Gen Digital Inc. (GEN) Risk Factors

Item 1A. Risk Factors

A description of the risk factors associated with our business is set forth below and in “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” “Legal Proceedings,” “Quantitative and Qualitative Disclosures About Market Risk” and “Controls and Procedures.” The list is not exhaustive, and you should carefully consider these risks and uncertainties before investing in our common stock.

RISKS RELATED TO OUR BUSINESS STRATEGY AND INDUSTRY

If we are unable to develop new and enhanced solutions and products, or continually improve the performance, features, and reliability of our existing solutions and products, our business and operating results could be adversely affected.

Our future success depends on our ability to effectively respond to evolving consumer threats, technological advancements, competitive developments and industry changes, by developing or introducing new and enhanced solutions and products on a timely basis. We have incurred, and will continue to incur, significant research and development expenses, including investments in AI, to drive organic growth and reduce reliance on third-party technologies. If these investments do not produce the anticipated benefits, or if such benefits are delayed, our operating results could be adversely affected.

We must continually address the challenges of dynamic and accelerating market trends and competitive developments. The development and integration of new technologies — including generative AI (“Gen AI”) and machine learning — is complex, time-consuming, and subject to significant risks. New technologies may contain errors, vulnerabilities, or unintended outputs, including incorrect or biased results, that are not easily detectable, which could lead to customer dissatisfaction, reputational harm, litigation, or increased regulatory scrutiny. Customers may also demand features or capabilities that our current solutions do not offer, and failure to innovate in a timely and cost-effective manner could impair our ability to retain existing customers and attract new customers.

The development and introduction of new solutions involve significant commitments of time and resources and are subject to risks and challenges including but not limited to:

•Lengthy development cycles;

•Evolving industry and regulatory standards and technological developments, including AI and machine learning, by our competitors and customers;

•Rapidly changing customer preferences and accurately anticipating technological trends or needs;

•Evolving platforms, operating systems, and hardware products, such as mobile devices;

•Product and service interoperability challenges with customer’s technology and third-party vendors;

•The integration of products and solutions from acquired companies;

12

Table of Contents

•Availability of engineering and technical talent;

•Entering new or unproven market segments;

•New and evolving regulation; and

•Executing new product and service strategies.

In addition, third parties, including, but not limited to, operating systems and internet browser companies, have in the past and may in the future limit the interoperability of our solutions with their own products and services, including to promote competing offerings. Such actions could delay the development of, impair the functionality of, or reduce the demand for our solutions and products, which could result in decreased revenue, harm to our reputation, and adverse effects on our business, financial condition, results of operations, and cash flows.

If we fail to manage these risks effectively, or if our new or improved solutions or products are not technologically competitive or do not achieve market acceptance, our business and operating results could be adversely affected.

We operate in a highly competitive and dynamic environment, and if we are unable to compete effectively, we could experience a loss in market share and a reduction in revenue.

We operate in intensely competitive and dynamic markets characterized by rapid technological developments, evolving industry and regulatory standards and market trends, changing customer requirements and preferences, and frequent new product introductions and improvements. We have experienced, and expect to continue to experience, significant competitive pressures. If we are unable to anticipate or respond effectively to these continually evolving conditions, we could lose market share, experience pricing pressure, and incur reduced revenues, which could materially and adversely affect our business, financial condition, results of operations, and cash flows.

To compete successfully, we must maintain a robust and innovative research and development effort, enhance our existing solutions and products, introduce new offerings on a timely basis, and effectively adapt to changes in the technology, financial technology, AI, privacy and data protection standards and trends.

Our cyber safety and financial wellness businesses compete with a broad range of companies, including established security software vendors, operating system and platform providers, companies who specialize in a niche segment of the cyber safety market and which are expanding their portfolios into competing cyber safety products, traditional banks and credit unions, licensed and non-bank digital financial service providers, specialty finance companies, digital wealth management and brokerage platforms, embedded finance providers, financial marketplaces, and other technology companies. Many of these competitors have longer operating histories, greater brand recognition, larger customer bases, and significantly greater financial, technical, and marketing resources than we do. They may be able to offer more competitive pricing or terms, bundle products more effectively, introduce new, enhanced, broader or more specialized offerings more quickly (including for free), or respond more rapidly to technological and consumer trends. We expect our competition to continue to increase, as there are generally no substantial barriers to entry into the markets we serve.

In addition, operating system and platform providers increasingly incorporate native security, privacy, and financial features into their products, often at no additional cost, which may reduce demand for our offerings or diminish their differentiation. We also depend on strategic distribution and bundling relationships, and partners have in the past replaced, and may in the future replace, our solutions with competing or internally developed offerings, promote competing products more favorably, or limit interoperability. Industry consolidation, vertical integration, and the introduction of new or alternative technologies may further intensify competition.

We cannot be sure that we will accurately predict how the markets in which we compete or intend to compete will evolve. Failure on our part to anticipate changes in our markets and to develop solutions and enhancements that meet the demands of those markets or to effectively compete against our competitors will significantly impair our business, financial condition, results of operations, and cash flows.

Issues in the development and deployment of AI, including generative AI and emerging AI-enabled cyber threats, could expose us to regulatory, privacy, IP, cybersecurity, operational and reputational risks.

We have incorporated, and are continuing to develop and deploy, AI, including Gen AI, into many of our products, solutions and services. AI systems, including AI internally developed and AI present in third party solutions, may be flawed, contain errors or vulnerabilities, reflect unintended bias, or produce inaccurate, misleading or “hallucinatory” outputs, and such deficiencies may not be easily detectable. Customers may rely on AI-generated outputs in making financial, security or other significant decisions. If AI-enabled features in our products produce incorrect, incomplete or biased outputs, we could face claims of misrepresentation, negligence, product liability or other legal theories, as well as customer dissatisfaction, reputational harm and loss of business. Furthermore, we may face allegations of misrepresentations or “AI washing” if our disclosures about our AI capabilities or our AI-related governance are deemed to be exaggerated or misleading, which could result in enforcement actions, litigation or reputational harm.

AI can present ethical issues and may subject us to new or heightened legal, regulatory, ethical, or other challenges, including issues relating to discrimination, intellectual property infringement or misappropriation, violation of rights of publicity, inability to assert ownership of inventions and works of authorship, loss of trade secrets, defamation, data privacy, and cybersecurity; and inappropriate or controversial data practices by third-party partners, developers and end-users, or other factors adversely affecting public opinion of AI, could impair the acceptance of AI solutions, including those incorporated in our products and services. If the AI solutions that we create or use are deficient, inaccurate or controversial, we could incur

13

Table of Contents

operational inefficiencies, competitive harm, legal liability, brand or reputational harm, or other adverse impacts on our business and financial results.

In addition, if we do not have sufficient rights to use the data or other material or content on which our AI tools rely, we also may incur liability through the violation of applicable laws and regulations, third-party intellectual property, privacy or other rights, or contracts to which we are a party. The use or adoption of AI technologies in our products may also result in exposure to claims by third parties of copyright infringement or other intellectual property misappropriation, which may require us to pay compensation or license fees to third parties. For example, the large datasets used to train Gen AI technologies or output generated by Gen AI technologies may contain materials that may subject us to third-party claims of intellectual property infringement or violations of rights of publicity. This risk is exacerbated with respect to our use of third-party Gen AI technologies, as it can be very difficult, if not impossible, to validate the processes used by third-party Gen AI technology providers in their collection and use of training data or the algorithm to produce outputs.

In addition, regulation of Gen AI is rapidly evolving worldwide as legislators and regulators are increasingly focused on these powerful emerging technologies. The technologies underlying Gen AI and its uses are currently subject to a variety of laws and regulations, including intellectual property, privacy, data protection and information security, consumer protection, competition, and equal opportunity laws, and are expected to be subject to increased regulation and new laws or new applications of existing laws and regulations. Gen AI is the subject of ongoing review by various U.S. governmental and regulatory agencies, and various U.S. states and other foreign jurisdictions are applying, or are considering applying, their platform moderation, cybersecurity, and data protection laws and regulations to Gen AI or are considering general legal frameworks for Gen AI. For example, the EU AI Act, which came into force on August 1, 2024, will generally become fully applicable after a two-year transitional period, with certain obligations taking effect at an earlier or later time. The EU AI Act introduces various requirements for AI systems and models placed on the market or put into service in the EU, including specific transparency and other requirements for general purpose AI systems and the models on which they are based. In addition, several U.S. states, such as California and Colorado, have proposed or enacted laws regarding automated decision‑making, deepfakes, algorithmic discrimination and so called “high‑risk” AI technologies (mandating, among other provisions, requirements for risk management, impact assessments, consumer notices and human oversight). At the federal level, a December 2025 executive order endorsed a federal moratorium on enforcement of state AI laws and the White House released in March 2026 a National Policy Framework for Artificial Intelligence, outlining nonbinding legislative recommendations to inform congressional consideration of a unified federal approach to AI regulation. Ongoing tension between the states and the federal government over how best to regulate AI may result in increased uncertainty, risk and compliance costs for our business. If we cannot use AI, or if our use of AI is restricted, it could lead to business disruption, inefficiency, or competitive disadvantage. Replacement of these technologies with compliant alternatives could require substantial capital expenditures or lead to a loss of proprietary data.

Furthermore, because AI technology itself is highly complex and rapidly developing, it is not possible to predict all of the legal, operational or technological risks that may arise relating to the use of AI, including the increased use of agentic AI and the heightened risk it poses to data privacy and cybersecurity. The rapid evolution of AI, including potential government regulation of AI, requires us to invest significant resources to develop, test, and maintain AI in our products and services in a manner that meets evolving requirements and expectations and we may need to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks are inconsistent across jurisdictions. Developing, testing, and deploying AI systems may also increase the cost profile of our offerings due to the nature of the computing costs involved in such systems.

Our acquisitions and divestitures create special risks and challenges that could adversely affect our financial results.

