Xylem (XYL) Risk Analysis

In 2025, 58% of our total revenue was from sales to U.S. customers and 42% was from sales to customers outside the U.S. We expect a similar revenue profile going forward. Many of our manufacturing operations, employees, suppliers and distribution channels are located outside of the U.S. Our operations, supply chain and sales both within the U.S. and internationally are subject, to varying degrees, to risks and uncertainties inherent in doing business globally, including: - nationalism, populism, protectionism, anti-global sentiment and changes in trade protection measures, including the imposition of increased or new embargoes, tariffs and other trade barriers, import and export regulations or restrictions, licensing requirements, domestic content requirements, and retaliatory measures;- uncertainty, volatility and impacts from the evolving global geopolitical environment involving the U.S. and other countries' governments, including the relationships among the U.S., European Union ("EU"), Middle East, Latin America, Russia, India, China, Taiwan, or other foreign countries, and the international community at large;- any actual or potential threat, outbreak, uncertainty or escalation of terrorism, political instability, insurrection, war, or other armed conflicts, including between Russia and Ukraine, the U.S. and Venezuela or Iran, and in the Middle East, and other global safety and security concerns;- threat or outbreak of epidemics, global health crises, or pandemics and related uncertainties;- impacts from significant shifts in U.S. immigration policy, such as a tightened labor market and inflation;- disruptions in global or regional supply chains, our operations, or those of third parties upon which we rely, including due to labor disruptions, supply shortages, trade restrictions, increased or new tariffs and freight and logistics challenges;- changes to applicable U.S. or host country laws, regulations or policies, including those related to tax, water quality, the environment, energy efficiency, infrastructure, data transmission, security or privacy, labor, and artificial intelligence ("AI"), as well as potential negative consequences from the interpretation, application and enforcement of such measures;- theft, compromise, misappropriation or challenges in protecting our technology, intellectual property or data, including from cybersecurity and AI threats. Beyond the risks indicated above, our operations in emerging markets are subject to additional risks and uncertainties, including: (i) imposition of or increases in withholding or other taxes on remittances and other payments to us; (ii) nationalization of our assets; (iii) imposition of or increases in investment barriers or other restrictions; (iv) difficulty enforcing commercial agreements or collecting receivables; (v) pricing pressure on our products and services; (vi) elevated business conduct risks; and (vii) challenges in attracting and retaining qualified talent and labor. Geopolitical changes in China-Taiwan relations could disrupt the operations of companies in Taiwan that are critical to the global supply chain for semiconductors ("chips") and other electronic components, as well as the supply of lithium batteries, carbide seals, and rare earth elements. Such changes could have significant negative effects on the global supply chain for these components and materials and could adversely affect our ability to manufacture certain of our digitally-enabled products, such as pumps, controllers and smart meters. We cannot predict the impact that such factors might have on our business, financial condition, cash flows, results of operations an share price.

Sales outside the U.S. for the year ended December 31, 2025 accounted for approximately 42% of our net sales. We also have significant operations in various locations outside the U.S. Our principal currency exposures for which we enter into cash flow hedges include the Euro, Swedish Krona, Canadian Dollar, Polish Zloty, British Pound and Australian Dollar. Changes in the value of currencies of the countries in which we do business relative to the value of the U.S. Dollar or Euro could affect our ability to sell products competitively and control our cost structure, which has had and may continue to have a material adverse effect on our business, financial condition, cash flows and results of operations. We are also subject to foreign exchange translation risk due to changes in the value of foreign currencies in relation to our reporting currency, the U.S. Dollar and the Euro, Canadian Dollar, British Pound, Chinese Yuan, Swedish Krona and Indian Rupee. As the U.S. Dollar fluctuates against other currencies in which we transact business, revenue and income may be impacted. Refer to Item 7A. "Quantitative and Qualitative Disclosures about Market Risk" for additional information on foreign exchange risk.

