Risk Factors - CTAS

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$CTAS Risk Factor changes from 00/07/27/23/2023 to 00/07/25/24/2024

Item 1A. Risk FactorsThe statements in this section describe the most significant risks that could materially and adversely affect our business, consolidated financial condition and consolidated results of operation and the trading price of our debt or equity securities. Although the risks are organized by headings, and each risk is discussed separately, many are interrelated. Readers should not interpret the disclosure of any risk factor to imply that the risk has not already materialized. In addition, this section sets forth statements which constitute our cautionary statements under the Private Securities Litigation Reform Act of 1995.

This Annual Report on Form 10-K contains forward-looking statements. The Private Securities Litigation Reform Act of 1995 provides a safe harbor from civil litigation for forward-looking statements. Forward-looking statements may be identified by words such as “estimates,” “anticipates,” “predicts,” “projects,” “plans,” “expects,” “intends,” “target,” “forecast,” “believes,” “seeks,” “could,” “should,” “may” and “will” or the negative versions thereof and similar words, terms and expressions and by the context in which they are used. Such statements are based upon current expectations of Cintas and speak only as of the date made. You should not place undue reliance on any forward-looking statement. We cannot guarantee that any forward-looking statement will be realized. These statements are subject to various risks, uncertainties, potentially inaccurate assumptions and other factors that could cause actual results to differ from those set forth in or implied by this Annual Report. Factors that might cause such a difference include, but are not limited to, the possibility of greater than anticipated operating costs including energy and fuel costs; lower sales volumes; loss of customers due to outsourcing trends; the performance and costs of integration of acquisitions; supply chain constraints and macroeconomic conditions, including inflationary pressures and higher interest rates; fluctuations in costs of materials and labor, including increased medical costs; costs and possible effects of union organizing activities; failure to comply with government regulations concerning employment discrimination, employee pay and benefits and employee health and safety; the effect on operations of exchange rate fluctuations, tariffs and other political, economic and regulatory risks; uncertainties regarding any existing or newly-discovered expenses and liabilities related to environmental compliance and remediation; our ability to meet our aspirations relating to environmental, social and governance (ESG) opportunities, improvements and efficiencies; the cost, results and ongoing assessment of internal controls for financial reporting; the effect of new accounting pronouncements; risk associated with cybersecurity threats, including disruptions caused by the inaccessibility of computer systems data and cybersecurity risk management; the initiation or outcome of litigation, investigations or other proceedings; higher assumed sourcing or distribution costs of products; the disruption of operations from catastrophic or extraordinary events including global health pandemics; the amount and timing of repurchases of our common stock, if any; changes in global tax and labor laws; and the reactions of competitors in terms of price and service. Factors that might cause such a difference include, but are not limited to, the possibility of greater than anticipated operating costs including energy and fuel costs; lower sales volumes; loss of customers due to outsourcing trends; the performance and costs of integration of acquisitions; inflationary pressures and fluctuations in costs of materials and labor, including increased medical costs; interest rate volatility; costs and possible effects of union organizing activities; failure to comply with government regulations concerning employment discrimination, employee pay and benefits and employee health and safety; the effect on operations of exchange rate fluctuations, tariffs and other political, economic and regulatory risks; uncertainties regarding any existing or newly-discovered expenses and liabilities related to environmental compliance and remediation; our ability to meet our goals relating to ESG opportunities, improvements and efficiencies; the cost, results and ongoing assessment of internal controls for financial reporting; the effect of new accounting pronouncements; disruptions caused by the inaccessibility of computer systems data, including cybersecurity risks; the initiation or outcome of litigation, investigations or other proceedings; higher assumed sourcing or distribution costs of products; the disruption of operations from catastrophic or extraordinary events including global health pandemics such as the COVID-19 coronavirus; the amount and timing of repurchases of our common stock, if any; changes in federal and state tax and labor laws; and the reactions of competitors in terms of price and service. Cintas undertakes no obligation to publicly release any revisions to any forward-looking statements or to otherwise update any forward-looking statements whether as a result of new information or to reflect events, circumstances or any other unanticipated developments arising after the date on which such statements are made, except otherwise as required by law. These risks and uncertainties include, but are not limited to, those described in this section and elsewhere in this report and may also be described from time to time in our future reports filed with the SEC. The risks and uncertainties described herein are not the only ones we may face. Additional risks and uncertainties presently not known to us or that we currently believe to be immaterial may also harm our business.