As part of our business strategy, we may acquire or divest businesses or assets. For example, we acquired MoneyLion in April 2025. Our acquisition and divestiture activities have and may continue to involve a number of risks and challenges, including:

•Complexity, time and costs associated with managing these transactions, including the integration of acquired and the winding down of divested business operations, workforce, products, services, IT systems and technologies;

•Challenges in maintaining uniform standards, controls, procedures and policies within the combined organization;

•Challenges in retaining the customers of acquired businesses, providing the same level of service to existing customers with reduced resources, or retaining the third-party relationships, including with suppliers, service providers, and vendors, among others;

•Diversion of management time and attention;

•Loss or termination of employees, including costs and potential institutional knowledge loss associated with the termination or replacement of those employees;

•Assumption of liabilities of the acquired and divested business or assets, including pending or future litigation, investigations or claims related to the acquired business or assets;

•Addition of acquisition-related debt;

•Difficulty entering into or expanding into new markets or geographies;

•Increased or unexpected costs and working capital requirements;

•Dilution of stock ownership of existing stockholders;

14

Table of Contents

•Ongoing contractual obligations and unanticipated delays or failure to meet contractual obligations;

•Regulatory risks, including remaining in good standing with existing regulatory bodies or receiving any necessary approvals, as well as being subject to new regulators with oversight over an acquired business;

•Substantial accounting charges for acquisition-related costs, asset impairments, amortization of intangible assets and higher levels of stock-based compensation expense; and

•Difficulty in realizing potential benefits, including cost savings and operational efficiencies, synergies and growth prospects from integrating acquired businesses.

We may not be able to identify appropriate business opportunities that benefit our business strategy or otherwise satisfy our criteria to undertake such opportunities. Even if we do identify potential strategic transactions, we may not be successful in negotiating favorable terms in a timely manner or at all or in consummating the transaction, and even if we do consummate such a transaction, it may not generate sufficient revenue to offset the associated costs, may not otherwise result in the intended benefits or may result in unexpected difficulties and risks. Macroeconomic factors, such as fluctuating tariffs, trade wars, high inflation, high interest rates, and volatility in foreign currency exchange rates and capital markets could negatively influence our future acquisition opportunities. Moreover, to be successful, large complex acquisitions depend on large-scale product, technology, and sales force integrations that are difficult to complete on a timely basis or at all and may be more susceptible to the special risks and challenges described above. Any of the foregoing, and other factors, could harm our ability to achieve anticipated levels of profitability or other financial benefits from our acquired or divested businesses, product lines or assets or to realize other anticipated benefits of divestitures or acquisitions.

Our revenue and operating results depend significantly on our ability to retain our existing customers and increase their adoption of our offerings, convert existing non-paying customers to paying customers, and add new customers.

It is important to our cyber and financial technology businesses that we retain existing customers and that our customers expand their use of our solutions and products over time. If our efforts to sell additional functionality, products and services to our customers and clients are not successful, our business and growth prospects would suffer. Customers may choose not to renew their membership with us at any time and may stop utilizing our revenue-generating products. For our solutions sold to customers on a monthly or annual subscription basis, renewing customers may require additional incentives to renew, may not renew for the same contract period, or may change their subscriptions. We therefore may be unable to retain our existing customers on the same or more profitable terms, if at all. In addition, we may not be able to accurately predict or anticipate future trends in customer retention or effectively respond to such trends.

Our customer retention rates may decline or fluctuate due to a variety of factors, including the following:

•Our customers’ levels of satisfaction or dissatisfaction with our solutions, the value they place on our solutions and availability of our solutions;

•The quality, breadth, and prices of our solutions, including solutions offered in emerging markets;

•Our general reputation and events impacting that reputation;

•The services and related pricing offered by our competitors; including increasing the availability and efficacy of free solutions;

•Increases in costs we incur and may pass on to our customers in order to offer our products or services;

•Disruption by new services or changes in law or regulations that impact the need for or efficacy of our products and services;

•Changes in auto-renewal and other consumer protection regulations;

•Our customers’ dissatisfaction with our efforts to market additional products and services;

•Our customer service and responsiveness to the needs of our customers;

•Changes in our target customers’ spending levels as a result of general economic conditions, inflationary pressures or other factors; and

•The quality and efficacy of our third-party partners who assist us in renewing customers’ subscriptions.

Declining customer retention rates could cause our revenue to grow more slowly than expected or decline, and our operating results, gross margins and business will be harmed. In addition, our ability to generate revenue and maintain or improve our results of operations partly depends on our ability to cross-sell our solutions to our existing customers and to convert existing non-paying customers to paying customers and add new customers. We may not be successful in cross selling our solutions because our customers may find our additional solutions unnecessary or unattractive. Our failure to sell additional solutions to our existing customers, failure to convert existing non-paying customers to paying customers or add new customers could adversely affect our ability to grow our business.

An important part of our growth strategy involves continued investment in direct marketing efforts, indirect partner distribution channels, expanding partner relationships, freemium channels, our sales force, and infrastructure to add new customers. The number and rate at which new customers purchase our products and services depends on a number of factors, including those outside of our control, such as customers’ perceived need for our solutions and products, competition, general economic conditions, market transitions, product obsolescence, technological change, public awareness of security threats to IT systems,

15

Table of Contents

macroeconomic conditions, and other factors. New customers, if any, may subscribe or renew their subscriptions, or utilize our products and solutions, at lower rates than we have experienced in the past, introducing uncertainty about their economic attractiveness and potentially impacting our financial results.

Additionally, there are inherent challenges in measuring the usage of our products and solutions across our brands, platforms, regions, and internal systems, and therefore, calculation methodologies for direct customer counts may differ, which may impact our ability to measure the addition of new customers and our understanding of certain details of our business. The methodologies used to measure these metrics require judgment and are also susceptible to algorithms or other technical errors. From time to time, we review our metrics and may discover inaccuracies or make adjustments to improve their accuracy, which can result in adjustments to our historical metrics. Our ability to recalculate our historical metrics may be impacted by data limitations or other factors that require us to apply different methodologies for such adjustments. If investors do not perceive our operating metrics to be accurate, or if we discover material inaccuracies with respect to these figures, our reputation may be significantly harmed, and our results of operations and financial condition could be adversely affected.

We may need to change our pricing models to compete successfully.

The intense competition and evolving general and economic business conditions (including rising government debt levels, potential government policy shifts, changing U.S. consumer spending patterns, economic volatility, fluctuating tariff rates, trade wars, and high inflation and interest rates, among other things), may require us to change our pricing practices.

If our competitors offer deep discounts on certain solutions, provide offerings, or offer free introductory products that compete with ours, we may experience pricing pressure and may be unable to retain current customers and clients or attract new customers and clients at consistent prices within our operating budget. To compete effectively, we may need to lower prices, offer promotional or freemium products, or otherwise change our pricing models. Conversely, if we increase prices in response to economic conditions, cost pressures or strategic considerations, we may experience reduced customer acquisition and retention. Any such pricing changes could reduce revenue, margins and profitability.

Additionally, our solutions are discretionary purchases, and customers may reduce or eliminate their discretionary spending during periods of economic uncertainty, inflation, elevated interest rates, trade disruptions or other macroeconomic stress. We have experienced and may continue to experience a material increase in cancellations by customers or reduced retention during such periods.

Many of Avira’s and Avast’s users are freemium subscribers, meaning they do not pay for its basic services, and our growth strategy for their respective products depends upon attracting and converting Avira’s and Avast’s freemium users to a paid subscription option. Numerous factors, however, have previously and may continue to impede our ability to attract and retain free users, convert these users into paying customers and retain them as paying customers.

If we fail to manage our sales and distribution channels effectively, if our partners choose not to market and sell our solutions to their customers, or if we have an adverse change in our relationships with key third-party partners, service providers or vendors, our operating results could be materially and adversely affected.

A significant portion of our revenue is generated through indirect sales and distribution channels, including distributors, resellers, telecom service providers and strategic partners that bundle or incorporate our products into their offerings. In our MoneyLion business specifically, we also depend on channel partners that provide access to consumers – such as news sites, content publishers, product comparison sites and financial institutions – and on product partners that offer financial products through our marketplace platform.

Our channel and partner agreements are generally nonexclusive, impose no minimum sales or marketing commitments and may be terminated or renegotiated at any time, potentially on less favorable terms. Many of our partners frequently offer competing products or services and may prioritize those offerings based on pricing, promotional support, incentives, economics or strategic considerations.

Sales and revenues generated through indirect channels are subject to general economic conditions, competitive dynamics, changes in partner strategy and performance and partner financial health. For example, in our MoneyLion business, our success depends in part on the delivery of qualified consumer lead inquiries and conversions to completed transactions for various financial products to product partners. However, the failure of our marketplace platform to effectively connect and match consumers from our channel partners with product offerings from our product partners in a manner that results in converted customers and increased revenue for such product partners could cause product partners to cease spending marketing funds on our marketplace platform, which could have a material adverse impact on our ability to maintain or increase our marketplace revenue. Any reduction in partner sales efforts, termination of key relationships, delays in payment, adverse changes in commercial terms or other adverse channel developments could materially and adversely affect our revenue, margins and operating results.

In addition, the success of our business and our ability to engage and retain customers in our platform are dependent in part on our ability to produce or acquire popular content, which in turn depends on our ability to retain content creators and rights to content for our platform. We may in the future incur increasing revenue-sharing costs to compensate content creators for producing original content.

We have limited control over our partners’ business practices, and any misconduct, regulatory or legal noncompliance, financial distress, reputational harm or failure to perform involving a partner could negatively affect our brand, customer relationships and operations. If a partner fails to perform its obligations or comply with applicable requirements, our operations and financial results could be negatively impacted.

16

Table of Contents

Consolidation among retailers, online platforms, financial institutions or other distribution intermediaries may increase their negotiating leverage, reduce available distribution channels for us and negatively affect pricing and margins. In our MoneyLion business, changes in product partners’ underwriting standards, marketing budgets, financial condition or strategic priorities could reduce the availability of financial products on our platform, decrease marketing and advertising revenue, delay payments or otherwise negatively affect our results.

In general, any changes in these relationships or loss of these partners or vendors, any failure of them to perform their obligations in a timely manner or at all or if they were to cease to provide such functions for any reason, could degrade the functionality of our platform, materially and adversely affect usage of our products and services, impose additional costs or requirements or disadvantage us compared to our competitors. We also rely on relationships with third-party partners to obtain and maintain customers, and our ability to acquire new customers could be materially harmed if we are unable to enter into or maintain these relationships on terms that are commercially reasonable to us, or at all.

Finally, if we fail to manage our sales and distribution channels successfully, these channels may conflict with one another or otherwise fail to perform as we anticipate, which could reduce our sales and increase our expenses as well as weaken our competitive position.

Changes in industry structure and market conditions have and may continue to lead to charges related to discontinuance of certain products or businesses and asset impairments.

