Risk Factors - ADBE

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

As previously discussed, our actual results could differ materially from our forward-looking statements. Below we discuss some of the factors that could cause these differences. The occurrence of these and many other factors described in this report, and factors that we do not presently know or that we currently believe to be immaterial, could materially and adversely affect our operations, performance and financial condition. Many factors affect more than one category and the factors are not in order of significance or probability of occurrence because they have been grouped by categories.

Risks Related to Our Ability to Grow Our Business

We may be unsuccessful at innovating in response to rapid technological or industry changes to meet customer needs, which could cause our operating results to suffer.

We operate in rapidly evolving industries and expect the pace of innovation to continue to accelerate. We must continually introduce new, and enhance existing, products, services and solutions to retain customers and attract new customers. Developing new products, services and solutions is complex, requires significant investment and operational costs and may not be profitable, and our investments in new technologies are speculative and may not yield the expected business or financial benefits. The commercial success of new or enhanced products, services and solutions depends on a number of factors, including timely and successful development; effective distribution and marketing; market acceptance; compatibility with existing and emerging standards, platforms, software delivery methods and technologies; accurately predicting and anticipating customer needs and expectations and the direction of technological change; identifying and innovating in the right technologies; and differentiation from other products, services and solutions. If we fail to anticipate or identify technological, creative or marketing trends or fail to devote appropriate resources to adapt to such trends, our business could be harmed. If we fail to anticipate or identify technological trends or fail to devote appropriate resources to adapt to such trends, our business could be harmed. For example, generative artificial intelligence technologies enable users of all skill levels to create and provide new ways of marketing, creating content and interacting with documents, which could significantly disrupt industries in which we operate and our existing products, services and solutions and our business may be harmed if we fail to invest or adapt. While we have released new generative artificial intelligence products, such as Adobe Firefly, and are focused on enhancing the artificial intelligence (“AI”) capabilities of our products and incorporating AI across existing products, services and solutions, there can be no assurance that our new or enhanced products and AI innovations will be successful, adopted or monetizable or that we will innovate effectively to keep pace with the rapid evolution of AI across our offerings. While we have released new generative artificial intelligence products, such as Adobe Firefly, and are focused on enhancing the artificial intelligence (“AI”) capabilities of such products and incorporating AI into existing products, services and solutions, there can be no assurance that our products will be successful or that we will innovate effectively to keep pace with the rapid evolution of AI across our Creative Cloud, Document Cloud and Experience Cloud. If we do not successfully innovate, adapt to rapid technological or industry changes and meet customer needs, our business and our financial results may be harmed. If we do not successfully innovate, adapt to rapid technological changes and meet customer needs, our business and our financial results may be harmed.

Issues relating to the development and use of AI, including generative AI, in our offerings may result in reputational harm, liability and adverse financial results. Issues relating to the development and use of AI, including generative AI, in our offerings may result in reputational harm, liability and adverse financial results.

Social, ethical and operational issues relating to the use of AI, including generative AI, in our offerings may result in reputational harm, liability and additional costs.Social and ethical issues relating to the use of AI, including generative AI, in our offerings may result in reputational harm, liability and additional costs. We are increasingly incorporating AI technologies, developed by us and by third parties, into many of our offerings. We are increasingly incorporating AI technologies into many of our offerings. If our AI development, deployment, content labeling or governance is ineffective or inadequate, it may result in incidents that impair the public acceptance of AI solutions or cause harm to individuals, customers or society, or result in our offerings not working as intended or producing unexpected outcomes.

Jurisdictions around the world are developing and passing new regulations that apply specifically to the use of AI. For example, the EU AI Act was adopted in 2024 and will be implemented in phases through 2030, and other jurisdictions are considering similarly focused legislation. These regulations and the evolving AI regulatory environment may, among other impacts, result in inconsistencies among AI regulations and frameworks across jurisdictions, increase our compliance, governance and research and development costs, increase our exposure to claims related to our AI models and increase liability related to the use of AI by our customers or users that are beyond our control. While we have taken a responsible approach to the development and use of AI, such as in our Adobe Firefly offerings, there can be no guarantee that future AI regulations will not adversely impact us or conflict with our approach to AI, including affecting our ability to make our AI offerings available without costly changes, delaying or halting development of AI offerings, requiring us to change our AI development practices, monetization strategies and/or indemnity protections and subjecting us to additional compliance requirements, regulatory action, competitive harm, reputational harm and/or legal liability. While we have taken a responsible approach to the development and use of AI in our offerings, there can be no guarantee that future AI regulations will not adversely impact us or conflict with our approach to AI, including affecting our ability to make our AI offerings available without costly changes, requiring us to change our AI development practices, monetization strategies and/or indemnity protections and subjecting us to additional compliance requirements, regulatory action, competitive harm or legal 22Table of Contentsliability. To the extent we rely on third-party AI models in our products, services and solutions, we will face risks inherent in how those models have been developed and deployed, including situations in which the third party may lack a proper license or consent for the training data used for their model. In addition, new competition regulations on AI development and deployment could impose new requirements on our markets that could impact our business and financial results. In addition, new competition regulation on AI development and deployment could impose new requirements on our markets that could impact our business and financial results.

Uncertainty around new and evolving AI uses may require significant, additional investment to develop models and proprietary datasets, responsible-use frameworks and new approaches and processes to attribute or compensate content creators. We have experienced, and may in the future experience, challenges accessing AI models, datasets or hardware. Developing, testing and deploying AI systems may also increase the cost of our offerings, including due to the nature of the computing costs

23

---

Table of Contents

involved in such systems. These costs could adversely impact our margins as we continue to make significant investments in AI development, add AI capabilities to our offerings and scale our AI offerings without assurance that our customers and users will adopt them. These costs could adversely impact our margins as we continue to add AI capabilities to our offerings and scale our AI offerings without assurance that our customers and users will adopt them. Further, as with any new offerings based on new technologies, consumer reception and monetization pathways are uncertain, our strategies may not be successful and our business and financial results could be adversely impacted. New AI offerings and technologies could modify workforce needs, result in negative publicity about AI and decrease demand for our existing products, services and solutions, all of which could adversely impact our business. New AI offerings and technologies could disrupt workforce needs, result in negative publicity about AI and have the potential to affect demand for our existing products, services and solutions, all of which could adversely impact our business.

We participate in rapidly evolving and intensely competitive markets, and, if we do not compete effectively, our operating results could suffer. We participate in rapidly evolving and intensely competitive markets, and, if we do not compete effectively, our operating results could suffer.

