FirstEnergy (FE) Risk Analysis

We continue to experience supply chain challenges due to economic conditions that developed during the COVID-19 pandemic and have continued in the years since, with order lead times increasing across numerous material categories, some of which remained elevated through 2024 and into 2025. The situation is fluid and a prolonged continuation or further increase in supply chain disruptions could have an adverse effect on FirstEnergy's results of operations, cash flow and financial condition. Such disruptions could be exacerbated by unstable or uncertain macroeconomic conditions, including inflationary pressures. Any significant disruption or increased costs arising from these pressures on our suppliers may inhibit our access to, or require us to spend more money to source, certain products or that we use in our operations. Furthermore, change or uncertainty in U.S. policies or the policies of other countries and regions in which our suppliers do business, including any changes or uncertainty with respect to U.S. or international trade policies or tariffs, could also disrupt our key suppliers' operations. The presidential administration has taken action in 2025 to impose substantial new or increased tariffs. Any widespread imposition of new or increased tariffs could have an adverse effect on our results of operations, cash flow and financial condition. New or increased tariffs could also negatively affect U.S. national or regional economies, which also could negatively impact our business and results of operations.

We rely on the capital markets to meet our financial commitments and short-term liquidity needs if internal funds are not available from our operations. We also use LOCs provided by various financial institutions to support our hedging operations. We also deposit cash in short-term investments. In the event of volatility in the capital and credit markets, our ability to access the capital markets or draw on our credit facilities and cash may be adversely affected. Our access to funds under those credit facilities is dependent on the ability of the financial institutions that are parties to the facilities to meet their funding commitments. Those institutions may not be able to meet their funding commitments if they experience shortages of capital and liquidity or if they experience excessive volumes of borrowing requests within a short period of time. Any delay in our ability to access those funds, even for a short period of time, could have a material adverse effect on our results of operations and financial condition. Should there be fluctuations in the capital and credit markets as a result of uncertainty, changing or increased regulation, reduced alternatives or failures of significant foreign or domestic financial institutions or foreign governments, our access to liquidity needed for our business could be adversely affected. Unfavorable conditions could require us to take measures to conserve cash until the markets stabilize or until alternative credit arrangements or other funding for our business needs can be arranged. Such measures could include deferring capital expenditures or other capital-like investments, changing hedging strategies to reduce collateral-posting requirements, and reducing or eliminating future dividend payments or other discretionary uses of cash. Energy markets depend heavily on active participation by multiple counterparties, which could be adversely affected should there be disruptions in the capital and credit markets. Reduced capital and liquidity and failures of significant institutions that participate in the energy markets could diminish the liquidity and competitiveness of energy markets that are important to our business. Perceived weaknesses in the competitive strength of the energy markets could lead to pressures for greater regulation of those markets or attempts to replace those market structures with other mechanisms for the sale of power, including the requirement of long-term contracts, which could have a material adverse effect on our results of operations and cash flows.

FEV currently holds a 33-1/3% equity ownership in Global Holding, the holding company for a joint venture in the Signal Peak mining and coal transportation operations with coal sales predominantly in international markets. The viability of our investment depends upon several factors beyond our control, including, but not limited to: Signal Peak's ability to renew and maintain governmental permits and approvals and remain in compliance with federal, state, and local safety and environmental statutes, rules, and regulations affecting the coal mining industry. Failure by Signal Peak to renew and maintain necessary permits and approvals, and to comply with any such statutes, rules and regulations, may impair its operations and the ability to generate cash flows necessary for Global Holding to pay future dividends and contribute to FirstEnergy's earnings. Signal Peak operates a single underground coal mine in south-central Montana and must obtain numerous governmental permits and approvals that impose strict conditions and obligations relating to, among other things, various environmental and safety matters in connection with its mining and coal transportation operations. The rules applicable to these permits and approvals are complex and can change over time. Regulatory authorities exercise considerable discretion in the timing and scope of permit issuance. In addition, the public has the right to comment on permit applications and otherwise participate in the permitting process, including through court intervention. Limitations on Signal Peak's ability to conduct its mining operations due to its inability to obtain or renew necessary permits or similar approvals could materially reduce or even halt production at the mine resulting in an adverse effect on our balance sheet, results of operations and cash flow.