In response to changes in industry structure and market conditions, we have been and may continue to be required to strategically reallocate our resources and consider restructuring, disposing of, or otherwise exiting certain businesses. Any decision to limit investment in or dispose of or otherwise exit businesses has and may continue to result in the recording of special charges, such as technology-related write-offs, workforce reduction costs, charges relating to consolidation of excess facilities, or claims from third parties who were resellers or users of discontinued products. Our estimates with respect to the useful life or ultimate recoverability of our carrying basis of assets, including purchased intangible assets, could change as a result of such assessments and decisions. Our loss contingencies have and may continue to include liabilities for contracts that we cannot cancel, reschedule or adjust with suppliers.

Further, our estimates relating to the liabilities for excess facilities are affected by changes in real estate market conditions. Additionally, we are required to evaluate goodwill impairment on an annual basis and between annual evaluations in certain circumstances. Goodwill impairment evaluations have previously and may result in a charge to earnings.

RISKS RELATED TO OUR OPERATIONS

Our international operations involve risks that could increase our expenses, adversely affect our operating results and require increased time and attention from management.

We derive a significant portion of our revenues from customers located outside of the United States, and we have substantial operations outside of the United States, including engineering, finance, sales and customer support. Our international operations are subject to risks in addition to those faced by our domestic operations, including:

•Difficulties staffing, managing, and coordinating the activities of our geographically dispersed and culturally diverse operations;

•Potential loss of proprietary information due to misappropriation or laws that may be less protective of our intellectual property rights than U.S. laws or that may not be adequately enforced;

•Requirements of foreign laws and other governmental controls, including tariffs, trade barriers and labor restrictions, and related laws that reduce the flexibility of our business operations;

•Fluctuations in currency exchange rates, economic instability and inflationary conditions could make our solutions more expensive or could increase our costs of doing business in certain countries;

•Changes in trade relations arising from policy initiatives or other political factors;

•Regulations or restrictions on the use, import or export of encryption technologies that could delay or prevent the acceptance and use of encryption products and public networks for secure communications;

•Regulations or restrictions regarding the collection, processing, sharing, transfer, portability, security and storage of consumer data (including personal information), including privacy and data protection laws;

•Local business and cultural factors that differ from our normal standards and practices, including business practices that we are prohibited from engaging in by the Foreign Corrupt Practices Act and other anti-corruption laws and regulations;

•Central bank and other restrictions on our ability to repatriate cash from our international subsidiaries or to exchange cash in international subsidiaries into cash available for use in the United States;

•Limitations on future growth or inability to maintain current levels of revenues from international sales if we do not invest sufficiently in our international operations;

•Difficulties in staffing, managing and operating our international operations;

•Costs and delays associated with developing software and providing support in multiple languages;

17

Table of Contents

•Political, social or economic unrest, war, terrorism, regional natural disasters, or export controls and trade restrictions, particularly in areas in which we have facilities and in areas where our engineering and technical development teams are based; and

•Multiple and possibly overlapping tax regimes, which may increase our tax exposure and compliance burden.

The expansion of our existing international operations and entry into additional international markets has required and will continue to require significant management attention and financial resources. These increased costs may increase our cost of acquiring international customers, which may delay our ability to achieve profitability or reduce our profitability in the future. We also have and may continue to face pressure to lower our prices in order to compete in emerging markets, which has previously and could in the future adversely affect revenue derived from our international operations.

It is not possible to predict the broader consequences of existing geopolitical conflicts and other conflicts that may arise in the future, which could include geopolitical instability and uncertainty; adverse impacts on global and regional economic conditions and financial markets, including significant volatility in credit, capital, and currency markets; reduced economic activity; changes in laws and regulations affecting our business, including further sanctions or counter-sanctions which may be enacted; and increased cybersecurity threats and concerns. The ultimate extent to which such conflicts may negatively impact our business, financial condition and results of operations will depend on future developments, which are highly uncertain, difficult to predict and subject to change.

Our future success depends on our ability to attract and retain personnel in a competitive marketplace.

Our future success depends upon our ability to recruit and retain key management, technical (including cyber security and AI experts), sales, marketing, e-commerce, finance and other personnel. Our officers and other key personnel are “at will” employees and we generally do not have employment or non-compete agreements with our employees. Competition is significant for people with the specific skills that we require, including in the areas of AI and machine learning, and especially in the locations where we have a substantial presence and need for such personnel.

To attract and retain talent, we must provide competitive pay packages, including cash and equity-based compensation. Volatility in our stock price may adversely affect the perceived value of our equity compensation and limitations on shares reserved under our equity compensation plans could impair our efforts to attract, retain and motivate necessary personnel. Additionally, changes in immigration laws could impair our ability to attract and retain highly qualified employees. If we are unable to hire and retain qualified employees, or conversely, if we fail to manage employee performance or reduce staffing levels when required by market conditions, our business and operating results could be adversely affected.

We have experienced, and may in the future experience, departures of key personnel, including significant changes to our executive leadership team. The loss of any key employee or the failure to effectively manage succession planning and knowledge transfer could disrupt our operations, including adversely affecting the timeliness of product releases, delaying product development, impairing execution of strategic company initiatives, expending resources to train new hires, or adversely affecting our internal control over financial reporting and our results of operations. If we are unable to attract, retain, motivate and appropriately manage qualified employees, or adjust staffing levels in response to changing business conditions, our business, financial condition, results of operations and future growth prospects could be adversely affected.

If we fail to offer high-quality customer support, our customer satisfaction may suffer and have a negative impact on our business and reputation.

Many of our customers rely on our customer support services to resolve issues, including technical support, billing and subscription issues, that may arise. If demand increases, or our resources decrease, we may be unable to offer the level of support our customers expect. Any failure by us to maintain the expected level of support could reduce customer satisfaction and negatively impact our customer retention and our business.

If the information provided to us by customers or other third parties is incorrect or fraudulent, we may misjudge a customer’s qualifications to receive our products and services and our results of operations may be harmed and could subject us to regulatory scrutiny or penalties.

Our decisions to provide many of our products and services to customers are based partly on information that they provide to us or authorize us to receive from third party sources. To the extent that these customers or third parties provide information to us in a manner that we are unable to verify or if such information is incorrect or fraudulent, our decisioning process may not accurately reflect the associated risk. In addition, data provided by third-party sources, including consumer reporting agencies, is a component of our credit decisions and this data may contain inaccuracies. This may result in the inability to either approve otherwise qualified applicants or reject otherwise unqualified applicants through our platform or accurately analyze credit data, which may adversely impact our business and negatively impact our reputation.

In addition, there is risk of fraudulent activity associated with our business, including as a result of the service providers and other third parties who handle customer information on our behalf. We use identity and fraud prevention tools to analyze data provided by external databases to authenticate the identity of each applicant that signs up for our first-party products and services. However, these checks have failed from time to time and may again fail in the future, and fraud, which may be significant, has and may in the future occur. The level of fraud-related charge-offs on the first-party products and services facilitated through our platform could be adversely affected if fraudulent activity were to significantly increase. We may not be able to recoup funds associated with our first-party products and services made in connection with inaccurate statements, omissions of fact or fraud, in which case our revenue, results of operations, profitability and cash flows will be harmed. High profile fraudulent activity or significant increases in fraudulent activity could also lead to regulatory intervention, negative publicity

18

Table of Contents

and the erosion of trust from our customers, which could negatively impact our results of operations, brand and reputation, and require us to take steps to reduce fraud risk, which could increase our costs.

Our solutions, systems, websites and the data on these sources have been and may continue to be subject to cybersecurity events that could materially harm our reputation and future sales.

Information security risks in the financial technology services industry in particular are significant, in part because of new technologies, the increasing digitalization to conduct financial and other business transactions and the increased sophistication and activities of organized criminals, perpetrators of fraud, hackers, terrorists and other malicious third parties. Well-publicized attacks or breaches affecting companies in the financial services industry, including large-scale attacks by foreign nation state actors and a significant uptick in ransomware/extortion attacks at other companies, have heightened customer and regulatory scrutiny and concern, causing customers to lose trust in the security of the industry in general and resulting in reduced use of our services and increased costs, all of which could have a material adverse effect on our business.

Given the digital nature of our platform, we are an attractive target for attacks designed to impede the performance and availability of our offerings, compromise sensitive information and harm our reputation as a leading cyber security company. In addition, we face the risk of cyberattacks by nation-states and state-sponsored actors, which may increase due to geopolitical tensions. These attacks may target us, our partners, suppliers, vendors or customers. Malicious hackers, state-sponsored actors, insiders and third-party service providers have attempted to penetrate, and in some cases succeeded in penetrating, our networks or those of our vendors. Such attempts are increasing in number and in technical sophistication, including through the use of AI, and have in the past and could in the future expose us and the affected parties, to risk of loss or misuse of proprietary, personal or confidential information or disruptions of our business operations. Additionally, deployment of agentic AI with access to our systems, data, and third-party tools creates an expanded surface for cyberattacks, as threat actors may exploit inadequate controls to manipulate agents into executing unauthorized actions, accessing sensitive information, or initiating malicious transactions, and the autonomous nature of these systems may enable attackers to conduct multi-step attacks that evade traditional security controls before detection occurs.

When a data breach occurs, our information technology systems and infrastructure can be subject to damage, compromise, disruption, and shutdown due to attacks or breaches by hackers or other circumstances, such as error or malfeasance by employees or third-party service providers, phishing, social engineering, account takeovers, vulnerability exploitation, misconfigurations, ransomware, or technology malfunction. A data breach may result in significant legal, financial, and reputational harm, including government inquiries, enforcement actions, litigation (including class actions), and negative publicity. A series of breaches may be determined to be material at a later date in the aggregate, even if they may not be material individually at the time of their occurrence. The occurrence of any of these events, as well as a failure to promptly remedy them when they occur, could compromise our systems and the information stored in our systems and may cause us to lose consumer trust. Any such circumstance could adversely affect our ability to attract and maintain customers as well as strategic partners, cause us to suffer negative publicity or damage to our brand, and subject us to legal claims and liabilities or regulatory penalties. In addition, unauthorized parties might alter information in our databases, which would adversely affect both the reliability of that information and our ability to market and perform our services as well as undermine our ability to remain compliant with relevant laws and regulations.