Forward-looking and other statements in this Annual Report on Form 10-K regarding our greenhouse gas (GHG) reduction plans and other ESG aspirations are not an indication that these statements are necessarily material to investors or required to be disclosed in our filings with the SEC. Forward-looking and other statements in this Annual Report on Form 10-K regarding our greenhouse gas (GHG) reduction plans and other ESG goals are not an indication that these statements are necessarily material to investors or required to be disclosed in our filings with the SEC. In addition, historical, current and forward-looking GHG-related and/or ESG-related statements may be based on standards for measuring progress that are still developing, internal controls and processes that continue to evolve and assumptions that are subject to change in the future.7Risks Relating to Business Strategy and OperationsNegative global economic factors may adversely affect our financial performance.Negative economic conditions, in North America and our other markets, may adversely affect our financial performance. Higher levels of unemployment, inflation, recessionary conditions, geopolitical developments, tax rates and other changes in tax laws and other economic factors could adversely affect the demand for Cintas’ products and services. Increases in labor costs, including the cost to provide employee-partner related healthcare benefits, minimum wages, labor shortages or shortages of skilled labor, regulations regarding the classification of employees and/or their eligibility for overtime wages, higher material costs for items such as fabrics and textiles, the inability to obtain insurance coverage at cost-effective rates, higher interest rates, inflation, global health pandemics, higher tax rates and other changes in tax laws and other economic factors could increase our costs of rental uniforms and facility services, cost of other services and selling and administrative expenses. Increases in labor costs, including the cost to provide employee-partner related healthcare benefits, minimum wages, labor shortages or shortages of skilled labor, regulations regarding the classification of employees and/or their eligibility for overtime wages, higher material costs for items such as fabrics and textiles, the inability to obtain insurance coverage at cost-effective rates, higher interest rates, inflation, global health pandemics such as the COVID-19 pandemic, higher tax rates and other changes in tax laws and other economic factors could increase our costs of rental uniforms and facility services, cost of other services and selling and administrative expenses. As a result, these factors could adversely affect our revenue and consolidated results of operations. As a result, these factors could adversely affect our sales and consolidated results of operations. Increased competition could adversely affect our consolidated results of operations.7Increased competition could adversely affect our financial performance. We operate in highly competitive industries and compete with national, regional and local providers. Product, design, price, quality, service and convenience to the customer are the competitive elements in these industries. If existing or future competitors seek to gain or retain market share by reducing prices, Cintas may be required to lower prices, which would adversely affect our consolidated results of operations. If existing or future competitors seek to gain or retain market share by reducing prices, Cintas may be required to lower prices, which would hurt its results of operations. Cintas' competitors also generally compete with Cintas for acquisition candidates, which can increase the price for acquisitions and reduce the number of available acquisition candidates. In addition, our customers and prospects may decide to perform certain services in-house instead of outsourcing these services to us. These competitive pressures could adversely affect our revenue and consolidated results of operations. These competitive pressures could adversely affect our sales and consolidated results of operations. An inability to open new, cost-effective operating facilities may adversely affect our expansion efforts.An inability to open new, cost effective operating facilities may adversely affect our expansion efforts. We plan to expand our presence in existing markets and enter new markets. The opening of new operating facilities is necessary to gain the capacity required for this expansion. Our ability to open new operating facilities depends on our ability to identify attractive locations, negotiate leases or real estate purchase agreements on acceptable terms, identify and obtain adequate utility and water sources and comply with environmental regulations, zoning laws and other similar factors. Any inability to effectively identify and manage these items may adversely affect our expansion efforts, and consequently, adversely affect our consolidated results of operations. Any inability to effectively identify and manage these items may adversely affect our expansion efforts, and consequently, adversely affect our financial performance. Risks associated with our acquisition practice could adversely affect our consolidated results of operations.Risks associated with our acquisition practice could adversely affect our consolidated results of operations. Historically, a portion of our growth has come from acquisitions. We continue to evaluate opportunities for acquiring businesses that may supplement our internal growth. However, there can be no assurance that we will be able to identify and purchase suitable acquisitions. However, there can be no assurance that we will be able to locate and purchase suitable acquisitions. In addition, the success of any acquisition, including the ability to realize anticipated cost synergies, depends in part on our ability to integrate the acquired company. The process of integrating acquired businesses may involve unforeseen difficulties and may require a disproportionate amount of our management's attention and our financial and other resources. If management is not able to effectively manage the integration process, or if any significant business activities are interrupted as a result of the integration process, we may not be able to realize anticipated cost synergies resulting from acquisitions and our business could suffer. Although we conduct due diligence investigations prior to each acquisition, there can be no assurance that we will discover or adequately protect against all material liabilities of an acquired business for which we may be responsible as a successor owner or operator. The failure to identify suitable acquisitions