Rockwell Automation (ROK) Risk Factors

We are subject to macroeconomic cycles and when recessions occur, we may experience reduced, canceled or delayed orders, payment delays or defaults, supply chain disruptions, or other adverse events as a result of the economic challenges faced by our customers, prospective customers, and suppliers. As our distributor partners and customers work to manage working capital and inventory levels, we may experience volatility in orders. Demand for our hardware and software products, solutions, and services is sensitive to changes in levels of production and the financial performance of major industries that we serve. As economic activity slows, credit markets tighten, or sovereign debt concerns arise, companies tend to reduce their levels of capital spending, which could result in decreased demand for our hardware and software products, solutions, and services. As a global company operating in over 100 countries, we face risks related to foreign currency markets. A strengthening U.S. Dollar (USD) may adversely impact our sales and profitability related to business we do outside the U.S. Economic, political, regulatory, and compliance risks, particularly in emerging markets, can restrict our ability to exchange, transact, or pay dividends with foreign currencies we hold. Oil & Gas is a major industry that we serve, including through our Sensia joint venture. When adverse Oil & Gas industry events arise, companies may reduce their levels of spending, which could result in decreased demand for our hardware and software products, solutions, and services. Demand for our hardware and software products, solutions, and services is sensitive to industry volatility and risks including those related to commodity prices, supply and demand dynamics, production costs, geological and political activities, and environmental regulations including those intended to reduce the impact of climate change.

We do business in more than 100 countries around the world. In addition, our manufacturing operations, suppliers, and employees are located in many places around the world. The future success of our business depends on growth in our sales in all global markets. Our global operations are subject to numerous financial, legal, and operating risks, such as political and economic instability; prevalence of corruption in certain countries; enforcement of contract and intellectual property rights; and compliance with existing and future laws, regulations, and policies, including those related to exports, imports, tariffs, embargoes and other trade restrictions, investments, taxation, product content and performance, employment, and repatriation of earnings. In addition, we are affected by changes in foreign currency exchange rates, inflation rates, and interest rates. The occurrence or consequences of these risks may make it more difficult to operate our business and may increase our costs, which could decrease our profitability and have an adverse effect on our financial condition.

Our business depends on the movement of people and goods around the world. Natural disasters (including but not limited to those as a result of climate change), pandemics, acts or threats of war or terrorism, international conflicts, power outages, fires, explosions, equipment failures, sabotage, political instability, and the actions taken by governments could cause damage to or disrupt our business operations, our distribution network, our suppliers or our customers, and could create economic instability. Disruptions to our information technology (IT) infrastructure from system failures, shutdowns, power outages, telecommunication or utility failures, and other events, including disruptions at third-party IT and other service providers, could also interfere with or disrupt our operations. Although it is not possible to predict such events or their consequences, these events could decrease demand for our hardware and software products, solutions, or services, increase our costs, or make it difficult or impossible for us to deliver products, solutions, or services.

Our ability to access the credit markets and the costs of borrowing are affected by the strength of our credit rating and current market conditions. If our access to credit, including the commercial paper market, is adversely affected by a change in market conditions or otherwise, our cost of borrowings may increase or our ability to fund operations may be reduced.