Techniques used to obtain unauthorized access or to sabotage systems change frequently, are constantly evolving and generally are difficult to recognize and react to effectively, and are increasingly becoming more sophisticated and harder to detect due to the use of “deepfakes”, voice imitation technology and other AI tools. Despite our efforts, we are not always able to anticipate these techniques or to implement adequate or timely preventive or reactive measures. We and our third-party service providers have experienced and may continue to experience such incidents, particularly as we integrate legacy IT infrastructure and systems. Threat actors have previously and could in the future exploit a new vulnerability before we complete our remediation work or identify a vulnerability that we did not effectively remediate. If that happens, there could be unauthorized access to, or acquisition of, data we maintain, and damage to our systems. Our evolving IT environment, including embracing new ways of sharing data and communicating and increasing our internal use of Gen AI, may introduce new attack vectors, and our policies and controls may not keep pace with emerging threats or regulatory requirements.

Finally, the software upon which we rely may contain undetected technical errors or bugs, which may only be discovered after the code has been released for external or internal use. Technical errors or other design defects within the software upon which we rely may result in a negative experience for customers, clients or third-party partners and issues in our provision of our products and services or their functionality, failure to accurately predict or evaluate the suitability of new and existing customers for our products and services, failure to comply with applicable laws and regulations, failure to detect fraudulent activity on our platform, delayed introductions of new features or enhancements or failure to protect consumer data, our intellectual property or other sensitive data or proprietary information. Any technical errors, bugs or defects discovered in the software upon which we rely could result in harm to our reputation, loss of customers, clients or third-party partners, increased regulatory scrutiny, fines or penalties, loss of revenue or liability for damages, any of which could adversely affect our business, financial condition, results of operations and cash flows.

We collect, use, disclose, store or otherwise process personal information and other sensitive data, which is subject to stringent and changing state and federal laws and regulations.

In the operation of our business, particularly in relation to our identity and information protection service and financial wellness offerings, we collect, use, process, store, transmit or disclose (collectively, process) an increasingly large amount of confidential information, including personal information (which includes credit card information and other critical data) from

19

Table of Contents

employees and customers in multiple jurisdictions. This information is subject to a rapidly evolving and increasingly complex framework of federal, state and foreign privacy, data protection and data security laws, as well as contractual obligations.

At the federal level, the Gramm-Leach-Bliley (the GLBA) (along with its implementing regulations) requires disclosures to consumers about our handling of their nonpublic personal information and provides consumers with certain rights to restrict information sharing. Additionally, our investment adviser and broker-dealer subsidiaries are subject to SEC Regulation S-P, which mandates policies and procedures designed to safeguard customer information.

At the state level, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA), and similar comprehensive privacy laws enacted in multiple other U.S. states, provide consumers with rights to access, correct, delete and restrict the use, sale or sharing of their personal information and impose disclosure, governance and data protection obligations on covered businesses. These state laws provide civil penalties for violations, as well as private rights of action for certain data breaches. Additional states continue to enact comprehensive privacy legislation, creating a fragmented and evolving compliance environment that increases operational complexity and costs.

Additionally, the Federal Trade Commission (the FTC) and many state attorneys general, are interpreting federal and state consumer protection laws to impose standards for the online collection, use, dissemination, and security of data. The burdens imposed by the new state privacy laws and other similar laws that may be enacted at the federal and state level may require us to modify our data processing practices and policies, adapt our goods and services and incur substantial expenditures in order to comply. Any failure or perceived failure by us to comply with such obligations has previously and may in the future result in governmental enforcement actions, fines, litigation (including class actions) or public statements against us by consumer advocacy groups or others and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business.

We process personal data relating to individuals in the European Economic Area or the United Kingdom and are subject to the EU General Data Protection Regulation (GDPR) and the UK GDPR, which impose significant compliance obligations, restrict cross-border data transfers and authorize substantial administrative fines for noncompliance. Global privacy and data protection legislation and enforcement are rapidly expanding and evolving, and, in some jurisdictions, may impose data localization laws or cross-border transfer restrictions, which may require us to expand our data storage facilities there or build new ones in order to comply. The expenditure this would require, as well as costs of compliance generally, could harm our financial condition. Additionally, changes to applicable privacy or data security laws could impact how we process personal information and therefore limit the effectiveness of our solutions or our ability to develop new solutions.

Because the interpretation and application of many privacy and data protection laws is uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our products and services and platform capabilities. If so, in addition to the possibility of fines, lawsuits, regulatory investigations, government actions, consumer and merchant actions, and other claims, we could be required to fundamentally change our business activities and practices or modify our platform, which could have an adverse effect on our business. Any violations or perceived violations of these laws, rules and regulations by us, or any third parties with which we do business, may require us to change our business practices or operational structure, including limiting our activities in certain states and/or jurisdictions, addressing legal claims by governmental entities or private actors, sustaining monetary penalties, sustaining reputational damage, expending substantial costs, time and other resources and/or sustaining other harms to our business. Furthermore, our online, external-facing privacy policy and website make certain statements regarding our privacy, information security and data security practices with regard to information collected from our consumers or visitors to our website. Failure or perceived failure to adhere to such practices may result in regulatory scrutiny and investigation, complaints by affected consumers or visitors to our website, reputational damage and/or other harm to our business. If either we, or the third-party partners, service providers or vendors with which we share consumer data, are unable to address privacy concerns, even if unfounded, or to comply with applicable privacy or data protection laws, regulations and policies, it could result in additional costs and liability to us, damage our reputation, inhibit sales and harm our business, financial condition, results of operations and cash flows. Additionally, there often exists a lack of transparency regarding the sources of data (including personal data) used to train or develop third-party AI technologies or how inputs are converted to outputs, and we may not be able to fully validate this process and its accuracy (particularly where it is part of a complex, multi-step process and inaccurate or incomplete information may be compounded across many steps, such as in agentic AI systems).

Our inability to successfully recover from a disaster or other business continuity event could impair our ability to deliver our products and services and harm our business.

We are heavily reliant on our technology and infrastructure to provide our products and services to our customers. We use third-party service providers and vendors, such as our cloud computing web services providers, account transaction and card processing companies, in the operation of certain of our platforms and source certain information from third-parties. For example, we host many of our products using third-party data center facilities and we do not control the operation of these facilities. These facilities are vulnerable to damage, interference, interruption or performance problems from earthquakes, hurricanes, floods, fires, power loss, telecommunications failures, pandemics and similar events. They are also subject to break-ins, computer viruses, sabotage, intentional acts of vandalism and other misconduct. The occurrence of a natural disaster, an act of terrorism, state-sponsored attacks, a pandemic, geopolitical tensions or armed conflicts, and similar events could result in facility closures or other unanticipated problems without adequate notice, which in turn, could result in lengthy interruptions in the delivery of our products and services and negatively impact our sales and operating results.

20

Table of Contents

If an arrangement with a third-party service provider or vendor is terminated or if there is a lapse of service or damage to its systems or facilities, we could experience interruptions in our ability to operate our platform. We also may experience increased costs and difficulties in replacing such third-party service provider or vendor, and replacement services may not be available on commercially reasonable terms, on a timely basis, or at all. In the event of damage or interruption, our insurance policies may not adequately compensate us for any losses that we may incur.

Furthermore, our business administration, human resources, compliance efforts and finance services depend on the proper functioning of our computer, telecommunication and other related systems and operations, which are highly technical and complex. A disruption or failure of these systems or operations because of a disaster, cyberattack or other business continuity event, such as a pandemic, could cause data to be lost or otherwise delay our ability to complete sales and provide the highest level of service to our customers. In addition, we could have difficulty producing accurate financial statements on a timely basis, and deficiencies may arise in our internal control over financial reporting, which may impact our ability to certify our financial results, all of which could adversely affect the trading value of our stock. There are no assurances that data recovery in the event of a disaster would be effective or occur in an efficient manner. If these systems or their functionality do not operate as we expect them to, we may be required to expend significant resources to make corrections or find alternative sources for performing these functions.

We are dependent upon Broadcom for certain engineering and threat response services, which are critical to many of our products and business.

Our Norton branded endpoint security solution has historically relied upon certain threat analytics software engines and other software (the Engine-Related Services) that have been developed and provided by engineering teams that have transferred to Broadcom as part of the Broadcom sale in 2019. The technology, including source code, at issue is shared, and pursuant to the terms of the Broadcom sale, we retain rights to use, modify, enhance and create derivative works from such technology. Broadcom has committed to provide these Engine-Related Services substantially to the same extent and in substantially the same manner, as has been historically provided under a license agreement with a limited term.

As a result, we are dependent on Broadcom for services and technology that are critical to our business, and if Broadcom fails to deliver these Engine-Related Services it would result in significant business disruption, and our business and operating results and financial condition could be materially and adversely affected. Furthermore, if our current sources become unavailable, and if we are unable to develop or obtain alternatives to integrate or deploy them in time, our ability to compete effectively could be impacted and have a material adverse effect on our business. Additionally, in connection with the Broadcom sale, we lost other capabilities, including certain threat intelligence data which were historically provided by our former Enterprise Security business, the lack of which could have a negative impact on our business and products.

Our solutions are complex and operate in a wide variety of environments, systems and configurations, which could result in failures of our solutions to function as designed.

Because we offer complex solutions, errors, defects, disruptions, or other performance problems with our solutions may occur and have occurred. For example, we may experience disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, human or software errors, fraud, security attacks or capacity constraints due to an overwhelming number of users accessing our websites simultaneously. As we continue to expand the number of our customers and the products and services available through our platform, we may not be able to scale our technology to accommodate the increased capacity requirements. The failure of data centers, internet service providers or other third-party service providers or vendors to meet our capacity requirements could result in interruptions or delays in access to our platform or impede our ability to grow our business and scale our operations.

In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. Interruptions in our solutions could impact our revenues, prevent our customers from accessing their accounts, damage our reputation with current and potential customers, expose us to liability, cause us to lose customers, cause the loss of critical data or personal information, prevent us from supporting our platform, products or services or processing transactions with our customers or cause us to incur additional expense in arranging for new facilities and support or otherwise harm our business, any of which could have a material and adverse effect on our business, financial condition, results of operations and cash flows in a disaster recovery scenario.

To the extent we use or are dependent on any particular third-party data, technology or software, we may also be harmed if such data, technology, or software becomes non-compliant with existing regulations or industry standards, becomes subject to third-party claims of intellectual property infringement, misappropriation or other violation, or malfunctions or functions in a way we did not anticipate. Any loss of the right to use any of this data, technology or software could result in delays in the provisioning of our products and services until equivalent or replacement data, technology or software is either developed by us, or, if available, is identified, obtained and integrated, and there is no guarantee that we would be successful in developing, identifying, obtaining or integrating equivalent or similar data, technology or software, which could result in the loss or limiting of our products or services or features available in our products or services.