The markets for our products, services and solutions are rapidly evolving and intensely competitive. We expect competition to continue to intensify. Our numerous competitors range in size from diversified global companies with significant sales and research and development resources, broad brand awareness, long operating histories or access to large customer bases to small companies whose specialized focuses may allow them to more easily and effectively deploy technical, marketing and financial resources. Our competitors range in size from diversified global companies with significant sales and research and development resources, broad brand awareness, long operating histories or access to large customer bases to small, specialized companies whose narrow focuses may allow them to be more effective in deploying technical, marketing and financial resources. Our competitors may develop or acquire products, services or solutions that are similar to ours or that achieve greater or faster acceptance, may undertake more far-reaching and successful product development efforts or marketing campaigns or may adopt more aggressive pricing policies. Our competitors may develop products, services or solutions that are similar to ours or that achieve greater acceptance, may undertake more far-reaching and successful product development efforts or marketing campaigns, or may adopt more aggressive pricing policies. As a result, current and potential customers may select the products, services or solutions of our competitors. Further, our future success depends on our continued ability to effectively appeal to businesses and consumers. New industry standards, evolving distribution models, limited barriers to entry, short product life cycles, customer price sensitivity, global market conditions and the frequent entry of new products or competitors may increase downward pressure on pricing and gross margins and adversely affect our renewal, upsell and cross-sell rates as well as our ability to attract new customers. In addition, we expect to face more competition as AI continues to advance and be integrated into the markets in which we compete. In addition, we expect to face more competition as AI continues to be integrated into the markets in which we compete. Our competitors or other third parties may incorporate AI into their offerings more successfully and efficiently than we do and achieve greater and faster adoption, which could impair our ability to compete effectively and adversely affect our business and financial results. Our competitors or other third parties may incorporate AI into their offerings more successfully than we do and achieve greater and faster adoption, which could impair our ability to compete effectively and adversely affect our business and financial results. Other companies have, or in the future may obtain, proprietary rights that would prevent, limit or interfere with our ability to make, use or sell our AI offerings. Further, we expect AI offerings to be highly competitive and rapidly evolving. Further, we expect the markets for standalone AI offerings to be highly competitive and rapidly evolving. For example, we face increasing competition from companies offering generative AI capabilities, including text-to-image, text-to-video and multi-modal offerings that compete directly with our creative offerings. For example, we face increasing competition from companies offering text-to-image generative AI technology that may compete directly with our own creative offerings. If we are not able to provide products, services and solutions that compete effectively, we could experience reduced sales and our business could be adversely affected. For additional information regarding our competition and the risks arising out of the competitive environment in which we operate, see the section titled “Competition” contained in Part I, Item 1 of this report.

If our reputation or our brands are damaged, our business and financial results may be adversely affected.

We believe our reputation and brands have been, and we expect them to continue to be, important to our business and financial results. Maintaining and enhancing our brands may require us to make substantial investments and these investments may not be successful. We have experienced, and may in the future experience, reputational harm from, among other things, the introduction of new products, features, services, or terms that do not meet customer expectations; our position on or approach to new and evolving technologies, including AI; backlash from customers, the creative community, government entities or other stakeholders that disagree with our product offering decisions or public policy, ethical or political positions; significant litigation or regulatory actions that negatively reflect on our business practices; data security breaches or compliance failures; and public scrutiny or negative publicity, including being the target of media and social media campaigns, criticizing our actual or perceived actions or inactions, policies, terms, agreements, handling of user privacy, data practices or content. There are numerous ways that our reputation or brands could be damaged, including, among other things, introduction of new products, features or services that do not meet customer expectations, our position on or approach to new and evolving technologies, backlash from customers, government entities or other stakeholders that disagree with our product offering decisions or public policy positions, significant litigation or regulatory actions that negatively reflect on our business practices, our action or inaction or actual or perceived failure to meet our commitments on environmental, social and governance, ethical or political issues, public scrutiny regarding our handling of user privacy, data practices or content, data security breaches or compliance failures, or our approach to AI. Further, our brands may be negatively affected by uses of our products, services or solutions, particularly our AI offerings, in ways that are out of our control, such as to create or disseminate content that is deemed to be misleading, deceptive or intended to manipulate public opinion, or for illicit, objectionable or illegal ends, or by our failure to respond appropriately and in a timely manner to such uses. Such uses may result in controversy or claims related to defamation, rights of publicity, illegal content, intellectual property infringement, harmful content, misinformation and disinformation, harmful bias, misappropriation, data privacy, derivative uses of third-party AI and personal injury torts. If we fail to appropriately respond to objectionable content created using our products, services or solutions or shared on our platforms, our users may lose confidence in our brands. Entry into markets with weaker protection of brands or changes in the legal systems in countries in which we operate may also impact our ability to protect our brands. If we fail to maintain, enhance or protect our brands, or if we incur excessive expenses in our efforts to do so, our users’ trust in us and purchasing decisions and our business and financial results may be adversely affected. If we fail to maintain, enhance or protect our brands, or if we incur excessive expenses in our efforts to do so, our business and financial results may be adversely affected.

24

---

Table of Contents

We may not realize the anticipated benefits of investments or acquisitions, and they may disrupt our business and divert management’s attention.

Investments and acquisitions involve numerous risks and uncertainties, the occurrence of which may have an adverse effect on our business. These risks and uncertainties include:

•inability to achieve the financial and strategic goals of the investment or acquisition;

•difficulty in effectively integrating the operations, technologies, products, services, solutions, culture or personnel of the acquired business;

•disruption of our ongoing business and distraction of our management and other personnel;

•challenges to completing or failure to complete an announced investment or acquisition related to the failure to obtain regulatory approval, or the need to satisfy certain conditions precedent to closing such transaction (such as divestitures, ownership or operational restrictions or other structural or behavioral remedies) that could limit the anticipated benefits of the transaction;

•entry into markets in which we have minimal prior experience and where competitors in such markets have stronger market positions;

•inability to retain personnel, key customers, distributors, vendors and other business partners of the acquired business;

•delay in customer and distributor purchasing decisions due to uncertainty about the direction of our product and service offerings;

•incurring higher than anticipated costs to effectively integrate an acquired business, to bring an acquired company into compliance with applicable laws and regulations, additional compensation issued or assumed in connection with an acquisition, to divest products, services or solutions acquired in unsuccessful investments or acquisitions, to amortize costs for acquired intangible assets or because of our inability to take advantage of anticipated tax benefits;

•increased collection times, elevated delinquency or bad debt write-offs related to receivables of an acquired business we assume;

•difficulty in maintaining controls, procedures and policies during the transition and integration and inability to conclude that our internal controls over financial reporting are effective;

•potential identified or unknown security vulnerabilities in acquired products that expose us to additional security risks or delay our ability to integrate the product into our offerings;

•exposure to litigation or other claims in connection with, or inheritance of claims or litigation risk as a result of, an acquisition;

•incurrence of additional debt to finance an acquisition, which will increase our interest expense and leverage, and/or issuance of equity securities to finance acquisitions, which will dilute current shareholders’ percentage ownership and earnings per share; and

•failure to identify significant problems, liabilities or other challenges during due diligence.

Our ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by adverse economic and political events, including trade tensions, and increased global scrutiny and evolving regulatory expectations relating to acquisitions and strategic investments.23Table of ContentsOur ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by adverse economic and political events, including trade tensions, and increased global scrutiny of acquisitions and strategic investments. We may not be able to complete acquisitions or other strategic transactions to realize the anticipated benefits of such acquisitions or transactions on favorable terms, or at all, including as a result of challenges in obtaining regulatory approvals, and may incur additional costs. For example, we have experienced difficulties in obtaining regulatory approvals, resulting in the termination of a previously announced acquisition and the incurrence of additional costs. Any of these factors may adversely affect our financial condition or results of operations.

25

---

Table of Contents

Risks Related to the Operation of Our Business

Service interruptions or failures of our or third-party information technology systems may impair the availability of our products, services and solutions, which may expose us to liability, damage our reputation and harm our future financial results.

Much of our business, including our online store at adobe.com and our cloud solutions, relies on hardware and services that are hosted, managed and controlled directly by us or third-party service providers to be available to our customers and users without disruption.com and our Creative Cloud, Document Cloud and Experience Cloud solutions, relies on hardware and services that are hosted, managed and controlled directly by us or third-party service providers to be available to customers and users without disruption. We do not have redundancy for all our systems, many of our critical applications (“Apps”) reside in only one of our data centers, and our disaster recovery planning may not account for all eventualities. We do not have redundancy for all our systems, many of our critical applications (“apps”) reside in only one of our data centers, and our disaster recovery planning may not account for all eventualities. If any critical third-party service provider of hosting or content delivery services is negatively affected or becomes unavailable to us for any reason, we may not be able to deliver the corresponding products, services or solutions to our customers and users. Failure of our systems or those of our third-party service providers could cause large, system-wide failures, disrupt our business operations and those of our customers, subject us to reputational harm, require costly and time-intensive notifications, and cause us to lose customers, users and future business. Failure of our systems or those of our third-party service providers could disrupt our business operations and those of our customers, subject us to reputational harm, require costly and time-intensive notifications, and cause us to lose customers, users and future business. Occasionally, we migrate data among data centers and to third-party hosted environments. If a transition among data centers or to third-party service providers encounters unexpected interruptions, unforeseen complexity or unplanned disruptions despite precautions undertaken during the process, this may impair our delivery of products, services and solutions to customers and result in increased costs and liabilities, which may harm our operating results, reputation and our business.

