International Game Technology (IGT) Risk Factors

Doing business worldwide requires the Company to comply with the laws and regulations of various jurisdictions. In particular, the Company's operations are subject to anti-corruption laws and regulations, such as the U.S. Foreign Corrupt Practices Act of 1977, the U.K. Bribery Act of 2010, and other anti-corruption laws that apply in countries where the Company operates. Other laws and regulations applicable to the Company control trade by imposing economic sanctions on countries and persons and creating customs requirements and currency exchange regulations. The Company's continued global expansion, including in countries which lack a developed legal system or have high levels of corruption, increases the risk of actual or alleged violations of such laws. The Company cannot predict the nature, scope, or effect of future regulatory requirements to which its operations might be subject or the manner in which such laws might be administered or interpreted. There can be no assurance that the policies and procedures the Company has implemented have been or will be followed at all times or will effectively detect and prevent violations of these laws by one or more of the Company's directors, officers, employees, consultants, agents, joint-venture partners or other third-party partners. As a result, the Company could be subject to investigations, criminal and civil penalties, sanctions and/or other remedial measures that in turn could have a material adverse effect on its business, results of operations and financial condition.

From time to time, the Company is subject to extensive background investigations, and other investigations of various types are conducted by governmental and licensing authorities with respect to applicable gaming regulations. These regulations and investigations vary from time to time and from jurisdiction to jurisdiction where the Company operates. The Company's operations may be impacted if the Company is unable to obtain a privileged gaming license or have a privileged gaming license revoked by a regulatory authority. Because the Company's reputation for integrity is an important factor in its business dealings with lottery and other governmental agencies, a governmental allegation or a finding of improper conduct by or attributable to the Company in any manner, the prolonged investigation of these matters by governmental or regulatory authorities, and/or the adverse publicity resulting therefrom could have a material adverse effect on the Company's results of operations, business, financial condition, or prospects, including its ability to retain existing contracts or to obtain new or renewed contracts, both in the subject jurisdiction and elsewhere.

No statutory, judicial, or administrative authority has provided public guidance in respect of the Special Voting Shares of the Parent and as a result, the tax consequences of owning such shares are uncertain. The fair market value of the Parent's Special Voting Shares, which may be relevant to the tax consequences of owning, acquiring, or disposing of such shares, is a factual determination and is not governed by any guidance that directly addresses such a situation. Because, among other things, (i) the Special Voting Shares are not transferable (other than in very limited circumstances as provided for in the loyalty voting structure), (ii) in a winding up or otherwise, the holders of the Special Voting Shares will only be entitled to receive out of the Parent's assets available for distribution to its shareholders, in aggregate, $1, and (iii) loss of the entitlement to instruct the nominee on how to vote in respect of Special Voting Shares will occur without consideration, the Parent believes and intends to take the position that the value of each special voting share is minimal. However, the relevant tax authorities could assert that the value of the Special Voting Shares as determined by the Parent is incorrect. Shareholders are urged to consult their own tax advisors with respect to treatment of Special Voting Shares. See "Item 10. E Taxation" for additional information.