Negative publicity regarding our brand, solutions and business could harm our competitive position.

Our brand recognition and reputation as a trusted service provider are critical aspects of our business and key to retaining existing customers and attracting new customers. Our business could be harmed due to errors, defects, disruptions or other performance problems with our solutions causing our customers and potential customers to believe our solutions are unreliable.

21

Table of Contents

We may introduce, or make changes to, features, products, services, privacy practices or terms of service that customers and clients do not like, which may materially and adversely affect our brand. Our efforts to build our brand have involved significant expense, and our marketing spend may increase in the near term or in the future and may not generate or maintain brand awareness or increase revenue.

Furthermore, negative publicity, whether or not justified, including intentional brand misappropriation, relating to events or activities attributed to us, our employees, our strategic partners, our affiliates, or others associated with any of these parties, may tarnish our reputation and reduce the value of our brands. Damage to our reputation and loss of brand equity may reduce demand for our solutions and have an adverse effect on our business, operating results and financial condition. Moreover, any attempts to rebuild our reputation and restore the value of our brands may be costly and time consuming, and such efforts may not ultimately be successful.

Our reputation and/or business could be negatively impacted by sustainability and governance matters and/or our reporting of such matters.

The evolving focus from regulators, customers, certain investors, employees, and other stakeholders concerning sustainability and governance matters and related disclosures, both in the United States and internationally, has resulted in, and is likely to continue to result in, increased general and administrative expenses and increased management time and attention spent complying with or meeting sustainability-related requirements and expectations. Our business is subject to evolving reporting standards, including the recent California legislation, Voluntary Carbon Market Disclosures Act, which includes disclosure requirements relating to voluntary carbon offsets and a wide range of environmental marketing claims, and the Corporate Sustainability Reporting Directive, which requires large EU companies to make detailed disclosures in relation to certain sustainability-related issues. We maintain certain sustainability-related initiatives, goals, and/or commitments. If we fail to achieve progress with respect to our sustainability-related initiatives, goals or commitments on a timely and cost-efficient basis, or at all, or if our sustainability-related data, processes and reporting are incomplete or inaccurate, our reputation, business, financial performance and growth could be adversely affected. Additionally, changing federal enforcement priorities and legal interpretations regarding diversity, equity, and inclusion programs present unknown and evolving risks.

We are affected by seasonality, which has in the past and may in the future impact our revenue and results of operations.

Portions of our business are impacted by seasonality. Seasonal behavior in orders has historically occurred in the third and fourth quarters of our fiscal year, which include the important selling periods during the holidays in our third quarter, as well as follow-on holiday purchases and the U.S. tax filing season, which is typically in our fourth quarter. Revenue generally reflects similar seasonal patterns, but to a lesser extent than orders. This is due to our subscription business model, as a large portion of our in-period revenue is recognized ratably from our deferred revenue balance. An unexpected decrease in sales over those traditionally high-volume selling periods may impact our revenue and could have a disproportionate effect on our results of operations for the entire fiscal year.

RISKS RELATED TO LEGAL AND COMPLIANCE

Our solutions are highly regulated, which could impede our ability to market and provide our solutions, increase regulatory scrutiny or adversely affect our business, financial position, results of operations and cash flows.

Our solutions are subject to a high degree of regulation, including a wide variety of international and U.S. federal, state, and local laws and regulations, such as the Fair Credit Reporting Act, the GLBA, the Consumer Financial Protection Act, the Federal Trade Commission Act (the FTC Act), and comparable state laws that are patterned after the FTC Act, the U.S. Foreign Corrupt Practices Act of 1977, U.S. domestic bribery laws, U.S. consumer protection, consumer financial services and banking laws, and U.S. and foreign anti-corruption laws.

We provide, facilitate or market consumer financial products and services, and in certain cases act as a service provider to regulated financial institutions. Therefore, we are subject to the supervisory, regulatory and enforcement authority of federal and state agencies, including the Consumer Financial Protection Bureau (CFPB), the FTC, state banking and consumer finance regulators and state attorneys general. These authorities may exercise authority with respect to our services, or the marketing and servicing of those services, through the oversight of our financial institution partners and suppliers, or by otherwise exercising their supervisory, regulatory or enforcement authority over consumer financial products and services. The regulatory frameworks applicable to our business continue to evolve, including with respect to earned wage access, lending, banking, digital financial services and related activities. If, for example, the CFPB were to expand its supervisory authority by promulgating new regulations or reinterpreting existing regulations, it is possible that the CFPB could be permitted to conduct periodic examination of our business, which may increase our risk of regulatory or enforcement actions.

We maintain a compliance program designed to enable us to comply with all applicable anti-money laundering, anti-terrorism financing and economic sanctions laws and regulations, including the Bank Secrecy Act (BSA), as amended by the USA PATRIOT Act of 2001, and its implementing regulations. This compliance program includes policies, procedures, processes and other internal controls designed to identify, monitor, manage and mitigate the risk of money laundering and terrorist financing and prevent our platform from being used to facilitate business in countries or with persons or entities that are the subject of sanctions administered by Office of Foreign Assets Control and equivalent international authorities or that are otherwise the target of sanctions. These controls include procedures and processes to detect and report potentially suspicious transactions, perform customer due diligence, respond to requests from law enforcement and meet all recordkeeping and reporting requirements related to particular transactions involving currency or monetary instruments. Certain of our subsidiaries may be “financial institutions” under the BSA that are required to establish and maintain a BSA/AML compliance program. Additionally,

22

Table of Contents

we are required to maintain a BSA/AML compliance program under our agreements with our third-party partners, and certain state regulatory agencies have intimated they expect such program to be in place and followed.

Additionally, we are regulated by many state regulatory agencies through licensing and other supervisory or enforcement authority, which includes regular examination by state governmental authorities. For a more detailed description of licensing, see “-- If we fail to operate in compliance with state or local licensing requirements, it could adversely affect our business, financial condition, results of operations and cash flows.”

Our wholly-owned subsidiary, ML Wealth, is registered as an investment adviser under the Investment Advisers Act of 1940 (the Advisers Act) and is subject to regulation by the SEC. The Advisers Act, together with related regulations and interpretations of the SEC, impose numerous obligations and restrictions on investment advisers, including requirements relating to the safekeeping of client funds and securities, limitations on advertising, disclosure and reporting obligations, prohibitions on fraudulent activities, restrictions on agency cross and principal transactions between an adviser and its advisory clients and other detailed operating requirements, as well as general fiduciary obligations.

U.S. federal regulators, state attorneys general or other state enforcement authorities and other governmental agencies have in the past and may in the future take formal or informal actions against us, which and could cause reputational and financial harm to our business, financial condition, results of operations and cash flows. These formal and informal actions may involve inquiries, subpoenas, exams, pending investigations, enforcement matters and litigation by state and federal regulators, cease and desist orders, fines, civil penalties, criminal penalties or other disciplinary action or force us to adopt new compliance programs or policies, remove personnel including senior executives, provide remediation or refunds to customers, or undertake other changes to our business operations, such as limits or prohibitions of our ability to offer certain products and services, or suspension or revocation of one or more of our licenses. Any weaknesses in our compliance management system may also subject us to penalties or enforcement action by the CFPB or state regulators. We have in the past, and may again in the future, enter into settlements, consent decrees and similar arrangements with the FTC, the CFPB, state attorneys generals and other state regulators, and other sovereign regulators and competition authorities such as the United Kingdom’s Competition and Markets Authority (CMA). In addition, certain products we offer, including loans or advance products facilitated through our platform, could be rendered void or unenforceable in whole or in part, which could adversely affect our business, financial condition, results of operations and cash flows. If we fail to manage our legal and regulatory risk in the jurisdictions in which we operate, our business could suffer, our reputation could be harmed and we would be subject to additional legal and regulatory risks. This could, in turn, increase the size and number of claims and damages asserted against us and/or subject us to regulatory investigations, enforcement actions or other proceedings, or lead to increased regulatory concerns. We may also be required to spend additional time and resources on remedial measures and conducting inquiries, beyond those already initiated and ongoing, which could have an adverse effect on our business. Additionally, the highly regulated environment in which our third-party financial institution partners operate may subject us to regulation, which could have an adverse effect on our business, financial condition, results of operations and cash flows. We rely on bank partners, payment processors and other institutions with licensures we do not have to facilitate offerings.

For a discussion of specific legal and regulatory proceedings, inquiries and investigations to which we are currently subject, see Note 18 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K.

The legal and regulatory regimes governing certain of our products and services are uncertain and evolving.

Changes in the laws, regulations and enforcement priorities applicable to our business, including reexamination of current enforcement practices, could have a material and adverse impact on our business, financial condition, results of operations and cash flows. For example, the CFPB may adopt new model disclosures and regulations governing consumer financial services, including regulations defining unfair, deceptive or abusive acts or practices, and they could also issue advisory opinions or other similar soft tools to complement its rulemaking authority that could subject us to new or differing legal and regulatory requirements, which could materially and adversely affect our business. The CFPB’s authority to change or interpret regulations adopted in the past by other regulators, or to rescind or alter past regulatory guidance, could increase our compliance costs and litigation exposure. If the CFPB or other similar regulatory bodies adopt, or customer advocacy groups are able to generate widespread support for, positions that are detrimental to our business, then our business, financial condition and results of operations could be harmed. We and/or our third-party partners may not be able to respond quickly or effectively to regulatory, legislative and other developments.