It is also possible that hardware or software failures or errors in our systems (or those of our third-party service providers) could result in data loss or corruption, cause the information that we collect or maintain to be incomplete or contain inaccuracies that our customers regard as significant, or cause us to fail to meet committed service levels or comply with applicable notification requirements or other relevant contractual obligations to our customers. Furthermore, our ability to collect and report data may be delayed or interrupted by a number of factors, including access to the internet, the failure of our network or software systems, security breaches or significant variability in visitor traffic on customer websites. We may also find, on occasion, that we cannot deliver data and reports to our customers in near real-time due to factors such as significant spikes in customer activity on their websites or failures of our network or software (or that of a third-party service provider). If we fail to plan infrastructure capacity appropriately and expand it proportionally with the needs of our customer and user base, and we experience a rapid and significant demand on the capacity of our data centers or those of third parties, service outages or performance issues could occur, which may impact our customers. Such a strain on our infrastructure capacity may subject us to regulatory and customer notification requirements, violations of service level agreement commitments or financial liabilities and result in customer dissatisfaction or harm our business. If we supply materially inaccurate information or experience significant interruptions in our systems, our reputation could be harmed, we could lose customers and we could be found liable for damages or incur other losses.

Security incidents, improper access to or disclosure of our customers’ data or other cybersecurity incidents may harm our reputation and materially and adversely affect our business.Security incidents, improper access to or disclosure of our customers’ data or other cyber incidents may harm our reputation and materially and adversely affect our business.

Our products, services and solutions collect, store, manage and otherwise process third-party data, including our customers’ data and our own data. Such products, services and solutions as well as our technologies, systems and networks have been subject to, and may in the future be subject to, cyberattacks, computer viruses, ransomware or other malware, fraud, worms, social engineering, denial-of-service attacks, malicious software programs, insider threats and other cybersecurity incidents that have in the past, and may in the future, result in the unauthorized access, disclosure, acquisition, use, loss or destruction of sensitive personal or business data belonging to us, our employees and our customers.

Cybersecurity incidents can be caused by human error from our workforce or that of our third-party service providers, by malicious third parties, acting alone or in groups, or by more sophisticated organizations, including nation-states and state-sponsored organizations. Cybersecurity incidents can be caused by human error from our workforce or that of our third-party service providers, by malicious third parties, acting alone or in groups, or by more sophisticated organizations, including nation-states and state-sponsored organizations. Such risks may be elevated in connection with geopolitical tensions, including the Russia-Ukraine war and the conflict in the Middle East. Such risks may be elevated in connection with geopolitical tensions, including the Russia-Ukraine war. Certain unauthorized parties have in the past managed, and may in the future manage, to overcome our security measures and those of our third-party service providers to access and misuse systems and software by exploiting defects in design or manufacture, including bugs, vulnerabilities and other problems that unexpectedly compromise the security or operation of a product or system. Further, unauthorized parties may also gain physical access to our facilities and infiltrate our information systems or attempt to gain logical access to our products, services or information systems to access content and data and may result in computer viruses, worms, ransomware or other malware. Further, unauthorized parties may also gain physical access to our facilities and infiltrate our information systems or attempt to gain 25Table of Contentslogical access to our products, services or information systems to access content and data. Malicious third parties have in the past, and may in the future, fraudulently induce our employees or users of our products, services or solutions to disclose sensitive, personal or confidential information via illegal electronic spamming, phishing, social engineering or other tactics, and this risk is heightened in our current hybrid model working environment. Further, malicious third parties have in the past attempted, and may in the future attempt, to fraudulently induce our employees or users of our products, services or solutions to disclose sensitive, personal or confidential information via illegal electronic spamming, phishing or other tactics, and this risk is heightened in our current hybrid model working environment. Malicious actors may also engage in fraudulent or abusive activities through our products, services and solutions, including unauthorized use of accounts through stolen credentials, use of stolen credit cards or other payment vehicles, failure to pay for services accessed, or other activities that

26

---

Table of Contents

violate our terms of service. While we actively combat such fraudulent activities, we have experienced, and may in the future experience, impacts to our revenue from such activities.

Maintaining the security of our products, services and solutions is a critical issue for us and our customers. We devote significant resources to address security vulnerabilities through various methods, including, but not limited to, engineering more secure products, enhancing security and reliability features in our products and systems, regularly reviewing our service providers’ security controls, and continually assessing and improving, as appropriate, our incident response process. However, it is impossible to accurately predict the extent, frequency or impact cybersecurity issues may have on us, and our security measures do not provide full effective protection from all such events. The costs to prevent, eliminate, mitigate or remediate cybersecurity or other security problems and vulnerabilities are significant and may reduce our margins. Breaches of our security measures and the accidental loss, inadvertent disclosure or unauthorized dissemination of proprietary information or sensitive, personal or confidential data about us, our employees, our customers or their end users, including the potential loss or disclosure of such information or data have in the past, and could in the future, expose us, our employees, our customers or other individuals affected to a risk of loss or misuse of this information. Further, our efforts to address these problems, including notifying affected third parties when appropriate, have in the past been, and may in the future be, unsuccessful or delayed, which could result in business interruptions, cessation of service, loss of existing or potential customers and reputational harm. Actual or perceived security vulnerabilities or incidents have resulted in, and may result in additional, claims or litigation and liability or fines, costly and time-intensive notice requirements, governmental inquiry or oversight or a loss of customer confidence, any of which could harm our business and damage our brand and reputation. Actual or perceived security vulnerabilities or incidents may result in claims or litigation and liability or fines (and have in the past led to such claims), costly and time-intensive notice requirements, governmental inquiry or oversight or a loss of customer confidence, any of which could harm our business and damage our brand and reputation. Our customers may also adopt security measures to protect their computer systems and their instances of our software from attack and may suffer a cybersecurity breach on their own systems, unrelated to our systems. Even if such breach is unrelated to our security systems, solutions or programs, such breach could cause us reputational harm and require us to incur significant economic and operational consequences to adequately assess and respond to their breach, and to implement additional safeguards designed to protect against future breaches.

While we maintain insurance to cover operational risks, such as cybersecurity risk and technology outages, our insurance may not be sufficient to cover all liability described herein.While we maintain insurance to cover operational risks, such as cyber risk and technology outages, our insurance may not be sufficient to cover all liability described herein. These risks will likely increase as we expand our hosted offerings, integrate our products, services and solutions and store and process more data. Moreover, delayed sales, lower margins or lost customers resulting from disruptions caused by cyberattacks, overly burdensome preventative security measures or failure to fully meet information security control certification requirements could materially and adversely affect our financial results, stock price and reputation.

If we are unable to develop, manage and maintain critical third-party relationships, such as our sales, partner and distribution channels, suppliers and service providers, our revenue and business may be adversely affected.

We rely on a number of third-party distributors and sales partners to distribute our products, services and solutions. The successful management of such third-party relationships is a complex, global process. If an agreement with one of our distributors or partners was terminated, any prolonged delay in securing a replacement distributor or partner could have a negative impact on our results of operations. We also face legal risk and potential reputational harm from the activities of these independent third parties including, but not limited to, export control violations, workplace conditions, corruption and anti-competitive behavior.