and successfully integrate these acquired businesses, or to discover liabilities associated with such businesses in the diligence process, could adversely affect our consolidated results of operations.Risks associated with the suppliers from whom our products are sourced could adversely affect our consolidated results of operations.The products we sell are sourced from a wide variety of domestic and international suppliers. Global sourcing of many of the products we sell is an important factor in our financial performance. We require all our suppliers to comply with applicable laws, including labor and environmental laws, and otherwise be certified as meeting our required supplier standards of conduct. Our ability to find qualified suppliers who meet our standards, and to access products in a timely and efficient manner, is a significant challenge, especially with respect to suppliers located and goods sourced outside the U.S. Political and economic stability in the countries in which foreign suppliers are located, the financial stability of suppliers, suppliers' failure to meet our supplier standards, labor problems experienced by our suppliers, the availability of raw materials to suppliers, currency exchange rates, transport 8availability and cost, inflation and other factors relating to the suppliers and the countries in which they are located are beyond our control. In addition, U.S. and foreign trade policies, tariffs and other impositions on imported goods, trade sanctions imposed on certain countries, the limitation on the importation of certain types of goods or of goods containing certain materials from other countries and other factors relating to foreign trade are beyond our control. These and other factors, including the potential negative impact of global health pandemics affecting our suppliers and our access to products could adversely affect our consolidated results of operations. These and other factors, including the potential negative impact of global health pandemics such as COVID-19 affecting our suppliers and our access to products could adversely affect our consolidated results of operations. We rely extensively on information technology systems, including third-party systems, to process transactions, maintain information and manage our businesses.We rely extensively on computer systems, including third-party systems, to process transactions, maintain information and manage our businesses. Disruptions in the availability of any internal or external information technology systems due to implementation of a new system or otherwise, or privacy breaches involving information technology systems, could impact our ability to service our customers and adversely affect our revenue, consolidated results of operations and reputation and expose us to litigation risk. Disruptions in the availability of computer systems due to implementation of a new system or otherwise, or privacy breaches involving computer systems, could impact our ability to service our customers and adversely affect our sales, consolidated results of operations and reputation and expose us to litigation risk. Our businesses rely on various information technology systems, including third-party systems, to provide customer information, process customer transactions and provide other general information necessary to manage our businesses.Our businesses rely on various computer systems, including third-party systems, to provide customer information, process customer transactions and provide other general information necessary to manage our businesses. Our information technology systems are subject to damage or interruption due to cybersecurity attacks, system conversions, power outages, computer or telecommunication failures, catastrophic events such as fires, tornadoes and hurricanes and usage errors by our employees. However, our computer systems are subject to damage or interruption due to system conversions, power outages, computer or telecommunication failures, catastrophic events such as fires, tornadoes and hurricanes and usage errors by our employees. Although we have an active disaster recovery plan in place that is frequently reviewed and tested, and we believe that we have adopted appropriate measures to mitigate potential risks to our technology and our operations from these information technology-related and other potential disruptions, given the unpredictability of the timing, nature and scope of such disruptions, we could potentially be subject to production downtimes, operational delays and interruptions in our ability to provide products and services to our customers. Any disruption caused by the unavailability of our information technology systems could adversely affect our revenue, could require us to make a significant investment to fix or replace them and, therefore, could adversely affect our consolidated results of operations. Any disruption caused by the unavailability of our computer systems could adversely affect our sales, could require us to make a significant investment to fix or replace them and, therefore, could adversely affect our consolidated results of operations. Cyber-security attacks are evolving, and cybercriminals have increasingly demonstrated advanced capabilities, such as zero-day vulnerabilities and rapid integration of new technology such as generative artificial intelligence. Cyber-security attacks may include, but are not limited to, malicious software, attempts to gain unauthorized access to data and other electronic security breaches that could lead to disruptions in systems, unauthorized release of confidential or otherwise protected information and corruption of data. Our response to cybersecurity incidents, and our investments in our technology and our controls, processes and practices related to cybersecurity incidents and risks from cybersecurity threats, may not be sufficient to shield us from significant losses or liability. Given the increasing sophistication of bad actors and complexity of the techniques used to obtain unauthorized access or disable systems, a cybersecurity breach or attack could potentially persist for an extended period of time before being detected. As a result, we may not be able to anticipate the attack or respond adequately or timely, and the extent of a particular cybersecurity incident, and the steps that we may need to take to investigate the incident, may not be immediately clear. It could take a significant amount of time before an investigation can be completed and full, reliable information about the incident becomes known. During an investigation, it is possible we may not necessarily know the extent of the harm or how to remediate it, which could further adversely