In particular, the regulatory landscape regarding earned wage access products (including our Instacash product) is uncertain and evolving given rapid growth in the use of such products in recent years. State and federal regulators have in the past and may in the future launch inquiries, reviews or similar investigations or issue new, or change or interpret, regulations or rules relating to earned wage access products, which could result in additional compliance requirements and other risks relating to our current and past business activities as described herein, including with respect to whether such products constitute extensions of credit, fee disclosures, tipping practices, or other consumer protection considerations. These developments may not only result in additional compliance requirements but may also be cited by private plaintiffs or plaintiffs’ attorneys as a basis for litigation, including putative class actions, alleging violations of federal or state consumer protection, lending, or unfair or deceptive acts or practices laws. Additionally, proposals to change the statutes affecting financial services companies are frequently introduced in Congress and state legislatures that, if enacted, could affect our operating environment in substantial and unpredictable ways and may further increase the risk of private litigation or enforcement. We cannot determine with any degree of certainty whether any such legislative or regulatory proposals will be enacted and, if enacted, the ultimate impact that any such potential legislation or implemented regulations, or any such potential regulatory actions by federal or state regulators, would have upon our business or our operating environment. As a result, we could be forced, as we have in the past, to temporarily pause, limit or

23

Table of Contents

permanently cease to offer our earned wage access product in certain states depending on state regulatory regimes. These changes and uncertainties make our business planning more difficult and could result in changes to our business model, impair our ability to offer our existing or planned features, products and services or increase our cost of doing business.

We cannot determine with any degree of certainty whether any legislative or regulatory changes will be enacted and, if enacted, the ultimate impact that any such potential legislation or implemented regulations, or any such potential regulatory actions by federal or state regulators, would have upon our business or our operating environment. These changes and uncertainties make our business planning more difficult and could result in changes to our business model, impair our ability to offer our existing or planned features, products and services or increase our cost of doing business.

In addition, numerous federal and state regulators have the authority to promulgate or change regulations that could have a similar effect on our third-party partners and service providers and restrict their business practices. New laws, regulations, rules, guidance and policies could require us to incur significant expenses to ensure compliance, adversely impact our profitability, limit our ability to continue existing or pursue new business activities, require us to change certain of our business practices or alter our relationships with customers, affect retention of key personnel or expose us to additional costs (including customer remediation). For example, the regulatory frameworks for an open banking paradigm and AI and machine learning technology are evolving and remain uncertain and may affect the operation of our platform and the way in which we use consumer data, AI and machine learning technology, including with respect to consumer protection laws and the laws and regulations governing financial services products. For additional information regarding risks related to the use of AI, see "--Issues in the development and deployment of AI, including generative AI, could expose us to regulatory, privacy, IP, cybersecurity, operational and reputational risks.”

If we fail to operate in compliance with state or local licensing requirements, it could adversely affect our business, financial condition, results of operations and cash flows.

Certain states and localities have adopted laws regulating and requiring licensing, registration, notice filing or other approval by parties that engage in certain activity regarding consumer financial services products such as loans and earned wage access services, life insurance and mortgage transactions, as well as brokering, facilitating and assisting such transactions in certain circumstances, and we currently hold certain state or local licenses. However, the application of some licensing laws to our platform and activities is uncertain and subject to evolving regulatory interpretations including, in particular, as the regulatory landscape regarding earned wage access products develops, as well as increased licensing requirements and regulation of parties engaged in loan solicitation activities.

If we were found to be in violation of applicable state licensing requirements by a court or a state, federal or local enforcement agency, or agree to resolve such concerns by voluntary agreement, we could be subject to or agree to pay fines, damages, injunctive relief (including required modification or discontinuation of our business in certain areas), criminal penalties and other penalties or consequences.

If we expand or modify our business activities, we may be required to obtain additional licenses, and regulators may determine that such licenses were required at an earlier time, potentially resulting in penalties or restrictions. In addition, states that currently impose limited regulation may adopt new licensing or regulatory requirements, including with respect to earned wage access or loan solicitation activities. We may not be able to obtain or maintain all required licenses on acceptable terms, or at all, which could require us to limit or discontinue certain activities. The failure to satisfy those and other regulatory requirements could materially and adversely impact our business.

Certain states may also impose licensing requirements relating to blockchain technologies and digital assets. Although we are not directly involved in the custody, trading or exchange of digital assets and instead rely on a third-party provider, regulatory frameworks governing digital assets continue to evolve and may subject us to additional licensing or compliance obligations.

Because we do not custody digital assets directly and do not maintain insurance covering such assets—and our third-party provider does not maintain separate insurance coverage for customer digital assets—customers transacting in digital assets through our platform may suffer uninsured losses with limited recourse. Any regulatory action, licensing deficiency or customer losses associated with digital asset activities could result in enforcement actions, litigation, reputational harm and adverse impacts on our business.

If loans made by our lending subsidiaries in our consumer lending business are found to violate applicable federal or state interest rate limits or other provisions of applicable consumer lending, consumer protection or other laws, it could adversely affect our business, financial condition, results of operations and cash flows.

In our consumer lending business, we have 34 subsidiaries through which we conduct our consumer lending business. These entities originate loans pursuant to state licenses or applicable exemptions under state law. The loans we originate are subject to state licensing or exemption requirements and federal and state interest rate restrictions, as well as numerous federal and state requirements regarding consumer protection, interest rate, disclosure, prohibitions on certain activities and loan term lengths. We have in the past been, are currently, and may in the future be subject to litigation, investigations, examinations and other proceedings by governmental agencies or private parties relating to the legality of certain lending products or related compliance with applicable laws. If the loans we originate were deemed subject to and in violation of certain federal or state consumer finance or other laws, including the Military Lending Act, we could be subject to fines, damages, injunctive relief (including required modification or discontinuation of our business in certain areas) and other penalties or consequences, and the loans could be rendered void or unenforceable in whole or in part, any of which could have an adverse effect on our business, financial condition, results of operations and cash flows.

24

Table of Contents

If we do not protect our proprietary information and prevent third parties from making unauthorized use of our products and technology, our financial results could be harmed.

Much of our software and underlying technology is proprietary, and thus we are highly dependent on our ability to protect such technology. There is no guarantee that confidentiality agreements, our procedures and copyright, patent, trademark and trade secret laws will be sufficient to protect our technology. For example, patents may not be issued from our pending patent applications and claims allowed on any future issued patents may not be sufficiently broad to protect our technology. Also, these protections may not preclude competitors from independently developing products with functionality or features similar to our products. These measures afford only limited protection, are costly to maintain and may be challenged, invalidated or circumvented by third parties. Accordingly, enforcement of our intellectual property rights may be difficult, particularly in some countries outside of North America in which we seek to market our software products and services, and the absence of internationally harmonized intellectual property laws or the lack of some laws in certain jurisdictions makes it more difficult to ensure consistent protection of our proprietary rights. For example, software piracy has been, and is expected to be, a persistent problem for the software industry, and a loss of revenue to us.

Unauthorized third parties, including our competitors, may reverse engineer, access, obtain, distribute, sell or use the proprietary aspects of our technology, processes, products, information or services without our permission, thereby impeding our ability to promote our platform and possibly leading to customer confusion. Third parties have previously and may in the future also develop similar or superior technology independently by designing around our patents. Our consumer agreements do not require a signature and therefore may be unenforceable under the laws of some jurisdictions. Any legal action to protect proprietary information that we may bring or be engaged in with a strategic partner or vendor could adversely affect our ability to access software, operating system and hardware platforms of such partner or vendor, or cause such partner or vendor to choose not to offer our products to their customers. In addition, any legal action to protect proprietary information that we may bring or be engaged in, could be costly, may distract management from day-to-day operations and may lead to additional claims against us, which could adversely affect our operating results.

In addition to registered intellectual property rights such as trademark registrations, we rely on non-registered proprietary information and technology, such as trade secrets, confidential information, know-how and technical information. The secrecy of such trade secrets and other sensitive information could be compromised, which could cause us to lose the competitive advantage resulting from these trade secrets. For example, there is a risk of employees inadvertently inputting trade secret information into Gen AI technologies, thereby enabling third parties, including our competitors, to access such information. We utilize confidentiality and intellectual property assignment agreements with our employees and contractors involved in the development of material intellectual property for us, which require such individuals to assign such intellectual property to us and place restrictions on the employees’ and contractors’ use and disclosure of our confidential information. However, these agreements may not be self-executing, and we cannot guarantee that we have entered into such agreements containing obligations of confidentiality with each party that has or may have had access to proprietary information, know-how or trade secrets owned or held by us. Additionally, our contractual arrangements may be insufficient, breached or may otherwise not effectively prevent disclosure of, or control access to, our confidential or otherwise proprietary information or provide an adequate remedy in the event of an unauthorized disclosure, which could cause us to lose any competitive advantage resulting from this intellectual property. Individuals that were involved in the development of intellectual property for us or who had access to our intellectual property may make adverse ownership claims to our current and future intellectual property. Likewise, to the extent that our employees, independent contractors or other third parties with whom we do business use intellectual property owned by others in their work for us, disputes may arise as to the rights in related or resulting works of authorship, know-how and inventions.

The measures we have put in place may not prevent misappropriation, infringement or other violation of our intellectual property, proprietary rights or information, and any resulting loss of competitive advantage, and we may be required to litigate to protect our intellectual property or other proprietary rights or information from misappropriation, infringement or other violation by others, which is time-consuming and expensive, could cause a diversion of resources and may not be successful. Additionally, our efforts to enforce our intellectual property and other proprietary rights may be met with defenses, counterclaims and countersuits attacking the validity and enforceability of our intellectual property and other proprietary rights, and if such defenses, counterclaims or countersuits are successful, it could diminish, or we could otherwise lose, valuable intellectual property and other proprietary rights. Any of the foregoing could adversely impact our business, financial condition, results of operations and cash flows.

In addition, the integration of Gen AI may also expose us to risks regarding intellectual property ownership and license rights, particularly if any copyrighted material is embedded in training models or if the output we produce is infringing intellectual property rights. In addition, the use of Gen AI in connection with the creation or development of intellectual property may present challenges in asserting ownership over the resulting output given the position of some courts and intellectual property offices in various jurisdictions that some human contribution is required for intellectual property protection of an AI-generated work.

From time to time, we are party to lawsuits and investigations, which have previously and could in the future require significant management time and attention, cause us to incur significant legal expenses and prevent us from selling our products.

From time to time, we are involved in litigation, investigations, examinations and other legal or administrative proceedings initiated by governmental agencies or private parties. These matters may involve, among other things, labor and employment, discrimination and harassment, commercial disputes, class actions, general contract and tort claims, defamation, data privacy rights, antitrust, fraud, securities (including “blue sky” laws) violations, consumer protection laws, and other regulatory or

25

Table of Contents

compliance issues. Such matters may adversely affect our business, financial condition, results of operations and cash flows. Refer to Note 18 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K.