If our partner and distribution channels are not effective or if we stop or change our partner or distribution channels, we may lose sales opportunities, customers and revenue. If our partner and distribution channels are not effective or if we stop or change our partner or distribution channels, we may lose sales opportunities, customers and revenue. We rely on third-party distribution platforms and are subject to changes in pricing structure, terms of service, privacy practices and other policies at the discretion of the platform provider. Any adverse changes to the terms with such third-party distribution platforms which we rely on to distribute our products, services and solutions may adversely affect our financial results. Additionally, our distribution channels may not continue to market or sell our products, services and solutions effectively and may favor products, services and solutions of other companies.

We sell many products, services and solutions through our direct sales force. We sell many products, services and solutions through our direct sales force. Risks associated with this sales channel include challenges related to hiring, retaining and motivating our direct sales force, and substantial amounts of ongoing training for sales representatives. Our business could be harmed if our direct sales expansion efforts do not generate the corresponding efficiencies and revenue we anticipated from such investment. In addition, the loss of key sales employees could impact our customer relationships and future ability to sell to certain accounts covered by such employees.

We rely on third-party service providers and technologies to deliver our products, services and business operations and to operate critical business systems, such as cloud-based infrastructure, data center facilities, generative AI, encryption and authentication technology, company email and communications with customers.26Table of ContentsWe rely on third-party service providers and technologies to deliver our products, services and business operations and to operate critical business systems, such as cloud-based infrastructure, data center facilities, encryption and authentication technology and company email, communications with customers. If such third parties are negatively affected, if we fail to effectively develop, manage and maintain our relationships with such third parties, or if we are unable to renew our agreements with them on favorable terms or at all, our expenses could significantly increase, and we and our customers may

27

---

Table of Contents

experience service interruptions. Any disruption or damage to, or failure of our systems generally, including the systems of our third-party platform providers, could result in interruptions in our services and harm our business. Further, interruptions in our services caused by us or our third-party service providers may cause us to issue credits or pay penalties, cause customers to make warranty or other claims against us or to terminate their subscriptions or contracts, and adversely affect our attrition rates and our ability to attract new customers, all of which may adversely affect our financial results. Our business and reputation would also be harmed if our customers and potential customers believe our services are unreliable.

We face various risks associated with our operating as a multinational corporation, and global adverse economic conditions may harm our business and financial condition.

We derive a large portion of our total revenue from, and have significant operations, outside of the United States. As a multinational corporation, we are subject to a number of risks, including from global adverse economic conditions, that are uncertain and beyond our control and that make forecasting operating results and decisions about future investments difficult, such as:

•inflation and actions taken by central banks to counter inflation, including increasing interest rates;

•international and regional economic, political and labor conditions, including any instability or security concerns abroad, such as uncertainty caused by economic sanctions, downturns and recessions, trade disputes, armed conflicts and wars;

•tax laws (including U.S. taxes on foreign subsidiaries);

•increased financial accounting and reporting burdens and complexities;

•changes in, or impositions of, legislative or regulatory requirements, including antitrust and competition regulations;

•changes in laws governing the free flow of data across international borders;

•inadequate local infrastructure and difficulties in managing and staffing international operations;

•costs, potential liability, delays or loss of sales resulting from trade restrictions imposed by the United States and other countries, as well as trade laws, including but not limited to economic sanctions and export controls;

•costs and delays associated with developing products in multiple languages; and

•operating in locations with a higher rate of corruption and fraudulent business practices.

Additionally, third parties we do business with and our customers have international operations and are also subject to the above risks. Additionally, third parties we do business with and our customers have international operations and are also subject to the above risks. Adverse changes in global economic conditions have in the past resulted and may in the future result in our customers’ and business partners’ insolvency, inability to obtain credit to finance or purchase our products, services and solutions, or a delay in paying or an inability to pay their obligations to us. Other third parties, such as our service providers, suppliers and distributors, may be unable to deliver or be delayed in delivering critical services, products or technologies that we rely on, and our business and reputation may be harmed. Our customers’ spending rate and demand for our products, services and solutions may also be adversely affected by the above risks. If our global sales are reduced, delayed or canceled because of any of the above risks, our revenue may decline.

Further, a disruption in global financial markets could impair our banking partners, on which we rely for operating cash management, capital market transactions and derivative programs. Such disruption could also negatively impact our customers’ ability to pay us due to delays or inability to access their existing cash.

As of November 29, 2024, our investment portfolio consisted of money market funds, corporate debt securities, U.S. Treasury securities, time deposits, U.S. agency securities and asset-backed securities. These investments are subject to credit, liquidity, market, and interest rate risks as well as economic downturns or events that affect global or regional financial markets that may cause the value of our investments to decline, requiring impairment charges, which could adversely affect our financial condition.

Some of our enterprise offerings have extended and complex sales cycles, which may increase our costs and make our sales cycles unpredictable.

As we continue to target enterprise customers for certain of our offerings, including Adobe Experience Cloud in our Digital Experience business and our Enterprise Term License Agreements in our Digital Media business, we may face increased costs, longer sales cycles, greater competition and less predictability in completing our sales.As we continue to target large enterprise customers for certain of our offerings, including Adobe Experience Cloud in our Digital Experience business and our Enterprise Term License Agreements in our Digital Media business, we may face increased costs, longer sales cycles, greater competition and less predictability in completing our sales. For our enterprise customers, the

28

---

Table of Contents

evaluation process may be longer and more involved, and require us to invest more in educating our customers about our products, services and solutions, particularly because the decision to use our products, services and solutions is often an enterprise-wide decision. We are increasingly offering end-to-end solutions that include cross-cloud and generative AI capabilities, which have in the past, and may in the future, increase the complexity of technical or contractual assurances or requirements that we or our customers require as part of the contracting process, leading to extended sales cycles. We may be required to submit more robust proposals, participate in extended proof-of-concept evaluation cycles and engage in more extensive contract negotiations. In addition, our enterprise customers often demand more complex configurations and additional integration services and product features. Adverse macroeconomic conditions have caused, and may continue to cause, additional spend scrutiny and delays in our enterprise customers’ purchasing decisions. Adverse macroeconomic conditions have caused, and may cause in the future, delays in our enterprise customers’ purchasing decisions. Due to these factors, we often must devote greater sales support to certain enterprise customers, which increases our costs and time required to complete a sale, without assurance that potential customers will ultimately purchase our solutions. We also may be required to devote more services resources to implementation, which increases our costs, without assurance that customers receiving these services will renew or renew at the same level. Since the sales cycles for our enterprise offerings are multi-phased and complex, it is often unpredictable when a given sales cycle will close. Our revenue from enterprise customers may be affected by longer-than-expected sales, contract negotiation and implementation cycles, extended collection cycles, potential deferral of revenue and alternative licensing arrangements. Our revenue from enterprise customers may be affected by longer-than-expected sales and implementation cycles, extended collection cycles, potential deferral of revenue and alternative licensing arrangements. Additionally, our enterprise sales pattern has historically been, and is expected to remain, uneven, where a higher percentage of a quarter’s total sales occur during the final weeks of each quarter, which is common in our industry. Additionally, our enterprise sales pattern has historically been uneven, where a higher percentage of a quarter’s total sales occur during the final weeks of each quarter, which is common in our industry.

If we are unable to recruit and retain key personnel, our business may be harmed, and our hybrid work model may present challenges, which could adversely impact our business.27Table of ContentsIf we are unable to recruit and retain key personnel, our business may be harmed, and our hybrid work model may present challenges, which could adversely impact our business.