Legislative and regulatory action, including those related to corporate income taxes, the environment, materials, products, certification, and labeling, privacy, cybersecurity, or climate change, may be taken in the jurisdictions where we operate that may affect our business activities or may otherwise increase our costs to do business. In October 2021, the Organization for Economic Cooperation and Development (OECD) and G20 Finance Ministers reached an agreement, known as Base Erosion and Profit Shifting (BEPS) Pillar Two, that, among other things, ensures that income earned in each jurisdiction that qualifying multinational enterprises operate in is subject to a minimum corporate income tax rate of at least 15%. Discussions related to the formal implementation and enactment of this agreement, including within the tax law of each member jurisdiction including the United States, are ongoing. Certain countries have enacted the Pillar Two framework, including Singapore, which is expected to result in the greatest impact to the Company. Enactment of this regulation in its current form would generally apply to the Company beginning in fiscal year 2026, resulting in an increase in our effective tax rate as well as in the amount of global corporate income tax paid. We are increasingly required to comply with various environmental and other material, product, certification, and labeling laws and regulations (including the emerging European Union Eco-design for Sustainable Products Regulation). Our customers may also be required to comply with such legislative and regulatory requirements. These requirements could increase our costs and could potentially have an adverse effect on our ability to do business in certain jurisdictions. Changes in these requirements could impact demand for our hardware and software products, solutions, and services. The growing focus on environmental, social, and governance (ESG) factors by investors and other stakeholders and evolving compliance requirements by regulators may impact our business. Failure to comply with ESG reporting requirements, including inaccurate or incomplete disclosures, may lead to regulatory penalties, litigation, and reputational damage. While the Company has adopted certain voluntary targets, environmental laws, regulations, or standards may be changed, accelerated, or adopted and impose significant operational restrictions and compliance requirements upon the Company, its products, or customers, which could negatively impact the Company's business, capital expenditures, results of operations, and financial condition. Compliance with privacy and cybersecurity laws and regulations (including the emerging European Union Cyber Resiliency Act) could increase our operating costs in managing product compliance and as part of our efforts to protect and safeguard our sensitive data, personal information, and IT infrastructure. These requirements could potentially have an adverse effect on our ability to do business in certain jurisdictions. Changes in these requirements could impact demand for our hardware and software products, solutions, and services. Failure to maintain information privacy and security could result in legal liability or reputational harm.

Various lawsuits, claims, and proceedings have been or may be asserted against us relating to the conduct of our business or of our divested businesses, including those pertaining to the safety and security of the hardware and software products, solutions, and services we sell, employment, contract matters, and environmental remediation. We have been named as a defendant in lawsuits alleging personal injury as a result of exposure to asbestos that was used in certain of our products many years ago. We estimate the future asbestos litigation-related costs that we expect to incur over the next several years. This process is not exact because it relies on a variety of assumptions and specific factors that could potentially change over time and therefore increase or decrease our future projected asbestos liabilities. Our products may also be used in hazardous industrial activities, which could result in product liability claims. The uncertainties of litigation (including asbestos claims) and the uncertainties related to the collection of insurance proceeds make it difficult to predict the ultimate resolution of these lawsuits. Our operations are subject to various environmental regulations concerning human health, the limitation and control of emissions and discharges into the air, ground, and water, the quality of air and bodies of water, and the handling, use, and disposal of specified substances. Our financial responsibility to clean up contaminated property or for natural resource damages may extend to previously owned or used properties, waterways and properties owned by unrelated companies or individuals, as well as properties that we currently own and use, regardless of whether the contamination is attributable to prior owners. We have been named as a potentially responsible party at cleanup sites and may be so named in the future, and the costs associated with these current and future sites may be significant. We have, from time to time, divested certain businesses. In connection with these divestitures, certain lawsuits, claims, and proceedings may be instituted or asserted against us related to the period that we owned the businesses, either because we agreed to retain certain liabilities related to these periods or because such liabilities fall upon us by operation of law. In some instances, the divested business has assumed the liabilities; however, it is possible that we might be responsible for satisfying those liabilities if the divested business is unable to do so.

We conduct business in many countries, which requires us to interpret and comply with the income tax laws and rulings in each of those taxing jurisdictions. Due to the ambiguity of tax laws among those jurisdictions as well as the uncertainty of how underlying facts may be construed, our estimates of income tax liabilities may differ from actual payments or assessments. We must successfully defend any claims from taxing authorities to avoid an adverse effect on our operating results and financial condition.

Our business requires that we buy equipment, components, and services including finished products, electronic components, and commodities. Our reliance on suppliers involves certain risks, including: - shortages of components, commodities, or other materials, which could adversely affect our manufacturing efficiencies and ability to make timely delivery of our products, solutions, and services;- changes in the cost of these purchases due to inflation, exchange rate fluctuations, taxes, tariffs, commodity market volatility, or other factors that affect our suppliers;- poor quality or an insecure supply chain, which could adversely affect the reliability and reputation of our hardware and software products, solutions, and services;- embargoes, sanctions, and other trade restrictions that may affect our ability to purchase from various suppliers; and - intellectual property risks such as challenges to ownership of rights or alleged infringement by suppliers. Any of these uncertainties could adversely affect our profitability and ability to compete. We also maintain several single-source supplier relationships because either alternative sources are not available, or the relationship is advantageous due to performance, quality, support, delivery, capacity, or price considerations. Unavailability of, or delivery delays for, single-source components or products could adversely affect our ability to ship the related products in a timely manner. The effect of unavailability or delivery delays would be more severe if associated with our higher volume and more profitable products. Even where substitute sources of supply are available, qualifying alternative suppliers and establishing reliable supplies could cost more or result in delays and a loss of sales.