impact us. In addition, new regulations could result in us being required to disclose information about a material cybersecurity incident before it has been mitigated or resolved, or even fully investigated.We have experienced cybersecurity incidents in the past, but none of these incidents, individually or in the aggregate, have had a material adverse effect on our business or results of operations. We have experienced cybersecurity incidents in the past, but none of these incidents, individually or in the aggregate, have had a material adverse effect on our business or results of operations. If the network of security controls, policy enforcement mechanisms and monitoring systems to address these threats to our technology fails, or we are unable to successfully address cybersecurity incidents or the risks from cybersecurity threats, we could experience production downtimes, operational delays and interruptions in our ability to provide products and services to our customers, the compromising of confidential or otherwise protected Company, customer, or employee information, destruction or corruption of data, security breaches, or other manipulation or improper use of our systems and networks which could result in financial losses from remedial actions, loss of business or potential liability and damage to our reputation. If the network of security controls, policy enforcement mechanisms and monitoring systems to address these threats to our technology fails, or we are unable to successfully address security incidents, production downtimes, operational delays and interruptions in our ability to provide products and services to our customers, the compromising of confidential or otherwise protected Company, customer, or employee information, destruction or corruption of data, security breaches, or other manipulation or improper use of our systems and networks could result in financial losses from remedial actions, loss of business or potential liability and damage to our reputation. In addition, we rely on software applications, enterprise cloud storage systems and cloud computing services provided by third-party vendors for certain information technology services, including our SAP enterprise system, payroll data, risk management data and lease data.We also rely on software applications, enterprise cloud storage systems and cloud computing services provided by third-party vendors for certain information technology services, including our SAP enterprise system, payroll data, risk management data and lease data. If these third-party vendors, as well as our suppliers and other vendors, experience service interruptions or damage, security breaches, cyber-attacks, computer viruses, ransomware or other similar events or intrusions, our business and our consolidated results of operations may be adversely affected.9The world has experienced an exponential level of growth in the availability of potential applications of artificial intelligence (AI). AI could disrupt certain aspects of our business and evolve use of technology in ways that are not yet known. If we are not able to adapt and effectively incorporate potential advantages of AI in our business, it may negatively impact our ability to compete. On the other hand, if we are not able to effectively manage the risks of AI, including the potential for poor or inconsistent quality, privacy concerns, risks related to automated decision-making, and the potential for exposure of confidential and/or propriety information, we may suffer harm to our consolidated results of operations and reputation.Failure to achieve and maintain effective internal controls could adversely affect our business and stock price.Effective internal controls are necessary for us to provide reliable financial reports. All internal control systems, no matter how well designed, have inherent limitations. Therefore, even those systems determined to be effective can provide only reasonable assurance with respect to the consolidated financial statement preparation and presentation. While we continue to evaluate our internal controls, we cannot be certain that these measures will ensure that we implement and maintain adequate controls over our financial processes and reporting in the future. If we fail to maintain the adequacy of our internal controls or if we or our independent registered public accounting firm were to discover material weaknesses in our internal controls, as such standards are modified, supplemented or amended, we may not be able to ensure that we can conclude on an ongoing basis that we have effective internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act of 2002. Failure to achieve and maintain an effective internal control environment could cause us to be unable to produce reliable financial reports or prevent fraud. This may cause investors to lose confidence in our reported financial information, which could have a material adverse effect on our stock price.We may experience difficulties in attracting and retaining competent personnel in key positions. Failure to preserve positive labor relationships with our employee-partners could adversely affect our consolidated results of operations. Failure to preserve positive labor relationships with our employees could adversely affect our consolidated results of operations. We believe that a key component of our success is our corporate culture, which has been imparted by management throughout our corporate organization. Our corporate culture, along with our entire operation, depends on our ability to attract, develop and retain key employee-partners. Competitive pressures and labor shortages within and outside our industry may make it more difficult and expensive for us to attract and retain key employee-partners which could adversely affect our businesses.We believe we have positive labor relationships with our employee-partners. However, factors such as difficulty to attract key employees, reduced employee engagement, third-party organizational efforts and increased employee-partner turnover could adversely affect our labor relationships with our employee-partners. However, factors such as difficulty to attract key employees, reduced employee engagement, third-party organizational efforts and increased employee turnover could adversely affect our labor relationships with our employees. A failure to preserve positive labor relationships with our employee-partners and could adversely affect our consolidated financial condition and consolidated results of operations. A failure to preserve positive labor relationships with our employees and could adversely affect our consolidated financial condition and consolidated results of operations. Unexpected events