We are subject to various U.S. and foreign laws, regulations and other requirements, any violation of which could potentially create substantial liability and damage our reputation. Changes in laws, ordinances, regulations or other government policies -- the nature, timing, and effect of which are uncertain -- may significantly increase our expenses and liabilities. From time to time, we are involved in legal and regulatory proceedings that are incidental to the operation of our businesses (including that of acquired or previously owned entities). These proceedings may seek remedies relating to environmental matters, tax, securities, intellectual property, acquisitions or divestitures, product liability, property damage, personal injury, privacy, employment, labor and pensions, governmental and commercial or contractual issues or disputes. Our connected products and services and digital technologies and solutions have increased our exposure to intellectual property litigation and to evolving AI, data privacy and cybersecurity laws and regulations, a risk we expect will grow as we execute on our innovation and technology priorities. We cannot predict with certainty the outcome of claims, investigations, regulatory proceedings, and lawsuits. We have in the past and could in the future incur judgments, fines or penalties, or enter into settlements. Regulatory determinations of non-compliance could require us to modify or cease operations at one or more facilities. With global and diverse operations and increasing regulation and enforcement globally, we will continue to face legal and compliance risks. Additional legal and regulatory proceedings and other contingencies, the outcome of which cannot be predicted with certainty, have in the past and may in the future arise from time to time. Subsequent developments in legal and regulatory proceedings may affect our assessments and estimates of loss contingencies recorded as a reserve and require us to make payments in excess of reserves. Any of these impacts could have an adverse effect on our business, results of operations, financial condition and reputation.

We have sales in approximately 150 countries and 42% of our revenue was generated outside the U.S. for the year ended December 31, 2025. Given the global nature of our business, a number of factors may increase our effective tax rates and tax expense, including: (i) the geographic mix of jurisdictions in which profits are earned and taxed; (ii) the statutory tax rates and tax laws in jurisdictions in which we conduct business; (iii) the resolution of tax issues arising from tax examinations by various tax authorities; and (iv) the valuation of our deferred tax assets and liabilities. Tax laws, regulations, and administrative practices in various jurisdictions may change, with or without notice, due to economic, political and other conditions. Significant judgment is required in evaluating and estimating our tax provisions and accruals. We continue to monitor the developments and tax implications concerning changes in the global tax environment, including global minimum taxes. We will continue to monitor countries' pending legislation and guidance and evaluate the potential impacts on our business in future periods. Our businesses are regularly examined by various tax authorities worldwide. For example, following an examination regarding aspects of the 2013 reorganization of our European business, the Swedish tax authority issued a tax assessment to Xylem's Swedish subsidiary in 2019, which we are appealing as further described in Note 7, "Income Taxes." This and other examinations can result in increased tax assessments, and settlement or litigation outcomes that could be unfavorable to Xylem. We regularly assess the likelihood of favorable or unfavorable outcomes resulting from these examinations to determine the adequacy of our provision for income taxes, including unrecognized tax benefits; however, unanticipated audit or litigation developments could materially and adversely affect us. Although we believe our tax estimates and accruals are reasonable, final determinations may differ materially from our historical income tax provisions, accruals and unrecognized tax benefits, which could materially and adversely affect our business, operating results, cash flows and financial condition.

We rely on numerous patents, trademarks, copyrights, trade secrets, and other intellectual property, as well as licenses to third-party intellectual property that are important to our business. These rights help differentiate our technologies, products and services and may provide competitive advantage. However, our rights may be limited in scope or duration and could be challenged, invalidated, circumvented, misappropriated, independently developed by others, or designed around, particularly in jurisdictions where laws governing intellectual property rights are not highly developed, protected or enforced. Additionally, changes in intellectual property laws or regulations could adversely affect our ability to protect our rights, and rapid technological changes may render some intellectual property less valuable or useful, reducing our competitive advantage. Failure to obtain, maintain or protect intellectual property rights – or the cost of enforcing them - could adversely impact our business, financial condition and results of operations. We periodically receive claims alleging infringement or misappropriation of third-party intellectual property. We may not prevail in defending against these claims, asserting a counterclaim, or negotiating licenses on favorable terms. As a result, we could lose rights to critical technology, be required to pay substantial damages or license fees, or incur significant costs to redesign our products, any of which could adversely impact our competitive position and financial results. Even if we successfully defended such claims, we may incur significant legal costs and it may result in diversion of management attention and resources, which could negatively impact our operations. Furthermore, the loss or renegotiation of licenses to third-party intellectual property could disrupt our operations or increase costs.