Others may assert intellectual property infringement claims against us or our customers. We frequently provide a limited intellectual property indemnity in connection with our terms and conditions of sale to our customers and in other types of contracts with third parties. Indemnification payments and legal expenses to defend claims could be costly. In addition, we own the rights to many patents, trademarks, brand names, and trade names that are important to our business. The inability to secure or enforce our intellectual property rights may have an adverse effect on our results of operations. Unauthorized resellers and counterfeiters of Company-branded products of inferior quality or that may otherwise be materially different from genuine goods sold by the Company and its authorized distributors may harm the goodwill and reputation of the Company and could adversely affect our results of operations.

We rely heavily on technology in our commercial product offerings for use in our customers' manufacturing environment, and in our enterprise infrastructure. Despite the implementation of security measures, our systems are vulnerable to unauthorized access by nation states, hackers, cyber-criminals, malicious insiders, and other actors who may engage in fraud, theft of confidential or proprietary information, or sabotage. Our systems could be compromised by malware (including ransomware), cyber-attacks, and other events, ranging from widespread, non-targeted, global cyber threats to targeted advanced persistent threats. Given our commercial product offerings can be used in critical infrastructure and critical manufacturing, these threats could indicate increased risk for our commercial product offerings, manufacturing, and IT infrastructure. The current cyber threat environment indicates increased risk for all companies, including those in industrial automation and information technology. Like other global companies, we have experienced cyber threats and incidents, although none have been material or had a material adverse effect on our business or financial condition. Our information security efforts include programs designed to address security governance, compliance, risk management, secure development and engineering, data protection, insider risk, third-party risk, security awareness, access management, incident response, and security operations in support of enterprise security and product security. We believe these measures reduce, but cannot eliminate, the risk of a cybersecurity incident internally or externally. Any significant security incidents could have an adverse impact on sales, harm our reputation, and cause us to incur legal liability and increased costs to address such events and related security concerns. Product and Services Security Our hardware and software products, services and solutions are used by our direct and indirect customers in applications that may be subject to information theft, tampering, sabotage, or cyber-attacks. Careless or malicious actors could cause a customer's process to be disrupted or could cause equipment to operate in an improper manner, resulting in harm to people or property. To a significant extent, the security of our customers' systems depends on how those systems are designed, installed, protected, configured, updated, and monitored, and much of this is typically outside our control. In addition, both software and hardware supply chains can introduce security vulnerabilities into many technologies across the industry. Past global cyber-attacks have also been perpetuated by compromising software updates in widely used software products, posing the risk that vulnerabilities or malicious content could be inserted into our products. In some cases, it is possible that malware attacks could spread throughout the supply chain, moving from one company to the next via authorized network connections. We have designed a Secure Development Lifecycle Program that incorporates appropriate security activities into the necessary development and support practices for our commercial product offerings. The Secure Development Lifecycle Program is audited annually by third-party firms. Our Third-Party Risk Program manages risk posed by our suppliers used in the development of our commercial product offerings. While we continue to improve the security attributes of our commercial product offerings, we can reduce risk, but not eliminate it. Enterprise Security Our business uses technology resources across a dispersed, global basis for a variety of functions including development, engineering, manufacturing, sales, accounting and financial reporting, and human resources. Our vendors, partners, employees, and customers have access to, and share, information across multiple locations via various digital technologies. In addition, we rely on partners and vendors, including cloud providers, for a wide range of products and outsourced activities as part of our internal IT infrastructure and our commercial product offerings. Secure connectivity is important to these ongoing operations. Also, our partners and vendors frequently have access to our confidential information as well as confidential information about our customers, employees, and others. We design our security architecture to reduce the risk that a compromise of our partners' infrastructure, for example a cloud platform, could lead to a compromise of our internal systems or customer networks. In addition, our Third-Party Risk Program manages risk posed by our suppliers that have access to our confidential information, systems, or network, but this risk cannot be eliminated and vulnerabilities at third parties could result in unknown risk exposure to our business and information. In addition, cybersecurity threats may pose a significant risk to our third-party partners and could have a material adverse impact on their businesses, operations, products, and services that we use in our day-to-day operations.