could negatively impact our business and adversely affect our consolidated results of operations.Unexpected events, including fires or explosions at facilities, severe weather conditions and natural disasters such as hurricanes, fires, floods, droughts and tornadoes (including those caused by climate change), geopolitical conflicts, war or terrorist activities, unplanned outages, global health pandemics, supply disruptions, failure of equipment or systems or changes in laws and/or regulations impacting our businesses, could adversely affect our consolidated results of operations.Unexpected events, including fires or explosions at facilities, severe weather conditions and natural disasters such as hurricanes and tornadoes (including those caused by climate change), war or terrorist activities, unplanned outages, global health pandemics such as COVID-19, supply disruptions, failure of equipment or systems or changes in laws and/or regulations impacting our businesses, could adversely affect our consolidated results of operations. Any of these events could result in customer disruption, physical damage to one or more key operating facilities, the temporary closure of one or more key operating facilities or the temporary disruption of information systems. These events could result in customer disruption, physical damage to one or more key operating facilities, the temporary closure of one or more key operating facilities or the temporary disruption of information systems. In addition, negative publicity related to such unexpected events, whether warranted or not, may impact brand image perception and could adversely affect our consolidated results of operations. In addition, negative publicity, whether warranted or not, impacting brand image perception could adversely affect our consolidated results of operations. Financial RisksOur indebtedness may limit cash flow available to invest in the ongoing needs of our business.Our outstanding indebtedness along with adverse interest rate fluctuations may have negative consequences on our business, such as requiring us to dedicate a substantial portion of our cash flow from operations to the payment of debt service, reducing the availability of our cash flow to fund working capital, capital expenditures, acquisitions, dividend increases, stock buybacks and other general corporate purposes, as well as increase our vulnerability to adverse economic or industry conditions. In addition, it may limit our ability to obtain additional financing in the future to enable us to react to changes in our business or industry or place us at a competitive disadvantage compared to businesses in our industry that have less debt.10Changes in the fuel and energy industry could adversely affect our consolidated financial condition and consolidated results of operations.The price of fuel and energy needed to run our vehicles and equipment is unpredictable and fluctuates based on events outside of our control, including geopolitical developments, supply and demand fluctuations for fuel and other energy related products, actions by energy producers, war and unrest in oil producing countries, regional production patterns, limits on refining capacities, natural disasters, environmental concerns including the impact of legislative and regulatory efforts to limit GHG emissions and global health pandemics.The price of fuel and energy needed to run our vehicles and equipment is unpredictable and fluctuates based on events outside our control, including geopolitical developments, supply and demand for fuel and other energy related products, actions by energy producers, war and unrest in oil producing countries, regional production patterns, limits on refining capacities, natural disasters, environmental concerns including the impact of legislative and regulatory efforts to limit GHG emissions and global health pandemics such as COVID-19. Increases in fuel and energy costs could adversely affect our consolidated financial condition and consolidated results of operations.Fluctuations in foreign currency exchange could adversely affect our consolidated financial condition and consolidated results of operations.We earn revenue, pay expenses, own assets and incur liabilities in countries using currencies other than the U.S. dollar, primarily the Canadian dollar. In fiscal years 2024, 2023 and 2022, revenue denominated in currencies other than the U.S. dollar represented less than 10% of our consolidated revenue. Because our consolidated financial statements are presented in U.S. dollars, we must translate revenue and expenses, as well as assets and liabilities, into U.S. dollars at exchange rates in effect during or at the end of each reporting period. Therefore, fluctuations in the value of the U.S. dollar against other major currencies, particularly in the event of significant increases in foreign currency revenue, will impact our revenue and operating income and the value of consolidated balance sheet items denominated in foreign currencies. dollar against other major currencies, particularly in the event of significant increases in foreign currency revenue, will impact our revenue and operating income and the value of balance sheet items denominated in foreign currencies. This impact could adversely affect our consolidated financial condition and consolidated results of operations.We may recognize impairment charges, which could adversely affect our consolidated financial condition and consolidated results of operations.We assess our goodwill and other intangible assets and our long-lived assets for impairment when required by U.S. Generally Accepted Accounting Principles (U.S. GAAP). These accounting principles require that we record an impairment charge if circumstances indicate that the asset carrying values exceed their estimated fair values. The estimated fair value of these assets is impacted by, but not limited to, macroeconomic, industry and market conditions in the locations in which we operate. Deterioration in these general economic conditions may result in: declining revenue, which can lead to excess capacity and declining operating cash flow; reductions in management's estimates for future revenue and operating cash flow growth; increases in borrowing rates and other deterioration in factors that impact our weighted average cost of capital; and deteriorating real estate values. If our assessment of goodwill, other intangible assets or long-lived assets indicates an impairment of the carrying value for which we recognize an impairment charge, this may adversely affect our consolidated financial condition and consolidated results of operations.The effects of credit market volatility and changes in our credit ratings