Much of our future success depends on the continued service, availability and performance of our senior management and highly skilled personnel across all levels of our organization. Our senior management has acquired specialized knowledge and skills with respect to our business, and the loss of any of these individuals could harm our business, especially if we are not successful in developing adequate succession plans. Our efforts to attract, develop, integrate and retain highly skilled employees may be compounded by intensified restrictions on immigration or the availability of work visas. The technology industry has been and may continue to be subject to substantial and continuous competition for talent, particularly with AI and cybersecurity backgrounds, and demand for cutting-edge or unique skill sets may continue to be highly competitive, both of which are heightened with hybrid or remote working arrangements. The technology industry is often subject to substantial and continuous competition for talent, particularly with cybersecurity and AI backgrounds, and demand for cutting-edge or unique skill sets can be highly competitive, both of which are heightened with the increased availability of hybrid or remote working arrangements. Our hybrid work environment may also present operational, security and workplace culture challenges, which could negatively affect our ability to execute against our business objectives and retain and recruit personnel. Our hybrid work environment may also present operational and workplace culture challenges, which could negatively affect our ability to execute against our business objectives and retain and recruit personnel. We have experienced, and may continue to experience, higher compensation costs to retain and recruit senior management or highly skilled personnel that may not be offset by innovation, improved productivity or increased sales. We continue to hire personnel in countries where exceptional technical knowledge and other expertise are offered at lower costs, which increases the efficiency of our global workforce structure and reduces our personnel-related expenditures.We continue to hire personnel in countries where exceptional technical knowledge and other expertise are offered at lower costs, which increases the efficiency of our global workforce structure and reduces our personnel-related expenditures. Nonetheless, as globalization continues, competition for talent in those countries has increased, which may impact our ability to retain these employees and increase our compensation-related expenses.

Risks Related to Laws and Regulations

We are, and may in the future become, subject to litigation, regulatory inquiries and other claims, which could result in an unfavorable outcome and have an adverse effect on our business, financial condition, results of operation and cash flows.

We are, and may in the future become, subject to various legal proceedings (including class action lawsuits), claims, negotiations and regulatory inquiries and additional claims, enforcement actions and inquiries may arise in the future, such as those relating to antitrust, data privacy and security, consumer protection, product liability and the validity or alleged infringement of third-party intellectual property rights, including patent rights, among others. Such activity has increased over time with evolving regulatory landscapes and as our products, services and solutions have become more available to, and used by, more enterprises and consumers. For example, there is an increase in enforcement activity in connection with federal and state consumer protection laws, including some suits which seek civil penalties. Any proceedings, actions, claims or inquiries initiated by or against us, whether successful or not, may be highly time consuming; result in costly litigation, damage awards, consent decrees, injunctive relief or increased costs of business; require us to change our business practices or products; result in negative publicity; require significant amounts of management time; result in the diversion of significant operational resources; or otherwise harm our business and financial results. Any proceedings, actions, claims or inquiries initiated by or against us, whether successful or not, may be time consuming; result in costly litigation, damage awards, consent decrees, injunctive relief or increased costs of business; require us to change our business practices or products; result in negative publicity; require significant amounts of management time; result in the diversion of significant operational resources, or otherwise harm our business and financial results.

Disputes and litigation can be complex and are typically costly and can be disruptive to our business operations by diverting the attention of management and key personnel. Intellectual property disputes and litigation are typically costly and can be disruptive to our business operations by diverting the attention of management and key personnel. For example, third-party intellectual property disputes, including those initiated by patent assertion entities, could subject us to significant liabilities, require us to enter into royalty and licensing arrangements on unfavorable terms, prevent us from offering certain products, services or solutions, subject us to injunctions restricting our sales, cause severe disruptions to our operations or the markets in which we compete, or require us to satisfy

29

---

Table of Contents

indemnification commitments with our customers, including contractual provisions under various license arrangements and service agreements. In addition, we have incurred, and may in the future incur, significant costs in acquiring the necessary third-party intellectual property rights for use in our products, in some cases to fulfill contractual obligations with our customers. Any of these occurrences could significantly harm our business.

We have not prevailed, and may not in the future prevail, in every lawsuit or dispute. For further information about specific litigation and proceedings, see the section titled “Legal Proceedings” contained in Part II, Item 8, Note 16 of our Notes to Consolidated Financial Statements of this report.

We are subject to risks associated with compliance with laws and regulations globally, which may harm our business.

We are a global company subject to varied and complex laws, regulations and customs, both domestically and internationally. These local, state, federal and international laws and regulations relate to a number of aspects of our business, including trade laws such as import and export controls, anti-boycott, economic sanctions and embargoes, data and transaction processing security, payment card industry data security standards, consumer protection, records management, user-generated content hosted on websites we operate, privacy practices, data residency, AI regulations, corporate governance, antitrust and competition, employee and third-party complaints, anti-corruption, conflicts of interest, securities regulations and other regulatory requirements affecting trade and investment. These laws and regulations relate to a number of aspects of our business, including trade compliance, import and export control, anti-boycott, economic sanctions and embargoes, data and transaction processing security, payment card industry data security standards, consumer protection, records management, user-generated content hosted on websites we operate, privacy practices, data residency, corporate governance, antitrust and competition, employee and third-party complaints, anti-corruption, gift policies, conflicts of interest, securities regulations and other regulatory requirements affecting trade and investment. The application of these laws and regulations to our business is often unclear and evolving, and may at times conflict. Further, we are subject to the U.S. Foreign Corrupt Practices Act and other anti-corruption and anti-bribery laws, which may conflict with local customs and practices in other foreign countries, particularly those with developing economies where it is common to engage in practices that would be prohibited under such laws. We cannot provide assurance that our employees, contractors, agents, business partners and vendors will not take actions in violation of our internal policies, U.S. laws or other applicable international laws. Compliance with the above laws and regulations may involve significant costs or require additional changes to our business practices that result in reduced revenue and profitability. Compliance with these laws and regulations may involve significant costs or require changes in our business practices that result in reduced revenue and profitability. Non-compliance could also result in fines, damages, criminal sanctions against us, our officers or our employees, prohibitions on the conduct of our business and damage to our reputation.

In addition, approximately 50% of our employees are located outside the United States. Accordingly, we are exposed to changes in laws governing our employee relationships in various U.S. and foreign jurisdictions, including laws and regulations regarding wage and hour requirements, fair labor standards, employee data privacy, unemployment tax rates, workers’ compensation rates, citizenship requirements and payroll and other taxes, which likely would have a direct impact on our operating costs.

Increasing regulatory focus on privacy and security issues and expanding laws and regulatory requirements could impact our business models and expose us to increased liability.

We are subject to global data protection, privacy and security laws, regulations and codes of conduct that relate to our various business units and data processing activities, which may include sensitive, confidential, and personal information. These laws, regulations and codes are inconsistent across jurisdictions and are subject to evolving and differing (sometimes conflicting) interpretations. Government officials and regulators, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data, including the transferring of personal information across international borders. Government officials and regulators, privacy advocates and class action attorneys are increasingly scrutinizing how companies collect, process, use, store, share and transmit personal data. This scrutiny can result in new and shifting interpretations of existing laws, thereby further impacting our business. For example, European data transfers outside the European Economic Area are highly regulated and litigated. The mechanisms that we and many other companies rely upon for European data transfers (for example, Standard Contractual Clauses and the EU - US Data Privacy Framework) are the subject of legal challenge, regulatory interpretation and judicial decisions by the Court of Justice of the European Union. Several other countries, including but not limited to the United States, China, Australia, New Zealand, Brazil, Kingdom of Saudi Arabia, Hong Kong and Japan, have also established specific legal requirements for cross-border transfers of personal information and certain countries have also established specific legal requirements for data localization (such as where personal data must remain stored in the country). Several other countries, including China, Australia, New Zealand, Brazil, Hong Kong and Japan, have also established specific legal requirements for cross-border transfers of personal information and certain countries have also established specific legal requirements for data 29Table of Contentslocalization (such as where personal data must remain stored in the country). If other countries implement more restrictive regulations for cross-border data transfers or do not permit data to leave the country of origin, such developments could adversely impact our business and our enterprise customers’ business, our financial condition and our results of operations in those jurisdictions. Additionally, the General Data Protection Regulation in the European Economic Area and the United Kingdom continues to be interpreted by European and UK courts in novel ways leading to shifting requirements, country-specific differences in application and uncertain enforcement priorities. For example, the General Data Protection Regulation (“GDPR”) in the European Economic Area, and the United Kingdom continues to be interpreted by European and UK courts in novel ways leading to shifting requirements, country specific differences in application and uncertain enforcement priorities. Laws in Asia, such as the Personal Information Protection Law in China and developing laws in India, as well as state laws in the United States on privacy, data and related technologies, such as the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act and the Virginia Consumer Data Protection Act, as well as industry self-regulatory codes and regulatory requirements, create additional privacy and security compliance obligations and expand the scope of potential liability, either jointly or severally with our customers and suppliers. More recently enacted laws, such as the Personal Information Protection Law in China, and new and emerging state laws in the United States on privacy, data and related technologies, such as the California Consumer Privacy Act, the California Privacy Rights Act, the Colorado Privacy Act and the Virginia Consumer Data Protection Act, as well as industry self-regulatory codes and regulatory requirements, create new privacy and security compliance obligations and expand the scope of potential liability, either jointly or severally with our customers and suppliers. Further, the U.S. Securities and Exchange Commission’s Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure requires us to make certain disclosures related

