacturing capabilities; trade restrictions, such as export controls, export bans, import restrictions, embargoes, sanctions, license and certification requirements (including encryption and other technology), trade wars, tariffs and complex customs regulations; difficulties in managing international operations, including appropriate internal controls; and fluctuations in financial markets and interruptions to supply chains from public health crises.