could adversely affect our liquidity and consolidated results of operations.Our operating cash flows, combined with access to the credit markets, provide us with significant discretionary funding capacity. Our access to the credit markets will depend on a variety of factors, such as prevailing economic and credit market conditions, the general availability of credit, the overall availability of credit to our industry, our credit ratings and credit capacity and perceptions of our financial prospects. For example, in the event that the ratings of our commercial paper or our outstanding long-term debt issues were substantially lowered or withdrawn for any reason, or if the ratings assigned to any new issue of long-term debt securities were significantly lowered, particularly if we no longer had investment grade ratings, our ability to access the debt markets may be adversely affected. Cintas undertakes no obligation to publicly release any revisions to any forward-looking statements or to otherwise update any forward-looking statements whether as a result of new information or to reflect events, circumstances or any other unanticipated developments arising after the date on which such statements are made, except otherwise as required by law. In addition, deterioration in the global credit markets may limit our ability to access credit markets, which could adversely affect our liquidity and/or increase our cost of borrowing. However, deterioration in the global credit markets may limit our ability to access credit markets, which could adversely affect our liquidity and/or increase our cost of borrowing. In addition, credit market deterioration and its actual or perceived effects on our results of operations and financial condition, along with deterioration in general economic conditions, may increase the likelihood that the major independent credit agencies will downgrade our credit ratings, which could increase our cost of borrowing. Increases in our cost of borrowing could adversely affect our consolidated results of operations.11Legal and Regulatory RisksFailure to comply with federal and state regulations to which we are subject could result in penalties or costs that could adversely affect our consolidated results of operations. Our business is subject to complex and stringent state and federal regulations, including employment laws and regulations, minimum wage requirements, overtime requirements, working condition requirements, citizenship requirements, transportation laws and regulations, ESG-related regulations, cybersecurity laws and regulations, data privacy and protection laws and regulations, environmental regulations, and other laws and regulations. Our business is subject to complex and stringent state and federal regulations, including employment laws and regulations, minimum wage requirements, overtime requirements, working condition requirements, citizenship requirements, transportation and other laws and regulations. In particular, we are subject to the regulations promulgated by the U.S. Department of Transportation (USDOT) and under the Occupational Safety and Health Act of 1970, as amended (OSHA Act). We have incurred, and will continue to incur, capital and operating expenditures and other costs in the ordinary course of our business in complying with the USDOT regulations, the OSHA Act and other laws and regulations to which we are subject. Changes in laws, regulations and the related interpretations, including any laws or regulations that may be enacted by the current U.S. presidential administration and Congress, may alter the landscape in which we do business and may affect our costs of doing business. The impact of new laws and regulations cannot be predicted. Compliance with new laws and regulations may increase our operating costs or require significant capital expenditures. Any failure to comply with applicable laws or regulations could result in substantial fines by government authorities, payment of damages to private litigants, or possible revocation of our authority to conduct our operations, which could adversely affect our ability to service customers and our consolidated results of operations. In addition, we expect there will likely be increasing levels of regulation, disclosure-related and otherwise, with respect to ESG matters, and increased regulation will likely lead to increased compliance costs as well as scrutiny that could heighten all of the risks identified in this risk factor.We are subject to legal proceedings that may adversely affect our consolidated financial condition and consolidated results of operations. We are subject to legal proceedings that may adversely affect our consolidated financial condition and consolidated results of operations. We are subject to various litigation claims and legal proceeding arising from the ordinary course of our business, including personal injury, customer contract, environmental and employment claims. Certain of these lawsuits or potential future lawsuits, if decided adversely to us or settled by us, may result in liability and expense material to our consolidated financial condition and consolidated results of operations.Compliance with environmental laws and regulations could result in significant costs that adversely affect our consolidated results of operations.Our operating locations are subject to environmental laws and regulations relating to the protection of the environment and health and safety matters, including those governing discharges of pollutants to the air and water, the management and disposal of hazardous substances and wastes and the clean-up of contaminated sites. The operation of our businesses entails risks under environmental laws and regulations. We could incur significant costs, including clean-up costs, fines and sanctions and claims by third parties for property damage and personal injury, as a result of violations of or liabilities under these laws and regulations. We are currently involved in a limited number of remedial investigations and actions at various locations. While based on information currently known to us, we believe that we maintain adequate reserves with respect to these matters, our liability could exceed forecasted amounts, and the imposition of additional clean-up obligations or the discovery of additional contamination at these or other sites could result in significant additional costs which could adversely affect our consolidated results of operations. In addition, potentially significant expenditures could be required to comply with environmental laws and regulations, including requirements that may be adopted or imposed in the future.Under applicable environmental laws, an owner or operator of real