30

---

Table of Contents

to material cybersecurity incidents and the reasonably likely impact of such an incident on Form 8-K. Determining whether a cybersecurity incident is notifiable or reportable may not be straightforward and any such mandatory disclosures could be costly and lead to negative publicity, loss of customer confidence in the effectiveness of our security measures, diversion of management’s attention and governmental investigations.

While we have invested in readiness to comply with applicable requirements, the dynamic and evolving nature of these laws, regulations and codes, as well as their interpretation by regulators and courts, may affect our ability (and our enterprise customers’ ability) to reach current and prospective customers, to respond to both enterprise and individual customer requests under the laws (such as individual rights of access, correction and deletion of their personal information), to implement our business models effectively and to adequately address disclosure requirements. These laws, regulations and codes may also impact our innovation and business drivers in developing new and emerging technologies (for example, AI and machine learning) and may impact demand for our offerings and force us to bear the burden of more onerous obligations in our contracts. Perception of our practices, products, services or solutions, even if unfounded, as a violation of individual privacy, data protection rights or cybersecurity requirements, subjects us to public criticism, lawsuits, investigations, claims and other proceedings by regulators, industry groups or other third parties, all of which could disrupt or adversely impact our business and reputation and expose us to increased liability, fines and other punitive measures including prohibition on sales of our products, services or solutions, restrictive judicial orders and disgorgement of data. Additionally, we collect and store information on behalf of our business customers and if our customers fail to comply with contractual obligations or applicable laws, it could result in litigation or reputational harm to us.

Our intellectual property portfolio is a valuable asset and we may not be able to protect our intellectual property rights, including our source code, from infringement or unauthorized copying, use or disclosure.

Our patents, trademarks, trade secrets, copyrights and other intellectual property are valuable assets to us. Infringement or misappropriation of such intellectual property could result in lost revenues and ultimately reduce their value. We protect our intellectual property by relying on federal, state and common law rights in the United States and internationally, as well as a variety of administrative procedures and contractual restrictions. Despite our efforts, protecting our intellectual property rights and preventing unauthorized use of our intellectual property are inherently difficult. For instance, we actively combat software piracy, but we continue to lose revenue due to illegal use of our software. Third parties may illegally copy and sell counterfeit versions of our products. To the extent counterfeit installations and sales replace otherwise legitimate ones, our operating results could be adversely affected. We apply for patents in the United States and in foreign countries, but we are not always successful in obtaining patent protection or in obtaining such protection timely to meet our business needs. Our patents may be invalidated or circumvented. Moreover, due to challenges in detecting patent infringement pertaining to generative AI technologies, it may be more difficult to protect our generative AI and related innovations with patents. Additionally, if we use generative AI in the creation of our source code, we may not be able to rely on copyright to protect such intellectual property. Further, the laws of some foreign countries do not provide the same level of intellectual property protection as U.S. laws and courts and could fail to adequately protect our intellectual property rights. If unauthorized disclosure of our source code occurs through security breach, cyber-attack or otherwise, we could lose future trade secret protection for that source code. Such loss could make it easier for third parties to compete with our products by copying functionality, which could cause us to lose customers and could adversely affect our revenue and operating margins. If we cannot protect our intellectual property against unauthorized copying, use, or other misappropriation, our business could be harmed.

Changes in tax rules and regulations or interpretations thereof may adversely affect our effective tax rates.

We are a U.S.-based multinational company subject to tax in multiple domestic and foreign tax jurisdictions. Significant judgment is required in determining our current provision for income taxes and deferred tax assets or liabilities. Tax laws in the United States as well as other countries and jurisdictions in which we conduct business are subject to change as new laws are passed and/or new interpretations are made available, which may have a material impact on our business. These countries, governmental bodies, such as the European Commission of the European Union, and intergovernmental economic organizations, such as the Organization for Economic Cooperation and Development, have made or could make unprecedented assertions about how taxation is determined and, in some cases, have proposed or enacted new laws that are contrary to the way in which rules and regulations have historically been interpreted and applied. These countries, governmental bodies, such as the European Commission of the European Union, and intergovernmental economic 30Table of Contentsorganizations, such as the Organization for Economic Cooperation and Development, have made or could make unprecedented assertions about how taxation is determined and, in some cases, have proposed or enacted new laws that are contrary to the way in which rules and regulations have historically been interpreted and applied.

Changes in our operating landscape, such as changes in laws or interpretations of tax rules, could adversely affect our effective tax rates and/or cause us to respond by making changes to our business structure, which could adversely affect our operations and financial results. Our future effective tax rates are likely to be unfavorably affected by changes in the tax rates in jurisdictions where our income is earned, changes in jurisdictions in which our profits are determined to be earned and taxed, changes in the valuation of our deferred tax assets and liabilities, changes in or interpretation of tax rules and regulations in the jurisdictions in which we do business, or unexpected negative changes in business and market conditions that could reduce certain tax benefits. An increase in our effective tax rate would reduce our profitability.

31

---

Table of Contents

Moreover, we are subject to the examination of our income tax returns by domestic and foreign tax authorities. We regularly assess the likelihood of outcomes resulting from these examinations to determine the adequacy of our provision for income taxes and have reserved for potential adjustments that may result from these examinations. While we believe our tax estimates are reasonable, we cannot provide assurance that the final determination of any of these examinations will not have an adverse effect on our financial position and results of operations.

Contracting with government entities exposes us to additional risks inherent in the government procurement process.

We provide products, services and solutions, directly and indirectly, to a variety of domestic and foreign government entities, which introduces certain risks and challenges not present in private commercial agreements, including varying governmental budgeting processes, fluctuations due to government spending cuts and shutdowns, highly competitive and lengthy bidding process that may be subject to political influence and adherence to complex procurement regulations and other government-specific contractual requirements. We incur significant up-front time and costs without any assurance that we will win a contract. Operating within a highly regulated industry, we have been and may in the future be subject to audits and investigations relating to our government contracts and any violations could result in termination of contracts and various civil and criminal penalties and administrative sanctions, including payment of fines and suspension or debarment from future government business, as well as harm to our reputation and financial results. We have made, and may continue to make, significant investments to support future sales opportunities in various government sectors, including to obtain various security authorizations and certifications. Such processes are complex, lengthy and can often be delayed. Furthermore, requirements may change, or we may be unable to achieve or sustain one or more government authorizations or certifications, which could affect our ability to sell to government entities until we meet any new or revised requirements.

Risks Related to Financial Performance

If there is a change in subscriptions or renewals in a reporting period, this could cause our financial results to suffer and may not be immediately reflected in our revenue and financial results for that period because we recognize revenue over the subscription term.