We rely on information technology ("IT"), including operational technology and communication networks, to operate our manufacturing processes and equipment, enable business processes, support employee productivity, interface with customers and channel partners, and manage our electronic information, including confidential business information and data relating to employees, customers, and partners. We also rely on key third parties, such as direct and indirect suppliers, contract manufacturers, cloud-based service providers, and outsourced business process providers, including in our businesses and functions, such as Information Technology, Finance, Human Resources, Commercial Services, Procurement and Travel. Regardless of the protection measures we, or the third parties we rely on, have implemented, IT and communication networks may be susceptible to damage or disruption due to causes, such as: equipment, system or application failure, including as a result of maintenance, obsolescence, unsupportability or age; application upgrades or implementations; human error or malfeasance; vandalism; natural disasters; fire; utility outages; and cybersecurity incidents, including ransomware, denial-of-service, e-mail compromises, deepfake attacks, malware, phishing, and viruses resulting from a wide ranging threat landscape, including attacks by nation states and others. In addition to damage or disruption, these cybersecurity incidents may also result in security and data breaches. Cybersecurity and other IT disruption risks may increase during integration or separation of businesses or during the provision of transition services. We provide certain digitally enabled or internet-connected products, which may include the use of AI, such as pumps, controllers, meters, intelligent solutions, remote monitoring and condition assessment capabilities, and an interoperability platform via Idrica, our strategic joint venture. These products and services are used by us and our customers for operational purposes or to collect data. Our connected products and services may be susceptible to damage or disruption from the same causes described above. Cybersecurity incidents may impact hardware, software and information installed, stored or transmitted by our products and services after they have been purchased and incorporated into customers' and other third parties' products, facilities, systems or infrastructure, including critical infrastructure applications. While we attempt to provide our customers with reasonable measures to safeguard our products and services from cybersecurity threats, the potential for a cybersecurity incident remains. In addition, certain of our customers continue to use older digitally enabled products that lack current security features. A cybersecurity incident or other damage or disruption to IT and communications networks, or involving our connected products and services, may have adverse effects on us, our customers or third parties on which we rely by interfering with operations and services, potentially with public health and safety risks involving certain of our customers; disrupting production, supply chain, shipments, billing, collections and customer service; disrupting data analytics or remote monitoring and control of operational systems; enabling unauthorized access, disclosure, misappropriation, misuse, destruction, compromise, or theft of our financial, operational or other proprietary information, including intellectual property and trade secrets, or data pertaining to our employees, customers or suppliers; damaging employee, customer or partner relationships; triggering product recalls, legal claims, or regulatory actions, fines or penalties; increasing prevention and response costs; and harming our brands and reputation. Additionally, application upgrades and software implementations, such as the launch of our Enterprise Resource Planning software, may increase our exposure to such risks as upgrades may have undiscovered vulnerabilities or provide threat actors with new avenues of attack. Any delay in or failure to detect a cybersecurity incident or the full extent of an incident could exacerbate the effects of the incident. To mitigate risks, we maintain policies, standards, procedures, and technologies applicable to all employees and contractors, including: patching; passwords; network and data access; business continuity and disaster recovery plans; monitoring for external and insider risks; technology obsolescence or end-of-life of operating technologies or applications' operating systems; IT general computing controls; network segmentation; secure software development; and system integration testing. As implementation and compliance is the responsibility of employees across the enterprise, we cannot guarantee full adherence with our policies, standards and procedures, or that our technologies will be sufficient to fully mitigate the aforementioned or evolving risks. We, and some third parties upon which we rely, have previously experienced cybersecurity incidents or other attempts from unauthorized parties, including criminal threat actors, nation states, or insiders (including employees or contractors engaged in fraudulent or malicious activities), to gain unauthorized access to IT and connected products and services. As technology, including generative AI models, continue to evolve, such incidents may occur more frequently, affect a broader range of devices, and grow in sophistication, with threat actors leveraging these technologies to develop new attack methods that are increasingly automated, targeted, coordinated and difficult to defend against. To date, none have resulted in any material adverse impacts or theft, misuse, or loss of information of our business, operations, products and services, or customers. Although we maintain a cybersecurity program that we believe is reasonably designed to protect our IT, products and services, the unpredictable and evolving nature of attacks and incidents, and the difficulty of detecting unauthorized access may prevent us from anticipating or preventing intrusions or implementing adequate protective or remedial measures. Additionally, it may take considerable time for us to investigate and evaluate the full impact of cybersecurity incidents, particularly for sophisticated attacks, which may inhibit our ability to provide prompt, full, and reliable information about an incident to our investors, customers, regulators, and the public. While we maintain insurance coverage designed to address aspects of business interruption and cybersecurity risks, such coverage may not be sufficient to cover all losses or all types of claims that may arise. Although we assess risks, implement safeguards to mitigate risks, and conduct business continuity and disaster recovery planning, we cannot ensure that material cybersecurity incidents or other disruptions will not occur, or that our efforts will be fully effective. Any of the foregoing could materially and adversely affect our reputation, competitive position, results of operations, cash flows or financial condition.