The FE Board will continue to regularly evaluate our common stock dividend and determine whether to declare a dividend, and an appropriate amount thereof, each quarter taking into account such factors as, among other things, our earnings, financial condition and cash flows from subsidiaries, as well as general economic and competitive conditions. We cannot assure common shareholders that dividends will be paid in the future, or that, if paid, dividends will be at the same amount or with the same frequency as in the past.

Traditionally, electricity is generated at large, central station generation facilities distributed by our systems. This method results in economies of scale and lower unit costs than newer generation technologies such as fuel cells, microturbines, windmills and photovoltaic solar cells. It is possible that advances in newer generation technologies will make newer generation technologies more cost-effective, or that legislation addressing climate change at the federal or state level together with changes in regulatory policy will create incentives or benefits that otherwise make these newer generation technologies even more competitive with central station electricity production. To the extent that newer generation technologies are connected directly to load, bypassing the transmission and distribution systems, potential impacts could include decreased transmission and distribution revenues, stranded assets and increased uncertainty in load forecasting and integrated resource planning and could adversely affect our business and results of operations.

Recent industry projections reflect the potential for significant growth in energy demand over the next decade. This could be exacerbated if additional generation resources are not available to meet increased demand in the future. For example, data centers have substantially larger load requirements than typical residential or commercial users. New data centers or increase in demand for existing data centers located in our service territories could increase load requirements substantially over the next several years, thereby increasing the aggregate load obligations of the Electric Companies. A need to serve the load obligations of these data centers, which could be up to 5,575 MWs through 2029, has the potential to adversely impact our business, results of operations, financial condition, or cash flows. We continue to evaluate the potential impacts of the development, construction, and operation of new data centers in our service territories and will continue to evaluate potential mitigants to these risks. FirstEnergy cannot predict whether the data centers under consideration will ever commence operations or the size of the load obligations of those that do become operational. Competitive market forces or adverse regulatory actions may require FirstEnergy to purchase capacity and energy from the market or build additional resources to meet customers' energy needs in an expedited manner. If that occurs, we may see opposition to recovery of these additional costs and could experience a lag between when costs are incurred and when regulators permit recovery in rates. These situations could have negative impacts on results of operations and cash flows. Furthermore, in the event of electricity shortages, our ability to maintain service reliability may be compromised, which could adversely affect our financial performance, customer satisfaction, and compliance with regulatory requirements.

We are committed to providing safe and reliable service and equipment in our franchised service territories. Meeting this commitment requires the expenditure of significant capital resources. However, our employees, contractors and the general public may be exposed to dangerous environments due to the nature of our operations. Failure to provide safe and reliable service and equipment due to various factors, including cyber or physical attacks, equipment failure, accidents, human error, weather or natural disasters, could result in serious injury or loss of life that may harm our business reputation and adversely affect our operating results through reduced revenues, increased capital and operating costs, litigation or the imposition of penalties/fines or other adverse regulatory outcomes.

FirstEnergy is engaged in an ongoing effort to create a culture of continuous improvement to strategically reduce our operating expenditures and continually reinvest in a more diverse capital program in support of our long-term strategy. FirstEnergy leverages opportunities to reduce costs – such as filling only critical positions, implementing our facility optimization plans, and exploring other additional, sustainable opportunities, such as reducing contractor spend. There can be no assurance that implementation of our continuous improvement culture will allow us to realize the anticipated benefits to our business, results of operations and financial condition in a timely manner, if at all. Our ability to achieve the continued benefits from our cost saving initiatives is subject to many estimates and assumptions as well as our ability to hire, recruit and retain an appropriately qualified workforce and implement a culture of continuous improvement. FirstEnergy could experience unexpected delays and business disruptions resulting from supporting these initiatives, decreased productivity, and higher than anticipated costs, any of which may impair our ability to reduce operating expenditures and to achieve anticipated results or otherwise harm FirstEnergy's business, results of operations and financial condition.