Due to the consumer-oriented nature of a significant portion of our business and the application of certain laws and regulations, we and other industry participants are regularly named as defendants in litigation alleging violations of federal and state laws and regulations and consumer law torts, including fraud. Many of these legal proceedings involve alleged violations of consumer protection laws. In addition, we have in the past and may in the future be subject to litigation, claims, examinations, investigations, legal and administrative cases and proceedings related to our loan products and other financial services we provide. For instance, our membership model and some of the products and services we offer, including our earned wage access product, Instacash, are relatively novel and have been and may in the future continue to be subject to regulatory scrutiny or interest and/or litigation. Any regulatory action in the future could have a material adverse effect on our business, financial condition, results of operations and cash flows.

The defense, settlement or resolution of legal proceedings may be costly and divert management’s attention from the day-to-day operations of our business. Proceedings may evolve over time, increasing their scope or potential exposure. An unfavorable outcome in a matter could result in significant fines, settlements, monetary damages, or injunctive relief that could negatively and materially impact our ability to conduct our business, results of operations and cash flows. Additionally, in the event we did not previously accrue for such litigation or proceeding in our financial statements, we may be required to record retrospective accruals that adversely affect our results of operations and financial condition.

Finally, we may not be able to maintain insurance coverage on acceptable terms, or at all, and our insurance may not cover all risks or potential liabilities. Any uninsured or underinsured loss could have a material adverse effect on our business, financial condition, results of operations and cash flows.

Third parties have claimed and additional third parties in the future may claim that we infringe their proprietary rights.

Third parties have claimed and additional third parties may claim in the future that we have infringed their intellectual property rights, including claims regarding patents, copyrights and trademarks. For additional information on such claims, please refer to Note 18 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K.

Because of constant technological change in the segments in which we compete, the extensive patent coverage of existing technologies, and the rapid rate of issuance of new patents, it is possible that the number of these claims may grow. In addition, former employers of our former, current or future employees may assert claims that such employees have improperly disclosed to us confidential or proprietary information of these former employers. Any such claim, with or without merit, could result in costly litigation, management distraction and reputational harm. If we are not successful in defending such claims, we could be required to stop selling, delay shipments of, or redesign our solutions, pay monetary amounts as damages, enter into royalty or licensing arrangements, or satisfy indemnification obligations that we have with some of our partners. We cannot assure you that any royalty or licensing arrangements that we may seek in such circumstances will be available to us on commercially reasonable terms or at all.

We license and use software from third parties in our business and generally must rely on those third parties to protect the licensed rights and avoid infringement. Such licenses may terminate, expire or become unavailable on acceptable terms, and licensed technology may become obsolete, defective or incompatible with future versions of our offerings. Failure to comply with license terms could result in termination of rights, damages or operational disruption. If we are unable to obtain or maintain necessary third-party licenses, or if licensors impose more restrictive terms or higher fees or royalties, we may be required to modify our products, obtain alternative technology, incur increased costs or limit certain offerings. Furthermore, incorporating intellectual property or proprietary rights in our products or services licensed from or otherwise made available to us by third parties on a non-exclusive basis could limit our ability to protect the intellectual property and proprietary rights in our products and services and our ability to restrict third parties from developing, selling or otherwise providing similar or competitive technology using the same third-party intellectual property or proprietary rights

Some of our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.

Certain of our products are distributed with software licensed by its authors or other third parties under so-called “open source” licenses. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third parties certain rights of further use. By the terms of certain open source licenses, we could be required to release the source code of our proprietary software (which could include our proprietary source code or AI models) if we combine our proprietary software with open source software in a certain manner. Some open source software may include Gen AI software which may expose us to risks as the intellectual property ownership and license rights, including copyright, of Gen AI software and tools has not been fully interpreted by U.S. courts or been fully addressed by federal, state, or international regulations. In addition to risks related to license requirements, using open source software, including open source software that incorporates or relies on Gen AI, can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. We cannot be sure that all open source, including open source that incorporates or relies on Gen AI, is submitted for approval prior to use in our products. In addition, many of the risks associated with usage of open source, including open source that incorporates or relies on Gen AI, may not or cannot be eliminated and could, if not properly addressed, negatively affect our business.

26

Table of Contents

These claims could result in litigation and if portions of our proprietary AI models or software are determined to be subject to an open-source license, or if the license terms for the open-source software that we incorporate change, we could be required to publicly release all or affected portions of our source code, purchase a costly license, cease offering the implicated products or services unless and until we can re-engineer such source code in a manner that avoids infringement, discontinue or delay the provision of our offerings if re-engineering could not be accomplished on a timely basis or change our business activities, any of which could negatively affect our business operations and potentially our intellectual property rights and help third parties, including our competitors, develop products and services that are similar to or better than ours. In addition, the re-engineering process could require us to expend significant additional research and development resources, and we may not be able to complete the re-engineering process successfully. If we were required to publicly disclose any portion of our proprietary models, it is possible we could lose the benefit of trade secret protection for our models. Use of open-source software may also present additional security risks because the public availability of such software may make it easier for hackers and other third parties to determine how to breach our website and systems that rely on open-source software. Any of these risks associated with the use of open-source software could be difficult to eliminate or manage and, if not addressed, could materially and adversely affect our business, financial condition, results of operations and cash flows.

RISKS RELATED TO OUR LIQUIDITY AND INDEBTEDNESS

Our substantial indebtedness and related debt obligations could limit our financial and operating flexibility and increase our vulnerability to adverse business and economic conditions.

As of April 3, 2026, we had an aggregate of $8,275 million of outstanding indebtedness that will mature in calendar years 2027 through 2033, and $1,495 million, net of our letters of credit, available for borrowing under our revolving credit facility. See Note 10 of the Notes to the Consolidated Financial Statements included in this Annual Report on Form 10-K for further information on our outstanding debt. Our ability to meet expenses, comply with the covenants and the springing maturity provisions under our debt instruments, pay interest and repay principal for our substantial level of indebtedness depends on, among other things, our operating performance, competitive developments, and financial market conditions, all of which are significantly affected by financial, business, economic and other factors. We are not able to control many of these factors. Accordingly, our cash flow may not be sufficient to allow us to pay principal and interest on our debt, including our 6.75% Senior Notes due 2027, 7.125% Senior Notes due 2030 and 6.25% Senior Notes due 2033 (collectively, the Senior Notes), and meet our other obligations. Our level of indebtedness could have other important consequences, including the following:

•We must use a substantial portion of our cash flow from operations to pay interest and principal on the Amended Credit Agreement, our existing Senior Notes, and other indebtedness, which reduces funds available to us for other purposes such as working capital, capital expenditures, other general corporate purposes and potential acquisitions;

•We may be unable to refinance our indebtedness or to obtain additional financing for working capital, capital expenditures, acquisitions or general corporate purposes;

•We have significant exposure to fluctuations in interest rates because borrowings under our senior secured credit facilities bear interest at variable rates;

•Our leverage may be greater than that of some of our competitors, which may put us at a competitive disadvantage and reduce our flexibility in responding to current and changing industry and financial market conditions;

•We may be more vulnerable to an economic downturn or recession and adverse developments in our business;

•We may be unable to comply with financial and other covenants in our debt agreements, which could result in an event of default that, if not cured or waived, may result in acceleration of certain of our debt and would have an adverse effect on our business and prospects and could force us into bankruptcy or liquidation; and

•Changes by any rating agency to our outlook or credit rating could negatively affect the value of our debt and/or our common stock, adversely affect our access to debt markets and increase the interest we pay on outstanding or future debt.

There can be no assurance that we will be able to manage any of these risks successfully. In addition, we conduct a significant portion of our operations through our subsidiaries. Accordingly, repayment of our indebtedness will be dependent in part on the generation of cash flow by our subsidiaries and their respective abilities to make such cash available to us by dividend, debt repayment or otherwise, which may not always be possible. If we do not receive distributions from our subsidiaries, we may be unable to make the required principal and interest payments on our indebtedness.

Our Amended Credit Agreement imposes operating and financial restrictions on us.

Our Amended Credit Agreement contains covenants that limit our ability and the ability of our restricted subsidiaries to:

•Incur additional debt;

•Create liens on certain assets to secure debt;

•Enter into certain sale and leaseback transactions;

•Pay dividends on or make other distributions in respect of our capital stock or make other restricted payments; and

•Consolidate, merge, sell or otherwise dispose of all or substantially all of our assets.

27

Table of Contents

These covenants may adversely affect our ability to finance our operations, meet or otherwise address our capital needs, pursue business opportunities, react to market conditions or may otherwise restrict activities or business plans. A breach of any of these covenants could result in a default. If a default occurs, the relevant lenders could declare the indebtedness, together with accrued interest and other fees, to be immediately due and payable and, to the extent such indebtedness is secured, proceed against any collateral securing that indebtedness.

The failure of financial institutions or transactional counterparties could adversely affect our current and projected business operations and our financial condition and result of operations.

We regularly maintain cash balances with other financial institutions in excess of the FDIC insurance limit. A failure of a depository institution to return deposits could result in a loss or impact access to our invested cash or cash equivalents and could adversely impact our operating liquidity and financial performance.

Additionally, future adverse developments with respect to specific financial institutions or the broader financial services industry may lead to market-wide liquidity shortages, impair the ability of companies to access near-term working capital needs, and create additional market and economic uncertainty. Our general business strategy, including our ability to access existing debt under the terms of our Amended Credit Agreement may be adversely affected by any such economic downturn, liquidity shortages, volatile business environment or continued unpredictable and unstable market conditions. If the current equity and credit markets deteriorate, or if adverse developments are experienced by financial institutions, it may cause short-term liquidity risk and also make any necessary debt or equity financing more difficult, more costly, more onerous with respect to financial and operating covenants and more dilutive. Failure to secure any necessary financing in a timely manner and on favorable terms could have a material adverse effect on our operations, growth strategy, financial performance and stock price and could require us to alter our operating plans.

We rely on a variety of funding sources to support our business model. If our existing funding arrangements are not renewed or replaced or our existing funding sources are unwilling or unable to provide funding to us on terms acceptable to us, or at all, it could have a material adverse effect on our business, financial condition, results of operations and cash flows.