We operate in highly competitive markets for our technologies, products and services. The principal points of competition are performance, quality, reliability, price, life cycle cost, security, speed of development and commercialization of new technologies, processes and business models, brand reputation, application expertise, energy efficiency, delivery timeliness, proximity of our service centers to customers, effectiveness of our distribution channels, and customers' experience in doing business with us directly or through our channel partners. Maintaining and improving our competitive position requires successful management of these factors in a volatile business environment marked by rapid change and disruption. Our competitive position and future growth depend on a number of factors, including our ability to: (i) enhance and differentiate our offerings, business models and customer experience through efficiency, security, and the addition of innovative features or technologies, such as AI, that address emerging regulations and trends, meet customers' needs, and prevent commoditization; (ii) defend our market share against an ever-expanding number of competitors, including new or non-traditional competitors from outside our industry, such as large technology firms; (iii) invest in and maintain our network of channel partners; (iv) attract, develop, retain and train talent with commercial, innovation, digital and technical expertise, and understanding of customers' needs to develop and commercialize new technologies; (v) leverage and expand our ecosystem of innovation partners, including universities, venture capital, start-ups, and other technology innovators; (vi) invest in manufacturing, research and development, engineering, sales, marketing, systems modernization, AI, and digitization of customer solution and support tools; (vii) win and execute large contracts on schedule and on budget; and (viii) optimize our supply chain and manufacturing to enable predictable and efficient delivery to customers, and to compete for business subject to procurement laws, regulations and government policies, and regulations governing sustainability and domestic content in various jurisdictions. Competitors may develop and commercialize new technologies, such as AI, more effectively to drive internal efficiencies or create new or enhanced products or services that may adversely affect our competitiveness. Customers may be slow to adopt new solutions and technologies, delaying returns on our innovation investments and impacting our growth. Pricing pressures, tariffs, procurement policies, and disruptive or emerging technologies, such as AI, may require price adjustments or rationalization of certain of our offerings and affect our profitability. As a result, we may not maintain our competitive position or market share, which could adversely affect our business, financial condition, cash flows or results of operations.