Our business is subject to the E.U. GDPR and the U.K. GDPR (and together with the E.U. GDPR, the "GDPR"). The GDPR has direct effect where an entity is established in the European Economic Area (the "EEA") or the U.K. and has extraterritorial effect where an entity established outside the EEA or the U.K. processes personal data in relation to the offering of goods or services to individuals in the EEA and/or the U.K. or the monitoring of their behavior. The GDPR imposes a number of obligations on controllers, including, among others: - accountability and transparency requirements, which requires controllers to demonstrate and record compliance with the GDPR and to provide more detailed information to data subjects regarding processing;- requirements to process personal data lawfully, including specific requirements for obtaining valid consent where consent is the lawful basis for processing;- obligations to consider data privacy as any new products or services are developed and designed and to limit the amount of information collected, processed, and stored as well as its accessibility;- constraints on automated individual decision-making, including profiling data subjects;- providing data subjects with data protection rights such as (among others) a right to ask for a copy of personal data to be provided to a third party in a usable format on request and erasing or rectifying personal data in certain circumstances;- obligations to implement appropriate technical and organizational security measures to safeguard personal data; and - obligations to report certain personal data breaches to the relevant supervisory authority without undue delay (and no later than 72 hours where feasible) and affected individuals where the personal data breach is likely to result in a high risk to their rights and freedoms. In addition, the GDPR prohibits the international transfer of personal data from the EEA/U.K. to countries outside of the EEA/U.K. unless made to a country deemed to have "adequate" data privacy laws by the European Commission or U.K. Government or if a data transfer mechanism has been put in place or a derogation under the GDPR can be relied upon. In July 2020, the Court of Justice of the European Union ("CJEU") in its Schrems II ruling invalidated the E.U.-U.S. Privacy Shield framework, a self-certification mechanism that facilitated the lawful transfer of personal data from the EEA to the U.S., with immediate effect. The CJEU upheld the validity of standard contractual clauses ("E.U. SCCs") as a legal mechanism to transfer personal data but companies relying on E.U. SCCs will need to carry out a transfer impact assessment ("TIA"), which among other things, assesses laws governing access to personal data in the recipient country and considers whether supplementary measures that provide privacy protections additional to those provided under E.U. SCCs will need to be implemented to ensure an "essentially equivalent" level of data protection to that afforded in the EEA. Further, on October 7, 2022, the U.S. President introduced an Executive Order to facilitate a new Trans-Atlantic Data Privacy Framework ("DPF") and on July 10, 2023, the European Commission adopted its Final Implementing Decision granting the U.S. adequacy ("Adequacy Decision") for E.U.-U.S. transfers of personal data for entities self-certified to the DPF. Entities relying on E.U. SCCs for transfers to the U.S. are also able to rely on the analysis in the Adequacy Decision as support for their TIA regarding the equivalence of U.S. national security safeguards and redress. The U.K. Government has also published its own form of E.U. SCCs called an International Data Transfer Agreement and an International Data Transfer Addendum to the new E.U. SCCs. The U.K.'s Information Commissioner's Office has also published its own version of the TIA and guidance on international transfers, although entities may choose to adopt either the E.U. or U.K. style TIA. Further, on September 21, 2023, the U.K. Secretary of State for Science, Innovation and Technology established a U.K.-U.S. data bridge (i.e., a U.K. equivalent of the Adequacy Decision) and adopted U.K. regulations to implement the U.K.-U.S. data bridge (the "U.K. Adequacy Regulations"). Personal data may now be transferred from the U.K. under the U.K.-U.S. data bridge through the U.K. extension to the DPF to organizations self-certified under the U.K. extension to DPF. Other jurisdictions in which the Company operates have implemented, or are considering implementing, data privacy laws similar to the GDPR. Several of the Parent's subsidiaries deal with a significant amount of employee personal data. There is a risk that the Company's policies and procedures for compliance with data privacy laws, including the GDPR will not be implemented correctly or that individuals within the Company will not be fully compliant with the new procedures. Failure to comply with data privacy laws may have serious financial consequences to the Company. For example, failure to comply with the GDPR may lead to fines of up to the maximum of either €20 million (under the E.U. GDPR) or £17.5 million (under the U.K. GDPR) or 4% of worldwide annual revenue, whichever is greater, for serious violations of certain of the GDPR's requirements, and the Company could face significant administrative sanctions and reputational damage that could have a material adverse effect on the Company's results of operations, business, financial condition, or prospects. There is a risk that we could be impacted by a cybersecurity incident that results in loss or unauthorized disclosure of personal data, potentially resulting in the Company facing harms similar to those described above. Compliance with these and any other applicable privacy and data security laws and regulations is a rigorous and time-intensive process, and we may be required to put in place additional mechanisms ensuring compliance with any new data protection rules. In addition, states are constantly adopting new laws or amending existing laws, requiring attention to frequently changing requirements. For example, California enacted the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, and was the first comprehensive state privacy law in the United States. The CCPA gives California residents expanded rights to access and delete their personal information, opt out of certain personal information sharing and receive detailed information about how their personal information is used by requiring covered companies to provide new disclosures to California consumers (as that term is broadly defined) and provide such consumers new ways to opt-out of certain sales of personal information. The CCPA provides for civil penalties for violations, as well as a private right of action for data breaches. Further, the California Privacy Rights Act (the CPRA), which further amended the CCPA, went into effect on January 1, 2023. The CCPA, as amended by the CPRA, imposes additional data protection obligations on companies doing business in California, including additional consumer rights processes, limitations on data uses, new audit requirements for higher risk data, and opt outs for certain uses of sensitive data. It will also create a new California data protection agency authorized to issue substantive regulations and could result in increased privacy and information security enforcement. Similar laws have been adopted and proposed in other states, and if passed, such laws may have potentially conflicting requirements that would make compliance challenging. For example, the Nevada Privacy of Information Collected on the Internet from Consumers Act went into effect on October 1, 2021, the Virginia Consumer Data Protection Act went into effect on January 1, 2023, the Colorado Privacy Act went into effect on July 1, 2023, the Connecticut Data Privacy Act went into effect July 1, 2023, and the Utah Consumer Privacy Act went into effect December 31, 2023. The Federal Trade Commission (FTC) and many state attorneys general are interpreting existing federal and state consumer protection laws to impose evolving standards for the collection, use, dissemination and security of personally identifiable information. For instance, the FTC published an advance notice of proposed rulemaking on commercial surveillance and data security in 2022 and may implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies (1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive in the coming years. Privacy laws require us to publish statements that describe how we handle personal information and choices individuals may have about the way we handle their personal information. Violating individuals' privacy rights, publishing false or misleading information about security practices, or failing to take appropriate steps to keep individuals' personal information secure may constitute unfair or deceptive acts or practices in violation of Section 5 of the FTC Act. Federal regulators, state attorneys general and plaintiffs' attorneys have been and will likely continue to be active in this space, and if we do not comply with existing or new laws and regulations related to personally identifiable information, we could be subject to criminal or civil sanctions.