In the ordinary course of our business, we depend on information technology systems that utilize sophisticated operational systems and network infrastructure to run all facets of our generation, transmission and distribution services. Additionally, we store sensitive data, intellectual property and proprietary or personally identifiable information regarding our business, employees, shareholders, customers, suppliers, business partners and other individuals in our data centers and on our networks. We may also need to provide sensitive data to vendors and service providers who require access to this information. The secure maintenance of information and information technology systems is critical to our operations. Over the last several years, there has been an increase in the frequency of cyber-attacks by terrorists, hackers, international activist organizations, foreign governments and individuals. These and other unauthorized parties may attempt to gain access to our network systems or facilities, or those of third parties with whom we do business, including directly through our network infrastructure or through fraud, trickery, or other forms of deception against our employees, contractors and temporary staff. Additionally, our information and information technology systems and those of our vendors and service providers may be increasingly vulnerable to data security breaches, damage and/or interruption due to viruses, ransomware, unauthorized physical access, theft of access devices, human error, malfeasance, faulty password management or other malfunctions and disruptions. Further, hardware, software, or applications we develop or procure from third parties may contain defects in design or manufacture or other problems that could unexpectedly compromise information and/or security. As a source of critical infrastructure, the energy industry is at heightened threat of cyber-attacks, which are becoming increasingly more difficult to anticipate and prevent due to their rapidly evolving nature. We cannot anticipate, detect, or implement fully preventive measures against all cybersecurity threats because the techniques used are increasingly sophisticated and constantly evolving and in some cases, assisted by artificial intelligence. In addition, the increased use of smartphones, tablets, and other wireless devices, as well as ongoing remote work-from-home arrangements, may also heighten these and other operational risks. Our generation, transmission and distribution infrastructure, as well as the transmission facilities of third parties with whom we are interconnected, may be increasingly vulnerable to such attacks as a result of the rapidly evolving and increasingly sophisticated means by which attempts to defeat security measures and gain access to our information technology systems may be made. As our transmission facilities are interconnected with those of third parties, the operation of our facilities could be adversely affected by cyber-attacks or other unexpected or uncontrollable events occurring on the systems of such third parties. Any actual or perceived cyber-attack, data security breach, damage, interruption and/or defect could: (i) disable our generation, transmission and/or distribution services for a significant period of time; (ii) delay development and construction of new facilities or capital improvement projects; (iii) adversely affect our customer operations; (iv) expose us to increased risk of lawsuits; (v) expose us to increased risk of regulatory penalties; (vi) expose us to increased risk of loss of potential or existing customers; (vii) expose us to increased risk of damage relating to loss of proprietary information; (viii) corrupt data; and/or (ix) result in unauthorized access to the information stored in our data centers and on our networks and those of our vendors and service providers, including company proprietary information, supplier information, employee data and personal customer data, causing the information to be publicly disclosed, lost or stolen or result in incidents that could result in economic loss and liability and harmful effects on the environment and human health, including loss of life. As cyber threats continually evolve and become more difficult to detect and successfully defend against, there can be no assurance that we can implement or maintain adequate preventive measures, accurately assess the likelihood of a cyber-incident or quantify potential liabilities or losses. Also, we may not discover any data security breach and loss of information for a significant period of time after the data security breach occurs, particularly when the breach has occurred on the systems of our vendors and service providers. For all of these reasons, any such cyber incident could result in significant lost revenue, the inability to conduct critical business functions and serve customers for a significant period of time, the loss of confidential, sensitive and proprietary information, including but not limited to personal information of our customers, employees, suppliers, vendors and other third parties, the use of significant management resources, legal claims or proceedings, regulatory penalties, significant remediation costs, increased regulation, increased capital costs, increased insurance costs, increased protection costs for enhanced cyber security systems or personnel, and/or damage to our reputation, all of which could materially adversely affect our business, results of operations, financial condition and reputation.