estate may be required to pay the costs of removing or remediating hazardous materials located on or emanating from property, whether or not the owner or operator knew of or was responsible for the presence of such hazardous materials. While we regularly engage in environmental due diligence in connection with acquisitions, we can give no assurance that locations that have been acquired or leased have been operated in compliance with environmental laws and regulations during prior periods or that future uses or conditions will not make us liable under these laws or expose us to third-party actions, including tort suits.Increased global focus on climate change may result in the imposition of new or additional regulations or requirements applicable to, and increased financial risks for, our business and industry. A number of government authorities and agencies have introduced or are contemplating regulatory changes to address climate change, including the regulation of GHG emissions. The outcome of new legislation or regulation in the U.S. and other jurisdictions in which we operate may result in new or additional requirements, including to fund energy efficiency 12activities or renewable energy use, and fees or restrictions on certain activities or materials. Compliance with these climate change initiatives may also result in additional costs to us, including, among other things, increased production costs, additional taxes, additional investments in renewable energy use and other initiatives, reduced emission allowances or additional restrictions on production or operations. We may not be able to timely recover the cost of compliance with such new or more stringent laws and regulations, which could adversely affect our consolidated results of operations.Increasing scrutiny and evolving expectations from investors, customers, regulators, policymakers and other stakeholders regarding ESG matters may adversely affect our reputation or otherwise adversely impact our share price, demand for our securities and business and results of operations. If these third-party vendors, as well as our suppliers and other vendors, experience service interruptions or damage, security breaches, cyber-attacks, computer viruses, ransomware or other similar events or intrusions, our business and our consolidated results of operations may be adversely affected. Companies across all industries are facing increasing scrutiny from stakeholders related to ESG matters, including practices and disclosures related to environmental stewardship; social responsibility; diversity, equity and inclusion; and workplace rights. The heightened and sometimes conflicting stakeholder focus on ESG issues related to our business requires the continuous monitoring of various and evolving laws, regulations, standards and expectations and the associated reporting requirements. As the nature, scope and complexity of ESG reporting, diligence and disclosure requirements expand, we may have to undertake additional costs to control, assess and report on ESG metrics. Any failure or perceived failure, whether or not valid, to pursue or fulfill our ESG aspirations, targets or objectives or to satisfy various ESG reporting standards within the timelines we announce, or at all, could result in adverse publicity, reputational harm, or loss of customer and/or investor confidence, which could adversely affect our business and consolidated results of operations. In addition, our share price and demand for our securities could be adversely affected.In addition, our ability to achieve our ESG aspirations, including to achieve Net Zero GHG emissions by 2050, and to accurately and transparently report our progress presents numerous operational, financial, legal and other risks, and may be dependent on the actions of suppliers and other third parties, significant technological advancements with respect to the development and availability of reliable, affordable and sustainable alternative solutions, all of which are outside of our control. Our ability to achieve our ESG goals, including our goal to achieve Net Zero GHG emissions by 2050, and to accurately and transparently report our progress presents numerous operational, financial, legal and other risks, and may be dependent on the actions of suppliers and other third parties, significant technological advancements with respect to the development and availability of reliable, affordable and sustainable alternative solutions, all of which are outside of our control. If we are unable to meet our ESG aspirations or evolving stakeholder expectations and industry standards, or if we are perceived to have not responded appropriately to the growing concern for ESG issues, our reputation could be negatively impacted. If we are unable to meet our ESG goals or evolving stakeholder expectations and industry standards, or if we are perceived to have not responded appropriately to the growing concern for ESG issues, our reputation could be negatively impacted. In addition, in recent years, investor advocacy groups and certain institutional investors have placed increasing importance on ESG matters. If, as a result of their assessment of our ESG practices, certain investors are unsatisfied with our actions or progress, they may reconsider their investment in our Company.Increases in income tax rates, changes in income tax laws or unfavorable resolution of tax matters could adversely impact our consolidated results of operations.Changes in tax laws or regulations in the jurisdictions in which we do business, or other tax law implementations or interpretations, including the Inflation Reduction Act (IRA), which includes a corporate alternative minimum tax on certain large corporations, incentives to address climate change mitigation and other non-income tax provisions, including an excise tax on the repurchase of corporate stock could increase our effective tax rate, restrict our ability to repatriate undistributed offshore earnings, or impose new restrictions, costs or prohibitions on our current practices and reduce our net income and adversely affect our cash flows. In addition, some countries have enacted or have committed to enact Pillar Two global minimum tax, which may increase our tax expense in future years.We are also subject to tax audits, including with respect to transfer pricing, in the U.S. and other jurisdictions and our tax positions may be challenged by tax authorities. Although we believe that our current tax provisions are reasonable and appropriate, there can be no assurance that these items will be settled for the amounts accrued, that additional tax exposures will not be identified in the future or that additional tax reserves will not be necessary