Our offerings are typically subscription-based, pursuant to product and service agreements. We generally recognize revenue from our subscription offerings ratably over the terms of their subscription agreements, which typically range from 1 to 36 months. As a result, most of the subscription revenue we report each quarter is the result of subscription agreements entered into during previous quarters. Lower sales and subscriptions, reduced demand for our products, services and solutions, and increases in our attrition rate in any given period may not be fully reflected in our results of operations until future periods. Our subscription model could also make it difficult for us to rapidly increase our revenue from subscription-based or hosted services through additional sales in any period, as revenue from new customers will be recognized over the applicable subscription term. Our renewal rates may decline or fluctuate as a result of a number of factors, including our customers’ level of satisfaction, our ability to continue enhancing features and functionality, reliability of our offerings, prices of ours and competitors’ offerings, the actual or perceived information security of our systems and services, decreases in the size of our customer base, changes as a result of regulatory or legal requirements, changes in the composition of our customer base and reductions in our customers’ spending levels or declines in customer activity. If our customers do not renew their subscriptions or if they renew on terms less favorable to us, our revenue may decline. Further, such impact on our revenue may not be immediately reflected in our financial results in the period in which our renewal rates changed and may adversely affect our financial results in future periods. If any of our assumptions about revenue from our subscription-based offerings prove incorrect, our actual results may suffer and vary from those anticipated.

We are subject to fluctuations in foreign currency exchange rates and may not be able to effectively hedge our exposure.

Our operating results and performance metrics are subject to fluctuations in foreign currency exchange rates due to the global scope of our business. Geopolitical and economic events, including war, trade disputes, economic sanctions and emerging market volatility, and associated uncertainty have caused, and may in the future cause, currencies to fluctuate. Geopolitical and economic events, including war, trade disputes, economic sanctions and 31Table of Contentsemerging market volatility, and associated uncertainty have caused, and may in the future cause, currencies to fluctuate. Accordingly, amounts reported as annualized recurring revenue, a performance metric which we measure at currency rates that are set at the beginning of each fiscal year and held constant throughout the year, may vary from actual revenue recognized in accordance with generally accepted accounting principles in the United States.

We attempt to mitigate a portion of these foreign currency exchange risks to our operating results through foreign currency hedging based on our judgment of the appropriate trade-offs among risk, opportunity and expense. We attempt to mitigate a portion of these foreign currency exchange risks to our operating results through foreign currency hedging based on our judgment of the appropriate trade-offs among risk, opportunity and expense. We regularly review our hedging program and make adjustments that we believe are appropriate. Our hedging activities have not, and may not in the future, offset more than a portion of the adverse financial impact, including on our actual revenue recognized, resulting from unfavorable movement in foreign currency exchange rates, which could adversely affect our financial condition, business performance or results of operations.

32

---

Table of Contents

If our goodwill or intangible assets become impaired, then we could be required to record a significant charge to earnings.

We test goodwill for impairment at least annually. We review our goodwill and intangible assets for impairment when events or changes in circumstances indicate the carrying value may not be recoverable, including declines in stock price, market capitalization or reduced future cash flow estimates and slower growth rates in our industry. Depending on the results of our review, we may be required to record a significant charge to earnings in our consolidated financial statements during the period in which any impairment of our goodwill or intangible assets was determined, negatively impacting our results of operations.

Our existing and future debt obligations may adversely affect our financial condition and future financial results.

As of November 29, 2024, we had $5.65 billion in senior unsecured notes outstanding and a $3 billion commercial paper program with no amounts outstanding.As of December 1, 2023, we had $3.65 billion in senior unsecured notes outstanding and a $3 billion commercial paper program with no amounts outstanding. We also had a $1.5 billion senior unsecured revolving credit agreement, which was undrawn. We also had a $1.5 billion senior unsecured revolving credit agreement and $3.5 billion delayed draw term loan agreement, both of which were undrawn. This debt or future additional indebtedness may adversely affect our financial condition and future financial results by, among other things:

•requiring the dedication of a portion of our expected cash flows from operations to service our debt, thereby reducing the amount of expected cash flows available for other purposes, including capital expenditures and acquisitions;

•increasing our vulnerability to adverse changes in our business and general economic and industry conditions; and

•limiting our ability to obtain future financing for working capital, capital expenditures, future acquisitions, general corporate or other purposes, which may also impact our ability to service and repay outstanding indebtedness as it becomes due.

Our senior unsecured notes, commercial paper program and revolving credit agreement impose restrictions on us and require us to maintain compliance with specified covenants. Our ability to comply with these covenants may be affected by events beyond our control. If we breach any of the covenants and do not obtain a waiver from the noteholders or lenders, then, subject to applicable cure periods, any outstanding debt may be declared immediately due and payable.

In addition, changes by any rating agency to our credit rating may negatively impact the value and liquidity of both our debt and equity securities, as well as the potential costs associated with a refinancing of our debt. Under certain circumstances, if our credit ratings are downgraded or other negative action is taken, the interest rate payable by us under our revolving credit agreement could increase. Downgrades in our credit ratings could also restrict our ability to obtain additional financing in the future and affect the terms of any such financing.

General Risk Factors

Catastrophic events, including events associated with climate change, may disrupt our business and adversely affect our financial condition and results of operations.

Our business relies on our network infrastructure and enterprise Apps, internal technology systems and websites. A disruption, infiltration or failure of our systems, data centers or operations, or those of our third-party service providers due to a major earthquake, other natural disasters, including climate-related events (such as drought, water security, heat waves, cold waves, wildfires and poor air quality), power shutoff or loss, telecommunications failure, epidemic, pandemic, war, terrorist attack or other catastrophic event, could cause interruptions to our systems and business operations, damage to critical infrastructure, loss of intellectual property, data security breaches and data loss. Our corporate headquarters, significant research and development activity, certain of our data centers and other critical business operations are in the San Francisco Bay Area and the Salt Lake Valley Area, both of which are near major earthquake faults. Climate-related catastrophic events that may harm our business are also increasing in frequency and severity. A catastrophic event, particularly one that may disrupt our data centers or our critical activities, could prevent us from conducting normal business operations and providing our products, services and solutions, which could adversely affect our business. A catastrophic event, particularly one that may 32Table of Contentsdisrupt our data centers or our critical activities, could prevent us from conducting normal business operations and providing our products, services and solutions, which could adversely affect our business. A catastrophic event could negatively impact a country or region in which we sell and, in turn, decrease demand for our products, services and solutions, which could negatively impact our business.

Laws, regulations and policies relating to environmental, social, and governance are expanding globally. We may be subject to additional climate-related regulations and reporting requirements in the future, as well as changing market dynamics and stakeholder expectations regarding climate change and our environmental impacts. We may be subject to additional climate-related regulations and reporting requirements and changing market dynamics and stakeholder expectations regarding climate change and our environmental impacts, all of which may impact our business, financial condition and results of operations. Compliance with such regulations, investments in our environmental, social and governance commitments, may involve significant costs and negatively impact our business, financial condition and results of operations. Additionally, we may experience reputational harm from our actual or perceived failure to meet our environmental, social and governance commitments.

33

---

Table of Contents

The occurrence of an epidemic or a pandemic, such as the COVID-19 pandemic, has had, and may in the future, have an adverse effect on our operating results. The extent to which epidemics and pandemics impact our financial condition or results of operations will depend on many factors outside of our control and whether there is a material impact on the businesses or productivity of our customers, employees, suppliers and other partners. A global pandemic may also intensify the other risks described in this Part I, Item 1A of this report.

Our stock price may be volatile and your investment could lose value.