The Company cannot provide assurance that its products do not infringe the intellectual property rights of third parties. Infringement and other intellectual property claims and proceedings brought against the Company, whether successful or not, are costly, time consuming and distracting to management, and could harm the Company's reputation. In addition, intellectual property claims and proceedings could require the Company to do one or more of the following: (i) cease selling or using any of its products that allegedly incorporate the infringed intellectual property, (ii) pay substantial damages, (iii) obtain a license from the third-party owner, which license may not be available on reasonable terms, if at all, (iv) rebrand or rename its products, and (v) redesign its products to avoid infringing the intellectual property rights of third parties, which may not be possible and, if possible, could be costly, time consuming, or result in a less effective product. A successful claim against the Company could have a material adverse effect on its results of operations, business, financial condition, or prospects.

A substantial portion of the Company's revenues is derived from exclusive licenses awarded to the Company by the ADM, the governmental authority responsible for regulating and supervising gaming in Italy. For the years ended December 31, 2023 and 2022, approximately 10% and 9%, respectively, of the Company's total consolidated revenues was earned for service provided for the operation of the Italian Gioco del Lotto game and approximately 10% and 9%, respectively, was earned for service provided for the operation of the Italian Scratch & Win instant ticket game. The Company expects that a significant portion of its revenues and profits will continue to depend upon the licenses awarded to the Company by ADM. Licenses may be terminated prior to their expiration dates upon the occurrence of certain events of default affecting the Company, or if such licenses are deemed to be against the public interest, or terminated or annulled if successfully challenged by competitors. In addition, the conditions for any new license will be established by law and included in the rules of the new license. Any material reduction in the Company's revenues from these licenses, including as a result of an annulment, early termination, or non-renewal of these licenses following their expiration, could have a material adverse effect on the Company's results of operations, business, financial condition, or prospects. In addition, recurring revenues from the Company's top 10 customers outside of Italy accounted for approximately 24% of its total consolidated revenues for the year ended December 31, 2023. In 2024, the Company expects to lose one of these customers, Camelot UK Lotteries Limited in the United Kingdom, which represented approximately 1% of consolidated revenue in 2023, and the Company may not be able to replace those revenues. If the Company were to lose any of its other larger customers, or if these larger customers experience lower sales and consequently reduced revenues, which are primarily service revenues, there could be a material adverse effect on the Company's results of operations, business, financial condition, or prospects.

The popularity and acceptance of gaming is influenced by prevailing social attitudes toward gaming, and changes in social attitudes toward gaming could result in reduced acceptance of gaming as a leisure activity. Further, from time to time, the gaming industry is exposed to negative publicity related to gaming behavior, gaming by minors, the presence of gaming machines in too many locations, risks related to digital gaming and alleged association with money laundering. Publicity regarding problem gaming and other concerns with the gaming industry, even if not directly connected to the Company, could adversely impact its business, results of operations, and financial condition. For example, if the perception develops that the gaming industry is failing to address such concerns adequately, the resulting political pressure may result in the industry becoming subject to increased regulation and restrictions on operations. Such an increase in regulation could adversely impact the Company's results of operations, business, financial condition, or prospects.

The Company strives to set exacting standards of personal integrity for its employees, directors and agents and its reputation in this regard is an important factor in its business dealings with lottery, gaming, and other governmental agencies. For this reason, an allegation or a finding of improper conduct on the Company's part, or on the part of one or more of its current or former employees, directors or agents, or the failure to detect fraudulent activity by employees in a timely manner, could have a material adverse effect upon the Company's results of operations, business, financial condition, or prospects, including its ability to retain or renew existing contracts or obtain new contracts. For example, in October 2020, the Italian Tax Police announced that it was investigating alleged misconduct by a small number of the Company's former employees. The alleged misconduct involved unauthorized access to the Company's lottery system in Italy in order to identify and redeem winning scratch-off lottery tickets. The investigation progressed with the Italian prosecutor commencing criminal proceedings against several of the Company's former employees. The Company fully cooperated with the Italian Tax Police and other regulators in order to facilitate their reviews and has taken proactive steps to ensure the integrity of the Company's games and to protect the interests of the Company's customers. The Company has also taken measures to review its operational systems and processes designed to prevent fraudulent activities and remains focused on ensuring its business is conducted at the highest levels of integrity. Nevertheless, the investigation and other governmental reviews and inspections (including any resulting adverse impact on the perceived integrity and security of the Company's products and systems) could have a material adverse effect upon the Company's results of operations, business, financial condition, or prospects, including its ability to retain or renew existing contracts or obtain new contracts.

We expect to incur significant costs in connection with the Separation & Divestiture, including the cost of financing, separation costs, transaction costs, legal and regulatory fees, and other costs that our management team believes are necessary to execute the Separation & Divestiture. The incurrence of these costs could have a material adverse effect on our financial condition and results of operations in the periods in which they are incurred. Additionally, the Company, the Parent's shareholders, and/or the Combined Company may incur higher than anticipated tax liabilities in connection with the Separation & Divestiture.