for any such exposures. Any increase in the amount of taxation incurred as a result of challenges to our tax filing positions could result in a material adverse effect on our business, consolidated results of operations and consolidated financial condition.Item 1B. Unresolved Staff CommentsNone.13Item 1C.Item 1A. CybersecurityWe have a cross-departmental approach to addressing cybersecurity risk, including input from employees and our Board of Directors (the Board). The Board, Audit Committee and senior management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Our cybersecurity risk management program is incorporated into our enterprise risk management program and leverages industry standards and best practices, such as the National Institute of Standards and Technology (NIST) framework, which organizes cybersecurity risks into five categories: identify, protect, detect, respond and recover. We regularly assess the threat landscape and take a holistic view of cybersecurity risks, with a layered cybersecurity strategy based on prevention, detection and mitigation. We have a set of Company-wide policies and procedures concerning cybersecurity matters, which include numerous written information technology (IT) security policies, standards, procedures and guidelines as well as other policies that directly or indirectly relate to cybersecurity, such as policies related to encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of the internet, social media, email and wireless devices. These policies go through an internal review process and are approved by appropriate members of management. The Company’s Chief Information Security Officer (CISO) is responsible for developing and implementing and managing our cybersecurity security program and reporting on cybersecurity matters to the Audit Committee and the Board. Our CISO has over fifteen years of IT and cybersecurity leadership experience and has various industry related degrees and certifications, including a master’s in information technology and the Certified Information Systems Security Professional (CISSP) and Certified in Risk and Information Systems Control (CRISC) certifications. The Board has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to Company priorities, resource allocations and oversight structures. The Board is assisted by the Audit Committee, which regularly reviews our cybersecurity program with the CISO and other members of management and reports back to the Board. The Audit Committee receives reports from the CISO on, among other things, the Company’s cyber risks and threats, the status of projects to strengthen the Company’s information security systems, assessments of the Company’s security program and the emerging threat landscape. Cybersecurity reviews by the Audit Committee or the Board occur quarterly, or more frequently as determined to be necessary or advisable.We view cybersecurity as a shared responsibility, and we periodically perform simulations and tabletop exercises at technical and executive levels and incorporate external resources and advisors, as needed. In an effort to detect and defend against cyber threats, the Company provides its employee-partners with various cybersecurity and data protection training programs and requires annual security awareness training participation. These programs cover timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and these programs educate employee-partners on the importance of reporting all incidents promptly to the IT Security team. We also require employee-partners in certain roles to complete additional role-based, specialized cybersecurity trainings.We have continued to expand investments in IT security, including additional end-user training, using layered defenses, identifying and protecting critical assets, strengthening monitoring and alerting, and engaging experts. At the management level, our IT security team regularly monitors, alerts and meets to discuss threat levels, trends and remediation. The team also prepares a monthly cyber scorecard which covers cyber operational controls along with internal and external threats. Annual risk and cyber maturity assessments are conducted by independent third parties. Further, we conduct periodic external penetration tests and response testing to assess our processes and procedures against the evolving threat landscape. These tests and assessments are useful tools for maintaining a robust cybersecurity program that is designed to protect our investors, customers, employees, vendors and intellectual property. In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. We seek to engage reliable, reputable service providers that maintain cybersecurity programs. Depending on the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our vendor management process may include reviewing the cybersecurity practices of such provider, conducting security assessments and conducting periodic reassessments during their engagement. Our IT security team conducts an annual review of third parties with a specific focus on any sensitive data shared with third parties. System and Organization Controls (SOC) reports are reviewed along with complementary user entity controls. If a third-party vendor is not able to provide a SOC 2 14report, we take additional steps to assess their cybersecurity preparedness. Our assessment of risks associated with use of third-party providers is part of our overall cybersecurity risk management framework. We maintain an Incident Response Plan that includes processes and procedures for reviewing and responding to cybersecurity incidents. We periodically test our readiness to respond to a cybersecurity incident through various scenario-based drills. The Incident Response Plan includes processes for escalation to the CISO, the Executive Leadership Team, including the CEO and General Counsel, Audit Committee and the Board. Our Incident Disclosure Committee has defined processes to determine whether a cybersecurity incident is material and may require disclosure in SEC filings.We face a number of cybersecurity risks in connection with our business. We are regularly the target of attempted cyber intrusions, and we anticipate continuing to be subject to such attempts. Although such risks and attacks have not materially affected us, including our business strategy, consolidated results of operations or consolidated financial condition, to date, our security programs and measures may not prevent all intrusions, including malware and computer virus attacks. For more information about the cybersecurity risks we face, see the information technology systems related risk factor in Item 1A: Risk Factors - Risks Relating to Business Strategy and Operations..