Our stock price has been and may continue to be volatile and subject to fluctuations. All factors described in this Part I, Item 1A of this report, some of which are beyond our control, may affect our stock price, including:

•shortfalls in our results or shortfalls, changes to estimates, recommendations or expectations in guidance we provide or provided by financial analysts about our revenue, margins, earnings, annualized recurring revenue, growth rates or other key performance metrics;

•changes in investor and analyst valuation models for our stock;

•changes in unearned revenue, remaining performance obligations and revenue recognized at a point in time, all of which may impact implied growth rates;

•developments related to products or services, technological advancements, strategic alliances, acquisitions or significant transactions by us or our competitors;

•changes in the amounts or frequency of stock repurchases;

•the loss of large customers or our inability to retain or increase sales to existing customers or attract new customers;

•changes to our management team, including recruitment or departure of key personnel;

•variations in our or our competitors’ results of operations, changes in the competitive landscape generally and developments in our industry;

•general economic, political or market conditions; and

•other events, such as significant litigation and regulatory actions and media and social media scrutiny.

In addition, the market for technology stocks or the stock market in general has experienced, and may in the future experience, extreme fluctuations, which has caused, and may in the future cause, our stock price to decline for reasons unrelated to our financial performance. Volatility in our stock price has increased, and may continue to increase, our susceptibility to securities class action litigation, which could result in substantial costs and divert management’s attention and resources, which may adversely affect our business. Volatility in our stock price has increased, and in the future may increase, our susceptibility to securities class action litigation, which could result in substantial costs and divert management’s attention and resources, which may adversely affect our business.

ITEM 1B.ITEM 1A. UNRESOLVED STAFF COMMENTS

None.

34

---

Table of Contents

ITEM 1C. CYBERSECURITY

Risk Management and Strategy

Adobe has certain security processes, infrastructure, systems, policies and practices for assessing, identifying and managing risks from cybersecurity threats. We maintain an information security risk management framework for managing cybersecurity risks, priorities and projects for our products, services, infrastructure and corporate resources. As part of our framework, a cybersecurity risk steering committee meets regularly to review newly identified risks and progress on remediating existing risks.

We conduct regular security reviews, simulations and testing, including internal and external penetration testing, vulnerability assessments and regular scans on our hosts and network devices. We review available threat intelligence, including information from industry groups and our security vendor. We consult with third parties, including cybersecurity consultants, as part of our cybersecurity threat and risk management strategy.

Depending on the environment, our risk mitigation strategies include a variety of technical, physical and operational measures designed to manage and mitigate material risks from cybersecurity threats to our systems and data. We require employees annually to complete a general security awareness training, and additional engineering and security specific training may also be required for certain positions. Further, we maintain a vendor security review program, which is designed to provide an assessment of the security practices of those third-party vendors that process Adobe non-public data or connect to our networks. We maintain an information security incident response plan designed to monitor, analyze, address, escalate and report cybersecurity incidents, and escalate certain cybersecurity incidents to members of management depending on the circumstances, including our Chief Security Officer (“CSO”), Chief Cybersecurity Legal and Privacy Officer (“CCPO”), Chief Financial Officer, Chief People Officer, President of Digital Media, President of Digital Experience, General Counsel and Chief Executive Officer.

For a description of the risks from cybersecurity threats that may materially affect us, see the risks described in the section titled “Risk Factors” contained in Part I, Item IA of this report, including under the headings “Security incidents, improper access to or disclosure of our customers’ data or other cybersecurity incidents may harm our reputation and materially and adversely affect our business.Security incidents, improper access to or disclosure of our customers’ data or other cyber incidents may harm our reputation and materially and adversely affect our business. ”

Governance

Our Board of Directors (the “Board”) addresses cybersecurity risk management as part of its general oversight function. The Audit Committee of the Board (the “Audit Committee”) has oversight of enterprise risks, including risks related to cybersecurity. In this regard, the Audit Committee reviews and discusses with management the adequacy and effectiveness of our information security, technology and privacy policies and the internal controls regarding these areas. Our Audit Committee receives regular cybersecurity updates about general cybersecurity risks from our CSO and updates about the prevention, detection, mitigation and remediation of cybersecurity incidents from our CSO and CCPO. Cybersecurity updates presented to the Audit Committee are reported to the Board by the Audit Committee Chair. We also have a Cyber Disclosure Committee, comprised of cross-functional leaders including finance, risk, operations and investor relations and led by the CSO and CCPO, that meets to assess certain incidents and makes determinations regarding materiality. Additionally, our CSO and CCPO identify certain cybersecurity risks that are reviewed as part of the enterprise risk management framework and presented to the Board and the Audit Committee on an annual basis.

Our cybersecurity risk assessment and management processes are implemented and maintained by certain management members, including our CSO and CCPO, whom each has extensive cybersecurity experience in their respective areas of responsibility and expertise. Our CSO, who reports to the Chief Financial Officer, has primary responsibility for hiring appropriate information security personnel and managing workloads of information security personnel, engaging and overseeing third-party cybersecurity consultants, approving budgets and cybersecurity processes, preparing for incident response, reviewing security assessments and other security-related reports, communicating key priorities to relevant personnel, including the security incident response team, assessing and managing Adobe’s overall cybersecurity strategy, standards, risk management (in consultation with the cybersecurity risk steering committee) and processes. Our CCPO, who reports to the General Counsel, has primary responsibility for the legal aspects of the cybersecurity program, including assessing and providing advice on our cybersecurity strategy, standards, risk management, policies, processes and legal obligations. Our CSO and CCPO are supported by a cybersecurity team comprised of cybersecurity, information security, information technology, operations and legal executives and professionals.

35

---

Table of Contents

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
OILCF	10 hours ago
CVGW	10 hours ago
STAL	10 hours ago
CYCA	11 hours ago
EMKR	11 hours ago
CXKJ	11 hours ago
EXDW	12 hours ago
FWFW	12 hours ago
MCLE	13 hours ago
DIGP	1 day, 10 hours ago
KSSH	1 day, 10 hours ago
CVM	1 day, 11 hours ago
ADBE	1 day, 11 hours ago
DFCO	1 day, 12 hours ago
PHCI	1 day, 21 hours ago
BBCP	4 days, 19 hours ago
GSHN	1 week, 1 day ago
BRRN	1 week, 1 day ago
BRRN	1 week, 4 days ago
NRT	2 weeks ago
EXPR	2 weeks, 1 day ago
DJCO	2 weeks, 1 day ago
ISSC	2 weeks, 1 day ago
CETX	2 weeks, 1 day ago
GIPL	2 weeks, 1 day ago
BLYQ	2 weeks, 1 day ago
BRRN	2 weeks, 1 day ago
FCEL	2 weeks, 4 days ago
OTLK	2 weeks, 4 days ago
IMKTA	2 weeks, 4 days ago
FORD	2 weeks, 4 days ago
BDL	2 weeks, 4 days ago
FUST	2 weeks, 5 days ago
VPLM	2 weeks, 5 days ago
SIF	3 weeks, 1 day ago
BLIN	3 weeks, 1 day ago
CLAY	3 weeks, 1 day ago
EEGI	3 weeks, 1 day ago
SMME	3 weeks, 1 day ago
AVXL	3 weeks, 1 day ago
LMNR	3 weeks, 1 day ago
SNTW	3 weeks, 1 day ago
TRCK	3 weeks, 1 day ago
OCC	3 weeks, 1 day ago
GEF	3 weeks, 1 day ago
TBLT	3 weeks, 4 days ago
AVGO	3 weeks, 4 days ago
TOL	3 weeks, 4 days ago
CSPI	3 weeks, 4 days ago
CIEN	3 weeks, 4 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Password too short

Sign in

Don't have an account? Sign Up for Free

Forgot password?

TRADE SMARTER

with our free, cutting-edge alternative data platform

Please enter user name

Please enter valid email

Password too short

Password too short

Sign Up

I already have an account, Sign In

App Store (iOS)

Play Store (Android)