To support the origination of loans, earned wage advances and other receivables on our platform and the growth of our business, we must maintain a variety of funding arrangements. We cannot guarantee that we will be able to extend or replace our existing funding arrangements at maturity on reasonable terms or at all. For example, disruptions in the credit markets or other factors, such as the high inflation and interest rate environment in calendar years 2024, 2025, and to date in 2026, could adversely affect the availability, diversity, cost and terms of our funding arrangements. In addition, our funding sources may reassess their exposure to our industry or our business, including as a result of any significant underperformance of the consumer receivables facilitated through our platform or regulatory developments, in particular regarding earned wage access products, that impose significant requirements on, or increase potential risks and liabilities related to, the consumer receivables facilitated through our platform, and fail to renew or extend facilities or impose higher costs to access our funding. If our existing funding arrangements are not renewed or replaced or our existing funding sources are unwilling or unable to provide funding on terms acceptable to us, or at all, we would need to secure additional sources of funding or reduce our operations significantly, which could have a material adverse effect on our business, financial condition, results of operations and cash flows.

GENERAL RISKS

Adverse macroeconomic conditions have adversely affected and may continue to adversely affect the consumer finance industry and our MoneyLion business.

We operate globally and as a result our business and revenues are impacted by global macroeconomic conditions. Although inflation has moderated from recent peak levels in certain markets, it remains elevated in many regions, and interest rates in the United States and other jurisdictions remain at historically elevated levels compared to the prior decade. Central banks may maintain higher interest rates for an extended period or adjust monetary policy in response to evolving economic conditions. Prolonged periods of elevated interest rates, volatility in financial markets, tightening credit conditions, uncertainty regarding the path of monetary policy, or renewed inflationary pressures have increased, and may continue to increase, our cost of capital and financing expenses. For example, elevated interest rates previously resulted in an increase in our cost of debt. These factors, together with geopolitical instability, armed conflicts, trade tensions, fluctuating tariff rates and policies, and risks of recession or economic slowdown, have had and may continue to have a material adverse effect on our business, financial condition, results of operations and cash flows.

In addition, adverse macroeconomic conditions may cause our MoneyLion product partners to reduce or delay their marketing and advertising expenditures on our platform, which could have a material adverse effect on our business, financial condition, results of operations and cash flows. Uncertainty and negative trends in general economic conditions, including significant tightening of credit markets, historically have created a difficult operating environment for the consumer finance industry. The timing and extent of an economic downturn may also require us to change, postpone or cancel our strategic initiatives or growth plans to pursue shorter-term sustainability. The longer and more severe an economic downturn, the greater the potential adverse impact on us, which could be material.

Many new customers on our MoneyLion platform have limited or no credit history and limited financial resources. Accordingly, such customers have historically been, and may in the future become, disproportionately affected by adverse macroeconomic conditions. Sustained high levels of unemployment or financial stress due to the global macroeconomic conditions, including elevated interest rates and inflation, may increase delinquencies, defaults, non-payments, foreclosures and bankruptcies with respect to our loans and earned wage access products and may reduce customer engagement with our investment and other

28

Table of Contents

financial services. If we are unable to adjust our operations effectively in response to rising unemployment or deteriorating credit conditions, or if we cannot accurately assess borrower creditworthiness or ability to pay for loans, earned wage advances or other MoneyLion products and services, our business, financial condition, results of operations and cash flows could be adversely affected.

Fluctuations in our quarterly financial results have affected the trading price of our stock in the past and could affect the trading price of our stock in the future.

Our quarterly financial results have fluctuated in the past and are likely to vary in the future due to a number of factors, many of which are outside of our control. If our quarterly financial results or our predictions of future financial results fail to meet our expectations or the expectations of securities analysts and investors, the trading price of our outstanding securities could be negatively affected. Volatility in our quarterly financial results may make it more difficult for us to raise capital in the future or pursue acquisitions.

Factors associated with our industry, the operation of our business, and the markets for our solutions may cause our quarterly financial results to fluctuate, including but not limited to:

•Fluctuations in demand for our solutions;

•Disruptions in our business operations or target markets caused by, among other things, terrorism or other intentional acts, outbreaks of disease, or earthquakes, floods or other natural disasters;

•Entry of new competition into our markets;

•Technological changes in our markets;

•Our ability to achieve targeted operating income and margins and revenues;

•Competitive pricing pressure or free offerings that compete with one or more of our solutions;

•Our ability to timely complete the release of new or enhanced versions of our solutions;

•The amount and timing of commencement and termination of major marketing campaigns;

•The number, severity and timing of threat outbreaks and cyber security incidents;

•Loss of customers or strategic partners or the inability to acquire new customers or cross-sell our solutions;

•Changes in the mix or type of solutions and subscriptions sold and changes in consumer retention rates;

•The rate of adoption of new technologies and new releases of operating systems, and new business processes;

•Consumer confidence and spending changes;

•The outcome or impact of litigation, claims, disputes, regulatory inquiries or investigations;

•The impact of acquisitions (and our ability to achieve expected synergies or attendant cost savings), divestitures, restructurings, share repurchase, financings, debt repayments, equity investments and other investment activities;

•Changes in U.S. and worldwide economic conditions, such as economic recessions, the impact of inflation, fluctuations in foreign currency exchange rates including the weakening of foreign currencies relative to USD, which has and may in the future negatively affect our revenue expressed in USD, changes in interest rates, geopolitical conflicts and other global macroeconomic factors on our operations and financial performance;

•The publication of unfavorable or inaccurate research reports about our business by cybersecurity industry analysts;

•The success of our sustainability initiatives;

•Changes in tax laws, rules and regulations;

•Changes in tax rates, benefits and expenses; and

•Changes in consumer protection laws and regulations.

Any of the foregoing factors could cause the trading price of our outstanding securities to fluctuate significantly.

We may be required to issue shares under our contingent value rights agreement.

In connection with the MoneyLion acquisition, we entered into a Contingent Value Rights Agreement dated April 17, 2025 (the “CVR Agreement”) governing the terms of the CVRs. Each CVR entitles its holder to receive $23.00 in shares of common stock, par value $0.01 per share, of Gen Digital (CVR Consideration) if, on any date prior to the second anniversary of the closing, (i) the Average VWAP (as defined in the CVR Agreement) of our common stock for 30 consecutive trading days is equal to or greater than $37.50 (subject to certain adjustments) or (ii) we undergo a change of control (each, a “CVR Requirement” and collectively the “CVR Requirements”). To the extent neither of the CVR Requirements are met, the CVR holders would not be entitled to receive the CVR Consideration. To the extent we are required to issue shares to the CVR holders under the CVR Agreement, our stockholders may be diluted. For additional information on our obligations under the CVR Agreement, refer to Exhibit [10.42] to this Annual Report on Form 10-K for a copy of the CVR Agreement.

29

Table of Contents

RISKS RELATED TO TAXES

Changes to our effective tax rate, including through the adoption of new tax legislation or exposure to additional income tax liabilities, could increase our income tax expense and reduce (increase) our net income (loss), cash flows and working capital. In addition, audits by tax authorities could result in additional tax payments for prior periods.

We are a multinational company dual headquartered in the U.S. and the Czech Republic, with our principal executive offices in Tempe, Arizona. As such, we are subject to tax in multiple U.S. and international tax jurisdictions. Our effective tax rate could be adversely affected by several factors, many of which are outside of our control, including:

•Changes to the U.S. federal income tax laws, including forthcoming regulations implementing the One Big Beautiful Bill Act and other changes to the way that our U.S. tax liability is calculated. Such changes could result in significant retroactive adjustments adding cash tax payments/liabilities if adopted;

•Changes to other tax laws, regulations, and interpretations thereof in multiple jurisdictions in which we operate. The Organisation for Economic Co-operation and Development (“OECD”) has proposed certain tax reforms, which, among other things, (1) shift taxing rights to the jurisdiction of the consumer (“Pillar One”) and (2) establish a global minimum tax rate of 15% for multinational companies (“Pillar Two”). Ireland, Czech Republic and certain jurisdictions in which we operate have enacted legislation to implement Pillar Two and other countries are actively considering changes to their tax laws to adopt certain parts of the OECD’s proposals. Additionally, on June 28, 2025, the G7 released a joint statement that it had reached an understanding with the United States for a side-by-side system based on certain accepted principles, including that U.S.-parented groups would be exempt from certain provisions of Pillar Two. Furthermore, several countries have proposed or adopted digital services taxes on revenue earned by multinational companies from the provision of certain digital services, regardless of physical presence;

•Changes in the relative proportions of revenues and income before taxes in the various jurisdictions in which we operate that have differing statutory tax rates;

•Changes in the valuation of deferred tax assets and liabilities and the discovery of new information in the course of our tax return preparation process;

•The ultimate determination of our taxes owed in any of these jurisdictions is for an amount in excess of the tax provision we have recorded or reserved for;

•The tax effects of, and tax planning and changes in tax rates related to significant infrequently occurring events (including acquisitions, divestitures and restructurings) that may cause fluctuations between reporting periods;

•Tax assessments, or any related tax interest or penalties, that could significantly affect our income tax expense for the period in which the settlements take place; and

•Taxes arising in connection with changes in our workforce, corporate and legal entity structure or operations as they relate to tax incentives and tax rates.

We continue to assess the overall impact of these potential changes as developments occur and will reflect the impact of such changes in future financial statements as appropriate.

From time to time, we receive notices that a tax authority in a particular jurisdiction believes that we owe a greater amount of tax than we have reported to such authority and we are consequently subject to tax audits. These audits can involve complex issues, which may require an extended period of time to resolve and can be highly judgmental. Additionally, our ability to recognize the financial statement benefit of tax refund claims is subject to change based on a number of factors, including but not limited to, changes in facts and circumstances, changes in tax laws, correspondence with tax authorities, and the results of tax audits and related proceedings, which may take several years or more to resolve. We ultimately sometimes have to engage in litigation to achieve the results reflected in our tax estimates, and such litigation can be time consuming and expensive. If the ultimate determination of our taxes owed in any of these jurisdictions is for an amount in excess of the tax provision we have recorded or reserved for, our operating results, cash flows, and financial condition could be materially and adversely affected.

Our corporate and legal entity structure and intercompany arrangements are subject to the tax laws of various jurisdictions, and we could be obligated to pay additional taxes, which would harm our results of operations.

We generally conduct our international operations through wholly-owned subsidiaries and are or may be required to report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The amount of taxes we pay in different jurisdictions may depend on a variety of factors including the application of the tax laws of those various jurisdictions (including the U.S.) to our international business activities, changes in tax rates, new or revised tax laws or interpretations of existing tax laws and policies, and our ability to operate our business in a manner consistent with our corporate structure and intercompany arrangements. The relevant taxing authorities have in the past and may in the future disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position was not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.